| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
|
| | |
| |
| |
| |
| |
| |
| | |
restarting when sent a SIGHUP.
Submitted by: tegge
Approved by: re (jhb)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.
Approved by: re (rwatson)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
name to reflect its role
- try to handle expired passwords a little better
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.
Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
|
| | | |
|
| | |
| |
| |
| | |
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| | |
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
|
| | |
| |
| |
| | |
for ssh1)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
| | |
| |
| |
| |
| |
| |
| |
| | |
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| | |
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
|
| | | |
|
| | |
| |
| |
| | |
disabled). This removes the only reference to auth2_pam().
|
| | | |
|
| | |
| |
| |
| | |
Submitted by: tjr
|
| | |
| |
| |
| |
| |
| | |
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
|
| | |
| |
| |
| |
| |
| |
| | |
PermitRootLogin.
PR: docs/43776
MFC after: 1 week
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.
Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
invalidate login cap descriptor.
Reviewed by: des
|
| | |
| |
| |
| |
| |
| |
| |
| | |
vs. default login class distinction is made correctly.
PR: 37416
Approved by: des
MFC after: 4 days
|
| | |
| |
| |
| | |
Reviewed by: des
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.
Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)
|
| | |
| |
| |
| |
| |
| | |
rev 1.2 of readconf.c.
Approved by: des
|
| | | |
|
| | |
| |
| |
| | |
process if a fatal error occurs. Deregister it in pam_free_ctx().
|
