head	1.1;
branch	1.1.1;
access;
symbols
	RELENG_8_4:1.1.1.7.0.42
	RELENG_9_1_0_RELEASE:1.1.1.7
	RELENG_9_1:1.1.1.7.0.40
	RELENG_9_1_BP:1.1.1.7
	RELENG_8_3_0_RELEASE:1.1.1.7
	RELENG_8_3:1.1.1.7.0.38
	RELENG_8_3_BP:1.1.1.7
	RELENG_9_0_0_RELEASE:1.1.1.7
	RELENG_9_0:1.1.1.7.0.36
	RELENG_9_0_BP:1.1.1.7
	RELENG_9:1.1.1.7.0.34
	RELENG_9_BP:1.1.1.7
	RELENG_7_4_0_RELEASE:1.1.1.7
	RELENG_8_2_0_RELEASE:1.1.1.7
	RELENG_7_4:1.1.1.7.0.32
	RELENG_7_4_BP:1.1.1.7
	RELENG_8_2:1.1.1.7.0.30
	RELENG_8_2_BP:1.1.1.7
	RELENG_8_1_0_RELEASE:1.1.1.7
	RELENG_8_1:1.1.1.7.0.28
	RELENG_8_1_BP:1.1.1.7
	RELENG_7_3_0_RELEASE:1.1.1.7
	RELENG_7_3:1.1.1.7.0.26
	RELENG_7_3_BP:1.1.1.7
	RELENG_8_0_0_RELEASE:1.1.1.7
	RELENG_8_0:1.1.1.7.0.24
	RELENG_8_0_BP:1.1.1.7
	RELENG_8:1.1.1.7.0.22
	RELENG_8_BP:1.1.1.7
	RELENG_7_2_0_RELEASE:1.1.1.7
	RELENG_7_2:1.1.1.7.0.20
	RELENG_7_2_BP:1.1.1.7
	RELENG_7_1_0_RELEASE:1.1.1.7
	RELENG_6_4_0_RELEASE:1.1.1.7
	RELENG_7_1:1.1.1.7.0.18
	RELENG_7_1_BP:1.1.1.7
	RELENG_6_4:1.1.1.7.0.16
	RELENG_6_4_BP:1.1.1.7
	RELENG_7_0_0_RELEASE:1.1.1.7
	RELENG_6_3_0_RELEASE:1.1.1.7
	RELENG_7_0:1.1.1.7.0.14
	RELENG_7_0_BP:1.1.1.7
	RELENG_6_3:1.1.1.7.0.12
	RELENG_6_3_BP:1.1.1.7
	RELENG_7:1.1.1.7.0.10
	RELENG_7_BP:1.1.1.7
	RELENG_6_2_0_RELEASE:1.1.1.7
	RELENG_6_2:1.1.1.7.0.8
	RELENG_6_2_BP:1.1.1.7
	OpenSSH_4_5p1:1.1.1.7
	OpenSSH_4_4p1:1.1.1.7
	RELENG_5_5_0_RELEASE:1.1.1.6
	RELENG_5_5:1.1.1.6.0.8
	RELENG_5_5_BP:1.1.1.6
	RELENG_6_1_0_RELEASE:1.1.1.7
	RELENG_6_1:1.1.1.7.0.6
	RELENG_6_1_BP:1.1.1.7
	OpenSSH_4_3p1:1.1.1.7
	RELENG_6_0_0_RELEASE:1.1.1.7
	RELENG_6_0:1.1.1.7.0.4
	RELENG_6_0_BP:1.1.1.7
	OpenSSH_4_2p1:1.1.1.7
	RELENG_6:1.1.1.7.0.2
	RELENG_6_BP:1.1.1.7
	OpenSSH_4_1p1:1.1.1.7
	OpenSSH_4_0p1:1.1.1.7
	RELENG_5_4_0_RELEASE:1.1.1.6
	RELENG_5_4:1.1.1.6.0.6
	RELENG_5_4_BP:1.1.1.6
	RELENG_4_11_0_RELEASE:1.1.1.2.2.2
	RELENG_4_11:1.1.1.2.2.2.0.8
	RELENG_4_11_BP:1.1.1.2.2.2
	OpenSSH_3_9p1:1.1.1.6
	RELENG_5_3_0_RELEASE:1.1.1.6
	RELENG_5_3:1.1.1.6.0.4
	RELENG_5_3_BP:1.1.1.6
	RELENG_5:1.1.1.6.0.2
	RELENG_5_BP:1.1.1.6
	RELENG_4_10_0_RELEASE:1.1.1.2.2.2
	RELENG_4_10:1.1.1.2.2.2.0.6
	RELENG_4_10_BP:1.1.1.2.2.2
	OpenSSH_3_8_1p1:1.1.1.6
	OpenSSH_3_8p1:1.1.1.6
	RELENG_5_2_1_RELEASE:1.1.1.4
	RELENG_5_2_0_RELEASE:1.1.1.4
	OpenSSH_3_7_1p2:1.1.1.5
	RELENG_5_2:1.1.1.4.0.4
	RELENG_5_2_BP:1.1.1.4
	RELENG_4_9_0_RELEASE:1.1.1.2.2.2
	RELENG_4_9:1.1.1.2.2.2.0.4
	RELENG_4_9_BP:1.1.1.2.2.2
	RELENG_5_1_0_RELEASE:1.1.1.4
	RELENG_5_1:1.1.1.4.0.2
	RELENG_5_1_BP:1.1.1.4
	OpenSSH_3_6_1p1:1.1.1.4
	RELENG_4_8_0_RELEASE:1.1.1.2.2.2
	RELENG_4_8:1.1.1.2.2.2.0.2
	RELENG_4_8_BP:1.1.1.2.2.2
	RELENG_5_0_0_RELEASE:1.1.1.3
	RELENG_5_0:1.1.1.3.0.2
	RELENG_5_0_BP:1.1.1.3
	OpenSSH_3_5p1:1.1.1.3
	OPENSSH:1.1.1
	RELENG_4_7_0_RELEASE:1.1.1.2.2.1
	RELENG_4_7:1.1.1.2.2.1.0.2
	RELENG_4_7_BP:1.1.1.2.2.1
	RELENG_4_6_2_RELEASE:1.1.1.2.4.1
	RELENG_4_6_1_RELEASE:1.1.1.2.4.1
	RELENG_4_6:1.1.1.2.0.4
	RELENG_4:1.1.1.2.0.2
	OpenSSH_3_4p1:1.1.1.2
	OpenSSH_3_3p1:1.1.1.1
	OPENBSD:1.1.1;
locks; strict;
comment	@# @;


