summaryrefslogtreecommitdiff
path: root/monitor.h
AgeCommit message (Collapse)Author
2013-05-13renumber monitor requests to allow more spaceColin Watson
2013-05-07merge 6.2p1; reorder additions to monitor.h for easier merging in futureColin Watson
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:34:10Damien Miller
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] [monitor.c monitor.h] Fixes logging of partial authentication when privsep is enabled Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@
2011-09-06merge 5.9p1Colin Watson
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:44:31Damien Miller
[log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
2010-01-01import openssh-5.2p1-gsskex-all-20090726.patchColin Watson
2009-12-29import openssh-4.6p1-gsskex-20070312.patchColin Watson
2009-12-29import openssh-4.0p1-gssapikex.patchColin Watson
2008-11-05 - djm@cvs.openbsd.org 2008/11/04 08:22:13Damien Miller
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] [Makefile.in] Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 22:22:43Damien Miller
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
2005-02-03 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
2003-11-17 - markus@cvs.openbsd.org 2003/11/17 11:06:07Damien Miller
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h sshconnect2.c ssh-gss.h] replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
2003-10-02 - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-09-02 - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-08-26 - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-03Sync OpenBSD IDDarren Tucker
2003-08-02 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
2003-08-02 - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags.Darren Tucker
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2002-09-27 - markus@cvs.openbsd.org 2002/09/26 11:38:43Damien Miller
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@
2002-09-12 - itojun@cvs.openbsd.org 2002/09/09 06:48:06Damien Miller
[auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
2002-06-11 - mpech@cvs.openbsd.org 2002/06/11 05:46:20Ben Lindstrom
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c] pid_t cleanup. Markus need this now to keep hacking. markus@, millert@ ok
2002-06-06 - stevesk@cvs.openbsd.org 2002/06/06 01:09:41Ben Lindstrom
[monitor.h] no trailing comma in enum; china@thewrittenword.com
2002-05-13 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.Damien Miller
2002-04-23 - (djm) Make privsep work with PAM (still experimental)Damien Miller
2002-03-26 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01Ben Lindstrom
[monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h] $OpenBSD$
2002-03-22 - provos@cvs.openbsd.org 2002/03/18 17:50:31Ben Lindstrom
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-13revert more of my stupidityDamien Miller
2002-03-13Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller
PAM, Cygwin and OSF SIA will not work for sure