tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,069 Commits 6 Branches 20 Tags 99 MiB
Commit Graph

176 Commits

Author SHA1 Message Date
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09 
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
 2003-11-17 21:13:40 +11:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11 
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
 2003-10-02 16:12:36 +10:00
Damien Miller 856f0be669 - markus@cvs.openbsd.org 2003/08/26 09:58:43 
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
     [auth2.c monitor.c]
     fix passwd auth for 'username leaks via timing'; with djm@, original
     patches from solar
 2003-09-03 07:32:45 +10:00
Darren Tucker 1e66a39e40 - markus@cvs.openbsd.org 2003/08/22 13:22:27 
[auth2.c] (auth2-krb5.c removed)
     nuke "kerberos-2@ssh.com"
 2003-08-26 12:08:15 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09 
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
 2003-08-26 11:49:55 +10:00
Damien Miller 1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when 
UsePAM=yes; ok dtucker
 2003-08-25 13:08:49 +10:00
Darren Tucker 502d384b74 - markus@cvs.openbsd.org 2003/06/24 08:23:46 
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
      monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
     int -> u_int; ok djm@, deraadt@, mouring@
 2003-06-28 12:38:01 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller 3ab496b3dd - markus@cvs.openbsd.org 2003/05/14 02:15:47 
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
     implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
     server interops with commercial client; ok jakob@ djm@
 2003-05-14 13:47:37 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 1a27a1ee8c - (djm) Bug #117: Don't lie to PAM about username 2003-05-14 10:27:09 +10:00
Darren Tucker 97363a8b24 - (dtucker) Move handling of bad password authentications into a platform 
specific record_failed_login() function (affects AIX & Unicos).
 2003-05-02 23:42:25 +10:00
Ben Lindstrom f50ad1fd04 - (bal) auth2.c same changed as above. 2003-04-27 18:44:31 +00:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller 556f9315a5 - markus@cvs.openbsd.org 2003/02/06 21:22:43 
[auth1.c auth2.c]
     undo broken fix for #387, fixes #486
 2003-02-24 11:59:26 +11:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray. 
This does not include the deattack.c fixes.
 2002-09-25 17:38:46 -07:00
Damien Miller de6f2de8ad - markus@cvs.openbsd.org 2002/08/22 21:33:58 
[auth1.c auth2.c]
     auth_root_allowed() is handled by the monitor in the privsep case,
     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
 2002-09-04 16:37:26 +10:00
Ben Lindstrom e06eb68226 - (bal) Failed password attempts don't increment counter on AIX. Bug #145 2002-07-04 00:27:21 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
 2002-07-04 00:12:53 +00:00
Damien Miller 43cecc1392 some xxx's for future privsep cleanup 2002-06-21 16:21:11 +10:00
Ben Lindstrom b85ab30a6e - (bal) Refixed auth2.c. It was never fully commited while spliting out 
authentication to different files.
 2002-06-07 02:05:25 +00:00
Ben Lindstrom 511bb24c5b - markus@cvs.openbsd.org 2002/05/31 11:35:15 
[auth.h auth2.c]
     move Authmethod definitons to per-method file.

NOTE: The rest of this patch is with the import of the auth2-*.c files.
 2002-06-06 20:52:37 +00:00
Ben Lindstrom 855bf3ac3c - markus@cvs.openbsd.org 2002/05/25 18:51:07 
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
      auth2-passwd.c auth2-pubkey.c Makefile.in]
     split auth2.c into one file per method; ok provos@/deraadt@

NOTE: Merged back noticable cygwin and pam stuff.  May need review to
ensure I did not miss anything.
