]>
andersk Git - gssapi-openssh.git/log
jbasney [Fri, 16 Feb 2007 19:37:58 +0000 (19:37 +0000)]
updates for OpenSSH 4.5p1
jbasney [Fri, 16 Feb 2007 19:37:12 +0000 (19:37 +0000)]
GSSAPI entries added
jbasney [Fri, 16 Feb 2007 19:20:15 +0000 (19:20 +0000)]
update missing from merge of Simon's
20061220 patch
jbasney [Thu, 15 Feb 2007 21:22:34 +0000 (21:22 +0000)]
jbasney [Thu, 15 Feb 2007 21:09:31 +0000 (21:09 +0000)]
update from Simon
jbasney [Thu, 15 Feb 2007 21:08:24 +0000 (21:08 +0000)]
hpn12v14 updates
jbasney [Thu, 15 Feb 2007 21:07:39 +0000 (21:07 +0000)]
new comment in Simon's code
jbasney [Thu, 15 Feb 2007 21:07:21 +0000 (21:07 +0000)]
add KEX_GSS_GRP14_SHA1 handling
jbasney [Thu, 15 Feb 2007 21:06:21 +0000 (21:06 +0000)]
whitespace
jbasney [Thu, 15 Feb 2007 21:06:07 +0000 (21:06 +0000)]
whitespace agreement with hpn patch
jbasney [Mon, 12 Feb 2007 21:05:53 +0000 (21:05 +0000)]
replace C++ style comments with C style
jbasney [Sat, 10 Feb 2007 21:43:22 +0000 (21:43 +0000)]
add GssapiCredentialsPath option for sshd_config as requested in
http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=348
jbasney [Fri, 1 Dec 2006 11:38:56 +0000 (11:38 +0000)]
Protocol 2 only by default
jbasney [Fri, 10 Nov 2006 22:31:40 +0000 (22:31 +0000)]
merged OpenSSH 4.5p1 to trunk
jbasney [Fri, 10 Nov 2006 22:12:10 +0000 (22:12 +0000)]
remove derived files from cvs
jbasney [Fri, 10 Nov 2006 21:53:34 +0000 (21:53 +0000)]
merge updates from OPENSSH_4_4P1_SIMON_20061002_HPN to trunk
jbasney [Thu, 28 Sep 2006 20:24:05 +0000 (20:24 +0000)]
merged OpenSSH 4.4p1 to trunk
jbasney [Wed, 27 Sep 2006 22:05:17 +0000 (22:05 +0000)]
Initial revision
jbasney [Tue, 19 Sep 2006 22:46:18 +0000 (22:46 +0000)]
lost last two lines when applied the patch?
jbasney [Thu, 27 Jul 2006 14:46:26 +0000 (14:46 +0000)]
3.8 release
jbasney [Wed, 26 Jul 2006 21:14:25 +0000 (21:14 +0000)]
3.8 release
jbasney [Wed, 26 Jul 2006 21:11:57 +0000 (21:11 +0000)]
updates for 3.8 release
jbasney [Wed, 26 Jul 2006 21:11:13 +0000 (21:11 +0000)]
unused
jbasney [Wed, 26 Jul 2006 21:10:41 +0000 (21:10 +0000)]
updates for 3.8
jbasney [Wed, 26 Jul 2006 20:14:46 +0000 (20:14 +0000)]
NCSA_GSSAPI_20060726
jbasney [Wed, 26 Jul 2006 19:24:11 +0000 (19:24 +0000)]
openssh-4.3p2-hpn12.diff
jbasney [Sun, 23 Jul 2006 21:19:14 +0000 (21:19 +0000)]
use globus_gss_assist_map_and_authorize() if it's available instead of
globus_gss_assist_userok() and globus_gss_assist_gridmap() to allow
use of the Globus Authz Callout interface.
