dtucker [Wed, 30 Jun 2004 10:34:31 +0000 (10:34 +0000)]
- (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
appdata_ptr to the conversation function. ok djm@
By rights we should free the messages too, but if this happens then one
of the modules has already proven itself to be buggy so can we trust
the messages?
dtucker [Mon, 28 Jun 2004 06:01:19 +0000 (06:01 +0000)]
- (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
rename handling for Linux which returns EPERM for link() on (at least some)
filesystems that do not support hard links. sftp-server will fall back to
stat+rename() in such cases.
djm [Fri, 25 Jun 2004 22:16:31 +0000 (22:16 +0000)]
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
dtucker [Fri, 25 Jun 2004 07:06:02 +0000 (07:06 +0000)]
- dtucker@cvs.openbsd.org 2004/06/25 05:38:48
[sftp-server.c]
Fall back to stat+rename if filesystem doesn't doesn't support hard
links. bz#823, ok djm@
dtucker [Fri, 25 Jun 2004 03:34:31 +0000 (03:34 +0000)]
- djm@cvs.openbsd.org 2004/06/25 01:16:09
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
dtucker [Tue, 22 Jun 2004 23:28:20 +0000 (23:28 +0000)]
- dtucker@cvs.openbsd.org 2004/06/22 22:55:56
[regress/dynamic-forward.sh regress/test-exec.sh]
Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
dtucker [Tue, 22 Jun 2004 23:25:02 +0000 (23:25 +0000)]
- dtucker@cvs.openbsd.org 2004/06/22 22:45:52
[regress/test-exec.sh]
Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
arbitary options to sshd_config and ssh_config during tests. ok markus@
dtucker [Tue, 22 Jun 2004 02:30:53 +0000 (02:30 +0000)]
- djm@cvs.openbsd.org 2004/06/20 18:53:39
[sftp.c]
make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
(like /bin/ls); idea & ok markus@
djm [Fri, 18 Jun 2004 12:23:22 +0000 (12:23 +0000)]
- djm@cvs.openbsd.org 2004/06/18 11:11:54
[channels.c clientloop.c]
Don't explode in clientloop when we receive a bogus channel id, but
also don't generate them to begin with; ok markus@
djm [Fri, 18 Jun 2004 12:20:57 +0000 (12:20 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/18 10:40:19
[ssh.c]
delay signal handler setup until we have finished talking to the master.
allow interrupting of setup (e.g. if master is stuck); ok markus@
dtucker [Wed, 16 Jun 2004 10:22:22 +0000 (10:22 +0000)]
- djm@cvs.openbsd.org 2004/06/13 15:04:08
[regress/Makefile regress/test-exec.sh, added regress/multiplex.sh]
regress test for client multiplexing; ok markus@
djm [Tue, 15 Jun 2004 00:34:08 +0000 (00:34 +0000)]
- djm@cvs.openbsd.org 2004/06/13 15:03:02
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
[readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
implement session multiplexing in the client (the server has supported
this since 2.0); ok markus@
djm [Tue, 15 Jun 2004 00:30:39 +0000 (00:30 +0000)]
- dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
List supported ciphers in man pages, tidy up ssh -c;
"looks fine" jmc@, ok markus@
tim [Mon, 31 May 2004 04:38:51 +0000 (04:38 +0000)]
- (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
- (tim) [buildpkg.sh.in] New file. A more flexible version of
contrib/solaris/buildpkg.sh used for "make package".
dtucker [Sun, 30 May 2004 12:04:56 +0000 (12:04 +0000)]
- (dtucker) [auth-pam.c] Use an invalid password for root if
PermitRootLogin != yes or the login is invalid, to prevent leaking
information. Based on Openwall's owl-always-auth patch. ok djm@
dtucker [Wed, 26 May 2004 23:59:31 +0000 (23:59 +0000)]
- (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
and Jim Knoble's email address , from Jim himself.
dtucker [Mon, 24 May 2004 01:55:36 +0000 (01:55 +0000)]
- (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
is terminated if the privsep slave exits during keyboard-interactive
authentication. ok djm@
dtucker [Mon, 24 May 2004 00:18:05 +0000 (00:18 +0000)]
- djm@cvs.openbsd.org 2004/05/21 11:33:11
[channels.c channels.h clientloop.c serverloop.c ssh.1]
bz #756: add support for the cancel-tcpip-forward request for the server and
the client (through the ~C commandline). reported by z3p AT twistedmatrix.com;
ok markus@