Damien Miller
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
91d4b12fcb
- deraadt@cvs.openbsd.org 2006/03/20 18:17:20
...
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
2006-03-26 14:05:20 +11:00
Damien Miller
d62f2ca376
- deraadt@cvs.openbsd.org 2006/03/19 18:52:11
...
[auth1.c authfd.c channels.c]
spacing
2006-03-26 13:57:41 +11:00
Damien Miller
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
b6f72f5294
-(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
...
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
2005-07-17 17:26:43 +10:00
Damien Miller
94cf4c8448
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
...
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-07-17 17:04:47 +10:00
Damien Miller
46d38de48b
- djm@cvs.openbsd.org 2005/07/16 01:35:24
...
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
2005-07-17 17:02:09 +10:00
Damien Miller
06221f1527
- djm@cvs.openbsd.org 2005/06/17 02:44:33
...
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
2005-06-19 07:36:10 +10:00
Damien Miller
6abf57ccbf
- djm@cvs.openbsd.org 2005/05/20 12:57:01;
...
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
2005-06-19 07:31:37 +10:00
Darren Tucker
2e0cf0dca2
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
...
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
269a1ea1c8
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
...
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125 :
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
c13866719f
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
...
subsequently denied by the PAM auth stack, send the PAM message to the
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
ok djm@
2004-12-03 14:33:47 +11:00
Darren Tucker
5cb30ad2ec
- markus@cvs.openbsd.org 2004/07/28 09:40:29
...
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
sshconnect1.c]
more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Damien Miller
30d1f84911
- djm@cvs.openbsd.org 2004/07/21 10:33:31
...
[auth1.c auth2.c]
bz#899: Don't display invalid usernames in setproctitle
2004-07-21 20:48:53 +10:00
Darren Tucker
a8c73d3b8c
- (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
...
connections with empty passwords. Patch from davidwu at nbttech.com,
ok djm@
2004-06-23 09:17:54 +10:00
Ben Lindstrom
e35bf12eeb
- (bal) [auth-passwd.c auth1.c] Clean up unused variables.
2004-06-22 03:37:11 +00:00
Darren Tucker
89413dbafa
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
...
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker
e14e005f41
- djm@cvs.openbsd.org 2004/05/09 01:19:28
...
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
Darren Tucker
dbf7a74ee5
- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
...
monitor_wrap.h] Bug #808 : Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
2004-03-08 23:04:06 +11:00
Damien Miller
0eae442235
knf in portable-code (no code change)
2003-11-22 14:15:30 +11:00
Damien Miller
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
a9fcd3ada2
- jakob@cvs.openbsd.org 2003/11/08 16:02:40
...
[auth1.c]
remove unused variable (pw). ok djm@
(id sync only - still used in portable)
2003-11-17 21:16:55 +11:00
Damien Miller
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Damien Miller
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Damien Miller
1f499fd368
- (djm) Bug #564 : Perform PAM account checks for all authentications when
...
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
1a27a1ee8c
- (djm) Bug #117 : Don't lie to PAM about username
2003-05-14 10:27:09 +10:00
Damien Miller
4f9f42a9bb
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
...
proper challenge-response module
2003-05-10 19:28:02 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
683036ee2c
- (bal) auth1.c minor resync while looking at the code.
2003-04-27 18:41:30 +00:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
556f9315a5
- markus@cvs.openbsd.org 2003/02/06 21:22:43
...
[auth1.c auth2.c]
undo broken fix for #387 , fixes #486
2003-02-24 11:59:26 +11:00
Damien Miller
21de87b936
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/01/23 00:03:00
[auth1.c]
Don't log TIS auth response; "get rid of it" - markus@
2003-01-23 17:41:20 +11:00
Ben Lindstrom
93576d9538
- deraadt@cvs.openbsd.org 2002/11/21 23:03:51
...
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
sshconnect.c]
KNF
2002-12-23 02:06:19 +00:00
Damien Miller
d94e549ea8
- markus@cvs.openbsd.org 2002/09/26 11:38:43
...
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h]
krb4 + privsep; ok dugsong@, deraadt@
2002-09-27 13:25:58 +10:00
Tim Rice
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller
25162f2518
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
...
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
2002-09-12 09:47:29 +10:00
Damien Miller
de6f2de8ad
- markus@cvs.openbsd.org 2002/08/22 21:33:58
...
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-09-04 16:37:26 +10:00
Ben Lindstrom
e06eb68226
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
2002-07-04 00:27:21 +00:00
Damien Miller
43cecc1392
some xxx's for future privsep cleanup
2002-06-21 16:21:11 +10:00
Ben Lindstrom
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Damien Miller
7941855f09
- (djm) Make privsep work with PAM (still experimental)
2002-04-23 20:28:48 +10:00
Ben Lindstrom
c822638794
- markus@cvs.openbsd.org 2002/04/10 08:21:47
...
[auth1.c compat.c compat.h]
strip '@' from username only for KerbV and known broken clients, bug #204
Don't mind me.. I just commited a changelog with no patch. <sigh>
2002-04-10 16:22:09 +00:00
Kevin Steves
e683e76439
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
...
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Kevin Steves
38c4a28a7e
- (stevesk) [auth1.c] fix password auth for protocol 1 when
...
!USE_PAM && !HAVE_OSF_SIA; merge issue.
2002-04-02 03:24:56 +00:00