7bab20a582
bitmask operation audit (s/&&/&/). from openbsd
2002-08-08 15:12:09 +00:00
3fd219f644
add utmpx support.
2002-07-28 23:43:33 +00:00
24ef72afbf
print connect failure on debugging mode. sync w/openbsd
2002-07-12 13:28:36 +00:00
bdfa549223
bark if all connection attemp fails. sync w/openbsd
2002-07-10 10:28:00 +00:00
92b7524e7d
silently connect(2) to next address. sync w/openbsd
2002-07-09 12:04:10 +00:00
a2a47b15ce
don't warn even if reverse lookup fails. sync w/openbsd
2002-07-09 12:03:54 +00:00
9a2478a3b0
/var/empty -> /var/chroot/sshd. PR 17519
2002-07-08 14:39:53 +00:00
968294e218
>make ssh-keysign read /etc/ssh/ssh_config
...
>and exit if HostbasedAuthentication is disabled globally. based on discussions
>with deraadt, itojun and sommerfeld; ok itojun@
sync w/openbsd
2002-07-03 14:23:13 +00:00
92ea28e291
>for compression=yes, we fallback to no-compression if the server does
...
>not support compression, vice versa for compression=no. ok mouring@
sync w/openbsd
2002-07-03 10:07:48 +00:00
673c1a7ac1
>use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
...
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@
2002-07-03 10:06:39 +00:00
c28e7ac1f6
correct signed/unsigned mixup; openbsd
2002-07-03 10:05:58 +00:00
8d3378688a
pednatic check on command line args. correct signed/unsigned mixup.
...
sync w/ openbsd
2002-07-01 06:17:11 +00:00
84559971ee
make use of xfree() consistent. from openbsd
2002-07-01 05:56:45 +00:00
11792b93b1
don't use freed memory. sync w/openbsd
2002-07-01 05:54:03 +00:00
5bdd56b128
sync with 3.4
2002-06-26 14:08:29 +00:00
b8f8e01057
OpenSSH 3.4 around 2002/6/26.
...
most significant change:
>make sure # of response matches # of queries, fixes int overflow; from ISS
as we have already enabled privsep by default, we should have been safe.
2002-06-26 14:02:54 +00:00
603dca2ed2
sync whitespace w/ openbsd tree
2002-06-24 15:47:25 +00:00
bc7b65a647
don't lose information while we cast
2002-06-24 15:46:34 +00:00
7d6a7caf6a
Cast arguments so that this file will compile on less forgiving architectures
...
like arm32.
2002-06-24 15:32:58 +00:00
3ea946f134
sync with openssh 3.3.
...
local mods included to make it compile with openssl 0.9.6d.
2002-06-24 05:48:24 +00:00
3dfc6702ef
clean ssh-keysign build dir before import.
2002-06-24 05:45:17 +00:00
9486e6fd01
it shouldn't be imported
2002-06-24 05:28:32 +00:00
b5222aff66
OpenSSH 3.3 as of June 24, 2002.
...
- ssh is no longer seruid root. ssh-keyscan is added to read secret host keys.
protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
2002-06-24 05:25:39 +00:00
d844f0d7b1
Fix Xrefs.
2002-06-13 00:15:09 +00:00
78c59017cc
Remove photurisd reference.
2002-06-13 00:14:26 +00:00
b745604c00
sync sockaddr_ntop with latest openssh (minor change)
2002-06-09 22:22:55 +00:00
be5f1d082c
use getnameinfo on diag printing. sync w/openssh in openbsd
2002-06-08 21:17:57 +00:00
e67961b545
check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they
...
do not exist. sync w/openssh
2002-05-29 23:54:29 +00:00
a5c3041a1b
bump date for rhosts auth fix
2002-05-27 13:45:40 +00:00
b274d69ad0
correct rhosts authentication. should fix PR 17023
2002-05-27 13:45:17 +00:00
a46557038c
now arc4random is in libc, we don't need to supply local version
2002-05-25 00:29:52 +00:00
e26b1052bb
use /var/chroot/sshd instead of /var/empty. suggested by christos
2002-05-16 20:59:35 +00:00
f47caddaf3
turn on privilege separation, as 3.2.1 default do.
...
requires sshd uid/gid as well as /var/empty directory.
2002-05-14 23:33:07 +00:00
ca89359407
sync with 3.2.1 as of 5/13.
...
NOTE: privilege separation is turned off by default
as it seems there still are issues with setsid().
2002-05-13 02:58:17 +00:00
24255a6a60
OpenSSH 3.2.1 as of 2002/5/13
2002-05-13 02:28:40 +00:00
244b762de1
Complete the conversion back to the OpenSSH default configuration files of
...
"/etc/ssh/ssh_config" (from "/etc/ssh/ssh.conf") for ssh(1) and other
userland tools, and "/etc/ssh/sshd_config (from "/etc/ssh/sshd.conf")
for sshd(8).
etc/postinstall will detect this, and if "fix" is given, rename the files.
2002-04-29 08:23:34 +00:00
936168b29d
correct afs/kerberos token-passing. notified by markus@openbsd
2002-04-24 01:48:04 +00:00
34b40b030e
sync with openssh 3.2 as of 2002/4/22.
...
- privilege separation
- afs/kerberos auth security issue fixed
2002-04-22 07:59:35 +00:00
ff10d69ea5
OpenSSH 3.2 as of 2002/4/22. bring in sys/sys/tree.h
2002-04-22 07:47:47 +00:00
f597d4ec88
OpenSSH 3.2 as of 2002/4/22. fixes issues with AFS/kerberos auth
2002-04-22 07:35:39 +00:00
0a2445c3b6
move sshd config files to /etc/ssh
2002-03-11 04:57:55 +00:00
68c304f103
Fix several LL128 format string mismatches with a chainsaw.
...
%llu is "unsigned long long", not "uint64_t"; the former can be 128
bits on LP64 systems.
2002-03-09 15:03:33 +00:00
9d597e40f3
printf type mismatch.
2002-03-08 06:03:21 +00:00
295a85a1c9
sync better with reality (LoginGraceTime)
2002-03-08 02:18:11 +00:00
af34a358ff
sync w/ 3.1 as of 2002/3/8. configuration file directory is still /etc
...
(openbsd usr.bin/ssh is using /etc/ssh)
2002-03-08 02:00:50 +00:00
797a097779
OpenSSH 3.1 as of 2002/3/8. plugs off-by-one security hole
2002-03-08 01:20:24 +00:00
9097d36b33
Fix off by one error described in "PINE-CERT-20020301" advisory.
2002-03-07 16:02:22 +00:00
a8d19a98fc
don't try to use the krb5 context if the init fails; should fix
...
bin/15585
2002-02-26 11:16:08 +00:00
4845a9458f
Rather than assuming that -1 is a valid value for a LogLevel or LogFacility,
...
explicitly declare SYSLOG_LEVEL_NOT_SET and SYSLOG_FACILITY_NOT_SET and use
those instead.
This is necessary for -fshort-enums platforms, and corresponds to the
following OpenBSD revisions:
log.c 1.21
log.h 1.5
readconf.c 1.95
servconf.c 1.53
2002-02-10 16:23:33 +00:00
ad08960f5c
When calling krb5_verify_user(), we must restore root's uid, since it will need to read /etc/krb5.keytab.
2001-12-19 10:28:47 +00:00
itojun