summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/auth1.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* skip the initial check for access with an empty password whendjm2010-06-251-2/+2
| | | | PermitEmptyPasswords=no;
* Make protocol 1 MaxAuthTries logic match protocol 2's.djm2008-07-041-2/+4
| | | | | | | | | | Do not treat the first protocol 2 authentication attempt as a failure IFF it is for method "none". Makes MaxAuthTries' user-visible behaviour identical for protocol 1 vs 2. ok dtucker@
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-1/+2
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* unifdef -DBSD_AUTHdjm2007-09-211-3/+1
| | | | | | | unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-3/+7
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <stdio.h> out of includes.hstevesk2006-08-011-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* missed some needed #include <unistd.h> when KERBEROS5=no; issue fromstevesk2006-07-201-1/+5
| | | | massimo@cedoc.mo.it
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* sprinkle some ARGSUSED for table driven functions (which sometimes must ignore their args)deraadt2006-03-201-0/+5
|
* spacingderaadt2006-03-191-1/+1
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* spacingdjm2005-07-161-3/+3
|
* make this -Wsign-compare clean; ok avsm@ markus@djm2005-06-171-3/+4
|
* split protocol 1 auth methods into separate functions, makes authloopdjm2005-05-201-127/+188
| | | | much more readable; fixes and ok markus@
* more s/illegal/invalid/markus2004-07-281-3/+3
|
* bz#899: Don't display invalid usernames in setproctitledjm2004-07-211-2/+2
| | | | from peak AT argo.troja.mff.cuni.cz; ok markus@
* Add MaxAuthTries sshd config option; ok markus@dtucker2004-05-231-2/+2
|
* kill some more tiny files; ok deraadt@djm2004-05-091-2/+1
|
* remove unused variable (pw). ok djm@jakob2003-11-081-2/+1
|
* standardise arguments to auth methods - they should all take authctxt.djm2003-11-041-3/+3
| | | | check authctxt->valid rather then pw != NULL; ok markus@
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-7/+3
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* remove kerberos support from ssh1, since it has been replaced with GSSAPI;markus2003-08-281-57/+1
| | | | but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* fix passwd auth for 'username leaks via timing'; with djm@, original patches from solarmarkus2003-08-261-2/+4
|
* remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,markus2003-08-131-22/+1
| | | | fgsch@, miod@, henning@, jakob@ and others
* remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);markus2003-07-221-41/+6
| | | | test+ok henning@
* rename log() into logit() to avoid name conflict. markus ok, from netbsditojun2003-04-081-2/+2
|
* undo broken fix for #387, fixes #486markus2003-02-061-3/+2
|
* Don't log TIS auth response; "get rid of it" - markus@djm2003-01-231-2/+1
|
* KNFderaadt2002-11-211-2/+2
|
* krb4 + privsep; ok dugsong@, deraadt@markus2002-09-261-4/+12
|
* kerberos support for privsep. confirmed to work by lha@stacken.kth.seitojun2002-09-091-3/+15
| | | | patch from markus
* auth_root_allowed() is handled by the monitor in the privsep case,markus2002-08-221-2/+3
| | | | so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
* KNF done automatically while reading....deraadt2002-06-191-2/+2
|
* strip '@' from username only for KerbV and known broken clients, bug #204markus2002-04-101-4/+10
|
* make getpwnamallow() allways call pwcopy()markus2002-03-191-16/+6
|
* integrate privilege separated openssh; its turned off by default for now.provos2002-03-181-9/+15
| | | | work done by me and markus@
* have the authentication functions return the authentication contextprovos2002-03-181-4/+3
| | | | and then do_authenticated; okay millert@
* getpwnamallow returns struct passwd * only if user valid; okay markus@provos2002-03-171-3/+3
|
* don't use channel_input_channel_request and callbackmarkus2002-02-031-1/+2
| | | | | | | use new server_input_channel_req() instead: server_input_channel_req does generic request parsing on server side session_input_channel_req handles just session specific things now ok djm@
* packet_read* no longer return the packet length, since it's not used.markus2001-12-281-5/+3
|
* packet_get_bignum* no longer returns a sizemarkus2001-12-281-5/+5
|
* s/packet_done/packet_check_eom/ (end-of-message); ok djm@markus2001-12-281-8/+8
|
* get rid of packet_integrity_check, use packet_done() instead.markus2001-12-271-9/+8
|
* auth_rhosts_rsa now accept generic keys.markus2001-12-271-2/+2
|
* call fatal() for openssl allocation failuresmarkus2001-12-271-18/+13
|
* be more carefull on allocationmarkus2001-12-251-1/+3
|
* basic KNF done while i was looking for something elsederaadt2001-12-191-11/+11
|
* make it compile with more strict prototype checkingitojun2001-12-051-2/+2
|
* Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ okdugsong2001-06-261-52/+59
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.