| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Convert aixloginmsg into platform-independant Buffer loginmsg.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
|
| |
|
|
|
| |
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
|
| | |
|
| |
|
|
| |
specific record_failed_login() function (affects AIX & Unicos).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
dtucker@zip.com.au. Reorder for clarity too.
|
| |
|
|
| |
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
|
| | |
|
| |
|
|
| |
passwords. Patch from dtucker@zip.com.au
|
| |
|
|
| |
patch by dtucker@zip.com.au
|
| |
|
|
|
|
| |
[auth.c]
don't compare against pw_home if realpath fails for pw_home (seen
on AFS); ok djm@
|
| |
|
|
| |
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
|
| |
|
|
|
|
| |
[auth.c]
log illegal user here for missing privsep case (ssh2).
this is executed in the monitor. ok markus@
|
| |
|
|
|
| |
[auth.c]
typo in comment
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
|
| |
|
|
| |
check for root forced expire. Still don't check for inactive.
|
| |
|
|
|
| |
[auth.c]
check for NULL; from provos@
|
| |
|
|
|
| |
[auth.c auth1.c auth2.c]
make getpwnamallow() allways call pwcopy()
|
| |
|
|
|
|
|
| |
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
|
| |
|
|
|
| |
[auth.c session.c]
move auth_approval into getpwnamallow with help from millert@
|
| |
|
|
|
| |
[auth.c auth.h auth1.c auth2.c]
getpwnamallow returns struct passwd * only if user valid; okay markus@
|
| |
|
|
|
| |
[auth.c]
fix file type checking (use S_ISREG). ok by markus
|
| |
|
|
|
|
|
| |
[auth.c match.c match.h]
undo the 'delay hostname lookup' change
match.c must not use compress.c (via canonhost.c/packet.c)
thanks to wilfried@
|
| |
|
|
|
| |
[auth.c]
log user not allowed details, from dwd@bell-labs.com; ok markus@
|
| |
|
|
|
|
| |
[auth.c match.c match.h]
delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
for sshd -u0; ok markus@
|
| |
|
|
|
| |
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
| |
|
|
|
| |
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
|
| |
|
|
|
|
|
|
| |
[auth.c]
don't print ROOT in CAPS for the authentication messages, i.e.
Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
becomes
Accepted publickey for root from 127.0.0.1 port 42734 ssh2
|
| |
|
|
|
| |
[auth.c]
use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
|
| |
|
|
|
|
| |
[auth.c]
no need to call dirname(pw->pw_dir).
note that dirname(3) modifies its argument on some systems.
|
| | |
|
| |
|
|
| |
Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
|
| |
|
|
|
| |
[auth.c match.c sshd.8]
tridge@samba.org
|
| |
|
|
|
|
| |
[auth.c auth.h auth-rsa.c]
terminate secure_filename checking after checking homedir. that way
it works on AFS. okay markus@
|
| |
|
|
|
|
|
| |
[auth2.c auth.c auth.h auth-rh-rsa.c]
*known_hosts2 is obsolete for hostbased authentication and
only used for backward compat. merge ssh1/2 hostkey check
and move it to auth.c
|
| |
|
|
| |
<markm@swoon.net>
|
| |
|
|
|
| |
[auth.c]
fix comment; from jakob@
|
| |
|
|
|
|
|
| |
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
sshd_config]
configurable authorized_keys{,2} location; originally from peter@;
ok djm@
|
| |
|
|
|
| |
[auth.c readconf.c]
undo /etc/shell and proto 2,1 change for openssh-2.5.2
|
| |
|
|
|
| |
[auth.c]
check /etc/shells, too
|
| |
|
|
|
|
|
| |
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
|
| |
|
|
|
| |
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
|
