| History log of /src/lib/libpam/modules |
| Revision | Date | Author | Comments |
| 1.13 | 21-May-2017 |
riastradh | Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
|
| 1.12 | 08-Mar-2011 |
mlelstv | Don't try to clean/build or install a library here, there are only
subdirectories.
Also, bsd.lib.mk requires a defined LIB, otherwise it will generate
unwanted commands during clean. It even failed on netbsd-4 where
'rm -f' needs at least one parameter which is missing due to recent
corrections in make/vars.c.
|
| 1.11 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.10 | 20-Mar-2006 |
christos | Remove old kerberos library (Jukka Salmi)
|
| 1.9 | 21-Sep-2005 |
tsarna | pam_afslog is used in conjunction with pam_krb5 to obtain AFS tokens and
create a PAG if necessary.
Especially important for home directories on AFS.
|
| 1.8 | 27-Feb-2005 |
thorpej | branches: 1.8.2;
Add an S/Key PAM module.
|
| 1.7 | 20-Feb-2005 |
christos | Add pam_radius.
|
| 1.6 | 03-Jan-2005 |
lukem | Build & install pam_ssh.so.0 now that libssh is available for use.
|
| 1.5 | 30-Dec-2004 |
lukem | re-add inclusion of <bsd.lib.mk> for LIBDPLIBS optimization, with an
empty libinstall rule so Things Work.
|
| 1.4 | 29-Dec-2004 |
simonb | Remove the inclusion of <bsd.lib.mk>. There are no libraries in this
directory, only its subdirectories.
|
| 1.3 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.8.2.1 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.18 | 05-Apr-2024 |
christos | - Create 3 new variables:
MAKELINKLIB that follows MKLINKLIB but can be overwritten by Makefiles
MAKESTATICLIB that follows MKSTATICLIB but can be overwritten by Makefiles
LINKINSTALL that follows MAKELINKLIB but can be overwritten by Makefiles
These give enough control to the module Makefiles so that they don't need
to override the default library install rules which break the debug sets.
- Remove /usr/libexec/named which duplicated /usr/lib/named
|
| 1.17 | 23-May-2020 |
rin | Fix fallout from NO_STATIC_MODULES -> OPENPAM_STATIC_MODULES changes;
libpam.a fails to load any modules and does not work at all.
At the moment, openpam_load.c at least must be compiled with and without
OPENPAM_STATIC_MODULES for static and shared libraries, respectively.
Therefore, use CSHLIBFLAGS again, in order to build objects for static and
shared libraries separately.
This may be ugly, but seems better for me than adding further hacks in
libpam/libpam/Makefile, which is already complicated enough...
|
| 1.16 | 29-Apr-2020 |
riastradh | Reverse sense of NO_STATIC_MODULES -> OPENPAM_STATIC_MODULES.
This avoids leaking NO_STATIC_MODULES into the public header, which
has led to considerable confusion and workarounds in pkgrsc.
PR security/39313
PR security/55216
ok christos
|
| 1.15 | 27-Feb-2020 |
christos | one more level down
|
| 1.14 | 27-Feb-2020 |
mrg | probably fix previous: it wants mod.mk's PARSEDIR/.., not ../..,
so it picks up the libpam/Makefile.inc.
|
| 1.13 | 26-Feb-2020 |
christos | Handle pam modules that are not in this subtree.
|
| 1.12 | 28-Dec-2013 |
christos | branches: 1.12.26;
warns 6
|
| 1.11 | 28-Jan-2012 |
christos | branches: 1.11.6;
remove unneeded change
|
| 1.10 | 28-Jan-2012 |
christos | Use -X so that the link-set symbols are not stripped.
|
| 1.9 | 03-May-2010 |
christos | branches: 1.9.6;
Build the modules in two phases:
1. build the static modules first, before libpam so that the static
libpam can link against the module .a files.
