Damien Miller
a9fcd3ada2
- jakob@cvs.openbsd.org 2003/11/08 16:02:40
...
[auth1.c]
remove unused variable (pw). ok djm@
(id sync only - still used in portable)
2003-11-17 21:16:55 +11:00
Damien Miller
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Damien Miller
1f499fd368
- (djm) Bug #564 : Perform PAM account checks for all authentications when
...
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
1a27a1ee8c
- (djm) Bug #117 : Don't lie to PAM about username
2003-05-14 10:27:09 +10:00
Damien Miller
4f9f42a9bb
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
...
proper challenge-response module
2003-05-10 19:28:02 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
683036ee2c
- (bal) auth1.c minor resync while looking at the code.
2003-04-27 18:41:30 +00:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
556f9315a5
- markus@cvs.openbsd.org 2003/02/06 21:22:43
...
[auth1.c auth2.c]
undo broken fix for #387 , fixes #486
2003-02-24 11:59:26 +11:00
Damien Miller
21de87b936
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/01/23 00:03:00
[auth1.c]
Don't log TIS auth response; "get rid of it" - markus@
2003-01-23 17:41:20 +11:00
Ben Lindstrom
93576d9538
- deraadt@cvs.openbsd.org 2002/11/21 23:03:51
...
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
sshconnect.c]
KNF
2002-12-23 02:06:19 +00:00
Damien Miller
d94e549ea8
- markus@cvs.openbsd.org 2002/09/26 11:38:43
...
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h]
krb4 + privsep; ok dugsong@, deraadt@
2002-09-27 13:25:58 +10:00
Tim Rice
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller
25162f2518
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
...
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
2002-09-12 09:47:29 +10:00
Damien Miller
de6f2de8ad
- markus@cvs.openbsd.org 2002/08/22 21:33:58
...
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-09-04 16:37:26 +10:00
Ben Lindstrom
e06eb68226
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
2002-07-04 00:27:21 +00:00
Damien Miller
43cecc1392
some xxx's for future privsep cleanup
2002-06-21 16:21:11 +10:00
Ben Lindstrom
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Damien Miller
7941855f09
- (djm) Make privsep work with PAM (still experimental)
2002-04-23 20:28:48 +10:00
Ben Lindstrom
c822638794
- markus@cvs.openbsd.org 2002/04/10 08:21:47
...
[auth1.c compat.c compat.h]
strip '@' from username only for KerbV and known broken clients, bug #204
Don't mind me.. I just commited a changelog with no patch. <sigh>
2002-04-10 16:22:09 +00:00
Kevin Steves
e683e76439
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
...
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Kevin Steves
38c4a28a7e
- (stevesk) [auth1.c] fix password auth for protocol 1 when
...
!USE_PAM && !HAVE_OSF_SIA; merge issue.
2002-04-02 03:24:56 +00:00
Ben Lindstrom
53f1830d6a
- (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
...
kent@lysator.liu.se
2002-03-27 16:50:03 +00:00
Ben Lindstrom
7ebb635d81
- markus@cvs.openbsd.org 2002/03/19 14:27:39
...
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
7a2073c50b
- provos@cvs.openbsd.org 2002/03/18 17:50:31
...
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom
73ab9ba45d
- provos@cvs.openbsd.org 2002/03/18 01:12:14
...
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom
2ae18f40a7
- provos@cvs.openbsd.org 2002/03/17 20:25:56
...
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Damien Miller
3a5b023330
Stupid djm commits experimental code to head instead of branch
...
revert
2002-03-13 13:19:42 +11:00
Damien Miller
646e7cf3d7
Import of Niels Provos' 20020312 ssh-complete.diff
...
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Damien Miller
72476d4b24
- (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users
2002-02-14 20:39:49 +11:00
Damien Miller
f3451a2181
- (djm) Cleanup after sync:
...
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Damien Miller
c7ef63dd41
- markus@cvs.openbsd.org 2002/02/03 17:53:25
...
[auth1.c serverloop.c session.c session.h]
don't use channel_input_channel_request and callback
use new server_input_channel_req() instead:
server_input_channel_req does generic request parsing on server side
session_input_channel_req handles just session specific things now
ok djm@
2002-02-05 12:21:42 +11:00
Damien Miller
dff5099f13
- markus@cvs.openbsd.org 2001/12/28 14:50:54
...
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller
d432ccf740
- markus@cvs.openbsd.org 2001/12/28 13:57:33
...
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
packet_get_bignum* no longer returns a size
2002-01-22 23:14:44 +11:00
Damien Miller
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller
66823cddbe
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller
d221ca6cc9
- markus@cvs.openbsd.org 2001/12/27 19:54:53
...
[auth1.c auth.h auth-rh-rsa.c]
auth_rhosts_rsa now accept generic keys.
2002-01-22 23:11:00 +11:00
Damien Miller
da7551677b
- markus@cvs.openbsd.org 2001/12/27 18:22:16
...
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
call fatal() for openssl allocation failures
2002-01-22 23:09:22 +11:00
Damien Miller
aef7a095c8
- markus@cvs.openbsd.org 2001/12/25 18:53:00
...
[auth1.c]
be more carefull on allocation
2002-01-22 23:07:52 +11:00
Damien Miller
0dea79d6b6
- (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
...
<vinschen@redhat.com> Could be abused to guess valid usernames
2001-12-29 14:08:28 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
3c36bb29ca
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
...
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
2001-12-06 17:55:26 +00:00
Damien Miller
e49d0966b5
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
...
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
2001-11-13 23:46:18 +11:00