summaryrefslogtreecommitdiffstats
path: root/monitor.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* more whitespace (tabs this time)Damien Miller2003-11-211-9/+9
|
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-2/+2
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - djm@cvs.openbsd.org 2003/11/18 10:53:07Damien Miller2003-11-181-1/+2
| | | | | | [monitor.c] unbreak fake authloop for non-existent users (my screwup). Spotted and tested by dtucker@; ok markus@
* - (djm) Fix early exit for root auth success when UsePAM=yes andDamien Miller2003-11-181-1/+1
| | | | PermitRootLogin=no
* - markus@cvs.openbsd.org 2003/11/17 11:06:07Damien Miller2003-11-171-3/+33
| | | | | | | [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h sshconnect2.c ssh-gss.h] replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.
* - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller2003-11-171-2/+2
| | | | | | | | [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
* - markus@cvs.openbsd.org 2003/09/23 20:17:11Darren Tucker2003-10-021-10/+7
| | | | | | | | | | | [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller2003-09-021-1/+1
| | | | | | | [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
* - markus@cvs.openbsd.org 2003/08/28 12:54:34Damien Miller2003-09-021-49/+1
| | | | | | | | [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* - deraadt@cvs.openbsd.org 2003/08/24 17:36:52AFTER_KRB5_GSSAPI_MERGEDarren Tucker2003-08-261-2/+4
| | | | | [monitor.c monitor_wrap.c sshconnect2.c] 64 bit cleanups; markus ok
* - markus@cvs.openbsd.org 2003/08/22 10:56:09Darren Tucker2003-08-261-2/+90
| | | | | | | | | [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.
* - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller2003-08-251-0/+34
| | | | UsePAM=yes; ok dtucker
* - (dtucker) OpenBSD CVS SyncPOST_KRB4_REMOVALDarren Tucker2003-08-021-53/+1
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
* - markus@cvs.openbsd.org 2003/06/24 08:23:46Darren Tucker2003-06-281-2/+2
| | | | | | [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@
* - (djm) OpenBSD CVS SyncDamien Miller2003-06-181-2/+2
| | | | | | - markus@cvs.openbsd.org 2003/06/12 07:57:38 [monitor.c sshlogin.c sshpty.c] typos; dtucker at zip.com.au
* - (djm) OpenBSD CVS SyncDamien Miller2003-06-031-2/+2
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
* - djm@cvs.openbsd.org 2003/05/24 09:30:40Damien Miller2003-05-251-2/+2
| | | | | [authfile.c monitor.c sftp-common.c sshpty.c] cast some types for printing; ok markus@
* - markus@cvs.openbsd.org 2003/05/14 08:57:49Damien Miller2003-05-141-1/+18
| | | | | | | [monitor.c] http://bugzilla.mindrot.org/show_bug.cgi?id=560 Privsep child continues to run after monitor killed. Pass monitor signals through to child; Darren Tucker
* - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller2003-05-141-1/+5
| | | | | over usage of PAM. This allows non-root use of sshd when built with --with-pam
* - markus@cvs.openbsd.org 2003/05/14 02:15:47Damien Miller2003-05-141-1/+6
| | | | | | [auth2.c monitor.c sshconnect2.c auth2-krb5.c] implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@ server interops with commercial client; ok jakob@ djm@
* - (djm) RCSID sync w/ OpenBSDDamien Miller2003-05-141-1/+1
|
* - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withAFTER_FREEBSD_PAM_MERGEDamien Miller2003-05-101-4/+109
| | | | proper challenge-response module
* - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller2003-04-291-1/+1
| | | | | | | Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
* *** empty log message ***Damien Miller2003-04-091-2/+2
|
* - (djm) OpenBSD CVS SyncDamien Miller2003-04-091-3/+11
| | | | | | | - markus@cvs.openbsd.org 2003/04/02 09:48:07 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] reapply rekeying chage, tested by henning@, ok djm@
* - markus@cvs.openbsd.org 2003/04/01 10:10:23Damien Miller2003-04-011-1/+1
| | | | | | | | | | | | | | | | | | | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] rekeying bugfixes and automatic rekeying: * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying - markus@cvs.openbsd.org 2003/04/01 10:22:21 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] [readconf.h serverloop.c sshconnect2.c] backout rekeying changes (for 3.6.1)
* - (djm) OpenBSD CVS SyncDamien Miller2003-03-231-1/+3
| | | | | | - markus@cvs.openbsd.org 2003/03/23 19:02:00 [monitor.c] unbreak rekeying for privsep; ok millert@
* - (djm) OpenBSD CVS SyncDamien Miller2003-03-101-3/+9
| | | | | | | - markus@cvs.openbsd.org 2003/03/05 22:33:43 [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c] [sftp-server.c ssh-add.c sshconnect2.c] fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
* - markus@cvs.openbsd.org 2003/02/16 17:30:33Damien Miller2003-02-241-1/+3
| | | | | [monitor.c monitor_wrap.c] fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
* - markus@cvs.openbsd.org 2003/02/04 09:33:22Damien Miller2003-02-241-13/+13
| | | | | | [monitor.c monitor_wrap.c] skey/bsdauth: use 0 to indicate failure instead of -1, because the buffer API only supports unsigned ints.