1.1
date	2002.06.27.22.30.59;	author des;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2002.06.27.22.30.59;	author des;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2002.06.29.11.33.57;	author des;	state Exp;
branches
	1.1.1.2.2.1
	1.1.1.2.4.1;
next	1.1.1.3;

1.1.1.3
date	2002.10.29.09.42.48;	author des;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2003.04.23.16.52.50;	author des;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2004.01.07.11.10.00;	author des;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2004.02.26.10.38.36;	author des;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2005.06.05.15.40.38;	author des;	state Exp;
branches
	1.1.1.7.42.1;
next	;

1.1.1.2.2.1
date	2002.07.03.22.11.41;	author des;	state Exp;
branches;
next	1.1.1.2.2.2;

1.1.1.2.2.2
date	2003.02.03.17.31.06;	author des;	state Exp;
branches;
next	;

1.1.1.2.4.1
date	2002.07.16.12.27.05;	author des;	state Exp;
branches;
next	;

1.1.1.7.42.1
date	2005.06.05.15.40.38;	author svnexp;	state dead;
branches;
next	1.1.1.7.42.2;

1.1.1.7.42.2
date	2013.03.28.13.02.25;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@Programming:
- Grep for 'XXX' comments and fix

- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
  is multiple inclusion of DES symbols. Holger Trapp 
  <holger.trapp@@hrz.tu-chemnitz.de> reports that changing the configure
  generated link order from:
	-lresolv -lkrb -lz -lnsl  -lutil -lkafs -lkrb -ldes -lcrypto
  to:
	-lresolv -lkrb -lz -lnsl  -lutil -lcrypto -lkafs -lkrb -ldes
  fixing the problem.

