summaryrefslogtreecommitdiff
path: root/auth-pam.c
AgeCommit message (Collapse)Author
2020-01-21Make sshpam_password_change_required static.Ruben Kerkhof
sshpam_password_change_required is only used in auth-pam.c, so make it static to prevent a mising prototype warning.
2020-01-20Fix a few warnings when on Mac OS X.Ruben Kerkhof
Include stdlib.h for calloc, malloc, free and setenv.
2019-09-13memleak of buffer in sshpam_queryDamien Miller
coverity report via Ed Maste; ok dtucker@
2019-06-08Typo fixes in error messages.Darren Tucker
Patch from knweiss at gmail.com via github pull req #97 (portable- specific parts).
2019-06-07Have pthread_create return errno on failure.Darren Tucker
According to POSIX, pthread_create returns the failure reason in the non-zero function return code so make the fork wrapper do that. Matches previous change.
2019-06-07pthread_create(3) returns positive values on failure.Elliott Hughes
Found by inspection after finding similar bugs in other code used by Android.
2019-05-17Add no-op implementation of pam_putenv.Darren Tucker
Some platforms such as HP-UX do not have pam_putenv. Currently the calls are ifdef'ed out, but a new one was recently added. Remove the ifdefs and add a no-op implementation. bz#3008, ok djm.
2019-01-20remove PAM dependencies on old packet APIDamien Miller
Requires some caching of values, because the PAM code isn't always called with packet context.
2018-12-14expose $SSH_CONNECTION in the PAM environmentDamien Miller
This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741
2018-09-13adapt -portable to OpenSSL 1.1x APIDamien Miller
Polyfill missing API with replacement functions extracted from LibreSSL
2018-07-12Remove key.h from portable files too.Darren Tucker
Commit 5467fbcb removed key.h so stop including it in portable files too. Fixes builds on lots of platforms.
2018-07-10Adapt portable to legacy buffer API removalDamien Miller
2018-04-06Expose SSH_AUTH_INFO_0 to PAM auth modulesDamien Miller
bz#2408, patch from Radoslaw Ejsmont; ok dtucker@
2018-03-03Update PAM password change to new opts API.Darren Tucker
2018-03-03upstream: switch over to the new authorized_keys options API anddjm@openbsd.org
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2017-07-28Expose list of completed auth methods to PAMDamien Miller
bz#2408; ok dtucker@
2017-03-29Remove SSHv1 code path.Darren Tucker
Server-side support for Protocol 1 has been removed so remove !compat20 PAM code path.
2017-03-10Check for NULL from malloc.Darren Tucker
Part of bz#2687, from jjelen at redhat.com.
2016-10-15Remove do_pam_set_tty which is dead code.Darren Tucker
The callers of do_pam_set_tty were removed in 2008, so this is now dead code. bz#2604, pointed out by jjelen at redhat.com.
2016-08-16add --with-pam-service to specify PAM service nameDamien Miller
Saves messing around with CFLAGS to do it.
2016-07-22retry waitpid on EINTR failureDamien Miller
patch from Jakub Jelen on bz#2581; ok dtucker@
2016-07-18Handle PAM_MAXTRIES from modules.Darren Tucker
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer password and keyboard-interative authentication methods. Should prevent "sshd ignoring max retries" warnings in the log. ok djm@ It probably won't trigger with keyboard-interactive in the default configuration because the retry counter is stored in module-private storage which goes away with the sshd PAM process (see bz#688). On the other hand, those cases probably won't log a warning either.
2016-07-15Mitigate timing of disallowed users PAM logins.Darren Tucker
When sshd decides to not allow a login (eg PermitRootLogin=no) and it's using PAM, it sends a fake password to PAM so that the timing for the failure is not noticeably different whether or not the password is correct. This behaviour can be detected by sending a very long password string which is slower to hash than the fake password. Mitigate by constructing an invalid password that is the same length as the one from the client and thus takes the same time to hash. Diff from djm@
2016-06-17Remove duplicate code from PAM. ok djm@Darren Tucker
2016-05-20Fix comment about sshpam_const and AIX.Darren Tucker
From mschwager via github.
2016-03-08unbreak PAM after canohost refactorDamien Miller
2016-02-05avoid FreeBSD RCS Id in commentDamien Miller
Change old $FreeBSD version string in comment so it doesn't become an RCS ident downstream; requested by des AT des.no
2015-04-30xrealloc -> xreallocarray in portable code too.Darren Tucker
2013-12-19 - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().Darren Tucker
Patch from Loganaden Velvindron.
2013-06-02 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
2009-07-12 - (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials onDarren Tucker
logout to after the session close. Patch from Anicka Bernathova, ok djm.
2008-03-11 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: MoveDarren Tucker
pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
2007-08-10 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@Darren Tucker
2007-05-20 - (dtucker) [auth-pam.c] Return empty string if fgets fails inDarren Tucker
sshpam_tty_conv. Patch from ldv at altlinux.org.
2007-05-20 - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch fromDarren Tucker
ldv at altlinux.org.
2006-09-17 - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM authDarren Tucker
process so that any logging it does is with the right timezone. From Scott Strickler, ok djm@.
2006-09-01 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
2006-08-05 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]Damien Miller
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more includes for Linux in
2006-08-05 - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]Damien Miller
remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit
2006-08-05 - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.cDamien Miller
2006-07-24 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-13 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.hDarren Tucker
2006-05-15 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back andDarren Tucker
do not allow kbdint again after the PAM account check fails. ok djm@
2006-05-04 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
2006-03-26 - djm@cvs.openbsd.org 2006/03/25 01:13:23Damien Miller
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
2006-03-26 - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
2006-03-18- (djm) [auth-pam.c] Fix memleak in error path, from Coverity viaDamien Miller
elad AT NetBSD.org
2006-03-15 - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]Damien Miller
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris
2006-01-29Correct format in debug messageDarren Tucker
2005-09-28 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages fromDarren Tucker
PAM via keyboard-interactive. Patch tested by the folks at Vintela.