Commit Graph

80 Commits

Author SHA1 Message Date
Damien Miller
47655ee03a - (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/07/19 15:32:26
     [auth-passwd.c]
     auth_usercheck(3) can return NULL, so check for that. Report from
     mpech@. ok markus@
2005-07-26 21:54:11 +10:00
Darren Tucker
0f5eeff23d - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
2005-04-05 21:00:47 +10:00
Darren Tucker
92170a8626 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
   to resolve it for binaries other than sshd.  ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker
218f178cb2 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
[auth-passwd.c]
     #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
Darren Tucker
5c14c73429 - otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
2005-01-24 21:55:49 +11:00
Ben Lindstrom
e35bf12eeb - (bal) [auth-passwd.c auth1.c] Clean up unused variables. 2004-06-22 03:37:11 +00:00
Darren Tucker
450a158d7e - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874: Re-add PAM
support for PasswordAuthentication=yes.  ok djm@
2004-05-30 20:43:59 +10:00
Darren Tucker
91bf45c597 - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h
openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when
   configured --with-osfsia.  ok djm@
2004-03-04 22:59:36 +11:00
Darren Tucker
b4dc6c23a5 - (dtucker) [auth-passwd.c] Only check password expiry once. Prevents
multiple warnings if a wrong password is entered.
2004-02-22 10:23:35 +11:00
Darren Tucker
cee6d4cf5a - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
if HAS_SHADOW_EXPIRY is set.
2004-02-11 18:48:52 +11:00
Darren Tucker
9df3defdbb - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force
   change for platforms using /etc/shadow.  ok djm@
2004-02-10 13:01:14 +11:00
Darren Tucker
e3dba82dd4 - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
    native password expiry.
2004-02-10 12:50:19 +11:00
Darren Tucker
c52a29913d Sync Ids missed in password expiry sync 2004-02-06 16:38:16 +11:00
Darren Tucker
23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker
d76341616d - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
   authenticate() until reenter flag is clear.
2003-11-22 14:16:56 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Damien Miller
5d07e6d465 20030918
- (djm) Bug #652: Fix empty password auth
2003-09-18 18:25:46 +10:00
Darren Tucker
2270c7e8aa - (dtucker) [auth-passwd.c] On AIX, call setauthdb() before loginsuccess(),
required to correctly reset failed login count when using a password
   registry other than "files" (eg LDAP, see bug #543).
2003-09-13 10:41:56 +10:00
Damien Miller
856f0be669 - markus@cvs.openbsd.org 2003/08/26 09:58:43
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
     [auth2.c monitor.c]
     fix passwd auth for 'username leaks via timing'; with djm@, original
     patches from solar
2003-09-03 07:32:45 +10:00
Ben Lindstrom
515d0f9a1e - (bal) openbsd-compat/ clean up. Considate headers, add in $Id$ on our
files, and added missing license to header.
2003-08-29 16:59:52 +00:00
Darren Tucker
6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Ben Lindstrom
0410e32f47 - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c
openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface,
    and isolate shadow password functions.  Tested in Solaris, but should
    not break other platforms too badly (except maybe HP =).  Also brings
    auth-passwd.c into full sync with OpenBSD tree.
2003-07-24 06:52:13 +00:00
Darren Tucker
b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker
a0c0b63112 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Damien Miller
3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
proper challenge-response module
2003-05-10 19:28:02 +10:00
Damien Miller
eab4bae038 - (djm) Add back radix.o (used by AFS support), after it went missing from
Makefile many moons ago
 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
 - (djm) Fix blibpath specification for AIX/gcc
 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-29 23:22:40 +10:00
Damien Miller
4d9dc1aa82 - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au 2003-01-30 10:20:56 +11:00
Damien Miller
e9b7d720c8 unbreak for PAM case 2003-01-22 16:21:02 +11:00
Damien Miller
2101bfc4e1 - (djm) Reorganise PAM & SIA password handling to eliminate some common code 2003-01-22 15:42:26 +11:00
Ben Lindstrom
164725f40e l) Fix issue where successfull login does not clear failure counts
in AIX.  Patch by dtucker@zip.com.au ok by djm
2002-09-25 23:14:14 +00:00
Damien Miller
444f9fca60 - ID sync for auth-passwd.c 2002-06-21 16:05:12 +10:00
Ben Lindstrom
115422f918 - (bal) Cygwin special handling of empty passwords wrong. Patch by
vinschen@redhat.com
2002-06-21 00:26:22 +00:00
Ben Lindstrom
beecf74e2b - (bal) CVS ID fix up on auth-passwd.c 2002-05-15 15:59:17 +00:00
Ben Lindstrom
0b47814b43 - (bal) Back all the way out of auth-passwd.c changes. Breaks too many
things that don't set pw->pw_passwd.
2002-05-10 02:40:15 +00:00
Damien Miller
52910ddc66 - (djm) Unbreak auth-passwd.c for PAM and SIA 2002-05-08 12:18:26 +10:00
Ben Lindstrom
532bbdb99b - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue 2002-05-06 23:06:08 +00:00
Kevin Steves
0ea1d9d1f2 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
support.  bug #184.  most from dcole@keysoftsys.com.
2002-04-25 18:17:04 +00:00
Kevin Steves
e683e76439 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Ben Lindstrom
d96c8b3b56 - markus@cvs.openbsd.org 2002/03/04 12:43:06
[auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     unused include
2002-03-05 01:45:56 +00:00
Damien Miller
f9661094e5 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
Roger Cornelius <rac@tenzing.org>
2002-01-03 10:30:56 +11:00
Ben Lindstrom
ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Damien Miller
da2ed56f61 - (djm) Include crypt.h if available in auth-passwd.c 2001-04-25 22:50:18 +10:00
Ben Lindstrom
eebc4a2ed3 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
resync
2001-03-22 01:22:03 +00:00
Damien Miller
60396b060b - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
enable with --with-bsd-auth.
2001-02-18 17:01:00 +11:00
Ben Lindstrom
d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Kevin Steves
ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00