aboutsummaryrefslogtreecommitdiff
path: root/lib/libpam/modules/pam_ssh/pam_ssh.c
Commit message (Collapse)AuthorAgeFilesLines
* Upgrade to OpenSSH 7.8p1.Dag-Erling Smørgrav2018-09-101-15/+14
| | | | | | | Approved by: re (kib@) Notes: svn path=/head/; revision=338561
* Upgrade to OpenSSH 7.7p1.Dag-Erling Smørgrav2018-05-111-1/+1
| | | | Notes: svn path=/head/; revision=333490
* lib: further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-261-0/+2
| | | | | | | | | | | | | | | Mainly focus on files that use BSD 2-Clause license, however the tool I was using mis-identified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Notes: svn path=/head/; revision=326219
* Remove support for SSH1 as it is already disabled in our OpenSSH.Ollivier Robert2016-08-221-1/+0
| | | | | | | | Submitted by: vangyzen MFC after: 2 weeks Notes: svn path=/head/; revision=304635
* Add support for Ed25519 keys.Ollivier Robert2016-08-221-0/+1
| | | | | | | | Reported by: mwlucas MFH: 2 weeks Notes: svn path=/head/; revision=304626
* Define __bounded__ to fix the gcc build. While there, raise WARNS.Dag-Erling Smørgrav2016-03-111-1/+4
| | | | Notes: svn path=/head/; revision=296651
* Update for API changes in OpenSSH 6.8p1.John Baldwin2016-01-201-7/+6
| | | | | | | | | | | First, the authfd API now uses a direct file descriptor for the control socket instead of a more abstract AuthenticationConnection structure. Second, the functions now consistently return an error value. Reviewed by: bdrewery Notes: svn path=/head/; revision=294367
* Passing NULL as a key casues a segfault when loading SSH 1 keys. UseDag-Erling Smørgrav2012-05-261-1/+1
| | | | | | | an empty string instead. Notes: svn path=/head/; revision=236106
* key_load_private() ignores the passphrase argument if the private keyDag-Erling Smørgrav2011-11-201-7/+18
| | | | | | | | | | | | | | | is unencrypted. This defeats the nullok check, because it means a non-null passphrase will successfully unlock the key. To address this, try at first to load the key without a passphrase. If this succeeds and the user provided a non-empty passphrase *or* nullok is false, reject the key. MFC after: 1 week Noticed by: Guy Helmer <guy.helmer@palisadesystems.com> Notes: svn path=/head/; revision=227757
* Load the ECDSA key if there is one.Dag-Erling Smørgrav2011-10-071-0/+3
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=226101
* No newline required.Dag-Erling Smørgrav2011-03-091-2/+2
| | | | | | | MFC after: 2 weeks Notes: svn path=/head/; revision=219426
* Upgrade to OpenSSH 5.4p1.Dag-Erling Smørgrav2010-03-091-0/+3
| | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=204917
* Adjust for OpenPAM Hydrangea.Dag-Erling Smørgrav2007-12-211-3/+3
| | | | Notes: svn path=/head/; revision=174837
* Fix build.Ruslan Ermilov2006-09-301-0/+1
| | | | Notes: svn path=/head/; revision=162900
* Correct the logic for determining whether the user has already enteredDag-Erling Smørgrav2005-09-261-4/+7
| | | | | | | | | a password. Also, work around some harmless type pun warnings. MFC after: 3 days Notes: svn path=/head/; revision=150596
* Do not use passphraseless keys for authentication unless the nullokDag-Erling Smørgrav2005-09-221-2/+8
| | | | | | | | | | | option was specified. PR: bin/81231 Submitted by: "Daniel O'Connor" <doconnor@gsoft.com.au> MFC after: 3 days Notes: svn path=/head/; revision=150455
* Narrow the use of user credentials.Dag-Erling Smørgrav2005-09-211-14/+10
| | | | | | | | | Fix one case where openpam_restore_cred() might be called twice in a row. MFC after: 3 days Notes: svn path=/head/; revision=150426
* Fix numerous constness and aliasing issues.Dag-Erling Smørgrav2004-02-101-4/+4
| | | | Notes: svn path=/head/; revision=125650
* Ignore ECHILD from waitpid(2) (our child may have been reaped by theDag-Erling Smørgrav2003-09-191-1/+2
| | | | | | | | | calling process's SIGCHLD handler) PR: bin/45669 Notes: svn path=/head/; revision=120231
* Use pam_get_user(3) instead of pam_get_item(3) where appropriate.Dag-Erling Smørgrav2003-02-101-2/+2
| | | | Notes: svn path=/head/; revision=110653
* Complete rewrite of pam_ssh(8). The previous version was becoming hardDag-Erling Smørgrav2003-02-091-471/+272
| | | | | | | | | | | | | | to maintain, and had security issues which would have required a major rewrite to address anyway. This implementation currently starts a separate agent for each session instead of connecting each new session to the agent started by the first one. While this would be a Good Thing (and the old pam_ssh(8) tried to do it), it's hard to get right. I'll revisit this issue when I've had a chance to test some modifications to ssh-agent(1). Notes: svn path=/head/; revision=110598
* Merge in most non-style differences from Andrew Korty's pam_ssh 1.7.Dag-Erling Smørgrav2002-12-161-45/+53
| | | | Notes: svn path=/head/; revision=107934
* Major cleanup:Dag-Erling Smørgrav2002-04-121-102/+81
| | | | | | | | | | | | | | | | - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=94564
* Remove debugging code that was inadvertantly brought in by previous commit.Dag-Erling Smørgrav2002-04-081-1/+0
| | | | Notes: svn path=/head/; revision=94217
* Use OpenPAM's credential switching functions.Dag-Erling Smørgrav2002-04-081-10/+9
| | | | | | | Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=94216
* Aggressive cleanup of warnings + authtok-related code in preparation forDag-Erling Smørgrav2002-04-061-31/+35
