summaryrefslogtreecommitdiff
path: root/authfd.c
AgeCommit message (Collapse)Author
2003-06-11 - djm@cvs.openbsd.org 2003/06/11 11:18:38Damien Miller
[authfd.c authfd.h ssh-add.c ssh-agent.c] make agent constraints (lifetime, confirm) work with smartcard keys; ok markus@
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-04-09*** empty log message ***Damien Miller
2003-01-24 - markus@cvs.openbsd.org 2003/01/23 13:50:27Damien Miller
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -c, prompt user for confirmation (using ssh-askpass) when private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@
2002-09-12 - stevesk@cvs.openbsd.org 2002/09/11 18:27:26Damien Miller
[authfd.c authfd.h ssh.c] don't connect to agent to test for presence if we've previously connected; ok markus@
2002-06-25 - markus@cvs.openbsd.org 2002/06/25 16:22:42Ben Lindstrom
[authfd.c] unnecessary cast
2002-06-21 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
2002-06-21 - markus@cvs.openbsd.org 2002/06/15 01:27:48Ben Lindstrom
[authfd.c authfd.h ssh-add.c ssh-agent.c] remove the CONSTRAIN_IDENTITY messages and introduce a new ADD_ID message with contraints instead. contraints can be only added together with the private key.
2002-06-21 - markus@cvs.openbsd.org 2002/06/15 00:07:38Ben Lindstrom
[authfd.c authfd.h ssh-add.c ssh-agent.c] fix stupid typo
2002-06-21 - markus@cvs.openbsd.org 2002/06/15 00:01:36Ben Lindstrom
[authfd.c authfd.h ssh-add.c ssh-agent.c] break agent key lifetime protocol and allow other contraints for key usage.
2002-06-06 - markus@cvs.openbsd.org 2002/06/05 21:55:44Ben Lindstrom
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@
2002-06-06 - markus@cvs.openbsd.org 2002/06/05 19:57:12Ben Lindstrom
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked...
2002-03-22 - rees@cvs.openbsd.org 2002/03/21 22:44:05Ben Lindstrom
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c] Add PIN-protection for secret key.
2002-02-26 - markus@cvs.openbsd.org 2002/02/24 19:14:59Ben Lindstrom
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-01-22 - stevesk@cvs.openbsd.org 2002/01/18 18:14:17Damien Miller
[authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c] unneeded cast cleanup; ok markus@
2001-12-06 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12Ben Lindstrom
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c] minor KNF
2001-09-20 - stevesk@cvs.openbsd.org 2001/09/19 19:35:30Ben Lindstrom
[authfd.c] use sizeof addr vs. SUN_LEN(addr) for sockaddr_un. Stevens blesses this and we do it this way elsewhere. this helps in portable because not all systems have SUN_LEN() and sockaddr_un.sun_len. ok markus@
2001-08-15 - markus@cvs.openbsd.org 2001/08/07 10:37:46Ben Lindstrom
[authfd.c authfd.h] extended failure messages from galb@vandyke.com
2001-08-06 - markus@cvs.openbsd.org 2001/08/01 22:03:33Ben Lindstrom
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c ssh-agent.c ssh.c] use strings instead of ints for smartcard reader ids
2001-07-04 - markus@cvs.openbsd.org 2001/06/26 04:59:59Ben Lindstrom
[authfd.c authfd.h ssh-add.c] initial support for smartcards in the agent
2001-06-25 - itojun@cvs.openbsd.org 2001/06/23 15:12:20Ben Lindstrom
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
2001-06-09 - markus@cvs.openbsd.org 2001/06/07 20:23:05Ben Lindstrom
[authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c sshconnect.c sshconnect1.c] use xxx_put_cstring()
2001-04-05 - markus@cvs.openbsd.org 2001/04/05 10:42:57Ben Lindstrom
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c sshconnect2.c sshd.c] fix whitespace: unexpand + trailing spaces.
2001-03-06 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04Ben Lindstrom
[authfd.c cli.c ssh-agent.c] EINTR/EAGAIN handling is required in more cases
2001-03-05 - millert@cvs.openbsd.org 2001/03/04 17:42:28Ben Lindstrom
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c ssh.c sshconnect.c sshd.c] log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline.
