openssh-portable

Commit Graph

Author	SHA1	Message	Date
Darren Tucker	5cb30ad2ec	- markus@cvs.openbsd.org 2004/07/28 09:40:29 [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/	2004-08-12 22:40:24 +10:00
Damien Miller	a22f2d761b	- (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/07/21 08:56:12 [auth.c] s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, miod, ...	2004-07-21 20:48:24 +10:00
Darren Tucker	0a9d43d726	- (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move loginrestrictions test to port-aix.c, replace with a generic hook.	2004-06-23 13:45:24 +10:00
Darren Tucker	89413dbafa	- dtucker@cvs.openbsd.org 2004/05/23 23:59:53 [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@	2004-05-24 10:36:23 +10:00
Darren Tucker	1f8311c836	- deraadt@cvs.openbsd.org 2004/05/11 19:01:43 [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok	2004-05-13 16:39:33 +10:00
Darren Tucker	06f2bd8bde	- deraadt@cvs.openbsd.org 2004/05/08 00:01:37 [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok	2004-05-13 16:06:46 +10:00
Darren Tucker	15ee748f28	- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test to auth-shadow.c, no functional change. ok djm@	2004-02-22 09:43:15 +11:00
Darren Tucker	9df3defdbb	- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h defines.h] Bug #14: Use do_pwchange to support password expiry and force change for platforms using /etc/shadow. ok djm@	2004-02-10 13:01:14 +11:00
Damien Miller	787b2ec18c	more whitespace (tabs this time)	2003-11-21 23:56:47 +11:00
Damien Miller	a8e06cef35	- djm@cvs.openbsd.org 2003/11/21 11:57:03 [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)	2003-11-21 23:48:55 +11:00
Darren Tucker	c6020651ba	- (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.	2003-10-15 17:48:20 +10:00
Darren Tucker	3e33cecf71	- markus@cvs.openbsd.org 2003/09/23 20:17:11 [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@	2003-10-02 16:12:36 +10:00
Damien Miller	856f0be669	- markus@cvs.openbsd.org 2003/08/26 09:58:43 [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar	2003-09-03 07:32:45 +10:00
Darren Tucker	43a0dc6653	- (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.	2003-08-26 14:22:12 +10:00
Darren Tucker	e41bba5847	- (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny any access to locked accounts. ok djm@	2003-08-25 11:51:19 +10:00
Darren Tucker	b9aa0a0baa	- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] Convert aixloginmsg into platform-independant Buffer loginmsg.	2003-07-08 22:59:59 +10:00
Damien Miller	3a961dc0d3	- (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too	2003-06-03 10:25:48 +10:00
Damien Miller	4e448a31ae	- (djm) Add new UsePAM configuration directive to allow runtime control over usage of PAM. This allows non-root use of sshd when built with --with-pam	2003-05-14 15:11:48 +10:00
Damien Miller	d558092522	- (djm) RCSID sync w/ OpenBSD	2003-05-14 13:40:06 +10:00
Darren Tucker	97363a8b24	- (dtucker) Move handling of bad password authentications into a platform specific record_failed_login() function (affects AIX & Unicos).	2003-05-02 23:42:25 +10:00
Damien Miller	2a3f20e397	- (djm) Fix missed log => logit occurance (reference by function pointer)	2003-04-09 21:12:00 +10:00
Damien Miller	996acd2476	* empty log message *	2003-04-09 20:59:48 +10:00
Damien Miller	e443e9398e	- (djm) Revert fix for Bug #442 for now.	2003-01-18 16:24:06 +11:00
Tim Rice	458c6bfa10	[auth.c] declare today at top of allowed_user() to keep older compilers happy.	2003-01-08 20:04:27 -08:00
Damien Miller	06817f9cd3	- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by dtucker@zip.com.au. Reorder for clarity too.	2003-01-07 23:55:59 +11:00
Damien Miller	f25c18d7e8	- (djm) Bug #178 : On AIX /etc/nologin wasnt't shown to users. Fix from Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au	2003-01-07 17:38:58 +11:00
