8846a07639
- (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
...
cleanup functions. With & ok djm@
2003-10-07 11:30:15 +10:00
5c3a55846a
- (djm) Sync with V_3_7 branch:
...
- (djm) Fix SSH1 challenge kludge
- (djm) Bug #671 : Fix builds on OpenBSD
- (djm) Bug #676 : Fix PAM stack corruption
- (djm) Fix bad free() in PAM code
- (djm) Don't call pam_end before pam_init
- (djm) Enable build with old OpenSSL again
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2003-09-23 22:12:38 +10:00
f2728099ba
- (djm) Sync with V_3_7 branch
2003-09-17 07:24:25 +10:00
455813b79e
Add extern __progname, needed if SSHD_PAM_SERVICE not defined
2003-09-13 22:12:11 +10:00
c58c2eedb0
- (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch
...
from cjwatson at debian.org.
2003-09-13 22:02:05 +10:00
341c6e687c
- (djm) Bug #423 : reorder setting of PAM_TTY and calling of PAM session
...
management (now done in do_setusercontext). Largely from
michael_steffens AT hp.com
2003-09-02 23:18:52 +10:00
f4b6f10ded
- (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler
...
error. Part of Bug #423 , patch from michael_steffens AT hp.com
2003-09-02 23:12:06 +10:00
49aaf4ad52
- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
...
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
1f499fd368
- (djm) Bug #564 : Perform PAM account checks for all authentications when
...
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
f38db7f5da
- (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@
2003-08-08 13:43:37 +10:00
7f2d795e3f
- (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal
2003-07-30 14:53:11 +10:00
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
46337202d4
- (djm) Fix segv from bad reordering in auth-pam.c
2003-06-02 11:04:39 +10:00
25d9342f04
- (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
...
recent merge
2003-05-18 20:45:47 +10:00
e27c6cc3ad
- (djm) Guard free_pam_environment against NULL argument. Works around
...
HP/UX PAM problems debugged by dtucker
2003-05-16 18:21:01 +10:00
9d507dac1f
- (djm) Die screaming if start_pam() is called when UsePAM=no
2003-05-14 15:31:12 +10:00
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
4f9f42a9bb
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
...
proper challenge-response module
2003-05-10 19:28:02 +10:00
eab4bae038
- (djm) Add back radix.o (used by AFS support), after it went missing from
...
Makefile many moons ago
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
- (djm) Fix blibpath specification for AIX/gcc
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-29 23:22:40 +10:00
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
2101bfc4e1
- (djm) Reorganise PAM & SIA password handling to eliminate some common code
2003-01-22 15:42:26 +11:00
6a998ebfa9
- (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
2002-07-28 20:24:07 +00:00
6fa740ba84
- (stevesk) [auth-pam.c] typo in comment
2002-07-23 00:51:53 +00:00
38b050a0f5
- (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
...
freed by the caller; add free_pam_environment() and use it.
2002-07-23 00:44:07 +00:00
287077eaf2
- (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h
2002-07-21 23:59:39 +00:00
3429a1bf60
- (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
...
warning on pam_conv struct conversation function.
2002-07-21 22:49:47 +00:00
63007d42ee
- (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
...
PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
2002-07-21 17:57:01 +00:00
6cdecd0892
- (stevesk) [auth-pam.c] merge cosmetic changes from solar's
...
openssh-3.4p1-owl-password-changing.diff
2002-07-21 17:26:54 +00:00
23fe57c51c
- (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
...
friends consistently. Spotted by Solar Designer <solar@openwall.com>
2002-07-02 17:08:23 +10:00
f762a4bea5
- (djm) Don't reinitialise PAM credentials before we have started PAM.
...
Report from Pekka Savola <pekkas@netcore.fi>
2002-05-08 12:27:55 +10:00
ae9d5af0de
- (djm) Disable PAM password expiry until a complete fix for bug #188 exists
2002-04-26 11:27:24 +10:00
7941855f09
- (djm) Make privsep work with PAM (still experimental)
2002-04-23 20:28:48 +10:00
e683e76439
- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
...
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-04-04 19:02:28 +00:00
f3451a2181
- (djm) Cleanup after sync:
...
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
de77b464c6
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
...
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
2001-11-09 20:22:16 +00:00
fe2f4a1e37
- (stevesk) Fix compile problem with PAM password change fix
2001-10-28 17:32:38 +00:00
092564869a
- (djm) Fix for PAM password changes being echoed (from stevesk)
2001-10-28 22:36:55 +11:00
33cdd9ee7b
- (djm) Avoid bug in Solaris PAM libs
2001-10-28 22:33:48 +11:00
706e7a9cf9
- (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
2001-04-23 18:38:37 +00:00
5f3b9b9091
- (stevesk) pam_start() doesn't use DNS now for sshd -u0.
2001-04-23 17:28:28 +00:00
85ecbe767e
- (stevesk) set the default PAM service name to __progname instead
...
of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
2001-04-20 17:43:47 +00:00
f9e9300947
- (djm) Reestablish PAM credentials (which can be supplemental group
...
memberships) after initgroups() blows them away. Report and suggested
fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-27 16:12:24 +10:00
ec7e1b1d0f
- (djm) Don't loop forever when changing password via PAM. Patch
...
from Solar Designer <solar@openwall.com>
2001-03-21 13:01:35 +11:00
2e9adb27e9
- (djm) Make sure pam_retval is initialised on call to pam_end. Patch
...
from Solar Designer <solar@openwall.com>
2001-03-21 12:16:24 +11:00
882c2eed97
- (djm) Force standard PAM conversation function in a few more places.
...
Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
<nalin@redhat.com>
2001-03-01 09:18:57 +11:00
31a501d21e
whitspace
2001-02-27 09:20:48 +11:00
646aa60b41
- (djm) Clean up PAM namespace. Suggested by Darren Moffat
...
<Darren.Moffat@eng.sun.com>
2001-02-15 11:51:32 +11:00
3dfeee46d7
- (djm) Don't try to close PAM session or delete credentials if the
...
session has not been open or credentials not set. Based on patch from
Andrew Bartlett <abartlet@pcug.org.au>
2001-02-14 00:43:55 +11:00
ac2b1a52f2
Oops - missed a bit of previous diff
2001-02-11 22:39:19 +11:00
bd5817d4ff
- (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
...
<abartlet@pcug.org.au>
2001-02-11 22:35:11 +11:00
Darren Tucker
Damien Miller
Kevin Steves