- Write a test program that calls stat() to search for EGD/PRNGd socket
  rather than use the (non-portable) "test -S". 

- Replacement for setproctitle() - HP-UX support only currently

- Handle changing passwords for the non-PAM expired password case

- Improve PAM support (a pam_lastlog module will cause sshd to exit)
  and maybe support alternate forms of authenications like OPIE via
  pam?

- Rework PAM ChallengeResponseAuthentication
 - Use kbdint request packet with 0 prompts for informational messages
 - Use different PAM service name for kbdint vs regular auth (suggest from
   Solar Designer)
 - Ability to select which ChallengeResponseAuthentications may be used
   and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"

- Complete Tru64 SIA support
 - It looks like we could merge it into the password auth code to cut down
   on diff size. Maybe PAM password auth too?

- Finish integrating kernel-level auditing code for IRIX and SOLARIS
  (Gilbert.r.loomis@@saic.com)

- sftp-server:  Rework to step down to 32bit ints if the platform
  lacks 'long long' == 64bit (Notable SCO w/ SCO compiler)

- Linux hangs for 20 seconds when you do "sleep 20&exit".  All current
  solutions break scp or leaves processes hanging around after the ssh
  connection has ended.  It seems to be linked to two things.  One
  select() under Linux is not as nice as others, and two the children
  of the shell are not killed on exiting the shell. Redhat have an excellent
  description of this in their RPM package.

- Build an automated test suite

- 64-bit builds on HP-UX 11.X (stevesk@@pobox.com):
  - utmp/wtmp get corrupted (something in loginrec?)
  - can't build with PAM (no 64-bit libpam yet)

Documentation:
- More and better

- Install FAQ?

- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
  would be best to use them.  

- Create a Documentation/ directory?

Clean up configure/makefiles:
- Clean up configure.ac - There are a few double #defined variables
  left to do.  HAVE_LOGIN is one of them.  Consider NOT looking for
  information in wtmpx or utmpx or any of that stuff if it's not detected
  from the start

- Fails to compile when cross compile.
  (vinschen@@redhat.com)

- Replace the whole u_intXX_t evilness in acconfig.h with something better???

- Consider splitting the u_intXX_t test for sys/bitype.h  into seperate test
  to allow people to (right/wrongfully) link against Bind directly.

- Consider splitting configure.ac into seperate files which do logically
  similar tests. E.g move all the type detection stuff into one file, 
  entropy related stuff into another.

Packaging:
- Solaris: Update packaging scripts and build new sysv startup scripts
  Ideally the package metadata should be generated by autoconf.
  (gilbert.r.loomis@@saic.com)

- HP-UX: Provide DEPOT package scripts.
  (gilbert.r.loomis@@saic.com)

$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $
@


1.1.1.1
log
@Vendor import of OpenSSH 3.3p1.
@
text
@@


1.1.1.2
log
@Vendor import of OpenSSH 3.4p1.
@
text
@d90 1
a90 17

PrivSep Issues:
- mmap() issues.
  + /dev/zero solution (Solaris)
  + No/broken MAP_ANON (Irix)
  + broken /dev/zero parse (Linux)
- PAM 
  + See above PAM notes
- AIX
  + usrinfo() does not set TTY, but only required for legicy systems.  Works
    with PrivSep.
- OSF
  + SIA is broken
- Cygwin
  + Privsep for Pre-auth only (no fd passing)