 2002-06-06 20:27:55 +00:00
Ben Lindstrom 58d4dafeb1 - itojun@cvs.openbsd.org 2002/05/13 02:37:39 
[auth-skey.c auth2.c]
     less warnings.  skey_{respond,query} are public (in auth.h)
 2002-05-15 16:14:36 +00:00
Damien Miller 5ad9fd9820 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. 2002-05-13 11:07:41 +10:00
Damien Miller ffc868ff83 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) 2002-05-09 15:59:13 +10:00
Damien Miller 7941855f09 - (djm) Make privsep work with PAM (still experimental) 2002-04-23 20:28:48 +10:00
Kevin Steves e683e76439 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h 
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
 2002-04-04 19:02:28 +00:00
Kevin Steves 205cc1ef46 - (stevesk) [auth2.c] merge cleanup/sync 2002-03-22 20:43:05 +00:00
Ben Lindstrom 7ebb635d81 - markus@cvs.openbsd.org 2002/03/19 14:27:39 
[auth.c auth1.c auth2.c]
     make getpwnamallow() allways call pwcopy()
 2002-03-22 03:04:08 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31 
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
 2002-03-22 02:30:41 +00:00
Ben Lindstrom 73ab9ba45d - provos@cvs.openbsd.org 2002/03/18 01:12:14 
[auth.h auth1.c auth2.c sshd.c]
     have the authentication functions return the authentication context
     and then do_authenticated; okay millert@
 2002-03-22 01:27:35 +00:00
Ben Lindstrom 2ae18f40a7 - provos@cvs.openbsd.org 2002/03/17 20:25:56 
[auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@
 2002-03-22 01:24:38 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch 
revert
 2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff 
PAM, Cygwin and OSF SIA will not work for sure
 2002-03-13 12:47:54 +11:00
Ben Lindstrom 90fd814f90 - markus@cvs.openbsd.org 2002/02/24 19:14:59 
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@
 2002-02-26 18:09:42 +00:00
Damien Miller f3451a2181 - (djm) Cleanup after sync: 
- :%s/reverse_mapping_check/verify_reverse_mapping/g
 2002-02-05 12:40:46 +11:00
Damien Miller 9b74bfc5be - markus@cvs.openbsd.org 2002/02/04 11:58:10 
[auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
 2002-02-05 12:26:03 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03 
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
 2002-02-05 12:13:41 +11:00
Damien Miller 0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37 
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
 2002-01-22 23:26:38 +11:00
Damien Miller 7d05339c70 - markus@cvs.openbsd.org 2002/01/11 13:39:36 
[auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     	successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
 2002-01-22 23:24:13 +11:00
Damien Miller 630d6f4479 - markus@cvs.openbsd.org 2001/12/28 15:06:00 
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
 2002-01-22 23:17:30 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58 
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
 2002-01-22 23:11:40 +11:00
Damien Miller 0dea79d6b6 - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen 
<vinschen@redhat.com> Could be abused to guess valid usernames
 2001-12-29 14:08:28 +11:00
Damien Miller 278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24 
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
 2001-12-21 15:00:19 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Damien Miller da9edcabf8 - jakob@cvs.openbsd.org 2001/12/18 10:05:15 
[auth2.c]
     log fingerprint on successful public key authentication; ok markus@
 2001-12-21 12:48:54 +11:00
Damien Miller ee11625d43 - markus@cvs.openbsd.org 2001/12/09 18:45:56 
[auth2.c auth2-chall.c auth.h]
     add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
     fixes memleak.
 2001-12-21 12:42:34 +11:00
Ben Lindstrom 3c36bb29ca - itojun@cvs.openbsd.org 2001/12/05 03:56:39 
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
      sshconnect2.c]
     make it compile with more strict prototype checking
 2001-12-06 17:55:26 +00:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
 2001-12-06 16:32:47 +00:00
Damien Miller e49d0966b5 - (djm) AIX login{success,failed} changes. Move loginsuccess call to 
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others
 2001-11-13 23:46:18 +11:00
Damien Miller 6fd5b391f0 - markus@cvs.openbsd.org 2001/11/07 22:41:51 
[auth2.c auth-rh-rsa.c]
     unused includes
 2001-11-12 11:04:28 +11:00
Ben Lindstrom bdfb4df08c - markus@cvs.openbsd.org 2001/09/27 15:31:17 
[auth2.c auth2-chall.c sshconnect1.c]
     typos; from solar
 2001-10-03 17:12:43 +00:00
Ben Lindstrom 1bc3bdb1c2 - markus@cvs.openbsd.org 2001/09/20 13:46:48 
[auth2.c]
     key_read returns now -1 or 1
 2001-09-20 23:11:26 +00:00
Ben Lindstrom 940fb86c9a - stevesk@cvs.openbsd.org 2001/07/23 18:14:58 
[auth2.c auth-rsa.c]
     use %lu; ok markus@
 2001-08-06 21:01:49 +00:00
Ben Lindstrom 90279d80f5 - markus@cvs.openbsd.org 2001/06/26 05:50:11 
[auth2.c]
     new interface for secure_filename()
 2001-07-04 03:56:56 +00:00
Ben Lindstrom 7907382299 - stevesk@cvs.openbsd.org 2001/06/25 20:26:37 
[auth2.c sshconnect2.c]
     prototype cleanup; ok markus@
 2001-07-04 03:42:30 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20 
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
 2001-06-25 05:01:22 +00:00
Ben Lindstrom a4789ef878 - markus@cvs.openbsd.org 2001/06/23 03:04:42 
[auth2.c auth-rh-rsa.c]
     restore correct ignore_user_known_hosts logic.
