openssh.git -

Age	Commit message (Collapse)	Author
2003-09-13	- (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch	Darren Tucker
	from cjwatson at debian.org.
2003-09-02	- (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session	Damien Miller
	management (now done in do_setusercontext). Largely from michael_steffens AT hp.com
2003-09-02	- (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler	Damien Miller
	error. Part of Bug #423, patch from michael_steffens AT hp.com
2003-08-26	- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h	Darren Tucker
	configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-25	- (djm) Bug #564: Perform PAM account checks for all authentications when	Damien Miller
	UsePAM=yes; ok dtucker
2003-08-08	- (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@	Darren Tucker

2003-07-30	- (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal	Damien Miller

2003-06-03	- (djm) OpenBSD CVS Sync	Damien Miller
	- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-02	- (djm) Fix segv from bad reordering in auth-pam.c	Damien Miller

2003-05-18	- (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in	Damien Miller
	recent merge
2003-05-16	- (djm) Guard free_pam_environment against NULL argument. Works around	Damien Miller
	HP/UX PAM problems debugged by dtucker
2003-05-14	- (djm) Die screaming if start_pam() is called when UsePAM=no	Damien Miller

2003-05-14	- (djm) Add new UsePAM configuration directive to allow runtime control	Damien Miller
	over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-10	- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with	Damien Miller
	proper challenge-response module
2003-04-29	- (djm) Add back radix.o (used by AFS support), after it went missing from	Damien Miller
	Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-09	* empty log message *	Damien Miller

2003-01-22	- (djm) Reorganise PAM & SIA password handling to eliminate some common code	Damien Miller

2002-07-28	- (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar	Kevin Steves

2002-07-23	- (stevesk) [auth-pam.c] typo in comment	Kevin Steves

2002-07-23	- (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be	Kevin Steves
	freed by the caller; add free_pam_environment() and use it.
2002-07-21	- (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h	Kevin Steves

2002-07-21	- (stevesk) [auth-pam.c] cast to avoid initialization type mismatch	Kevin Steves
	warning on pam_conv struct conversation function.
2002-07-21	- (stevesk) [auth-pam.c] merge rest of solar's PAM patch;	Kevin Steves
	PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
2002-07-21	- (stevesk) [auth-pam.c] merge cosmetic changes from solar's	Kevin Steves
	openssh-3.4p1-owl-password-changing.diff
2002-07-02	- (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &	Damien Miller
	friends consistently. Spotted by Solar Designer <solar@openwall.com>
2002-05-08	- (djm) Don't reinitialise PAM credentials before we have started PAM.	Damien Miller
	Report from Pekka Savola <pekkas@netcore.fi>
2002-04-26	- (djm) Disable PAM password expiry until a complete fix for bug #188 exists	Damien Miller

2002-04-23	- (djm) Make privsep work with PAM (still experimental)	Damien Miller

2002-04-04	- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h	Kevin Steves
	auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-02-05	- (djm) Cleanup after sync:	Damien Miller
	- :%s/reverse_mapping_check/verify_reverse_mapping/g
2001-11-09	- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)	Kevin Steves
	if permit_empty_passwd == 0 so null password check cannot be bypassed. jayaraj@amritapuri.com OpenBSD bug 2168
2001-10-28	- (stevesk) Fix compile problem with PAM password change fix	Kevin Steves

2001-10-28	- (djm) Fix for PAM password changes being echoed (from stevesk)	Damien Miller

2001-10-28	- (djm) Avoid bug in Solaris PAM libs	Damien Miller

2001-04-23	- (stevesk) auth-pam.c: use PERMIT_NO_PASSWD	Kevin Steves

2001-04-23	- (stevesk) pam_start() doesn't use DNS now for sshd -u0.	Kevin Steves

2001-04-20	- (stevesk) set the default PAM service name to __progname instead	Kevin Steves
	of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
2001-03-27	- (djm) Reestablish PAM credentials (which can be supplemental group	Damien Miller
	memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-21	- (djm) Don't loop forever when changing password via PAM. Patch	Damien Miller
	from Solar Designer <solar@openwall.com>
2001-03-21	- (djm) Make sure pam_retval is initialised on call to pam_end. Patch	Damien Miller
	from Solar Designer <solar@openwall.com>
2001-03-01	- (djm) Force standard PAM conversation function in a few more places.	Damien Miller
	Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai <nalin@redhat.com>
2001-02-27	whitspace	Damien Miller

2001-02-15	- (djm) Clean up PAM namespace. Suggested by Darren Moffat	Damien Miller
	<Darren.Moffat@eng.sun.com>
2001-02-14	- (djm) Don't try to close PAM session or delete credentials if the	Damien Miller
	session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>
2001-02-11	Oops - missed a bit of previous diff	Damien Miller

2001-02-11	- (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett	Damien Miller
	<abartlet@pcug.org.au>
2001-02-07	- (djm) Much KNF on PAM code	Damien Miller
	- (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication
2001-02-05	- stevesk@cvs.openbsd.org 2001/02/04 08:32:27	Kevin Steves
	[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-04	NB: big update - may break stuff. Please test!	Damien Miller
	- (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.
2001-01-22	Hopefully things did not get mixed around too much. It compiles under	Ben Lindstrom
	Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.