$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $
@


1.1.1.3
log
@Vendor import of OpenSSH-portable 3.5p1.
@
text
@d21 1
a21 1
  and maybe support alternate forms of authentications like OPIE via
d45 2
a46 32
  of the shell are not killed on exiting the shell.
  A short run-down of what happens:
  - The shell starts up, and starts its own session.  As a side-effect, it
    gets its own process group.
  - The child forks off sleep, and because it's in the background, puts it
    into its own process group.  The sleep command inherits a copy of the
    shell's descriptor for the tty as its stdout.
  - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably
    should(?)
  - The sshd server attempts to read from the master side of the pty, and
    while there are still process with the pty open, no EOF is produced.
  - The sleep command exits, closes its descriptor, sshd detects the EOF, and
    the connection gets closed.
  Ways we've tried fixing this in sshd, and why they didn't work out:
  - SIGHUP the sshd's process group.
    - The shell is in its own process group.
  - Track process group IDs of all children before we reap them (via an extra
    field in Session structures which holds the pgid for each child pid), and
    SIGHUP the pgid when we reap.
    - Background commands are in yet another process group.
  - Close the connection when the child dies.
    - Background commands may need to write data to the connection.  Also
      prematurely truncates output from some commands (scp server, the
      famous "dd if=/dev/zero bs=1000 count=100" case).
  Known workarounds:
  - bash: shopt huponexit on
  - tcsh: none
  - zsh: setopt HUP (usually the default setting)
    (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001)
  - pdksh: ?
  This appears to affect NetKit rsh under Linux as well: it behaves the same
  with 'sleep 20 & exit'.
d106 1
a106 1
$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $
@


1.1.1.4
log
@Vendor import of OpenSSH-portable 3.6.1p1.
@
text
@d16 1
a16 1
- More platforms for for setproctitle() emulation (testing needed)
a103 1
 - Do it in configure.ac
d136 1
a136 1
$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $
@


1.1.1.5
log
@Vendor import of OpenSSH 3.7.1p2.
@
text
@a0 14
Documentation:

- Update the docs
  - Update README
  - Update INSTALL
  - Merge INSTALL & README.privsep

- Install FAQ?

- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
  would be best to use them.  

- Create a Documentation/ directory?

a1 1

d24 2
a25 3
- Improve PAM ChallengeResponseAuthentication
 - Informational messages
 - chauthtok
d38 42
d84 10
d100 2
a101 1
- Fails to compile when cross compile. (vinschen@@redhat.com)
d121 1
d130 1
a130 1
  + usrinfo() does not set TTY, but only required for legacy systems.  Works
d137 1
a137 1
$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $
@


1.1.1.6
log
@Vendor import of OpenSSH 3.8p1.
@
text
@d11 1
a11 1
  would be best to use them.
d20 1
a20 1
  is multiple inclusion of DES symbols. Holger Trapp
d29 1
a29 1
  rather than use the (non-portable) "test -S".
d33 2
d73 1
a73 1
  similar tests. E.g move all the type detection stuff into one file,
d89 1
a89 1
- PAM
d99 1
a99 1
$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $
@


1.1.1.7
log
@Vendor import of OpenSSH 4.0p1.
@
text
@d33 4
d39 1
d62 2
d75 4
d97 1
a97 1
$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $
@


1.1.1.7.42.1
log
@file TODO was added on branch RELENG_8_4 on 2013-03-28 13:02:25 +0000
@
text
@d1 86
@


1.1.1.7.42.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 86
Documentation:

- Update the docs
  - Update README
  - Update INSTALL
  - Merge INSTALL & README.privsep

- Install FAQ?

- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
  would be best to use them.

- Create a Documentation/ directory?

Programming:

- Grep for 'XXX' comments and fix

- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
  is multiple inclusion of DES symbols. Holger Trapp
  <holger.trapp@@hrz.tu-chemnitz.de> reports that changing the configure
  generated link order from:
	-lresolv -lkrb -lz -lnsl  -lutil -lkafs -lkrb -ldes -lcrypto
  to:
	-lresolv -lkrb -lz -lnsl  -lutil -lcrypto -lkafs -lkrb -ldes
  fixing the problem.

- Write a test program that calls stat() to search for EGD/PRNGd socket
  rather than use the (non-portable) "test -S".

