Age | Commit message (Collapse) | Author |
|
Ensures messages from PAM modules are displayed when privsep=no.
Note: I did not want to just move display_loginmsg since that would change
existing behaviour (order of expiry warnings, "Last Login", motd) to less
like the native tools.
|
|
[session.c]
unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
|
|
[session.c]
fix fd leak for multiple subsystem connections; with markus@
|
|
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
improve some code lint did not like; djm millert ok
|
|
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
|
|
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
ssh_config.5 sshd_config.5]
bz #815: implement ability to pass specified environment variables from
the client to the server; ok markus@
|
|
file using FILE: method, fixes problems on Mac OSX.
Patch from simon@sxw.org.uk; ok dtucker@
|
|
f_mohr at yahoo.de.
|
|
duplicate login messages for mutli-session logins. ok djm@
|
|
non-interactive path. ok djm@
|
|
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
|
|
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
|
|
user, since some modules might fail due to lack of privilege. ok djm@
|
|
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
|
|
ralf.hack AT pipex.net; ok dtucker@
|
|
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
|
|
[compress.c session.c]
-Wall; ok henning
|
|
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
|
|
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
|
|
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
|
|
|
|
|
|
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
|
|
parent. Part of Bug #717
|
|
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
|
|
[session.c ssh-agent.c]
10X for mkdtemp; djm@
|
|
cleanup functions. With & ok djm@
|
|
Based on patches by Matthias Koeppe and Thomas Baden. ok djm@
|
|
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
|
|
[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
ok millert@
|
|
when /etc/default/login doesn't exist or isn't readable. Fixes from
jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
|
|
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
(eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com. ok djm@
|
|
management (now done in do_setusercontext). Largely from
michael_steffens AT hp.com
|
|
[session.c]
call ssh_gssapi_storecreds conditionally from do_exec();
with sxw@inf.ed.ac.uk
|
|
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
|
|
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
|
|
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
|
|
UsePAM=yes; ok dtucker
|
|
[session.c]
use more portable tcsendbreak(3) and ignore break_length;
ok deraadt, millert
|
|
|
|
specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
|
|
if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
|
|
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
|
|
Convert aixloginmsg into platform-independant Buffer loginmsg.
|
|
|
|
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
|
|
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
|
|
[clientloop.c session.c ssh.1]
allow to send a BREAK to the remote system; ok various
|
|
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
|
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|