Age | Commit message (Collapse) | Author |
|
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
|
|
!USE_PAM && !HAVE_OSF_SIA; merge issue.
|
|
kent@lysator.liu.se
|
|
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
|
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
|
|
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
|
|
revert
|
|
PAM, Cygwin and OSF SIA will not work for sure
|
|
|
|
- :%s/reverse_mapping_check/verify_reverse_mapping/g
|
|
[auth1.c serverloop.c session.c session.h]
don't use channel_input_channel_request and callback
use new server_input_channel_req() instead:
server_input_channel_req does generic request parsing on server side
session_input_channel_req handles just session specific things now
ok djm@
|
|
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
|
|
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
packet_get_bignum* no longer returns a size
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[auth1.c auth.h auth-rh-rsa.c]
auth_rhosts_rsa now accept generic keys.
|
|
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
call fatal() for openssl allocation failures
|
|
[auth1.c]
be more carefull on allocation
|
|
<vinschen@redhat.com> Could be abused to guess valid usernames
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
|
|
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
|
|
Patch from Simon Wilkinson <simon@sxw.org.uk>
|
|
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
|
|
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
|
|
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
|
|
[auth1.c]
authctxt is now passed to do_authenticated
|
|
[auth1.c auth2.c session.c session.h]
merge common ssh v1/2 code
|
|
resync
|
|
[auth1.c]
unused; ok markus@
|
|
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
|
|
enable with --with-bsd-auth.
|
|
[auth1.c auth2.c]
setproctitle(user) only if getpwnam succeeds
|
|
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
|
|
<cmadams@hiwaay.net> with a little modification and KNF.
|
|
|
|
<mib@unimelb.edu.au>
|
|
[auth1.c auth2.c sshd.c]
move k_setpag() to a central place; ok dugsong@
|
|
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
|
|
|
|
- (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org 2001/02/03 03:08:38
[auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
[canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
[sshd_config]
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
- markus@cvs.openbsd.org 2001/02/03 03:19:51
[ssh.1 sshd.8 sshd_config]
Skey is now called ChallengeResponse
- markus@cvs.openbsd.org 2001/02/03 03:43:09
[sshd.8]
use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
channel. note from Erik.Anggard@cygate.se (pr/1659)
- stevesk@cvs.openbsd.org 2001/02/03 10:03:06
[ssh.1]
typos; ok markus@
- djm@cvs.openbsd.org 2001/02/04 04:11:56
[scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
[sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
Basic interactive sftp client; ok theo@
- (djm) Update RPM specs for new sftp binary
- (djm) Update several bits for new optional reverse lookup stuff. I
think I got them all.
|
|
|
|
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
sshconnect1.c sshconnect2.c sshd.c]
rename skey -> challenge response.
auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
|
|
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
|
|
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26
[ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
|
|
|
|
Also removed some of the 'ISSUES' comments that have been verified by djm.
|
|
to fix NULL pointer deref and fake authloop breakage in PAM code.
|
|
that I was able to get all the portable bits in the right location. As for
the SKEY comment there is an email out to Markus as to how it should be
resolved. Until then I just #ifdef SKEY/#endif out the whole block.
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/18 16:20:21
[log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
sshd.8 sshd.c]
log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
systems
- markus@cvs.openbsd.org 2001/01/18 16:59:59
[auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
session.h sshconnect1.c]
1) removes fake skey from sshd, since this will be much
harder with /usr/libexec/auth/login_XXX
2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
3) make addition of BSD_AUTH and other challenge reponse methods
easier.
- markus@cvs.openbsd.org 2001/01/18 17:12:43
[auth-chall.c auth2-chall.c]
rename *-skey.c *-chall.c since the files are not skey specific
|