summaryrefslogtreecommitdiff
path: root/auth-pam.c
AgeCommit message (Collapse)Author
2004-01-14 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, addDarren Tucker
test for case where cleanup has already run.
2004-01-14 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exitsDarren Tucker
unexpectedly. with & ok djm@
2004-01-13 - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. NoDarren Tucker
functional changes. This is in preparation for a change to catch the authentication thread exitting unexpectedly, to split functional and cosmetic changes.
2004-01-08 - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h andDarren Tucker
only define if not already. From des at freebsd.org.
2004-01-02 - (djm) OSX/Darwin put the PAM headers in a different place, detect this.Damien Miller
Report from jakob@
2003-12-18Enable commented-out "if (compat20)" test. (Should not have been committed.)Darren Tucker
2003-12-18 - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactiveDarren Tucker
authentication. Partially fixes bug #423. Feedback & ok djm@ Some background on why this is the way it is: * Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so we must call do_pam_account() to figure out if the password is expired. * AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the authentication thread and once from the main shell child, so we cache the result, which must be passed from the authentication thread back to the monitor.
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-11-18 - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@Darren Tucker
2003-11-18 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,Darren Tucker
and use it for do_pam_session. Fixes problems like pam_motd not displaying anything. ok djm@
2003-11-17 - (djm) Export environment variables from authentication subprocess toDamien Miller
parent. Part of Bug #717
2003-11-17 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-intDamien Miller
conversation function
2003-11-13 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO andDarren Tucker
PAM_ERROR_MSG messages.
2003-11-13 - (dtucker) [auth-pam.c] Append newlines to lines output by theDarren Tucker
pam_chauthtok_conv().
2003-10-09Add FALLTHROUGH commentDarren Tucker
2003-10-07 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new staticDarren Tucker
cleanup functions. With & ok djm@
2003-09-23 - (djm) Sync with V_3_7 branch:Damien Miller
- (djm) Fix SSH1 challenge kludge - (djm) Bug #671: Fix builds on OpenBSD - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code - (djm) Don't call pam_end before pam_init - (djm) Enable build with old OpenSSL again - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2003-09-17 - (djm) Sync with V_3_7 branchDamien Miller
2003-09-13Add extern __progname, needed if SSHD_PAM_SERVICE not definedDarren Tucker
2003-09-13 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patchDarren Tucker
from cjwatson at debian.org.
2003-09-02 - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM sessionDamien Miller
management (now done in do_setusercontext). Largely from michael_steffens AT hp.com
2003-09-02 - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compilerDamien Miller
error. Part of Bug #423, patch from michael_steffens AT hp.com
2003-08-26 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.hDarren Tucker
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-08 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@Darren Tucker
2003-07-30 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks balDamien Miller
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-02 - (djm) Fix segv from bad reordering in auth-pam.cDamien Miller
2003-05-18 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing inDamien Miller
recent merge
2003-05-16 - (djm) Guard free_pam_environment against NULL argument. Works aroundDamien Miller
HP/UX PAM problems debugged by dtucker
2003-05-14 - (djm) Die screaming if start_pam() is called when UsePAM=noDamien Miller
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-04-29 - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller
Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-09*** empty log message ***Damien Miller
2003-01-22 - (djm) Reorganise PAM & SIA password handling to eliminate some common codeDamien Miller
2002-07-28 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solarKevin Steves
2002-07-23- (stevesk) [auth-pam.c] typo in commentKevin Steves
2002-07-23 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must beKevin Steves
freed by the caller; add free_pam_environment() and use it.
2002-07-21 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.hKevin Steves
2002-07-21 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatchKevin Steves
warning on pam_conv struct conversation function.
2002-07-21 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;Kevin Steves
PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
2002-07-21 - (stevesk) [auth-pam.c] merge cosmetic changes from solar'sKevin Steves
openssh-3.4p1-owl-password-changing.diff
2002-07-02 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &Damien Miller
friends consistently. Spotted by Solar Designer <solar@openwall.com>
2002-05-08 - (djm) Don't reinitialise PAM credentials before we have started PAM.Damien Miller
Report from Pekka Savola <pekkas@netcore.fi>
2002-04-26 - (djm) Disable PAM password expiry until a complete fix for bug #188 existsDamien Miller
2002-04-23 - (djm) Make privsep work with PAM (still experimental)Damien Miller
2002-04-04 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.hKevin Steves
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-02-05 - (djm) Cleanup after sync:Damien Miller
- :%s/reverse_mapping_check/verify_reverse_mapping/g