summaryrefslogtreecommitdiff
path: root/auth-krb5.c
AgeCommit message (Collapse)Author
2018-04-03GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2017-10-04 Patch-Name: gssapi.patch
2016-05-19upstream commitmarkus@openbsd.org
move SSH_MSG_NONE, so we don't have to include ssh1.h; ok deraadt@ Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
2016-01-27upstream commitdjm@openbsd.org
change old $FreeBSD version string in comment so it doesn't become an RCS ident downstream; requested by des AT des.no Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2013-10-24 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok checkDamien Miller
rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@
2013-08-04 - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add supportDarren Tucker
for building with older Heimdal versions. ok djm.
2013-07-20 - djm@cvs.openbsd.org 2013/07/20 01:55:13Damien Miller
[auth-krb5.c gss-serv-krb5.c gss-serv.c] fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
2013-06-02 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
2012-04-26 - (djm) [auth-krb5.c] Save errno across calls that might modify it;Damien Miller
ok dtucker@
2009-12-21 - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]Darren Tucker
Bug #1583: Use system's kerberos principal name on AIX if it's available. Based on a patch from and tested by Miguel Sanders.
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-07-24 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-13 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.hDarren Tucker
2006-05-06 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40Darren Tucker
[auth-krb5.c] Add $OpenBSD$ in comment here too
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2005-11-22 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10Darren Tucker
[auth-krb5.c] Perform Kerberos calls even for invalid users to prevent leaking information about account validity. bz #975, patch originally from Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, ok markus@
2005-11-10 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.Darren Tucker
Patch from djm@.
2005-07-07 - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] RemoveDarren Tucker
calls to krb5_init_ets, which has not been required since krb-1.1.x and most Kerberos versions no longer export in their public API. From sxw at inf.ed.ac.uk, ok djm@
2005-07-07 - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errnoDarren Tucker
in the case where the buffer is insufficient, so always return ENOMEM. Also pointed out by sxw at inf.ed.ac.uk.
2005-07-07 - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MITDarren Tucker
Kerberos code path into a common function and expand mkstemp template to be consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
2004-09-11 - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengertDarren Tucker
at anl.gov, ok djm@
2004-08-14 - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]Darren Tucker
Explicitly set umask for mkstemp; ok djm@
2004-04-16 - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccacheDamien Miller
file using FILE: method, fixes problems on Mac OSX. Patch from simon@sxw.org.uk; ok dtucker@
2004-04-07 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to seeBen Lindstrom
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) are starting to restrict it as internal since it is not needed by developers any more. (Patch based on Apple tree) - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since krb5 on MacOS/X conflicts. There may be a better solution, but this will work for now.
2003-11-22Whitespace syncDarren Tucker
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-11-17 - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-08-26 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.hDarren Tucker
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-11 - (dtucker) OpenBSD CVS SyncDarren Tucker
(thanks to Simon Wilkinson for help with this -dt) - markus@cvs.openbsd.org 2003/07/16 15:02:06 [auth-krb5.c] mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se> otherwise the kerberos credentinal is stored in a memory cache in the privileged sshd. ok jabob@, hin@ (some time ago)
2003-05-14 - (djm) Make portable build with MIT krb5 (some issues remain)Damien Miller
2003-04-09*** empty log message ***Damien Miller
2002-12-23 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51Ben Lindstrom
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF
2002-09-12 - itojun@cvs.openbsd.org 2002/09/09 06:48:06Damien Miller
[auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
2002-06-09unexpandBen Lindstrom
2002-04-13 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>Damien Miller
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 10:49:35Ben Lindstrom
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
2002-03-22 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25Ben Lindstrom
[auth-krb5.c] BSD license. from Daniel Kouril via Dug Song. ok markus@
2002-03-05 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39Ben Lindstrom
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
2002-02-26 - markus@cvs.openbsd.org 2002/02/15 23:54:10Ben Lindstrom
[auth-krb5.c] krb5_get_err_text() does not like context==NULL; he@nordu.net via google; ok provos@
2002-02-13sync - don't know when this got out of syncDamien Miller
2001-11-14 - (djm) OpenBSD CVS SyncDamien Miller
- dugsong@cvs.openbsd.org 2001/11/11 18:47:10 [auth-krb5.c] fix krb5 authorization check. found by <jhawk@MIT.EDU>. from art@, deraadt@ ok
2001-09-25 - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.Damien Miller