| #
92912e37 |
| 14-May-2003 |
markus <markus@openbsd.org> |
http://bugzilla.mindrot.org/show_bug.cgi?id=560
Privsep child continues to run after monitor killed.
Pass monitor signals through to child; Darren Tucker
|
| #
819e6435 |
| 14-May-2003 |
markus <markus@openbsd.org> |
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
|
| #
7e56a8a6 |
| 08-Apr-2003 |
itojun <itojun@openbsd.org> |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
| #
be896bcf |
| 02-Apr-2003 |
markus <markus@openbsd.org> |
reapply rekeying chage, tested by henning@, ok djm@
|
| #
31dc91d9 |
| 01-Apr-2003 |
markus <markus@openbsd.org> |
backout rekeying changes (for 3.6.1)
|
| #
3eb3a5f4 |
| 01-Apr-2003 |
markus <markus@openbsd.org> |
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
show more ...
|
| #
f2a7fedf |
| 23-Mar-2003 |
markus <markus@openbsd.org> |
unbreak rekeying for privsep; ok millert@
|
| #
ce850b03 |
| 05-Mar-2003 |
markus <markus@openbsd.org> |
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
|
| #
8ea0413e |
| 16-Feb-2003 |
markus <markus@openbsd.org> |
fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
|
| #
e39a5278 |
| 04-Feb-2003 |
markus <markus@openbsd.org> |
skey/bsdauth: use 0 to indicate failure instead of -1, because
the buffer API only supports unsigned ints.
|
| #
a5128fe7 |
| 05-Nov-2002 |
markus <markus@openbsd.org> |
handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
|
| #
0e51a5e0 |
| 26-Sep-2002 |
markus <markus@openbsd.org> |
krb4 + privsep; ok dugsong@, deraadt@
|
| #
f6045d83 |
| 24-Sep-2002 |
markus <markus@openbsd.org> |
only call kerberos code for authctxt->valid
|
| #
7ab27864 |
| 23-Sep-2002 |
markus <markus@openbsd.org> |
only call auth_krb5 if kerberos is enabled; ok deraadt@
|
| #
a0952d72 |
| 09-Sep-2002 |
markus <markus@openbsd.org> |
signed vs unsigned from -pedantic; ok henning@
|
| #
eedb1b6e |
| 09-Sep-2002 |
itojun <itojun@openbsd.org> |
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
|
| #
e1f868d9 |
| 29-Aug-2002 |
stevesk <stevesk@openbsd.org> |
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
NOTE: there are also p-specific parts to this patch. ok markus@
|
| #
1216dad0 |
| 02-Aug-2002 |
millert <millert@openbsd.org> |
Change mm_zalloc() sanity checks to be more in line with what
we do in calloc() and add a check to monitor_mm.c.
OK provos@ and markus@
|
| #
dfc58d41 |
| 22-Jul-2002 |
stevesk <stevesk@openbsd.org> |
u_int here; ok provos@
|
| #
44e05e87 |
| 27-Jun-2002 |
deraadt <deraadt@openbsd.org> |
use xfree()
|
| #
b05eea9a |
| 27-Jun-2002 |
deraadt <deraadt@openbsd.org> |
improve mm_zalloc check; markus ok
|
| #
6db12276 |
| 26-Jun-2002 |
deraadt <deraadt@openbsd.org> |
correct %u
|
| #
5e60a1f3 |
| 26-Jun-2002 |
deraadt <deraadt@openbsd.org> |
be careful in mm_zalloc
|
| #
58deecd9 |
| 22-Jun-2002 |
stevesk <stevesk@openbsd.org> |
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
|
| #
00984f4c |
| 21-Jun-2002 |
djm <djm@openbsd.org> |
Don't initialise compression buffers when compression=no in sshd_config;
ok Niels@
|