Age | Commit message (Collapse) | Author |
|
[scard.c scard.h ssh-keygen.c]
Add PIN-protection for secret key.
|
|
[sshd.c]
add privsep_preauth() and remove 1 goto; ok provos@
|
|
[sshd_config]
add privsep (off)
|
|
[scard.c]
In sc_put_key(), sc_reader_id should be id.
|
|
[clientloop.c]
remove unused
|
|
[scard.c]
remove const
|
|
[scard.c]
make compile w/ openssl 0.9.7
|
|
[clientloop.c ssh.1]
add built-in command line for adding new port forwardings on the fly.
based on a patch from brian wellington. ok markus@.
|
|
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
Last patch was SUPPOSE to be:
- stevesk@cvs.openbsd.org 2002/03/20 21:08:08
[sshd.c]
strerror() on chdir() fail; ok provos@
But it got co-mingled. <sigh> Flog me at will.
|
|
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
|
|
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
|
|
[auth.c]
check for NULL; from provos@
|
|
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
|
|
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
|
|
[auth-options.c auth.h session.c session.h sshd.c]
clean up prototypes
|
|
[sftp-int.c]
use xfree() after xstrdup().
markus@ ok
|
|
[sshd.8]
Banner has no default.
|
|
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
|
|
[servconf.c]
UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
provos@
|
|
[sshd.8]
document UsePrivilegeSeparation
|
|
[sshd.8]
credits for privsep
|
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
[compress.c]
export compression streams for ssh-privsep
|
|
[bufaux.c bufaux.h]
buffer_skip_string and extra sanity checking; needed by ssh-privsep
|
|
[key.c key.h]
add key_demote() for ssh-privsep
|
|
[packet.c packet.h]
export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
|
|
[cipher.c cipher.h]
export/import cipher states; needed by ssh-privsep
|
|
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
|
|
[auth-krb4.c]
set client to NULL after xfree(), from Rolf Braun
<rbraun+ssh@andrew.cmu.edu>
|
|
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
|
|
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
|
|
[auth-krb5.c]
BSD license. from Daniel Kouril via Dug Song. ok markus@
|
|
[auth-rh-rsa.c auth.h]
split auth_rhosts_rsa(), ok provos@
|
|
[compress.c]
skip inflateEnd if inflate fails; ok provos@
|
|
[auth.c]
fix file type checking (use S_ISREG). ok by markus
|
|
[auth-rh-rsa.c auth-rsa.c auth.h]
split auth_rsa() for better readability and privsep; ok provos@
|
|
[sshd.c]
split out ssh1 session key decryption; ok provos@
|
|
[sshconnect1.c]
don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
|
|
[sftp-client.c]
indent
|
|
[sftp-client.c]
correct type mismatches (u_int64_t != unsigned long long)
|
|
[sftp-client.c]
printf type mismatch
|
|
build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
[contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
postinstall check for $piddir and add if necessary.
|
|
warn if directory doesn not exist. Put system directories in front of
PATH for finding entorpy commands.
|
|
build on all platforms that support SVR4 style package tools. Now runs
from build dir. Parts are based on patches from Antonio Navarro, and
Darren Tucker.
|
|
|
|
|
|
Known issue: Blowfish for SSH1 does not work
|
|
committed.
|
|
by David Kaelbling <drk@sgi.com>
|
|
some platforms for INADDR_LOOPBACK. We should retest
SCO 3 to see if this fixes their problem also.
|