* - markus@cvs.openbsd.org 2002/11/05 19:45:20Ben Lindstrom2002-11-091-2/+2
| | | | | [monitor.c] handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
* - markus@cvs.openbsd.org 2002/09/26 11:38:43Damien Miller2002-09-271-1/+52
| | | | | | [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@
* - markus@cvs.openbsd.org 2002/09/24 08:46:04Damien Miller2002-09-251-2/+3
| | | | | [monitor.c] only call kerberos code for authctxt->valid
* - markus@cvs.openbsd.org 2002/09/23 22:11:05Damien Miller2002-09-251-2/+3
| | | | | [monitor.c] only call auth_krb5 if kerberos is enabled; ok deraadt@
* - markus@cvs.openbsd.org 2002/09/09 14:54:15Damien Miller2002-09-121-8/+9
| | | | | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] signed vs unsigned from -pedantic; ok henning@
* - itojun@cvs.openbsd.org 2002/09/09 06:48:06Damien Miller2002-09-121-1/+44
| | | | | | | [auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus
* - stevesk@cvs.openbsd.org 2002/08/29 15:57:25Damien Miller2002-09-041-3/+3
| | | | | | [monitor.c session.c sshlogin.c sshlogin.h] pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> NOTE: there are also p-specific parts to this patch. ok markus@
* - millert@cvs.openbsd.org 2002/08/02 14:43:15Ben Lindstrom2002-08-201-3/+3
| | | | | | | [monitor.c monitor_mm.c] Change mm_zalloc() sanity checks to be more in line with what we do in calloc() and add a check to monitor_mm.c. OK provos@ and markus@
* - stevesk@cvs.openbsd.org 2002/07/22 17:32:56Ben Lindstrom2002-07-231-2/+3
| | | | | [monitor.c] u_int here; ok provos@
* - deraadt@cvs.openbsd.org 2002/06/27 10:35:47Ben Lindstrom2002-07-041-2/+2
| | | | | [auth2-none.c monitor.c sftp-client.c] use xfree()
* - deraadt@cvs.openbsd.org 2002/06/27 09:08:00Ben Lindstrom2002-07-041-2/+2
| | | | | [monitor.c] improve mm_zalloc check; markus ok
* - deraadt@cvs.openbsd.org 2002/06/26 14:49:36Ben Lindstrom2002-06-271-3/+3
| | | | | [monitor.c] correct %u
* - deraadt@cvs.openbsd.org 2002/06/26 13:20:57Damien Miller2002-06-261-2/+6
| | | | | [monitor.c] be careful in mm_zalloc
* - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAMKevin Steves2002-06-261-3/+0
|
* - stevesk@cvs.openbsd.org 2002/06/22 23:09:51Ben Lindstrom2002-06-231-3/+3
| | | | | | [monitor.c] save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@
* - djm@cvs.openbsd.org 2002/06/21 05:50:51Damien Miller2002-06-211-8/+13
| | | | | | [monitor.c] Don't initialise compression buffers when compression=no in sshd_config; ok Niels@
* - markus@cvs.openbsd.org 2002/06/19 18:01:00Ben Lindstrom2002-06-211-6/+9
| | | | | | | [cipher.c monitor.c monitor_wrap.c packet.c packet.h] make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
* - markus@cvs.openbsd.org 2002/06/04 23:05:49Ben Lindstrom2002-06-061-72/+72
| | | | | | | [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c] __FUNCTION__ -> __func__ NOTE: This includes all portable references also.
* - markus@cvs.openbsd.org 2002/06/04 19:53:40Ben Lindstrom2002-06-061-7/+31
| | | | | | | [monitor.c] save the session id (hash) for ssh2 (it will be passed with the initial sign request) and verify that this value is used during authentication; ok provos@
* - markus@cvs.openbsd.org 2002/06/04 19:42:35Ben Lindstrom2002-06-061-9/+15
| | | | | [monitor.c] only allow enabled authentication methods; ok provos@
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 09:18:47 +0100