Darren Tucker
2c77b7f1c1
- (dtucker) [auth-pam.c] Bug #1188 : pass result of do_pam_account back and
...
do not allow kbdint again after the PAM account check fails. ok djm@
2006-05-15 17:22:33 +10:00
Darren Tucker
d8093e49bf
- (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
...
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
2006-05-04 16:24:34 +10:00
Damien Miller
36812092ec
- djm@cvs.openbsd.org 2006/03/25 01:13:23
...
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
2006-03-26 14:22:47 +11:00
Damien Miller
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
66f9eb65ff
- (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
...
elad AT NetBSD.org
2006-03-18 23:04:49 +11:00
Damien Miller
6645e7a70d
- (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
...
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
[sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/glob.c openbsd-compat/mktemp.c]
[openbsd-compat/readpassphrase.c] Lots of include fixes for
OpenSolaris
2006-03-15 14:42:54 +11:00
Darren Tucker
1d4ebbf143
Correct format in debug message
2006-01-29 16:46:13 +11:00
Darren Tucker
7b1e695846
- (dtucker) [auth-pam.c] Bug #1028 : send final non-query messages from
...
PAM via keyboard-interactive. Patch tested by the folks at Vintela.
2005-09-28 22:33:27 +10:00
Damien Miller
37294fb630
- (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
2005-07-17 17:18:49 +10:00
Damien Miller
94cf4c8448
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
...
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-07-17 17:04:47 +10:00
Darren Tucker
4f1adad4f6
- (dtucker) [auth-pam.c] Ensure that only one side of the authentication
...
socketpair stays open on in both the monitor and PAM process. Patch from
Joerg Sonnenberger.
2005-07-16 11:33:06 +10:00
Darren Tucker
f08bdb5a7e
- (dtucker) [auth-pam.c] Bug #1033 : Fix warnings building with PAM on Linux:
...
warning: dereferencing type-punned pointer will break strict-aliasing rules
warning: passing arg 3 of `pam_get_item' from incompatible pointer type
The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
2005-05-26 19:59:48 +10:00
Darren Tucker
328118aa79
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
...
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
USE_POSIX_THREADS will now generate an error so we don't silently change
behaviour. ok djm@
2005-05-25 16:18:09 +10:00
Darren Tucker
d5bfa8f9d8
Oops, did not intend to commit this yet
2005-01-20 13:29:51 +11:00
Darren Tucker
d231186fd0
- djm@cvs.openbsd.org 2004/12/22 02:13:19
...
[cipher-ctr.c cipher.c]
remove fallback AES support for old OpenSSL, as OpenBSD has had it for
many years now; ok deraadt@
(Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 13:27:56 +11:00
Darren Tucker
36a3d60347
- (dtucker) [auth-pam.c] Bug #971 : Prevent leaking information about user
...
existence via keyboard-interactive/pam, in conjunction with previous
auth2-chall.c change; with Colin Watson and djm.
2005-01-20 12:43:38 +11:00
Damien Miller
daffc6a115
- (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations
2004-10-16 18:52:44 +10:00
Darren Tucker
77fc29eeb3
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
...
Bug #892 : Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
2004-09-11 23:07:03 +10:00
Darren Tucker
0a7e3c6c89
- (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
2004-09-11 22:28:01 +10:00
Darren Tucker
69687f4b65
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890 : Send output from
...
failing PAM session modules to user then exit, similar to the way
/etc/nologin is handled. ok djm@
2004-09-11 22:17:26 +10:00
Darren Tucker
21dd0897d5
- (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
...
to convince Solaris PAM to honour password complexity rules. ok djm@
2004-08-16 23:12:05 +10:00
Damien Miller
2d2ed3d633
- (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
...
usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
2004-07-21 20:54:47 +10:00
Damien Miller
a6fb77fd6c
- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
...
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
2004-07-19 09:39:11 +10:00
Darren Tucker
5d423f4ece
- (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
...
the monitor to properly clean up the PAM thread (Debian bug #252676 ).
