summaryrefslogtreecommitdiff
path: root/auth-passwd.c
Commit message (Collapse)AuthorAgeFilesLines
* - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.cDarren Tucker2009-03-081-1/+1
| | | | | | auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.
* - djm@cvs.openbsd.org 2007/09/21 08:15:29Damien Miller2007-10-261-1/+1
| | | | | | | | | | [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c] [monitor.c monitor_wrap.c] unifdef -DBSD_AUTH unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@ (NB. RCD ID sync only for portable)
* - djm@cvs.openbsd.org 2007/08/23 02:55:51Damien Miller2007-09-171-1/+1
| | | | | | [auth-passwd.c auth.c session.c] missed include bits from last commit NB. RCS ID sync only for portable
* - djm@cvs.openbsd.org 2007/08/23 02:49:43Damien Miller2007-09-171-1/+1
| | | | | | [auth-passwd.c auth.c session.c] unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ NB. RCS ID sync only for portable
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller2006-08-051-1/+2
| | | | | | | | | | | | | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller2006-07-101-1/+5
| | | | | | | | | | | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - (djm) OpenBSD CVS SyncDamien Miller2005-07-261-1/+3
| | | | | | | - otto@cvs.openbsd.org 2005/07/19 15:32:26 [auth-passwd.c] auth_usercheck(3) can return NULL, so check for that. Report from mpech@. ok markus@
* - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions ofDarren Tucker2005-04-051-1/+0
| | | | sys_auth_passwd, pointed out by cmadams at hiwaay.net.
* - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't callDarren Tucker2005-02-091-6/+6
| | | | | disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@
* - dtucker@cvs.openbsd.org 2005/01/24 11:47:13Darren Tucker2005-01-241-2/+2
| | | | | [auth-passwd.c] #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
* - otto@cvs.openbsd.org 2005/01/21 08:32:02Darren Tucker2005-01-241-1/+50
| | | | | | | [auth-passwd.c sshd.c] Warn in advance for password and account expiry; initialize loginmsg buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@
* - (bal) [auth-passwd.c auth1.c] Clean up unused variables.Ben Lindstrom2004-06-221-0/+2
|
* - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874: Re-add PAMDarren Tucker2004-05-301-0/+4
| | | | support for PasswordAuthentication=yes. ok djm@
* - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.hDarren Tucker2004-03-041-7/+0
| | | | | openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when configured --with-osfsia. ok djm@
* - (dtucker) [auth-passwd.c] Only check password expiry once. PreventsDarren Tucker2004-02-221-3/+7
| | | | multiple warnings if a wrong password is entered.
* - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry checkDarren Tucker2004-02-111-1/+1
| | | | if HAS_SHADOW_EXPIRY is set.
* - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.hDarren Tucker2004-02-101-0/+7
| | | | | defines.h] Bug #14: Use do_pwchange to support password expiry and force change for platforms using /etc/shadow. ok djm@
* - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.cDarren Tucker2004-02-101-12/+2
| | | | | openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's native password expiry.
* Sync Ids missed in password expiry syncDarren Tucker2004-02-061-1/+1
|
* - markus@cvs.openbsd.org 2004/01/30 09:48:57Darren Tucker2004-02-061-34/+64
| | | | | | | [auth-passwd.c auth.h pathnames.h session.c] support for password change; ok dtucker@ (set password-dead=1w in login.conf to use this). In -Portable, this is currently only platforms using bsdauth.
* - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]Darren Tucker2003-11-221-40/+5
| | | | | Move AIX specific password authentication code to port-aix.c, call authenticate() until reenter flag is clear.
* more whitespace (tabs this time)Damien Miller2003-11-211-1/+1
|
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-4/+4
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - djm@cvs.openbsd.org 2003/11/04 08:54:09Damien Miller2003-11-171-5/+2
| | | | | | | | [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
* 20030918Damien Miller2003-09-181-1/+1
| | | | - (djm) Bug #652: Fix empty password auth
* - (dtucker) [auth-passwd.c] On AIX, call setauthdb() before loginsuccess(),Darren Tucker2003-09-131-0/+1
| | | | | required to correctly reset failed login count when using a password registry other than "files" (eg LDAP, see bug #543).
* - markus@cvs.openbsd.org 2003/08/26 09:58:43Damien Miller2003-09-031-22/+22
| | | | | | | [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
* - (bal) openbsd-compat/ clean up. Considate headers, add in $Id$ on ourBen Lindstrom2003-08-291-1/+0
| | | | files, and added missing license to header.
* - (dtucker) OpenBSD CVS SyncPOST_KRB4_REMOVALDarren Tucker2003-08-021-9/+1
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....
* - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.cBen Lindstrom2003-07-241-138/+58
| | | | | | | openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface, and isolate shadow password functions. Tested in Solaris, but should not break other platforms too badly (except maybe HP =). Also brings auth-passwd.c into full sync with OpenBSD tree.
* - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]Darren Tucker2003-07-081-7/+21
| | | | Convert aixloginmsg into platform-independant Buffer loginmsg.
* - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]Darren Tucker2003-07-081-3/+1
| | | | | Include AIX headers for authentication functions and make calls match prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
* - (djm) OpenBSD CVS SyncDamien Miller2003-06-031-7/+9
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
* - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withAFTER_FREEBSD_PAM_MERGEDamien Miller2003-05-101-9/+7
| | | | proper challenge-response module
* - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller2003-04-291-5/+10
| | | | | | | Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
* - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.auDamien Miller2003-01-301-1/+1
|
* unbreak for PAM caseDamien Miller2003-01-221-1/+1
|
* - (djm) Reorganise PAM & SIA password handling to eliminate some common codeDamien Miller2003-01-221-45/+44
|
* l) Fix issue where successfull login does not clear failure countsBen Lindstrom2002-09-251-2/+14
| | | | in AIX. Patch by dtucker@zip.com.au ok by djm
* - ID sync for auth-passwd.cDamien Miller2002-06-211-1/+1
|
* - (bal) Cygwin special handling of empty passwords wrong. Patch byBen Lindstrom2002-06-211-7/+0
| | | | vinschen@redhat.com
* - (bal) CVS ID fix up on auth-passwd.cBen Lindstrom2002-05-151-1/+1
|
* - (bal) Back all the way out of auth-passwd.c changes. Breaks too manyBen Lindstrom2002-05-101-5/+5
| | | | things that don't set pw->pw_passwd.
* - (djm) Unbreak auth-passwd.c for PAM and SIADamien Miller2002-05-081-1/+1
|
* - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issueBen Lindstrom2002-05-061-4/+4
|
* - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26Kevin Steves2002-04-251-19/+15
| | | | support. bug #184. most from dcole@keysoftsys.com.