| Age | Commit message (Collapse) | Author |
|---|
|
[packet.c]
remove __FUNCTION__
|
|
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
|
|
[monitor.c]
only allow enabled authentication methods; ok provos@
|
|
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
|
|
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
|
|
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
|
|
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
|
|
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
|
|
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
|
|
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
|
|
[ssh.1 sshd.8]
spelling
|
|
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
|
|
|
|
[uidswap.c]
format spec change/casts and some KNF; ok markus@
|
|
[monitor_mm.c]
print strerror(errno) on mmap/munmap error; ok markus@
|
|
[ssh.1]
sort ChallengeResponseAuthentication; ok markus@
|
|
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
|
|
[sshconnect2.c]
execlp->execl; from stevesk
|
|
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
|
|
[ssh.c]
add comment about ssh-keysign
|
|
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
|
|
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
|
|
[log.h]
extra commas in enum not 100% portable
|
|
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
|
|
[cipher.c kex.h mac.c]
fix warnings (openssl 0.9.7 requires const)
|
|
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
|
|
setsockopt from debug to error for now).
|
|
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
|
|
|
|
|
|
|
|
(also missed changelog message)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- markus@cvs.openbsd.org 2002/05/15 21:05:29
[version.h]
enter OpenSSH_3.2.2
- (bal) Caldara, Suse, and Redhat openssh.specs updated.
|
|
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
|
|
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
|
|
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
|
|
|
|
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
|
|
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
|
|
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
|
|
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
|
|
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
|
|
[ssh.h]
typo in comment
|
|
[ssh.h]
move to sshd.sshd instead
|
