openssh

mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-02 15:52:05 +00:00

Author	SHA1	Message	Date
Damien Miller	341c6e687c	- (djm) Bug #423 : reorder setting of PAM_TTY and calling of PAM session management (now done in do_setusercontext). Largely from michael_steffens AT hp.com	2003-09-02 23:18:52 +10:00
Damien Miller	f4b6f10ded	- (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler error. Part of Bug #423, patch from michael_steffens AT hp.com	2003-09-02 23:12:06 +10:00
Darren Tucker	49aaf4ad52	- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.	2003-08-26 11:58:16 +10:00
Damien Miller	1f499fd368	- (djm) Bug #564 : Perform PAM account checks for all authentications when UsePAM=yes; ok dtucker	2003-08-25 13:08:49 +10:00
Darren Tucker	f38db7f5da	- (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@	2003-08-08 13:43:37 +10:00
Damien Miller	7f2d795e3f	- (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal	2003-07-30 14:53:11 +10:00
Damien Miller	3a961dc0d3	- (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too	2003-06-03 10:25:48 +10:00
Damien Miller	46337202d4	- (djm) Fix segv from bad reordering in auth-pam.c	2003-06-02 11:04:39 +10:00
Damien Miller	25d9342f04	- (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in recent merge	2003-05-18 20:45:47 +10:00
Damien Miller	e27c6cc3ad	- (djm) Guard free_pam_environment against NULL argument. Works around HP/UX PAM problems debugged by dtucker	2003-05-16 18:21:01 +10:00
Damien Miller	9d507dac1f	- (djm) Die screaming if start_pam() is called when UsePAM=no	2003-05-14 15:31:12 +10:00
Damien Miller	4e448a31ae	- (djm) Add new UsePAM configuration directive to allow runtime control over usage of PAM. This allows non-root use of sshd when built with --with-pam	2003-05-14 15:11:48 +10:00
Damien Miller	4f9f42a9bb	- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with proper challenge-response module	2003-05-10 19:28:02 +10:00
Damien Miller	eab4bae038	- (djm) Add back radix.o (used by AFS support), after it went missing from Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org	2003-04-29 23:22:40 +10:00
Damien Miller	996acd2476	* empty log message *	2003-04-09 20:59:48 +10:00
Damien Miller	2101bfc4e1	- (djm) Reorganise PAM & SIA password handling to eliminate some common code	2003-01-22 15:42:26 +11:00
Kevin Steves	6a998ebfa9	- (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar	2002-07-28 20:24:07 +00:00
Kevin Steves	6fa740ba84	- (stevesk) [auth-pam.c] typo in comment	2002-07-23 00:51:53 +00:00
Kevin Steves	38b050a0f5	- (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be freed by the caller; add free_pam_environment() and use it.	2002-07-23 00:44:07 +00:00
Kevin Steves	287077eaf2	- (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h	2002-07-21 23:59:39 +00:00
Kevin Steves	3429a1bf60	- (stevesk) [auth-pam.c] cast to avoid initialization type mismatch warning on pam_conv struct conversation function.	2002-07-21 22:49:47 +00:00
Kevin Steves	63007d42ee	- (stevesk) [auth-pam.c] merge rest of solar's PAM patch; PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.	2002-07-21 17:57:01 +00:00
Kevin Steves	6cdecd0892	- (stevesk) [auth-pam.c] merge cosmetic changes from solar's openssh-3.4p1-owl-password-changing.diff	2002-07-21 17:26:54 +00:00
Damien Miller	23fe57c51c	- (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & friends consistently. Spotted by Solar Designer <solar@openwall.com>	2002-07-02 17:08:23 +10:00
Damien Miller	f762a4bea5	- (djm) Don't reinitialise PAM credentials before we have started PAM. Report from Pekka Savola <pekkas@netcore.fi>	2002-05-08 12:27:55 +10:00
Damien Miller	ae9d5af0de	- (djm) Disable PAM password expiry until a complete fix for bug #188 exists	2002-04-26 11:27:24 +10:00
Damien Miller	7941855f09	- (djm) Make privsep work with PAM (still experimental)	2002-04-23 20:28:48 +10:00
Kevin Steves	e683e76439	- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.	2002-04-04 19:02:28 +00:00
Damien Miller	f3451a2181	- (djm) Cleanup after sync: - :%s/reverse_mapping_check/verify_reverse_mapping/g	2002-02-05 12:40:46 +11:00
Kevin Steves	de77b464c6	- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK) if permit_empty_passwd == 0 so null password check cannot be bypassed. jayaraj@amritapuri.com OpenBSD bug 2168	2001-11-09 20:22:16 +00:00
Kevin Steves	fe2f4a1e37	- (stevesk) Fix compile problem with PAM password change fix	2001-10-28 17:32:38 +00:00
Damien Miller	092564869a	- (djm) Fix for PAM password changes being echoed (from stevesk)	2001-10-28 22:36:55 +11:00
Damien Miller	33cdd9ee7b	- (djm) Avoid bug in Solaris PAM libs	2001-10-28 22:33:48 +11:00
Kevin Steves	706e7a9cf9	- (stevesk) auth-pam.c: use PERMIT_NO_PASSWD	2001-04-23 18:38:37 +00:00
Kevin Steves	5f3b9b9091	- (stevesk) pam_start() doesn't use DNS now for sshd -u0.	2001-04-23 17:28:28 +00:00
Kevin Steves	85ecbe767e	- (stevesk) set the default PAM service name to __progname instead of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>	2001-04-20 17:43:47 +00:00
Damien Miller	f9e9300947	- (djm) Reestablish PAM credentials (which can be supplemental group memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>	2001-03-27 16:12:24 +10:00
Damien Miller	ec7e1b1d0f	- (djm) Don't loop forever when changing password via PAM. Patch from Solar Designer <solar@openwall.com>	2001-03-21 13:01:35 +11:00
Damien Miller	2e9adb27e9	- (djm) Make sure pam_retval is initialised on call to pam_end. Patch from Solar Designer <solar@openwall.com>	2001-03-21 12:16:24 +11:00
Damien Miller	882c2eed97	- (djm) Force standard PAM conversation function in a few more places. Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai <nalin@redhat.com>	2001-03-01 09:18:57 +11:00
Damien Miller	31a501d21e	whitspace	2001-02-27 09:20:48 +11:00
Damien Miller	646aa60b41	- (djm) Clean up PAM namespace. Suggested by Darren Moffat <Darren.Moffat@eng.sun.com>	2001-02-15 11:51:32 +11:00
Damien Miller	3dfeee46d7	- (djm) Don't try to close PAM session or delete credentials if the session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>	2001-02-14 00:43:55 +11:00
Damien Miller	ac2b1a52f2	Oops - missed a bit of previous diff	2001-02-11 22:39:19 +11:00
Damien Miller	bd5817d4ff	- (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett <abartlet@pcug.org.au>	2001-02-11 22:35:11 +11:00
Damien Miller	63dc3e90e5	- (djm) Much KNF on PAM code - (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication	2001-02-07 12:58:33 +11:00
Kevin Steves	ef4eea9bad	- stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@	2001-02-05 12:42:17 +00:00
Damien Miller	3380426358	NB: big update - may break stuff. Please test! - (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.	2001-02-04 23:20:18 +11:00
Ben Lindstrom	226cfa0378	Hopefully things did not get mixed around too much. It compiles under Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.	2001-01-22 05:34:40 +00:00
Damien Miller	22e22bf9ba	- (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>) to fix NULL pointer deref and fake authloop breakage in PAM code.	2001-01-19 15:46:38 +11:00

1 2

70 Commits