2001-03-05 - deraadt@cvs.openbsd.org 2001/03/01 02:11:25Ben Lindstrom
[authfd.c] split line so that p will have an easier time next time around
2001-02-05 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12Kevin Steves
[auth2.c authfd.c packet.c] remove duplicate #include's; ok markus@
2001-02-05 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27Kevin Steves
[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-09-23 - (djm) OpenBSD CVS sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/17 09:38:59 [sshconnect2.c sshd.c] fix DEBUG_KEXDH - markus@cvs.openbsd.org 2000/09/17 09:52:51 [sshconnect.c] yes no; ok niels@ - markus@cvs.openbsd.org 2000/09/21 04:55:11 [sshd.8] typo - markus@cvs.openbsd.org 2000/09/21 05:03:54 [serverloop.c] typo - markus@cvs.openbsd.org 2000/09/21 05:11:42 scp.c utime() to utimes(); mouring@pconline.com - markus@cvs.openbsd.org 2000/09/21 05:25:08 sshconnect2.c change login logic in ssh2, allows plugin of other auth methods - markus@cvs.openbsd.org 2000/09/21 05:25:35 [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h] [serverloop.c] add context to dispatch_run - markus@cvs.openbsd.org 2000/09/21 05:07:52 authfd.c authfd.h ssh-agent.c bug compat for old ssh.com software
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-09-0520000905Damien Miller
- (djm) Import OpenBSD CVS changes - markus@cvs.openbsd.org 2000/08/31 15:52:24 [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c] implement a SFTP server. interops with sftp2, scp2 and the windows client from ssh.com - markus@cvs.openbsd.org 2000/08/31 15:56:03 [README.openssh2] sync - markus@cvs.openbsd.org 2000/08/31 16:05:42 [session.c] Wall - markus@cvs.openbsd.org 2000/08/31 16:09:34 [authfd.c ssh-agent.c] add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions - deraadt@cvs.openbsd.org 2000/09/01 09:25:13 [scp.1 scp.c] cleanup and fix -S support; stevesk@sweden.hp.com - markus@cvs.openbsd.org 2000/09/01 16:29:32 [sftp-server.c] portability fixes - markus@cvs.openbsd.org 2000/09/01 16:32:41 [sftp-server.c] fix cast; mouring@pconline.com - itojun@cvs.openbsd.org 2000/09/03 09:23:28 [ssh-add.1 ssh.1] add missing .El against .Bl. - markus@cvs.openbsd.org 2000/09/04 13:03:41 [session.c] missing close; ok theo - markus@cvs.openbsd.org 2000/09/04 13:07:21 [session.c] fix get_last_login_time order; from andre@van-veen.de - markus@cvs.openbsd.org 2000/09/04 13:10:09 [sftp-server.c] more cast fixes; from mouring@pconline.com - markus@cvs.openbsd.org 2000/09/04 13:06:04 [session.c] set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
2000-08-23 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headersDamien Miller
- (djm) OpenBSD CVS updates: - deraadt@cvs.openbsd.org 2000/08/18 20:07:23 [ssh.c] accept remsh as a valid name as well; roman@buildpoint.com - deraadt@cvs.openbsd.org 2000/08/18 20:17:13 [deattack.c crc32.c packet.c] rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to libz crc32 function yet, because it has ugly "long"'s in it; oneill@cs.sfu.ca - deraadt@cvs.openbsd.org 2000/08/18 20:26:08 [scp.1 scp.c] -S prog support; tv@debian.org - deraadt@cvs.openbsd.org 2000/08/18 20:50:07 [scp.c] knf - deraadt@cvs.openbsd.org 2000/08/18 20:57:33 [log-client.c] shorten - markus@cvs.openbsd.org 2000/08/19 12:48:11 [channels.c channels.h clientloop.c ssh.c ssh.h] support for ~. in ssh2 - deraadt@cvs.openbsd.org 2000/08/19 15:29:40 [crc32.h] proper prototype - markus@cvs.openbsd.org 2000/08/19 15:34:44 [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1] [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile] [fingerprint.c fingerprint.h] add SSH2/DSA support to the agent and some other DSA related cleanups. (note that we cannot talk to ssh.com's ssh2 agents) - markus@cvs.openbsd.org 2000/08/19 15:55:52 [channels.c channels.h clientloop.c] more ~ support for ssh2 - markus@cvs.openbsd.org 2000/08/19 16:21:19 [clientloop.c] oops - millert@cvs.openbsd.org 2000/08/20 12:25:53 [session.c] We have to stash the result of get_remote_name_or_ip() before we close our socket or getpeername() will get EBADF and the process will exit. Only a problem for "UseLogin yes". - millert@cvs.openbsd.org 2000/08/20 12:30:59 [session.c] Only check /etc/nologin if "UseLogin no" since login(1) may have its own policy on determining who is allowed to login when /etc/nologin is present. Also use the _PATH_NOLOGIN define. - millert@cvs.openbsd.org 2000/08/20 12:42:43 [auth1.c auth2.c session.c ssh.c] Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class. - millert@cvs.openbsd.org 2000/08/21 10:23:31 [session.c] Fix incorrect PATH setting; noted by Markus.
