Commit Graph

78 Commits

Author SHA1 Message Date
Darren Tucker
3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669 - markus@cvs.openbsd.org 2003/08/26 09:58:43
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
     [auth2.c monitor.c]
     fix passwd auth for 'username leaks via timing'; with djm@, original
     patches from solar
2003-09-03 07:32:45 +10:00
Darren Tucker
43a0dc6653 - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled. 2003-08-26 14:22:12 +10:00
Darren Tucker
e41bba5847 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
any access to locked accounts.  ok djm@
2003-08-25 11:51:19 +10:00
Darren Tucker
b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Damien Miller
3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Darren Tucker
97363a8b24 - (dtucker) Move handling of bad password authentications into a platform
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Damien Miller
2a3f20e397 - (djm) Fix missed log => logit occurance (reference by function pointer) 2003-04-09 21:12:00 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
e443e9398e - (djm) Revert fix for Bug #442 for now. 2003-01-18 16:24:06 +11:00
Tim Rice
458c6bfa10 [auth.c] declare today at top of allowed_user() to keep older compilers happy. 2003-01-08 20:04:27 -08:00
Damien Miller
06817f9cd3 - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
dtucker@zip.com.au. Reorder for clarity too.
2003-01-07 23:55:59 +11:00
Damien Miller
f25c18d7e8 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller
64004b5566 - (djm) Fix Bug #442 for PAM case 2003-01-07 16:15:20 +11:00
Damien Miller
48cb8aa935 - (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
2003-01-07 12:19:32 +11:00
Ben Lindstrom
f5397c081d - (bal) AIX does not log login attempts for unknown users (bug #432).
patch by dtucker@zip.com.au
2002-11-09 16:11:10 +00:00
Ben Lindstrom
485075e8fa - markus@cvs.openbsd.org 2002/11/04 10:07:53
[auth.c]
     don't compare against pw_home if realpath fails for pw_home (seen
     on AFS); ok djm@
2002-11-09 15:45:12 +00:00
Ben Lindstrom
97e38d8667 20021015
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-10-16 00:13:52 +00:00
Damien Miller
6f0a188857 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
[auth.c]
     log illegal user here for missing privsep case (ssh2).
     this is executed in the monitor. ok markus@
2002-09-22 01:26:51 +10:00
Ben Lindstrom
d4ee3497ca - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
[auth.c]
     typo in comment
2002-08-20 18:42:13 +00:00
Ben Lindstrom
e06eb68226 - (bal) Failed password attempts don't increment counter on AIX. Bug #145 2002-07-04 00:27:21 +00:00
Damien Miller
116e6dfaad unbreak (aaarrrgggh - stupid vi) 2002-05-22 15:06:28 +10:00
Damien Miller
13e35a0ea2 rcsid sync 2002-05-22 14:04:11 +10:00
Ben Lindstrom
a574cda45b - markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
     move the packet_send_debug handling from auth-options.c to auth.c;
     ok provos@
2002-05-15 16:16:14 +00:00
Kevin Steves
f98fb721a0 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire.  Still don't check for inactive.
2002-05-10 15:48:52 +00:00
Ben Lindstrom
f34e4eb6c7 - markus@cvs.openbsd.org 2002/03/19 15:31:47
[auth.c]
     check for NULL; from provos@
2002-03-22 03:08:30 +00:00
Ben Lindstrom
7ebb635d81 - markus@cvs.openbsd.org 2002/03/19 14:27:39
[auth.c auth1.c auth2.c]
     make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom
b481e1323e - provos@cvs.openbsd.org 2002/03/18 03:41:08
[auth.c session.c]
     move auth_approval into getpwnamallow with help from millert@
2002-03-22 01:35:47 +00:00
Ben Lindstrom
2ae18f40a7 - provos@cvs.openbsd.org 2002/03/17 20:25:56
[auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Ben Lindstrom
b61e6df9f3 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
[auth.c]
     fix file type checking (use S_ISREG).  ok by markus
2002-03-22 01:15:33 +00:00
Ben Lindstrom
3fb5d00ffd - markus@cvs.openbsd.org 2002/03/01 13:12:10
[auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@
2002-03-05 01:42:42 +00:00
Ben Lindstrom
6ef9ec6b6b - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
[auth.c]
     log user not allowed details, from dwd@bell-labs.com; ok markus@
2002-03-05 01:40:37 +00:00
Ben Lindstrom
916d83d208 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
[auth.c match.c match.h]
     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@
2002-03-05 01:35:23 +00:00
Damien Miller
c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller
9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller
f655207a46 - markus@cvs.openbsd.org 2001/11/08 20:02:24
[auth.c]
     don't print ROOT in CAPS for the authentication messages, i.e.
     	Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
     becomes
     	Accepted publickey for root from 127.0.0.1 port 42734 ssh2
2001-11-12 11:06:06 +11:00
Ben Lindstrom
c3e49e7b31 - markus@cvs.openbsd.org 2001/10/03 10:01:20
[auth.c]
     use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
2001-10-03 17:55:26 +00:00
Damien Miller
0ae6e009c8 - markus@cvs.openbsd.org 2001/07/11 18:26:15
[auth.c]
     no need to call dirname(pw->pw_dir).
     note that dirname(3) modifies its argument on some systems.
2001-07-14 12:21:34 +10:00
Damien Miller
98273e3ade - (djm) Revert dirname fix, a better one is on its way. 2001-07-14 11:55:15 +10:00
Damien Miller
eec0c25f2a - (djm) dirname(3) may modify its argument on glibc and other systems.
Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
2001-07-11 21:32:20 +10:00
Ben Lindstrom
60260022ee - markus@cvs.openbsd.org 2001/06/27 04:48:53
[auth.c match.c sshd.8]
     tridge@samba.org
2001-07-04 04:56:44 +00:00
Ben Lindstrom
248c0784bf - provos@cvs.openbsd.org 2001/06/25 17:54:47
[auth.c auth.h auth-rsa.c]
     terminate secure_filename checking after checking homedir.  that way
     it works on AFS.  okay markus@
2001-07-04 03:40:39 +00:00
Ben Lindstrom
83647ce474 - markus@cvs.openbsd.org 2001/06/23 00:20:57
[auth2.c auth.c auth.h auth-rh-rsa.c]
     *known_hosts2 is obsolete for hostbased authentication and
     only used for backward compat. merge ssh1/2 hostkey check
     and move it to auth.c
2001-06-25 04:30:16 +00:00
Ben Lindstrom
68c3ce1075 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
<markm@swoon.net>
2001-06-10 17:24:51 +00:00
Ben Lindstrom
60567ff890 - markus@cvs.openbsd.org 2001/05/24 11:12:42
[auth.c]
     fix comment; from jakob@
2001-06-05 20:27:53 +00:00
Ben Lindstrom
bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
2001-06-05 20:25:05 +00:00