Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Darren Tucker
43a0dc6653
- (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.
2003-08-26 14:22:12 +10:00
Darren Tucker
e41bba5847
- (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
...
any access to locked accounts. ok djm@
2003-08-25 11:51:19 +10:00
Darren Tucker
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Damien Miller
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Damien Miller
2a3f20e397
- (djm) Fix missed log => logit occurance (reference by function pointer)
2003-04-09 21:12:00 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
e443e9398e
- (djm) Revert fix for Bug #442 for now.
2003-01-18 16:24:06 +11:00
Tim Rice
458c6bfa10
[auth.c] declare today at top of allowed_user() to keep older compilers happy.
2003-01-08 20:04:27 -08:00
Damien Miller
06817f9cd3
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
...
dtucker@zip.com.au . Reorder for clarity too.
2003-01-07 23:55:59 +11:00
Damien Miller
f25c18d7e8
- (djm) Bug #178 : On AIX /etc/nologin wasnt't shown to users. Fix from
...
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller
64004b5566
- (djm) Fix Bug #442 for PAM case
2003-01-07 16:15:20 +11:00
Damien Miller
48cb8aa935
- (djm) Bug #442 : Check for and deny access to accounts with locked
...
passwords. Patch from dtucker@zip.com.au
2003-01-07 12:19:32 +11:00
Ben Lindstrom
f5397c081d
- (bal) AIX does not log login attempts for unknown users (bug #432 ).
...
patch by dtucker@zip.com.au
2002-11-09 16:11:10 +00:00
Ben Lindstrom
485075e8fa
- markus@cvs.openbsd.org 2002/11/04 10:07:53
...
[auth.c]
don't compare against pw_home if realpath fails for pw_home (seen
on AFS); ok djm@
2002-11-09 15:45:12 +00:00
Ben Lindstrom
97e38d8667
20021015
...
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-10-16 00:13:52 +00:00
Damien Miller
6f0a188857
- stevesk@cvs.openbsd.org 2002/09/20 18:41:29
...
[auth.c]
log illegal user here for missing privsep case (ssh2).
this is executed in the monitor. ok markus@
2002-09-22 01:26:51 +10:00
Ben Lindstrom
d4ee3497ca
- stevesk@cvs.openbsd.org 2002/08/08 23:54:52
...
[auth.c]
typo in comment
2002-08-20 18:42:13 +00:00
Ben Lindstrom
e06eb68226
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
2002-07-04 00:27:21 +00:00
Damien Miller
116e6dfaad
unbreak (aaarrrgggh - stupid vi)
2002-05-22 15:06:28 +10:00
Damien Miller
13e35a0ea2
rcsid sync
2002-05-22 14:04:11 +10:00
Ben Lindstrom
a574cda45b
- markus@cvs.openbsd.org 2002/05/13 20:44:58
...
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
2002-05-15 16:16:14 +00:00
Kevin Steves
f98fb721a0
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
...
check for root forced expire. Still don't check for inactive.
2002-05-10 15:48:52 +00:00
Ben Lindstrom
f34e4eb6c7
- markus@cvs.openbsd.org 2002/03/19 15:31:47
...
[auth.c]
check for NULL; from provos@
2002-03-22 03:08:30 +00:00
Ben Lindstrom
7ebb635d81
- markus@cvs.openbsd.org 2002/03/19 14:27:39
...
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom
b481e1323e
- provos@cvs.openbsd.org 2002/03/18 03:41:08
...
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
2002-03-22 01:35:47 +00:00
Ben Lindstrom
2ae18f40a7
- provos@cvs.openbsd.org 2002/03/17 20:25:56
...
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Ben Lindstrom
b61e6df9f3
- itojun@cvs.openbsd.org 2002/03/15 11:00:38
...
[auth.c]
fix file type checking (use S_ISREG). ok by markus
2002-03-22 01:15:33 +00:00
Ben Lindstrom
3fb5d00ffd
- markus@cvs.openbsd.org 2002/03/01 13:12:10
...
[auth.c match.c match.h]
undo the 'delay hostname lookup' change
match.c must not use compress.c (via canonhost.c/packet.c)
thanks to wilfried@
2002-03-05 01:42:42 +00:00
Ben Lindstrom
6ef9ec6b6b
- stevesk@cvs.openbsd.org 2002/02/28 20:56:00
...
[auth.c]
log user not allowed details, from dwd@bell-labs.com ; ok markus@
2002-03-05 01:40:37 +00:00
Ben Lindstrom
916d83d208
- stevesk@cvs.openbsd.org 2002/02/28 19:36:28
...
[auth.c match.c match.h]
delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
for sshd -u0; ok markus@
2002-03-05 01:35:23 +00:00
Damien Miller
c5d8635d6a
- markus@cvs.openbsd.org 2002/01/29 14:32:03
...
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
65366a8c76
- stevesk@cvs.openbsd.org 2001/11/17 19:14:34
...
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller
f655207a46
- markus@cvs.openbsd.org 2001/11/08 20:02:24
...
[auth.c]
don't print ROOT in CAPS for the authentication messages, i.e.
Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
becomes
Accepted publickey for root from 127.0.0.1 port 42734 ssh2
2001-11-12 11:06:06 +11:00
Ben Lindstrom
c3e49e7b31
- markus@cvs.openbsd.org 2001/10/03 10:01:20
...
[auth.c]
use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
2001-10-03 17:55:26 +00:00
Damien Miller
0ae6e009c8
- markus@cvs.openbsd.org 2001/07/11 18:26:15
...
[auth.c]
no need to call dirname(pw->pw_dir).
note that dirname(3) modifies its argument on some systems.
2001-07-14 12:21:34 +10:00
Damien Miller
98273e3ade
- (djm) Revert dirname fix, a better one is on its way.
2001-07-14 11:55:15 +10:00
Damien Miller
eec0c25f2a
- (djm) dirname(3) may modify its argument on glibc and other systems.
...
Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
2001-07-11 21:32:20 +10:00
Ben Lindstrom
60260022ee
- markus@cvs.openbsd.org 2001/06/27 04:48:53
...
[auth.c match.c sshd.8]
tridge@samba.org
2001-07-04 04:56:44 +00:00
Ben Lindstrom
248c0784bf
- provos@cvs.openbsd.org 2001/06/25 17:54:47
...
[auth.c auth.h auth-rsa.c]
terminate secure_filename checking after checking homedir. that way
it works on AFS. okay markus@
2001-07-04 03:40:39 +00:00
Ben Lindstrom
83647ce474
- markus@cvs.openbsd.org 2001/06/23 00:20:57
...
[auth2.c auth.c auth.h auth-rh-rsa.c]
*known_hosts2 is obsolete for hostbased authentication and
only used for backward compat. merge ssh1/2 hostkey check
and move it to auth.c
2001-06-25 04:30:16 +00:00
Ben Lindstrom
68c3ce1075
- (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
...
<markm@swoon.net>
2001-06-10 17:24:51 +00:00
Ben Lindstrom
60567ff890
- markus@cvs.openbsd.org 2001/05/24 11:12:42
...
[auth.c]
fix comment; from jakob@
2001-06-05 20:27:53 +00:00
Ben Lindstrom
bfb3a0e973
- markus@cvs.openbsd.org 2001/05/20 17:20:36
...
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
sshd_config]
configurable authorized_keys{,2} location; originally from peter@;
ok djm@
2001-06-05 20:25:05 +00:00