Commit Graph

143 Commits

Author SHA1 Message Date
Damien Miller
c158331f8c - djm@cvs.openbsd.org 2010/08/04 05:42:47
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
     [ssh-keysign.c ssh.c]
     enable certificates for hostbased authentication, from Iain Morgan;
     "looks ok" markus@
2010-08-05 13:04:50 +10:00
Damien Miller
48147d6801 - djm@cvs.openbsd.org 2010/06/22 04:49:47
[auth.c]
     queue auth debug messages for bad ownership or permissions on the user's
     keyfiles. These messages will be sent after the user has successfully
     authenticated (where our client will display them with LogLevel=debug).
2010-06-26 09:39:25 +10:00
Damien Miller
30da3447d2 - djm@cvs.openbsd.org 2010/05/07 11:30:30
[auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
     [key.c servconf.c servconf.h sshd.8 sshd_config.5]
     add some optional indirection to matching of principal names listed
     in certificates. Currently, a certificate must include the a user's name
     to be accepted for authentication. This change adds the ability to
     specify a list of certificate principal names that are acceptable.

     When authenticating using a CA trusted through ~/.ssh/authorized_keys,
     this adds a new principals="name1[,name2,...]" key option.

     For CAs listed through sshd_config's TrustedCAKeys option, a new config
     option "AuthorizedPrincipalsFile" specifies a per-user file containing
     the list of acceptable names.

     If either option is absent, the current behaviour of requiring the
     username to appear in principals continues to apply.

     These options are useful for role accounts, disjoint account namespaces
     and "user@realm"-style naming policies in certificates.

     feedback and ok markus@
2010-05-10 11:58:03 +10:00
Darren Tucker
b3d20a3ff0 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
it gets the passwd struct from the LAM that knows about the user which is
   not necessarily the default.  Patch from Alexandre Letourneau.
2010-03-07 11:56:59 +11:00
Damien Miller
b068d0ad6d - djm@cvs.openbsd.org 2010/03/05 02:58:11
[auth.c]
     make the warning for a revoked key louder and more noticable
2010-03-05 14:03:03 +11:00
Damien Miller
1aed65eb27 - djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
     [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
     [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
     Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
     are trusted to authenticate users (in addition than doing it per-user
     in authorized_keys).

     Add a RevokedKeys option to sshd_config and a @revoked marker to
     known_hosts to allow keys to me revoked and banned for user or host
     authentication.

