dtucker [Thu, 20 Jan 2005 03:29:03 +0000 (03:29 +0000)]
- (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
existence via keyboard-interactive/pam, in conjunction with previous
auth2-chall.c change; with Colin Watson and djm.
dtucker [Thu, 20 Jan 2005 03:27:39 +0000 (03:27 +0000)]
- dtucker@cvs.openbsd.org 2005/01/19 13:11:47
[auth-bsdauth.c auth2-chall.c]
Have keyboard-interactive code call the drivers even for responses for
invalid logins. This allows the drivers themselves to decide how to
handle them and prevent leaking information where possible. Existing
behaviour for bsdauth is maintained by checking authctxt->valid in the
bsdauth driver. Note that any third-party kbdint drivers will now need
to be able to handle responses for invalid logins. ok markus@
dtucker [Tue, 2 Nov 2004 09:29:53 +0000 (09:29 +0000)]
- (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
only if a conflict is detected.
- (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way
/etc/nologin is handled. ok djm@
dtucker [Mon, 30 Aug 2004 10:42:08 +0000 (10:42 +0000)]
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
copy required environment variables on Cygwin. Patch from vinschen at
redhat.com, ok djm@
dtucker [Sun, 29 Aug 2004 11:43:33 +0000 (11:43 +0000)]
- (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
accounts with authentication configs that sshd can't support (ie
SYSTEM=NONE and AUTH1=something).
dtucker [Sun, 29 Aug 2004 09:39:09 +0000 (09:39 +0000)]
- (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
dtucker [Sun, 29 Aug 2004 07:14:31 +0000 (07:14 +0000)]
- (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
down, needed on some platforms, should be harmless on others. Patch from
jason at devrandom.org.
dtucker [Sun, 29 Aug 2004 06:31:28 +0000 (06:31 +0000)]
- dtucker@cvs.openbsd.org 2004/08/23 14:26:38
[ssh-keysign.c ssh.c]
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
change in Portable; ok markus@ (CVS ID sync only)
dtucker [Sun, 29 Aug 2004 06:12:29 +0000 (06:12 +0000)]
- (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
dtucker [Sat, 14 Aug 2004 14:09:11 +0000 (14:09 +0000)]
- (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
all auth types.
dtucker [Thu, 12 Aug 2004 12:49:00 +0000 (12:49 +0000)]
- djm@cvs.openbsd.org 2004/08/11 11:59:22
[sshlogin.c]
check that lseek went were we told it to; ok markus@
(Id sync only, but similar changes are needed in loginrec.c)
- djm@cvs.openbsd.org 2004/07/21 11:51:29
[canohost.c]
bz#902: cache remote port so we don't fatal() in auth_log when remote
connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
ok markus@
- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
- dtucker@cvs.openbsd.org 2004/07/03 11:02:25
[monitor_wrap.c]
Put s/key functions inside #ifdef SKEY same as monitor.c,
from des@freebsd via bz #330, ok markus@
- dtucker@cvs.openbsd.org 2004/07/03 05:11:33
[sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
Use '\0' not 0 for string; ok djm@, deraadt@
tim [Fri, 2 Jul 2004 03:41:15 +0000 (03:41 +0000)]
- (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
the same version. Handle the case where someone uses --with-privsep-user=
and the user name does not match the group name. ok dtucker@