RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-15 14:44:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,790 Commits 69 Branches 157 Tags 27 MiB
e534e12127
Commit Graph

101 Commits

Author SHA1 Message Date
Darren Tucker
b6db172a79 - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses 
readpass.h, grep says scard-opensc.c does too.  Replace with misc.h.
 2004-05-13 17:29:35 +10:00
Darren Tucker
2a9bf4b3d3 - (dtucker) [auth-pam.c] Log username and source host for failed PAM 
authentication attempts.  With & ok djm@
 2004-04-18 11:00:26 +10:00
Darren Tucker
17addf0463 - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c 
to reduce potential confusion with the one in sshd.c.  ok djm@
 2004-03-30 20:57:57 +10:00
Darren Tucker
dbf7a74ee5 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c 
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
   even if keyboard-interactive is not used by the client.  Prevents segfaults
   in some cases where the user's password is expired (note this is not
   considered a security exposure).  ok djm@
 2004-03-08 23:04:06 +11:00
Darren Tucker
b9b6021667 - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, 
prevent hanging during PAM keyboard-interactive authentications.  ok djm@
 2004-03-04 20:03:54 +11:00
Darren Tucker
4b385d4bc0 - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with 
-DUSE_POSIX_THREADS.  From antoine.verheijen at ualbert ca.  ok djm@
 2004-03-04 19:54:10 +11:00
Darren Tucker
5cf8ef735c - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for 
display after login.  Should fix problems like pam_motd not displaying
   anything, noticed by cjwatson at debian.org.  ok djm@
 2004-02-17 23:20:07 +11:00
Darren Tucker
ba53b839d3 - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ 2004-02-17 20:46:59 +11:00
Darren Tucker
1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to 
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
 2004-02-10 13:23:28 +11:00
Darren Tucker
a8df9248ce - (dtucker) [auth-pam.c] Add minor debugging. 2004-01-15 00:15:07 +11:00
Darren Tucker
7ae0962798 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add 
test for case where cleanup has already run.
 2004-01-14 23:07:56 +11:00
Darren Tucker
749bc95bd8 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits 
unexpectedly.  with & ok djm@
 2004-01-14 22:14:04 +11:00
Darren Tucker
1b27c8fbcb - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No 
functional changes.

This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
 2004-01-13 22:35:58 +11:00
Darren Tucker
0234e8607f - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and 
only define if not already.  From des at freebsd.org.
 2004-01-08 23:32:04 +11:00
Damien Miller
0f47c53742 - (djm) OSX/Darwin put the PAM headers in a different place, detect this. 
Report from jakob@
 2004-01-02 18:01:30 +11:00
Darren Tucker
c376c8647e Enable commented-out "if (compat20)" test. (Should not have been committed.) 2003-12-18 16:08:59 +11:00
Darren Tucker
07705c788e - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive 
authentication.  Partially fixes bug #423.  Feedback & ok djm@

Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
  we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
  authentication thread and once from the main shell child, so we cache the
  result, which must be passed from the authentication thread back to the
  monitor.
 2003-12-18 15:34:31 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Darren Tucker
8a1624c42d - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ 2003-11-18 12:45:35 +11:00
Darren Tucker
18df00cc77 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, 
and use it for do_pam_session.  Fixes problems like pam_motd not displaying
   anything.  ok djm@
 2003-11-18 12:42:07 +11:00
Damien Miller
c756e9b56e - (djm) Export environment variables from authentication subprocess to 
parent. Part of Bug #717
 2003-11-17 21:41:42 +11:00
Damien Miller
9bdba70350 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int 
conversation function
 2003-11-17 21:27:55 +11:00
Darren Tucker
ae52b7ca59 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and 
PAM_ERROR_MSG messages.
 2003-11-13 19:52:31 +11:00
Darren Tucker
0947ddff72 - (dtucker) [auth-pam.c] Append newlines to lines output by the 
pam_chauthtok_conv().
 2003-11-13 11:21:31 +11:00
Darren Tucker
439ce0daf9 Add FALLTHROUGH comment 2003-10-09 14:20:15 +10:00
Darren Tucker
8846a07639 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static 
cleanup functions.  With & ok djm@
 2003-10-07 11:30:15 +10:00
Damien Miller
5c3a55846a - (djm) Sync with V_3_7 branch: 
- (djm) Fix SSH1 challenge kludge
   - (djm) Bug #671: Fix builds on OpenBSD
   - (djm) Bug #676: Fix PAM stack corruption
   - (djm) Fix bad free() in PAM code
   - (djm) Don't call pam_end before pam_init
   - (djm) Enable build with old OpenSSL again
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 2003-09-23 22:12:38 +10:00
Damien Miller
f2728099ba - (djm) Sync with V_3_7 branch 2003-09-17 07:24:25 +10:00
Darren Tucker
455813b79e Add extern __progname, needed if SSHD_PAM_SERVICE not defined 2003-09-13 22:12:11 +10:00
Darren Tucker
c58c2eedb0 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch 
from cjwatson at debian.org.
 2003-09-13 22:02:05 +10:00
Damien Miller
341c6e687c - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session 
management (now done in do_setusercontext). Largely from
   michael_steffens AT hp.com
 2003-09-02 23:18:52 +10:00
Damien Miller
f4b6f10ded - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler 
error. Part of Bug #423, patch from  michael_steffens AT hp.com
 2003-09-02 23:12:06 +10:00
Darren Tucker
49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h 
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
 2003-08-26 11:58:16 +10:00
Damien Miller
1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when 
UsePAM=yes; ok dtucker
 2003-08-25 13:08:49 +10:00
Darren Tucker
f38db7f5da - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@ 2003-08-08 13:43:37 +10:00
Damien Miller
7f2d795e3f - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal 2003-07-30 14:53:11 +10:00
Damien Miller
3a961dc0d3 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
 2003-06-03 10:25:48 +10:00
Damien Miller
46337202d4 - (djm) Fix segv from bad reordering in auth-pam.c 2003-06-02 11:04:39 +10:00
Damien Miller
25d9342f04 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in 
recent merge
 2003-05-18 20:45:47 +10:00
Damien Miller
e27c6cc3ad - (djm) Guard free_pam_environment against NULL argument. Works around 
HP/UX PAM problems debugged by dtucker
 2003-05-16 18:21:01 +10:00
Damien Miller
9d507dac1f - (djm) Die screaming if start_pam() is called when UsePAM=no 2003-05-14 15:31:12 +10:00
Damien Miller
4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller
4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with 
proper challenge-response module
 2003-05-10 19:28:02 +10:00
Damien Miller
eab4bae038 - (djm) Add back radix.o (used by AFS support), after it went missing from 
Makefile many moons ago
 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
 - (djm) Fix blibpath specification for AIX/gcc
 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
 2003-04-29 23:22:40 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
2101bfc4e1 - (djm) Reorganise PAM & SIA password handling to eliminate some common code 2003-01-22 15:42:26 +11:00
Kevin Steves
6a998ebfa9 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar 2002-07-28 20:24:07 +00:00
Kevin Steves
6fa740ba84 - (stevesk) [auth-pam.c] typo in comment 2002-07-23 00:51:53 +00:00
Kevin Steves
38b050a0f5 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be 
freed by the caller; add free_pam_environment() and use it.
 2002-07-23 00:44:07 +00:00