summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2005-02-16Document the path to seed_rng betterDarren Tucker
2005-02-16 - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be calledDarren Tucker
via mkstemp in some configurations. ok djm@
2005-02-16write seed to temporary file and atomically rename into place; ok dtucker@Damien Miller
2005-02-16knf: function names at start of lineDamien Miller
2005-02-15IPv6 works on AIX5.1ML7 too.Darren Tucker
2005-02-15 - (dtucker) [loginrec.c] Add missing #include.Darren Tucker
2005-02-15 - (dtucker) [README.platform auth.c configure.ac loginrec.cDarren Tucker
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@
2005-02-15 - (dtucker) [config.sh.in] Collect oslevel -r too.Darren Tucker
2005-02-11 - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.Darren Tucker
2005-02-11 - (dtucker) [configure.ac] Tidy up configure --help output.Darren Tucker
2005-02-10 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for theDarren Tucker
--disable-etc-default-login configure option.
2005-02-09 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) requireDarren Tucker
the username to be passed to the passwd command when changing expired passwords. ok djm@
2005-02-09 - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dirDarren Tucker
paths. ok djm@
2005-02-09 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't callDarren Tucker
disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@
2005-02-09 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57Darren Tucker
[sshd.c] Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08Darren Tucker
[monitor.c] Make code match intent; ok djm@
2005-02-09 - jmc@cvs.openbsd.org 2005/01/28 18:14:09Darren Tucker
[ssh_config.5] wording; ok markus@
2005-02-09 - jmc@cvs.openbsd.org 2005/01/28 15:05:43Darren Tucker
[ssh_config.5] grammar;
2005-02-09 - dtucker@cvs.openbsd.org 2005/01/28 09:45:53Darren Tucker
[ssh_config] Make it clear that the example entries in ssh_config are only some of the commonly-used options and refer the user to ssh_config(5) for more details; ok djm@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-08 - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.Darren Tucker
2005-02-08 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for theDarren Tucker
regress tests so newer versions of GNU head(1) behave themselves. Patch by djm, so ok me.
2005-02-04 - (dtucker) [auth.c] Fix parens in audit log check.Darren Tucker
2005-02-04 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.Darren Tucker
2005-02-03typoDarren Tucker
2005-02-03 - (dtucker) [added audit.c audit.h] Bug #125: (first stage) Add auditDarren Tucker
instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2005-02-02 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]Darren Tucker
Bug #974: Teach sshd to write failed login records to btmp for failed auth attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@
2005-02-02 - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to childDarren Tucker
the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case.
2005-02-02 - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]Darren Tucker
Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-02-02 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpathDarren Tucker
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
2005-02-01 - (dtucker) [sshd_config.5] Bug #701: remove warning aboutDarren Tucker
keyboard-interactive since this is no longer the case.
2005-02-01 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on someDarren Tucker
platforms syslog will revert to its default values. This may result in messages from external libraries (eg libwrap) being sent to a different facility.
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13Darren Tucker
[auth-passwd.c] #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/24 10:29:06Darren Tucker
[moduli] Import new moduli; requested by deraadt@ a week ago
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/24 10:22:06Darren Tucker
[scp.c sftp.c] Have scp and sftp wait for the spawned ssh to exit before they exit themselves. This prevents ssh from being unable to restore terminal modes (not normally a problem on OpenBSD but common with -Portable on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950); ok djm@ markus@
2005-01-24 - djm@cvs.openbsd.org 2005/01/23 10:18:12Darren Tucker
[cipher.c] config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59Darren Tucker
[auth.c] Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. bz #909, ok djm@
2005-01-24 - otto@cvs.openbsd.org 2005/01/21 08:32:02Darren Tucker
[auth-passwd.c sshd.c] Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@
2005-01-20 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam fromDarren Tucker
the list of available kbdint devices if UsePAM=no. ok djm@
2005-01-20 - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128Darren Tucker
bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
2005-01-20Oops, did not intend to commit this yetDarren Tucker
2005-01-20 - djm@cvs.openbsd.org 2004/12/22 02:13:19Darren Tucker
[cipher-ctr.c cipher.c] remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@ (Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about userDarren Tucker
existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm.
2005-01-20 - dtucker@cvs.openbsd.org 2005/01/19 13:11:47Darren Tucker
[auth-bsdauth.c auth2-chall.c] Have keyboard-interactive code call the drivers even for responses for invalid logins. This allows the drivers themselves to decide how to handle them and prevent leaking information where possible. Existing behaviour for bsdauth is maintained by checking authctxt->valid in the bsdauth driver. Note that any third-party kbdint drivers will now need to be able to handle responses for invalid logins. ok markus@
2005-01-20 - dtucker@cvs.openbsd.org 2005/01/17 22:48:39Darren Tucker
[sshd.c] Make debugging output continue after reexec; ok djm@
2005-01-20 - dtucker@cvs.openbsd.org 2005/01/17 03:25:46Darren Tucker
[moduli.c] Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 - jmc@cvs.openbsd.org 2005/01/08 00:41:19Darren Tucker
[sshd_config.5] `login'(n) -> `log in'(v);
2005-01-20 - markus@cvs.openbsd.org 2005/01/05 08:51:32Darren Tucker
[sshconnect.c] remove dead code, log connect() failures with level error, ok djm@
2005-01-20 - djm@cvs.openbsd.org 2004/12/23 23:11:00Darren Tucker
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@