Commit Graph

146 Commits

Author SHA1 Message Date
Darren Tucker
4b385d4bc0 - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with
-DUSE_POSIX_THREADS.  From antoine.verheijen at ualbert ca.  ok djm@
2004-03-04 19:54:10 +11:00
Darren Tucker
5cf8ef735c - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
display after login.  Should fix problems like pam_motd not displaying
   anything, noticed by cjwatson at debian.org.  ok djm@
2004-02-17 23:20:07 +11:00
Darren Tucker
ba53b839d3 - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ 2004-02-17 20:46:59 +11:00
Darren Tucker
1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker
a8df9248ce - (dtucker) [auth-pam.c] Add minor debugging. 2004-01-15 00:15:07 +11:00
Darren Tucker
7ae0962798 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
test for case where cleanup has already run.
2004-01-14 23:07:56 +11:00
Darren Tucker
749bc95bd8 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
unexpectedly.  with & ok djm@
2004-01-14 22:14:04 +11:00
Darren Tucker
1b27c8fbcb - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No
functional changes.

This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
2004-01-13 22:35:58 +11:00
Darren Tucker
0234e8607f - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and
only define if not already.  From des at freebsd.org.
2004-01-08 23:32:04 +11:00
Damien Miller
0f47c53742 - (djm) OSX/Darwin put the PAM headers in a different place, detect this.
Report from jakob@
2004-01-02 18:01:30 +11:00
Darren Tucker
c376c8647e Enable commented-out "if (compat20)" test. (Should not have been committed.) 2003-12-18 16:08:59 +11:00
Darren Tucker
07705c788e - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
authentication.  Partially fixes bug #423.  Feedback & ok djm@

Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
  we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
  authentication thread and once from the main shell child, so we cache the
  result, which must be passed from the authentication thread back to the
  monitor.
2003-12-18 15:34:31 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker
8a1624c42d - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ 2003-11-18 12:45:35 +11:00
Darren Tucker
18df00cc77 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
and use it for do_pam_session.  Fixes problems like pam_motd not displaying
   anything.  ok djm@
2003-11-18 12:42:07 +11:00
Damien Miller
c756e9b56e - (djm) Export environment variables from authentication subprocess to
parent. Part of Bug #717
2003-11-17 21:41:42 +11:00
Damien Miller
9bdba70350 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
conversation function
2003-11-17 21:27:55 +11:00
Darren Tucker
ae52b7ca59 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and
PAM_ERROR_MSG messages.
2003-11-13 19:52:31 +11:00
Darren Tucker
0947ddff72 - (dtucker) [auth-pam.c] Append newlines to lines output by the
pam_chauthtok_conv().
2003-11-13 11:21:31 +11:00
Darren Tucker
439ce0daf9 Add FALLTHROUGH comment 2003-10-09 14:20:15 +10:00
Darren Tucker
8846a07639 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
cleanup functions.  With & ok djm@
2003-10-07 11:30:15 +10:00
Damien Miller
5c3a55846a - (djm) Sync with V_3_7 branch:
- (djm) Fix SSH1 challenge kludge
   - (djm) Bug #671: Fix builds on OpenBSD
   - (djm) Bug #676: Fix PAM stack corruption
   - (djm) Fix bad free() in PAM code
   - (djm) Don't call pam_end before pam_init
   - (djm) Enable build with old OpenSSL again
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2003-09-23 22:12:38 +10:00
Damien Miller
f2728099ba - (djm) Sync with V_3_7 branch 2003-09-17 07:24:25 +10:00
Darren Tucker
455813b79e Add extern __progname, needed if SSHD_PAM_SERVICE not defined 2003-09-13 22:12:11 +10:00
Darren Tucker
c58c2eedb0 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch
from cjwatson at debian.org.
