tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,971 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

169 Commits

Author SHA1 Message Date
Damien Miller 4cbfe8ebeb - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] 
remove last traces of bufaux.h - it was merged into buffer.h in the big
   includes.h commit
 2006-08-05 12:49:30 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
 2006-08-05 11:02:17 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Darren Tucker 4515047e47 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
     Add support for conditional directives to sshd_config via a "Match"
     keyword, which works similarly to the "Host" directive in ssh_config.
     Lines after a Match line override the default set in the main section
     if the condition on the Match line is true, eg
     AllowTcpForwarding yes
     Match User anoncvs
             AllowTcpForwarding no
     will allow port forwarding by all users except "anoncvs".
     Currently only a very small subset of directives are supported.
     ok djm@
 2006-07-12 22:34:17 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Darren Tucker 5d19626a04 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
     auth.c packet.c log.c]
     move #include <stdarg.h> out of includes.h; ok markus@
 2006-07-12 22:15:16 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
 2006-07-10 20:53:08 +10:00
Darren Tucker f14b2aa672 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor 
and slave, we can remove the special-case handling in the audit hook in
   auth_log.
 2006-05-21 18:26:40 +10:00
Damien Miller 7a8f5b330d - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 
[auth.c monitor.c]
     Prevent duplicate log messages when privsep=yes; ok djm@
 2006-03-31 23:14:23 +11:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller 07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller 69b7203e6f - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 
[auth.c key.c misc.c packet.c ssh-add.c]
     in a switch (), break after return or goto is stupid
 2006-03-26 14:02:35 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
 2006-03-15 11:45:54 +11:00
Damien Miller a9263d065d fix spacing of include 2006-03-15 11:18:26 +11:00
Damien Miller 03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
 2006-03-15 11:16:59 +11:00
Tim Rice 66fd217e8e - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c 
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
   Feedback and OK dtucker@
 2005-08-31 09:59:49 -07:00
Tim Rice 2291c00ab2 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c 
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
   by tim@. Feedback and OK dtucker@
 2005-08-26 13:15:19 -07:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller 6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36 
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
 2005-06-16 13:18:34 +10:00
Darren Tucker a8f553df53 - dtucker@cvs.openbsd.org 2005/03/14 11:44:42 
[auth.c]
     Populate host for log message for logins denied by AllowUsers and
     DenyUsers (bz #999); ok markus@
 2005-03-14 23:17:27 +11:00
Darren Tucker 691d5235ca - (dtucker) [README.platform auth.c configure.ac loginrec.c 
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
   on AIX where possible (see README.platform for details) and work around
   a misfeature of AIX's getnameinfo.  ok djm@
 2005-02-15 21:45:57 +11:00
Darren Tucker 2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c 
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
 2005-02-08 21:52:47 +11:00
Darren Tucker 40d9a63788 - (dtucker) [auth.c] Fix parens in audit log check. 2005-02-04 15:19:44 +11:00
Darren Tucker 269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c 
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
 2005-02-03 00:20:53 +11:00
Darren Tucker 2fba993080 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] 
Bug #974: Teach sshd to write failed login records to btmp for failed auth
   attempts (currently only for password, kbdint and C/R, only on Linux and
   HP-UX), based on code from login.c from util-linux. With ashok_kovai at
   hotmail.com, ok djm@
 2005-02-02 23:30:24 +11:00
Darren Tucker 42d9dc75ed - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] 
Make record_failed_login() call provide hostname rather than having the
   implementations having to do lookups themselves.  Only affects AIX and
   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
 2005-02-02 17:10:11 +11:00
Darren Tucker 094cd0ba02 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59 
[auth.c]
     Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
     DenyGroups.  bz #909, ok djm@
 2005-01-24 21:56:48 +11:00
Darren Tucker 5cb30ad2ec - markus@cvs.openbsd.org 2004/07/28 09:40:29 
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
     sshconnect1.c]
     more s/illegal/invalid/
 2004-08-12 22:40:24 +10:00
Damien Miller a22f2d761b - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2004/07/21 08:56:12
     [auth.c]
     s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
     miod, ...
 2004-07-21 20:48:24 +10:00
Darren Tucker 0a9d43d726 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] 
Move loginrestrictions test to port-aix.c, replace with a generic hook.
