Commit Graph

275 Commits

Author SHA1 Message Date
Darren Tucker 1825f26d21 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
non-interactive path.  ok djm@
2004-02-24 00:01:27 +11:00
Darren Tucker 1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker 23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker ef3a4a208c - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
user, since some modules might fail due to lack of privilege.  ok djm@
2004-02-06 15:30:50 +11:00
Darren Tucker 3c78c5ed2f - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
   include kafs.h unless necessary.  From deengert at anl.gov.

For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
2004-01-23 22:03:10 +11:00
Damien Miller d352636553 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
ralf.hack AT pipex.net; ok dtucker@
2004-01-23 14:16:26 +11:00
Darren Tucker 7fe8b72771 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
just HEIMDAL.

Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available.  In that case it will be used too.
2004-01-22 12:48:26 +11:00
Damien Miller 8f341f8b8b - markus@cvs.openbsd.org 2004/01/13 19:23:15
[compress.c session.c]
     -Wall; ok henning
2004-01-21 11:00:46 +11:00
Darren Tucker 409cb328c1 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
2004-01-05 22:36:51 +11:00
Darren Tucker 22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
Damien Miller ce34674a9f sync whitespace - no code change 2003-11-22 14:41:58 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller c756e9b56e - (djm) Export environment variables from authentication subprocess to
parent. Part of Bug #717
2003-11-17 21:41:42 +11:00
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker 072a7b178c - markus@cvs.openbsd.org 2003/10/14 19:54:39
[session.c ssh-agent.c]
     10X for mkdtemp; djm@
2003-10-15 16:10:25 +10:00
Darren Tucker 8846a07639 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
cleanup functions.  With & ok djm@
2003-10-07 11:30:15 +10:00
Darren Tucker f391ba6730 - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
Based on patches by Matthias Koeppe and Thomas Baden.  ok djm@
2003-10-02 20:07:09 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Darren Tucker fb16b2411e - markus@cvs.openbsd.org 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c]
     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
     ok millert@
2003-09-22 21:04:23 +10:00
Darren Tucker c11b1e8420 - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref
when /etc/default/login doesn't exist or isn't readable.  Fixes from
   jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
2003-09-19 20:56:51 +10:00
Darren Tucker e1a790d0d1 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
   (eg Solaris, Reliant Unix).  Patch from Robert.Dahlem at siemens.com.  ok djm@
2003-09-16 11:52:19 +10:00
Damien Miller 341c6e687c - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session
management (now done in do_setusercontext). Largely from
   michael_steffens AT hp.com
2003-09-02 23:18:52 +10:00
Damien Miller 324948b320 - markus@cvs.openbsd.org 2003/08/31 13:29:05
[session.c]
     call ssh_gssapi_storecreds conditionally from do_exec();
     with sxw@inf.ed.ac.uk
2003-09-02 22:55:45 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker 49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller 1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker 3bdbd848ea - markus@cvs.openbsd.org 2003/08/13 08:33:02
[session.c]
     use more portable tcsendbreak(3) and ignore break_length;
     ok deraadt, millert
2003-08-13 20:31:05 +10:00
Darren Tucker d85efee437 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge. 2003-08-13 20:28:14 +10:00
Darren Tucker 80649c5fa6 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
specific defines and includes to bsd-cygwin_util.h.  Fixes build error too.
2003-08-07 16:28:16 +10:00
Darren Tucker b9d3f41ceb - (dtucker) [session.c] Have session_break_req not attempt to send a break
if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
2003-08-07 13:24:24 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker 793e817d49 - (dtucker) Check return value of setpcred(). 2003-07-08 21:01:04 +10:00
Darren Tucker a0c0b63112 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller 54c459866e - markus@cvs.openbsd.org 2003/05/14 22:24:42
[clientloop.c session.c ssh.1]
     allow to send a BREAK to the remote system; ok various
2003-05-15 10:20:13 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller b1ca8bb159 - markus@cvs.openbsd.org 2003/05/11 20:30:25
[channels.c clientloop.c serverloop.c session.c ssh.c]
     make channel_new() strdup the 'remote_name' (not the caller); ok theo
2003-05-14 13:45:42 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom c8c548d248 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
with SIA.  Also, clean up of tru64 support patch by Chris Adams
   <cmadams@hiwaay.net>
2003-03-21 01:18:09 +00:00
Damien Miller 0011138d47 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
Damien Miller 1a3ccb07c5 - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
From vinschen@redhat.com
2003-02-24 13:04:01 +11:00
Damien Miller 97f39ae810 - markus@cvs.openbsd.org 2003/02/06 09:26:23
[session.c]
     missing call to setproctitle() after authentication; ok provos@
2003-02-24 11:57:01 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
systems may be added later.
2003-01-10 09:53:12 +11:00
Damien Miller f25c18d7e8 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller dfedbf8e5a - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
mii@ornl.gov
2003-01-03 14:52:53 +11:00