http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=4592
jbasney [Sun, 23 Jul 2006 21:18:13 +0000 (21:18 +0000)]
gss_ctx_id_t needed in ssh_gssapi_client struct to pass to
globus_gss_assist_map_and_authorize()
jbasney [Sun, 23 Jul 2006 21:17:15 +0000 (21:17 +0000)]
check for existence of globus_gss_assist_map_and_authorize()
jbasney [Sun, 23 Jul 2006 21:04:48 +0000 (21:04 +0000)]
send "failed to set username from gssapi context" error back to client
jbasney [Wed, 10 May 2006 14:42:26 +0000 (14:42 +0000)]
NCSA_GSSAPI_20060510
jbasney [Wed, 10 May 2006 14:41:05 +0000 (14:41 +0000)]
need ServerOptions for gsi_allow_limited_proxy
jbasney [Tue, 28 Mar 2006 06:24:53 +0000 (06:24 +0000)]
add support for GsiAllowLimitedProxy option
jbasney [Tue, 14 Mar 2006 20:23:54 +0000 (20:23 +0000)]
- 3.7 release
- ln -s -> ln -sf
jbasney [Tue, 14 Mar 2006 20:23:13 +0000 (20:23 +0000)]
3.7 release
jbasney [Tue, 7 Mar 2006 23:12:49 +0000 (23:12 +0000)]
remove unnecessary deviations from Simon's patch
jbasney [Tue, 7 Mar 2006 23:12:24 +0000 (23:12 +0000)]
KexOptions no longer used
jbasney [Tue, 7 Mar 2006 23:12:03 +0000 (23:12 +0000)]
oops, #elsif should be #elif
jbasney [Tue, 7 Mar 2006 21:56:57 +0000 (21:56 +0000)]
oops, return missing break from bad merge
jbasney [Tue, 7 Mar 2006 21:55:27 +0000 (21:55 +0000)]
remove unneeded #includes
jbasney [Tue, 7 Mar 2006 21:53:09 +0000 (21:53 +0000)]
minimize diffs with Simon's patch
jbasney [Tue, 7 Mar 2006 19:04:23 +0000 (19:04 +0000)]
update from Simon's openssh-4.3p2-gsskex-
20060223 .patch
jbasney [Mon, 13 Feb 2006 19:47:40 +0000 (19:47 +0000)]
merge
http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.3p1-hpn11-none.diff
to trunk
jbasney [Mon, 13 Feb 2006 19:29:11 +0000 (19:29 +0000)]
Import of OpenSSH 4.3p2
jbasney [Thu, 2 Feb 2006 20:32:10 +0000 (20:32 +0000)]
apply updates from OpenSSH-4.3p1-hpn11-none.patch
jbasney [Thu, 2 Feb 2006 19:29:51 +0000 (19:29 +0000)]
merged OpenSSH 4.3p1 to trunk
jbasney [Thu, 2 Feb 2006 16:17:32 +0000 (16:17 +0000)]
Initial revision
jbasney [Tue, 20 Dec 2005 22:19:15 +0000 (22:19 +0000)]
fix bug that could result in an empty packaging_list in the bundle
jbasney [Tue, 20 Dec 2005 21:33:20 +0000 (21:33 +0000)]
3.6 release
jbasney [Tue, 20 Dec 2005 19:29:12 +0000 (19:29 +0000)]
NCSA_GSSAPI_20051220
jbasney [Tue, 20 Dec 2005 19:20:06 +0000 (19:20 +0000)]
openssh-4.2p1-hpn11-none.diff from
http://www.psc.edu/networking/projects/hpn-ssh/
jbasney [Mon, 19 Dec 2005 22:53:37 +0000 (22:53 +0000)]
merged OPENSSH_4_2P1_SIMON-
20050926 -2 to trunk
jbasney [Tue, 6 Sep 2005 03:29:13 +0000 (03:29 +0000)]
update patch date to today; prepare for release
jbasney [Tue, 6 Sep 2005 03:28:55 +0000 (03:28 +0000)]
initialize pointers to avoid compiler warnings
jbasney [Tue, 6 Sep 2005 03:27:54 +0000 (03:27 +0000)]
fix compiler warning on incorrect type signedness
jbasney [Tue, 6 Sep 2005 03:27:30 +0000 (03:27 +0000)]
fix compiler warnings: initialize pointer and change int to u_int
jbasney [Tue, 6 Sep 2005 03:26:44 +0000 (03:26 +0000)]
fix types of two variables to avoid compiler warnings
jbasney [Tue, 6 Sep 2005 03:12:07 +0000 (03:12 +0000)]
handle NULL return value from gethostbyname()
jbasney [Tue, 6 Sep 2005 02:48:23 +0000 (02:48 +0000)]
merged OpenSSH 4.2p1 to trunk
jbasney [Tue, 6 Sep 2005 02:23:06 +0000 (02:23 +0000)]
Initial revision
jbasney [Tue, 7 Jun 2005 21:42:15 +0000 (21:42 +0000)]
bugfix for revision 1.5: if GSS_S_COMPLETE is returned, we should send
SSH2_MSG_KEXGSS_COMPLETE as before, not SSH2_MSG_KEXGSS_CONTINUE.
