wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	sshd: switch authentication to sshbuf API; ok djm@	markus	2018-07-09	1	-2/+1
\|
*	switch over to the new authorized_keys options API and remove the	djm	2018-03-03	1	-2/+2
\| \| \| \| \| \| \| \| \|	legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
*	switch auth2 to ssh_dispatch API; ok djm@	markus	2017-05-30	1	-3/+2
\|
*	switch auth2-none.c to modern APIs; ok djm@	markus	2017-05-30	1	-4/+9
\|
*	Add support for Unix domain socket forwarding. A remote TCP port	millert	2014-07-15	1	-1/+2
\| \| \| \| \| \| \| \|	may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
*	New key API: refactor key-related functions to be more library-like,	djm	2014-06-24	1	-1/+3
\| \| \| \| \| \| \| \| \|	existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
*	skip the initial check for access with an empty password when	djm	2010-06-25	1	-2/+2
\| \| \| \|	PermitEmptyPasswords=no;
*	Make protocol 2 MaxAuthTries behaviour a little more sensible:	djm	2008-07-02	1	-65/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Check whether client has exceeded MaxAuthTries before running an authentication method and skip it if they have, previously it would always allow one try (for "none" auth). Preincrement failure count before post-auth test - previously this checked and postincremented, also to allow one "none" try. Together, these two changes always count the "none" auth method which could be skipped by a malicious client (e.g. an SSH worm) to get an extra attempt at a real auth method. They also make MaxAuthTries=0 a useful way to block users entirely (esp. in a sshd_config Match block). Also, move sending of any preauth banner from "none" auth method to the first call to input_userauth_request(), so worms that skip the "none" method get to see it too.
*	Support "Banner=none" to disable displaying of the pre-login banner;	djm	2007-08-23	1	-2/+5
\| \| \| \|	ok dtucker@ deraadt@
*	Add headers required to build with KERBEROS5=no. ok djm@	dtucker	2006-08-05	1	-1/+3
\|
*	almost entirely get rid of the culture of ".h files that include .h files"	deraadt	2006-08-03	1	-4/+8
\| \| \| \| \|	ok djm, sort of ok stevesk makes the pain stop in one easy step
*	move #include <fcntl.h> out of includes.h	stevesk	2006-07-09	1	-1/+3
\|
*	Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that	djm	2006-03-25	1	-0/+1
\| \| \| \|	Theo nuked - our scripts to sync -portable need them in the files
*	RCSID() can die	deraadt	2006-03-19	1	-1/+0
\|
*	move #include <sys/stat.h> out of includes.h; ok markus@	stevesk	2006-02-20	1	-1/+4
\|
*	improve some code lint did not like; djm millert ok	deraadt	2004-05-11	1	-3/+8
\|
*	fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar	markus	2003-08-26	1	-2/+2
\|
*	check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za	markus	2003-07-31	1	-2/+4
\| \| \| \|	ok henning
*	use xfree()	deraadt	2002-06-27	1	-2/+2
\|
*	KNF done automatically while reading....	deraadt	2002-06-19	1	-3/+2
\|
*	move Authmethod definitons to per-method file.	markus	2002-05-31	1	-7/+12
\|
*	split auth2.c into one file per method; ok provos@/deraadt@	markus	2002-05-25	1	-0/+102