summaryrefslogtreecommitdiff
path: root/auth2.c
AgeCommit message (Collapse)Author
2004-09-11 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]Darren Tucker
Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
2004-08-12 - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
2004-07-21 - djm@cvs.openbsd.org 2004/07/21 10:33:31Damien Miller
[auth1.c auth2.c] bz#899: Don't display invalid usernames in setproctitle
2004-05-24 - dtucker@cvs.openbsd.org 2004/05/23 23:59:53Darren Tucker
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@
2004-03-08 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.cDarren Tucker
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@
2003-11-17 - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-03 - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 13:22:27Darren Tucker
[auth2.c] (auth2-krb5.c removed) nuke "kerberos-2@ssh.com"
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-06-28 - markus@cvs.openbsd.org 2003/06/24 08:23:46Darren Tucker
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-14 - markus@cvs.openbsd.org 2003/05/14 02:15:47Damien Miller
[auth2.c monitor.c sshconnect2.c auth2-krb5.c] implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@ server interops with commercial client; ok jakob@ djm@
2003-05-14 - (djm) RCSID sync w/ OpenBSDDamien Miller
2003-05-14 - (djm) Bug #117: Don't lie to PAM about usernameDamien Miller
2003-05-02 - (dtucker) Move handling of bad password authentications into a platformDarren Tucker
specific record_failed_login() function (affects AIX & Unicos).
2003-04-27 - (bal) auth2.c same changed as above.Ben Lindstrom
2003-04-09*** empty log message ***Damien Miller
2003-02-24 - markus@cvs.openbsd.org 2003/02/06 21:22:43Damien Miller
[auth1.c auth2.c] undo broken fix for #387, fixes #486
2002-09-25Cray fixes (bug 367) based on patch from Wendy Palm @ cray.Tim Rice
This does not include the deattack.c fixes.
2002-09-04 - markus@cvs.openbsd.org 2002/08/22 21:33:58Damien Miller
[auth1.c auth2.c] auth_root_allowed() is handled by the monitor in the privsep case, so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-07-04 - (bal) Failed password attempts don't increment counter on AIX. Bug #145Ben Lindstrom
2002-07-04 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16Ben Lindstrom
[auth2.c session.c sshd.c] lint asks that we use names that do not overlap
2002-06-21some xxx's for future privsep cleanupDamien Miller
2002-06-07 - (bal) Refixed auth2.c. It was never fully commited while spliting outBen Lindstrom
authentication to different files.
2002-06-06 - markus@cvs.openbsd.org 2002/05/31 11:35:15Ben Lindstrom
[auth.h auth2.c] move Authmethod definitons to per-method file. NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 - markus@cvs.openbsd.org 2002/05/25 18:51:07Ben Lindstrom
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c Makefile.in] split auth2.c into one file per method; ok provos@/deraadt@ NOTE: Merged back noticable cygwin and pam stuff. May need review to ensure I did not miss anything.
2002-05-15 - itojun@cvs.openbsd.org 2002/05/13 02:37:39Ben Lindstrom
[auth-skey.c auth2.c] less warnings. skey_{respond,query} are public (in auth.h)
2002-05-13 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.Damien Miller
2002-05-09 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)Damien Miller
2002-04-23 - (djm) Make privsep work with PAM (still experimental)Damien Miller
2002-04-04 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.hKevin Steves
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-03-22 - (stevesk) [auth2.c] merge cleanup/syncKevin Steves
2002-03-22 - markus@cvs.openbsd.org 2002/03/19 14:27:39Ben Lindstrom
[auth.c auth1.c auth2.c] make getpwnamallow() allways call pwcopy()
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 17:50:31Ben Lindstrom
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 01:12:14Ben Lindstrom
[auth.h auth1.c auth2.c sshd.c] have the authentication functions return the authentication context and then do_authenticated; okay millert@
2002-03-22 - provos@cvs.openbsd.org 2002/03/17 20:25:56Ben Lindstrom
[auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@
2002-03-13Stupid djm commits experimental code to head instead of branchDamien Miller
revert
2002-03-13Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller
PAM, Cygwin and OSF SIA will not work for sure
2002-02-26 - markus@cvs.openbsd.org 2002/02/24 19:14:59Ben Lindstrom
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-05 - (djm) Cleanup after sync:Damien Miller
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 - markus@cvs.openbsd.org 2002/02/04 11:58:10Damien Miller
[auth2.c] cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
2002-02-05 - markus@cvs.openbsd.org 2002/01/29 14:32:03Damien Miller
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-01-22 - markus@cvs.openbsd.org 2002/01/13 17:57:37Damien Miller
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 - markus@cvs.openbsd.org 2002/01/11 13:39:36Damien Miller
[auth2.c dispatch.c dispatch.h kex.c] a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED' dispatch_range(): set handler for a ranges message types use dispatch_protocol_ignore() for authentication requests after successful authentication (the drafts requirement). serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
2002-01-22 - markus@cvs.openbsd.org 2001/12/28 15:06:00Damien Miller
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] remove plen from the dispatch fn. it's no longer used.
2002-01-22 - markus@cvs.openbsd.org 2001/12/27 20:39:58Damien Miller
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] get rid of packet_integrity_check, use packet_done() instead.
2001-12-29 - (djm) Apply Cygwin pointer deref fix from Corinna VinschenDamien Miller
<vinschen@redhat.com> Could be abused to guess valid usernames
2001-12-21 - djm@cvs.openbsd.org 2001/12/20 22:50:24Damien Miller
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] [sshconnect2.c] Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@