Damien Miller
6476cad9bb
- djm@cvs.openbsd.org 2005/06/06 11:20:36
...
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
introduce a generic %foo expansion function. replace existing % expansion
and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Darren Tucker
a8f553df53
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
...
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999 ); ok markus@
2005-03-14 23:17:27 +11:00
Darren Tucker
691d5235ca
- (dtucker) [README.platform auth.c configure.ac loginrec.c
...
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835 : enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker
2e0cf0dca2
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
...
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
40d9a63788
- (dtucker) [auth.c] Fix parens in audit log check.
2005-02-04 15:19:44 +11:00
Darren Tucker
269a1ea1c8
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
...
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125 :
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
2fba993080
- (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
...
Bug #974 : Teach sshd to write failed login records to btmp for failed auth
attempts (currently only for password, kbdint and C/R, only on Linux and
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
hotmail.com, ok djm@
2005-02-02 23:30:24 +11:00
Darren Tucker
42d9dc75ed
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
...
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker
094cd0ba02
- dtucker@cvs.openbsd.org 2005/01/22 08:17:59
...
[auth.c]
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
DenyGroups. bz #909 , ok djm@
2005-01-24 21:56:48 +11:00
Darren Tucker
5cb30ad2ec
- markus@cvs.openbsd.org 2004/07/28 09:40:29
...
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
sshconnect1.c]
more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Damien Miller
a22f2d761b
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2004/07/21 08:56:12
[auth.c]
s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
miod, ...
2004-07-21 20:48:24 +10:00
Darren Tucker
0a9d43d726
- (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
...
Move loginrestrictions test to port-aix.c, replace with a generic hook.
2004-06-23 13:45:24 +10:00
Darren Tucker
89413dbafa
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
...
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker
1f8311c836
- deraadt@cvs.openbsd.org 2004/05/11 19:01:43
...
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
improve some code lint did not like; djm millert ok
2004-05-13 16:39:33 +10:00
Darren Tucker
06f2bd8bde
- deraadt@cvs.openbsd.org 2004/05/08 00:01:37
...
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
tildexpand.c], removed: sshtty.h tildexpand.h
make two tiny header files go away; djm ok
2004-05-13 16:06:46 +10:00
Darren Tucker
15ee748f28
- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
...
to auth-shadow.c, no functional change. ok djm@
2004-02-22 09:43:15 +11:00
Darren Tucker
9df3defdbb
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
...
defines.h] Bug #14 : Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
2004-02-10 13:01:14 +11:00
Damien Miller
787b2ec18c
more whitespace (tabs this time)
2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker
c6020651ba
- (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
2003-10-15 17:48:20 +10:00
Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Darren Tucker
43a0dc6653
- (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.
2003-08-26 14:22:12 +10:00
Darren Tucker
e41bba5847
- (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny
...
any access to locked accounts. ok djm@
2003-08-25 11:51:19 +10:00
Darren Tucker
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Damien Miller
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Damien Miller
2a3f20e397
- (djm) Fix missed log => logit occurance (reference by function pointer)
2003-04-09 21:12:00 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
e443e9398e
- (djm) Revert fix for Bug #442 for now.
2003-01-18 16:24:06 +11:00
Tim Rice
458c6bfa10
[auth.c] declare today at top of allowed_user() to keep older compilers happy.
2003-01-08 20:04:27 -08:00
Damien Miller
06817f9cd3
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
...
dtucker@zip.com.au . Reorder for clarity too.
2003-01-07 23:55:59 +11:00
Damien Miller
f25c18d7e8
- (djm) Bug #178 : On AIX /etc/nologin wasnt't shown to users. Fix from
...
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller
64004b5566
- (djm) Fix Bug #442 for PAM case
2003-01-07 16:15:20 +11:00
Damien Miller
48cb8aa935
- (djm) Bug #442 : Check for and deny access to accounts with locked
...
passwords. Patch from dtucker@zip.com.au
2003-01-07 12:19:32 +11:00
Ben Lindstrom
f5397c081d
- (bal) AIX does not log login attempts for unknown users (bug #432 ).
...
patch by dtucker@zip.com.au
2002-11-09 16:11:10 +00:00
Ben Lindstrom
485075e8fa
- markus@cvs.openbsd.org 2002/11/04 10:07:53
...
[auth.c]
don't compare against pw_home if realpath fails for pw_home (seen
on AFS); ok djm@
2002-11-09 15:45:12 +00:00
Ben Lindstrom
97e38d8667
20021015
...
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-10-16 00:13:52 +00:00
Damien Miller
6f0a188857
- stevesk@cvs.openbsd.org 2002/09/20 18:41:29
...
[auth.c]
log illegal user here for missing privsep case (ssh2).
this is executed in the monitor. ok markus@
2002-09-22 01:26:51 +10:00
Ben Lindstrom
d4ee3497ca
- stevesk@cvs.openbsd.org 2002/08/08 23:54:52
...
[auth.c]
typo in comment
2002-08-20 18:42:13 +00:00
Ben Lindstrom
e06eb68226
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
2002-07-04 00:27:21 +00:00
Damien Miller
116e6dfaad
unbreak (aaarrrgggh - stupid vi)
2002-05-22 15:06:28 +10:00
Damien Miller
13e35a0ea2
rcsid sync
2002-05-22 14:04:11 +10:00
Ben Lindstrom
a574cda45b
- markus@cvs.openbsd.org 2002/05/13 20:44:58
...
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
2002-05-15 16:16:14 +00:00
Kevin Steves
f98fb721a0
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
...
check for root forced expire. Still don't check for inactive.
2002-05-10 15:48:52 +00:00
Ben Lindstrom
f34e4eb6c7
- markus@cvs.openbsd.org 2002/03/19 15:31:47
...
[auth.c]
check for NULL; from provos@
2002-03-22 03:08:30 +00:00
Ben Lindstrom
7ebb635d81
- markus@cvs.openbsd.org 2002/03/19 14:27:39
...
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00