| Age | Commit message (Collapse) | Author |
|---|
|
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
|
|
[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
ok millert@
|
|
when /etc/default/login doesn't exist or isn't readable. Fixes from
jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
|
|
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
(eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com. ok djm@
|
|
management (now done in do_setusercontext). Largely from
michael_steffens AT hp.com
|
|
[session.c]
call ssh_gssapi_storecreds conditionally from do_exec();
with sxw@inf.ed.ac.uk
|
|
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
|
|
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
|
|
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
|
|
UsePAM=yes; ok dtucker
|
|
[session.c]
use more portable tcsendbreak(3) and ignore break_length;
ok deraadt, millert
|
|
|
|
specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
|
|
if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
|
|
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
|
|
Convert aixloginmsg into platform-independant Buffer loginmsg.
|
|
|
|
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
|
|
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
|
|
[clientloop.c session.c ssh.1]
allow to send a BREAK to the remote system; ok various
|
|
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
|
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|
|
|
|
|
|
with SIA. Also, clean up of tru64 support patch by Chris Adams
<cmadams@hiwaay.net>
|
|
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
|
From vinschen@redhat.com
|
|
[session.c]
missing call to setproctitle() after authentication; ok provos@
|
|
systems may be added later.
|
|
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
|
|
mii@ornl.gov
|
|
parts of pass addrlen with sockaddr * fix.
from Hajimu UMEMOTO <ume@FreeBSD.org>
|
|
[session.c]
Make sure $SHELL points to the shell from the password file, even if shell
is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
|
|
[session.c]
remove xauth entries before add; PR 2994 from janjaap@stack.nl.
ok markus@
|
|
This does not include the deattack.c fixes.
|
|
in AIX. Patch by dtucker@zip.com.au ok by djm
|
|
[session.c]
log when _PATH_NOLOGIN exists; ok markus@
|
|
[session.c ssh.1]
add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@
|
|
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
|
|
[monitor.c session.c sshlogin.c sshlogin.h]
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
NOTE: there are also p-specific parts to this patch. ok markus@
|
|
[session.c]
send signal name (not signal number) in "exit-signal" message; noticed
by galb@vandyke.com
|
|
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at;
ok provos, deraadt
|
|
[session.c]
fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
|
|
[log.c log.h session.c sshd.c]
remove fatal cleanups after fork; based on discussions with and code
from solar.
|
|
freed by the caller; add free_pam_environment() and use it.
|
|
dtucker@zip.com.au plus a a more KNF since I am near it.
|
|
|
|
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
|
|
[session.c]
disclose less information from environment files; based on input
from djm, and dschultz@uclink.Berkeley.EDU
|
|
[session.c]
limit # of env vars to 1000; ok deraadt/djm
|
