summaryrefslogtreecommitdiff
path: root/uidswap.c
AgeCommit message (Collapse)Author
2003-09-23Merge 3.7.1p2 to the trunk. I have absolutely no idea yet whether this willColin Watson
work.
2003-09-22 - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since theDarren Tucker
OS does not support permanently dropping privileges. Patch from vinschen at redhat.com.
2003-09-06 - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX.Darren Tucker
2003-06-06 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@Darren Tucker
2003-06-05 - (djm) Implement paranoid priv dropping checks, based on:Damien Miller
"SetUID demystified" - Hao Chen, David Wagner and Drew Dean Proceedings of USENIX Security Symposium 2002
2003-06-02 - deraadt@cvs.openbsd.org 2003/05/29 16:58:45Damien Miller
[sshd.c uidswap.c] seteuid and setegid; markus ok
2002-07-30 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.deBen Lindstrom
2002-07-23 - stevesk@cvs.openbsd.org 2002/07/15 17:15:31Ben Lindstrom
[uidswap.c] little more debugging; ok markus@
2002-06-12 - (bal) Build noop setgroups() for cygwin to clean up code (For otherBen Lindstrom
platforms without the setgroups() requirement, you MUST define SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-06 - stevesk@cvs.openbsd.org 2002/05/28 21:24:00Ben Lindstrom
[uidswap.c] use correct function name in fatal() [See the patch above, I saw it before apply the next patch. <sigh>]
2002-06-06 - (bal) Corrected debug() in uidswap.c to match upstream.Ben Lindstrom
2002-06-06 - stevesk@cvs.openbsd.org 2002/05/28 17:28:02Ben Lindstrom
[uidswap.c] format spec change/casts and some KNF; ok markus@
2002-04-03 - (bal) mispelling in uidswap.c (portable only)Ben Lindstrom
2002-04-02 - (bal) CVS ID sync of uidswap.cBen Lindstrom
2001-12-21 - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
2001-08-15 - markus@cvs.openbsd.org 2001/08/08 21:34:19Ben Lindstrom
[uidswap.c] undo last change; does not work for sshd
2001-08-15 - markus@cvs.openbsd.org 2001/08/08 18:20:15Ben Lindstrom
[uidswap.c] permanently_set_uid is a noop if user is not privilegued; fixes bug on solaris; from sbi@uchicago.edu
2001-05-06 - (bal) White Space and #ifdef sync with OpenBSDBen Lindstrom
2001-04-27 - (bal) Cygwin lacks setgroups() API. Patch by Corinna VinschenBen Lindstrom
<vinschen@redhat.com>
2001-04-26 - (bal) Fixed uidswap.c so it should work on non-posix complient systems.Ben Lindstrom
patch based on 2.5.2 version by djm.
2001-04-25 - (bal) Whitespace resync w/ OpenBSD for uidswap.cBen Lindstrom
2001-04-22 - markus@cvs.openbsd.org 2001/04/20 16:32:22Ben Lindstrom
[uidswap.c] set non-privileged gid before uid; tholo@ and deraadt@
2001-04-08 - markus@cvs.openbsd.org 2001/04/08 11:24:33Ben Lindstrom
[uidswap.c] KNF
2001-04-08 - markus@cvs.openbsd.org 2001/04/06 21:00:17Ben Lindstrom
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h] do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
2001-02-27 - (djm) Fix up POSIX saved uid support. Report from Mark MillerDamien Miller
<markm@swoon.net> - (djm) Search for -lcrypt on FreeBSD too
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2000-12-29whitespace sync with openbsdKevin Steves
2000-12-2920001230Ben Lindstrom
- (bal) OpenBSD CVS Update - markus@cvs.openbsd.org 2000/12/28 18:58:30 [ssh-keygen.c] enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2} - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
2000-12-22One way to massive patch. <sigh> It compiles and works under Linux..Ben Lindstrom
And I think I have all the bits right from the OpenBSD tree. 20001222 - Updated RCSID for pty.c - (bal) OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/12/21 15:10:16 [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c] print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@ - markus@cvs.openbsd.org 2000/12/20 19:26:56 [authfile.c] allow ssh -i userkey for root - markus@cvs.openbsd.org 2000/12/20 19:37:21 [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h] fix prototypes; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/20 19:32:08 [sshd.c] init pointer to NULL; report from Jan.Ivan@cern.ch - markus@cvs.openbsd.org 2000/12/19 23:17:54 [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c] replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char unsigned' with u_char.