 2004-06-23 13:45:24 +10:00
Darren Tucker 89413dbafa - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
 2004-05-24 10:36:23 +10:00
Darren Tucker 1f8311c836 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
     packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
     improve some code lint did not like; djm millert ok
 2004-05-13 16:39:33 +10:00
Darren Tucker 06f2bd8bde - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
     tildexpand.c], removed: sshtty.h tildexpand.h
     make two tiny header files go away; djm ok
 2004-05-13 16:06:46 +10:00
Darren Tucker 15ee748f28 - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test 
to auth-shadow.c, no functional change.  ok djm@
 2004-02-22 09:43:15 +11:00
Darren Tucker 9df3defdbb - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h 
defines.h] Bug #14: Use do_pwchange to support password expiry and force
   change for platforms using /etc/shadow.  ok djm@
 2004-02-10 13:01:14 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Darren Tucker c6020651ba - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. 2003-10-15 17:48:20 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11 
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
 2003-10-02 16:12:36 +10:00
Damien Miller 856f0be669 - markus@cvs.openbsd.org 2003/08/26 09:58:43 
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
     [auth2.c monitor.c]
     fix passwd auth for 'username leaks via timing'; with djm@, original
     patches from solar
 2003-09-03 07:32:45 +10:00
Darren Tucker 43a0dc6653 - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled. 2003-08-26 14:22:12 +10:00
Darren Tucker e41bba5847 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny 
any access to locked accounts.  ok djm@
 2003-08-25 11:51:19 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] 
Convert aixloginmsg into platform-independant Buffer loginmsg.
 2003-07-08 22:59:59 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
 2003-06-03 10:25:48 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Darren Tucker 97363a8b24 - (dtucker) Move handling of bad password authentications into a platform 
specific record_failed_login() function (affects AIX & Unicos).
 2003-05-02 23:42:25 +10:00
Damien Miller 2a3f20e397 - (djm) Fix missed log => logit occurance (reference by function pointer) 2003-04-09 21:12:00 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller e443e9398e - (djm) Revert fix for Bug #442 for now. 2003-01-18 16:24:06 +11:00
Tim Rice 458c6bfa10 [auth.c] declare today at top of allowed_user() to keep older compilers happy. 2003-01-08 20:04:27 -08:00
Damien Miller 06817f9cd3 - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by 
dtucker@zip.com.au. Reorder for clarity too.
 2003-01-07 23:55:59 +11:00
Damien Miller f25c18d7e8 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from 
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
 2003-01-07 17:38:58 +11:00
Damien Miller 64004b5566 - (djm) Fix Bug #442 for PAM case 2003-01-07 16:15:20 +11:00
Damien Miller 48cb8aa935 - (djm) Bug #442: Check for and deny access to accounts with locked 
passwords. Patch from dtucker@zip.com.au
 2003-01-07 12:19:32 +11:00
Ben Lindstrom f5397c081d - (bal) AIX does not log login attempts for unknown users (bug #432). 
patch by dtucker@zip.com.au
 2002-11-09 16:11:10 +00:00
Ben Lindstrom 485075e8fa - markus@cvs.openbsd.org 2002/11/04 10:07:53 
[auth.c]
     don't compare against pw_home if realpath fails for pw_home (seen
     on AFS); ok djm@
 2002-11-09 15:45:12 +00:00
Ben Lindstrom 97e38d8667 20021015 
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
 2002-10-16 00:13:52 +00:00
Damien Miller 6f0a188857 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29 
[auth.c]
     log illegal user here for missing privsep case (ssh2).
     this is executed in the monitor. ok markus@
 2002-09-22 01:26:51 +10:00
Ben Lindstrom d4ee3497ca - stevesk@cvs.openbsd.org 2002/08/08 23:54:52 
[auth.c]
     typo in comment
 2002-08-20 18:42:13 +00:00
Ben Lindstrom e06eb68226 - (bal) Failed password attempts don't increment counter on AIX. Bug #145 2002-07-04 00:27:21 +00:00
Damien Miller 116e6dfaad unbreak (aaarrrgggh - stupid vi) 2002-05-22 15:06:28 +10:00
Damien Miller 13e35a0ea2 rcsid sync 2002-05-22 14:04:11 +10:00
Ben Lindstrom a574cda45b - markus@cvs.openbsd.org 2002/05/13 20:44:58 
[auth-options.c auth.c auth.h]
     move the packet_send_debug handling from auth-options.c to auth.c;
     ok provos@
 2002-05-15 16:16:14 +00:00
Kevin Steves f98fb721a0 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now 
check for root forced expire.  Still don't check for inactive.