the other change in revision 1.5 is still good and is a complete fix
for the previous problem.
jbasney [Thu, 26 May 2005 19:52:46 +0000 (19:52 +0000)]
OPENSSH_4_1P1_GSSAPI_20050526
jbasney [Thu, 26 May 2005 19:49:24 +0000 (19:49 +0000)]
merged OpenSSH 4.1p1 to trunk
jbasney [Wed, 11 May 2005 14:53:27 +0000 (14:53 +0000)]
fix typo on last checkin
jbasney [Wed, 11 May 2005 14:50:38 +0000 (14:50 +0000)]
fix for handling gss_accept_sec_context() return values:
- draft-ietf-secsh-gsskeyex-08.txt says we should send the token if
GSS_S_CONTINUE_NEEDED is returned *or* if GSS_S_COMPLETE is returned
and we have a token of non-zero length
- remove fatal() on GSS_ERRORs with send_tok.length==0. we should send
back the error message before aborting.
jbasney [Sat, 12 Mar 2005 21:51:45 +0000 (21:51 +0000)]
don't support very old, incorrect oid encoding anymore.
jbasney [Sat, 12 Mar 2005 21:43:27 +0000 (21:43 +0000)]
match whitespace in OpenSSH portable release
jbasney [Sat, 12 Mar 2005 21:42:20 +0000 (21:42 +0000)]
gssapi_kerberos_mech_old and gssapi_gsi_mech_old no longer used.
don't need to maintain compatibility with very old versions.
jbasney [Sat, 12 Mar 2005 20:38:12 +0000 (20:38 +0000)]
merged OpenSSH 4.0p1 to trunk and removed GSSAPI compat flags needed for compat with OpenSSH 3.6.1 and earlier.
jbasney [Sat, 12 Mar 2005 19:37:25 +0000 (19:37 +0000)]
Initial revision
cphillip [Tue, 24 Aug 2004 19:23:53 +0000 (19:23 +0000)]
Bump to version 3.5/3.9p1.
cphillip [Tue, 24 Aug 2004 19:10:59 +0000 (19:10 +0000)]
Remove unnecessary newlines from mdist config file.
cphillip [Tue, 24 Aug 2004 18:32:37 +0000 (18:32 +0000)]
Selectively look for packages in current directory or in ../packages-harvest.
cphillip [Tue, 24 Aug 2004 18:29:40 +0000 (18:29 +0000)]
Bump to version 3.5.
cphillip [Tue, 24 Aug 2004 18:28:46 +0000 (18:28 +0000)]
Remove unnecessary new lines from mdist config.
cphillip [Tue, 24 Aug 2004 18:27:50 +0000 (18:27 +0000)]
Bump to version 3.5/3.9p1.
cphillip [Tue, 24 Aug 2004 17:58:27 +0000 (17:58 +0000)]
Remove unnecessary newlines from mdist config file.
cphillip [Tue, 24 Aug 2004 17:56:47 +0000 (17:56 +0000)]
Update sshd_config file based on latest OpenSSH sshd_config.
jbasney [Thu, 19 Aug 2004 04:27:43 +0000 (04:27 +0000)]
- always initialize authctxt->valid = 0
- wrap GSSAPI-specific code in #ifdef GSSAPI and format for cleaner patch
jbasney [Thu, 19 Aug 2004 04:20:13 +0000 (04:20 +0000)]
clean up code to set authctxt->service and authctxt->style only once.
using 'if (authctxt->attempt == 1)' is clearer than testing for
(authctxt->service == NULL).
jbasney [Wed, 18 Aug 2004 21:59:30 +0000 (21:59 +0000)]
call ssh_gssapi_check_mechanism() before attempting gssapi userauth.
