openssh-portable

Commit Graph

Author	SHA1	Message	Date
Darren Tucker	a916d143a1	- [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MIT Kerberos code path into a common function and expand mkstemp template to be consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@	2005-07-07 11:50:20 +10:00
Damien Miller	6476cad9bb	- djm@cvs.openbsd.org 2005/06/06 11:20:36 [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@	2005-06-16 13:18:34 +10:00
Darren Tucker	f3bb434177	- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006 : fix bug in handling of password expiry messages returned by AIX's authentication routines, originally reported by robvdwal at sara.nl.	2005-03-31 21:39:25 +10:00
Darren Tucker	269a1ea1c8	- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@	2005-02-03 00:20:53 +11:00
Darren Tucker	3c66080aa2	- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936 : Remove pam from the list of available kbdint devices if UsePAM=no. ok djm@	2005-01-20 22:20:50 +11:00
Darren Tucker	77fc29eeb3	- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@	2004-09-11 23:07:03 +10:00
Darren Tucker	89413dbafa	- dtucker@cvs.openbsd.org 2004/05/23 23:59:53 [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@	2004-05-24 10:36:23 +10:00
Damien Miller	9c870f966a	- (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache file using FILE: method, fixes problems on Mac OSX. Patch from simon@sxw.org.uk; ok dtucker@	2004-04-16 22:47:55 +10:00
Darren Tucker	aa0aecad99	- (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or password expiry. ok djm@	2004-02-22 10:22:05 +11:00
Darren Tucker	15ee748f28	- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test to auth-shadow.c, no functional change. ok djm@	2004-02-22 09:43:15 +11:00
Darren Tucker	9df3defdbb	- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h defines.h] Bug #14: Use do_pwchange to support password expiry and force change for platforms using /etc/shadow. ok djm@	2004-02-10 13:01:14 +11:00
Darren Tucker	e3dba82dd4	- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's native password expiry.	2004-02-10 12:50:19 +11:00
Darren Tucker	c52a29913d	Sync Ids missed in password expiry sync	2004-02-06 16:38:16 +11:00
Darren Tucker	23bc8d0bff	- markus@cvs.openbsd.org 2004/01/30 09:48:57 [auth-passwd.c auth.h pathnames.h session.c] support for password change; ok dtucker@ (set password-dead=1w in login.conf to use this). In -Portable, this is currently only platforms using bsdauth.	2004-02-06 16:24:31 +11:00
Darren Tucker	ec217adf70	Whitespace sync	2003-11-22 12:11:06 +11:00
Damien Miller	3e3b5145e5	- djm@cvs.openbsd.org 2003/11/04 08:54:09 [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@	2003-11-17 21:13:40 +11:00
Darren Tucker	3e33cecf71	- markus@cvs.openbsd.org 2003/09/23 20:17:11 [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@	2003-10-02 16:12:36 +10:00
Damien Miller	a256c650ac	- markus@cvs.openbsd.org 2003/08/28 12:54:34 [auth.h] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...	2003-09-03 12:11:30 +10:00
Damien Miller	856f0be669	- markus@cvs.openbsd.org 2003/08/26 09:58:43 [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar	2003-09-03 07:32:45 +10:00
Damien Miller	1a0c0b9621	- markus@cvs.openbsd.org 2003/08/28 12:54:34 [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...	2003-09-02 22:51:17 +10:00
Darren Tucker	0efd155c3c	- markus@cvs.openbsd.org 2003/08/22 10:56:09 [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.	2003-08-26 11:49:55 +10:00
Darren Tucker	6aaa58c470	- (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....	2003-08-02 22:24:49 +10:00
Damien Miller	8ce778a9f0	- markus@cvs.openbsd.org 2003/04/16 14:35:27 [auth.h] document struct Authctxt; with solar	2003-05-14 13:43:25 +10:00
Damien Miller	4f9f42a9bb	- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with proper challenge-response module	2003-05-10 19:28:02 +10:00
Damien Miller	d94e549ea8	- markus@cvs.openbsd.org 2002/09/26 11:38:43 [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@	2002-09-27 13:25:58 +10:00
Damien Miller	25162f2518	- itojun@cvs.openbsd.org 2002/09/09 06:48:06 [auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus	2002-09-12 09:47:29 +10:00
Ben Lindstrom	511bb24c5b	- markus@cvs.openbsd.org 2002/05/31 11:35:15 [auth.h auth2.c] move Authmethod definitons to per-method file. NOTE: The rest of this patch is with the import of the auth2-*.c files.	2002-06-06 20:52:37 +00:00