| | | | | | | | | PAMifying passwd(1). Sponsored by: DARPA, NAI Labs. Notes: svn path=/head/; revision=93984
* Remove some duplicate free()s and add some that were missing.Dag-Erling Smørgrav2002-04-051-21/+9
| | | | | | | Submitted by: tmm Notes: svn path=/head/; revision=93907
* pam_get_pass() -> pam_get_authtok()Dag-Erling Smørgrav2002-04-051-1/+1
| | | | Notes: svn path=/head/; revision=93875
* Upgrade to something quite close, but not identical, to version 1.6 ofDag-Erling Smørgrav2002-04-041-381/+426
| | | | | | | | | | Andrew Korty's pam_ssh. The most notable difference is that this uses commas rather than colons to separate items in the "keyfiles" option. Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=93804
* NAI DBA update.Dag-Erling Smørgrav2002-03-141-1/+1
| | | | Notes: svn path=/head/; revision=92297
* Switch to OpenPAM. Bump library version. Modules are now versioned, soDag-Erling Smørgrav2002-03-051-1/+2
| | | | | | | | | | | | applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own. Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=91714
* #include cleanup.Dag-Erling Smørgrav2002-02-051-0/+1
| | | | | | | Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=90229
* ssh_get_authentication_connection() gets its parameters from environmentDag-Erling Smørgrav2002-02-041-2/+24
| | | | | | | | | variables, so temporarily switch to the PAM environment before calling it. Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp> Notes: svn path=/head/; revision=90195
* WARNS=4 fixes. Protect with NO_WERROR for the modules that haveMark Murray2002-01-241-25/+29
| | | | | | | warnings that are hard to fix or that I've been asked to leave alone. Notes: svn path=/head/; revision=89760
* PAM modules shouldn't call putenv(); pam_putenv() is sufficient. TheDag-Erling Smørgrav2002-01-241-1/+0
| | | | | | | | | | caller is supposed to check the PAM envlist and export the variables it contains; if it doesn't, it's broken. Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=89753
* Make libssh.so useable (undefined reference to IPv4or6).Ruslan Ermilov2002-01-231-2/+0
| | | | | | | | Reviewed by: des, markm Approved by: markm Notes: svn path=/head/; revision=89703
* Back out previous commit.Dag-Erling Smørgrav2001-12-091-2/+1
| | | | | | | Requested by: ru Notes: svn path=/head/; revision=87564
* Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include.Dag-Erling Smørgrav2001-12-071-1/+2
| | | | | | | Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=87488
* Add dummy functions for all module types. These dummies return PAM_IGNOREDag-Erling Smørgrav2001-12-051-1/+37
| | | | | | | | | | rather than PAM_SUCCESS, so you'll get a failure if you list dummies but no real modules for a particular module chain. Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=87398
* Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my lastBrian Feldman2001-11-291-0/+8
| | | | | | | | OpenSSH import) declaration and strdup(3)ing a value which is later free(3)d, rather than letting the system try to free it invalidly. Notes: svn path=/head/; revision=87098
* Add __FBSDID()s to libpamMatthew Dillon2001-09-301-3/+2
| | | | Notes: svn path=/head/; revision=84218
* Fix:Mark Murray2001-08-111-7/+8
| | | | | | | | | | | | | | | | /usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause: 1) xdm dumps core 2) ssh1 private key is not passed to ssh-agent 3) ssh2 RSA key seems not handled properly (just a guess from source) 4) ssh_get_authentication_connectionen() fails to get connection because of SSH_AUTH_SOCK not defined. PR: 29609 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp> Notes: svn path=/head/; revision=81527
* Code clean up; make logging same as other modules and fix warnings.Mark Murray2001-08-101-3/+9
| | | | Notes: svn path=/head/; revision=81476
* Fix style/consistency in Makefile and repair static module building.Mark Murray2001-08-041-2/+1
| | | | | | | Submitted by: bde(partially) Notes: svn path=/head/; revision=81143
* Repair the get/set UID() stuff so this works in both su(1) and login(1)Mark Murray2001-08-021-3/+3
| | | | | | | modes. Notes: svn path=/head/; revision=81036
* (Re)Add an SSH module for PAM, heavily based on Andrew Korty's moduleMark Murray2001-07-291-328/+352
| | | | | | | from ports. Notes: svn path=/head/; revision=80542
* Forgot to remove the old line in the last commit.Brian Feldman2000-12-051-1/+0
| | | | Notes: svn path=/head/; revision=69590
* In env_destroy(), it is a bad idea to env_swap(self, 0) to switchBrian Feldman2000-11-251-0/+2
| | | | | | | | | | | | | back to the original environ unconditionally. The setting of the variable to save the previous environ is conditional; it happens when ENV.e_committed is set. Therefore, don't try to swap the env back unless the previous env has been initialized. PR: bin/22670 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp> Notes: svn path=/head/; revision=69130
* Correct an arguement to ssh_add_identity, this matches what is currentlyBill Fumerola2000-11-251-1/+1
| | | | | | | | | | | | in ports/security/openssh/files/pam_ssh.c PR: 22164 Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp> Reviewed by: green Approved by: green Notes: svn path=/head/; revision=69129
* Update to the version of pam_ssh corresponding to OpenSSH 2.1 (takenKris Kennaway2000-05-301-19/+23
| | | | | | | | | from the openssh port) Submitted by: Hajimu UMEMOTO <ume@mahoroba.org> Notes: svn path=/head/; revision=61087
generated by cgit v1.3 (git 2.53.0) at 2026-05-28 20:34:19 +0000