- markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth.h]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
- markus@cvs.openbsd.org 2003/08/26 09:58:43
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
- (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session
management (now done in do_setusercontext). Largely from
michael_steffens AT hp.com
- markus@cvs.openbsd.org 2003/08/31 10:26:04
[progressmeter.c]
pass file_size + 1 to snprintf: fixes printing of truncated
file names; fix based on patch/report from sturm@;
- markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
dtucker [Tue, 26 Aug 2003 01:49:55 +0000 (01:49 +0000)]
- markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
mouring [Mon, 25 Aug 2003 01:16:21 +0000 (01:16 +0000)]
- (bal) redo how we handle 'mysignal()'. Move it to
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
be our 'mysignal' by default. OK djm@
dtucker [Thu, 21 Aug 2003 06:49:41 +0000 (06:49 +0000)]
- (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros,
change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for
consistency.
dtucker [Wed, 13 Aug 2003 10:48:07 +0000 (10:48 +0000)]
- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
Add a tcsendbreak function for platforms that don't have one, based on the
one from OpenBSD.
Any more of these and I'll split them out into bsd-termio.[ch].
dtucker [Mon, 11 Aug 2003 12:55:36 +0000 (12:55 +0000)]
- (dtucker) OpenBSD CVS Sync
(thanks to Simon Wilkinson for help with this -dt)
- markus@cvs.openbsd.org 2003/07/16 15:02:06
[auth-krb5.c]
mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
otherwise the kerberos credentinal is stored in a memory cache
in the privileged sshd. ok jabob@, hin@ (some time ago)
dtucker [Fri, 8 Aug 2003 02:15:11 +0000 (02:15 +0000)]
- (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and
AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition
separately before defining them.
dtucker [Thu, 7 Aug 2003 05:58:28 +0000 (05:58 +0000)]
- (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if
not already defined (eg Linux with some versions of libc5), based on those
from OpenBSD.
dtucker [Sat, 2 Aug 2003 13:51:38 +0000 (13:51 +0000)]
- (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile.
Should have added with this sync:
- djm@cvs.openbsd.org 2003/07/28 09:49:56
[ssh-keygen.1 ssh-keygen.c]
Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
Based on code from Phil Karn, William Allen Simpson and Niels Provos.
ok markus@, thanks jmc@
dtucker [Sat, 2 Aug 2003 13:28:38 +0000 (13:28 +0000)]
- markus@cvs.openbsd.org 2003/07/29 18:24:00
[LICENCE progressmeter.c]
replace 4 clause BSD licensed progressmeter code with a replacement
from Nils Nordman and myself; ok deraadt@
(copied from OpenBSD an re-applied portable changes)
dtucker [Sat, 2 Aug 2003 12:40:07 +0000 (12:40 +0000)]
- djm@cvs.openbsd.org 2003/07/28 09:49:56
[ssh-keygen.1 ssh-keygen.c]
Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
Based on code from Phil Karn, William Allen Simpson and Niels Provos.
ok markus@, thanks jmc@
- (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
and isolate shadow password functions. Tested in Solaris, but should
not break other platforms too badly (except maybe HP =). Also brings
auth-passwd.c into full sync with OpenBSD tree.
- markus@cvs.openbsd.org 2003/07/14 12:36:37
[sshd.c]
remove undocumented -V option. would be only useful if openssh is used
as ssh v1 server for ssh.com's ssh v2.
- markus@cvs.openbsd.org 2003/07/10 14:42:28
[packet.c]
the 2^(blocksize*2) rekeying limit is too expensive for 3DES,
blowfish, etc, so enforce a 1GB limit for small blocksizes.
- avsm@cvs.openbsd.org 2003/07/09 13:58:19
[key.c]
minor tweak: when generating the hex fingerprint, give strlcat the full
bound to the buffer, and add a comment below explaining why the
zero-termination is one less than the bound. markus@ ok
- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry-
specific functions. Based on patch by cawlfiel@us.ibm.com.
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.