Ben Lindstrom	855bf3ac3c	- markus@cvs.openbsd.org 2002/05/25 18:51:07 [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c Makefile.in] split auth2.c into one file per method; ok provos@/deraadt@ NOTE: Merged back noticable cygwin and pam stuff. May need review to ensure I did not miss anything.	2002-06-06 20:27:55 +00:00
Ben Lindstrom	a574cda45b	- markus@cvs.openbsd.org 2002/05/13 20:44:58 [auth-options.c auth.c auth.h] move the packet_send_debug handling from auth-options.c to auth.c; ok provos@	2002-05-15 16:16:14 +00:00
Damien Miller	5ad9fd9820	- (djm) Bug #231 : UsePrivilegeSeparation turns off Banner.	2002-05-13 11:07:41 +10:00
Ben Lindstrom	08105192fd	- markus@cvs.openbsd.org 2002/03/19 10:35:39 [auth-options.c auth.h session.c session.h sshd.c] clean up prototypes	2002-03-22 02:50:06 +00:00
Ben Lindstrom	7a2073c50b	- provos@cvs.openbsd.org 2002/03/18 17:50:31 [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!	2002-03-22 02:30:41 +00:00
Ben Lindstrom	73ab9ba45d	- provos@cvs.openbsd.org 2002/03/18 01:12:14 [auth.h auth1.c auth2.c sshd.c] have the authentication functions return the authentication context and then do_authenticated; okay millert@	2002-03-22 01:27:35 +00:00
Ben Lindstrom	2ae18f40a7	- provos@cvs.openbsd.org 2002/03/17 20:25:56 [auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@	2002-03-22 01:24:38 +00:00
Ben Lindstrom	186b7da2d7	- markus@cvs.openbsd.org 2002/03/16 17:22:09 [auth-rh-rsa.c auth.h] split auth_rhosts_rsa(), ok provos@	2002-03-22 01:20:32 +00:00
Ben Lindstrom	9c8aefe750	- markus@cvs.openbsd.org 2002/03/14 16:56:33 [auth-rh-rsa.c auth-rsa.c auth.h] split auth_rsa() for better readability and privsep; ok provos@	2002-03-22 01:12:58 +00:00
Damien Miller	3a5b023330	Stupid djm commits experimental code to head instead of branch revert	2002-03-13 13:19:42 +11:00
Damien Miller	646e7cf3d7	Import of Niels Provos' 20020312 ssh-complete.diff PAM, Cygwin and OSF SIA will not work for sure	2002-03-13 12:47:54 +11:00
Ben Lindstrom	05764b9286	- stevesk@cvs.openbsd.org 2002/03/04 17:27:39 [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /$OpenBSD$/ from .c files. ok markus@	2002-03-05 01:53:02 +00:00
Damien Miller	a93c6d87ef	- millert@cvs.openbsd.org 2002/02/17 19:42:32 [auth.h] Manual cleanup of remaining userland __P use (excluding packages maintained outside the tree)	2002-02-19 15:25:29 +11:00
Damien Miller	b046211483	- millert@cvs.openbsd.org 2002/02/16 21:27:53 [auth.h] Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.	2002-02-19 15:24:43 +11:00
Damien Miller	d221ca6cc9	- markus@cvs.openbsd.org 2001/12/27 19:54:53 [auth1.c auth.h auth-rh-rsa.c] auth_rhosts_rsa now accept generic keys.	2002-01-22 23:11:00 +11:00
Damien Miller	9f0f5c64bc	- deraadt@cvs.openbsd.org 2001/12/19 07:18:56 [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else	2001-12-21 14:45:46 +11:00
Damien Miller	5b2aea9494	- jakob@cvs.openbsd.org 2001/12/18 10:04:21 [auth.h hostfile.c hostfile.h] remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@	2001-12-21 12:47:09 +11:00
Damien Miller	ee11625d43	- markus@cvs.openbsd.org 2001/12/09 18:45:56 [auth2.c auth2-chall.c auth.h] add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions, fixes memleak.	2001-12-21 12:42:34 +11:00
Ben Lindstrom	4cc240dabb	- markus@cvs.openbsd.org 2001/06/26 17:27:25 [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h tildexpand.h uidswap.h uuencode.h xmalloc.h] remove comments from .h, since they are cut&paste from the .c files and out of sync	2001-07-04 04:46:56 +00:00
Ben Lindstrom	ec95ed9b4c	- dugsong@cvs.openbsd.org 2001/06/26 16:15:25 [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h servconf.c servconf.h session.c sshconnect1.c sshd.c] Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok	2001-07-04 04:21:14 +00:00
Ben Lindstrom	16ae3d0dba	- itojun@cvs.openbsd.org 2001/06/26 06:32:58 [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h] prototype pedant. not very creative... - () -> (void) - no variable names	2001-07-04 04:02:36 +00:00
Ben Lindstrom	248c0784bf	- provos@cvs.openbsd.org 2001/06/25 17:54:47 [auth.c auth.h auth-rsa.c] terminate secure_filename checking after checking homedir. that way it works on AFS. okay markus@	2001-07-04 03:40:39 +00:00
Ben Lindstrom	83647ce474	- markus@cvs.openbsd.org 2001/06/23 00:20:57 [auth2.c auth.c auth.h auth-rh-rsa.c] *known_hosts2 is obsolete for hostbased authentication and only used for backward compat. merge ssh1/2 hostkey check and move it to auth.c	2001-06-25 04:30:16 +00:00

1 2

68 Commits