Damien Miller
47655ee03a
- (djm) OpenBSD CVS Sync
...
- otto@cvs.openbsd.org 2005/07/19 15:32:26
[auth-passwd.c]
auth_usercheck(3) can return NULL, so check for that. Report from
mpech@. ok markus@
2005-07-26 21:54:11 +10:00
Darren Tucker
0f5eeff23d
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
...
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
2005-04-05 21:00:47 +10:00
Darren Tucker
92170a8626
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
...
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker
218f178cb2
- dtucker@cvs.openbsd.org 2005/01/24 11:47:13
...
[auth-passwd.c]
#if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
Darren Tucker
5c14c73429
- otto@cvs.openbsd.org 2005/01/21 08:32:02
...
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
2005-01-24 21:55:49 +11:00
Ben Lindstrom
e35bf12eeb
- (bal) [auth-passwd.c auth1.c] Clean up unused variables.
2004-06-22 03:37:11 +00:00
Darren Tucker
450a158d7e
- (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874 : Re-add PAM
...
support for PasswordAuthentication=yes. ok djm@
2004-05-30 20:43:59 +10:00
Darren Tucker
91bf45c597
- (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h
...
openbsd-compat/xcrypt.c] Bug #802 : Fix build error on Tru64 when
configured --with-osfsia. ok djm@
2004-03-04 22:59:36 +11:00
Darren Tucker
b4dc6c23a5
- (dtucker) [auth-passwd.c] Only check password expiry once. Prevents
...
multiple warnings if a wrong password is entered.
2004-02-22 10:23:35 +11:00
Darren Tucker
cee6d4cf5a
- (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
...
if HAS_SHADOW_EXPIRY is set.
2004-02-11 18:48:52 +11:00
Darren Tucker
9df3defdbb
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
...
defines.h] Bug #14 : Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
2004-02-10 13:01:14 +11:00
Darren Tucker
e3dba82dd4
- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
...
openbsd-compat/port-aix.h] Bug #14 : Use do_pwchange to support AIX's
native password expiry.
2004-02-10 12:50:19 +11:00
Darren Tucker
c52a29913d
Sync Ids missed in password expiry sync
2004-02-06 16:38:16 +11:00
Darren Tucker
23bc8d0bff
- markus@cvs.openbsd.org 2004/01/30 09:48:57
...
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker
d76341616d
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
...
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
2003-11-22 14:16:56 +11:00
Damien Miller
787b2ec18c
more whitespace (tabs this time)
2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Damien Miller
5d07e6d465
20030918
...
- (djm) Bug #652 : Fix empty password auth
2003-09-18 18:25:46 +10:00
Darren Tucker
2270c7e8aa
- (dtucker) [auth-passwd.c] On AIX, call setauthdb() before loginsuccess(),
...
required to correctly reset failed login count when using a password
registry other than "files" (eg LDAP, see bug #543 ).
2003-09-13 10:41:56 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Ben Lindstrom
515d0f9a1e
- (bal) openbsd-compat/ clean up. Considate headers, add in $Id$ on our
...
files, and added missing license to header.
2003-08-29 16:59:52 +00:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Ben Lindstrom
0410e32f47
- (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
...
openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
and isolate shadow password functions. Tested in Solaris, but should
not break other platforms too badly (except maybe HP =). Also brings
auth-passwd.c into full sync with OpenBSD tree.
2003-07-24 06:52:13 +00:00
Darren Tucker
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker
a0c0b63112
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
...
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Damien Miller
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
4f9f42a9bb
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
...
proper challenge-response module
2003-05-10 19:28:02 +10:00
Damien Miller
eab4bae038
- (djm) Add back radix.o (used by AFS support), after it went missing from
...
Makefile many moons ago
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
- (djm) Fix blibpath specification for AIX/gcc
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-29 23:22:40 +10:00
Damien Miller
4d9dc1aa82
- (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au
2003-01-30 10:20:56 +11:00
Damien Miller
e9b7d720c8
unbreak for PAM case
2003-01-22 16:21:02 +11:00
Damien Miller
2101bfc4e1
- (djm) Reorganise PAM & SIA password handling to eliminate some common code
2003-01-22 15:42:26 +11:00
Ben Lindstrom
164725f40e
l) Fix issue where successfull login does not clear failure counts
...
in AIX. Patch by dtucker@zip.com.au ok by djm
2002-09-25 23:14:14 +00:00
Damien Miller
444f9fca60
- ID sync for auth-passwd.c
2002-06-21 16:05:12 +10:00
Ben Lindstrom
115422f918
- (bal) Cygwin special handling of empty passwords wrong. Patch by
...
vinschen@redhat.com
2002-06-21 00:26:22 +00:00
Ben Lindstrom
beecf74e2b
- (bal) CVS ID fix up on auth-passwd.c
2002-05-15 15:59:17 +00:00
Ben Lindstrom
0b47814b43
- (bal) Back all the way out of auth-passwd.c changes. Breaks too many
...
things that don't set pw->pw_passwd.
2002-05-10 02:40:15 +00:00
Damien Miller
52910ddc66
- (djm) Unbreak auth-passwd.c for PAM and SIA
2002-05-08 12:18:26 +10:00
Ben Lindstrom
532bbdb99b
- (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
2002-05-06 23:06:08 +00:00
Kevin Steves
0ea1d9d1f2
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
...
support. bug #184 . most from dcole@keysoftsys.com .
2002-04-25 18:17:04 +00:00
Kevin Steves
e683e76439
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
...
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Ben Lindstrom
d96c8b3b56
- markus@cvs.openbsd.org 2002/03/04 12:43:06
...
[auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
unused include
2002-03-05 01:45:56 +00:00
Damien Miller
f9661094e5
- (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
...
Roger Cornelius <rac@tenzing.org>
2002-01-03 10:30:56 +11:00
Ben Lindstrom
ec95ed9b4c
- dugsong@cvs.openbsd.org 2001/06/26 16:15:25
...
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Damien Miller
da2ed56f61
- (djm) Include crypt.h if available in auth-passwd.c
2001-04-25 22:50:18 +10:00
Ben Lindstrom
eebc4a2ed3
- (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
...
resync
2001-03-22 01:22:03 +00:00
Damien Miller
60396b060b
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
...
enable with --with-bsd-auth.
2001-02-18 17:01:00 +11:00
Ben Lindstrom
d8a9021f36
- markus@cvs.openbsd.org 2001/02/12 16:16:23
...
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Kevin Steves
ef4eea9bad
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27
...
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Ben Lindstrom
226cfa0378
Hopefully things did not get mixed around too much. It compiles under
...
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
2001-01-22 05:34:40 +00:00