summaryrefslogtreecommitdiff
path: root/session.c
AgeCommit message (Collapse)Author
2005-11-05 - djm@cvs.openbsd.org 2005/10/30 08:52:18Damien Miller
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] [ssh.c sshconnect.c sshconnect1.c sshd.c] no need to escape single quotes in comments, no binary change
2005-11-05 - djm@cvs.openbsd.org 2005/10/10 10:23:08Damien Miller
[channels.c channels.h clientloop.c serverloop.c session.c] fix regression I introduced in 4.2: X11 forwardings initiated after a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
2005-10-30 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM isDarren Tucker
enabled, instead allow PAM to handle it. Note that on platforms using PAM, the pam_nologin module should be added to sshd's session stack in order to maintain exising behaviour. Based on patch and discussion from t8m at centrum.cz, ok djm@
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-08-31 - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.cTim Rice
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@
2005-08-26 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.cTim Rice
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@
2005-07-26 - markus@cvs.openbsd.org 2005/07/25 11:59:40Damien Miller
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
2005-07-17 - djm@cvs.openbsd.org 2005/07/17 07:17:55Damien Miller
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] [sshconnect.c sshconnect2.c] knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of lineDamien Miller
- djm@cvs.openbsd.org 2005/07/17 06:49:04 [channels.c channels.h session.c session.h] Fix a number of X11 forwarding channel leaks: 1. Refuse multiple X11 forwarding requests on the same session 2. Clean up all listeners after a single_connection X11 forward, not just the one that made the single connection 3. Destroy X11 listeners when the session owning them goes away testing and ok dtucker@
2005-07-17 - djm@cvs.openbsd.org 2005/07/16 01:35:24Damien Miller
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-06-17 - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
2005-05-26tiny KNF nitDamien Miller
2005-04-21 - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open ifDarren Tucker
UseLogin is set as PAM is not used to establish credentials in that case. Found by Michael Selvesteen, ok djm@
2005-03-06 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect auditDarren Tucker
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-02-16 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-micDarren Tucker
authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package.
2005-02-09 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) requireDarren Tucker
the username to be passed to the passwd command when changing expired passwords. ok djm@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2005-02-02 - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to childDarren Tucker
the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case.
2005-01-20 - markus@cvs.openbsd.org 2004/12/23 17:35:48Darren Tucker
[session.c] check for NULL; from mpech
2004-09-11 - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@Darren Tucker
2004-09-11 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output fromDarren Tucker
failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@
2004-08-30 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: onlyDarren Tucker
copy required environment variables on Cygwin. Patch from vinschen at redhat.com, ok djm@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
2004-07-17 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41Darren Tucker
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
2004-07-17 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
2004-07-01 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.Darren Tucker
Ensures messages from PAM modules are displayed when privsep=no. Note: I did not want to just move display_loginmsg since that would change existing behaviour (order of expiry warnings, "Last Login", motd) to less like the native tools.
2004-06-30 - djm@cvs.openbsd.org 2004/06/30 08:36:59Damien Miller
[session.c] unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
2004-06-22 - djm@cvs.openbsd.org 2004/06/21 17:53:03Darren Tucker
[session.c] fix fd leak for multiple subsystem connections; with markus@
2004-05-13 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43Darren Tucker
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok
2004-05-13 - djm@cvs.openbsd.org 2004/05/09 01:19:28Darren Tucker
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@
2004-05-02 - djm@cvs.openbsd.org 2004/04/27 09:46:37Darren Tucker
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c ssh_config.5 sshd_config.5] bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@
2004-04-16 - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccacheDamien Miller
file using FILE: method, fixes problems on Mac OSX. Patch from simon@sxw.org.uk; ok dtucker@
2004-04-07 - (dtucker) [session.c] Flush stdout after displaying loginmsg. FromDarren Tucker
f_mohr at yahoo.de.
2004-03-27 - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to preventDarren Tucker
duplicate login messages for mutli-session logins. ok djm@
2004-02-24 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in theDarren Tucker
non-interactive path. ok djm@
2004-02-10 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange toDarren Tucker
change expired PAM passwords for SSHv1 connections without privsep. pam_chauthtok is still used when privsep is disabled. ok djm@
2004-02-06 - markus@cvs.openbsd.org 2004/01/30 09:48:57Darren Tucker
[auth-passwd.c auth.h pathnames.h session.c] support for password change; ok dtucker@ (set password-dead=1w in login.conf to use this). In -Portable, this is currently only platforms using bsdauth.
2004-02-06 - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-rootDarren Tucker
user, since some modules might fail due to lack of privilege. ok djm@
2004-01-23 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]Darren Tucker
Change AFS symbol to USE_AFS to prevent namespace collisions, do not include kafs.h unless necessary. From deengert at anl.gov. For consistency, all of the libkafs bits are now inside "#if defined(KRB5) && defined(USE_AFS)".
2004-01-23 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; fromDamien Miller
ralf.hack AT pipex.net; ok dtucker@
2004-01-22 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 notDarren Tucker
just HEIMDAL. Currently this will make no difference, as only Heimdal (which defines KRB5 anyway) has libkafs, however a libkafs that works with MIT may become available. In that case it will be used too.
2004-01-21 - markus@cvs.openbsd.org 2004/01/13 19:23:15Damien Miller
[compress.c session.c] -Wall; ok henning
2004-01-05 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]Darren Tucker
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
2003-12-31 - jakob@cvs.openbsd.org 2003/12/23 16:12:10Darren Tucker
[servconf.c servconf.h session.c sshd_config] implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-09 - markus@cvs.openbsd.org 2003/12/02 17:01:15Darren Tucker
[channels.c session.c ssh-agent.c ssh.h sshd.c] use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-11-22sync whitespace - no code changeDamien Miller
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)