]>
andersk Git - gssapi-openssh.git/log
cphillip [Tue, 24 Aug 2004 18:28:46 +0000 (18:28 +0000)]
Remove unnecessary new lines from mdist config.
cphillip [Tue, 24 Aug 2004 18:27:50 +0000 (18:27 +0000)]
Bump to version 3.5/3.9p1.
cphillip [Tue, 24 Aug 2004 17:58:27 +0000 (17:58 +0000)]
Remove unnecessary newlines from mdist config file.
cphillip [Tue, 24 Aug 2004 17:56:47 +0000 (17:56 +0000)]
Update sshd_config file based on latest OpenSSH sshd_config.
jbasney [Thu, 19 Aug 2004 04:27:43 +0000 (04:27 +0000)]
- always initialize authctxt->valid = 0
- wrap GSSAPI-specific code in #ifdef GSSAPI and format for cleaner patch
jbasney [Thu, 19 Aug 2004 04:20:13 +0000 (04:20 +0000)]
clean up code to set authctxt->service and authctxt->style only once.
using 'if (authctxt->attempt == 1)' is clearer than testing for
(authctxt->service == NULL).
jbasney [Wed, 18 Aug 2004 21:59:30 +0000 (21:59 +0000)]
call ssh_gssapi_check_mechanism() before attempting gssapi userauth.
no need to even try if the mechanism doesn't pass checks, i.e., we
don't have a credential.
jbasney [Wed, 18 Aug 2004 21:57:02 +0000 (21:57 +0000)]
if no gss mechs, then disable gss_authentication. no need to try.
jbasney [Wed, 18 Aug 2004 21:56:29 +0000 (21:56 +0000)]
change 2nd arg of ssh_gssapi_check_mechanism() to const char *
jbasney [Wed, 18 Aug 2004 21:20:09 +0000 (21:20 +0000)]
be sure not to call xfree(NULL)
jbasney [Wed, 18 Aug 2004 21:07:10 +0000 (21:07 +0000)]
don't allow change of service or style when username changes
jbasney [Wed, 18 Aug 2004 21:06:33 +0000 (21:06 +0000)]
replace
if (strcmp(authctxt->user, "") != 0)
with equivalent
if (authctxt->user[0])
and added some comments
jbasney [Wed, 18 Aug 2004 19:48:11 +0000 (19:48 +0000)]
replace
if (strcmp(authctxt->user, "") != 0)
with equivalent
if (authctxt->user[0])
jbasney [Wed, 18 Aug 2004 19:20:19 +0000 (19:20 +0000)]
unused
jbasney [Wed, 18 Aug 2004 19:11:34 +0000 (19:11 +0000)]
merge OpenSSH 3.9p1 to trunk
jbasney [Wed, 18 Aug 2004 18:01:41 +0000 (18:01 +0000)]
Initial revision
jbasney [Wed, 18 Aug 2004 14:54:18 +0000 (14:54 +0000)]
fix for bug 244 (https://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=244):
setting authctxt->pw and authctxt->user to NULL is not a good idea.
other code assumes they will be set. so put in placeholders if we
don't have the implicit username yet.
jbasney [Wed, 18 Aug 2004 14:51:33 +0000 (14:51 +0000)]
authctxt->user should never be null but add a test just to be sure
jbasney [Wed, 14 Jul 2004 13:29:57 +0000 (13:29 +0000)]
don't include "external-keyx" in case for setting username from GSSAPI
context later. if we don't set the username from the GSSAPI context
here for "external-keyx", we're not going to do it later either,
because the context should already be established from the key
exchange. only the "gssapi" userauth methods need to postpone setting
the username, as the GSSAPI context hasn't been established yet.
