- (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
calls to krb5_init_ets, which has not been required since krb-1.1.x and
most Kerberos versions no longer export in their public API. From sxw
at inf.ed.ac.uk, ok djm@
- (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
in the case where the buffer is insufficient, so always return ENOMEM.
Also pointed out by sxw at inf.ed.ac.uk.
- [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
Kerberos code path into a common function and expand mkstemp template to be
consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
- djm@cvs.openbsd.org 2005/07/04 00:58:43
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
implement support for X11 and agent forwarding over multiplex slave
connections. Because of protocol limitations, the slave connections inherit
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
their own.
ok dtucker@ "put it in" deraadt@
djm [Sat, 18 Jun 2005 21:31:37 +0000 (21:31 +0000)]
- djm@cvs.openbsd.org 2005/05/20 12:57:01;
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
dtucker [Fri, 17 Jun 2005 11:15:20 +0000 (11:15 +0000)]
- (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
and ok tim@
----------------------------------------------------------------------
automatically CVS: CVS: Committing in . CVS: CVS: Modified Files:
----------------------------------------------------------------------
djm [Thu, 16 Jun 2005 03:21:17 +0000 (03:21 +0000)]
- dtucker@cvs.openbsd.org 2005/06/09 13:43:49
[cipher.c]
Correctly initialize end of array sentinel; ok djm@
(Id sync only, change already in portable)
djm [Thu, 16 Jun 2005 03:18:04 +0000 (03:18 +0000)]
- (djm) OpenBSD CVS Sync
- jaredy@cvs.openbsd.org 2005/06/07 13:25:23
[progressmeter.c]
catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
dtucker [Thu, 9 Jun 2005 11:45:10 +0000 (11:45 +0000)]
- (dtucker) [cipher.c openbsd-compat/Makefile.in
openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
Move compatibility code for supporting older OpenSSL versions to the
compat layer. Suggested by and "no objection" djm@
dtucker [Tue, 7 Jun 2005 07:53:40 +0000 (07:53 +0000)]
- (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
in today's episode we attempt to coax it from limits.h where it may be
hiding, failing that we take the DIY approach. Tested by tim@
dtucker [Fri, 3 Jun 2005 07:58:31 +0000 (07:58 +0000)]
- (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
defined, and check that it helps before keeping it in CFLAGS. Some old
gcc's don't set an error code when encountering an unknown value in -std.
Found and tested by tim@.
tim [Fri, 3 Jun 2005 03:28:29 +0000 (03:28 +0000)]
- (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
must be run on all platforms) Add missing ;; to case statement. OK dtucker@
dtucker [Wed, 1 Jun 2005 13:08:51 +0000 (13:08 +0000)]
- djm@cvs.openbsd.org 2005/05/27 08:30:37
[ssh.c]
fix -O for cases where no ControlPath has been specified or socket at
ControlPath is not contactable; spotted by and ok avsm@
dtucker [Wed, 1 Jun 2005 13:01:12 +0000 (13:01 +0000)]
- avsm@cvs.openbsd.org 2005/05/26 02:08:05
[scp.c]
If copying multiple files to a target file (which normally fails, as it
must be a target directory), kill the spawned ssh child before exiting.
This stops it trying to authenticate and spewing lots of output.
deraadt@ ok
dtucker [Sun, 29 May 2005 00:28:48 +0000 (00:28 +0000)]
20050529
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
argument to passwdexpired to be initialized to NULL. Suggested by tim@
While at it, initialize the other arguments to auth functions in case they
ever acquire this behaviour.
dtucker [Sat, 28 May 2005 10:28:39 +0000 (10:28 +0000)]
- (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
per the autoconf man page. Configure should always define them but it
doesn't hurt to check.
dtucker [Fri, 27 May 2005 11:13:40 +0000 (11:13 +0000)]
- (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
Required changes from Bernhard Simon, integrated by me. ok djm@
djm [Thu, 26 May 2005 10:48:25 +0000 (10:48 +0000)]
- (djm) [configure.ac openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
Add strtonum(3) from OpenBSD libc, new code needs it.
Unfortunately Linux forces us to do a bizarre dance with compiler
options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
dtucker [Thu, 26 May 2005 10:12:15 +0000 (10:12 +0000)]
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
templates for _getshort and _getlong if missing to prevent compiler warnings
on Linux.
dtucker [Thu, 26 May 2005 09:59:48 +0000 (09:59 +0000)]
- (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
warning: dereferencing type-punned pointer will break strict-aliasing rules
warning: passing arg 3 of `pam_get_item' from incompatible pointer type
The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
djm [Thu, 26 May 2005 02:23:44 +0000 (02:23 +0000)]
- avsm@cvs.openbsd.org 2005/05/24 17:32:44
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
[ssh-keyscan.c sshconnect.c]
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
djm [Thu, 26 May 2005 02:16:18 +0000 (02:16 +0000)]
- avsm@cvs.openbsd.org 2005/05/23 22:44:01
[moduli.c ssh-keygen.c]
- removes signed/unsigned comparisons in moduli generation
- use strtonum instead of atoi where its easier
- check some strlcpy overflow and fatal instead of truncate
djm [Thu, 26 May 2005 02:05:05 +0000 (02:05 +0000)]
- djm@cvs.openbsd.org 2005/04/21 11:47:19
[ssh.c]
don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
djm [Thu, 26 May 2005 02:04:02 +0000 (02:04 +0000)]
- djm@cvs.openbsd.org 2005/04/21 06:17:50
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
variable, so don't say that we do (bz #623); ok deraadt@
djm [Thu, 26 May 2005 02:02:14 +0000 (02:02 +0000)]
- djm@cvs.openbsd.org 2005/04/09 04:32:54
[misc.c misc.h tildexpand.c Makefile.in]
replace tilde_expand_filename with a simpler implementation, ahead of
more whacking; ok deraadt@
djm [Thu, 26 May 2005 02:01:22 +0000 (02:01 +0000)]
- dtucker@cvs.openbsd.org 2005/04/06 12:26:06
[ssh.c]
Fix debug call for port forwards; patch from pete at seebeyond.com,
ok djm@ (ID sync only - change already in portable)
dtucker [Wed, 25 May 2005 09:42:10 +0000 (09:42 +0000)]
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
allocation when retrieving core Windows environment. Add CYGWIN variable
to propagated variables. Patch from vinschen at redhat.com, ok djm@
dtucker [Wed, 25 May 2005 06:18:09 +0000 (06:18 +0000)]
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
USE_POSIX_THREADS will now generate an error so we don't silently change
behaviour. ok djm@
dtucker [Tue, 3 May 2005 09:05:32 +0000 (09:05 +0000)]
- (dtucker) [canohost.c] normalise socket addresses returned by
get_remote_hostname(). This means that IPv4 addresses in log messages
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
addresses only for 4-in-6 mapped connections, regardless of whether
or not the machine is IPv6 enabled. ok djm@
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
"make tests" works even if you'r building on a filesystem that doesn't
support sockets. From deengert at anl.gov, ok djm@
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
existence of a process since it's more portable. Found by jbasney at
ncsa.uiuc.edu; ok tim@