- (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
UseLogin is set as PAM is not used to establish credentials in that
case. Found by Michael Selvesteen, ok djm@
dtucker [Thu, 31 Mar 2005 11:39:25 +0000 (11:39 +0000)]
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
dtucker [Thu, 31 Mar 2005 11:31:10 +0000 (11:31 +0000)]
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
[ssh_config.5]
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
dtucker [Tue, 29 Mar 2005 13:24:12 +0000 (13:24 +0000)]
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
interested in which is much faster in large (eg LDAP or NIS) environments.
Patch from dleonard at vintela.com.
dtucker [Sun, 20 Mar 2005 22:58:07 +0000 (22:58 +0000)]
- (dtucker) [configure.ac] Make configure error out if the user specifies
--with-libedit but the required libs can't be found, rather than silently
ignoring and continuing. ok tim@
dtucker [Sun, 20 Mar 2005 22:55:17 +0000 (22:55 +0000)]
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
with & ok tim@
dtucker [Mon, 14 Mar 2005 12:17:27 +0000 (12:17 +0000)]
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999); ok markus@
dtucker [Mon, 14 Mar 2005 12:02:46 +0000 (12:02 +0000)]
20050312
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
output ends up in the client's output, causing regress failures. Found
by Corinna Vinschen.
(got 4.0 branch and HEAD slightly askew, this is to resync)
dtucker [Mon, 14 Mar 2005 11:58:40 +0000 (11:58 +0000)]
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
[readconf.c]
Check listen addresses for null, prevents xfree from dying during
ClearAllForwardings (bz #996). From Craig Leres, ok markus@
dtucker [Sun, 13 Mar 2005 10:20:18 +0000 (10:20 +0000)]
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
localized name of the local administrators group more reliable. From
vinschen at redhat.com.
dtucker [Mon, 7 Mar 2005 07:33:02 +0000 (07:33 +0000)]
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
Add optional capability to log output from regress commands; ok markus@
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
djm [Wed, 2 Mar 2005 01:05:06 +0000 (01:05 +0000)]
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
[ssh-keygen.1]
sort options (no attempt made at synopsis clean up though);
spelling (occurance -> occurrence);
use prompt before examples;
grammar;
djm [Tue, 1 Mar 2005 10:48:35 +0000 (10:48 +0000)]
- djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
add tools for managing known_hosts files with hashed hostnames, including
hashing existing files and deleting hosts by name; ok markus@ deraadt@
djm [Tue, 1 Mar 2005 10:47:37 +0000 (10:47 +0000)]
- djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
djm [Tue, 1 Mar 2005 10:24:33 +0000 (10:24 +0000)]
- djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
djm [Tue, 1 Mar 2005 10:17:31 +0000 (10:17 +0000)]
- djm@cvs.openbsd.org 2005/02/28 00:54:10
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
dtucker [Fri, 25 Feb 2005 23:12:38 +0000 (23:12 +0000)]
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
binaries without the config files. Primarily useful for packaging.
Patch from phil at usc.edu. ok djm@
dtucker [Fri, 25 Feb 2005 23:07:37 +0000 (23:07 +0000)]
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
more. Patch from vinschen at redhat.com.
dtucker [Sun, 20 Feb 2005 10:01:48 +0000 (10:01 +0000)]
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
dtucker [Wed, 16 Feb 2005 05:47:37 +0000 (05:47 +0000)]
- (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
dtucker [Wed, 16 Feb 2005 05:19:17 +0000 (05:19 +0000)]
- (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
Unix; prevents problems relating to the location of -lresolv in the
link order.
dtucker [Tue, 15 Feb 2005 10:45:57 +0000 (10:45 +0000)]
- (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@