summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
AgeCommit message (Collapse)Author
2006-05-12Merge 4.3p2 to the trunk.Colin Watson
2006-05-04 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
2006-03-31 - djm@cvs.openbsd.org 2006/03/30 09:58:16Damien Miller
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] replace {GET,PUT}_XXBIT macros with functionally similar functions, silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 00:05:41Damien Miller
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02Damien Miller
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c] [ssh.c sshpty.c sshpty.h] sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2005-09-29 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsgDarren Tucker
introduced during sync.
2005-09-14* Add remaining pieces of Kerberos support (closes: #275472):Colin Watson
- Add GSSAPI key exchange support from http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen Frost).
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-07-17 - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor callsDamien Miller
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-05-26 - avsm@cvs.openbsd.org 2005/05/24 17:32:44Damien Miller
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c] [ssh-keyscan.c sshconnect.c] Switch atomicio to use a simpler interface; it now returns a size_t (containing number of bytes read/written), and indicates error by returning 0. EOF is signalled by errno==EPIPE. Typical use now becomes: if (atomicio(read, ..., len) != len) err(1,"read"); ok deraadt@, cloder@, djm@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2004-09-11 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]Darren Tucker
Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
2004-07-17 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41Darren Tucker
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
2004-07-08 - dtucker@cvs.openbsd.org 2004/07/03 11:02:25Darren Tucker
[monitor_wrap.c] Put s/key functions inside #ifdef SKEY same as monitor.c, from des@freebsd via bz #330, ok markus@
2004-06-22 - dtucker@cvs.openbsd.org 2004/06/22 05:05:45Darren Tucker
[monitor.c monitor_wrap.c] Change login->username, will prevent -Wshadow errors in Portable; ok markus@
2004-06-22 - avsm@cvs.openbsd.org 2004/06/21 17:36:31Darren Tucker
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c sshpty.c] make ssh -Wshadow clean, no functional changes markus@ ok There are also some portable-specific -Wshadow warnings to be fixed in monitor.c and montior_wrap.c.
2004-04-08 - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggestedBen Lindstrom
limiting scope and dtucker@ agreed.
2004-04-08 - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headersBen Lindstrom
back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple)
2004-04-07 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to seeBen Lindstrom
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) are starting to restrict it as internal since it is not needed by developers any more. (Patch based on Apple tree) - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since krb5 on MacOS/X conflicts. There may be a better solution, but this will work for now.
2004-03-08 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.cDarren Tucker
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-11-17 - markus@cvs.openbsd.org 2003/11/17 11:06:07Damien Miller
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h sshconnect2.c ssh-gss.h] replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
2003-11-03 - markus@cvs.openbsd.org 2003/10/15 09:48:45Darren Tucker
[monitor_wrap.c] check pmonitor != NULL
2003-10-15 - markus@cvs.openbsd.org 2003/10/11 11:36:23Darren Tucker
[monitor_wrap.c] return NULL for missing banner; ok djm@
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-08-26 - deraadt@cvs.openbsd.org 2003/08/24 17:36:52Darren Tucker
[monitor.c monitor_wrap.c sshconnect2.c] 64 bit cleanups; markus ok
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-02 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
2003-07-03 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06Darren Tucker
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c sshd.c] deal with typing of write vs read in atomicio
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-04-09 - markus@cvs.openbsd.org 2003/04/07 08:29:57Damien Miller
[monitor_wrap.c] typo: get correct counters; introduced during rekeying change.
2003-04-09 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/04/02 09:48:07 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] reapply rekeying chage, tested by henning@, ok djm@
2003-04-01 - markus@cvs.openbsd.org 2003/04/01 10:10:23Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
2003-02-24 - markus@cvs.openbsd.org 2003/02/16 17:30:33Damien Miller
[monitor.c monitor_wrap.c] fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
2003-02-24 - markus@cvs.openbsd.org 2003/02/04 09:33:22Damien Miller
[monitor.c monitor_wrap.c] skey/bsdauth: use 0 to indicate failure instead of -1, because the buffer API only supports unsigned ints.
2002-12-23 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51Ben Lindstrom
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF
2002-09-27 - markus@cvs.openbsd.org 2002/09/26 11:38:43Damien Miller
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@
2002-09-12 - markus@cvs.openbsd.org 2002/09/09 14:54:15Damien Miller
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] signed vs unsigned from -pedantic; ok henning@
2002-09-12 - itojun@cvs.openbsd.org 2002/09/09 06:48:06Damien Miller
[auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
2002-07-07 - markus@cvs.openbsd.org 2002/07/04 10:41:47Ben Lindstrom
[key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] don't allocate, copy, and discard if there is not interested in the data; ok deraadt@
2002-07-07 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33Ben Lindstrom
[key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] patch memory leaks; grendel@zeitbombe.org
2002-07-04 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c sshconnect2.c sshd.c] minor KNF