Commit Graph

163 Commits

Author SHA1 Message Date
Damien Miller 64004b5566 - (djm) Fix Bug #442 for PAM case 2003-01-07 16:15:20 +11:00
Damien Miller 48cb8aa935 - (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
2003-01-07 12:19:32 +11:00
Ben Lindstrom f5397c081d - (bal) AIX does not log login attempts for unknown users (bug #432).
patch by dtucker@zip.com.au
2002-11-09 16:11:10 +00:00
Ben Lindstrom 485075e8fa - markus@cvs.openbsd.org 2002/11/04 10:07:53
[auth.c]
     don't compare against pw_home if realpath fails for pw_home (seen
     on AFS); ok djm@
2002-11-09 15:45:12 +00:00
Ben Lindstrom 97e38d8667 20021015
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-10-16 00:13:52 +00:00
Damien Miller 6f0a188857 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
[auth.c]
     log illegal user here for missing privsep case (ssh2).
     this is executed in the monitor. ok markus@
2002-09-22 01:26:51 +10:00
Ben Lindstrom d4ee3497ca - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
[auth.c]
     typo in comment
2002-08-20 18:42:13 +00:00
Ben Lindstrom e06eb68226 - (bal) Failed password attempts don't increment counter on AIX. Bug #145 2002-07-04 00:27:21 +00:00
Damien Miller 116e6dfaad unbreak (aaarrrgggh - stupid vi) 2002-05-22 15:06:28 +10:00
Damien Miller 13e35a0ea2 rcsid sync 2002-05-22 14:04:11 +10:00
Ben Lindstrom a574cda45b - markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
     move the packet_send_debug handling from auth-options.c to auth.c;
     ok provos@
2002-05-15 16:16:14 +00:00
Kevin Steves f98fb721a0 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire.  Still don't check for inactive.
2002-05-10 15:48:52 +00:00
Ben Lindstrom f34e4eb6c7 - markus@cvs.openbsd.org 2002/03/19 15:31:47
[auth.c]
     check for NULL; from provos@
2002-03-22 03:08:30 +00:00
Ben Lindstrom 7ebb635d81 - markus@cvs.openbsd.org 2002/03/19 14:27:39
[auth.c auth1.c auth2.c]
     make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom b481e1323e - provos@cvs.openbsd.org 2002/03/18 03:41:08
[auth.c session.c]
     move auth_approval into getpwnamallow with help from millert@
2002-03-22 01:35:47 +00:00
Ben Lindstrom 2ae18f40a7 - provos@cvs.openbsd.org 2002/03/17 20:25:56
[auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Ben Lindstrom b61e6df9f3 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
[auth.c]
     fix file type checking (use S_ISREG).  ok by markus
2002-03-22 01:15:33 +00:00
Ben Lindstrom 3fb5d00ffd - markus@cvs.openbsd.org 2002/03/01 13:12:10
[auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@
2002-03-05 01:42:42 +00:00
Ben Lindstrom 6ef9ec6b6b - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
[auth.c]
     log user not allowed details, from dwd@bell-labs.com; ok markus@
2002-03-05 01:40:37 +00:00
Ben Lindstrom 916d83d208 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
[auth.c match.c match.h]
     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@
2002-03-05 01:35:23 +00:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller f655207a46 - markus@cvs.openbsd.org 2001/11/08 20:02:24
[auth.c]
     don't print ROOT in CAPS for the authentication messages, i.e.
     	Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
     becomes
     	Accepted publickey for root from 127.0.0.1 port 42734 ssh2
2001-11-12 11:06:06 +11:00
Ben Lindstrom c3e49e7b31 - markus@cvs.openbsd.org 2001/10/03 10:01:20
[auth.c]
     use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
2001-10-03 17:55:26 +00:00
Damien Miller 0ae6e009c8 - markus@cvs.openbsd.org 2001/07/11 18:26:15
[auth.c]
     no need to call dirname(pw->pw_dir).
     note that dirname(3) modifies its argument on some systems.
2001-07-14 12:21:34 +10:00
Damien Miller 98273e3ade - (djm) Revert dirname fix, a better one is on its way. 2001-07-14 11:55:15 +10:00
Damien Miller eec0c25f2a - (djm) dirname(3) may modify its argument on glibc and other systems.
Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
2001-07-11 21:32:20 +10:00
Ben Lindstrom 60260022ee - markus@cvs.openbsd.org 2001/06/27 04:48:53
[auth.c match.c sshd.8]
     tridge@samba.org
2001-07-04 04:56:44 +00:00
Ben Lindstrom 248c0784bf - provos@cvs.openbsd.org 2001/06/25 17:54:47
[auth.c auth.h auth-rsa.c]
     terminate secure_filename checking after checking homedir.  that way
     it works on AFS.  okay markus@
2001-07-04 03:40:39 +00:00
Ben Lindstrom 83647ce474 - markus@cvs.openbsd.org 2001/06/23 00:20:57
[auth2.c auth.c auth.h auth-rh-rsa.c]
     *known_hosts2 is obsolete for hostbased authentication and
     only used for backward compat. merge ssh1/2 hostkey check
     and move it to auth.c
2001-06-25 04:30:16 +00:00
Ben Lindstrom 68c3ce1075 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller
<markm@swoon.net>
2001-06-10 17:24:51 +00:00
Ben Lindstrom 60567ff890 - markus@cvs.openbsd.org 2001/05/24 11:12:42
[auth.c]
     fix comment; from jakob@
2001-06-05 20:27:53 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
2001-06-05 20:25:05 +00:00
Damien Miller e7cf07c927 - markus@cvs.openbsd.org 2001/03/19 17:07:23
[auth.c readconf.c]
     undo /etc/shell and proto 2,1 change for openssh-2.5.2
2001-03-20 09:15:57 +11:00
Ben Lindstrom d69191bb4e - markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
     check /etc/shells, too
2001-03-17 23:13:27 +00:00
Ben Lindstrom 92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
2001-03-05 06:59:27 +00:00
Ben Lindstrom 086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
2001-03-05 05:56:40 +00:00
Damien Miller b5b6218537 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
<vinschen@redhat.com>
2001-03-01 09:48:13 +11:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
Kevin Steves 2b725a056a RCSID 2001-02-05 18:16:28 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Damien Miller 3380426358 NB: big update - may break stuff. Please test!
