Age | Commit message (Collapse) | Author |
|
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
|
|
[canohost.c channels.c sshd.c]
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
ok djm
|
|
[sshd.c]
avoid harmless logspam by not performing setsockopt() on non-socket;
ok markus@
|
|
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
|
|
events earlier, prevents mm_request_send errors reported by Matt Goebel.
|
|
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
|
|
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
|
|
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
|
|
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
|
|
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
|
|
[sshd.c]
Make debugging output continue after reexec; ok djm@
|
|
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898: support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz; ok deraadt@
|
|
[sshd.c]
these printf args are no longer double; ok deraadt@ markus@
|
|
[sshd.c]
use less doubles in daemons; markus@ ok
|
|
banner. Suggested by deraadt@, ok mouring@, dtucker@
|
|
[sshd.c]
don't erroneously close stdin for !reexec case, from Dave Johnson;
ok markus@
|
|
messages generated before the postauth privsep split.
|
|
[sshd.c]
Don't try to close startup_pipe if it's not open; ok djm@
|
|
[sshd.c]
call setsid() _before_ re-exec
|
|
|
|
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
|
|
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
|
|
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
|
|
[sshd.c]
initialise some fd variables to -1, djm@ ok
|
|
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
|
|
|
|
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
|
|
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
|
|
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
|
|
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
|
|
|
|
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
|
|
[ssh.c sshd.c]
ssh, sshd: sync version output, ok djm
|
|
[sshd.c]
trim usage; ok deraadt
|
|
|
|
- markus@cvs.openbsd.org 2004/03/03 06:47:52
[sshd.c]
change proctiltle after accept(2); ok henning, deraadt, djm
|
|
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
inherited by the child. ok djm@
|
|
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
|
|
[sshd.c]
typo in comment
|
|
[sshd.c]
backout revision 1.279; set listen socket to non-block; ok henning.
|
|
[monitor.c sshd.c]
Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
|
|
accidentally inheriting from root's environment. ok djm@
|
|
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
|
|
[sshd.c]
fix -o and HUP; ok henning@
|
|
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
|
|
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
|
|
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
[key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
[ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
constify. ok markus@ & djm@
|
|
[sshd.c]
print openssl version, too, several requests; ok henning/djm.
|
|
[sshd.c]
no need to set the listen sockets to non-block; ok deraadt@
|
|
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
|