Age | Commit message (Collapse) | Author |
|
- markus@cvs.openbsd.org 2003/01/27 17:06:31
[sshd.c]
more specific error message when /var/empty has wrong permissions;
bug #46, map@appgate.com; ok henning@, provos@, stevesk@
|
|
systems may be added later.
|
|
[sshd.c]
log to stderr if -ie is given, bug #414, prj@po.cwru.edu
|
|
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
[compat.c compat.h sshd.c]
add a generic match for a prober, such as sie big brother;
idea from stevesk@; markus@ ok
|
|
[sshd.c]
typo; pilot@monkey.org
|
|
This does not include the deattack.c fixes.
|
|
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
|
|
[sshd.c]
utmp_len is unsigned; display error consistent with other options.
ok markus@
|
|
[log.c log.h session.c sshd.c]
remove fatal cleanups after fork; based on discussions with and code
from solar.
|
|
with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com.
|
|
|
|
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
|
|
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
|
|
[sshd.c]
gidset[2] -> gidset[1]; markus ok
|
|
[sshd.c]
range check -u option at invocation
|
|
|
|
[sshd.c]
lightweight do_setusercontext after chroot()
|
|
for Cygwin, Cray, & SCO
|
|
[ssh-agent.c sshd.c]
some minor KNF and %u
|
|
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
|
|
[sshd.c]
don't call setsid() if debugging or run from inetd; no "Operation not
permitted" errors now; ok millert@ markus@
|
|
[sshd.c]
check /var/empty owner mode; ok provos@
|
|
[servconf.c servconf.h session.c sshd.c]
allow Compression=yes/no in sshd_config
|
|
platforms without the setgroups() requirement, you MUST define
SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
|
|
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
|
|
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
|
|
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
|
|
|
|
|
|
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
|
|
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
|
|
RedHat
|
|
support. bug #184. most from dcole@keysoftsys.com.
|
|
[sshd.c]
Improve error message; ok markus@ stevesk@
|
|
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from peter@ifm.liu.se
|
|
[sshd.c]
setproctitle() after preauth child; ok markus@
|
|
[sshd.c]
add privsep_preauth() and remove 1 goto; ok provos@
|
|
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
|
|
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
|
|
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
|
|
[auth-options.c auth.h session.c session.h sshd.c]
clean up prototypes
|
|
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
|
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
|
|
[sshd.c]
split out ssh1 session key decryption; ok provos@
|
|
revert
|
|
PAM, Cygwin and OSF SIA will not work for sure
|
|
[canohost.c channels.c packet.c sshd.c]
remove unneeded casts in [gs]etsockopt(); ok markus@
|
|
[sshd.c]
use u_char* here; ok markus@
|
|
[sshd.c]
include md5.h not hmac.h
|