Commit Graph

105 Commits

Author SHA1 Message Date
Damien Miller
f9e9300947 - (djm) Reestablish PAM credentials (which can be supplemental group
memberships) after initgroups() blows them away. Report and suggested
   fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-27 16:12:24 +10:00
Ben Lindstrom
7bfff36ca3 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
[servconf.c servconf.h session.c sshd.8 sshd_config]
     PrintLastLog option; from chip@valinux.com with some minor
     changes by me.  ok markus@
2001-03-26 05:45:53 +00:00
Ben Lindstrom
6029432ec5 - djm@cvs.openbsd.org 2001/03/25 00:01:34
[session.c]
     shorten; ok markus@
2001-03-26 05:38:25 +00:00
Damien Miller
b44fe0617d - (djm) Pull out our own SIGPIPE hacks 2001-03-24 15:39:38 +11:00
Ben Lindstrom
de71cda078 - markus@cvs.openbsd.org 2001/03/23 14:28:32
[session.c sshd.c]
     ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
2001-03-24 00:43:26 +00:00
Ben Lindstrom
d9267454ca - markus@cvs.openbsd.org 2001/03/21 21:06:30
[session.c]
     missing init; from mib@unimelb.edu.au
2001-03-22 02:06:57 +00:00
Ben Lindstrom
b31783d547 - markus@cvs.openbsd.org 2001/03/21 11:43:45
[auth1.c auth2.c session.c session.h]
     merge common ssh v1/2 code
2001-03-22 02:02:12 +00:00
Ben Lindstrom
fc9b07de19 - markus@cvs.openbsd.org 2001/03/20 19:21:21
[session.c]
     remove unused arg
2001-03-22 01:27:23 +00:00
Ben Lindstrom
b4c961d822 - markus@cvs.openbsd.org 2001/03/20 19:21:21
[session.c]
     remove unused arg
2001-03-22 01:25:37 +00:00
Ben Lindstrom
eebc4a2ed3 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
resync
2001-03-22 01:22:03 +00:00
Damien Miller
bebd8be67b - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de> 2001-03-22 11:58:15 +11:00
Damien Miller
b69407dd7a - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
suggested fix from Mike Battersby <mib@unimelb.edu.au>
2001-03-21 16:13:03 +11:00
Damien Miller
be08176963 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
VanDevender <stevev@darkwing.uoregon.edu>
2001-03-21 11:11:57 +11:00
Ben Lindstrom
7bb8b49596 - markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de
2001-03-17 00:47:54 +00:00
Ben Lindstrom
86fe8686b9 - markus@cvs.openbsd.org 2001/03/15 22:07:08
[session.c]
     pass Session to do_child + KNF
2001-03-17 00:32:57 +00:00
Damien Miller
168a700cc6 - Support usrinfo() on AIX. Based on patch from Gert Doering
<gert@greenie.muc.de>
2001-03-17 10:29:50 +11:00
Ben Lindstrom
9c5324422e - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c 2001-03-05 07:33:14 +00:00
Ben Lindstrom
92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
2001-03-05 06:59:27 +00:00
Damien Miller
c594633b49 - (djm) Fully revert PAM session patch. All PAM session init is now done
before the final fork().
2001-02-28 11:46:11 +11:00
Damien Miller
7bd1c6262b - (djm) Fix PAM fix 2001-02-27 10:48:01 +11:00
Damien Miller
5a7613186b - (djm) Move PAM init to after fork for non-Solaris derived PAMs 2001-02-27 09:28:23 +11:00
Ben Lindstrom
7603b2d244 - markus@cvs.openbsd.org 2001/02/23 15:37:45
[session.c]
     handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
2001-02-26 20:13:32 +00:00
Ben Lindstrom
38e60935bb - (bal) Generalize lack of UNIX sockets since this also effects Cray
not just Cygwin.  Based on patch by Wendy Palm <wendyp@cray.com>
2001-02-24 00:55:04 +00:00
Ben Lindstrom
e1bd29bc9e - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com> 2001-02-21 20:00:28 +00:00
Kevin Steves
ff793a27b8 - (stevesk) session.c: back out to where we were before:
- (djm) Move PAM session initialisation until after fork in sshd. Patch
      from Nalin Dahyabhai <nalin@redhat.com>
2001-02-21 16:36:51 +00:00
Ben Lindstrom
94bce40720 - (bal) Reverted out of 2001/02/15 patch by djm below because it
breaks Solaris.
