| Age | Commit message (Collapse) | Author |
|---|
|
|
|
A number of contrib/* files refer to the existing README so let's leave
it in place for release and add the new markdown version in parallel.
I'll get rid of README after release.
|
|
This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f.
|
|
Include basic build instructions and comments on commonly-used build-
time flags, links to the manual pages and other resources.
Now in Markdown format for better viewing on github, etc.
|
|
|
|
OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b
|
|
from Jakub Jelen
|
|
than just the function name and the error message
OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
|
|
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
|
|
Spotted by Kevin Brott.
|
|
Should fix build on AIX 7.2.
|
|
|
|
|
|
The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so
|
|
Fixes build on systems that don't have it (Solaris <=9) Found by
Tom G. Christensen.
|
|
- Cygwin supports non-DOS characters in filenames
- Cygwin does not support Windows XP anymore
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
that could cause connection to close incorrectly; Report and patch from Jakub
Jelen in bz#2757; ok dtucker@ markus@
OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
|
|
any" in a Match block overrides a more restrictive global default.
Spotted by jmc@, ok markus@
OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
|
|
OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07
|
|
sizes. "seems worthwhile" deraadt.
OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
|
|
the estimates from NIST Special Publication 800-57, 3k bits provides security
equivalent to 128 bits which is the smallest symmetric cipher we enable by
default. ok markus@ deraadt@
OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
|
|
OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4
|
|
OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
|
|
OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c
|
|
ok djm@
|
|
Seteuid now creates user token using S4U. We don't create a token
from scratch anymore, so we don't need the "Create a process token"
privilege. The service can run under SYSTEM again...
...unless Cygwin is running on Windows Vista or Windows 7 in the
WOW64 32 bit emulation layer. It turns out that WOW64 on these systems
didn't implement MsV1_0 S4U Logon so we still need the fallback
to NtCreateToken for these systems.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
The latter checks for memory exhaustion and integer overflow and may be
at a less predictable place. Sanity check by vinschen at redhat.com, ok
djm@
|
|
Patch from vinschen at redhat.com, updated a little by me.
|
|
function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should be case-insensitive. ok
djm@
OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e
|
|
sending two keepalives successively and prematurely terminating connection
when ClientAliveCount=1. While there, collapse two similar tests into one.
ok markus@
OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd
|
|
kn@
OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
|
|
keying in debug messages. Previously it would be difficult to tell which
direction it was talking about
OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d
|
|
1. Recently-forked child processes will briefly remain listening to
listen_socks. If the main server sshd process completes its restart
via execv() before these sockets are closed by the child processes
then it can fail to listen at the desired addresses/ports and/or
fail to restart.
2. When a SIGHUP is received, there may be forked child processes that
are awaiting their reexecution state. If the main server sshd
process restarts before passing this state, these child processes
will yield errors and use a fallback path of reading the current
sshd_config from the filesystem rather than use the one that sshd
was started with.
To fix both of these cases, we reuse the startup_pipes that are shared
between the main server sshd and forked children. Previously this was
used solely to implement tracking of pre-auth child processes for
MaxStartups, but this extends the messaging over these pipes to include
a child->parent message that the parent process is safe to restart. This
message is sent from the child after it has completed its preliminaries:
closing listen_socks and receiving its reexec state.
bz#2953, reported by Michal Koutný; ok markus@ dtucker@
OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab
|
|
mention of RSA keys only (since we support ECDSA now and might support others
in the future). Inspired by Jakub Jelen via bz#2974
OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5
|
|
print PKCS11Provider instead of obsolete SmartcardDevice in config dump.
bz#2974 ok dtucker@
OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846
|
|
be redirected to /dev/null; ok djm@
OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595
|
|
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.
This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.
Reported by nuxi AT vault24.org via bz#2697; ok dtucker
OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
|
|
The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code. Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
setup error path with user's privileged. This is a no-op as this code always
runs with user privilege now that we no longer support running sshd with
privilege separation disabled, but as long as the privsep skeleton is there
we should follow the rules.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
bz#2969 with patch from Erik Sjölund
OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
|
|
description in ssh.1; issue pointed out by andreas kahari
ok dtucker djm
OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c
|
|
public key from the agent was being attempted for use.
OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
|
|
authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions that aren't used outside this
file.
Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@
OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
|
|
interactive, so it can ask for the smartcards PIN. ok markus@
OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab
|
|
match what the client requested, be prepared to handle shell-style brace
alternations, e.g. "{foo,bar}".
"looks good to me" millert@ + in snaps for the last week courtesy
deraadt@
OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
|
|
command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@
OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
|
|
PAM typically specifies the user environment if it's enabled, so don't
second guess. bz#2937; ok dtucker@
|
|
Avoids sending SIGPIPE to child processes after their parent exits
if they attempt to write to stderr.
Analysis and patch from JD Paul; patch reworked by Jakub Jelen and
myself. bz#2071; ok dtucker@
|
