summaryrefslogtreecommitdiff
path: root/auth-pam.c
Commit message (Collapse)AuthorAgeFilesLines
* - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@Darren Tucker2007-08-101-2/+2
|
* - (dtucker) [auth-pam.c] Return empty string if fgets fails inDarren Tucker2007-05-201-1/+2
| | | | sshpam_tty_conv. Patch from ldv at altlinux.org.
* - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch fromDarren Tucker2007-05-201-4/+2
| | | | ldv at altlinux.org.
* - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM authDarren Tucker2006-09-171-0/+6
| | | | | process so that any logging it does is with the right timezone. From Scott Strickler, ok djm@.
* - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller2006-09-011-0/+1
| | | | | | | | | | | | | | | | | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
* - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]Damien Miller2006-08-051-3/+8
| | | | | [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more includes for Linux in
* - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]Damien Miller2006-08-051-1/+0
| | | | | remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit
* - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.cDamien Miller2006-08-051-0/+7
|
* - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller2006-07-241-3/+8
| | | | | | | | | | | | | | | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
* - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.hDarren Tucker2006-07-131-0/+2
|
* - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back andDarren Tucker2006-05-151-5/+16
| | | | do not allow kbdint again after the PAM account check fails. ok djm@
* - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker2006-05-041-7/+7
| | | | | | | session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
* - djm@cvs.openbsd.org 2006/03/25 01:13:23Damien Miller2006-03-261-2/+2
| | | | | | | | | | | | [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - (djm) [auth-pam.c] Fix memleak in error path, from Coverity viaDamien Miller2006-03-181-1/+2
| | | | elad AT NetBSD.org
* - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]Damien Miller2006-03-151-1/+6
| | | | | | | | [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris
* Correct format in debug messageDarren Tucker2006-01-291-2/+2
|
* - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages fromDarren Tucker2005-09-281-2/+12
| | | | PAM via keyboard-interactive. Patch tested by the folks at Vintela.
* - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of lineDamien Miller2005-07-171-5/+5
|
* - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]Damien Miller2005-07-171-4/+4
| | | | | [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
* - (dtucker) [auth-pam.c] Ensure that only one side of the authenticationDarren Tucker2005-07-161-1/+6
| | | | | socketpair stays open on in both the monitor and PAM process. Patch from Joerg Sonnenberger.
* - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:Darren Tucker2005-05-261-8/+18
| | | | | | warning: dereferencing type-punned pointer will break strict-aliasing rules warning: passing arg 3 of `pam_get_item' from incompatible pointer type The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
* - (dtucker) [auth-pam.c] Since people don't seem to be getting the messageDarren Tucker2005-05-251-6/+16
| | | | | | | that USE_POSIX_THREADS is unsupported, not recommended and generally a bad idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use USE_POSIX_THREADS will now generate an error so we don't silently change behaviour. ok djm@
* Oops, did not intend to commit this yetDarren Tucker2005-01-201-16/+10
|
* - djm@cvs.openbsd.org 2004/12/22 02:13:19Darren Tucker2005-01-201-10/+16
| | | | | | | [cipher-ctr.c cipher.c] remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@ (Id sync only: Portable will continue to support older OpenSSLs)
* - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about userDarren Tucker2005-01-201-3/+14
| | | | | existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm.
* - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculationsDamien Miller2004-10-161-6/+11
|
* - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]Darren Tucker2004-09-111-4/+6
| | | | | | Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
* - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.Darren Tucker2004-09-111-46/+46
|
* - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output fromDarren Tucker2004-09-111-4/+15
| | | | | failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@
* - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-rootDarren Tucker2004-08-161-1/+26
| | | | to convince Solaris PAM to honour password complexity rules. ok djm@
* - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalidDamien Miller2004-07-211-2/+6
| | | | usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
* - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,Damien Miller2004-07-191-4/+7
| | | | instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
* - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allowsDarren Tucker2004-07-111-3/+3
| | | | the monitor to properly clean up the PAM thread (Debian bug #252676).
* - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOKDarren Tucker2004-07-011-2/+4
| | | | | to pam_authenticate for challenge-response auth too. Originally from fcusack at fcusack.com, ok djm@
* - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixesDarren Tucker2004-07-011-8/+8
| | | | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
* - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULLDarren Tucker2004-06-301-1/+5
| | | | | | | | appdata_ptr to the conversation function. ok djm@ By rights we should free the messages too, but if this happens then one of the modules has already proven itself to be buggy so can we trust the messages?
* - (dtucker) [auth-pam.c] Don't use PAM namespace forDarren Tucker2004-06-191-5/+5
| | | | pam_password_change_required either.
* - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.Darren Tucker2004-06-031-5/+5
| | | | ok djm@
* - (djm) [auth-pam.c] Add copyright for local changesDamien Miller2004-06-011-1/+17
|
* - (dtucker) [auth-pam.c] Use an invalid password for root ifDarren Tucker2004-05-301-1/+11
| | | | | PermitRootLogin != yes or the login is invalid, to prevent leaking information. Based on Openwall's owl-always-auth patch. ok djm@
* - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874: Re-add PAMDarren Tucker2004-05-301-1/+98
| | | | support for PasswordAuthentication=yes. ok djm@
* - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"Darren Tucker2004-05-241-3/+10
| | | | | is terminated if the privsep slave exits during keyboard-interactive authentication. ok djm@
* - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c usesDarren Tucker2004-05-131-2/+2
| | | | readpass.h, grep says scard-opensc.c does too. Replace with misc.h.
* - (dtucker) [auth-pam.c] Log username and source host for failed PAMDarren Tucker2004-04-181-3/+6
| | | | authentication attempts. With & ok djm@
* - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.cDarren Tucker2004-03-301-8/+8
| | | | to reduce potential confusion with the one in sshd.c. ok djm@
* - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.cDarren Tucker2004-03-081-12/+17
| | | | | | | monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@
* - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread,Darren Tucker2004-03-041-1/+2
| | | | prevent hanging during PAM keyboard-interactive authentications. ok djm@
* - (dtucker) [auth-pam.c] Don't try to export PAM when compiled withDarren Tucker2004-03-041-1/+3
| | | | -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@
* - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred forDarren Tucker2004-02-171-2/+47
| | | | | display after login. Should fix problems like pam_motd not displaying anything, noticed by cjwatson at debian.org. ok djm@