summaryrefslogtreecommitdiffhomepage
path: root/svr-auth.c
AgeCommit message (Collapse)Author
2020-03-18Improve address logging on early exit messages (#83)Kevin Darbyshire-Bryant
Change 'Early exit' and 'Exit before auth' messages to include the IP address & port as part of the message. This allows log scanning utilities such as 'fail2ban' to obtain the offending IP address as part of the failure event instead of extracting the PID from the message and then scanning the log again for match 'child connection from' messages Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-03-20Support servers without multiple user support (#76)Patrick Stewart
2018-11-05- Add adaptive authentication failure delayMatt Johnston
- Rework monotonic_now/gettime_wrapper and use clock_gettime on more platforms
2018-08-23Merge bugfix delay invalid usersMatt Johnston
2018-08-23Wait to fail invalid usernamesMatt Johnston
2018-02-28merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-28clean some fuzzing conditionalsMatt Johnston
--HG-- branch : fuzz
2018-02-28fix #endif (#59)François Perrad
2018-02-28fix #endif (#59)François Perrad
2018-02-28- #if not #ifdef for DROPBEAR_FUZZMatt Johnston
- fix some unused variables --HG-- branch : fuzz
2018-02-28merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-27add guard HAVE_GETGROUPLISTMatt Johnston
2018-02-26merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-26- Don't try to handle changed usernamesMatt Johnston
- Avoid logging repeated failed username messages
2018-02-26more linting (#58)François Perrad
* const parameter * fix indentation
2018-02-26Fix restricted group code for BSDs, move to separate functionMatt Johnston
2018-02-20Added the -G option to allow logins only for users that are members of a ↵stellarpower
certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
2018-02-17merge from mainMatt Johnston
--HG-- branch : fuzz
2018-01-23merge up to dateMatt Johnston
--HG-- branch : fuzz
2017-08-19Pointer parameter could be declared as pointing to constFrancois Perrad
2017-06-30fix DROBPEAR_FUZZ auth delayMatt Johnston
--HG-- branch : fuzz
2017-06-25dropbear server: support -T max auth triesKevin Darbyshire-Bryant
Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-18merge main to fuzzMatt Johnston
--HG-- branch : fuzz
2017-05-13fuzz harnessMatt Johnston
--HG-- branch : fuzz
2017-05-12copy over some fuzzing code from AFL branchMatt Johnston
--HG-- branch : fuzz
2016-05-04Convert #ifdef to #if, other build changesMatt Johnston
2016-03-16fix empty C prototypesFrancois Perrad
2015-08-03Fix problem where auth timeout wasn't checked when waiting for identMatt Johnston
2015-06-04buf_getstring and buf_putstring now use non-unsigned char*Matt Johnston
2015-05-05Turn username, servicename and methodname local variables into char *Gaël PORTAY
Changing checkusername()'s username argument into char * as well.
2015-05-05Fix pointer differ in signess warnings [-Werror=pointer-sign]Gaël PORTAY
2014-07-09Fix auth timeout regressionMatt Johnston
2013-11-14rename random.h to dbrandom.h since some OSes have a system random.hMatt Johnston
--HG-- rename : random.c => dbrandom.c rename : random.h => dbrandom.h
2013-11-12Various cleanups and fixes for warningsMatt Johnston
--HG-- branch : ecc
2013-10-18Merge in changes from the past couple of releasesMatt Johnston
--HG-- branch : ecc
2013-10-03Send PAM error messages as a banner messagesMatt Johnston
Patch from Martin Donnelly, modified.
2013-05-26improve auth failure delays to avoid indicating which users existMatt Johnston
2013-05-21merge in HEADMatt Johnston
--HG-- branch : ecc
2013-04-17If running as non-root only allow that user to log inMatt Johnston
2013-04-08- Fix various hardcoded uses of SHA1Matt Johnston
- rename curves to nistp256 etc - fix svr-auth.c TRACE problem --HG-- branch : ecc
2013-04-07ecc kind of works, needs fixing/testingMatt Johnston
--HG-- branch : ecc
2013-02-12Allow configuring "allow blank password option" at runtimePaul Eggleton
Changes this from a compile-time switch to a command-line option. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2012-05-09Don't TRACE() the pw_passwdMatt Johnston
2012-05-09Fix empty password immediate loginMatt Johnston
2012-05-09Return immediate success for blank passwords if allowedMatt Johnston
2011-10-26- Add ALLOW_BLANK_PASSWORD optionMatt Johnston
- Don't reject blank-password logins via public key --HG-- extra : convert_revision : 2d4bb3ecb013a7be47a7b470fc6b23e653a43dfb
2011-02-23Improve capitalisation for all logged stringsMatt Johnston
--HG-- extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
2009-09-08- Test for pam_fail_delay() function in configureMatt Johnston
- Recognise "username:" as a PAM prompt - Add some randomness to the auth-failure delay - Fix wrongly committed options.h/debug.h --HG-- extra : convert_revision : f242f0e66fb0ea5d3b374995d2f548d37dd8f3a3
2008-09-29Add support for zlib@openssh.com delayed compression.Matt Johnston
Are still advertising 'zlib' for the server, need to allow delayed-only as an option --HG-- extra : convert_revision : 319df675cc3c9b35a10b7d8357c94f33fdab1a46
2008-09-15- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.Matt Johnston
--HG-- extra : convert_revision : 45069dd007ebf414330e0a7abf4fb7e0727049c3