2003-09-13 22:02:05 +10:00
Damien Miller
341c6e687c - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session
management (now done in do_setusercontext). Largely from
   michael_steffens AT hp.com
2003-09-02 23:18:52 +10:00
Damien Miller
f4b6f10ded - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler
error. Part of Bug #423, patch from  michael_steffens AT hp.com
2003-09-02 23:12:06 +10:00
Darren Tucker
49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
Damien Miller
1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker
f38db7f5da - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@ 2003-08-08 13:43:37 +10:00
Damien Miller
7f2d795e3f - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal 2003-07-30 14:53:11 +10:00
Damien Miller
3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller
46337202d4 - (djm) Fix segv from bad reordering in auth-pam.c 2003-06-02 11:04:39 +10:00
Damien Miller
25d9342f04 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
recent merge
2003-05-18 20:45:47 +10:00
Damien Miller
e27c6cc3ad - (djm) Guard free_pam_environment against NULL argument. Works around
HP/UX PAM problems debugged by dtucker
2003-05-16 18:21:01 +10:00
Damien Miller
9d507dac1f - (djm) Die screaming if start_pam() is called when UsePAM=no 2003-05-14 15:31:12 +10:00
Damien Miller
4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller
4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
proper challenge-response module
2003-05-10 19:28:02 +10:00
Damien Miller
eab4bae038 - (djm) Add back radix.o (used by AFS support), after it went missing from
Makefile many moons ago
 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
 - (djm) Fix blibpath specification for AIX/gcc
 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-29 23:22:40 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
2101bfc4e1 - (djm) Reorganise PAM & SIA password handling to eliminate some common code 2003-01-22 15:42:26 +11:00
Kevin Steves
6a998ebfa9 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar 2002-07-28 20:24:07 +00:00
Kevin Steves
6fa740ba84 - (stevesk) [auth-pam.c] typo in comment 2002-07-23 00:51:53 +00:00
Kevin Steves
38b050a0f5 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
freed by the caller; add free_pam_environment() and use it.
2002-07-23 00:44:07 +00:00
Kevin Steves
287077eaf2 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h 2002-07-21 23:59:39 +00:00
Kevin Steves
3429a1bf60 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
warning on pam_conv struct conversation function.
2002-07-21 22:49:47 +00:00
Kevin Steves
63007d42ee - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
2002-07-21 17:57:01 +00:00
Kevin Steves
6cdecd0892 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
openssh-3.4p1-owl-password-changing.diff
2002-07-21 17:26:54 +00:00
Damien Miller
23fe57c51c - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
friends consistently. Spotted by Solar Designer <solar@openwall.com>
2002-07-02 17:08:23 +10:00
Damien Miller
f762a4bea5 - (djm) Don't reinitialise PAM credentials before we have started PAM.
Report from Pekka Savola <pekkas@netcore.fi>
2002-05-08 12:27:55 +10:00
Damien Miller
ae9d5af0de - (djm) Disable PAM password expiry until a complete fix for bug #188 exists 2002-04-26 11:27:24 +10:00
Damien Miller
7941855f09 - (djm) Make privsep work with PAM (still experimental) 2002-04-23 20:28:48 +10:00
Kevin Steves
e683e76439 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
Damien Miller
f3451a2181 - (djm) Cleanup after sync:
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Kevin Steves
de77b464c6 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
   jayaraj@amritapuri.com OpenBSD bug 2168
2001-11-09 20:22:16 +00:00
Kevin Steves
fe2f4a1e37 - (stevesk) Fix compile problem with PAM password change fix 2001-10-28 17:32:38 +00:00
Damien Miller
092564869a - (djm) Fix for PAM password changes being echoed (from stevesk) 2001-10-28 22:36:55 +11:00
Damien Miller
33cdd9ee7b - (djm) Avoid bug in Solaris PAM libs 2001-10-28 22:33:48 +11:00
Kevin Steves
706e7a9cf9 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD 2001-04-23 18:38:37 +00:00
Kevin Steves
5f3b9b9091 - (stevesk) pam_start() doesn't use DNS now for sshd -u0. 2001-04-23 17:28:28 +00:00
Kevin Steves
85ecbe767e - (stevesk) set the default PAM service name to __progname instead
of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
2001-04-20 17:43:47 +00:00
Damien Miller
f9e9300947 - (djm) Reestablish PAM credentials (which can be supplemental group
memberships) after initgroups() blows them away. Report and suggested
   fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-27 16:12:24 +10:00
Damien Miller
ec7e1b1d0f - (djm) Don't loop forever when changing password via PAM. Patch
from Solar Designer <solar@openwall.com>
2001-03-21 13:01:35 +11:00
Damien Miller
2e9adb27e9 - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
from Solar Designer <solar@openwall.com>
2001-03-21 12:16:24 +11:00
Damien Miller
882c2eed97 - (djm) Force standard PAM conversation function in a few more places.
Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
   <nalin@redhat.com>
2001-03-01 09:18:57 +11:00
Damien Miller
31a501d21e whitspace 2001-02-27 09:20:48 +11:00
Damien Miller
646aa60b41 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
<Darren.Moffat@eng.sun.com>
2001-02-15 11:51:32 +11:00
Damien Miller
3dfeee46d7 - (djm) Don't try to close PAM session or delete credentials if the
session has not been open or credentials not set. Based on patch from
   Andrew Bartlett <abartlet@pcug.org.au>
2001-02-14 00:43:55 +11:00
Damien Miller
ac2b1a52f2 Oops - missed a bit of previous diff 2001-02-11 22:39:19 +11:00
Damien Miller
bd5817d4ff - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
<abartlet@pcug.org.au>
2001-02-11 22:35:11 +11:00
Damien Miller
63dc3e90e5 - (djm) Much KNF on PAM code
- (djm) Revise auth-pam.c conversation function to be a little more readable.
 - (djm) Revise kbd-int PAM conversation function to fold all text messages
   to before first prompt. Fixes hangs if last pam_message did not require
   a reply.
 - (djm) Fix password changing when using PAM kbd-int authentication
2001-02-07 12:58:33 +11:00
Kevin Steves
ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Damien Miller
3380426358 NB: big update - may break stuff. Please test!
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
2001-02-04 23:20:18 +11:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Damien Miller
22e22bf9ba - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
to fix NULL pointer deref and fake authloop breakage in PAM code.
2001-01-19 15:46:38 +11:00
Damien Miller
82cf0ceea8 - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
and Linux-PAM. Based on report and fix from Andrew Morgan
   <morgan@transmeta.com>
2000-12-20 13:34:48 +11:00
Damien Miller
b84815880e - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
PAM authentication using KbdInteractive.
 - (djm) Added another TODO
2000-12-03 11:51:51 +11:00
Kevin Steves
6beac8c5a0 function prototype and definition consistency cleanup. 2000-10-14 15:08:49 +00:00
Kevin Steves
092f2effc5 - (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
2000-10-14 13:36:13 +00:00
Damien Miller
874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller
60819b44bd - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth 2000-10-14 11:16:12 +11:00
Kevin Steves
cccca27890 - (stevesk) Print PAM return value in PAM log messages to aid
with debugging.
2000-10-07 11:16:55 +00:00
Damien Miller
9d5705a4b3 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
password change patch.
 - (djm) Bring licenses on my stuff in line with OpenBSD's
2000-09-16 16:09:27 +11:00
Damien Miller
7cfaaf234f - (djm) Quieten the pam delete credentials error message 2000-08-30 09:57:49 +11:00
Damien Miller
f9b625c36e - (djm) Fix pam sprintf fix
- (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
2000-07-09 22:42:32 +10:00
Damien Miller
4e99720563 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
Kevin Steves <stevesk@sweden.hp.com>
2000-07-09 21:21:52 +10:00
Damien Miller
ce40c70f17 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
Aaron Hopkins <aaron@die.net>
2000-07-08 10:14:08 +10:00
Damien Miller
c19fd5f4e2 Add explanation of PAM_TTY kludge 2000-06-22 21:44:54 +10:00
Damien Miller
7b22d65034 - (djm) Add summary of configure options to end of ./configure run
- (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
   Michael Stone <mstone@cs.loyola.edu>
 - (djm) rusage is a privileged operation on some Unices (incl.
   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
 - (djm) Avoid PAM failures when running without a TTY. Report from
   Martin Petrak <petrak@spsknm.schools.sk>
 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
2000-06-18 14:07:04 +10:00
Damien Miller
e69f18cbff - (djm) Glob manpages in RPM spec files to catch compressed files
- (djm) Full license in auth-pam.c
2000-06-12 16:38:54 +10:00
Damien Miller
2f6a0ad191 - Cleanup of auth.c, login.c and fake-*
- Cleanup of auth-pam.c, save and print "account expired" error messages
2000-05-31 11:20:11 +10:00
Damien Miller
1bead335d7 - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au> 2000-04-30 00:47:29 +10:00
Damien Miller
d0cff3ecc4 - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
- Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
  - Use vhangup to clean up Linux ttys
  - Force posix getopt processing on GNU libc systems
2000-04-20 23:12:58 +10:00
Damien Miller
3e955e78fa Add const to suppress compiler warning 2000-01-27 10:55:38 +11:00
Damien Miller
e72b7af17e - Removed most of the pam code into its own file auth-pam.[ch]. This
cleaned up sshd.c up significantly.
 - Several other cleanups
1999-12-30 15:08:44 +11:00