History log of /openssh-portable/auth-pam.c (Results 1 – 25 of 181)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1
# 57ed647e 03-Apr-2021 Damien Miller

polish whitespace for portable files


Revision tags: V_8_5_P1
# fcf429a4 10-Nov-2020 Darren Tucker

Prevent excessively long username going to PAM.

This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations

Prevent excessively long username going to PAM.

This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations. This is not a problem in sshd itself, it only
prevents sshd from being used as a vector to attack Solaris' PAM.
It does not prevent the bug in PAM from being exploited via some other
PAM application.

Based on github PR#212 from Mike Scott but implemented slightly
differently. ok tim@ djm@

show more ...


Revision tags: V_8_4_P1
# 598c3a5e 26-Jun-2020 Damien Miller

document a PAM spec problem in a frustrated comment


Revision tags: V_8_3_P1, V_8_2_P1
# 945bf52c 23-Jan-2020 Darren Tucker

Fix a couple of mysig_t leftovers.


# 3bf2a6ac 23-Jan-2020 dtucker@openbsd.org

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which sho

upstream: Replace all calls to signal(2) with a wrapper around

sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519

show more ...


# 6089abf7 20-Jan-2020 Ruben Kerkhof

Make sshpam_password_change_required static.

sshpam_password_change_required is only used in auth-pam.c, so make it
static to prevent a mising prototype warning.


# 335dc935 20-Jan-2020 Ruben Kerkhof

Fix a few warnings when on Mac OS X.

Include stdlib.h for calloc, malloc, free and setenv.


Revision tags: V_8_1_P1
# ec0e6243 12-Sep-2019 Damien Miller

memleak of buffer in sshpam_query

coverity report via Ed Maste; ok dtucker@


# fc0340f7 07-Jun-2019 Darren Tucker

Typo fixes in error messages.

Patch from knweiss at gmail.com via github pull req #97 (portable-
specific parts).


# d220b675 07-Jun-2019 Darren Tucker

Have pthread_create return errno on failure.

According to POSIX, pthread_create returns the failure reason in
the non-zero function return code so make the fork wrapper do that.
Matches previous cha

Have pthread_create return errno on failure.

According to POSIX, pthread_create returns the failure reason in
the non-zero function return code so make the fork wrapper do that.
Matches previous change.

show more ...


# 1bd4f7f2 25-Apr-2019 Elliott Hughes

pthread_create(3) returns positive values on failure.

Found by inspection after finding similar bugs in other code used by
Android.


# 606077ee 16-May-2019 Darren Tucker

Add no-op implementation of pam_putenv.

Some platforms such as HP-UX do not have pam_putenv. Currently the
calls are ifdef'ed out, but a new one was recently added. Remove the
ifdefs and add a no-

Add no-op implementation of pam_putenv.

Some platforms such as HP-UX do not have pam_putenv. Currently the
calls are ifdef'ed out, but a new one was recently added. Remove the
ifdefs and add a no-op implementation. bz#3008, ok djm.

show more ...


Revision tags: V_8_0_P1
# 3f0786bb 19-Jan-2019 Damien Miller

remove PAM dependencies on old packet API

Requires some caching of values, because the PAM code isn't
always called with packet context.


# 8a22ffaa 06-Dec-2018 Damien Miller

expose $SSH_CONNECTION in the PAM environment

This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741


Revision tags: V_7_9_P1
# 48f54b9d 12-Sep-2018 Damien Miller

adapt -portable to OpenSSL 1.1x API

Polyfill missing API with replacement functions extracted from LibreSSL


Revision tags: V_7_8_P1
# 3f420a69 12-Jul-2018 Darren Tucker

Remove key.h from portable files too.

Commit 5467fbcb removed key.h so stop including it in portable files
too. Fixes builds on lots of platforms.


# 120a1ec7 10-Jul-2018 Damien Miller

Adapt portable to legacy buffer API removal


# e8f47455 06-Apr-2018 Damien Miller

Expose SSH_AUTH_INFO_0 to PAM auth modules

bz#2408, patch from Radoslaw Ejsmont; ok dtucker@


Revision tags: V_7_7_P1
# 13ef4cf5 03-Mar-2018 Darren Tucker

Update PAM password change to new opts API.


# 7c856857 02-Mar-2018 djm@openbsd.org

upstream: switch over to the new authorized_keys options API and

remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and o

upstream: switch over to the new authorized_keys options API and

remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df

show more ...


Revision tags: V_7_6_P1
# 94bc1e7f 28-Jul-2017 Damien Miller

Expose list of completed auth methods to PAM

bz#2408; ok dtucker@


# 608ec1f6 28-Mar-2017 Darren Tucker

Remove SSHv1 code path.

Server-side support for Protocol 1 has been removed so remove !compat20
PAM code path.


Revision tags: V_7_5_P1
# bee0167b 09-Mar-2017 Darren Tucker

Check for NULL from malloc.

Part of bz#2687, from jjelen at redhat.com.


Revision tags: V_7_4_P1
# e0259a82 14-Oct-2016 Darren Tucker

Remove do_pam_set_tty which is dead code.

The callers of do_pam_set_tty were removed in 2008, so this is now dead
code. bz#2604, pointed out by jjelen at redhat.com.


# 8bd81e15 15-Aug-2016 Damien Miller

add --with-pam-service to specify PAM service name

Saves messing around with CFLAGS to do it.


12345678