dtucker [Mon, 8 Mar 2004 12:02:13 +0000 (12:02 +0000)]
- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
dtucker [Mon, 8 Mar 2004 11:21:58 +0000 (11:21 +0000)]
- (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
inherited by the child. ok djm@
dtucker [Sun, 29 Feb 2004 09:15:08 +0000 (09:15 +0000)]
- dtucker@cvs.openbsd.org 2004/02/27 22:49:27
[dh.c]
Reset bit counter at the right time, fixes debug output in the case where
the DH group is rejected. ok markus@
dtucker [Sun, 29 Feb 2004 09:13:34 +0000 (09:13 +0000)]
- dtucker@cvs.openbsd.org 2004/02/27 22:44:56
[dh.c]
Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
ever uses one. ok markus@
dtucker [Sun, 29 Feb 2004 09:12:33 +0000 (09:12 +0000)]
- dtucker@cvs.openbsd.org 2004/02/27 22:42:47
[dh.c]
Prevent sshd from sending DH groups with a primitive generator of zero or
one, even if they are listed in /etc/moduli. ok markus@
djm [Tue, 24 Feb 2004 02:05:11 +0000 (02:05 +0000)]
- (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime
using sysconf() if available Based on patches from
holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
dtucker [Mon, 23 Feb 2004 23:37:33 +0000 (23:37 +0000)]
- (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
with krb5-config, hunt down gssapi.h and friends. Based partially on patch
from deengert at anl.gov.
For the MIT Kerberos bug against krb5-config related to this see:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=2240
dtucker [Mon, 23 Feb 2004 22:21:41 +0000 (22:21 +0000)]
- markus@cvs.openbsd.org 2004/02/23 15:12:46
[bufaux.c]
encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka
and drop support for negative BNs; ok otto@
dtucker [Tue, 17 Feb 2004 12:20:07 +0000 (12:20 +0000)]
- (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
display after login. Should fix problems like pam_motd not displaying
anything, noticed by cjwatson at debian.org. ok djm@
djm [Tue, 17 Feb 2004 06:07:59 +0000 (06:07 +0000)]
- djm@cvs.openbsd.org 2004/02/17 05:39:51
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
[sftp-int.h sftp.c]
switch to license.template for code written by me (belated, I know...)
tim [Thu, 12 Feb 2004 15:17:10 +0000 (15:17 +0000)]
[Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
Portablity fixes. Data sftp transfers needs to be world readable. Some
older shells hang on while loops when doing sh -n some_script. OK dtucker@
dtucker [Tue, 10 Feb 2004 04:27:34 +0000 (04:27 +0000)]
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
include from port-aix.h to port-aix.c and remove unnecessary function
definition. Fixes build errors on AIX.
#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c. Sigh.
dtucker [Tue, 10 Feb 2004 02:23:28 +0000 (02:23 +0000)]
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
dtucker [Tue, 10 Feb 2004 02:01:14 +0000 (02:01 +0000)]
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
dtucker [Fri, 6 Feb 2004 23:41:48 +0000 (23:41 +0000)]
- dtucker@cvs.openbsd.org 2004/02/06 23:41:13
[cipher-ctr.c]
Use EVP_CIPHER_CTX_key_length for key length. ok markus@
(This will fix builds with OpenSSL 0.9.5)
dtucker [Fri, 6 Feb 2004 05:24:31 +0000 (05:24 +0000)]
- markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
dtucker [Fri, 6 Feb 2004 05:17:51 +0000 (05:17 +0000)]
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
dtucker [Fri, 6 Feb 2004 04:59:06 +0000 (04:59 +0000)]
- (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
for HP-UX 11.11. If there are known-good configs where this is not
required, please report them. ok djm@
dtucker [Fri, 30 Jan 2004 01:58:51 +0000 (01:58 +0000)]
- dtucker@cvs.openbsd.org 2003/10/11 11:49:49
[Makefile banner.sh]
Test missing banner file, suppression of banner with ssh -q, check return
code from ssh. ok markus@
djm [Tue, 27 Jan 2004 10:22:00 +0000 (10:22 +0000)]
- djm@cvs.openbsd.org 2004/01/27 10:08:10
[sftp.c]
reorder parsing so user:skey@host:file works (bugzilla #777)
patch from admorten AT umich.edu; ok markus@
djm [Tue, 27 Jan 2004 10:21:27 +0000 (10:21 +0000)]
- djm@cvs.openbsd.org 2004/01/25 03:49:09
[sshconnect.c]
reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
from jclonguet AT free.fr; ok millert@
djm [Tue, 27 Jan 2004 10:20:11 +0000 (10:20 +0000)]
- mouring@cvs.openbsd.org 2004/01/23 17:57:48
[sftp-int.c]
Fix issue pointed out with ls not handling large directories
with embeded paths correctly. OK damien@
djm [Tue, 27 Jan 2004 10:19:21 +0000 (10:19 +0000)]
- (djm) OpenBSD CVS Sync
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
[cipher.c]
enable acss for ssh
ok deraadt@ markus@
- (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
if libcrypto lacks it