tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,855 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

173 Commits

Author SHA1 Message Date
Darren Tucker fc0340f7c4 Typo fixes in error messages. 
Patch from knweiss at gmail.com via github pull req #97 (portable-
specific parts).
 2019-06-08 00:51:18 +10:00
Darren Tucker d220b67520 Have pthread_create return errno on failure. 
According to POSIX, pthread_create returns the failure reason in
the non-zero function return code so make the fork wrapper do that.
Matches previous change.
 2019-06-07 14:26:54 +10:00
Elliott Hughes 1bd4f7f25f pthread_create(3) returns positive values on failure. 
Found by inspection after finding similar bugs in other code used by
Android.
 2019-06-07 14:16:21 +10:00
Darren Tucker 606077ee1e Add no-op implementation of pam_putenv. 
Some platforms such as HP-UX do not have pam_putenv.  Currently the
calls are ifdef'ed out, but a new one was recently added.  Remove the
ifdefs and add a no-op implementation.  bz#3008, ok djm.
 2019-05-17 13:14:12 +10:00
Damien Miller 3f0786bbe7 remove PAM dependencies on old packet API 
Requires some caching of values, because the PAM code isn't
always called with packet context.
 2019-01-20 10:22:18 +11:00
Damien Miller 8a22ffaa13 expose $SSH_CONNECTION in the PAM environment 
This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741
 2018-12-14 13:23:48 +11:00
Damien Miller 48f54b9d12 adapt -portable to OpenSSL 1.1x API 
Polyfill missing API with replacement functions extracted from LibreSSL
 2018-09-13 12:13:50 +10:00
Darren Tucker 3f420a692b Remove key.h from portable files too. 
Commit 5467fbcb removed key.h so stop including it in portable files
too.  Fixes builds on lots of platforms.
 2018-07-12 14:57:46 +10:00
Damien Miller 120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
Damien Miller e8f474554e Expose SSH_AUTH_INFO_0 to PAM auth modules 
bz#2408, patch from Radoslaw Ejsmont; ok dtucker@
 2018-04-06 14:11:44 +10:00
Darren Tucker 13ef4cf53f Update PAM password change to new opts API. 2018-03-03 16:21:20 +11:00
djm@openbsd.org 7c85685760 upstream: switch over to the new authorized_keys options API and 
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
 2018-03-03 14:37:16 +11:00
Damien Miller 94bc1e7ffb Expose list of completed auth methods to PAM 
bz#2408; ok dtucker@
 2017-07-28 15:04:00 +10:00
Darren Tucker 608ec1f62f Remove SSHv1 code path. 
Server-side support for Protocol 1 has been removed so remove !compat20
PAM code path.
 2017-03-29 09:50:54 +11:00
Darren Tucker bee0167be2 Check for NULL from malloc. 
Part of bz#2687, from jjelen at redhat.com.
 2017-03-10 13:40:18 +11:00
Darren Tucker e0259a82dd Remove do_pam_set_tty which is dead code. 
The callers of do_pam_set_tty were removed in 2008, so this is now dead
code.  bz#2604, pointed out by jjelen at redhat.com.
 2016-10-15 04:34:46 +11:00
Damien Miller 8bd81e1596 add --with-pam-service to specify PAM service name 
Saves messing around with CFLAGS to do it.
 2016-08-16 13:37:26 +10:00
Damien Miller 10358abd08 retry waitpid on EINTR failure 
patch from Jakub Jelen on bz#2581; ok dtucker@
 2016-07-22 14:07:08 +10:00
Darren Tucker 01558b7b07 Handle PAM_MAXTRIES from modules. 
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
password and keyboard-interative authentication methods.  Should prevent
"sshd ignoring max retries" warnings in the log.  ok djm@

It probably won't trigger with keyboard-interactive in the default
configuration because the retry counter is stored in module-private
storage which goes away with the sshd PAM process (see bz#688).  On the
other hand, those cases probably won't log a warning either.
 2016-07-18 09:33:25 +10:00
Darren Tucker 283b97ff33 Mitigate timing of disallowed users PAM logins. 
When sshd decides to not allow a login (eg PermitRootLogin=no) and
it's using PAM, it sends a fake password to PAM so that the timing for
the failure is not noticeably different whether or not the password
is correct.  This behaviour can be detected by sending a very long
password string which is slower to hash than the fake password.

