Age | Commit message (Collapse) | Author |
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
|
|
revert
|
|
PAM, Cygwin and OSF SIA will not work for sure
|
|
since we need more session information than provided by that function.
|
|
patch by wknox@mitre.org (William Knox).
[sshlogin.h] declare record_utmp_only for session.c
|
|
that is left is handling aix_usrinfo().
|
|
|
|
[session.c]
typo
- (bal) CVS ID sync since the last two patches were merged mistakenly
|
|
- markus@cvs.openbsd.org 2002/02/15 23:11:26
[session.c]
split do_child(), ok mouring@
Compiles under Redhat 7.2.. I cannot give any promises.. but I spent a
good hour and half ensure all the right bits are in the right spots.. and
it does seem to help out quite a bit for readiblity.
|
|
openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
simplify our diffs against upstream source.
|
|
openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
|
|
[channels.h session.c ssh.c]
increase the SSH v2 window size to 4 packets. comsumes a little
bit more memory for slow receivers but increases througput.
|
|
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
[pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
move ssh config files to /etc/ssh
- (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
|
|
[session.c]
minor KNF
|
|
- :%s/reverse_mapping_check/verify_reverse_mapping/g
|
|
[auth1.c serverloop.c session.c session.h]
don't use channel_input_channel_request and callback
use new server_input_channel_req() instead:
server_input_channel_req does generic request parsing on server side
session_input_channel_req handles just session specific things now
ok djm@
|
|
[session.c]
don't depend on servconf.c; ok djm@
|
|
[session.c]
limit subsystem length in log; ok markus@
|
|
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
|
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
add X11UseLocalhost; ok markus@
|
|
[includes.h session.c]
revert code to add x11 localhost display authorization entry for
hostname/unix:d and uts.nodename/unix:d if nodename was different than
hostname. just add entry for unix:d instead. ok markus@
|
|
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
fixed env var size limit in the process. Report from Corinna Vinschen
<vinschen@redhat.com>
|
|
[channels.c channels.h session.c]
setup x11 listen socket for just one connect if the client requests so.
(v2 only, but the openssh client does not support this feature).
|
|
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@
|
|
[channels.c session.c]
strncpy->strlcpy. remaining strncpy's are necessary. ok markus@
|
|
[session.c sshd.8]
don't pass user defined variables to /usr/bin/login
|
|
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
|
|
|
|
[session.c]
delay detach of session if a channel gets closed but the child is
still alive. however, release pty, since the fd's to the child are
already closed.
|
|
- markus@cvs.openbsd.org 2001/10/10 22:18:47
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c session.h]
try to keep channels open until an exit-status message is sent.
don't kill the login shells if the shells stdin/out/err is closed.
this should now work:
ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
|
|
[channels.c channels.h serverloop.c session.c session.h]
simplify session close: no more delayed session_close, no more blocking wait() calls.
|
|
[session.c]
stat subsystem command before calling do_exec, and return error to client.
|
|
[session.c]
chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
|
|
[session.c]
fix typo in error message, sync with do_exec_nopty
|
|
wayned@users.sourceforge.net
|
|
[session.c]
calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
pr 1943b
|
|
|
|
[session.c]
command=xxx overwrites subsystems, too
|
|
[servconf.c servconf.h session.c sshd.8]
deprecate CheckMail. ok markus@
|
|
[session.c sftp-int.c]
correct type on last arg to execl(); nordin@cse.ogi.edu
|
|
pam_nologin module. Report from William Yodlowsky
<bsd@openbsd.rutgers.edu>
|
|
|
|
[serverloop.c session.c session.h]
wait until !session_have_children(); bugreport from
Lutz.Jaenicke@aet.TU-Cottbus.DE
|
|
[serverloop.c serverloop.h session.c session.h]
quick hack to make ssh2 work again.
|