| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
restarting when sent a SIGHUP.
Submitted by: tegge
Approved by: re (jhb)
|
| |
|
|
|
|
|
|
|
| |
etc.) from the application namespace for programs that use pam_ssh(8).
Use #defines to avoid changing the actual source code.
Approved by: re (rwatson)
|
|
|
|
|
|
|
|
| |
of conflicting with other, similarly named functions in static
libraries. This is done mostly by renaming the var if it is shared
amongst modules, or making it static otherwise.
OK'ed by: re(scottl)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
name to reflect its role
- try to handle expired passwords a little better
MFC after: 1 week
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
not respond to challenge, and later successfully authenticated itself
using another method, the kbdint context would never be released,
leaving the PAM child process behind even after the connection ended.
Fix this by automatically releasing the kbdint context if a packet of
type SSH_CMSG_AUTH_TIS is follwed by anything but a packet of type
SSH_CMSG_AUTH_TIS_RESPONSE.
MFC after: 1 week
|
| | |
|
|\ \
| | |
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| | |
| | |
| | | |
http://www.openssl.org/news/secadv_20030319.txt
|
| | |
| | |
| | |
| | | |
Enjoy your retirement in ports.
|
| | |
| | |
| | |
| | |
| | |
| | | |
(Credential forwarding is still broken.)
PR: bin/45397
|
| | | |
|
|\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
|
| | |
| | |
| | |
| | | |
an attempt to declare a prototype for it will croak.
|
| | | |
|
| | |
| | |
| | |
| | | |
MFC after: 3 days
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
|
| | |
| | |
| | |
| | | |
for ssh1)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
|
|\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
des_read_pw_string to break (and thus rather mysteriously
breaking utilities such as kinit).
= Enable the BSD /dev/crypto interface.
(These changes are being imported on the vendor branch, as they have
already been accepted and committed to the OpenSSL CVS repository.)
|
| | |
| | |
| | |
| | | |
This is cunning doublespeak for "use vendor code".
|
| | |
| | |
| | |
| | | |
retained as it is still used.
|
|\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| | |
| | |
| | | |
support for AES and OpenBSD's hardware crypto.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
two basic changes (both of which should be no-ops until OpenSSL 0.9.7
is imported):
= Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include
openssl/des.h.
= Spell `struct des_ks_struct []' using the existing
`des_key_schedule' typedef.
When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other
things) will be a macro invocation instead of a typedef, and things
should `just work'.
Yes, this commit does take several files off the vendor branch.
I do not expect there to be future imports of KTH Kerberos 4.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
|
|\ \ \
| | | |
| | | |
| | | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is particularly important for OpenSSL 0.9.7, as `des_read_pw_string'
is a macro there. (This fix brought in on the vendor branch, because I
already committed it to Heimdal's CVS.)
|
| | | |
| | | |
| | | |
| | | | |
Reviewed by: ps
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
disabled). This removes the only reference to auth2_pam().
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Submitted by: tjr
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Submitted by: markm
Approved by: bmah
|