no need to even try if the mechanism doesn't pass checks, i.e., we
don't have a credential.
jbasney [Wed, 18 Aug 2004 21:57:02 +0000 (21:57 +0000)]
if no gss mechs, then disable gss_authentication. no need to try.
jbasney [Wed, 18 Aug 2004 21:56:29 +0000 (21:56 +0000)]
change 2nd arg of ssh_gssapi_check_mechanism() to const char *
jbasney [Wed, 18 Aug 2004 21:20:09 +0000 (21:20 +0000)]
be sure not to call xfree(NULL)
jbasney [Wed, 18 Aug 2004 21:07:10 +0000 (21:07 +0000)]
don't allow change of service or style when username changes
jbasney [Wed, 18 Aug 2004 21:06:33 +0000 (21:06 +0000)]
replace
if (strcmp(authctxt->user, "") != 0)
with equivalent
if (authctxt->user[0])
and added some comments
jbasney [Wed, 18 Aug 2004 19:48:11 +0000 (19:48 +0000)]
replace
if (strcmp(authctxt->user, "") != 0)
with equivalent
if (authctxt->user[0])
jbasney [Wed, 18 Aug 2004 19:20:19 +0000 (19:20 +0000)]
unused
jbasney [Wed, 18 Aug 2004 19:11:34 +0000 (19:11 +0000)]
merge OpenSSH 3.9p1 to trunk
jbasney [Wed, 18 Aug 2004 18:01:41 +0000 (18:01 +0000)]
Initial revision
jbasney [Wed, 18 Aug 2004 14:54:18 +0000 (14:54 +0000)]
fix for bug 244 (https://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=244):
setting authctxt->pw and authctxt->user to NULL is not a good idea.
other code assumes they will be set. so put in placeholders if we
don't have the implicit username yet.
jbasney [Wed, 18 Aug 2004 14:51:33 +0000 (14:51 +0000)]
authctxt->user should never be null but add a test just to be sure
jbasney [Wed, 14 Jul 2004 13:29:57 +0000 (13:29 +0000)]
don't include "external-keyx" in case for setting username from GSSAPI
context later. if we don't set the username from the GSSAPI context
here for "external-keyx", we're not going to do it later either,
because the context should already be established from the key
exchange. only the "gssapi" userauth methods need to postpone setting
the username, as the GSSAPI context hasn't been established yet.
jbasney [Wed, 14 Jul 2004 01:02:29 +0000 (01:02 +0000)]
version 3.4
jbasney [Wed, 14 Jul 2004 00:30:09 +0000 (00:30 +0000)]
NCSA_GSSAPI_20040713
jbasney [Wed, 14 Jul 2004 00:24:54 +0000 (00:24 +0000)]
remove prototype for ssh_gssapi_mechanisms() function that no longer exists
jbasney [Wed, 14 Jul 2004 00:23:42 +0000 (00:23 +0000)]
call get_canonical_hostname(1) to pass FQDN with ssh_gssapi_import_name()
so we correctly resolve hostnames for gssapi userauth
jbasney [Tue, 13 Jul 2004 23:48:27 +0000 (23:48 +0000)]
fix for http://grid.ncsa.uiuc.edu/ssh/implicitlogin.adv vulnerability:
- don't return success from userauth if authctxt->valid == 0
as that flag is set after important checks for disabled accounts
- proceed with userauth_gssapi() even if authctxt->valid == 0,
because we might set it based on GSSAPI context later, and we
check it before returning success
- set authctxt->valid = 1 only if getpwnamallow() checks succeed
other:
- pass in authctxt to start_pam(), as the signature changed
jbasney [Tue, 13 Jul 2004 23:34:55 +0000 (23:34 +0000)]
fix for http://grid.ncsa.uiuc.edu/ssh/implicitlogin.adv vulnerability:
- set authctxt->value = 0 until we actually verify it via
getpwnamallow(user), which checks for disabled accounts
other code cleanup:
- remove unneeded check for authctxt->valid before printing a debug
msg, leftover from old logic
- remove spurious ';'
- added a comment on end brace for implicit username block
jbasney [Tue, 29 Jun 2004 19:44:42 +0000 (19:44 +0000)]
3.3 release
This page took 0.156635 seconds and 4 git commands to generate.