summaryrefslogtreecommitdiff
path: root/monitor.c
AgeCommit message (Collapse)Author
2007-10-26 - djm@cvs.openbsd.org 2007/09/21 08:15:29Damien Miller
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c] [monitor.c monitor_wrap.c] unifdef -DBSD_AUTH unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@ (NB. RCD ID sync only for portable)
2007-09-17 - djm@cvs.openbsd.org 2007/09/04 03:21:03Damien Miller
[clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h] [monitor_wrap.c ssh.c] make file descriptor passing code return an error rather than call fatal() when it encounters problems, and use this to make session multiplexing masters survive slaves failing to pass all stdio FDs; ok markus@
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 20:52:13Darren Tucker
[monitor.c] pass received SIGINT from monitor to postauth child so it can clean up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; ok markus@
2007-02-19 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58Darren Tucker
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
2006-11-07 - markus@cvs.openbsd.org 2006/11/07 10:31:31Darren Tucker
[monitor.c version.h] correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@
2006-09-17 - (dtucker) [monitor.c] Correctly handle auditing of single commands whenDarren Tucker
using Protocol 1. From jhb at freebsd.
2006-09-01 - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]Damien Miller
[openbsd-compat/rresvport.c] Some more headers: netinet/in.h sys/socket.h and unistd.h in various places
2006-09-01 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
2006-08-19 - miod@cvs.openbsd.org 2006/08/12 20:46:46Damien Miller
[monitor.c monitor_wrap.c] Revert previous include file ordering change, for ssh to compile under gcc2 (or until openssl include files are cleaned of parameter names in function prototypes)
2006-08-19 - (djm) OpenBSD CVS SyncDamien Miller
- stevesk@cvs.openbsd.org 2006/08/06 01:13:32 [compress.c monitor.c monitor_wrap.c] "zlib.h" can be <zlib.h>; ok djm@ markus@
2006-08-05 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05Damien Miller
[monitor.c session.c ssh-agent.c] spaces
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h
2006-08-05 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17Damien Miller
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include <sys/param.h> out of includes.h
2006-07-24 - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
2006-07-12 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25Darren Tucker
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] move #include <errno.h> out of includes.h; ok markus@
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11Damien Miller
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] [sshlogin.c sshpty.c] move #include <fcntl.h> out of includes.h
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06Damien Miller
[log.c] move user includes after /usr/include files
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/08 21:48:53Damien Miller
[monitor.c session.c] missed these from last commit: move #include <sys/socket.h> out of includes.h
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/08 21:47:12Damien Miller
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h] [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] move #include <sys/socket.h> out of includes.h
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
2006-05-21 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitorDarren Tucker
and slave, we can remove the special-case handling in the audit hook in auth_log.
2006-05-04 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
2006-03-31 - dtucker@cvs.openbsd.org 2006/03/30 11:40:21Damien Miller
[auth.c monitor.c] Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 00:05:41Damien Miller
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/20 18:27:50Damien Miller
[monitor.c] spacing
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/20 18:26:55Damien Miller
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] [ssh-rsa.c ssh.c sshlogin.c] annoying spacing fixes getting in the way of real diffs
2006-03-26 - djm@cvs.openbsd.org 2006/03/20 04:09:44Damien Miller
[monitor.c] memory leaks detected by Coverity via elad AT netbsd.org; deraadt@ ok that should be all of them now
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12Damien Miller
[kex.c kex.h monitor.c myproposal.h session.c] spacing
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2006-03-15 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]Damien Miller
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris
2006-03-15 - djm@cvs.openbsd.org 2006/03/07 09:07:40Damien Miller
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY NB. no portability bits committed yet
2006-03-15oops, this commit is really:Damien Miller
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44 [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include <signal.h> out of includes.h; ok markus@ the previous was: - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] [authfile.c clientloop.c includes.h readconf.c scp.c session.c] [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] [sshconnect2.c sshd.c sshpty.c] move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/10 01:44:27Damien Miller
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?] [sftp.c sshconnect.c sshconnect2.c sshd.c] move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/08 13:15:44Damien Miller
[gss-serv.c monitor.c] small KNF
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27Damien Miller
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c] [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include <paths.h> out of includes.h; ok markus@
2005-11-05 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31Damien Miller
[auth2-gss.c gss-genr.c gss-serv.c monitor.c] KNF; ok djm@
2005-09-30 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsepDarren Tucker
child during PAM account check without clearing it. This restores the post-login warnings such as LDAP password expiry. Patch from Tomas Mraz with help from several others.
2005-07-17 - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor callsDamien Miller
2005-04-03 - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_readDarren Tucker
will free as needed. ok tim@ djm@
2005-03-31 - (dtucker) [monitor.c] Remaining part of fix for bug #1006.Darren Tucker
2005-03-14 - deraadt@cvs.openbsd.org 2005/03/10 22:01:05Darren Tucker
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c readconf.c bufaux.c sftp.c] spacing
2005-03-06 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitorDarren Tucker
when attempting to audit disconnect events. Reported by Phil Dibowitz.
2005-02-09 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08Darren Tucker
[monitor.c] Make code match intent; ok djm@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-04 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.Darren Tucker
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2004-09-11 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]Darren Tucker
Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
2004-07-17 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41Darren Tucker
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@