2004-07-11 16:54:08 +10:00
Darren Tucker
1f7e40864f
- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
...
to pam_authenticate for challenge-response auth too. Originally from
fcusack at fcusack.com, ok djm@
2004-07-01 14:00:14 +10:00
Darren Tucker
e2ba9c2e83
- (dtucker) [auth-pam.c] Bug #705 : Make arguments match PAM specs, fixes
...
warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
2004-07-01 12:38:14 +10:00
Darren Tucker
59e06026d7
- (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
...
appdata_ptr to the conversation function. ok djm@
By rights we should free the messages too, but if this happens then one
of the modules has already proven itself to be buggy so can we trust
the messages?
2004-06-30 20:34:31 +10:00
Darren Tucker
17db1c47cf
- (dtucker) [auth-pam.c] Don't use PAM namespace for
...
pam_password_change_required either.
2004-06-19 12:54:38 +10:00
Darren Tucker
94befab9dd
- (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
...
ok djm@
2004-06-03 14:53:12 +10:00
Damien Miller
26314f6354
- (djm) [auth-pam.c] Add copyright for local changes
2004-06-01 11:28:20 +10:00
Darren Tucker
e061b1598a
- (dtucker) [auth-pam.c] Use an invalid password for root if
...
PermitRootLogin != yes or the login is invalid, to prevent leaking
information. Based on Openwall's owl-always-auth patch. ok djm@
2004-05-30 22:04:56 +10:00
Darren Tucker
450a158d7e
- (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874 : Re-add PAM
...
support for PasswordAuthentication=yes. ok djm@
2004-05-30 20:43:59 +10:00
Darren Tucker
b53355eca5
- (dtucker) [auth-pam.c] Bug #839 : Ensure that pam authentication "thread"
...
is terminated if the privsep slave exits during keyboard-interactive
authentication. ok djm@
2004-05-24 11:55:36 +10:00
Darren Tucker
b6db172a79
- (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
...
readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
2004-05-13 17:29:35 +10:00
Darren Tucker
2a9bf4b3d3
- (dtucker) [auth-pam.c] Log username and source host for failed PAM
...
authentication attempts. With & ok djm@
2004-04-18 11:00:26 +10:00
Darren Tucker
17addf0463
- (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c
...
to reduce potential confusion with the one in sshd.c. ok djm@
2004-03-30 20:57:57 +10:00
Darren Tucker
dbf7a74ee5
- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
...
monitor_wrap.h] Bug #808 : Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
2004-03-08 23:04:06 +11:00
Darren Tucker
b9b6021667
- (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread,
...
prevent hanging during PAM keyboard-interactive authentications. ok djm@
2004-03-04 20:03:54 +11:00
Darren Tucker
4b385d4bc0
- (dtucker) [auth-pam.c] Don't try to export PAM when compiled with
...
-DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@
2004-03-04 19:54:10 +11:00
Darren Tucker
5cf8ef735c
- (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
...
display after login. Should fix problems like pam_motd not displaying
anything, noticed by cjwatson at debian.org. ok djm@
2004-02-17 23:20:07 +11:00
Darren Tucker
ba53b839d3
- (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@
2004-02-17 20:46:59 +11:00
Darren Tucker
1921ed9f96
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14 : Use do_pwchange to
...
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker
a8df9248ce
- (dtucker) [auth-pam.c] Add minor debugging.
2004-01-15 00:15:07 +11:00
Darren Tucker
7ae0962798
- (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
...
test for case where cleanup has already run.
2004-01-14 23:07:56 +11:00
Darren Tucker
749bc95bd8
- (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
...
unexpectedly. with & ok djm@
2004-01-14 22:14:04 +11:00
Darren Tucker
1b27c8fbcb
- (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No
...
functional changes.
This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
2004-01-13 22:35:58 +11:00
Darren Tucker
0234e8607f
- (dtucker) [auth-pam.c defines.h] Bug #783 : move __unused to defines.h and
...
only define if not already. From des at freebsd.org.
2004-01-08 23:32:04 +11:00
Damien Miller
0f47c53742
- (djm) OSX/Darwin put the PAM headers in a different place, detect this.
...
Report from jakob@
2004-01-02 18:01:30 +11:00
Darren Tucker
c376c8647e
Enable commented-out "if (compat20)" test. (Should not have been committed.)
2003-12-18 16:08:59 +11:00
Darren Tucker
07705c788e
- (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
...
authentication. Partially fixes bug #423 . Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
2003-12-18 15:34:31 +11:00