summaryrefslogtreecommitdiff
path: root/auth2.c
Commit message (Collapse)AuthorAgeFilesLines
* - markus@cvs.openbsd.org 2002/03/19 14:27:39Ben Lindstrom2002-03-221-8/+2
| | | | | [auth.c auth1.c auth2.c] make getpwnamallow() allways call pwcopy()
* - provos@cvs.openbsd.org 2002/03/18 17:50:31Ben Lindstrom2002-03-221-15/+28
| | | | | | | | | | | [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c session.h servconf.h serverloop.c session.c sshd.c] integrate privilege separated openssh; its turned off by default for now. work done by me and markus@ applied, but outside of ensure that smaller code bits migrated with their owners.. no work was tried to 'fix' it to work. =) Later project!
* - provos@cvs.openbsd.org 2002/03/18 01:12:14Ben Lindstrom2002-03-221-3/+4
| | | | | | [auth.h auth1.c auth2.c sshd.c] have the authentication functions return the authentication context and then do_authenticated; okay millert@
* - provos@cvs.openbsd.org 2002/03/17 20:25:56Ben Lindstrom2002-03-221-3/+3
| | | | | [auth.c auth.h auth1.c auth2.c] getpwnamallow returns struct passwd * only if user valid; okay markus@
* Stupid djm commits experimental code to head instead of branchDamien Miller2002-03-131-80/+39
| | | | revert
* Import of Niels Provos' 20020312 ssh-complete.diffDamien Miller2002-03-131-39/+80
| | | | PAM, Cygwin and OSF SIA will not work for sure
* - markus@cvs.openbsd.org 2002/02/24 19:14:59Ben Lindstrom2002-02-261-4/+5
| | | | | | [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@
* - (djm) Cleanup after sync:Damien Miller2002-02-051-1/+1
| | | | - :%s/reverse_mapping_check/verify_reverse_mapping/g
* - markus@cvs.openbsd.org 2002/02/04 11:58:10Damien Miller2002-02-051-65/+78
| | | | | [auth2.c] cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@
* - markus@cvs.openbsd.org 2002/01/29 14:32:03Damien Miller2002-02-051-2/+2
| | | | | [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
* - markus@cvs.openbsd.org 2002/01/13 17:57:37Damien Miller2002-01-221-18/+9
| | | | | [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] use buffer API and avoid static strings of fixed size; ok provos@/mouring@
* - markus@cvs.openbsd.org 2002/01/11 13:39:36Damien Miller2002-01-221-14/+3
| | | | | | | | | [auth2.c dispatch.c dispatch.h kex.c] a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED' dispatch_range(): set handler for a ranges message types use dispatch_protocol_ignore() for authentication requests after successful authentication (the drafts requirement). serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
* - markus@cvs.openbsd.org 2001/12/28 15:06:00Damien Miller2002-01-221-8/+8
| | | | | [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] remove plen from the dispatch fn. it's no longer used.
* - markus@cvs.openbsd.org 2001/12/27 20:39:58Damien Miller2002-01-221-7/+7
| | | | | [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] get rid of packet_integrity_check, use packet_done() instead.
* - (djm) Apply Cygwin pointer deref fix from Corinna VinschenDamien Miller2001-12-291-4/+4
| | | | <vinschen@redhat.com> Could be abused to guess valid usernames
* - djm@cvs.openbsd.org 2001/12/20 22:50:24Damien Miller2001-12-211-8/+8
| | | | | | | | | [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c] [sshconnect2.c] Conformance fix: we should send failing packet sequence number when responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by yakk@yakk.dot.net; ok markus@
* - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller2001-12-211-2/+2
| | | | | | | | | | | | [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
* - jakob@cvs.openbsd.org 2001/12/18 10:05:15Damien Miller2001-12-211-1/+6
| | | | | [auth2.c] log fingerprint on successful public key authentication; ok markus@
* - markus@cvs.openbsd.org 2001/12/09 18:45:56Damien Miller2001-12-211-8/+2
| | | | | | [auth2.c auth2-chall.c auth.h] add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions, fixes memleak.
* - itojun@cvs.openbsd.org 2001/12/05 03:56:39Ben Lindstrom2001-12-061-2/+2
| | | | | | [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c sshconnect2.c] make it compile with more strict prototype checking
* - stevesk@cvs.openbsd.org 2001/11/17 19:14:34Ben Lindstrom2001-12-061-2/+3
| | | | | [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c] enum/int type cleanup where it made sense to do so; ok markus@
* - (djm) AIX login{success,failed} changes. Move loginsuccess call toDamien Miller2001-11-131-5/+7
| | | | | | do_authenticated. Call loginfailed for protocol 2 failures > MAX like we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>, K.Wolkersdorfer@fz-juelich.de and others
* - markus@cvs.openbsd.org 2001/11/07 22:41:51Damien Miller2001-11-121-2/+1
| | | | | [auth2.c auth-rh-rsa.c] unused includes
* - markus@cvs.openbsd.org 2001/09/27 15:31:17Ben Lindstrom2001-10-031-2/+2
| | | | | [auth2.c auth2-chall.c sshconnect1.c] typos; from solar
* - markus@cvs.openbsd.org 2001/09/20 13:46:48Ben Lindstrom2001-09-201-3/+3
| | | | | [auth2.c] key_read returns now -1 or 1
* - stevesk@cvs.openbsd.org 2001/07/23 18:14:58Ben Lindstrom2001-08-061-2/+2
| | | | | [auth2.c auth-rsa.c] use %lu; ok markus@
* - markus@cvs.openbsd.org 2001/06/26 05:50:11Ben Lindstrom2001-07-041-2/+2
| | | | | [auth2.c] new interface for secure_filename()
* - stevesk@cvs.openbsd.org 2001/06/25 20:26:37Ben Lindstrom2001-07-041-3/+3
| | | | | [auth2.c sshconnect2.c] prototype cleanup; ok markus@
* - itojun@cvs.openbsd.org 2001/06/23 15:12:20Ben Lindstrom2001-06-251-29/+27
| | | | | | | | | | | | | [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c canohost.c channels.c cipher.c clientloop.c deattack.c dh.c hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c readpass.c scp.c servconf.c serverloop.c session.c sftp.c sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c ssh-keygen.c ssh-keyscan.c] more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
* - markus@cvs.openbsd.org 2001/06/23 03:04:42Ben Lindstrom2001-06-251-4/+4
| | | | | [auth2.c auth-rh-rsa.c] restore correct ignore_user_known_hosts logic.
