summaryrefslogtreecommitdiff
path: root/auth-pam.c
AgeCommit message (Collapse)Author
2004-04-18 - (dtucker) [auth-pam.c] Log username and source host for failed PAMDarren Tucker
authentication attempts. With & ok djm@
2004-03-30 - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.cDarren Tucker
to reduce potential confusion with the one in sshd.c. ok djm@
2004-03-08 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.cDarren Tucker
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@
2004-03-04 - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread,Darren Tucker
prevent hanging during PAM keyboard-interactive authentications. ok djm@
2004-03-04 - (dtucker) [auth-pam.c] Don't try to export PAM when compiled withDarren Tucker
-DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@
2004-02-17 - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred forDarren Tucker
display after login. Should fix problems like pam_motd not displaying anything, noticed by cjwatson at debian.org. ok djm@
2004-02-17 - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@Darren Tucker
2004-02-10 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange toDarren Tucker
change expired PAM passwords for SSHv1 connections without privsep. pam_chauthtok is still used when privsep is disabled. ok djm@
2004-01-15 - (dtucker) [auth-pam.c] Add minor debugging.Darren Tucker
2004-01-14 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, addDarren Tucker
test for case where cleanup has already run.
2004-01-14 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exitsDarren Tucker
unexpectedly. with & ok djm@
2004-01-13 - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. NoDarren Tucker
functional changes. This is in preparation for a change to catch the authentication thread exitting unexpectedly, to split functional and cosmetic changes.
2004-01-08 - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h andDarren Tucker
only define if not already. From des at freebsd.org.
2004-01-02 - (djm) OSX/Darwin put the PAM headers in a different place, detect this.Damien Miller
Report from jakob@
2003-12-18Enable commented-out "if (compat20)" test. (Should not have been committed.)Darren Tucker
2003-12-18 - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactiveDarren Tucker
authentication. Partially fixes bug #423. Feedback & ok djm@ Some background on why this is the way it is: * Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so we must call do_pam_account() to figure out if the password is expired. * AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the authentication thread and once from the main shell child, so we cache the result, which must be passed from the authentication thread back to the monitor.
2003-11-21more whitespace (tabs this time)Damien Miller
2003-11-21 - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller
[everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
2003-11-18 - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@Darren Tucker
2003-11-18 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,Darren Tucker
and use it for do_pam_session. Fixes problems like pam_motd not displaying anything. ok djm@
2003-11-17 - (djm) Export environment variables from authentication subprocess toDamien Miller
parent. Part of Bug #717
2003-11-17 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-intDamien Miller
conversation function
2003-11-13 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO andDarren Tucker
PAM_ERROR_MSG messages.
2003-11-13 - (dtucker) [auth-pam.c] Append newlines to lines output by theDarren Tucker
pam_chauthtok_conv().
2003-10-09Add FALLTHROUGH commentDarren Tucker
2003-10-07 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new staticDarren Tucker
cleanup functions. With & ok djm@
2003-09-23 - (djm) Sync with V_3_7 branch:Damien Miller
- (djm) Fix SSH1 challenge kludge - (djm) Bug #671: Fix builds on OpenBSD - (djm) Bug #676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code - (djm) Don't call pam_end before pam_init - (djm) Enable build with old OpenSSL again - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2003-09-17 - (djm) Sync with V_3_7 branchDamien Miller
2003-09-13Add extern __progname, needed if SSHD_PAM_SERVICE not definedDarren Tucker
2003-09-13 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patchDarren Tucker
from cjwatson at debian.org.
2003-09-02 - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM sessionDamien Miller
management (now done in do_setusercontext). Largely from michael_steffens AT hp.com
2003-09-02 - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compilerDamien Miller
error. Part of Bug #423, patch from michael_steffens AT hp.com
2003-08-26 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.hDarren Tucker
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-08 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@Darren Tucker
2003-07-30 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks balDamien Miller
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-02 - (djm) Fix segv from bad reordering in auth-pam.cDamien Miller
2003-05-18 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing inDamien Miller
recent merge
2003-05-16 - (djm) Guard free_pam_environment against NULL argument. Works aroundDamien Miller
HP/UX PAM problems debugged by dtucker
2003-05-14 - (djm) Die screaming if start_pam() is called when UsePAM=noDamien Miller
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-04-29 - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller
Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-09*** empty log message ***Damien Miller
2003-01-22 - (djm) Reorganise PAM & SIA password handling to eliminate some common codeDamien Miller
2002-07-28 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solarKevin Steves
2002-07-23- (stevesk) [auth-pam.c] typo in commentKevin Steves
2002-07-23 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must beKevin Steves
freed by the caller; add free_pam_environment() and use it.
2002-07-21 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.hKevin Steves