2000-08-18 - (djm) OpenBSD CVS changes:Damien Miller
- markus@cvs.openbsd.org 2000/07/22 03:14:37 [servconf.c servconf.h sshd.8 sshd.c sshd_config] random early drop; ok theo, niels - deraadt@cvs.openbsd.org 2000/07/26 11:46:51 [ssh.1] typo - deraadt@cvs.openbsd.org 2000/08/01 11:46:11 [sshd.8] many fixes from pepper@mail.reppep.com - provos@cvs.openbsd.org 2000/08/01 13:01:42 [Makefile.in util.c aux.c] rename aux.c to util.c to help with cygwin port - deraadt@cvs.openbsd.org 2000/08/02 00:23:31 [authfd.c] correct sun_len; Alexander@Leidinger.net - provos@cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos@cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus@cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus@cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus@cvs.openbsd.org 2000/08/15 13:20:46 [authfd.c] cleanup; ok niels@ - markus@cvs.openbsd.org 2000/08/17 14:05:10 [session.c] cleanup login(1)-like jobs, no duplicate utmp entries - markus@cvs.openbsd.org 2000/08/17 14:06:34 [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd
2000-07-21 - (djm) OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org 2000/07/16 02:27:22 [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c] make ssh-add accept dsa keys (the agent does not) - djm@cvs.openbsd.org 2000/07/17 19:25:02 [sshd.c] Another closing of stdin; ok deraadt - markus@cvs.openbsd.org 2000/07/19 18:33:12 [dsa.c] missing free, reorder - markus@cvs.openbsd.org 2000/07/20 16:23:14 [ssh-keygen.1] document input and output files
2000-07-11 - (djm) OpenBSD CVS updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - markus@cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt@cvs.openbsd.org 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - provos@cvs.openbsd.org 2000/07/05 15:35:57 [sshd.c] typo - aaron@cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd@cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - deraadt@cvs.openbsd.org 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - provos@cvs.openbsd.org 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young <dyoung@onthejob.net> - deraadt@cvs.openbsd.org 2000/07/08 19:21:15 [auth.h] KNF - ho@cvs.openbsd.org 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - ho@cvs.openbsd.org 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - ho@cvs.openbsd.org 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok)
2000-06-22 - OpenBSD CVS Updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment
2000-04-30 - More OpenBSD updates:Damien Miller
[session.c] - don't call chan_write_failed() if we are not writing [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c] - keysize warnings error() -> log()
2000-04-16 - Reduce diff against OpenBSD sourceDamien Miller
- All OpenSSL includes are now unconditionally referenced as openssl/foo.h - Pick up formatting changes - Other minor changed (typecasts, etc) that I missed
2000-04-16 - OpenBSD CVS updates.Damien Miller
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-04-13 - Merged OpenBSD updates to include paths.Damien Miller
1999-12-16 - Merged OpenBSD CVS changes:Damien Miller
- [authfd.c ssh-agent.c] keysize warnings talk about identity files - [packet.c] "Connection closed by x.x.x.x": fatal() -> log()
1999-12-07 - Merged more OpenBSD changes:Damien Miller
- [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c] move atomicio into it's own file. wrap all socket write()s which were doing write(sock, buf, len) != len, with atomicio() calls. - [auth-skey.c] fd leak - [authfile.c] properly name fd variable - [channels.c] display great hatred towards strcpy - [pty.c pty.h sshd.c] use openpty() if it exists (it does on BSD4_4) - [tildexpand.c] check for ~ expansion past MAXPATHLEN - Modified helper.c to use new atomicio function. - Reformat Makefile a little - Moved RC4 routines from rc4.[ch] into helper.c - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
1999-11-25 - More reformatting merged from OpenBSD CVSDamien Miller
- Merged OpenBSD CVS changes: - [channels.c] report from mrwizard@psu.edu via djm@ibs.com.au - [channels.c] set SO_REUSEADDR and SO_LINGER for forwarded ports. chip@valinux.com via damien@ibs.com.au - [nchan.c] it's not an error() if shutdown_write failes in nchan. - [readconf.c] remove dead #ifdef-0-code - [readconf.c servconf.c] strcasecmp instead of tolower - [scp.c] progress meter overflow fix from damien@ibs.com.au - [ssh-add.1 ssh-add.c] SSH_ASKPASS support - [ssh.1 ssh.c] postpone fork_after_authentication until command execution, request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au plus: use daemon() for backgrounding
1999-11-25 - Merged very large OpenBSD source code reformatDamien Miller
- OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-19 - Merged OpenBSD CVS changesDamien Miller
- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c] more %d vs. %s in fmt-strings - [authfd.c] Integers should not be printed with %s
1999-11-17 - Merged OpenBSD CVS changesDamien Miller
- [ChangeLog.Ylonen] noone needs this anymore - [authfd.c] close-on-exec for auth-socket, ok deraadt - [hostfile.c] in known_hosts key lookup the entry for the bits does not need to match, all the information is contained in n and e. This solves the problem with buggy servers announcing the wrong modulus length. markus and me. - [serverloop.c] bugfix: check for space if child has terminated, from: iedowse@maths.tcd.ie - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c] [fingerprint.c fingerprint.h] rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se> - [ssh-agent.1] typo - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@ - [sshd.c] force logging to stderr while loading private key file (lost while converting to new log-levels)