Damien Miller
773a7b98f9
- (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
...
account check failure path. The vulnerable format buffer is supplied
from PAM and should not contain attacker-supplied data.
2008-07-09 20:54:05 +10:00
Damien Miller
0b4d48ba74
- djm@cvs.openbsd.org 2008/07/04 23:30:16
...
[auth1.c auth2.c]
Make protocol 1 MaxAuthTries logic match protocol 2's.
Do not treat the first protocol 2 authentication attempt as
a failure IFF it is for method "none".
Makes MaxAuthTries' user-visible behaviour identical for
protocol 1 vs 2.
ok dtucker@
2008-07-05 09:44:53 +10:00
Damien Miller
b84886ba3e
- djm@cvs.openbsd.org 2008/05/08 12:02:23
...
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
[ssh.c sshd.c]
Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
2008-05-19 15:05:07 +10:00
Damien Miller
733124b5dd
- djm@cvs.openbsd.org 2007/09/21 08:15:29
...
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
[monitor.c monitor_wrap.c]
unifdef -DBSD_AUTH
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
(NB. RCD ID sync only for portable)
2007-10-26 14:25:12 +10:00
Damien Miller
ded319cca2
- (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
...
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller
d783435315
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
...
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d
- stevesk@cvs.openbsd.org 2006/08/01 23:22:48
...
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
1cdde6f536
- stevesk@cvs.openbsd.org 2006/07/20 15:26:15
...
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
Damien Miller
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
91d4b12fcb
- deraadt@cvs.openbsd.org 2006/03/20 18:17:20
...
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
2006-03-26 14:05:20 +11:00
Damien Miller
d62f2ca376
- deraadt@cvs.openbsd.org 2006/03/19 18:52:11
...
[auth1.c authfd.c channels.c]
spacing
2006-03-26 13:57:41 +11:00
Damien Miller
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
b6f72f5294
-(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
...
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
2005-07-17 17:26:43 +10:00
Damien Miller
94cf4c8448
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
...
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-07-17 17:04:47 +10:00
Damien Miller
46d38de48b
- djm@cvs.openbsd.org 2005/07/16 01:35:24
...
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
2005-07-17 17:02:09 +10:00
Damien Miller
06221f1527
- djm@cvs.openbsd.org 2005/06/17 02:44:33
...
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
2005-06-19 07:36:10 +10:00
Damien Miller
6abf57ccbf
- djm@cvs.openbsd.org 2005/05/20 12:57:01;
...
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
2005-06-19 07:31:37 +10:00
Darren Tucker
2e0cf0dca2
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
...
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
269a1ea1c8
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
...
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125 :
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
c13866719f
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
...
subsequently denied by the PAM auth stack, send the PAM message to the
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
ok djm@
2004-12-03 14:33:47 +11:00
Darren Tucker
5cb30ad2ec
- markus@cvs.openbsd.org 2004/07/28 09:40:29
...
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
sshconnect1.c]
more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Damien Miller
30d1f84911
- djm@cvs.openbsd.org 2004/07/21 10:33:31
...
[auth1.c auth2.c]
bz#899: Don't display invalid usernames in setproctitle
2004-07-21 20:48:53 +10:00
Darren Tucker
a8c73d3b8c
- (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
...
connections with empty passwords. Patch from davidwu at nbttech.com,
ok djm@
2004-06-23 09:17:54 +10:00
Ben Lindstrom
e35bf12eeb
- (bal) [auth-passwd.c auth1.c] Clean up unused variables.
2004-06-22 03:37:11 +00:00
Darren Tucker
89413dbafa
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
...
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker
e14e005f41
- djm@cvs.openbsd.org 2004/05/09 01:19:28
...
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
Darren Tucker
dbf7a74ee5
- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
...
monitor_wrap.h] Bug #808 : Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
2004-03-08 23:04:06 +11:00
Damien Miller
0eae442235
knf in portable-code (no code change)
2003-11-22 14:15:30 +11:00
Damien Miller
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
a9fcd3ada2
- jakob@cvs.openbsd.org 2003/11/08 16:02:40
...
[auth1.c]
remove unused variable (pw). ok djm@
(id sync only - still used in portable)
2003-11-17 21:16:55 +11:00
Damien Miller
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Damien Miller
1f499fd368
- (djm) Bug #564 : Perform PAM account checks for all authentications when
...
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
1a27a1ee8c
- (djm) Bug #117 : Don't lie to PAM about username
2003-05-14 10:27:09 +10:00
Damien Miller
4f9f42a9bb
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
...
proper challenge-response module
2003-05-10 19:28:02 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
683036ee2c
- (bal) auth1.c minor resync while looking at the code.
2003-04-27 18:41:30 +00:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
556f9315a5
- markus@cvs.openbsd.org 2003/02/06 21:22:43
...
[auth1.c auth2.c]
undo broken fix for #387 , fixes #486
2003-02-24 11:59:26 +11:00
Damien Miller
21de87b936
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/01/23 00:03:00
[auth1.c]
Don't log TIS auth response; "get rid of it" - markus@
2003-01-23 17:41:20 +11:00
Ben Lindstrom
93576d9538
- deraadt@cvs.openbsd.org 2002/11/21 23:03:51
...
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
sshconnect.c]
KNF
2002-12-23 02:06:19 +00:00
Damien Miller
d94e549ea8
- markus@cvs.openbsd.org 2002/09/26 11:38:43
...
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h]
krb4 + privsep; ok dugsong@, deraadt@
2002-09-27 13:25:58 +10:00
Tim Rice
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00