Darren Tucker
1825f26d21
- (dtucker) [session.c] Bug #789 : Only make setcred call for !privsep in the
...
non-interactive path. ok djm@
2004-02-24 00:01:27 +11:00
Darren Tucker
1921ed9f96
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14 : Use do_pwchange to
...
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker
23bc8d0bff
- markus@cvs.openbsd.org 2004/01/30 09:48:57
...
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker
ef3a4a208c
- (dtucker) [session.c] Bug #789 : Do not call do_pam_setcred as a non-root
...
user, since some modules might fail due to lack of privilege. ok djm@
2004-02-06 15:30:50 +11:00
Darren Tucker
3c78c5ed2f
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
...
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
2004-01-23 22:03:10 +11:00
Damien Miller
d352636553
- (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
...
ralf.hack AT pipex.net; ok dtucker@
2004-01-23 14:16:26 +11:00
Darren Tucker
7fe8b72771
- (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
...
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
2004-01-22 12:48:26 +11:00
Damien Miller
8f341f8b8b
- markus@cvs.openbsd.org 2004/01/13 19:23:15
...
[compress.c session.c]
-Wall; ok henning
2004-01-21 11:00:46 +11:00
Darren Tucker
409cb328c1
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
...
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
2004-01-05 22:36:51 +11:00
Darren Tucker
22ef508754
- jakob@cvs.openbsd.org 2003/12/23 16:12:10
...
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Darren Tucker
3175eb9a5a
- markus@cvs.openbsd.org 2003/12/02 17:01:15
...
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
Damien Miller
ce34674a9f
sync whitespace - no code change
2003-11-22 14:41:58 +11:00
Damien Miller
787b2ec18c
more whitespace (tabs this time)
2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
c756e9b56e
- (djm) Export environment variables from authentication subprocess to
...
parent. Part of Bug #717
2003-11-17 21:41:42 +11:00
Damien Miller
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker
072a7b178c
- markus@cvs.openbsd.org 2003/10/14 19:54:39
...
[session.c ssh-agent.c]
10X for mkdtemp; djm@
2003-10-15 16:10:25 +10:00
Darren Tucker
8846a07639
- (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
...
cleanup functions. With & ok djm@
2003-10-07 11:30:15 +10:00
Darren Tucker
f391ba6730
- (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
...
Based on patches by Matthias Koeppe and Thomas Baden. ok djm@
2003-10-02 20:07:09 +10:00
Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Darren Tucker
fb16b2411e
- markus@cvs.openbsd.org 2003/09/18 08:49:45
...
[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
ok millert@
2003-09-22 21:04:23 +10:00
Darren Tucker
c11b1e8420
- (dtucker) [session.c] Bug #643 : Fix size_t -> u_int and fix null deref
...
when /etc/default/login doesn't exist or isn't readable. Fixes from
jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
2003-09-19 20:56:51 +10:00
Darren Tucker
e1a790d0d1
- (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252 : Retrieve
...
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
(eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com. ok djm@
2003-09-16 11:52:19 +10:00
Damien Miller
341c6e687c
- (djm) Bug #423 : reorder setting of PAM_TTY and calling of PAM session
...
management (now done in do_setusercontext). Largely from
michael_steffens AT hp.com
2003-09-02 23:18:52 +10:00
Damien Miller
324948b320
- markus@cvs.openbsd.org 2003/08/31 13:29:05
...
[session.c]
call ssh_gssapi_storecreds conditionally from do_exec();
with sxw@inf.ed.ac.uk
2003-09-02 22:55:45 +10:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker
49aaf4ad52
- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
...
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
Darren Tucker
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller
1f499fd368
- (djm) Bug #564 : Perform PAM account checks for all authentications when
...
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker
3bdbd848ea
- markus@cvs.openbsd.org 2003/08/13 08:33:02
...
[session.c]
use more portable tcsendbreak(3) and ignore break_length;
ok deraadt, millert
2003-08-13 20:31:05 +10:00
Darren Tucker
d85efee437
- (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.
2003-08-13 20:28:14 +10:00
Darren Tucker
80649c5fa6
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
...
specific defines and includes to bsd-cygwin_util.h. Fixes build error too.
2003-08-07 16:28:16 +10:00
Darren Tucker
b9d3f41ceb
- (dtucker) [session.c] Have session_break_req not attempt to send a break
...
if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
2003-08-07 13:24:24 +10:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker
793e817d49
- (dtucker) Check return value of setpcred().
2003-07-08 21:01:04 +10:00
Darren Tucker
a0c0b63112
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
...
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Damien Miller
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
54c459866e
- markus@cvs.openbsd.org 2003/05/14 22:24:42
...
[clientloop.c session.c ssh.1]
allow to send a BREAK to the remote system; ok various
2003-05-15 10:20:13 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
b1ca8bb159
- markus@cvs.openbsd.org 2003/05/11 20:30:25
...
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
2003-05-14 13:45:42 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Ben Lindstrom
c8c548d248
- (bal) Disable Privsep for Tru64 after pre-authentication due to issues
...
with SIA. Also, clean up of tru64 support patch by Chris Adams
<cmadams@hiwaay.net>
2003-03-21 01:18:09 +00:00
Damien Miller
0011138d47
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
Damien Miller
1a3ccb07c5
- (djm) Bug #494 : Allow multiple accounts on Windows 9x/Me;
...
From vinschen@redhat.com
2003-02-24 13:04:01 +11:00
Damien Miller
97f39ae810
- markus@cvs.openbsd.org 2003/02/06 09:26:23
...
[session.c]
missing call to setproctitle() after authentication; ok provos@
2003-02-24 11:57:01 +11:00
Damien Miller
a8ed44b79e
- (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
...
systems may be added later.
2003-01-10 09:53:12 +11:00
Damien Miller
f25c18d7e8
- (djm) Bug #178 : On AIX /etc/nologin wasnt't shown to users. Fix from
...
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller
dfedbf8e5a
- (djm) Bug #446 : Set LOGIN env var to pw_name on AIX. Patch from
...
mii@ornl.gov
2003-01-03 14:52:53 +11:00