Darren Tucker
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
3ab496b3dd
- markus@cvs.openbsd.org 2003/05/14 02:15:47
...
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
1a27a1ee8c
- (djm) Bug #117 : Don't lie to PAM about username
2003-05-14 10:27:09 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
f50ad1fd04
- (bal) auth2.c same changed as above.
2003-04-27 18:44:31 +00:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
556f9315a5
- markus@cvs.openbsd.org 2003/02/06 21:22:43
...
[auth1.c auth2.c]
undo broken fix for #387 , fixes #486
2003-02-24 11:59:26 +11:00
Tim Rice
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller
de6f2de8ad
- markus@cvs.openbsd.org 2002/08/22 21:33:58
...
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-09-04 16:37:26 +10:00
Ben Lindstrom
e06eb68226
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
2002-07-04 00:27:21 +00:00
Ben Lindstrom
5a9d0eaba6
- deraadt@cvs.openbsd.org 2002/06/30 21:54:16
...
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Damien Miller
43cecc1392
some xxx's for future privsep cleanup
2002-06-21 16:21:11 +10:00
Ben Lindstrom
b85ab30a6e
- (bal) Refixed auth2.c. It was never fully commited while spliting out
...
authentication to different files.
2002-06-07 02:05:25 +00:00
Ben Lindstrom
511bb24c5b
- markus@cvs.openbsd.org 2002/05/31 11:35:15
...
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom
855bf3ac3c
- markus@cvs.openbsd.org 2002/05/25 18:51:07
...
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
2002-06-06 20:27:55 +00:00
Ben Lindstrom
58d4dafeb1
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
...
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
Damien Miller
5ad9fd9820
- (djm) Bug #231 : UsePrivilegeSeparation turns off Banner.
2002-05-13 11:07:41 +10:00
Damien Miller
ffc868ff83
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
2002-05-09 15:59:13 +10:00
Damien Miller
7941855f09
- (djm) Make privsep work with PAM (still experimental)
2002-04-23 20:28:48 +10:00
Kevin Steves
e683e76439
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
...
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Kevin Steves
205cc1ef46
- (stevesk) [auth2.c] merge cleanup/sync
2002-03-22 20:43:05 +00:00
Ben Lindstrom
7ebb635d81
- markus@cvs.openbsd.org 2002/03/19 14:27:39
...
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
7a2073c50b
- provos@cvs.openbsd.org 2002/03/18 17:50:31
...
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom
73ab9ba45d
- provos@cvs.openbsd.org 2002/03/18 01:12:14
...
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom
2ae18f40a7
- provos@cvs.openbsd.org 2002/03/17 20:25:56
...
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Damien Miller
3a5b023330
Stupid djm commits experimental code to head instead of branch
...
revert
2002-03-13 13:19:42 +11:00
Damien Miller
646e7cf3d7
Import of Niels Provos' 20020312 ssh-complete.diff
...
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom
90fd814f90
- markus@cvs.openbsd.org 2002/02/24 19:14:59
...
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
Damien Miller
f3451a2181
- (djm) Cleanup after sync:
...
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Damien Miller
9b74bfc5be
- markus@cvs.openbsd.org 2002/02/04 11:58:10
...
[auth2.c]
cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
2002-02-05 12:26:03 +11:00
Damien Miller
c5d8635d6a
- markus@cvs.openbsd.org 2002/01/29 14:32:03
...
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller
0e3b87279c
- markus@cvs.openbsd.org 2002/01/13 17:57:37
...
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller
7d05339c70
- markus@cvs.openbsd.org 2002/01/11 13:39:36
...
[auth2.c dispatch.c dispatch.h kex.c]
a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'
dispatch_range(): set handler for a ranges message types
use dispatch_protocol_ignore() for authentication requests after
successful authentication (the drafts requirement).
serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
2002-01-22 23:24:13 +11:00
Damien Miller
630d6f4479
- markus@cvs.openbsd.org 2001/12/28 15:06:00
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller
0dea79d6b6
- (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
...
<vinschen@redhat.com> Could be abused to guess valid usernames
2001-12-29 14:08:28 +11:00
Damien Miller
278f907a2d
- djm@cvs.openbsd.org 2001/12/20 22:50:24
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net ; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller
da9edcabf8
- jakob@cvs.openbsd.org 2001/12/18 10:05:15
...
[auth2.c]
log fingerprint on successful public key authentication; ok markus@
2001-12-21 12:48:54 +11:00
Damien Miller
ee11625d43
- markus@cvs.openbsd.org 2001/12/09 18:45:56
...
[auth2.c auth2-chall.c auth.h]
add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
fixes memleak.
2001-12-21 12:42:34 +11:00
Ben Lindstrom
3c36bb29ca
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
...
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
2001-12-06 17:55:26 +00:00
Ben Lindstrom
65366a8c76
- stevesk@cvs.openbsd.org 2001/11/17 19:14:34
...
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
2001-12-06 16:32:47 +00:00
Damien Miller
e49d0966b5
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
...
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
2001-11-13 23:46:18 +11:00
Damien Miller
6fd5b391f0
- markus@cvs.openbsd.org 2001/11/07 22:41:51
...
[auth2.c auth-rh-rsa.c]
unused includes
2001-11-12 11:04:28 +11:00
Ben Lindstrom
bdfb4df08c
- markus@cvs.openbsd.org 2001/09/27 15:31:17
...
[auth2.c auth2-chall.c sshconnect1.c]
typos; from solar
2001-10-03 17:12:43 +00:00
Ben Lindstrom
1bc3bdb1c2
- markus@cvs.openbsd.org 2001/09/20 13:46:48
...
[auth2.c]
key_read returns now -1 or 1
2001-09-20 23:11:26 +00:00
Ben Lindstrom
940fb86c9a
- stevesk@cvs.openbsd.org 2001/07/23 18:14:58
...
[auth2.c auth-rsa.c]
use %lu; ok markus@
2001-08-06 21:01:49 +00:00
Ben Lindstrom
90279d80f5
- markus@cvs.openbsd.org 2001/06/26 05:50:11
...
[auth2.c]
new interface for secure_filename()
2001-07-04 03:56:56 +00:00