        - (djm) Move PAM session setup back to before setuid to user.
          fixes problems on Solaris-drived PAMs.
2001-02-21 05:53:33 +00:00
Ben Lindstrom
d95c09cc83 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
pty.[ch] -> sshpty.[ch]
2001-02-18 19:13:33 +00:00
Damien Miller
60396b060b - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
enable with --with-bsd-auth.
2001-02-18 17:01:00 +11:00
Ben Lindstrom
8dcdeb8421 - markus@cvs.openbsd.org 2001/02/16 14:03:43
[session.c]
     proper payload-length check for x11 w/o screen-number
2001-02-16 16:02:14 +00:00
Damien Miller
217f567187 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
2001-02-16 12:12:41 +11:00
Damien Miller
646aa60b41 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
<Darren.Moffat@eng.sun.com>
2001-02-15 11:51:32 +11:00
Damien Miller
e8b5b04521 - (djm) Move PAM session setup back to before setuid to user. Fixes
problems on Solaris-derived PAMs.
2001-02-15 11:32:15 +11:00
Kevin Steves
7fafa5ccbe - (stevesk) fix for SIA patch, misplaced session_setup_sia() 2001-02-13 18:45:00 +00:00
Damien Miller
92ddb7d6f0 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
<cmadams@hiwaay.net> with a little modification and KNF.
2001-02-14 01:25:23 +11:00
Damien Miller
6b4146ad73 - (djm) Move PAM session initialisation until after fork in sshd. Patch
from Nalin Dahyabhai <nalin@redhat.com>
2001-02-14 00:45:51 +11:00
Kevin Steves
7f982bf6c9 - (stevesk) session.c: remove debugging code. 2001-02-12 15:07:52 +00:00
Kevin Steves
43cdef3ba5 missed session.c part of:
- stevesk@cvs.openbsd.org 2001/02/08 10:11:23
     [session.c sftp-client.c]
     %i -> %d
2001-02-11 14:12:08 +00:00
Ben Lindstrom
31ca54aa86 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
2001-02-09 02:11:24 +00:00
Kevin Steves
ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Damien Miller
3380426358 NB: big update - may break stuff. Please test!
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
2001-02-04 23:20:18 +11:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom
b100ec9542 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
Also removed some of the 'ISSUES' comments that have been verified by djm.
2001-01-19 05:37:32 +00:00
Ben Lindstrom
db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Ben Lindstrom
bf555ba621 NOTE: This update changes the RSA key generation. *NEW RSA KEYS
NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
      for more details.

20010118
 - (bal) Super Sized OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
     [sshd.c]
     maxfd+1
   - markus@cvs.openbsd.org 2001/01/13 17:59:18
     [ssh-keygen.1]
     small ssh-keygen manpage cleanup; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:03:07
     [scp.c ssh-keygen.c sshd.c]
     getopt() returns -1 not EOF; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:06:54
     [ssh-keyscan.c]
     use SSH_DEFAULT_PORT; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:12:47
     [ssh-keyscan.c]
     free() -> xfree(); fix memory leak; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:14:13
     [ssh-add.c]
     typo, from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org 2001/01/13 18:32:50
     [packet.c session.c ssh.c sshconnect.c sshd.c]
     split out keepalive from packet_interactive (from dale@accentre.com)
     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
   - markus@cvs.openbsd.org 2001/01/13 18:36:45
     [packet.c packet.h]
     reorder, typo
   - markus@cvs.openbsd.org 2001/01/13 18:38:00
     [auth-options.c]
     fix comment
   - markus@cvs.openbsd.org 2001/01/13 18:43:31
     [session.c]
     Wall
   - markus@cvs.openbsd.org 2001/01/13 19:14:08
     [clientloop.h clientloop.c ssh.c]
     move callback to headerfile
   - markus@cvs.openbsd.org 2001/01/15 21:40:10
     [ssh.c]
     use log() instead of stderr
   - markus@cvs.openbsd.org 2001/01/15 21:43:51
     [dh.c]
     use error() not stderr!