jbasney [Wed, 14 Jul 2004 01:02:29 +0000 (01:02 +0000)]
version 3.4
jbasney [Wed, 14 Jul 2004 00:30:09 +0000 (00:30 +0000)]
NCSA_GSSAPI_20040713
jbasney [Wed, 14 Jul 2004 00:24:54 +0000 (00:24 +0000)]
remove prototype for ssh_gssapi_mechanisms() function that no longer exists
jbasney [Wed, 14 Jul 2004 00:23:42 +0000 (00:23 +0000)]
call get_canonical_hostname(1) to pass FQDN with ssh_gssapi_import_name()
so we correctly resolve hostnames for gssapi userauth
jbasney [Tue, 13 Jul 2004 23:48:27 +0000 (23:48 +0000)]
fix for http://grid.ncsa.uiuc.edu/ssh/implicitlogin.adv vulnerability:
- don't return success from userauth if authctxt->valid == 0
as that flag is set after important checks for disabled accounts
- proceed with userauth_gssapi() even if authctxt->valid == 0,
because we might set it based on GSSAPI context later, and we
check it before returning success
- set authctxt->valid = 1 only if getpwnamallow() checks succeed
other:
- pass in authctxt to start_pam(), as the signature changed
jbasney [Tue, 13 Jul 2004 23:34:55 +0000 (23:34 +0000)]
fix for http://grid.ncsa.uiuc.edu/ssh/implicitlogin.adv vulnerability:
- set authctxt->value = 0 until we actually verify it via
getpwnamallow(user), which checks for disabled accounts
other code cleanup:
- remove unneeded check for authctxt->valid before printing a debug
msg, leftover from old logic
- remove spurious ';'
- added a comment on end brace for implicit username block
jbasney [Tue, 29 Jun 2004 19:44:42 +0000 (19:44 +0000)]
3.3 release
jbasney [Tue, 29 Jun 2004 02:59:04 +0000 (02:59 +0000)]
fail gss userauth if we received a limited globus proxy
jbasney [Tue, 29 Jun 2004 02:58:15 +0000 (02:58 +0000)]
don't abort gsskex if client gives a limited proxy.
we'll deal with it gracefully in userauth.
jbasney [Tue, 29 Jun 2004 02:57:29 +0000 (02:57 +0000)]
- initialize ret_flags before calling gss_accept_sec_context()
because GSI treats ret_flags as both input and output parameters
- only call start_pam() if UsePAM=yes
jbasney [Tue, 29 Jun 2004 01:08:51 +0000 (01:08 +0000)]
in addition to passing LD_LIBRARY_PATH to child's environment to
local GSI shared libraries, also pass LIBPATH, SHLIB_PATH,
LD_LIBRARYN32_PATH, and LD_LIBRARY64_PATH for odd platforms
jbasney [Wed, 5 May 2004 14:53:37 +0000 (14:53 +0000)]
new patch version
jbasney [Wed, 5 May 2004 14:46:16 +0000 (14:46 +0000)]
fix compiler warnings due to type mismatches (size_t vs. int)
jbasney [Wed, 5 May 2004 14:41:27 +0000 (14:41 +0000)]
merged OpenSSH 3.8.1p1 to trunk
jbasney [Tue, 4 May 2004 19:35:35 +0000 (19:35 +0000)]
Initial revision
jbasney [Sat, 1 May 2004 19:48:30 +0000 (19:48 +0000)]
Darwin's getaddrinfo()'s handing of AI_NUMERICHOST is broken so
unconditionally AC_DEFINE(BROKEN_GETADDRINFO) so our reverse lookups
for GSI succeed
jbasney [Wed, 28 Apr 2004 01:36:37 +0000 (01:36 +0000)]
-lkrbafs needs -lkrb4 (in --wiith-afs-krb5 configuration)
cphillip [Fri, 23 Apr 2004 22:24:50 +0000 (22:24 +0000)]
o Bump version of setup package to 3.2 in metadata file.
cphillip [Fri, 23 Apr 2004 22:17:35 +0000 (22:17 +0000)]
o Bump package metadata to version 3.2.
cphillip [Fri, 23 Apr 2004 02:24:44 +0000 (02:24 +0000)]
o Remove unneeded LD_LIBRARY_PATH changes from setup script.
cphillip [Fri, 23 Apr 2004 02:20:27 +0000 (02:20 +0000)]
o Bump to version 3.2.
jbasney [Fri, 23 Apr 2004 02:19:12 +0000 (02:19 +0000)]
bump patch version to NCSA_GSSAPI_20040423
cphillip [Fri, 23 Apr 2004 02:18:22 +0000 (02:18 +0000)]
o Source globus-user-env.sh prior to executing our main perl setup
script.
jbasney [Fri, 23 Apr 2004 02:16:56 +0000 (02:16 +0000)]
re-fix old bug, re-introduced on re-merge of Simon's code:
gss_indicate_mechs() needs to be in PRIVSEP() because we need the list
of mechanisms supported by the privileged process; the unprivileged
process can't load gssapi mech libraries
jbasney [Thu, 22 Apr 2004 21:05:01 +0000 (21:05 +0000)]
fix mechglue build
jbasney [Thu, 22 Apr 2004 18:33:10 +0000 (18:33 +0000)]
fix OpenSSH build problem with xlc on AIX 5.2
jbasney [Fri, 5 Mar 2004 22:01:02 +0000 (22:01 +0000)]
GSI-OpenSSH 3.1 / OpenSSH 3.8p1
jbasney [Fri, 5 Mar 2004 19:22:40 +0000 (19:22 +0000)]
don't clear environment. GSI needs it (GLOBUS_LOCATION, X509_CERT_DIR, LD_LIBRARY_PATH, etc.)