 2001-06-25 04:40:49 +00:00
Ben Lindstrom 83647ce474 - markus@cvs.openbsd.org 2001/06/23 00:20:57 
[auth2.c auth.c auth.h auth-rh-rsa.c]
     *known_hosts2 is obsolete for hostbased authentication and
     only used for backward compat. merge ssh1/2 hostkey check
     and move it to auth.c
 2001-06-25 04:30:16 +00:00
Ben Lindstrom f96704d4ef - markus@cvs.openbsd.org 2001/06/22 21:55:49 
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
      ssh-keygen.1]
     merge authorized_keys2 into authorized_keys.
     authorized_keys2 is used for backward compat.
     (just append authorized_keys2 to authorized_keys).
 2001-06-25 04:17:12 +00:00
Ben Lindstrom 9d0c06667e - markus@cvs.openbsd.org 2001/06/07 19:57:53 
[auth2.c]
     style is used for bsdauth.
     disconnect on user/service change (ietf-drafts)
 2001-06-09 01:40:00 +00:00
Ben Lindstrom c763767f18 [NOTE: Next patch will sync nchan.c, channels.c and channels.h and all this 
pain will be over.]
   - markus@cvs.openbsd.org 2001/05/31 10:30:17
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c]
     undo the .c file split, just merge the header and keep the cvs
     history
 2001-06-09 00:36:26 +00:00
Ben Lindstrom cd4349f969 - markus@cvs.openbsd.org 2001/05/30 23:31:14 
[auth2.c]
     merge
 2001-06-09 00:23:17 +00:00
Ben Lindstrom e6455aee8f [NOTE: File split is was not done in Portabl Tree] 
- markus@cvs.openbsd.org 2001/05/30 12:55:13
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c ssh1.h]
     channel layer cleanup: merge header files and split .c files
 2001-06-09 00:17:10 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36 
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
 2001-06-05 20:25:05 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29 
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
 2001-06-05 18:56:16 +00:00
Damien Miller f815442116 - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt' 
(default: off), implies KbdInteractiveAuthentication. Suggestion from
   markus@
 2001-04-25 22:44:14 +10:00
Ben Lindstrom 3f36496e33 - markus@cvs.openbsd.org 2001/04/19 00:05:11 
[auth2.c]
     use local variable, no function call needed.
     (btw, hostbased works now with ssh.com >= 2.0.13)
 2001-04-19 20:50:07 +00:00
Ben Lindstrom 671388f233 - markus@cvs.openbsd.org 2001/04/18 23:43:26 
[auth2.c compat.c sshconnect2.c]
     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
     (however the 2.1.0 server seems to work only if debug is enabled...)
 2001-04-19 20:40:45 +00:00
Ben Lindstrom 4aa603c150 - markus@cvs.openbsd.org 2001/04/18 22:48:26 
[auth2.c]
     no longer const
 2001-04-19 20:38:06 +00:00
Ben Lindstrom 2bffd6fd1b - markus@cvs.openbsd.org 2001/04/18 22:03:45 
[auth2.c sshconnect2.c]
     use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
 2001-04-19 20:35:40 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26 
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
 2001-04-12 23:34:34 +00:00
Ben Lindstrom 3fcf1a22b5 - markus@cvs.openbsd.org 2001/04/06 21:00:17 
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
      ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
     do gid/groups-swap in addition to uid-swap, should help if /home/group
     is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
     to olar@openwall.com is comments.  we had many requests for this.
 2001-04-08 18:26:59 +00:00
Ben Lindstrom 0cae04005e - markus@cvs.openbsd.org 2001/04/04 20:32:56 
[auth2.c]
     we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
 2001-04-04 23:47:52 +00:00
Damien Miller 5d57e50730 - OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/03/28 22:43:31
     [auth.h auth2.c auth2-chall.c]
     check auth_root_allowed for kbd-int auth, too.
