summaryrefslogtreecommitdiffstats
path: root/auth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* - deraadt@cvs.openbsd.org 2006/03/20 17:10:19Damien Miller2006-03-261-1/+0
| | | | | [auth.c key.c misc.c packet.c ssh-add.c] in a switch (), break after return or goto is stupid
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - stevesk@cvs.openbsd.org 2006/02/20 17:02:44Damien Miller2006-03-151-1/+4
| | | | | | [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include <signal.h> out of includes.h; ok markus@
* fix spacing of includeDamien Miller2006-03-151-1/+1
|
* - stevesk@cvs.openbsd.org 2006/02/08 12:15:27Damien Miller2006-03-151-1/+4
| | | | | | | [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include <paths.h> out of includes.h; ok markus@
* - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.cTim Rice2005-08-311-2/+5
| | | | | | openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@
* - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.cTim Rice2005-08-261-0/+4
| | | | | | | | openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@
* - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller2005-06-171-2/+2
| | | | | | | | | | | [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
* - djm@cvs.openbsd.org 2005/06/06 11:20:36Damien Miller2005-06-161-41/+18
| | | | | | [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@
* - dtucker@cvs.openbsd.org 2005/03/14 11:44:42Darren Tucker2005-03-141-2/+3
| | | | | | [auth.c] Populate host for log message for logins denied by AllowUsers and DenyUsers (bz #999); ok markus@
* - (dtucker) [README.platform auth.c configure.ac loginrec.cDarren Tucker2005-02-151-1/+1
| | | | | | openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@
* - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.cDarren Tucker2005-02-081-10/+10
| | | | | | monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).
* - (dtucker) [auth.c] Fix parens in audit log check.Darren Tucker2005-02-041-2/+2
|
* - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.cDarren Tucker2005-02-021-0/+42
| | | | | | monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@
* - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]Darren Tucker2005-02-021-1/+4
| | | | | | | Bug #974: Teach sshd to write failed login records to btmp for failed auth attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@
* - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]Darren Tucker2005-02-021-2/+5
| | | | | | Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@
* - dtucker@cvs.openbsd.org 2005/01/22 08:17:59Darren Tucker2005-01-241-11/+14
| | | | | | [auth.c] Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and DenyGroups. bz #909, ok djm@
* - markus@cvs.openbsd.org 2004/07/28 09:40:29Darren Tucker2004-08-121-2/+2
| | | | | | [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/
* - (djm) OpenBSD CVS SyncDamien Miller2004-07-211-2/+2
| | | | | | | - markus@cvs.openbsd.org 2004/07/21 08:56:12 [auth.c] s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas, miod, ...
* - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]Darren Tucker2004-06-231-25/+4
| | | | Move loginrestrictions test to port-aix.c, replace with a generic hook.
* - dtucker@cvs.openbsd.org 2004/05/23 23:59:53Darren Tucker2004-05-241-2/+2
| | | | | [auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5] Add MaxAuthTries sshd config option; ok markus@
* - deraadt@cvs.openbsd.org 2004/05/11 19:01:43Darren Tucker2004-05-131-3/+3
| | | | | | [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok
* - deraadt@cvs.openbsd.org 2004/05/08 00:01:37Darren Tucker2004-05-131-2/+1
| | | | | | [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok
* - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry testDarren Tucker2004-02-211-25/+8
| | | | to auth-shadow.c, no functional change. ok djm@
* - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.hDarren Tucker2004-02-101-19/+0
| | | | | defines.h] Bug #14: Use do_pwchange to support password expiry and force change for platforms using /etc/shadow. ok djm@
* more whitespace (tabs this time)Damien Miller2003-11-211-1/+1
|
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-5/+5
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.Darren Tucker2003-10-151-2/+9
|
* - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker2003-10-021-9/+1
| | | | | | | | | | | [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller2003-09-021-1/+22
| | | | | | | [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
* - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled.Darren Tucker2003-08-261-2/+2
|
* - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: denyDarren Tucker2003-08-251-8/+43
| | | | any access to locked accounts. ok djm@
* - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]Darren Tucker2003-07-081-21/+16
| | | | Convert aixloginmsg into platform-independant Buffer loginmsg.
* - (djm) OpenBSD CVS SyncDamien Miller2003-06-031-2/+2
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
* - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller2003-05-141-5/+5
| | | | | over usage of PAM. This allows non-root use of sshd when built with --with-pam
* - (djm) RCSID sync w/ OpenBSDDamien Miller2003-05-141-1/+1
|
* - (dtucker) Move handling of bad password authentications into a platformDarren Tucker2003-05-021-10/+5
| | | | specific record_failed_login() function (affects AIX & Unicos).
* - (djm) Fix missed log => logit occurance (reference by function pointer)Damien Miller2003-04-091-1/+1
|
* *** empty log message ***Damien Miller2003-04-091-15/+15
|
* - (djm) Revert fix for Bug #442 for now.Damien Miller2003-01-181-44/+28
|
* [auth.c] declare today at top of allowed_user() to keep older compilers happy.Tim Rice2003-01-091-1/+4
|
* - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted byDamien Miller2003-01-071-33/+36
| | | | dtucker@zip.com.au. Reorder for clarity too.
* - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix fromDamien Miller2003-01-071-2/+8
| | | | Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
* - (djm) Fix Bug #442 for PAM caseDamien Miller2003-01-071-3/+1
|
* - (djm) Bug #442: Check for and deny access to accounts with lockedDamien Miller2003-01-071-5/+16
| | | | passwords. Patch from dtucker@zip.com.au
* - (bal) AIX does not log login attempts for unknown users (bug #432).Ben Lindstrom2002-11-091-0/+5
| | | | patch by dtucker@zip.com.au
* - markus@cvs.openbsd.org 2002/11/04 10:07:53Ben Lindstrom2002-11-091-7/+5
| | | | | | [auth.c] don't compare against pw_home if realpath fails for pw_home (seen on AFS); ok djm@
* 20021015Ben Lindstrom2002-10-161-1/+7
| | | | - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
* - stevesk@cvs.openbsd.org 2002/09/20 18:41:29Damien Miller2002-09-211-2/+7
| | | | | | [auth.c] log illegal user here for missing privsep case (ssh2). this is executed in the monitor. ok markus@
* - stevesk@cvs.openbsd.org 2002/08/08 23:54:52Ben Lindstrom2002-08-201-2/+2
| | | | | [auth.c] typo in comment