Commit Graph

119 Commits

Author SHA1 Message Date
Damien Miller
4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
3ab496b3dd - markus@cvs.openbsd.org 2003/05/14 02:15:47
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
     implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
     server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
1a27a1ee8c - (djm) Bug #117: Don't lie to PAM about username 2003-05-14 10:27:09 +10:00
Darren Tucker
97363a8b24 - (dtucker) Move handling of bad password authentications into a platform
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
f50ad1fd04 - (bal) auth2.c same changed as above. 2003-04-27 18:44:31 +00:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
556f9315a5 - markus@cvs.openbsd.org 2003/02/06 21:22:43
[auth1.c auth2.c]
     undo broken fix for #387, fixes #486
2003-02-24 11:59:26 +11:00
Tim Rice
81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller
de6f2de8ad - markus@cvs.openbsd.org 2002/08/22 21:33:58
[auth1.c auth2.c]
     auth_root_allowed() is handled by the monitor in the privsep case,
     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-09-04 16:37:26 +10:00
Ben Lindstrom
e06eb68226 - (bal) Failed password attempts don't increment counter on AIX. Bug #145 2002-07-04 00:27:21 +00:00
Ben Lindstrom
5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Damien Miller
43cecc1392 some xxx's for future privsep cleanup 2002-06-21 16:21:11 +10:00
Ben Lindstrom
b85ab30a6e - (bal) Refixed auth2.c. It was never fully commited while spliting out
authentication to different files.
2002-06-07 02:05:25 +00:00
Ben Lindstrom
511bb24c5b - markus@cvs.openbsd.org 2002/05/31 11:35:15
[auth.h auth2.c]
     move Authmethod definitons to per-method file.

NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom
855bf3ac3c - markus@cvs.openbsd.org 2002/05/25 18:51:07
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
      auth2-passwd.c auth2-pubkey.c Makefile.in]
     split auth2.c into one file per method; ok provos@/deraadt@

NOTE: Merged back noticable cygwin and pam stuff.  May need review to
ensure I did not miss anything.
2002-06-06 20:27:55 +00:00
Ben Lindstrom
58d4dafeb1 - itojun@cvs.openbsd.org 2002/05/13 02:37:39
[auth-skey.c auth2.c]
     less warnings.  skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
Damien Miller
5ad9fd9820 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. 2002-05-13 11:07:41 +10:00
Damien Miller
ffc868ff83 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) 2002-05-09 15:59:13 +10:00
Damien Miller
7941855f09 - (djm) Make privsep work with PAM (still experimental) 2002-04-23 20:28:48 +10:00
Kevin Steves
e683e76439 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Kevin Steves
205cc1ef46 - (stevesk) [auth2.c] merge cleanup/sync 2002-03-22 20:43:05 +00:00
Ben Lindstrom
7ebb635d81 - markus@cvs.openbsd.org 2002/03/19 14:27:39
[auth.c auth1.c auth2.c]
     make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom
73ab9ba45d - provos@cvs.openbsd.org 2002/03/18 01:12:14
[auth.h auth1.c auth2.c sshd.c]
     have the authentication functions return the authentication context
     and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom
2ae18f40a7 - provos@cvs.openbsd.org 2002/03/17 20:25:56
[auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Damien Miller
3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller
646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom
90fd814f90 - markus@cvs.openbsd.org 2002/02/24 19:14:59
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
Damien Miller
f3451a2181 - (djm) Cleanup after sync:
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Damien Miller
9b74bfc5be - markus@cvs.openbsd.org 2002/02/04 11:58:10
[auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
2002-02-05 12:26:03 +11:00
Damien Miller
c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller
0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller
7d05339c70 - markus@cvs.openbsd.org 2002/01/11 13:39:36
[auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     	successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
2002-01-22 23:24:13 +11:00
Damien Miller
630d6f4479 - markus@cvs.openbsd.org 2001/12/28 15:06:00
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller
48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller
0dea79d6b6 - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
<vinschen@redhat.com> Could be abused to guess valid usernames
2001-12-29 14:08:28 +11:00
Damien Miller
278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller
9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller
da9edcabf8 - jakob@cvs.openbsd.org 2001/12/18 10:05:15
[auth2.c]
     log fingerprint on successful public key authentication; ok markus@
2001-12-21 12:48:54 +11:00
Damien Miller
ee11625d43 - markus@cvs.openbsd.org 2001/12/09 18:45:56
[auth2.c auth2-chall.c auth.h]
     add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
     fixes memleak.
2001-12-21 12:42:34 +11:00
Ben Lindstrom
3c36bb29ca - itojun@cvs.openbsd.org 2001/12/05 03:56:39
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
      sshconnect2.c]
     make it compile with more strict prototype checking
2001-12-06 17:55:26 +00:00
Ben Lindstrom
65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller
e49d0966b5 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others
2001-11-13 23:46:18 +11:00
Damien Miller
6fd5b391f0 - markus@cvs.openbsd.org 2001/11/07 22:41:51
[auth2.c auth-rh-rsa.c]
     unused includes
2001-11-12 11:04:28 +11:00
Ben Lindstrom
bdfb4df08c - markus@cvs.openbsd.org 2001/09/27 15:31:17
[auth2.c auth2-chall.c sshconnect1.c]
     typos; from solar
2001-10-03 17:12:43 +00:00
Ben Lindstrom
1bc3bdb1c2 - markus@cvs.openbsd.org 2001/09/20 13:46:48
[auth2.c]
     key_read returns now -1 or 1
2001-09-20 23:11:26 +00:00
Ben Lindstrom
940fb86c9a - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
[auth2.c auth-rsa.c]
     use %lu; ok markus@
2001-08-06 21:01:49 +00:00
Ben Lindstrom
90279d80f5 - markus@cvs.openbsd.org 2001/06/26 05:50:11
[auth2.c]
     new interface for secure_filename()
2001-07-04 03:56:56 +00:00
Ben Lindstrom
7907382299 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
[auth2.c sshconnect2.c]
     prototype cleanup; ok markus@
2001-07-04 03:42:30 +00:00