summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/auth-passwd.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-1/+2
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* unifdef -DBSD_AUTHdjm2007-09-211-25/+1
| | | | | | | unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@
* missed include bits from last commitdjm2007-08-231-2/+2
|
* unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@djm2007-08-231-5/+1
|
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-3/+4
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+5
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* RCSID() can diederaadt2006-03-191-1/+0
|
* auth_usercheck(3) can return NULL, so check for that. Report fromotto2005-07-191-1/+3
| | | | mpech@. ok markus@
* #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@dtucker2005-01-241-2/+2
|
* Warn in advance for password and account expiry; initialize loginmsgotto2005-01-211-1/+50
| | | | buffer earlier and clear it after privsep fork. ok and help dtucker@ markus@
* support for password change; ok dtucker@markus2004-01-301-20/+50
| | | | (set password-dead=1w in login.conf to use this).
* standardise arguments to auth methods - they should all take authctxt.djm2003-11-041-4/+1
| | | | check authctxt->valid rather then pw != NULL; ok markus@
* fix passwd auth for 'username leaks via timing'; with djm@, original patches from solarmarkus2003-08-261-6/+7
|
* remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);markus2003-07-221-9/+1
| | | | test+ok henning@
* don't include unused code in the #ifdef BSD_AUTH case; ok markus@stevesk2002-05-241-9/+14
|
* Reverted from last patch. Breaks AFS/KRBx.mouring2002-05-101-2/+2
|
* When options.permit_empty_passwd == 0 ensure you are checking pw->passwd notmouring2002-05-061-2/+2
| | | | password.
* unused includemarkus2002-03-041-2/+1
|
* Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ okdugsong2001-06-261-10/+16
|
* add changes need for BSD_AUTH plus disabled BSD_AUTH codemarkus2001-03-201-3/+13
|
* PermitRootLogin={yes,without-password,forced-commands-only,no}markus2001-02-121-2/+2
| | | | (before this change, root could login even if PermitRootLogin==no)
* split ssh.h and try to cleanup the #include mess. remove unnecessary #includes.markus2001-01-211-4/+3
| | | | rename util.[ch] -> misc.[ch]
* 1) removes fake skey from sshd, since this will be muchmarkus2001-01-181-32/+3
| | | | | | | harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier.
* move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msgmarkus2000-10-031-2/+2
|
* cleanup copyright notices on all files. I have attempted to be accurate withderaadt2000-09-071-2/+53
| | | | | | | the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
* OpenBSD tagmarkus2000-06-201-1/+1
|
* whitespace cleanupmarkus2000-04-141-2/+2
|
* check for NULL 1stmarkus1999-12-291-4/+4
|
* move skey-auth from auth-passwd.c to auth-skey.c, same for krb4markus1999-12-011-123/+10
|
* KNF, final part 3markus1999-11-241-19/+19
|
* much more KNFderaadt1999-11-241-37/+46
|
* KNF part 1markus1999-11-231-138/+130
|
* remove x11- and krb-cleanup from fatal() + krb-cleanup cleanupmarkus1999-11-101-19/+13
|
* stop leak; after branch, builders take notederaadt1999-10-191-3/+3
|
* PermitRootLogin={yes,no,without-password}, default=yes, ok deraadt,nielsmarkus1999-10-141-1/+7
|
* add skey to sshd:markus1999-10-071-29/+37
| | | | | | | | | | | | | | | 1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27
* more cullingderaadt1999-09-301-172/+1
|
* don't let pw->pw_{name,passwd} get clobbereddugsong1999-09-291-7/+14
|
* numerous sprintf, strncpy, strcpy cleanupsderaadt1999-09-291-10/+9
|
* update krb4/AFS support to ssh-1.2.27-afs-kerberos-pl1 level, clean up unused variables, update manpagesdugsong1999-09-291-106/+94
|
* i bet a lot of people didn't know what ssh 1.2.16 had a nice license.deraadt1999-09-261-0/+343
well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.