summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/monitor.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* unbreak fake authloop for non-existent users (my screwup). Spotted anddjm2003-11-181-1/+2
| | | | tested by dtucker@; ok markus@
* replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.markus2003-11-171-3/+33
|
* standardise arguments to auth methods - they should all take authctxt.djm2003-11-041-2/+2
| | | | check authctxt->valid rather then pw != NULL; ok markus@
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-10/+7
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* remove kerberos support from ssh1, since it has been replaced with GSSAPI;markus2003-08-281-49/+1
| | | | but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
* fix passwd auth for 'username leaks via timing'; with djm@, original patches from solarmarkus2003-08-261-2/+2
|
* 64 bit cleanups; markus okderaadt2003-08-241-2/+4
|
* support GSS API user authentication; patches from Simon Wilkinson,markus2003-08-221-2/+90
| | | | stripped down and tested by Jakob and myself.
* remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);markus2003-07-221-53/+1
| | | | test+ok henning@
* int -> u_int; ok djm@, deraadt@, mouring@markus2003-06-241-2/+2
|
* typos; dtucker at zip.com.aumarkus2003-06-121-2/+2
|
* deprecate VerifyReverseMapping since it's dangerous if combinedmarkus2003-06-021-2/+2
| | | | | | | with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
* cast some types for printing; ok markus@djm2003-05-241-2/+2
|
* http://bugzilla.mindrot.org/show_bug.cgi?id=560markus2003-05-141-1/+18
| | | | | Privsep child continues to run after monitor killed. Pass monitor signals through to child; Darren Tucker
* implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@markus2003-05-141-1/+6
| | | | server interops with commercial client; ok jakob@ djm@
* rename log() into logit() to avoid name conflict. markus ok, from netbsditojun2003-04-081-3/+3
|
* reapply rekeying chage, tested by henning@, ok djm@markus2003-04-021-3/+11
|
* backout rekeying changes (for 3.6.1)markus2003-04-011-11/+3
|
* rekeying bugfixes and automatic rekeying:markus2003-04-011-3/+11
| | | | | | | | | | | | * both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
* unbreak rekeying for privsep; ok millert@markus2003-03-231-1/+3
|
* fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@markus2003-03-051-3/+9
|
* fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@markus2003-02-161-1/+3
|
* skey/bsdauth: use 0 to indicate failure instead of -1, becausemarkus2003-02-041-13/+13
| | | | the buffer API only supports unsigned ints.
* handle overflows for size_t larger than u_int; siw@goneko.de, bug #425markus2002-11-051-2/+2
|
* krb4 + privsep; ok dugsong@, deraadt@markus2002-09-261-1/+52
|
* only call kerberos code for authctxt->validmarkus2002-09-241-2/+3
|
* only call auth_krb5 if kerberos is enabled; ok deraadt@markus2002-09-231-2/+3
|
* signed vs unsigned from -pedantic; ok henning@markus2002-09-091-8/+9
|
* kerberos support for privsep. confirmed to work by lha@stacken.kth.seitojun2002-09-091-1/+44
| | | | patch from markus
* pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>stevesk2002-08-291-3/+3
| | | | NOTE: there are also p-specific parts to this patch. ok markus@
* Change mm_zalloc() sanity checks to be more in line with whatmillert2002-08-021-3/+3
| | | | | we do in calloc() and add a check to monitor_mm.c. OK provos@ and markus@
* u_int here; ok provos@stevesk2002-07-221-2/+3
|
* use xfree()deraadt2002-06-271-2/+2
|
* improve mm_zalloc check; markus okderaadt2002-06-271-2/+2
|
* correct %uderaadt2002-06-261-3/+3
|
* be careful in mm_zallocderaadt2002-06-261-2/+6
|
* save auth method before monitor_reset_key_state(); bugzilla bug #284;stevesk2002-06-221-3/+3
| | | | ok provos@
* Don't initialise compression buffers when compression=no in sshd_config;djm2002-06-211-8/+13
| | | | ok Niels@
* make the monitor sync the transfer ssh1 session key;markus2002-06-191-6/+9
| | | | | transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken).
* __FUNCTION__ -> __func__markus2002-06-041-71/+71
|
* save the session id (hash) for ssh2 (it will be passed with the initial sign request)markus2002-06-041-7/+31
| | | | and verify that this value is used during authentication; ok provos@
* only allow enabled authentication methods; ok provos@markus2002-06-041-9/+15
|
* 'monitor' variable clashes with at least one lame platform (NeXT). Renamedmouring2002-05-151-20/+20
| | | | to 'pmonitor'. provos@
* Fix sshd Banner option for privsep; ok markus@ provos@djm2002-05-121-2/+21
|
* check waitpid for EINTR; based on patch from peter@ifm.liu.semarkus2002-03-301-3/+4
|
* monitor_allowed_key() returns int instead of pointer. ok markus@mouring2002-03-271-2/+2
|
* remove "\n" from fatal()stevesk2002-03-241-2/+2
|
* fix NULL %s on debug3(); ok markus@stevesk2002-03-211-4/+4
|
* use SSH_SESSION_KEY_LENGTH for key lengthmarkus2002-03-191-3/+4
|
* make getpwnamallow() allways call pwcopy()markus2002-03-191-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.