- More platforms for for setproctitle() emulation (testing needed)

- Improve PAM ChallengeResponseAuthentication
 - Informational messages
 - Use different PAM service name for kbdint vs regular auth (suggest from
   Solar Designer)
 - Ability to select which ChallengeResponseAuthentications may be used
   and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"

- Complete Tru64 SIA support
 - It looks like we could merge it into the password auth code to cut down
   on diff size. Maybe PAM password auth too?

- Finish integrating kernel-level auditing code for IRIX and SOLARIS
  (Gilbert.r.loomis@@saic.com)

- 64-bit builds on HP-UX 11.X (stevesk@@pobox.com):
  - utmp/wtmp get corrupted (something in loginrec?)
  - can't build with PAM (no 64-bit libpam yet)

Clean up configure/makefiles:
- Clean up configure.ac - There are a few double #defined variables
  left to do.  HAVE_LOGIN is one of them.  Consider NOT looking for
  information in wtmpx or utmpx or any of that stuff if it's not detected
  from the start

- Replace the whole u_intXX_t evilness in acconfig.h with something better???
 - Do it in configure.ac

- Consider splitting the u_intXX_t test for sys/bitype.h  into seperate test
  to allow people to (right/wrongfully) link against Bind directly.

- Consider splitting configure.ac into seperate files which do logically
  similar tests. E.g move all the type detection stuff into one file,
  entropy related stuff into another.

Packaging:
- HP-UX: Provide DEPOT package scripts.
  (gilbert.r.loomis@@saic.com)

PrivSep Issues:
- mmap() issues.
  + /dev/zero solution (Solaris)
  + No/broken MAP_ANON (Irix)
  + broken /dev/zero parse (Linux)
- PAM
  + See above PAM notes
- AIX
  + usrinfo() does not set TTY, but only required for legacy systems.  Works
    with PrivSep.
- OSF
  + SIA is broken
- Cygwin
  + Privsep for Pre-auth only (no fd passing)

$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $
@


1.1.1.2.4.1
log
@Merge OpenSSH, OPIE, PAM and a number of dependencies from -STABLE.
@
text
@@


1.1.1.2.2.1
log
@Synch up to OpenSSH 3.4p1 - very nearly the same sources as in -CURRENT,
with a slightly different config.h to account for differences between
-CURRENT and -STABLE.

Privilege separation defaults to off for now as it breaks some aspects
of Kerberos authentication.

Sponsored by:	DARPA, NAI Labs
@
text
@@


1.1.1.2.2.2
log
@MFC: OpenSSH 3.5p1, with all FreeBSD patches.
@
text
@d21 1
a21 1
  and maybe support alternate forms of authentications like OPIE via
d45 2
a46 32
  of the shell are not killed on exiting the shell.
  A short run-down of what happens:
  - The shell starts up, and starts its own session.  As a side-effect, it
    gets its own process group.
  - The child forks off sleep, and because it's in the background, puts it
    into its own process group.  The sleep command inherits a copy of the
    shell's descriptor for the tty as its stdout.
  - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably
    should(?)
  - The sshd server attempts to read from the master side of the pty, and
    while there are still process with the pty open, no EOF is produced.
  - The sleep command exits, closes its descriptor, sshd detects the EOF, and
    the connection gets closed.
  Ways we've tried fixing this in sshd, and why they didn't work out:
  - SIGHUP the sshd's process group.
    - The shell is in its own process group.
  - Track process group IDs of all children before we reap them (via an extra
    field in Session structures which holds the pgid for each child pid), and
    SIGHUP the pgid when we reap.
    - Background commands are in yet another process group.
  - Close the connection when the child dies.
    - Background commands may need to write data to the connection.  Also
      prematurely truncates output from some commands (scp server, the
      famous "dd if=/dev/zero bs=1000 count=100" case).
  Known workarounds:
  - bash: shopt huponexit on
  - tcsh: none
  - zsh: setopt HUP (usually the default setting)
    (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001)
  - pdksh: ?
  This appears to affect NetKit rsh under Linux as well: it behaves the same
  with 'sleep 20 & exit'.
d106 1
a106 1
$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $
@


