Darren Tucker
89413dbafa
- dtucker@cvs.openbsd.org 2004/05/23 23:59:53
...
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker
dbf7a74ee5
- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
...
monitor_wrap.h] Bug #808 : Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
2004-03-08 23:04:06 +11:00
Damien Miller
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Damien Miller
856f0be669
- markus@cvs.openbsd.org 2003/08/26 09:58:43
...
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
2003-09-03 07:32:45 +10:00
Darren Tucker
1e66a39e40
- markus@cvs.openbsd.org 2003/08/22 13:22:27
...
[auth2.c] (auth2-krb5.c removed)
nuke "kerberos-2@ssh.com"
2003-08-26 12:08:15 +10:00
Darren Tucker
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller
1f499fd368
- (djm) Bug #564 : Perform PAM account checks for all authentications when
...
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
Damien Miller
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
3ab496b3dd
- markus@cvs.openbsd.org 2003/05/14 02:15:47
...
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
1a27a1ee8c
- (djm) Bug #117 : Don't lie to PAM about username
2003-05-14 10:27:09 +10:00
Darren Tucker
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
f50ad1fd04
- (bal) auth2.c same changed as above.
2003-04-27 18:44:31 +00:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
Damien Miller
556f9315a5
- markus@cvs.openbsd.org 2003/02/06 21:22:43
...
[auth1.c auth2.c]
undo broken fix for #387 , fixes #486
2003-02-24 11:59:26 +11:00
Tim Rice
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller
de6f2de8ad
- markus@cvs.openbsd.org 2002/08/22 21:33:58
...
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-09-04 16:37:26 +10:00
Ben Lindstrom
e06eb68226
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
2002-07-04 00:27:21 +00:00
Ben Lindstrom
5a9d0eaba6
- deraadt@cvs.openbsd.org 2002/06/30 21:54:16
...
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Damien Miller
43cecc1392
some xxx's for future privsep cleanup
2002-06-21 16:21:11 +10:00
Ben Lindstrom
b85ab30a6e
- (bal) Refixed auth2.c. It was never fully commited while spliting out
...
authentication to different files.
2002-06-07 02:05:25 +00:00
Ben Lindstrom
511bb24c5b
- markus@cvs.openbsd.org 2002/05/31 11:35:15
...
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom
855bf3ac3c
- markus@cvs.openbsd.org 2002/05/25 18:51:07
...
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
2002-06-06 20:27:55 +00:00
Ben Lindstrom
58d4dafeb1
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
...
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
Damien Miller
5ad9fd9820
- (djm) Bug #231 : UsePrivilegeSeparation turns off Banner.
2002-05-13 11:07:41 +10:00
Damien Miller
ffc868ff83
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
2002-05-09 15:59:13 +10:00
Damien Miller
7941855f09
- (djm) Make privsep work with PAM (still experimental)
2002-04-23 20:28:48 +10:00
Kevin Steves
e683e76439
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
...
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Kevin Steves
205cc1ef46
- (stevesk) [auth2.c] merge cleanup/sync
2002-03-22 20:43:05 +00:00
Ben Lindstrom
7ebb635d81
- markus@cvs.openbsd.org 2002/03/19 14:27:39
...
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
2002-03-22 03:04:08 +00:00
Ben Lindstrom
7a2073c50b
- provos@cvs.openbsd.org 2002/03/18 17:50:31
...
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom
73ab9ba45d
- provos@cvs.openbsd.org 2002/03/18 01:12:14
...
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom
2ae18f40a7
- provos@cvs.openbsd.org 2002/03/17 20:25:56
...
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 01:24:38 +00:00
Damien Miller
3a5b023330
Stupid djm commits experimental code to head instead of branch
...
revert
2002-03-13 13:19:42 +11:00
Damien Miller
646e7cf3d7
Import of Niels Provos' 20020312 ssh-complete.diff
...
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom
90fd814f90
- markus@cvs.openbsd.org 2002/02/24 19:14:59
...
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
Damien Miller
f3451a2181
- (djm) Cleanup after sync:
...
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Damien Miller
9b74bfc5be
- markus@cvs.openbsd.org 2002/02/04 11:58:10
...
[auth2.c]
cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
2002-02-05 12:26:03 +11:00
Damien Miller
c5d8635d6a
- markus@cvs.openbsd.org 2002/01/29 14:32:03
...
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller
0e3b87279c
- markus@cvs.openbsd.org 2002/01/13 17:57:37
...
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller
7d05339c70
- markus@cvs.openbsd.org 2002/01/11 13:39:36
...
[auth2.c dispatch.c dispatch.h kex.c]
a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'
dispatch_range(): set handler for a ranges message types
use dispatch_protocol_ignore() for authentication requests after
successful authentication (the drafts requirement).
serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
2002-01-22 23:24:13 +11:00
Damien Miller
630d6f4479
- markus@cvs.openbsd.org 2001/12/28 15:06:00
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller
0dea79d6b6
- (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
...
<vinschen@redhat.com> Could be abused to guess valid usernames
2001-12-29 14:08:28 +11:00
Damien Miller
278f907a2d
- djm@cvs.openbsd.org 2001/12/20 22:50:24
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net ; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller
da9edcabf8
- jakob@cvs.openbsd.org 2001/12/18 10:05:15
...
[auth2.c]
log fingerprint on successful public key authentication; ok markus@
2001-12-21 12:48:54 +11:00
Damien Miller
ee11625d43
- markus@cvs.openbsd.org 2001/12/09 18:45:56
...
[auth2.c auth2-chall.c auth.h]
add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
fixes memleak.
2001-12-21 12:42:34 +11:00