Mitigate by constructing an invalid password that is the same length
as the one from the client and thus takes the same time to hash.
Diff from djm@
 2016-07-15 13:49:44 +10:00
Darren Tucker 009891afc8 Remove duplicate code from PAM. ok djm@ 2016-06-17 14:34:09 +10:00
Darren Tucker 39c0cecaa1 Fix comment about sshpam_const and AIX. 
From mschwager via github.
 2016-05-20 10:01:58 +10:00
Damien Miller 3ed9218c33 unbreak PAM after canohost refactor 2016-03-08 14:01:29 -08:00
Damien Miller 5ef4b0fdcc avoid FreeBSD RCS Id in comment 
Change old $FreeBSD version string in comment so it doesn't
become an RCS ident downstream; requested by des AT des.no
 2016-02-05 10:45:23 +11:00
Darren Tucker d1680d36e1 xrealloc -> xreallocarray in portable code too. 2015-04-30 09:18:11 +10:00
Darren Tucker 53f8e784dc - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item(). 
Patch from Loganaden Velvindron.
 2013-12-19 11:31:44 +11:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
 2013-06-02 08:07:31 +10:00
Darren Tucker 622d5c561b - (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on 
logout to after the session close.  Patch from Anicka Bernathova, ok djm.
 2009-07-12 22:07:21 +10:00
Darren Tucker 52358d6df3 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move 
pam_open_session and pam_close_session into the privsep monitor, which
   will ensure that pam_session_close is called as root.  Patch from Tomas
   Mraz.
 2008-03-11 22:58:25 +11:00
Darren Tucker 57d4ca9681 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@ 2007-08-10 14:32:34 +10:00
Darren Tucker 2216471510 - (dtucker) [auth-pam.c] Return empty string if fgets fails in 
sshpam_tty_conv.  Patch from ldv at altlinux.org.
 2007-05-20 15:26:07 +10:00
Darren Tucker 29171e9f5c - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from 
ldv at altlinux.org.
 2007-05-20 15:20:08 +10:00
Darren Tucker 54e1b2291c - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth 
process so that any logging it does is with the right timezone.  From
   Scott Strickler, ok djm@.
 2006-09-17 11:57:46 +10:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] 
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
 2006-09-01 15:38:36 +10:00
Damien Miller 75bb664458 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c] 
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
   includes for Linux in
 2006-08-05 14:07:20 +10:00
Damien Miller 4cbfe8ebeb - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c] 
remove last traces of bufaux.h - it was merged into buffer.h in the big
   includes.h commit
 2006-08-05 12:49:30 +10:00
Damien Miller 2ab323e0bd - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c 2006-08-05 12:43:32 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] 
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
 2006-07-24 14:51:00 +10:00
Darren Tucker 341dae59c8 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h 2006-07-13 08:45:14 +10:00
Darren Tucker 2c77b7f1c1 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and 
do not allow kbdint again after the PAM account check fails.  ok djm@
 2006-05-15 17:22:33 +10:00
Darren Tucker d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c 
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
 2006-05-04 16:24:34 +10:00
Damien Miller 36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23 
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
 2006-03-26 14:22:47 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller 66f9eb65ff - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via 
elad AT NetBSD.org
 2006-03-18 23:04:49 +11:00
Damien Miller 6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] 
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
 2006-03-15 14:42:54 +11:00
Darren Tucker 1d4ebbf143 Correct format in debug message 2006-01-29 16:46:13 +11:00
Darren Tucker 7b1e695846 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from 
PAM via keyboard-interactive.  Patch tested by the folks at Vintela.
 2005-09-28 22:33:27 +10:00
Damien Miller 37294fb630 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line 2005-07-17 17:18:49 +10:00
Damien Miller 94cf4c8448 - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] 
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
   in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
 2005-07-17 17:04:47 +10:00
Darren Tucker 4f1adad4f6 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication 
socketpair stays open on in both the monitor and PAM process.  Patch from
   Joerg Sonnenberger.
 2005-07-16 11:33:06 +10:00