Damien Miller	64004b5566	- (djm) Fix Bug #442 for PAM case	2003-01-07 16:15:20 +11:00
Damien Miller	48cb8aa935	- (djm) Bug #442 : Check for and deny access to accounts with locked passwords. Patch from dtucker@zip.com.au	2003-01-07 12:19:32 +11:00
Ben Lindstrom	f5397c081d	- (bal) AIX does not log login attempts for unknown users (bug #432 ). patch by dtucker@zip.com.au	2002-11-09 16:11:10 +00:00
Ben Lindstrom	485075e8fa	- markus@cvs.openbsd.org 2002/11/04 10:07:53 [auth.c] don't compare against pw_home if realpath fails for pw_home (seen on AFS); ok djm@	2002-11-09 15:45:12 +00:00
Ben Lindstrom	97e38d8667	20021015 - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.	2002-10-16 00:13:52 +00:00
Damien Miller	6f0a188857	- stevesk@cvs.openbsd.org 2002/09/20 18:41:29 [auth.c] log illegal user here for missing privsep case (ssh2). this is executed in the monitor. ok markus@	2002-09-22 01:26:51 +10:00
Ben Lindstrom	d4ee3497ca	- stevesk@cvs.openbsd.org 2002/08/08 23:54:52 [auth.c] typo in comment	2002-08-20 18:42:13 +00:00
Ben Lindstrom	e06eb68226	- (bal) Failed password attempts don't increment counter on AIX. Bug #145	2002-07-04 00:27:21 +00:00
Damien Miller	116e6dfaad	unbreak (aaarrrgggh - stupid vi)	2002-05-22 15:06:28 +10:00
Damien Miller	13e35a0ea2	rcsid sync	2002-05-22 14:04:11 +10:00
Ben Lindstrom	a574cda45b	- markus@cvs.openbsd.org 2002/05/13 20:44:58 [auth-options.c auth.c auth.h] move the packet_send_debug handling from auth-options.c to auth.c; ok provos@	2002-05-15 16:16:14 +00:00
Kevin Steves	f98fb721a0	- (stevesk) [auth.c] Shadow account and expiration cleanup. Now check for root forced expire. Still don't check for inactive.	2002-05-10 15:48:52 +00:00
Ben Lindstrom	f34e4eb6c7	- markus@cvs.openbsd.org 2002/03/19 15:31:47 [auth.c] check for NULL; from provos@	2002-03-22 03:08:30 +00:00
Ben Lindstrom	7ebb635d81	- markus@cvs.openbsd.org 2002/03/19 14:27:39 [auth.c auth1.c auth2.c] make getpwnamallow() allways call pwcopy()	2002-03-22 03:04:08 +00:00
Ben Lindstrom	6328ab3989	- markus@cvs.openbsd.org 2002/03/19 10:49:35 [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace	2002-03-22 02:54:23 +00:00
Ben Lindstrom	b481e1323e	- provos@cvs.openbsd.org 2002/03/18 03:41:08 [auth.c session.c] move auth_approval into getpwnamallow with help from millert@	2002-03-22 01:35:47 +00:00
Ben Lindstrom	2ae18f40a7	- provos@cvs.openbsd.org 2002/03/17 20:25:56 [auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@	2002-03-22 01:24:38 +00:00
Ben Lindstrom	b61e6df9f3	- itojun@cvs.openbsd.org 2002/03/15 11:00:38 [auth.c] fix file type checking (use S_ISREG). ok by markus	2002-03-22 01:15:33 +00:00
Ben Lindstrom	3fb5d00ffd	- markus@cvs.openbsd.org 2002/03/01 13:12:10 [auth.c match.c match.h] undo the 'delay hostname lookup' change match.c must not use compress.c (via canonhost.c/packet.c) thanks to wilfried@	2002-03-05 01:42:42 +00:00
Ben Lindstrom	6ef9ec6b6b	- stevesk@cvs.openbsd.org 2002/02/28 20:56:00 [auth.c] log user not allowed details, from dwd@bell-labs.com; ok markus@	2002-03-05 01:40:37 +00:00
Ben Lindstrom	916d83d208	- stevesk@cvs.openbsd.org 2002/02/28 19:36:28 [auth.c match.c match.h] delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers for sshd -u0; ok markus@	2002-03-05 01:35:23 +00:00
Damien Miller	c5d8635d6a	- markus@cvs.openbsd.org 2002/01/29 14:32:03 [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@	2002-02-05 12:13:41 +11:00
Damien Miller	9f0f5c64bc	- deraadt@cvs.openbsd.org 2001/12/19 07:18:56 [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else	2001-12-21 14:45:46 +11:00
Ben Lindstrom	65366a8c76	- stevesk@cvs.openbsd.org 2001/11/17 19:14:34 [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] enum/int type cleanup where it made sense to do so; ok markus@	2001-12-06 16:32:47 +00:00

1 2

89 Commits