     feedback and ok markus@
2010-03-04 21:53:35 +11:00
Damien Miller
acc9b29486 - (djm) [auth.c] On Cygwin, refuse usernames that have differences in
case from that matched in the system password database. On this
   platform, passwords are stored case-insensitively, but sshd requires
   exact case matching for Match blocks in sshd_config(5). Based on
   a patch from vinschen AT redhat.com.
2010-03-01 04:36:54 +11:00
Damien Miller
47cf16b8df - djm@cvs.openbsd.org 2010/02/09 06:18:46
[auth.c]
     unbreak ChrootDirectory+internal-sftp by skipping check for executable
     shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
2010-02-12 09:25:29 +11:00
Darren Tucker
94881d8dbb - djm@cvs.openbsd.org 2010/01/13 23:47:26
[auth.c]
     when using ChrootDirectory, make sure we test for the existence of the
     user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
     ok dtucker
2010-01-15 11:44:46 +11:00
Darren Tucker
e2b3674172 - (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2010/01/13 00:19:04
     [sshconnect.c auth.c]
     Fix a couple of typos/mispellings in comments
2010-01-13 22:42:34 +11:00
Darren Tucker
43551527dc - dtucker@cvs.openbsd.org 2010/01/10 07:15:56
[auth.c]
     Output a debug if we can't open an existing keyfile.  bz#1694, ok djm@
2010-01-10 19:27:17 +11:00
Damien Miller
6f66d34308 - djm@cvs.openbsd.org 2008/11/04 07:58:09
[auth.c]
     need unistd.h for close() prototype
     (ID sync only)
2008-11-05 16:12:54 +11:00
Damien Miller
7acf550aeb - (djm) [auth.c] Missing unistd.h for close() 2008-07-09 20:54:37 +10:00
Damien Miller
22989f1b5e - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
   hotpop.com, w/ dtucker@
2008-07-05 08:59:43 +10:00
Darren Tucker
33c787f23c - dtucker@cvs.openbsd.org 2008/07/02 12:03:51
[auth-rsa.c auth.c auth2-pubkey.c auth.h]
     Merge duplicate host key file checks, based in part on a patch from Rob
     Holland via bz #1348 .  Also checks for non-regular files during protocol
     1 RSA auth.  ok djm@
2008-07-02 22:37:30 +10:00
Damien Miller
733124b5dd - djm@cvs.openbsd.org 2007/09/21 08:15:29
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
     [monitor.c monitor_wrap.c]
     unifdef -DBSD_AUTH
     unifdef -USKEY
     These options have been in use for some years;
     ok markus@ "no objection" millert@
     (NB. RCD ID sync only for portable)
2007-10-26 14:25:12 +10:00
Damien Miller
6ef50134c2 - djm@cvs.openbsd.org 2007/08/23 02:55:51
[auth-passwd.c auth.c session.c]
     missed include bits from last commit
     NB. RCS ID sync only for portable
2007-09-17 11:54:24 +10:00
Damien Miller
6572db28fd - djm@cvs.openbsd.org 2007/08/23 02:49:43
[auth-passwd.c auth.c session.c]
     unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
     NB. RCS ID sync only for portable
2007-09-17 11:52:59 +10:00
Tim Rice
99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Damien Miller
143c2ef1ce - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
occur if the server did not have the privsep user and an invalid user
   tried to login and both privsep and krb5 auth are disabled.
2006-12-05 09:08:54 +11:00
Damien Miller
796c6c693d - (djm) [auth.c] gc some dead code 2006-10-28 01:10:15 +10:00
Damien Miller
6433df036e - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes
2006-09-07 10:36:43 +10:00
Darren Tucker
26d4e19caa - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
   login count.  Previously this would only happen when an interactive
   session starts (ie when a pty is allocated) but this means that accounts
   that have primarily non-interactive sessions (eg scp's) may gradually
   accumulate enough failures to lock out an account.  This change may have
   a side effect of creating two audit records, one with a tty of "ssh"
   corresponding to the authentication and one with the allocated pty per
   interactive session.
2006-08-30 22:33:09 +10:00
Damien Miller
36cbe41ceb - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec 2006-08-05 12:54:24 +10:00
Damien Miller
4cbfe8ebeb - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
remove last traces of bufaux.h - it was merged into buffer.h in the big
   includes.h commit
2006-08-05 12:49:30 +10:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller
8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Darren Tucker
4515047e47 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
     Add support for conditional directives to sshd_config via a "Match"
     keyword, which works similarly to the "Host" directive in ssh_config.
     Lines after a Match line override the default set in the main section
     if the condition on the Match line is true, eg
     AllowTcpForwarding yes
     Match User anoncvs
             AllowTcpForwarding no
     will allow port forwarding by all users except "anoncvs".
     Currently only a very small subset of directives are supported.
     ok djm@
2006-07-12 22:34:17 +10:00
Darren Tucker
3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker
5d19626a04 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
     auth.c packet.c log.c]
     move #include <stdarg.h> out of includes.h; ok markus@
2006-07-12 22:15:16 +10:00
Damien Miller
9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Darren Tucker
f14b2aa672 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
and slave, we can remove the special-case handling in the audit hook in
   auth_log.
2006-05-21 18:26:40 +10:00
Damien Miller
7a8f5b330d - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
[auth.c monitor.c]
     Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 23:14:23 +11:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller
69b7203e6f - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
[auth.c key.c misc.c packet.c ssh-add.c]
     in a switch (), break after return or goto is stupid
2006-03-26 14:02:35 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
a9263d065d fix spacing of include 2006-03-15 11:18:26 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Tim Rice
66fd217e8e - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
   Feedback and OK dtucker@
2005-08-31 09:59:49 -07:00
Tim Rice
2291c00ab2 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
   by tim@. Feedback and OK dtucker@
2005-08-26 13:15:19 -07:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller
6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Darren Tucker
a8f553df53 - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
[auth.c]
     Populate host for log message for logins denied by AllowUsers and
     DenyUsers (bz #999); ok markus@
2005-03-14 23:17:27 +11:00
Darren Tucker
691d5235ca - (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
   on AIX where possible (see README.platform for details) and work around
   a misfeature of AIX's getnameinfo.  ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker
2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
40d9a63788 - (dtucker) [auth.c] Fix parens in audit log check. 2005-02-04 15:19:44 +11:00