Age | Commit message (Collapse) | Author |
|
Works around limitation in Solaris' passwd program for changing passwords
where the username is longer than 8 characters. ok djm@
|
|
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
on the pty slave as zero-length reads on the pty master, which sshd
interprets as the descriptor closing. Since most things don't do zero
length writes this rarely matters, but occasionally it happens, and when
it does the SSH pty session appears to hang, so we add a special case for
this condition. ok djm@
|
|
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
from reyk@, tested by anil@
|
|
|
|
[ssh-agent.c]
always use a format string, even when printing a constant
- djm@cvs.openbsd.org 2006/06/13 02:17:07
[ssh-agent.c]
revert; i am on drugs. spotted by alexander AT beard.se
|
|
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
do not set the gid, noted by solar; ok djm
|
|
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
|
|
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
|
|
[ssh-add.c]
Sync usage() with man page and reality.
ok deraadt dtucker
|
|
[ssh.1]
add GSSAPI to the list of authentication methods supported;
|
|
[ssh_config.5]
oops - previous was too long; split the list of auths up
|
|
[ssh_config]
Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
ssh_config. ok markus@
|
|
[ssh_config.5]
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
|
|
[kexdhc.c kexgexc.c]
paramter -> parameter
|
|
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
fix leak; coverity via Kylene Jo Hall
|
|
[clientloop.c]
missing free; from Kylene Hall
|
|
[sshconnect2.c]
uint32_t -> u_int32_t (which we use everywhere else)
(Id sync only - portable already had this)
|
|
and slave, we can remove the special-case handling in the audit hook in
auth_log.
|
|
pointer leak. From kjhall at us.ibm.com, found by coverity.
|
|
|
|
do not allow kbdint again after the PAM account check fails. ok djm@
|
|
default. Patch originally from tim@, ok djm
|
|
_res, prevents problems on some platforms that have _res as a global but
don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
georg.schwarz at freenet.de, ok djm@.
|
|
[auth-krb5.c]
Add $OpenBSD$ in comment here too
|
|
[OVERVIEW]
$OpenBSD$ in here too
|
|
[dh.c]
tighter DH exponent checks here too; feedback and ok markus@
|
|
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
|
|
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
|
|
and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
"no objections" tim@
|
|
|
|
sig_atomic_t
|
|
[crc32.c]
remove extra spaces
|
|
[uidswap.c]
use setres[ug]id() to permanently revoke privileges; ok deraadt@
(ID Sync only - portable already uses setres[ug]id() whenever possible)
|
|
[includes.h session.c sftp.c]
Switch from using pipes to socketpairs for communication between
sftp/scp and ssh, and between sshd and its subprocesses. This saves
a file descriptor per session and apparently makes userland ppp over
ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
decision on a per-platform basis)
|
|
[sshconnect.c]
simplify; ok djm@
|
|
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
replace the last non-sig_atomic_t flag used in a signal handler with a
sig_atomic_t, unfortunately with some knock-on effects in other (non-
signal) contexts in which it is used; ok markus@
|
|
[bufaux.c bufbn.c]
Move Buffer bignum functions into their own file, bufbn.c. This means
that sftp and sftp-server (which use the Buffer functions in bufaux.c
but not the bignum ones) no longer need to be linked with libcrypto.
ok markus@
|
|
[atomicio.c]
reorder sanity test so that it cannot dereference past the end of the
iov array; well spotted canacar@!
|
|
[sftp-client.c]
avoid making a tiny 4-byte write to send the packet length of sftp
commands, which would result in a separate tiny packet on the wire by
using atomiciov(writev, ...) to write the length and the command in one
pass; ok deraadt@
|
|
[atomicio.c atomicio.h]
introduce atomiciov() function that wraps readv/writev to retry
interrupted transfers like atomicio() does for read/write;
feedback deraadt@ dtucker@ stevesk@ ok deraadt@
|
|
[buffer.c buffer.h channels.c]
Fix condition where we could exit with a fatal error when an input
buffer became too large and the remote end had advertised a big window.
The problem was a mismatch in the backoff math between the channels code
and the buffer code, so make a buffer_check_alloc() function that the
channels code can use to propsectivly check whether an incremental
allocation will succeed. bz #1131, debugged with the assistance of
cove AT wildpackets.com; ok dtucker@ deraadt@
|
|
[gss-genr.c]
GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
by dleonard AT vintela.com. use xasprintf() to simplify code while in
there; "looks right" deraadt@
|
|
[ssh-keysign.c]
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
|
|
[scp.c]
xasprintification; ok deraadt@
|
|
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
[scp.c]
minimal lint cleanup (unused crud, and some size_t); ok djm
|
|
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880; ok dtucker@
|
|
mapped addresses; bz #1179 reported by markw wtech-llc.com;
ok dtucker@
|
|
[ssh_config.5]
remote user escape is %r not %h; spotted by jmc@
|
|
[ssh_config.5]
kill trailing whitespace;
|
|
[auth.c monitor.c]
Prevent duplicate log messages when privsep=yes; ok djm@
|