| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
as the process is short-lived, and the leak occurs very rarely and always
shortly before the process terminates.
MFC after: 3 days
|
|\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| | |
Obtained from: openssh.org
Originally committed to head by: nectar
|
| |
| |
| |
| |
| | |
Obtained from: openssh.org
Originally committed to head by: nectar
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| |
| |
| | |
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
|
| |
| |
| |
| |
| |
| |
| | |
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| |
| |
| | |
memory.
Obtained from: OpenBSD
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| | |
the OpenSSH-portable CVS repo, I'm committing this on the vendor branch.
|
| |
| |
| |
| |
| |
| |
| | |
restarting when sent a SIGHUP.
Submitted by: tegge
Approved by: re (jhb)
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.
Approved by: re (rwatson)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
name to reflect its role
- try to handle expired passwords a little better
MFC after: 1 week
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.
Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.
MFC after: 1 week
|
| |
| |
| |
| |
| |
| |
| |
| | |
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
|
| | |
|
| |
| |
| |
| | |
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| | |
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
|
| |
| |
| |
| |
| |
| |
| |
| | |
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
|
| |
| |
| |
| | |
for ssh1)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
| |
| |
| |
| |
| |
| |
| |
| | |
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
|
| |
| |
| |
| |
| |
| | |
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
|
| | |
|
| |
| |
| |
| | |
disabled). This removes the only reference to auth2_pam().
|
| | |
|
| |
| |
| |
| | |
Submitted by: tjr
|
| |
| |
| |
| |
| |
| | |
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
|
| |
| |
| |
| |
| |
| |
| | |
PermitRootLogin.
PR: docs/43776
MFC after: 1 week
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|