tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,917 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

60 Commits

Author SHA1 Message Date
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending 
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
 2020-10-18 23:46:29 +11:00
jsg@openbsd.org d5ba1c0327 upstream: change explicit_bzero();free() to freezero() 
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
 2020-02-28 12:26:28 +11:00
deraadt@openbsd.org 72687c8e7c upstream: stdarg.h required more broadly; ok djm 
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
 2019-11-15 08:50:10 +11:00
djm@openbsd.org be02d7cbde upstream: lots of things were relying on libcrypto headers to 
transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
 2019-09-06 17:54:21 +10:00
Damien Miller 87f08be054 Remove support for S/Key 
Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.
 2018-07-31 12:59:30 +10:00
markus@openbsd.org 394a842e60 upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@ 
OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
 2018-07-12 13:18:25 +10:00
markus@openbsd.org c7d39ac8dc upstream: sshd: switch authentication to sshbuf API; ok djm@ 
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
 2018-07-10 15:27:43 +10:00
markus@openbsd.org eb272ea409 upstream commit 
switch auth2 to ssh_dispatch API; ok djm@

Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
 2017-05-31 10:50:33 +10:00
markus@openbsd.org 2ae666a8fc upstream commit 
protocol handlers all get struct ssh passed; ok djm@

Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
 2017-05-31 10:50:05 +10:00
markus@openbsd.org 5f4082d886 upstream commit 
sshd: pass struct ssh to auth functions; ok djm@

Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
 2017-05-31 10:49:50 +10:00
markus@openbsd.org c221219b1f upstream commit 
remove ssh1 references; ok djm@

Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
 2017-05-31 10:46:44 +10:00
djm@openbsd.org 1a31d02b24 upstream commit 
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
 2016-05-02 20:35:04 +10:00
djm@openbsd.org 5b64f85bb8 upstream commit 
only query each keyboard-interactive device once per
 authentication request regardless of how many times it is listed; ok markus@

Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
 2015-07-20 10:32:25 +10:00
markus@openbsd.org 3fdc88a0de upstream commit 
move dispatch to struct ssh; ok djm@
 2015-01-20 09:14:16 +11:00
Damien Miller 7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14 
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
 2014-07-18 14:11:24 +10:00
Damien Miller a5103f413b - djm@cvs.openbsd.org 2014/02/02 03:44:32 
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()
 2014-02-04 11:20:14 +11:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
 2014-02-04 11:18:20 +11:00
Damien Miller 6c81fee693 - djm@cvs.openbsd.org 2013/11/08 00:39:15 
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
     [sftp-client.c sftp-glob.c]
     use calloc for all structure allocations; from markus@
 2013-11-08 12:19:55 +11:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13 
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
 2013-06-02 07:31:17 +10:00
Damien Miller 91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25 
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
 2013-04-23 15:18:10 +10:00
Damien Miller 55aca027ed - djm@cvs.openbsd.org 2012/12/03 00:14:06 
[auth2-chall.c ssh-keygen.c]
     Fix compilation with -Wall -Werror (trivial type fixes)
 2012-12-03 11:25:30 +11:00
Damien Miller 15b05cfa17 - djm@cvs.openbsd.org 2012/12/02 20:34:10 
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
     [monitor.c monitor.h]
     Fixes logging of partial authentication when privsep is enabled
     Previously, we recorded "Failed xxx" since we reset authenticated before
     calling auth_log() in auth2.c. This adds an explcit "Partial" state.

     Add a "submethod" to auth_log() to report which submethod is used
     for keyboard-interactive.

     Fix multiple authentication when one of the methods is
     keyboard-interactive.

     ok markus@
 2012-12-03 09:53:20 +11:00
Damien Miller c30def96e2 - djm@cvs.openbsd.org 2008/12/09 04:32:22 
[auth2-chall.c]
     replace by-hand string building with xasprinf(); ok deraadt@
 2009-01-28 16:13:39 +11:00
Damien Miller 733124b5dd - djm@cvs.openbsd.org 2007/09/21 08:15:29 
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
     [monitor.c monitor_wrap.c]
     unifdef -DBSD_AUTH
     unifdef -USKEY
     These options have been in use for some years;
     ok markus@ "no objection" millert@
     (NB. RCD ID sync only for portable)
 2007-10-26 14:25:12 +10:00
Damien Miller 80163907ed - stevesk@cvs.openbsd.org 2007/01/03 03:01:40 
[auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
     spaces
 2007-01-05 16:30:16 +11:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] 
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
 2006-09-01 15:38:36 +10:00
Darren Tucker d6a23f2057 - dtucker@cvs.openbsd.org 2006/08/05 08:28:24 
[monitor_wrap.c auth-skey.c auth2-chall.c]
     Zap unused variables in -DSKEY code.  ok djm@
 2006-08-05 18:50:35 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller 07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller 0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55 
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
 2005-07-17 17:22:45 +10:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Darren Tucker 3c66080aa2 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from 
the list of available kbdint devices if UsePAM=no.  ok djm@
 2005-01-20 22:20:50 +11:00
Darren Tucker 611649ebf0 - dtucker@cvs.openbsd.org 2005/01/19 13:11:47 
[auth-bsdauth.c auth2-chall.c]
     Have keyboard-interactive code call the drivers even for responses for
     invalid logins.  This allows the drivers themselves to decide how to
     handle them and prevent leaking information where possible.  Existing
     behaviour for bsdauth is maintained by checking authctxt->valid in the
     bsdauth driver.  Note that any third-party kbdint drivers will now need
     to be able to handle responses for invalid logins.  ok markus@
 2005-01-20 11:05:34 +11:00
Damien Miller 16ea6494b6 - dtucker@cvs.openbsd.org 2004/06/01 14:20:45 
[auth2-chall.c]
     Remove redundant #include; ok markus@
 2004-06-15 10:28:24 +10:00
Damien Miller a6a7c19dcb - (djm) Avoid auth2-chall.c warning when compiling without 
PAM, BSD_AUTH and SKEY
 2003-05-26 21:36:13 +10:00
Damien Miller 4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with 
proper challenge-response module
 2003-05-10 19:28:02 +10:00
Ben Lindstrom a962c2fb35 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
 2002-07-04 00:14:17 +00:00
Damien Miller fb7fd9580c - markus@cvs.openbsd.org 2002/06/26 13:55:37 
[auth2-chall.c]
     make sure # of response matches # of queries, fixes int overflow;
     from ISS
 2002-06-26 23:58:39 +10:00
Ben Lindstrom cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
 2002-06-21 00:41:51 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31 
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
 2002-03-22 02:30:41 +00:00
Damien Miller 0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37 
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
 2002-01-22 23:26:38 +11:00
Damien Miller 209ee4e368 - markus@cvs.openbsd.org 2002/01/11 23:02:51 
[auth2-chall.c]
     use snprintf; mouring@
 2002-01-22 23:25:08 +11:00
Damien Miller a5ebe0c39d - markus@cvs.openbsd.org 2002/01/11 20:14:11 
[auth2-chall.c auth-skey.c]
     use strlcpy not strlcat; mouring@
 2002-01-22 23:24:33 +11:00
Damien Miller 630d6f4479 - markus@cvs.openbsd.org 2001/12/28 15:06:00 
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
 2002-01-22 23:17:30 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58 
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
 2002-01-22 23:11:40 +11:00
Damien Miller 278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24 
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
 2001-12-21 15:00:19 +11:00