jbasney [Fri, 5 Mar 2004 16:51:02 +0000 (16:51 +0000)]
3.1
jbasney [Fri, 5 Mar 2004 16:50:35 +0000 (16:50 +0000)]
updates from OpenSSH 3.8p1 release
jbasney [Fri, 5 Mar 2004 16:50:07 +0000 (16:50 +0000)]
3.1 OpenSSH 3.8p1
jbasney [Thu, 4 Mar 2004 21:32:26 +0000 (21:32 +0000)]
remove superfluous #includes
jbasney [Thu, 4 Mar 2004 21:29:15 +0000 (21:29 +0000)]
don't need to include compat.h twice
jbasney [Thu, 4 Mar 2004 21:27:04 +0000 (21:27 +0000)]
don't need to include ssh2.h and compat.h twice. (isn't merging fun?)
jbasney [Thu, 4 Mar 2004 21:24:17 +0000 (21:24 +0000)]
GSSAPICleanupCreds is now GSSAPICleanupCredentials
jbasney [Thu, 4 Mar 2004 21:24:00 +0000 (21:24 +0000)]
remove duplicate krb5_cleanup_proc() call introduced in merge
jbasney [Thu, 4 Mar 2004 21:23:39 +0000 (21:23 +0000)]
replace #include "compat.h" as it's included in regular openssh release
jbasney [Thu, 4 Mar 2004 20:52:11 +0000 (20:52 +0000)]
new patch release today
jbasney [Thu, 4 Mar 2004 20:52:01 +0000 (20:52 +0000)]
need extern ServerOptions options declaration
jbasney [Thu, 4 Mar 2004 20:48:44 +0000 (20:48 +0000)]
wrap do_pam_putenv() in if (options.use_pam) as done elsewhere
(new in OpenSSH 3.8p1)
jbasney [Thu, 4 Mar 2004 20:32:44 +0000 (20:32 +0000)]
remove unused label
jbasney [Thu, 4 Mar 2004 20:31:42 +0000 (20:31 +0000)]
shrink gssapi compat code based on simon's compat patch
jbasney [Wed, 25 Feb 2004 02:43:33 +0000 (02:43 +0000)]
merge OpenSSH 3.8p1 with trunk
- new gssapi-with-mic userauth method: added flag to support both new
method and old gssapi method for backward compat
- new USE_AFS code needs to be merged with old AFS_KRB5 code
jbasney [Tue, 24 Feb 2004 19:42:07 +0000 (19:42 +0000)]
Initial revision
jbasney [Tue, 24 Feb 2004 19:28:01 +0000 (19:28 +0000)]
bugfix: == isn't valid /bin/sh syntax; use = instead
jbasney [Mon, 9 Feb 2004 19:07:11 +0000 (19:07 +0000)]
fix logic error on implicit username: don't assume username must change
for implicit to work; always reset authctxt for implicit username case
jbasney [Mon, 9 Feb 2004 19:04:38 +0000 (19:04 +0000)]
print "<implicit>" for empty usernames
jbasney [Fri, 23 Jan 2004 22:09:12 +0000 (22:09 +0000)]
resync with vendor branch; should not have local modifications here
jbasney [Fri, 23 Jan 2004 21:49:01 +0000 (21:49 +0000)]
resolve_localhost() not needed here, as we already do it in ssh_gssapi_import_name()
jbasney [Fri, 23 Jan 2004 21:48:16 +0000 (21:48 +0000)]
fix bug that was bypassing resolve_localhost() call, introduced in merge
of OpenSSH 3.7p1
jbasney [Fri, 23 Jan 2004 21:47:43 +0000 (21:47 +0000)]
remove unneeded #include "compat.h"
cphillip [Thu, 22 Jan 2004 22:21:40 +0000 (22:21 +0000)]
o Bump version to 3.0.
cphillip [Thu, 22 Jan 2004 22:19:54 +0000 (22:19 +0000)]
o Bump to version 3.0.
