Commit Graph

35 Commits

Author SHA1 Message Date
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Darren Tucker
341dae59c8 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h 2006-07-13 08:45:14 +10:00
Darren Tucker
43ff44e7db - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
[auth-krb5.c]
     Add $OpenBSD$ in comment here too
2006-05-06 18:40:53 +10:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Darren Tucker
f4732f6475 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
     Perform Kerberos calls even for invalid users to prevent leaking
     information about account validity.  bz #975, patch originally from
     Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
     ok markus@
2005-11-22 19:42:42 +11:00
Darren Tucker
618db97fe1 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
Patch from djm@.
2005-11-10 14:43:11 +11:00
Darren Tucker
893c602ef0 - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
calls to krb5_init_ets, which has not been required since krb-1.1.x and
   most Kerberos versions no longer export in their public API.  From sxw
   at inf.ed.ac.uk, ok djm@
2005-07-07 20:33:36 +10:00
Darren Tucker
a83f2612c2 - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
in the case where the buffer is insufficient, so always return ENOMEM.
   Also pointed out by sxw at inf.ed.ac.uk.
2005-07-07 20:09:35 +10:00
Darren Tucker
a916d143a1 - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
Kerberos code path into a common function and expand mkstemp template to be
   consistent with the rest of OpenSSH.  From sxw at inf.ed.ac.uk, ok djm@
2005-07-07 11:50:20 +10:00
Darren Tucker
5614d8f8c4 - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
at anl.gov, ok djm@
2004-09-11 23:32:09 +10:00
Darren Tucker
066969339d - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
Explicitly set umask for mkstemp; ok djm@
2004-08-14 23:55:37 +10:00
Damien Miller
9c870f966a - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
file using FILE: method, fixes problems on Mac OSX.
   Patch from simon@sxw.org.uk; ok dtucker@
2004-04-16 22:47:55 +10:00
Ben Lindstrom
a8104b5c92 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
   are starting to restrict it as internal since it is not needed by
    developers any more. (Patch based on Apple tree)
- (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
    krb5 on MacOS/X conflicts.  There may be a better solution, but this will
    work for now.
2004-04-07 04:16:11 +00:00
Darren Tucker
ec217adf70 Whitespace sync 2003-11-22 12:11:06 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker
3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
Darren Tucker
ec0943a96c - (dtucker) OpenBSD CVS Sync
(thanks to Simon Wilkinson for help with this -dt)
   - markus@cvs.openbsd.org 2003/07/16 15:02:06
     [auth-krb5.c]
     mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
     otherwise the kerberos credentinal is stored in a memory cache
     in the privileged sshd. ok jabob@, hin@ (some time ago)
2003-08-11 22:55:36 +10:00
Damien Miller
9c617693c2 - (djm) Make portable build with MIT krb5 (some issues remain) 2003-05-14 14:31:11 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom
93576d9538 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
      sshconnect.c]
     KNF
2002-12-23 02:06:19 +00:00
Damien Miller
25162f2518 - itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
     patch from markus
2002-09-12 09:47:29 +10:00
Ben Lindstrom
5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Damien Miller
fd4c9eee25 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk> 2002-04-13 11:04:40 +10:00
Ben Lindstrom
6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom
eacc71b558 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
[auth-krb5.c]
     BSD license.  from Daniel Kouril via Dug Song.  ok markus@
2002-03-22 01:22:27 +00:00
Ben Lindstrom
05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
2002-03-05 01:53:02 +00:00
Ben Lindstrom
b855028ff6 - markus@cvs.openbsd.org 2002/02/15 23:54:10
[auth-krb5.c]
     krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
     ok provos@
2002-02-26 17:46:11 +00:00
Damien Miller
db95e4e107 sync - don't know when this got out of sync 2002-02-13 16:56:44 +11:00
Damien Miller
61b05cfdda - (djm) OpenBSD CVS Sync
- dugsong@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
     art@, deraadt@ ok
2001-11-14 00:02:10 +11:00
Damien Miller
964fed54cd - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used. 2001-09-25 12:58:23 +10:00