Age | Commit message (Collapse) | Author |
|
Prevents compile errors due to missing definitions (eg va_list) on
non-AIX platforms.
|
|
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
|
|
Spotted by Kevin Brott.
|
|
|
|
|
|
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
|
|
|
struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50. Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
|
|
modified: openbsd-compat/port-aix.c
modified: openbsd-compat/port-uw.c
propogate changes to auth-passwd.c in commit
7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers
of sys_auth_passwd()
|
|
Mechanically strip trailing whitespace on files not synced with OpenBSD
(or in the case of bsd-snprint.c, rsync).
|
|
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
|
|
Bug #1583: Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
|
|
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
|
|
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
|
|
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
|
|
|
|
Prevents macro redefinition warnings of "RDONLY".
|
|
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
|
|
loginsuccess on AIX immediately after authentication to clear the failed
login count. Previously this would only happen when an interactive
session starts (ie when a pty is allocated) but this means that accounts
that have primarily non-interactive sessions (eg scp's) may gradually
accumulate enough failures to lock out an account. This change may have
a side effect of creating two audit records, one with a tty of "ssh"
corresponding to the authentication and one with the allocated pty per
interactive session.
|
|
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
|
|
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
[openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
[openbsd-compat/rresvport.c]
These look to need string.h and/or unistd.h (based on a grep for function
names)
|
|
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
|
|
openbsd-compat/rresvport.c] More errno.h.
|
|
spotted by tim@.
|
|
|
|
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
argument to passwdexpired to be initialized to NULL. Suggested by tim@
While at it, initialize the other arguments to auth functions in case they
ever acquire this behaviour.
|
|
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
|
|
compiler warnings on AIX.
|
|
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
|
|
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
|
|
|
|
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
|
|
accounts with authentication configs that sshd can't support (ie
SYSTEM=NONE and AUTH1=something).
|
|
Plug AIX login recording into login_write so logins will be recorded for
all auth types.
|
|
|
|
Move loginrestrictions test to port-aix.c, replace with a generic hook.
|
|
code changes.
|
|
include from port-aix.h to port-aix.c and remove unnecessary function
definition. Fixes build errors on AIX.
#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c. Sigh.
|
|
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
native password expiry.
|
|
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
|
|
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
|
|
add canohost.h to stop warning. Based on patch from openssh-unix-dev at
thewrittenword.com
|
|
Call setauthdb() before loginfailed(), which may load password registry-
specific functions. Based on patch by cawlfiel@us.ibm.com.
|
|
loginfailed at all, so assume 3-arg loginfailed if not declared.
|
|
Convert aixloginmsg into platform-independant Buffer loginmsg.
|
|
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
|
|
|
|
|
|
|
|
specific record_failed_login() function (affects AIX & Unicos).
|