cphillip [Thu, 22 Jan 2004 22:03:49 +0000 (22:03 +0000)]
o Remove compat package from bundle
cphillip [Thu, 22 Jan 2004 22:03:16 +0000 (22:03 +0000)]
o Remove compat package from bundle.
cphillip [Thu, 22 Jan 2004 21:59:35 +0000 (21:59 +0000)]
o Bump version number in the bundle version script.
cphillip [Thu, 22 Jan 2004 21:58:21 +0000 (21:58 +0000)]
o Reverse some changes to source bundle.
cphillip [Thu, 22 Jan 2004 21:30:25 +0000 (21:30 +0000)]
o Bump to version 2.11.
o Sign bundle automatically.
cphillip [Thu, 22 Jan 2004 21:28:48 +0000 (21:28 +0000)]
o Bump to version 2.11.
cphillip [Thu, 22 Jan 2004 21:26:35 +0000 (21:26 +0000)]
o Update ssh_prng_cmds.in to match trunk version.
cphillip [Thu, 22 Jan 2004 21:24:56 +0000 (21:24 +0000)]
o Update ssh_config to match OpenSSH 3.7.1p2.
cphillip [Thu, 22 Jan 2004 21:24:00 +0000 (21:24 +0000)]
o Update sshd_config to match OpenSSH 3.7.1p2.
jbasney [Thu, 22 Jan 2004 20:30:21 +0000 (20:30 +0000)]
make --with-globus optional if --with-globus-static is specified
cphillip [Thu, 22 Jan 2004 20:08:00 +0000 (20:08 +0000)]
o Bump to version 2.11.
jbasney [Mon, 19 Jan 2004 17:48:30 +0000 (17:48 +0000)]
NCSA_GSSAPI_20040119
jbasney [Sat, 17 Jan 2004 17:24:17 +0000 (17:24 +0000)]
include GSI, KRB5, and MECHGLUE in version string based on configure
options for more debugging info
jbasney [Sat, 17 Jan 2004 16:55:39 +0000 (16:55 +0000)]
add NCSA_GSSAPI_20040117 to SSH_VERSION spec so we can determine remote
software version info (if our patch is applied)
jbasney [Sat, 17 Jan 2004 07:10:10 +0000 (07:10 +0000)]
bugfix: according to spec, we MUST skip external-keyx if gsskex not
performed. it has no chance of success.
jbasney [Sat, 17 Jan 2004 06:24:20 +0000 (06:24 +0000)]
- added --with-globus-static to link statically with Globus libs
- added check for existence of $GLOBUS_LOCATION directory
- minor modifications to -help text
jbasney [Sat, 17 Jan 2004 05:36:33 +0000 (05:36 +0000)]
on receipt of SSH2_MSG_KEXGSS_ERROR, exit with fatal() error message rather
than falling through to misleading "Protocol error" message
jbasney [Sat, 17 Jan 2004 05:04:01 +0000 (05:04 +0000)]
if --with-globus-flavor is given, assume --with-globus
jbasney [Sat, 17 Jan 2004 04:51:35 +0000 (04:51 +0000)]
remove GSSAPI authentication support for SSH protocol 1
jbasney [Fri, 16 Jan 2004 16:40:57 +0000 (16:40 +0000)]
add gsisftp symlinks on make install
cphillip [Thu, 15 Jan 2004 18:48:38 +0000 (18:48 +0000)]
o Add bundle signing script
cphillip [Wed, 14 Jan 2004 18:27:00 +0000 (18:27 +0000)]
o Change readable tests to present for when to link key files.
cphillip [Tue, 13 Jan 2004 21:03:36 +0000 (21:03 +0000)]
o Add gsi_openssh_compat to gsi-openssh bundle.
cphillip [Tue, 13 Jan 2004 21:01:07 +0000 (21:01 +0000)]
Initial revision
cphillip [Tue, 13 Jan 2004 19:44:35 +0000 (19:44 +0000)]
o Bump to version 2.10.
cphillip [Tue, 13 Jan 2004 19:44:18 +0000 (19:44 +0000)]
o Use gsissh executables in $GL/bin/ssh.d/ instead of $GL/bin/.
cphillip [Tue, 13 Jan 2004 19:41:47 +0000 (19:41 +0000)]
o Link key files rather than copy them.
cphillip [Tue, 6 Jan 2004 19:11:07 +0000 (19:11 +0000)]
Initial revision
This page took 1.357349 seconds and 4 git commands to generate.