Commit Graph

30 Commits

Author SHA1 Message Date
Darren Tucker f4732f6475 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
     Perform Kerberos calls even for invalid users to prevent leaking
     information about account validity.  bz #975, patch originally from
     Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
     ok markus@
2005-11-22 19:42:42 +11:00
Darren Tucker 618db97fe1 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
Patch from djm@.
2005-11-10 14:43:11 +11:00
Darren Tucker 893c602ef0 - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
calls to krb5_init_ets, which has not been required since krb-1.1.x and
   most Kerberos versions no longer export in their public API.  From sxw
   at inf.ed.ac.uk, ok djm@
2005-07-07 20:33:36 +10:00
Darren Tucker a83f2612c2 - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
in the case where the buffer is insufficient, so always return ENOMEM.
   Also pointed out by sxw at inf.ed.ac.uk.
2005-07-07 20:09:35 +10:00
Darren Tucker a916d143a1 - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT
Kerberos code path into a common function and expand mkstemp template to be
   consistent with the rest of OpenSSH.  From sxw at inf.ed.ac.uk, ok djm@
2005-07-07 11:50:20 +10:00
Darren Tucker 5614d8f8c4 - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
at anl.gov, ok djm@
2004-09-11 23:32:09 +10:00
Darren Tucker 066969339d - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
Explicitly set umask for mkstemp; ok djm@
2004-08-14 23:55:37 +10:00
Damien Miller 9c870f966a - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
file using FILE: method, fixes problems on Mac OSX.
   Patch from simon@sxw.org.uk; ok dtucker@
2004-04-16 22:47:55 +10:00
Ben Lindstrom a8104b5c92 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
   are starting to restrict it as internal since it is not needed by
    developers any more. (Patch based on Apple tree)
- (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
    krb5 on MacOS/X conflicts.  There may be a better solution, but this will
    work for now.
2004-04-07 04:16:11 +00:00
Darren Tucker ec217adf70 Whitespace sync 2003-11-22 12:11:06 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker 49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
Darren Tucker ec0943a96c - (dtucker) OpenBSD CVS Sync
(thanks to Simon Wilkinson for help with this -dt)
   - markus@cvs.openbsd.org 2003/07/16 15:02:06
     [auth-krb5.c]
     mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se>
     otherwise the kerberos credentinal is stored in a memory cache
     in the privileged sshd. ok jabob@, hin@ (some time ago)
2003-08-11 22:55:36 +10:00
Damien Miller 9c617693c2 - (djm) Make portable build with MIT krb5 (some issues remain) 2003-05-14 14:31:11 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom 93576d9538 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
      sshconnect.c]
     KNF
2002-12-23 02:06:19 +00:00
Damien Miller 25162f2518 - itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
     patch from markus
2002-09-12 09:47:29 +10:00
Ben Lindstrom 5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Damien Miller fd4c9eee25 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk> 2002-04-13 11:04:40 +10:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom eacc71b558 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
[auth-krb5.c]
     BSD license.  from Daniel Kouril via Dug Song.  ok markus@
2002-03-22 01:22:27 +00:00
Ben Lindstrom 05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
2002-03-05 01:53:02 +00:00
Ben Lindstrom b855028ff6 - markus@cvs.openbsd.org 2002/02/15 23:54:10
[auth-krb5.c]
     krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
     ok provos@
2002-02-26 17:46:11 +00:00
Damien Miller db95e4e107 sync - don't know when this got out of sync 2002-02-13 16:56:44 +11:00
Damien Miller 61b05cfdda - (djm) OpenBSD CVS Sync
- dugsong@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
     art@, deraadt@ ok
2001-11-14 00:02:10 +11:00
Damien Miller 964fed54cd - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used. 2001-09-25 12:58:23 +10:00