Tom Rhodes
fb256a4a54
The manual page lists only 2 files, however it reads as `three files' which is
...
obviously incorrect.
PR: 46841
Submitted by: Sakamoto Seiji <s-siji@hyper.ocn.ne.jp>
2003-02-05 02:14:03 +00:00
Dag-Erling Smørgrav
2adf4e49c2
Linux-PAM's pam_start(3) fails with a bogus error message if passed the
...
pam_conv argument is NULL. OpenPAM doesn't care, but to make things
easier for people porting this code to other systems (or -STABLE), use
a dummy struct pam_conv instead of NULL.
Pointed out by: Damien Miller <djm@mindrot.org>
2003-02-03 14:10:28 +00:00
Dag-Erling Smørgrav
b946f5e1ff
Bump patch date to 2003-02-01 (the day after I fixed PAM authentication
...
for ssh1)
2003-02-03 11:11:36 +00:00
Dag-Erling Smørgrav
07fd326c9c
Fix keyboard-interactive authentication for ssh1. The problem was twofold:
...
- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.
- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.
These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.
Sponsored by: DARPA, NAI Labs
2003-01-31 11:08:07 +00:00
Dag-Erling Smørgrav
84860c33f0
Force early initialization of the resolver library, since the resolver
...
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days
2003-01-22 14:12:59 +00:00
Dag-Erling Smørgrav
d46e273b14
The previous commit contained a stupid mistake: ctxt->pam_[cp]sock was
...
initialized after the call to pthread_create() instead of before. It just
happened to work with threads enabled because ctxt is shared, but of
course it doesn't work when we use a child process instead of threads.
2002-12-21 15:09:58 +00:00
Dag-Erling Smørgrav
d953f52834
If possible, use pthreads instead of a child process for PAM.
...
Reimplement the necessary bits from auth_pam.c and auth2_pam.c so that
they share the PAM context used by the keyboard-interactive thread. If
a child process is used instead, they will (necessarily) use a separate
context.
Constify do_pam_account() and do_pam_session().
Sponsored by: DARPA, NAI Labs
2002-12-14 13:52:39 +00:00
Dag-Erling Smørgrav
9be00009ed
Add a missing #include "canohost.h".
2002-12-14 13:48:47 +00:00
Dag-Erling Smørgrav
bdb8839451
Remove code related to the PAMAuthenticationViaKbdInt option (which we've
...
disabled). This removes the only reference to auth2_pam().
2002-12-14 13:48:13 +00:00
Dag-Erling Smørgrav
3600b2f406
Back out a lastlog-related change which is no longer relevant.
2002-12-14 13:40:21 +00:00
Dag-Erling Smørgrav
b6fd52a01d
Fix a rounding error in the block size calculation.
...
Submitted by: tjr
2002-12-14 13:38:49 +00:00
Dag-Erling Smørgrav
5d93b6af54
Since OpenSSH drops privileges before calling pam_open_session(3),
...
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.
Approved by: re (rwatson)
2002-12-03 15:48:11 +00:00
Dag-Erling Smørgrav
810a15b120
Add caveats regarding the effect of PAM on PasswordAuthentication and
...
PermitRootLogin.
PR: docs/43776
MFC after: 1 week
2002-11-06 08:04:56 +00:00
Dag-Erling Smørgrav
dc04779010
Document the current default for VersionAddendum.
2002-11-05 17:25:15 +00:00
Dag-Erling Smørgrav
ee8aeb145a
Accurately reflect our local changes and additions.
2002-11-05 17:24:01 +00:00
Dag-Erling Smørgrav
0061710269
Document the current default value for VersionAddendum.
2002-11-05 17:17:09 +00:00
Dag-Erling Smørgrav
7e4224fafd
Switch to two-clause license, with NAI's permission.
2002-11-02 19:55:23 +00:00
Dag-Erling Smørgrav
f388f5ef26
Resolve conflicts.
2002-10-29 10:16:02 +00:00
Dag-Erling Smørgrav
dd5f4be98b
Protect against tag expansion + fix some brainos.
2002-10-29 10:12:51 +00:00
Dag-Erling Smørgrav
ef8cdc4065
Some tricks I use when I upgrade.
2002-10-29 09:56:16 +00:00
Dag-Erling Smørgrav
d73be2d96a
Correct shell code to expand globs in FREEBSD-Xlist
2002-10-29 09:55:28 +00:00
Dag-Erling Smørgrav
8488d4a48c
More cruft.
2002-10-29 09:54:53 +00:00
Dag-Erling Smørgrav
a8694a9a06
This commit was generated by cvs2svn to compensate for changes in r106121,
...
which included commits to RCS files with non-trunk default branches.
2002-10-29 09:43:00 +00:00
Dag-Erling Smørgrav
4b17dab0ba
Vendor import of OpenSSH-portable 3.5p1.
