summaryrefslogtreecommitdiff
path: root/sshd.c
AgeCommit message (Collapse)Author
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/08 21:47:12Damien Miller
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h] [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] move #include <sys/socket.h> out of includes.h
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20Damien Miller
[includes.h ssh.c sshconnect.c sshd.c] move #include "version.h" out of includes.h; ok markus@
2006-06-13 - markus@cvs.openbsd.org 2006/06/01 09:21:48Damien Miller
[sshd.c] call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@
2006-05-04 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 00:05:41Damien Miller
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/20 18:17:20Damien Miller
[auth1.c auth2.c sshd.c] sprinkle some ARGSUSED for table driven functions (which sometimes must ignore their args)
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41Damien Miller
[clientloop.c progressmeter.c serverloop.c sshd.c] ARGSUSED for signal handlers
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2006-03-15 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]Damien Miller
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris
2006-03-15 - djm@cvs.openbsd.org 2006/03/07 09:07:40Damien Miller
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] Implement the diffie-hellman-group-exchange-sha256 key exchange method using the SHA256 code in libc (and wrapper to make it into an OpenSSL EVP), interop tested against CVS PuTTY NB. no portability bits committed yet
2006-03-15 - djm@cvs.openbsd.org 2006/03/13 08:16:00Damien Miller
[sshd.c] don't log that we are listening on a socket before the listen() call actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2006-03-15oops, this commit is really:Damien Miller
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44 [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include <signal.h> out of includes.h; ok markus@ the previous was: - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] [authfile.c clientloop.c includes.h readconf.c scp.c session.c] [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] [sshconnect2.c sshd.c sshpty.c] move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44Damien Miller
[clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include <signal.h> out of includes.h; ok markus@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/10 01:44:27Damien Miller
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?] [sftp.c sshconnect.c sshconnect2.c sshd.c] move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13Damien Miller
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c] [ssh.c sshd.c sshpty.c] move #include <sys/ioctl.h> out of includes.h; ok markus@
2006-03-15 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27Damien Miller
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c] [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include <paths.h> out of includes.h; ok markus@
2005-12-24 - djm@cvs.openbsd.org 2005/12/24 02:27:41Damien Miller
[session.c sshd.c] eliminate some code duplicated in privsep and non-privsep paths, and explicitly clear SIGALRM handler; "groovy" deraadt@
2005-11-05 - djm@cvs.openbsd.org 2005/10/30 08:52:18Damien Miller
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] [ssh.c sshconnect.c sshconnect1.c sshd.c] no need to escape single quotes in comments, no binary change
2005-11-05 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29Damien Miller
[canohost.c sshd.c] Check for connections with IP options earlier and drop silently. ok djm@
2005-10-03 - djm@cvs.openbsd.org 2005/09/21 23:37:11Darren Tucker
[sshd.c] change label at markus@'s request
2005-10-03 - djm@cvs.openbsd.org 2005/09/19 11:47:09Darren Tucker
[sshd.c] stop connection abort on rekey with delayed compression enabled when post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
2005-10-03 - djm@cvs.openbsd.org 2005/09/13 23:40:07Darren Tucker
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@
2005-09-27 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'edDarren Tucker
process when sshd relies on ssh-random-helper. Should result in faster logins on systems without a real random device or prngd. ok djm@
2005-07-26 - markus@cvs.openbsd.org 2005/07/25 11:59:40Damien Miller
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@
2005-07-17 - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]Damien Miller
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-06-17 - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 - markus@cvs.openbsd.org 2005/06/16 08:00:00Damien Miller
[canohost.c channels.c sshd.c] don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
2005-05-26 - djm@cvs.openbsd.org 2005/04/06 09:43:59Damien Miller
[sshd.c] avoid harmless logspam by not performing setsockopt() on non-socket; ok markus@
2005-03-31 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug inDarren Tucker
handling of password expiry messages returned by AIX's authentication routines, originally reported by robvdwal at sara.nl.
2005-03-06 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect auditDarren Tucker
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-02-09 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57Darren Tucker
[sshd.c] Provide reason in error message if getnameinfo fails; ok markus@
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2005-02-02 - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to childDarren Tucker
the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case.
2005-01-24 - otto@cvs.openbsd.org 2005/01/21 08:32:02Darren Tucker
[auth-passwd.c sshd.c] Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@
2005-01-20 - dtucker@cvs.openbsd.org 2005/01/17 22:48:39Darren Tucker
[sshd.c] Make debugging output continue after reexec; ok djm@
2005-01-20 - djm@cvs.openbsd.org 2004/12/23 23:11:00Darren Tucker
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] bz #898: support AddressFamily in sshd_config. from peak@argo.troja.mff.cuni.cz; ok deraadt@
2004-11-05 - djm@cvs.openbsd.org 2004/09/25 03:45:14Darren Tucker
[sshd.c] these printf args are no longer double; ok deraadt@ markus@
2004-11-05 - mickey@cvs.openbsd.org 2004/09/15 18:42:27Darren Tucker
[sshd.c] use less doubles in daemons; markus@ ok
2004-09-12 - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocolDamien Miller
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-08-29 - djm@cvs.openbsd.org 2004/08/28 01:01:48Darren Tucker
[sshd.c] don't erroneously close stdin for !reexec case, from Dave Johnson; ok markus@
2004-08-12 - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doublingDarren Tucker
messages generated before the postauth privsep split.
2004-08-12 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09Darren Tucker
[sshd.c] Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 08:56:22Darren Tucker
[sshd.c] call setsid() _before_ re-exec
2004-08-12 - (dtucker) [sshd.c] Remove duplicate variable imported during sync.Darren Tucker
2004-07-17 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41Darren Tucker
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@
2004-07-17 - deraadt@cvs.openbsd.org 2004/07/11 17:48:47Darren Tucker
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces
2004-07-17 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.cDarren Tucker
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too.