summaryrefslogtreecommitdiff
path: root/auth1.c
AgeCommit message (Collapse)Author
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-02-08 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2004-12-03 - (dtucker) [auth1.c auth2.c] If the user successfully authenticates but isDarren Tucker
subsequently denied by the PAM auth stack, send the PAM message to the user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2). ok djm@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
2004-07-21 - djm@cvs.openbsd.org 2004/07/21 10:33:31Damien Miller
[auth1.c auth2.c] bz#899: Don't display invalid usernames in setproctitle
2004-06-23 - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1Darren Tucker
connections with empty passwords. Patch from davidwu at nbttech.com, ok djm@
2004-06-22 - (bal) [auth-passwd.c auth1.c] Clean up unused variables.Ben Lindstrom
2004-05-24 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53Darren Tucker
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@
2004-05-13 - djm@cvs.openbsd.org 2004/05/09 01:19:28Darren Tucker
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@
2004-03-08 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.cDarren Tucker
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@
2003-11-22knf in portable-code (no code change)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-11-17 - jakob@cvs.openbsd.org 2003/11/08 16:02:40Damien Miller
[auth1.c] remove unused variable (pw). ok djm@ (id sync only - still used in portable)
2003-11-17 - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-03 - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-13 - markus@cvs.openbsd.org 2003/08/13 08:46:31Darren Tucker
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, fgsch@, miod@, henning@, jakob@ and others
2003-08-02 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-05-14 - (djm) Bug #117: Don't lie to PAM about usernameDamien Miller
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-05-02 - (dtucker) Move handling of bad password authentications into a platformDarren Tucker
specific record_failed_login() function (affects AIX & Unicos).
2003-04-27 - (bal) auth1.c minor resync while looking at the code.Ben Lindstrom
2003-04-09*** empty log message ***Damien Miller
2003-02-24 - markus@cvs.openbsd.org 2003/02/06 21:22:43Damien Miller
[auth1.c auth2.c] undo broken fix for #387, fixes #486
2003-01-23 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2003/01/23 00:03:00 [auth1.c] Don't log TIS auth response; "get rid of it" - markus@
2002-12-23 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51Ben Lindstrom
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF
2002-09-27 - markus@cvs.openbsd.org 2002/09/26 11:38:43Damien Miller
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@
2002-09-25Cray fixes (bug 367) based on patch from Wendy Palm @ cray.Tim Rice
This does not include the deattack.c fixes.
2002-09-12 - itojun@cvs.openbsd.org 2002/09/09 06:48:06Damien Miller
[auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
2002-09-04 - markus@cvs.openbsd.org 2002/08/22 21:33:58Damien Miller
[auth1.c auth2.c] auth_root_allowed() is handled by the monitor in the privsep case, so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-07-04 - (bal) Failed password attempts don't increment counter on AIX. Bug #145Ben Lindstrom
2002-06-21some xxx's for future privsep cleanupDamien Miller
2002-06-21 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
2002-04-23 - (djm) Make privsep work with PAM (still experimental)Damien Miller
2002-04-10 - markus@cvs.openbsd.org 2002/04/10 08:21:47Ben Lindstrom
[auth1.c compat.c compat.h] strip '@' from username only for KerbV and known broken clients, bug #204 Don't mind me.. I just commited a changelog with no patch. <sigh>
2002-04-04 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.hKevin Steves
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-02 - (stevesk) [auth1.c] fix password auth for protocol 1 whenKevin Steves
!USE_PAM && !HAVE_OSF_SIA; merge issue.
2002-03-27 - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted byBen Lindstrom
kent@lysator.liu.se
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 14:27:39Ben Lindstrom
[auth.c auth1.c auth2.c] make getpwnamallow() allways call pwcopy()
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 17:50:31Ben Lindstrom
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 01:12:14Ben Lindstrom
[auth.h auth1.c auth2.c sshd.c] have the authentication functions return the authentication context and then do_authenticated; okay millert@
2002-03-22 - provos@cvs.openbsd.org 2002/03/17 20:25:56Ben Lindstrom
[auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-13Stupid djm commits experimental code to head instead of branchDamien Miller
revert
2002-03-13Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller
PAM, Cygwin and OSF SIA will not work for sure
2002-02-14 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid usersDamien Miller