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
2001-02-04 23:20:18 +11:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Kevin Steves 7b61cfa1ec - (stevesk) complete:
- markus@cvs.openbsd.org  2001/01/13 11:56:48
     [auth.c sshd.8]
     support supplementary group in {Allow,Deny}Groups
     from stevesk@pobox.com
2001-01-14 19:11:00 +00:00
Kevin Steves a58e0af1bd - (stevesk) Fix typo in auth.c: USE_PAM not PAM 2000-10-29 14:38:55 +00:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller 62dd94b375 - (djm) Tweak password expiry checking at suggestion of Kevin Steves
<stevesk@sweden.hp.com>
2000-09-23 14:26:32 +11:00
Damien Miller 606f880e0f - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
- (djm) Re-enable int64_t types - we need them for sftp
 - (djm) Use libexecdir from configure , rather than libexecdir/ssh
 - (djm) Update Redhat SPEC file accordingly
 - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
 - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
 - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
   <Dirk.DeWachter@rug.ac.be>
 - (djm) Fixprogs and entropy list fixes from Larry Jones
   <larry.jones@sdrc.com>
 - (djm) Fix for SuSE spec file from Takashi YOSHIDA
   <tyoshida@gemini.rc.kyushu-u.ac.jp>
2000-09-16 15:39:56 +11:00
Damien Miller e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller 942da039d2 - (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org  2000/07/22 03:14:37
     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
     random early drop; ok theo, niels
   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
     [ssh.1]
     typo
   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
     [sshd.8]
     many fixes from pepper@mail.reppep.com
   - provos@cvs.openbsd.org  2000/08/01 13:01:42
     [Makefile.in util.c aux.c]
     rename aux.c to util.c to help with cygwin port
   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
     [authfd.c]
     correct sun_len; Alexander@Leidinger.net
   - provos@cvs.openbsd.org  2000/08/02 10:27:17
     [readconf.c sshd.8]
     disable kerberos authentication by default
   - provos@cvs.openbsd.org  2000/08/02 11:27:05
     [sshd.8 readconf.c auth-krb4.c]
     disallow kerberos authentication if we can't verify the TGT; from
     dugsong@
     kerberos authentication is on by default only if you have a srvtab.
   - markus@cvs.openbsd.org  2000/08/04 14:30:07
     [auth.c]
     unused
   - markus@cvs.openbsd.org  2000/08/04 14:30:35
     [sshd_config]
     MaxStartups
   - markus@cvs.openbsd.org  2000/08/15 13:20:46
     [authfd.c]
     cleanup; ok niels@
   - markus@cvs.openbsd.org  2000/08/17 14:05:10
     [session.c]
     cleanup login(1)-like jobs, no duplicate utmp entries
   - markus@cvs.openbsd.org  2000/08/17 14:06:34
     [session.c sshd.8 sshd.c]
      sshd -u len, similar to telnetd
2000-08-18 13:59:06 +10:00
Damien Miller c708843e6a - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
2000-07-02 18:44:54 +10:00
Damien Miller 1f335fb8d8 - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
2000-06-26 11:31:33 +10:00
Damien Miller 2f6a0ad191 - Cleanup of auth.c, login.c and fake-*
- Cleanup of auth-pam.c, save and print "account expired" error messages
2000-05-31 11:20:11 +10:00
Damien Miller 7d6656c128 cleanup diffs 2000-05-20 15:22:36 +10:00
Damien Miller ef7df54073 - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
- OpenBSD CVS updates:
  - markus@cvs.openbsd.org
    [sshconnect.c]
    copy only ai_addrlen bytes; misiek@pld.org.pl
    [auth.c]
    accept an empty shell in authentication; bug reported by
    chris@tinker.ucr.edu
    [serverloop.c]
    we don't have stderr for interactive terminal sessions (fcntl errors)
2000-05-19 00:03:23 +10:00
Damien Miller d2c208a2d3 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix 2000-05-17 22:00:02 +10:00
Damien Miller eba71bab9b - Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server
2000-04-29 23:57:08 +10:00
Damien Miller 4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller efb4afe026 - More large OpenBSD CVS updates:
- [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
     [session.h ssh.h sshd.c README.openssh2]
     ssh2 server side, see README.openssh2; enable with 'sshd -2'
   - [channels.c]
     no adjust after close
   - [sshd.c compat.c ]
     interop w/ latest ssh.com windows client.
2000-04-12 18:45:05 +10:00
Damien Miller b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00