   - markus@cvs.openbsd.org 2001/01/15 21:45:29
     [sftp-server.c]
     rename must fail if newpath exists, debug off by default
   - markus@cvs.openbsd.org 2001/01/15 21:46:38
     [sftp-server.c]
     readable long listing for sftp-server, ok deraadt@
   - markus@cvs.openbsd.org 2001/01/16 19:20:06
     [key.c ssh-rsa.c]
     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
     since they are in the wrong format, too. they must be removed from
     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
     .ssh/authorized_keys2) additionally, we now check that
     BN_num_bits(rsa->n) >= 768.
   - markus@cvs.openbsd.org 2001/01/16 20:54:27
     [sftp-server.c]
     remove some statics. simpler handles; idea from nisse@lysator.liu.se
   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
     [bufaux.c radix.c sshconnect.h sshconnect1.c]
     indent
 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
   be missing such feature.
2001-01-18 02:04:35 +00:00
Ben Lindstrom
d26dcf3371 20010107
- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)
2001-01-06 15:18:16 +00:00
Ben Lindstrom
46c162204b One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
 - Updated RCSID for pty.c
 - (bal) OpenBSD CVS Updates:
  - markus@cvs.openbsd.org 2000/12/21 15:10:16
    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
  - markus@cvs.openbsd.org 2000/12/20 19:26:56
    [authfile.c]
    allow ssh -i userkey for root
  - markus@cvs.openbsd.org 2000/12/20 19:37:21
    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
    fix prototypes; from stevesk@pobox.com
  - markus@cvs.openbsd.org 2000/12/20 19:32:08
    [sshd.c]
    init pointer to NULL; report from Jan.Ivan@cern.ch
  - markus@cvs.openbsd.org 2000/12/19 23:17:54
    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
    unsigned' with u_char.
2000-12-22 01:43:59 +00:00
Damien Miller
152cea206a - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
from Andreas M. Kirchwitz <amk@krell.zikzak.de>
2000-12-13 19:21:51 +11:00
Damien Miller
43dc8da75c - (djm) Back out all the serverloop.c hacks. sshd will now hang again
if there are background children with open fds.
2000-11-29 15:55:17 +11:00
Damien Miller
a2e53ccb64 - (djm) Fix(?) the ssh hang-on-logout/data-from-child race 2000-11-29 11:26:45 +11:00
Ben Lindstrom
1492029371 20001123
- (bal) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/15 22:31:36
     [auth-options.c]
     case insensitive key options; from stevesk@sweeden.hp.com
   - markus@cvs.openbsd.org  2000/11/16 17:55:43
     [dh.c]
     do not use perror() in sshd, after child is forked()
   - markus@cvs.openbsd.org  2000/11/14 23:42:40
     [auth-rsa.c]
     parse option only if key matches; fix some confusing seen by the client
   - markus@cvs.openbsd.org  2000/11/14 23:44:19
     [session.c]
     check no_agent_forward_flag for ssh-2, too
   - markus@cvs.openbsd.org  2000/11/15
     [ssh-agent.1]
     reorder SYNOPSIS; typo, use .It
   - markus@cvs.openbsd.org  2000/11/14 23:48:55
     [ssh-agent.c]
     do not reorder keys if a key is removed
   - markus@cvs.openbsd.org  2000/11/15 19:58:08
     [ssh.c]
     just ignore non existing user keys
   - millert@cvs.openbsd.org  200/11/15 20:24:43
     [ssh-keygen.c]
     Add missing \n at end of error message.
2000-11-21 21:24:55 +00:00