summaryrefslogtreecommitdiff
path: root/auth-pam.c
Commit message (Collapse)AuthorAgeFilesLines
* - (djm) Cleanup after sync:Damien Miller2002-02-051-2/+2
| | | | - :%s/reverse_mapping_check/verify_reverse_mapping/g
* - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)Kevin Steves2001-11-091-2/+3
| | | | | if permit_empty_passwd == 0 so null password check cannot be bypassed. jayaraj@amritapuri.com OpenBSD bug 2168
* - (stevesk) Fix compile problem with PAM password change fixKevin Steves2001-10-281-3/+3
|
* - (djm) Fix for PAM password changes being echoed (from stevesk)Damien Miller2001-10-281-4/+4
|
* - (djm) Avoid bug in Solaris PAM libsDamien Miller2001-10-281-2/+2
|
* - (stevesk) auth-pam.c: use PERMIT_NO_PASSWDKevin Steves2001-04-231-2/+2
|
* - (stevesk) pam_start() doesn't use DNS now for sshd -u0.Kevin Steves2001-04-231-5/+7
|
* - (stevesk) set the default PAM service name to __progname insteadKevin Steves2001-04-201-1/+3
| | | | of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
* - (djm) Reestablish PAM credentials (which can be supplemental groupDamien Miller2001-03-271-3/+4
| | | | | memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>
* - (djm) Don't loop forever when changing password via PAM. PatchDamien Miller2001-03-211-9/+5
| | | | from Solar Designer <solar@openwall.com>
* - (djm) Make sure pam_retval is initialised on call to pam_end. PatchDamien Miller2001-03-211-2/+2
| | | | from Solar Designer <solar@openwall.com>
* - (djm) Force standard PAM conversation function in a few more places.Damien Miller2001-03-011-1/+7
| | | | | Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai <nalin@redhat.com>
* whitspaceDamien Miller2001-02-271-1/+2
|
* - (djm) Clean up PAM namespace. Suggested by Darren MoffatDamien Miller2001-02-151-56/+56
| | | | <Darren.Moffat@eng.sun.com>
* - (djm) Don't try to close PAM session or delete credentials if theDamien Miller2001-02-141-3/+13
| | | | | session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>
* Oops - missed a bit of previous diffDamien Miller2001-02-111-2/+2
|
* - (djm) Set PAM_RHOST earlier, patch from Andrew BartlettDamien Miller2001-02-111-8/+9
| | | | <abartlet@pcug.org.au>
* - (djm) Much KNF on PAM codeDamien Miller2001-02-071-106/+110
| | | | | | | | - (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication
* - stevesk@cvs.openbsd.org 2001/02/04 08:32:27Kevin Steves2001-02-051-30/+30
| | | | | [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
* NB: big update - may break stuff. Please test!Damien Miller2001-02-041-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | - (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.
* Hopefully things did not get mixed around too much. It compiles underBen Lindstrom2001-01-221-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
* - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)Damien Miller2001-01-191-4/+4
| | | | to fix NULL pointer deref and fake authloop breakage in PAM code.
* - (djm) Workaround PAM inconsistencies between Solaris derived PAM codeDamien Miller2000-12-201-6/+6
| | | | | and Linux-PAM. Based on report and fix from Andrew Morgan <morgan@transmeta.com>
* - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enableDamien Miller2000-12-031-6/+29
| | | | | PAM authentication using KbdInteractive. - (djm) Added another TODO
* function prototype and definition consistency cleanup.Kevin Steves2000-10-141-3/+3
|
* - (stevesk) ~/.hushlogin shouldn't cause required password change toKevin Steves2000-10-141-1/+7
| | | | be bypassed.
* - (djm) Big OpenBSD sync:Damien Miller2000-10-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
* - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial authDamien Miller2000-10-141-8/+15
|
* - (stevesk) Print PAM return value in PAM log messages to aidKevin Steves2000-10-071-25/+32
| | | | with debugging.
* - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAMDamien Miller2000-09-161-48/+95
| | | | | password change patch. - (djm) Bring licenses on my stuff in line with OpenBSD's
* - (djm) Quieten the pam delete credentials error messageDamien Miller2000-08-301-2/+2
|
* - (djm) Fix pam sprintf fixDamien Miller2000-07-091-2/+2
| | | | | | - (djm) Cleanup entropy collection code a little more. Split initialisation from seeding, perform intialisation immediatly at start, be careful with uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
* - (djm) Only enable PAM_TTY kludge for Linux. Problem report fromDamien Miller2000-07-091-1/+3
| | | | Kevin Steves <stevesk@sweden.hp.com>
* - (djm) Fix bad fprintf format handling in auth-pam.c. Patch fromDamien Miller2000-07-081-2/+2
| | | | Aaron Hopkins <aaron@die.net>
* Add explanation of PAM_TTY kludgeDamien Miller2000-06-221-2/+9
|
* - (djm) Add summary of configure options to end of ./configure runDamien Miller2000-06-181-1/+7
| | | | | | | | | | | - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from Michael Stone <mstone@cs.loyola.edu> - (djm) rusage is a privileged operation on some Unices (incl. Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com> - (djm) Avoid PAM failures when running without a TTY. Report from Martin Petrak <petrak@spsknm.schools.sk> - (djm) Include sys/types.h when including netinet/in.h in configure tests. Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
* - (djm) Glob manpages in RPM spec files to catch compressed filesDamien Miller2000-06-121-6/+27
| | | | - (djm) Full license in auth-pam.c
* - Cleanup of auth.c, login.c and fake-*Damien Miller2000-05-311-43/+70
| | | | - Cleanup of auth-pam.c, save and print "account expired" error messages
* - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>Damien Miller2000-04-301-1/+5
|
* - Merge fixes from Debian patch from Phil Hands <phil@hands.com>Damien Miller2000-04-201-2/+3
| | | | | | - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE) - Use vhangup to clean up Linux ttys - Force posix getopt processing on GNU libc systems
* Add const to suppress compiler warningDamien Miller2000-01-271-2/+2
|
* - Removed most of the pam code into its own file auth-pam.[ch]. ThisDamien Miller1999-12-301-0/+239
cleaned up sshd.c up significantly. - Several other cleanups