Age | Commit message (Collapse) | Author |
|
[clientloop.c]
mention optional bind_address in runtime port forwarding setup
command-line help. patch from santhi.amirta AT gmail.com
|
|
- djm@cvs.openbsd.org 2006/06/14 10:50:42
[sshconnect.c]
limit the number of pre-banner characters we will accept; ok markus@
|
|
|
|
|
|
compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
configure would not select the correct libpath linker flags.
|
|
|
|
|
|
target already exists.
|
|
version.
|
|
prevents warnings on platforms where _res is in the system headers.
|
|
declaration too. Patch from russ at sludge.net.
|
|
with autoconf 2.60. Patch from vapier at gentoo.org.
|
|
only, otherwise sshd can hang exiting non-interactive sessions.
|
|
#1102 workaround.
|
|
Works around limitation in Solaris' passwd program for changing passwords
where the username is longer than 8 characters. ok djm@
|
|
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
on the pty slave as zero-length reads on the pty master, which sshd
interprets as the descriptor closing. Since most things don't do zero
length writes this rarely matters, but occasionally it happens, and when
it does the SSH pty session appears to hang, so we add a special case for
this condition. ok djm@
|
|
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
from reyk@, tested by anil@
|
|
|
|
[ssh-agent.c]
always use a format string, even when printing a constant
- djm@cvs.openbsd.org 2006/06/13 02:17:07
[ssh-agent.c]
revert; i am on drugs. spotted by alexander AT beard.se
|
|
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
do not set the gid, noted by solar; ok djm
|
|
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
|
|
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
|
|
[ssh-add.c]
Sync usage() with man page and reality.
ok deraadt dtucker
|
|
[ssh.1]
add GSSAPI to the list of authentication methods supported;
|
|
[ssh_config.5]
oops - previous was too long; split the list of auths up
|
|
[ssh_config]
Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
ssh_config. ok markus@
|
|
[ssh_config.5]
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
|
|
[kexdhc.c kexgexc.c]
paramter -> parameter
|
|
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
fix leak; coverity via Kylene Jo Hall
|
|
[clientloop.c]
missing free; from Kylene Hall
|
|
[sshconnect2.c]
uint32_t -> u_int32_t (which we use everywhere else)
(Id sync only - portable already had this)
|
|
and slave, we can remove the special-case handling in the audit hook in
auth_log.
|
|
pointer leak. From kjhall at us.ibm.com, found by coverity.
|
|
|
|
do not allow kbdint again after the PAM account check fails. ok djm@
|
|
default. Patch originally from tim@, ok djm
|
|
_res, prevents problems on some platforms that have _res as a global but
don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
georg.schwarz at freenet.de, ok djm@.
|
|
[auth-krb5.c]
Add $OpenBSD$ in comment here too
|
|
[OVERVIEW]
$OpenBSD$ in here too
|
|
[dh.c]
tighter DH exponent checks here too; feedback and ok markus@
|
|
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
|
|
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
|
|
and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
"no objections" tim@
|
|
|
|
sig_atomic_t
|
|
[crc32.c]
remove extra spaces
|
|
[uidswap.c]
use setres[ug]id() to permanently revoke privileges; ok deraadt@
(ID Sync only - portable already uses setres[ug]id() whenever possible)
|
|
[includes.h session.c sftp.c]
Switch from using pipes to socketpairs for communication between
sftp/scp and ssh, and between sshd and its subprocesses. This saves
a file descriptor per session and apparently makes userland ppp over
ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
decision on a per-platform basis)
|
|
[sshconnect.c]
simplify; ok djm@
|
|
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
replace the last non-sig_atomic_t flag used in a signal handler with a
sig_atomic_t, unfortunately with some knock-on effects in other (non-
signal) contexts in which it is used; ok markus@
|