summaryrefslogtreecommitdiffstats
path: root/auth-krb5.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* polish whitespace for portable filesDamien Miller2021-04-031-6/+7
|
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-3/+3
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: sshd: switch authentication to sshbuf API; ok djm@markus@openbsd.org2018-07-101-3/+3
| | | | OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
* upstream commitmarkus@openbsd.org2016-05-191-2/+1
| | | | | | | move SSH_MSG_NONE, so we don't have to include ssh1.h; ok deraadt@ Upstream-ID: c2f97502efc761a41b18c17ddf460e138ca7994e
* upstream commitdjm@openbsd.org2016-01-271-2/+2
| | | | | | | change old $FreeBSD version string in comment so it doesn't become an RCS ident downstream; requested by des AT des.no Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-0/+1
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok checkDamien Miller2013-10-241-1/+2
| | | | | rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@
* - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add supportDarren Tucker2013-08-041-0/+9
| | | | for building with older Heimdal versions. ok djm.
* - djm@cvs.openbsd.org 2013/07/20 01:55:13Damien Miller2013-07-201-8/+13
| | | | | [auth-krb5.c gss-serv-krb5.c gss-serv.c] fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
* - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker2013-06-021-2/+1
| | | | | | | | groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
* - (djm) [auth-krb5.c] Save errno across calls that might modify it;Damien Miller2012-04-261-5/+7
| | | | ok dtucker@
* - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]Darren Tucker2009-12-211-3/+10
| | | | | Bug #1583: Use system's kerberos principal name on AIX if it's available. Based on a patch from and tested by Miguel Sanders.
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller2006-07-241-0/+2
| | | | | | | | | | | | | | | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
* - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.hDarren Tucker2006-07-131-0/+1
|
* - dtucker@cvs.openbsd.org 2006/05/06 08:35:40Darren Tucker2006-05-061-0/+1
| | | | | [auth-krb5.c] Add $OpenBSD$ in comment here too
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - dtucker@cvs.openbsd.org 2005/11/21 09:42:10Darren Tucker2005-11-221-5/+2
| | | | | | | | [auth-krb5.c] Perform Kerberos calls even for invalid users to prevent leaking information about account validity. bz #975, patch originally from Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@, ok markus@
* - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.Darren Tucker2005-11-101-1/+1
| | | | Patch from djm@.
* - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] RemoveDarren Tucker2005-07-071-3/+0
| | | | | | calls to krb5_init_ets, which has not been required since krb-1.1.x and most Kerberos versions no longer export in their public API. From sxw at inf.ed.ac.uk, ok djm@
* - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errnoDarren Tucker2005-07-071-1/+1
| | | | | in the case where the buffer is insufficient, so always return ENOMEM. Also pointed out by sxw at inf.ed.ac.uk.
* - [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for the MITDarren Tucker2005-07-071-23/+31
| | | | | Kerberos code path into a common function and expand mkstemp template to be consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
* - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengertDarren Tucker2004-09-111-0/+5
| | | | at anl.gov, ok djm@
* - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]Darren Tucker2004-08-141-1/+5
| | | | Explicitly set umask for mkstemp; ok djm@
* - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccacheDamien Miller2004-04-161-0/+6
| | | | | file using FILE: method, fixes problems on Mac OSX. Patch from simon@sxw.org.uk; ok dtucker@
* - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to seeBen Lindstrom2004-04-071-0/+2
| | | | | | | | | if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) are starting to restrict it as internal since it is not needed by developers any more. (Patch based on Apple tree) - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since krb5 on MacOS/X conflicts. There may be a better solution, but this will work for now.
* Whitespace syncDarren Tucker2003-11-221-1/+1
|
* more whitespace (tabs this time)Damien Miller2003-11-211-8/+8
|
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-3/+3
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller2003-11-171-2/+2
| | | | | | | | [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
* - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker2003-10-021-9/+2
| | | | | | | | | | | [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller2003-09-021-193/+1
| | | | | | | | [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.hDarren Tucker2003-08-261-3/+0
| | | | | configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
* - (dtucker) OpenBSD CVS SyncDarren Tucker2003-08-111-6/+22
| | | | | | | | | (thanks to Simon Wilkinson for help with this -dt) - markus@cvs.openbsd.org 2003/07/16 15:02:06 [auth-krb5.c] mcc -> fcc; from Love Hörnquist Åstrand <lha@it.su.se> otherwise the kerberos credentinal is stored in a memory cache in the privileged sshd. ok jabob@, hin@ (some time ago)
* - (djm) Make portable build with MIT krb5 (some issues remain)Damien Miller2003-05-141-0/+1
|
* *** empty log message ***Damien Miller2003-04-091-4/+4
|
* - deraadt@cvs.openbsd.org 2002/11/21 23:03:51Ben Lindstrom2002-12-231-2/+2
| | | | | | [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c sshconnect.c] KNF
* - itojun@cvs.openbsd.org 2002/09/09 06:48:06Damien Miller2002-09-121-12/+8
| | | | | | | [auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
* unexpandBen Lindstrom2002-06-091-1/+1
|
* - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>Damien Miller2002-04-131-1/+114
|
* - markus@cvs.openbsd.org 2002/03/19 10:49:35Ben Lindstrom2002-03-221-2/+2
| | | | | | | [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
* - stevesk@cvs.openbsd.org 2002/03/16 17:41:25Ben Lindstrom2002-03-221-1/+24
| | | | | [auth-krb5.c] BSD license. from Daniel Kouril via Dug Song. ok markus@
* - stevesk@cvs.openbsd.org 2002/03/04 17:27:39Ben Lindstrom2002-03-051-1/+2
| | | | | | | | | | | [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
* - markus@cvs.openbsd.org 2002/02/15 23:54:10Ben Lindstrom2002-02-261-6/+15
| | | | | | [auth-krb5.c] krb5_get_err_text() does not like context==NULL; he@nordu.net via google; ok provos@
* sync - don't know when this got out of syncDamien Miller2002-02-131-42/+45
|
* - (djm) OpenBSD CVS SyncDamien Miller2001-11-131-8/+9
| | | | | | | - dugsong@cvs.openbsd.org 2001/11/11 18:47:10 [auth-krb5.c] fix krb5 authorization check. found by <jhawk@MIT.EDU>. from art@, deraadt@ ok
* - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.Damien Miller2001-09-251-0/+259