Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-05-25 | - (dtucker) [auth-pam.c] Since people don't seem to be getting the message | Darren Tucker | |
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use USE_POSIX_THREADS will now generate an error so we don't silently change behaviour. ok djm@ | |||
2005-01-20 | Oops, did not intend to commit this yet | Darren Tucker | |
2005-01-20 | - djm@cvs.openbsd.org 2004/12/22 02:13:19 | Darren Tucker | |
[cipher-ctr.c cipher.c] remove fallback AES support for old OpenSSL, as OpenBSD has had it for many years now; ok deraadt@ (Id sync only: Portable will continue to support older OpenSSLs) | |||
2005-01-20 | - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user | Darren Tucker | |
existence via keyboard-interactive/pam, in conjunction with previous auth2-chall.c change; with Colin Watson and djm. | |||
2004-10-16 | - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations | Damien Miller | |
2004-09-11 | - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] | Darren Tucker | |
Bug #892: Send messages from failing PAM account modules to the client via SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ | |||
2004-09-11 | - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. | Darren Tucker | |
2004-09-11 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from | Darren Tucker | |
failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@ | |||
2004-08-16 | - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root | Darren Tucker | |
to convince Solaris PAM to honour password complexity rules. ok djm@ | |||
2004-07-21 | - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid | Damien Miller | |
usernames in setproctitle from peak AT argo.troja.mff.cuni.cz; | |||
2004-07-19 | - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function, | Damien Miller | |
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@ | |||
2004-07-11 | - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows | Darren Tucker | |
the monitor to properly clean up the PAM thread (Debian bug #252676). | |||
2004-07-01 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK | Darren Tucker | |
to pam_authenticate for challenge-response auth too. Originally from fcusack at fcusack.com, ok djm@ | |||
2004-07-01 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes | Darren Tucker | |
warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ | |||
2004-06-30 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | Darren Tucker | |
appdata_ptr to the conversation function. ok djm@ By rights we should free the messages too, but if this happens then one of the modules has already proven itself to be buggy so can we trust the messages? | |||
2004-06-19 | - (dtucker) [auth-pam.c] Don't use PAM namespace for | Darren Tucker | |
pam_password_change_required either. | |||
2004-06-03 | - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions. | Darren Tucker | |
ok djm@ | |||
2004-06-01 | - (djm) [auth-pam.c] Add copyright for local changes | Damien Miller | |
2004-05-30 | - (dtucker) [auth-pam.c] Use an invalid password for root if | Darren Tucker | |
PermitRootLogin != yes or the login is invalid, to prevent leaking information. Based on Openwall's owl-always-auth patch. ok djm@ | |||
2004-05-30 | - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874: Re-add PAM | Darren Tucker | |
support for PasswordAuthentication=yes. ok djm@ | |||
2004-05-24 | - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread" | Darren Tucker | |
is terminated if the privsep slave exits during keyboard-interactive authentication. ok djm@ | |||
2004-05-13 | - (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses | Darren Tucker | |
readpass.h, grep says scard-opensc.c does too. Replace with misc.h. | |||
2004-04-18 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM | Darren Tucker | |
authentication attempts. With & ok djm@ | |||
2004-03-30 | - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c | Darren Tucker | |
to reduce potential confusion with the one in sshd.c. ok djm@ | |||
2004-03-08 | - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c | Darren Tucker | |
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@ | |||
2004-03-04 | - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, | Darren Tucker | |
prevent hanging during PAM keyboard-interactive authentications. ok djm@ | |||
2004-03-04 | - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with | Darren Tucker | |
-DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@ | |||
2004-02-17 | - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for | Darren Tucker | |
display after login. Should fix problems like pam_motd not displaying anything, noticed by cjwatson at debian.org. ok djm@ | |||
2004-02-17 | - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ | Darren Tucker | |
2004-02-10 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to | Darren Tucker | |
change expired PAM passwords for SSHv1 connections without privsep. pam_chauthtok is still used when privsep is disabled. ok djm@ | |||
2004-01-15 | - (dtucker) [auth-pam.c] Add minor debugging. | Darren Tucker | |
2004-01-14 | - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add | Darren Tucker | |
test for case where cleanup has already run. | |||
2004-01-14 | - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits | Darren Tucker | |
unexpectedly. with & ok djm@ | |||
2004-01-13 | - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No | Darren Tucker | |
functional changes. This is in preparation for a change to catch the authentication thread exitting unexpectedly, to split functional and cosmetic changes. | |||
2004-01-08 | - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and | Darren Tucker | |
only define if not already. From des at freebsd.org. | |||
2004-01-02 | - (djm) OSX/Darwin put the PAM headers in a different place, detect this. | Damien Miller | |
Report from jakob@ | |||
2003-12-18 | Enable commented-out "if (compat20)" test. (Should not have been committed.) | Darren Tucker | |
2003-12-18 | - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive | Darren Tucker | |
authentication. Partially fixes bug #423. Feedback & ok djm@ Some background on why this is the way it is: * Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so we must call do_pam_account() to figure out if the password is expired. * AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the authentication thread and once from the main shell child, so we cache the result, which must be passed from the authentication thread back to the monitor. | |||
2003-11-21 | more whitespace (tabs this time) | Damien Miller | |
2003-11-21 | - djm@cvs.openbsd.org 2003/11/21 11:57:03 | Damien Miller | |
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced) | |||
2003-11-18 | - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ | Darren Tucker | |
2003-11-18 | - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, | Darren Tucker | |
and use it for do_pam_session. Fixes problems like pam_motd not displaying anything. ok djm@ | |||
2003-11-17 | - (djm) Export environment variables from authentication subprocess to | Damien Miller | |
parent. Part of Bug #717 | |||
2003-11-17 | - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int | Damien Miller | |
conversation function | |||
2003-11-13 | - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and | Darren Tucker | |
PAM_ERROR_MSG messages. | |||
2003-11-13 | - (dtucker) [auth-pam.c] Append newlines to lines output by the | Darren Tucker | |
pam_chauthtok_conv(). | |||
2003-10-09 | Add FALLTHROUGH comment | Darren Tucker | |
2003-10-07 | - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static | Darren Tucker | |
cleanup functions. With & ok djm@ | |||
2003-09-23 | - (djm) Sync with V_3_7 branch: | Damien Miller | |
- (djm) Fix SSH1 challenge kludge - (djm) Bug #671: Fix builds on OpenBSD - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code - (djm) Don't call pam_end before pam_init - (djm) Enable build with old OpenSSL again - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | |||
2003-09-17 | - (djm) Sync with V_3_7 branch | Damien Miller | |