* - markus@cvs.openbsd.org 2001/06/23 00:20:57Ben Lindstrom2001-06-251-30/+12
| | | | | | | [auth2.c auth.c auth.h auth-rh-rsa.c] *known_hosts2 is obsolete for hostbased authentication and only used for backward compat. merge ssh1/2 hostkey check and move it to auth.c
* - markus@cvs.openbsd.org 2001/06/22 21:55:49Ben Lindstrom2001-06-251-9/+23
| | | | | | | | [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config ssh-keygen.1] merge authorized_keys2 into authorized_keys. authorized_keys2 is used for backward compat. (just append authorized_keys2 to authorized_keys).
* - markus@cvs.openbsd.org 2001/06/07 19:57:53Ben Lindstrom2001-06-091-9/+7
| | | | | | [auth2.c] style is used for bsdauth. disconnect on user/service change (ietf-drafts)
* [NOTE: Next patch will sync nchan.c, channels.c and channels.h and all thisBen Lindstrom2001-06-091-2/+2
| | | | | | | | | pain will be over.] - markus@cvs.openbsd.org 2001/05/31 10:30:17 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c packet.c serverloop.c session.c ssh.c] undo the .c file split, just merge the header and keep the cvs history
* - markus@cvs.openbsd.org 2001/05/30 23:31:14Ben Lindstrom2001-06-091-38/+26
| | | | | [auth2.c] merge
* [NOTE: File split is was not done in Portabl Tree]Ben Lindstrom2001-06-091-2/+2
| | | | | | | - markus@cvs.openbsd.org 2001/05/30 12:55:13 [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c packet.c serverloop.c session.c ssh.c ssh1.h] channel layer cleanup: merge header files and split .c files
* - markus@cvs.openbsd.org 2001/05/20 17:20:36Ben Lindstrom2001-06-051-43/+15
| | | | | | | [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8 sshd_config] configurable authorized_keys{,2} location; originally from peter@; ok djm@
* - markus@cvs.openbsd.org 2001/05/18 14:13:29Ben Lindstrom2001-06-051-7/+7
| | | | | | [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by per@appgate.com and me
* - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'Damien Miller2001-04-251-1/+3
| | | | | (default: off), implies KbdInteractiveAuthentication. Suggestion from markus@
* - markus@cvs.openbsd.org 2001/04/19 00:05:11Ben Lindstrom2001-04-191-2/+2
| | | | | | [auth2.c] use local variable, no function call needed. (btw, hostbased works now with ssh.com >= 2.0.13)
* - markus@cvs.openbsd.org 2001/04/18 23:43:26Ben Lindstrom2001-04-191-14/+6
| | | | | | [auth2.c compat.c sshconnect2.c] more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now (however the 2.1.0 server seems to work only if debug is enabled...)
* - markus@cvs.openbsd.org 2001/04/18 22:48:26Ben Lindstrom2001-04-191-3/+3
| | | | | [auth2.c] no longer const
* - markus@cvs.openbsd.org 2001/04/18 22:03:45Ben Lindstrom2001-04-191-4/+8
| | | | | [auth2.c sshconnect2.c] use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
* - markus@cvs.openbsd.org 2001/04/12 19:15:26Ben Lindstrom2001-04-121-3/+158
| | | | | | | | | | [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd_config] implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
* - markus@cvs.openbsd.org 2001/04/06 21:00:17Ben Lindstrom2001-04-081-2/+2
| | | | | | | | [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h] do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
* - markus@cvs.openbsd.org 2001/04/04 20:32:56Ben Lindstrom2001-04-041-5/+2
| | | | | [auth2.c] we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
* - OpenBSD CVS SyncDamien Miller2001-03-301-5/+12
| | | | | | - markus@cvs.openbsd.org 2001/03/28 22:43:31 [auth.h auth2.c auth2-chall.c] check auth_root_allowed for kbd-int auth, too.
* - markus@cvs.openbsd.org 2001/03/21 11:43:45Ben Lindstrom2001-03-221-2/+2
| | | | | [auth1.c auth2.c session.c session.h] merge common ssh v1/2 code
* - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS IDBen Lindstrom2001-03-221-1/+1
| | | | resync
* - markus@cvs.openbsd.org 2001/03/11 13:25:36Ben Lindstrom2001-03-111-1/+3
| | | | | [auth2.c key.c] debug
View Lorry Controller Status