2000-12-21 - (stevesk) OpenBSD CVS updates:Kevin Steves
- markus@cvs.openbsd.org 2000/12/19 15:43:45 [authfile.c channels.c sftp-server.c ssh-agent.c] remove() -> unlink() for consistency - markus@cvs.openbsd.org 2000/12/19 15:48:09 [ssh-keyscan.c] replace <ssl/x.h> with <openssl/x.h> - markus@cvs.openbsd.org 2000/12/17 02:33:40 [uidswap.c] typo; from wsanchez@apple.com
2000-11-17 - (stevek) Reworked progname support.Ben Lindstrom
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by Shinichi Maruyama <marya@st.jip.co.jp> I assume the progname patch was finished. I believe stevek is on vacation, but it passes compiling under Linux and NeXTStep.
2000-09-16 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-08-29 - More OpenBSD updates:Damien Miller
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59 [scp.c] off_t in sink, to fix files > 2GB, i think, test is still running ;-) - deraadt@cvs.openbsd.org 2000/08/25 10:10:06 [session.c] Wall - markus@cvs.openbsd.org 2000/08/26 04:33:43 [compat.c] ssh.com-2.3.0 - markus@cvs.openbsd.org 2000/08/27 12:18:05 [compat.c] compatibility with future ssh.com versions - deraadt@cvs.openbsd.org 2000/08/27 21:50:55 [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c] print uid/gid as unsigned - markus@cvs.openbsd.org 2000/08/28 13:51:00 [ssh.c] enable -n and -f for ssh2 - markus@cvs.openbsd.org 2000/08/28 14:19:53 [ssh.c] allow combination of -N and -f - markus@cvs.openbsd.org 2000/08/28 14:20:56 [util.c] util.c - markus@cvs.openbsd.org 2000/08/28 14:22:02 [util.c] undo - markus@cvs.openbsd.org 2000/08/28 14:23:38 [util.c] don't complain if setting NONBLOCK fails with ENODEV
2000-08-15 - (djm) Avoid failures on Irix when ssh is not setuid. Fix fromDamien Miller
Michael Stone <mstone@cs.loyola.edu>
2000-06-28 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support forDamien Miller
Irix 6.x array sessions, project id's, and system audit trail id.
2000-06-22 - OpenBSD CVS Updates:Damien Miller
- markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment
2000-04-16 - OpenBSD CVS updates.Damien Miller
[ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-01-21 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> andDamien Miller
Christos Zoulas <christos@netbsd.org>
1999-11-25 - More reformatting merged from OpenBSD CVSDamien Miller
- Merged OpenBSD CVS changes: - [channels.c] report from mrwizard@psu.edu via djm@ibs.com.au - [channels.c] set SO_REUSEADDR and SO_LINGER for forwarded ports. chip@valinux.com via damien@ibs.com.au - [nchan.c] it's not an error() if shutdown_write failes in nchan. - [readconf.c] remove dead #ifdef-0-code - [readconf.c servconf.c] strcasecmp instead of tolower - [scp.c] progress meter overflow fix from damien@ibs.com.au - [ssh-add.1 ssh-add.c] SSH_ASKPASS support - [ssh.1 ssh.c] postpone fork_after_authentication until command execution, request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au plus: use daemon() for backgrounding
1999-11-25 - Merged very large OpenBSD source code reformatDamien Miller
- OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-10-27Initial revisionDamien Miller