summaryrefslogtreecommitdiff
path: root/auth-pam.c
AgeCommit message (Collapse)Author
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-02 - (djm) Fix segv from bad reordering in auth-pam.cDamien Miller
2003-05-18 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing inDamien Miller
recent merge
2003-05-16 - (djm) Guard free_pam_environment against NULL argument. Works aroundDamien Miller
HP/UX PAM problems debugged by dtucker
2003-05-14 - (djm) Die screaming if start_pam() is called when UsePAM=noDamien Miller
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-04-29 - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller
Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-09*** empty log message ***Damien Miller
2003-01-22 - (djm) Reorganise PAM & SIA password handling to eliminate some common codeDamien Miller
2002-07-28 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solarKevin Steves
2002-07-23- (stevesk) [auth-pam.c] typo in commentKevin Steves
2002-07-23 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must beKevin Steves
freed by the caller; add free_pam_environment() and use it.
2002-07-21 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.hKevin Steves
2002-07-21 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatchKevin Steves
warning on pam_conv struct conversation function.
2002-07-21 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;Kevin Steves
PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
2002-07-21 - (stevesk) [auth-pam.c] merge cosmetic changes from solar'sKevin Steves
openssh-3.4p1-owl-password-changing.diff
2002-07-02 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &Damien Miller
friends consistently. Spotted by Solar Designer <solar@openwall.com>
2002-05-08 - (djm) Don't reinitialise PAM credentials before we have started PAM.Damien Miller
Report from Pekka Savola <pekkas@netcore.fi>
2002-04-26 - (djm) Disable PAM password expiry until a complete fix for bug #188 existsDamien Miller
2002-04-23 - (djm) Make privsep work with PAM (still experimental)Damien Miller
2002-04-04 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.hKevin Steves
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-02-05 - (djm) Cleanup after sync:Damien Miller
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2001-11-09 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)Kevin Steves
if permit_empty_passwd == 0 so null password check cannot be bypassed. jayaraj@amritapuri.com OpenBSD bug 2168
2001-10-28 - (stevesk) Fix compile problem with PAM password change fixKevin Steves
2001-10-28 - (djm) Fix for PAM password changes being echoed (from stevesk)Damien Miller
2001-10-28 - (djm) Avoid bug in Solaris PAM libsDamien Miller
2001-04-23 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWDKevin Steves
2001-04-23 - (stevesk) pam_start() doesn't use DNS now for sshd -u0.Kevin Steves
2001-04-20 - (stevesk) set the default PAM service name to __progname insteadKevin Steves
of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
2001-03-27 - (djm) Reestablish PAM credentials (which can be supplemental groupDamien Miller
memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-21 - (djm) Don't loop forever when changing password via PAM. PatchDamien Miller
from Solar Designer <solar@openwall.com>
2001-03-21 - (djm) Make sure pam_retval is initialised on call to pam_end. PatchDamien Miller
from Solar Designer <solar@openwall.com>
2001-03-01 - (djm) Force standard PAM conversation function in a few more places.Damien Miller
Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai <nalin@redhat.com>
2001-02-27whitspaceDamien Miller
2001-02-15 - (djm) Clean up PAM namespace. Suggested by Darren MoffatDamien Miller
<Darren.Moffat@eng.sun.com>
2001-02-14 - (djm) Don't try to close PAM session or delete credentials if theDamien Miller
session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>
2001-02-11Oops - missed a bit of previous diffDamien Miller
2001-02-11 - (djm) Set PAM_RHOST earlier, patch from Andrew BartlettDamien Miller
<abartlet@pcug.org.au>
2001-02-07 - (djm) Much KNF on PAM codeDamien Miller
- (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication
2001-02-05 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27Kevin Steves
[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-04NB: big update - may break stuff. Please test!Damien Miller
- (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-19 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)Damien Miller
to fix NULL pointer deref and fake authloop breakage in PAM code.
2000-12-20 - (djm) Workaround PAM inconsistencies between Solaris derived PAM codeDamien Miller
and Linux-PAM. Based on report and fix from Andrew Morgan <morgan@transmeta.com>
2000-12-03 - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enableDamien Miller
PAM authentication using KbdInteractive. - (djm) Added another TODO
2000-10-14function prototype and definition consistency cleanup.Kevin Steves
2000-10-14 - (stevesk) ~/.hushlogin shouldn't cause required password change toKevin Steves
be bypassed.
2000-10-14 - (djm) Big OpenBSD sync:Damien Miller
- markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
2000-10-14 - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial authDamien Miller