2002-10-29 09:43:00 +00:00
Hajimu UMEMOTO
7ac3260308
sshd didn't handle actual size of struct sockaddr correctly,
...
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.
Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days
2002-09-09 16:49:11 +00:00
Jun Kuriyama
b811072634
Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@).
2002-09-09 02:00:28 +00:00
Andrey A. Chernov
bccd761645
Do login cap calls _before_ descriptors are hardly closed because close may
...
invalidate login cap descriptor.
Reviewed by: des
2002-08-05 16:06:35 +00:00
Tony Finch
f38aa77fc8
Use login_getpwclass() instead of login_getclass() so that the root
...
vs. default login class distinction is made correctly.
PR: 37416
Approved by: des
MFC after: 4 days
2002-07-29 00:36:24 +00:00
Tony Finch
a02377d3e2
FreeBSD doesn't use the host RSA key by default.
...
Reviewed by: des
2002-07-26 15:16:56 +00:00
Andrey A. Chernov
59ac432a4d
Problems addressed:
...
1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.
Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)
2002-07-26 02:20:00 +00:00
Tony Finch
a9a70dec76
Document the FreeBSD default for CheckHostIP, which was changed in
...
rev 1.2 of readconf.c.
Approved by: des
2002-07-25 15:59:40 +00:00
Dag-Erling Smørgrav
c6b7459669
Whitespace nit.
2002-07-23 17:57:17 +00:00
Dag-Erling Smørgrav
f335483476
In pam_init_ctx(), register a cleanup function that will kill the child
...
process if a fatal error occurs. Deregister it in pam_free_ctx().
2002-07-17 17:44:02 +00:00
Dag-Erling Smørgrav
a9f7d76b96
Use realhostname_sa(3) so the IP address will be used instead of the
...
hostname if the latter is too long for utmp.
Submitted by: ru
MFC after: 3 days
2002-07-11 10:36:10 +00:00
Dag-Erling Smørgrav
77741b874a
Do not try to use PAM for password authentication, as it is
...
already (and far better) supported by the challenge/response
authentication mechanism.
2002-07-10 23:05:13 +00:00
Dag-Erling Smørgrav
645ca8e839
Don't forget to clear the buffer before reusing it.
2002-07-10 23:04:07 +00:00
Dag-Erling Smørgrav
d2030524ec
Rewrite to use the buffer API instead of roll-your-own messaging.
...
Suggested by: Markus Friedl <markus@openbsd.org>
Sponsored by: DARPA, NAI Labs
2002-07-05 15:27:26 +00:00
Dag-Erling Smørgrav
21f19a0cbf
(forgot to commit) We don't need --with-opie since PAM takes care of it.
2002-07-05 15:25:55 +00:00
Dag-Erling Smørgrav
b770f258b3
- Don't enable OpenSSH's OPIE support, since we let PAM handle OPIE.
...
- We don't have setutent(3) etc., and I have no idea why configure ever
thought we did.
2002-07-03 00:12:09 +00:00
Dag-Erling Smørgrav
53282320d1
Two FreeBSD-specific nits in comments:
...
- ChallengeResponseAuthentication controls PAM, not S/Key
- We don't honor PAMAuthenticationViaKbdInt, because the code path it
controls doesn't make sense for us, so don't mention it.
Sponsored by: DARPA, NAI Labs
2002-07-03 00:08:19 +00:00
Dag-Erling Smørgrav
9f95720321
Version bump for mm_answer_pam_respond() fix.
2002-07-02 13:07:37 +00:00
Dag-Erling Smørgrav
669e440e50
Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
...
PAM authentication failed due to an incorrect response.
2002-07-02 13:07:17 +00:00
Dag-Erling Smørgrav
9a97937550
Forgot to update the addendum in the config files.
2002-06-30 10:32:09 +00:00
Dag-Erling Smørgrav
e12c24615a
Regenerate.
2002-06-29 11:58:32 +00:00
Dag-Erling Smørgrav
076b29c735
<sys/mman.h> requires <sys/types.h>.
2002-06-29 11:57:51 +00:00
Dag-Erling Smørgrav
a82e551f0f
Resolve conflicts.
...
Sponsored by: DARPA, NAI Labs
2002-06-29 11:48:59 +00:00
Dag-Erling Smørgrav
ee21a45f81
Vendor import of OpenSSH 3.4p1.
2002-06-29 11:34:13 +00:00
Dag-Erling Smørgrav
d2a34caedb
This commit was generated by cvs2svn to compensate for changes in r99060,
...
which included commits to RCS files with non-trunk default branches.
2002-06-29 11:34:13 +00:00
Dag-Erling Smørgrav
effdee7ce0
Commit config.h so we don't need autoconf to build world.
2002-06-29 11:31:02 +00:00
Dag-Erling Smørgrav
0ff2975460
OpenBSD lifted this code our tree. Preserve the original CVS id.
2002-06-29 11:25:20 +00:00