summaryrefslogtreecommitdiff
path: root/auth.c
AgeCommit message (Collapse)Author
2005-02-02 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]Darren Tucker
Bug #974: Teach sshd to write failed login records to btmp for failed auth attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@
2005-02-02 - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]Darren Tucker
Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-01-24 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59Darren Tucker
[auth.c] Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. bz #909, ok djm@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
2004-07-21 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2004/07/21 08:56:12 [auth.c] s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, miod, ...
2004-06-23 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]Darren Tucker
Move loginrestrictions test to port-aix.c, replace with a generic hook.
2004-05-24 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53Darren Tucker
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@
2004-05-13 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43Darren Tucker
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok
2004-05-13 - deraadt@cvs.openbsd.org 2004/05/08 00:01:37Darren Tucker
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok
2004-02-22 - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry testDarren Tucker
to auth-shadow.c, no functional change. ok djm@
2004-02-10 - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.hDarren Tucker
defines.h] Bug #14: Use do_pwchange to support password expiry and force change for platforms using /etc/shadow. ok djm@
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-10-15 - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.Darren Tucker
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-03 - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
2003-08-26 - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.Darren Tucker
2003-08-25 - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: denyDarren Tucker
any access to locked accounts. ok djm@
2003-07-08 - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]Darren Tucker
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-05-02 - (dtucker) Move handling of bad password authentications into a platformDarren Tucker
specific record_failed_login() function (affects AIX & Unicos).
2003-04-09 - (djm) Fix missed log => logit occurance (reference by function pointer)Damien Miller
2003-04-09*** empty log message ***Damien Miller
2003-01-18 - (djm) Revert fix for Bug #442 for now.Damien Miller
2003-01-08[auth.c] declare today at top of allowed_user() to keep older compilers happy.Tim Rice
2003-01-07 - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted byDamien Miller
dtucker@zip.com.au. Reorder for clarity too.
2003-01-07 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix fromDamien Miller
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 - (djm) Fix Bug #442 for PAM caseDamien Miller
2003-01-07 - (djm) Bug #442: Check for and deny access to accounts with lockedDamien Miller
passwords. Patch from dtucker@zip.com.au
2002-11-09 - (bal) AIX does not log login attempts for unknown users (bug #432).Ben Lindstrom
patch by dtucker@zip.com.au
2002-11-09 - markus@cvs.openbsd.org 2002/11/04 10:07:53Ben Lindstrom
[auth.c] don't compare against pw_home if realpath fails for pw_home (seen on AFS); ok djm@
2002-10-1620021015Ben Lindstrom
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-09-22 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29Damien Miller
[auth.c] log illegal user here for missing privsep case (ssh2). this is executed in the monitor. ok markus@
2002-08-20 - stevesk@cvs.openbsd.org 2002/08/08 23:54:52Ben Lindstrom
[auth.c] typo in comment
2002-07-04 - (bal) Failed password attempts don't increment counter on AIX. Bug #145Ben Lindstrom
2002-05-22unbreak (aaarrrgggh - stupid vi)Damien Miller
2002-05-22rcsid syncDamien Miller
2002-05-15 - markus@cvs.openbsd.org 2002/05/13 20:44:58Ben Lindstrom
[auth-options.c auth.c auth.h] move the packet_send_debug handling from auth-options.c to auth.c; ok provos@
2002-05-10 - (stevesk) [auth.c] Shadow account and expiration cleanup. NowKevin Steves
check for root forced expire. Still don't check for inactive.
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 15:31:47Ben Lindstrom
[auth.c] check for NULL; from provos@
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 14:27:39Ben Lindstrom
[auth.c auth1.c auth2.c] make getpwnamallow() allways call pwcopy()
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 10:49:35Ben Lindstrom
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 03:41:08Ben Lindstrom
[auth.c session.c] move auth_approval into getpwnamallow with help from millert@
2002-03-22 - provos@cvs.openbsd.org 2002/03/17 20:25:56Ben Lindstrom
[auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-22 - itojun@cvs.openbsd.org 2002/03/15 11:00:38Ben Lindstrom
[auth.c] fix file type checking (use S_ISREG). ok by markus
2002-03-05 - markus@cvs.openbsd.org 2002/03/01 13:12:10Ben Lindstrom
[auth.c match.c match.h] undo the 'delay hostname lookup' change match.c must not use compress.c (via canonhost.c/packet.c) thanks to wilfried@
2002-03-05 - stevesk@cvs.openbsd.org 2002/02/28 20:56:00Ben Lindstrom
[auth.c] log user not allowed details, from dwd@bell-labs.com; ok markus@
2002-03-05 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28Ben Lindstrom
[auth.c match.c match.h] delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers for sshd -u0; ok markus@