 2001-03-30 10:48:31 +10:00
Ben Lindstrom b31783d547 - markus@cvs.openbsd.org 2001/03/21 11:43:45 
[auth1.c auth2.c session.c session.h]
     merge common ssh v1/2 code
 2001-03-22 02:02:12 +00:00
Ben Lindstrom eebc4a2ed3 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID 
resync
 2001-03-22 01:22:03 +00:00
Ben Lindstrom b54873ad24 - markus@cvs.openbsd.org 2001/03/11 13:25:36 
[auth2.c key.c]
     debug
 2001-03-11 20:01:55 +00:00
Ben Lindstrom 9c5324422e - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c 2001-03-05 07:33:14 +00:00
Ben Lindstrom 204e48851a - deraadt@cvs.openbsd.org 2001/03/01 02:45:10 
[auth-rsa.c auth2.c deattack.c packet.c]
     KNF
 2001-03-05 06:47:00 +00:00
Ben Lindstrom 086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44 
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
 2001-03-05 05:56:40 +00:00
Ben Lindstrom d95c09cc83 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and 
pty.[ch] -> sshpty.[ch]
 2001-02-18 19:13:33 +00:00
Damien Miller 60396b060b - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie 
enable with --with-bsd-auth.
 2001-02-18 17:01:00 +11:00
Damien Miller c83de6db41 KNF 2001-02-16 14:17:59 +11:00
Ben Lindstrom c1ba31fadc - markus@cvs.openssh.org 2001/02/13 22:49:40 
[auth1.c auth2.c]
    setproctitle(user) only if getpwnam succeeds
 2001-02-15 03:14:11 +00:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23 
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
 2001-02-15 03:08:27 +00:00
Damien Miller 92ddb7d6f0 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams 
<cmadams@hiwaay.net> with a little modification and KNF.
 2001-02-14 01:25:23 +11:00
Ben Lindstrom d1f20ec368 - markus@cvs.openbsd.org 2001/02/10 12:52:02 
[auth2.c]
     offer passwd before s/key
 2001-02-10 21:31:53 +00:00
Ben Lindstrom f79aeffe3b - markus@cvs.openbsd.org 2001/02/07 22:35:46 
[auth1.c auth2.c sshd.c]
     move k_setpag() to a central place; ok dugsong@
 2001-02-10 21:27:11 +00:00
Kevin Steves 4abe4def70 - (stevesk) OpenBSD sync: 
- markus@cvs.openbsd.org  2001/02/08 11:20:01
     [auth2.c]
     strict checking
   - markus@cvs.openbsd.org  2001/02/08 11:15:22
     [version.h]
     update to 2.3.2
   - markus@cvs.openbsd.org  2001/02/08 11:12:30
     [auth2.c]
     fix typo
 2001-02-08 19:16:32 +00:00
Kevin Steves 0afcc9f942 - stevesk@cvs.openbsd.org 2001/02/04 06:30:12 
[auth2.c authfd.c packet.c]
     remove duplicate #include's; ok markus@
 2001-02-05 13:57:36 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
 2001-02-05 12:42:17 +00:00
Damien Miller 3380426358 NB: big update - may break stuff. Please test! 
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
 2001-02-04 23:20:18 +11:00
Ben Lindstrom 6d40c0f806 - (bal) Minor auth2.c resync. Whitespace and moving of an #include. 2001-01-29 09:02:24 +00:00
Ben Lindstrom 95fb2dde77 - markus@cvs.openbsd.org 2001/01/22 23:06:39 
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
      sshconnect1.c sshconnect2.c sshd.c]
     rename skey -> challenge response.
     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
 2001-01-23 03:12:10 +00:00
Ben Lindstrom b1985f7279 - (bal) OpenBSD Resync 
- markus@cvs.openbsd.org 2001/01/22 8:15:00
     [auth-krb4.c sshconnect1.c]
     only AFS needs radix.[ch]
   - markus@cvs.openbsd.org 2001/01/22 8:32:53
     [auth2.c]
     no need to include; from mouring@etoh.eviladmin.org
   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
     [key.c]
     free() -> xfree(); ok markus@
   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
     [sshconnect2.c sshd.c]
     fix memory leaks in SSH2 key exchange; ok markus@
 2001-01-23 00:19:15 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under 
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
 2001-01-22 05:34:40 +00:00
Damien Miller 22e22bf9ba - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>) 
to fix NULL pointer deref and fake authloop breakage in PAM code.
 2001-01-19 15:46:38 +11:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify 
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
 2001-01-19 04:26:52 +00:00