summaryrefslogtreecommitdiff
path: root/auth.c
AgeCommit message (Collapse)Author
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-10-15 - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.Darren Tucker
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-03 - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
2003-08-26 - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.Darren Tucker
2003-08-25 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: denyDarren Tucker
any access to locked accounts. ok djm@
2003-07-08 - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]Darren Tucker
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-05-02 - (dtucker) Move handling of bad password authentications into a platformDarren Tucker
specific record_failed_login() function (affects AIX & Unicos).
2003-04-09 - (djm) Fix missed log => logit occurance (reference by function pointer)Damien Miller
2003-04-09*** empty log message ***Damien Miller
2003-01-18 - (djm) Revert fix for Bug #442 for now.Damien Miller
2003-01-08[auth.c] declare today at top of allowed_user() to keep older compilers happy.Tim Rice
2003-01-07 - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted byDamien Miller
dtucker@zip.com.au. Reorder for clarity too.
2003-01-07 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix fromDamien Miller
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 - (djm) Fix Bug #442 for PAM caseDamien Miller
2003-01-07 - (djm) Bug #442: Check for and deny access to accounts with lockedDamien Miller
passwords. Patch from dtucker@zip.com.au
2002-11-09 - (bal) AIX does not log login attempts for unknown users (bug #432).Ben Lindstrom
patch by dtucker@zip.com.au
2002-11-09 - markus@cvs.openbsd.org 2002/11/04 10:07:53Ben Lindstrom
[auth.c] don't compare against pw_home if realpath fails for pw_home (seen on AFS); ok djm@
2002-10-1620021015Ben Lindstrom
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-09-22 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29Damien Miller
[auth.c] log illegal user here for missing privsep case (ssh2). this is executed in the monitor. ok markus@
2002-08-20 - stevesk@cvs.openbsd.org 2002/08/08 23:54:52Ben Lindstrom
[auth.c] typo in comment
2002-07-04 - (bal) Failed password attempts don't increment counter on AIX. Bug #145Ben Lindstrom
2002-05-22unbreak (aaarrrgggh - stupid vi)Damien Miller
2002-05-22rcsid syncDamien Miller
2002-05-15 - markus@cvs.openbsd.org 2002/05/13 20:44:58Ben Lindstrom
[auth-options.c auth.c auth.h] move the packet_send_debug handling from auth-options.c to auth.c; ok provos@
2002-05-10 - (stevesk) [auth.c] Shadow account and expiration cleanup. NowKevin Steves
check for root forced expire. Still don't check for inactive.
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 15:31:47Ben Lindstrom
[auth.c] check for NULL; from provos@
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 14:27:39Ben Lindstrom
[auth.c auth1.c auth2.c] make getpwnamallow() allways call pwcopy()
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 10:49:35Ben Lindstrom
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 03:41:08Ben Lindstrom
[auth.c session.c] move auth_approval into getpwnamallow with help from millert@
2002-03-22 - provos@cvs.openbsd.org 2002/03/17 20:25:56Ben Lindstrom
[auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 - itojun@cvs.openbsd.org 2002/03/15 11:00:38Ben Lindstrom
[auth.c] fix file type checking (use S_ISREG). ok by markus
2002-03-05 - markus@cvs.openbsd.org 2002/03/01 13:12:10Ben Lindstrom
[auth.c match.c match.h] undo the 'delay hostname lookup' change match.c must not use compress.c (via canonhost.c/packet.c) thanks to wilfried@
2002-03-05 - stevesk@cvs.openbsd.org 2002/02/28 20:56:00Ben Lindstrom
[auth.c] log user not allowed details, from dwd@bell-labs.com; ok markus@
2002-03-05 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28Ben Lindstrom
[auth.c match.c match.h] delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers for sshd -u0; ok markus@
2002-02-05 - markus@cvs.openbsd.org 2002/01/29 14:32:03Damien Miller
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2001-12-21 - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
2001-12-06 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34Ben Lindstrom
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] enum/int type cleanup where it made sense to do so; ok markus@
2001-11-12 - markus@cvs.openbsd.org 2001/11/08 20:02:24Damien Miller
[auth.c] don't print ROOT in CAPS for the authentication messages, i.e. Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2 becomes Accepted publickey for root from 127.0.0.1 port 42734 ssh2
2001-10-03 - markus@cvs.openbsd.org 2001/10/03 10:01:20Ben Lindstrom
[auth.c] use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
2001-07-14 - markus@cvs.openbsd.org 2001/07/11 18:26:15Damien Miller
[auth.c] no need to call dirname(pw->pw_dir). note that dirname(3) modifies its argument on some systems.
2001-07-14 - (djm) Revert dirname fix, a better one is on its way.Damien Miller
2001-07-11 - (djm) dirname(3) may modify its argument on glibc and other systems.Damien Miller
Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
2001-07-04 - markus@cvs.openbsd.org 2001/06/27 04:48:53Ben Lindstrom
[auth.c match.c sshd.8] tridge@samba.org
2001-07-04 - provos@cvs.openbsd.org 2001/06/25 17:54:47Ben Lindstrom
[auth.c auth.h auth-rsa.c] terminate secure_filename checking after checking homedir. that way it works on AFS. okay markus@
2001-06-25 - markus@cvs.openbsd.org 2001/06/23 00:20:57Ben Lindstrom
[auth2.c auth.c auth.h auth-rh-rsa.c] *known_hosts2 is obsolete for hostbased authentication and only used for backward compat. merge ssh1/2 hostkey check and move it to auth.c