 2002-05-10 15:48:52 +00:00
Ben Lindstrom f34e4eb6c7 - markus@cvs.openbsd.org 2002/03/19 15:31:47 
[auth.c]
     check for NULL; from provos@
 2002-03-22 03:08:30 +00:00
Ben Lindstrom 7ebb635d81 - markus@cvs.openbsd.org 2002/03/19 14:27:39 
[auth.c auth1.c auth2.c]
     make getpwnamallow() allways call pwcopy()
 2002-03-22 03:04:08 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35 
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
 2002-03-22 02:54:23 +00:00
Ben Lindstrom b481e1323e - provos@cvs.openbsd.org 2002/03/18 03:41:08 
[auth.c session.c]
     move auth_approval into getpwnamallow with help from millert@
 2002-03-22 01:35:47 +00:00
Ben Lindstrom 2ae18f40a7 - provos@cvs.openbsd.org 2002/03/17 20:25:56 
[auth.c auth.h auth1.c auth2.c]
     getpwnamallow returns struct passwd * only if user valid; okay markus@
 2002-03-22 01:24:38 +00:00
Ben Lindstrom b61e6df9f3 - itojun@cvs.openbsd.org 2002/03/15 11:00:38 
[auth.c]
     fix file type checking (use S_ISREG).  ok by markus
 2002-03-22 01:15:33 +00:00
Ben Lindstrom 3fb5d00ffd - markus@cvs.openbsd.org 2002/03/01 13:12:10 
[auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@
 2002-03-05 01:42:42 +00:00
Ben Lindstrom 6ef9ec6b6b - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 
[auth.c]
     log user not allowed details, from dwd@bell-labs.com; ok markus@
 2002-03-05 01:40:37 +00:00
Ben Lindstrom 916d83d208 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28 
[auth.c match.c match.h]
     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@
 2002-03-05 01:35:23 +00:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03 
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
 2002-02-05 12:13:41 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
 2001-12-06 16:32:47 +00:00
Damien Miller f655207a46 - markus@cvs.openbsd.org 2001/11/08 20:02:24 
[auth.c]
     don't print ROOT in CAPS for the authentication messages, i.e.
     	Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
     becomes
     	Accepted publickey for root from 127.0.0.1 port 42734 ssh2
 2001-11-12 11:06:06 +11:00
Ben Lindstrom c3e49e7b31 - markus@cvs.openbsd.org 2001/10/03 10:01:20 
[auth.c]
     use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
 2001-10-03 17:55:26 +00:00
Damien Miller 0ae6e009c8 - markus@cvs.openbsd.org 2001/07/11 18:26:15 
[auth.c]
     no need to call dirname(pw->pw_dir).
     note that dirname(3) modifies its argument on some systems.
 2001-07-14 12:21:34 +10:00
Damien Miller 98273e3ade - (djm) Revert dirname fix, a better one is on its way. 2001-07-14 11:55:15 +10:00
Damien Miller eec0c25f2a - (djm) dirname(3) may modify its argument on glibc and other systems. 
Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
 2001-07-11 21:32:20 +10:00
Ben Lindstrom 60260022ee - markus@cvs.openbsd.org 2001/06/27 04:48:53 
[auth.c match.c sshd.8]
     tridge@samba.org
 2001-07-04 04:56:44 +00:00
Ben Lindstrom 248c0784bf - provos@cvs.openbsd.org 2001/06/25 17:54:47 
[auth.c auth.h auth-rsa.c]
     terminate secure_filename checking after checking homedir.  that way
     it works on AFS.  okay markus@
 2001-07-04 03:40:39 +00:00
Ben Lindstrom 83647ce474 - markus@cvs.openbsd.org 2001/06/23 00:20:57 
[auth2.c auth.c auth.h auth-rh-rsa.c]
     *known_hosts2 is obsolete for hostbased authentication and
     only used for backward compat. merge ssh1/2 hostkey check
     and move it to auth.c
 2001-06-25 04:30:16 +00:00
Ben Lindstrom 68c3ce1075 - (bal) NeXT/MacOS X lack libgen.h and dirname(). Patch by Mark Miller 
<markm@swoon.net>
 2001-06-10 17:24:51 +00:00
Ben Lindstrom 60567ff890 - markus@cvs.openbsd.org 2001/05/24 11:12:42 
[auth.c]
     fix comment; from jakob@
 2001-06-05 20:27:53 +00:00
Ben Lindstrom bfb3a0e973 - markus@cvs.openbsd.org 2001/05/20 17:20:36 
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
      sshd_config]
     configurable authorized_keys{,2} location; originally from peter@;
     ok djm@
 2001-06-05 20:25:05 +00:00
Damien Miller e7cf07c927 - markus@cvs.openbsd.org 2001/03/19 17:07:23 
[auth.c readconf.c]
     undo /etc/shell and proto 2,1 change for openssh-2.5.2
 2001-03-20 09:15:57 +11:00
Ben Lindstrom d69191bb4e - markus@cvs.openbsd.org 2001/03/17 17:27:59 
[auth.c]
     check /etc/shells, too
 2001-03-17 23:13:27 +00:00
Ben Lindstrom 92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31 
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
 2001-03-05 06:59:27 +00:00
Ben Lindstrom 086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44 
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
 2001-03-05 05:56:40 +00:00
Damien Miller b5b6218537 - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen 
<vinschen@redhat.com>
 2001-03-01 09:48:13 +11:00
Ben Lindstrom d8a9021f36 - markus@cvs.openbsd.org 2001/02/12 16:16:23 
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
      ssh-keygen.c sshd.8]
     PermitRootLogin={yes,without-password,forced-commands-only,no}
     (before this change, root could login even if PermitRootLogin==no)
 2001-02-15 03:08:27 +00:00
Kevin Steves 2b725a056a RCSID 2001-02-05 18:16:28 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
 2001-02-05 12:42:17 +00:00
Damien Miller 3380426358 NB: big update - may break stuff. Please test! 
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
 2001-02-04 23:20:18 +11:00