2. build the modules after the dynamic libpam is build, so that the
dynamic modules can link against the dynamic libpam.
|
| 1.8 | 03-May-2010 |
christos | make the dependency to libpam, explicit. Fixes afpd in pkgsrc. From Mark Davies
XXX: Should be pulled up to 4.x and 5.x.
|
| 1.7 | 13-Dec-2009 |
mrg | rename LD32DIR to MLIBDIR.
|
| 1.6 | 27-Oct-2008 |
mrg | branches: 1.6.2; 1.6.8;
don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.5 | 25-Feb-2005 |
christos | Don't try to build PIC stuff if we cannot do PIC.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 29-Dec-2004 |
thorpej | Install modules into /usr/lib/security
|
| 1.1 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.6.8.1 | 14-Dec-2009 |
mrg | s/LD32DIR/MLIBDIR/ in most places, also look for CSU_MACHINE_ARCH.
|
| 1.6.2.4 | 07-Jan-2011 |
riz | Pull up following revision(s) (requested by christos in ticket #1414):
lib/libpam/Makefile: revision 1.3
share/mk/bsd.own.mk: revision 1.612
lib/libpam/modules/mod.mk: revision 1.8
lib/libpam/modules/mod.mk: revision 1.9
lib/libpam/staticmodules/Makefile: revision 1.1
make the dependency to libpam, explicit. Fixes afpd in pkgsrc. From Mark Davies
XXX: Should be pulled up to 4.x and 5.x.
Build the modules in two phases:
1. build the static modules first, before libpam so that the static
libpam can link against the module .a files.
2. build the modules after the dynamic libpam is build, so that the
dynamic modules can link against the dynamic libpam.
enable MAKEDIRTARGET to be called with a separate environment,
called $MAKEDIRTARGETENV, defaulting to nothing.
make the dependency to libpam, explicit. Fixes afpd in pkgsrc. From Mark Davies
XXX: Should be pulled up to 4.x and 5.x.
Build the modules in two phases:
1. build the static modules first, before libpam so that the static
libpam can link against the module .a files.
2. build the modules after the dynamic libpam is build, so that the
dynamic modules can link against the dynamic libpam.
|
| 1.6.2.3 | 06-Jan-2011 |
riz | Apply patch (requested by mrg in ticket #1499):
src/compat version 2. this allows building any number of alternate
library / program target ABIs. rather than duplicating the list of
subdirs and Makefiles to build, it re-traverses the necessary ones.
details:
- add support for MAKEDIRTARGETENV to share/mk
- renames LD32DIR to MLIBDIR
- fixes library builds for some subdirs (more was built than needed)
- fixes /bin & /sbin apps in compat mode
- reduces complexity in src/compat and the rest of the tree
- updates ldd netbsd32 support
|
| 1.6.2.2 | 25-Nov-2010 |
riz | Back out ticket #1414 until it can be fixed for amd64/sparc64.
|
| 1.6.2.1 | 21-Nov-2010 |
riz | Pull up following revision(s) (requested by christos in ticket #1414):
lib/libpam/Makefile: revision 1.3
share/mk/bsd.own.mk: revision 1.612
lib/libpam/modules/mod.mk: revision 1.8
lib/libpam/modules/mod.mk: revision 1.9
lib/libpam/staticmodules/Makefile: revision 1.1
make the dependency to libpam, explicit. Fixes afpd in pkgsrc. From Mark Davies
XXX: Should be pulled up to 4.x and 5.x.
Build the modules in two phases:
1. build the static modules first, before libpam so that the static
libpam can link against the module .a files.
2. build the modules after the dynamic libpam is build, so that the
dynamic modules can link against the dynamic libpam.
enable MAKEDIRTARGET to be called with a separate environment,
called $MAKEDIRTARGETENV, defaulting to nothing.
|
| 1.9.6.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.11.6.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.12.26.1 | 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.8 | 13-Jul-2025 |
christos | Get ready to handle the openssl move from bsd -> apache2
|
| 1.7 | 04-Feb-2018 |
christos | branches: 1.7.16;
switch everyone to openssl.old
|
| 1.6 | 15-Apr-2011 |
elric | Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.
|
| 1.5 | 20-Jul-2009 |
christos | use the proper libcrypto
|
| 1.4 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.3 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.2 | 20-Mar-2006 |
christos | branches: 1.2.6;
Goodbye KerberosIV
|
| 1.1 | 21-Sep-2005 |
tsarna | pam_afslog is used in conjunction with pam_krb5 to obtain AFS tokens and
create a PAG if necessary.
Especially important for home directories on AFS.
|
| 1.2.6.2 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.2.6.1 | 20-Mar-2006 |
tron | file Makefile was added on branch netbsd-3 on 2007-01-05 14:14:53 +0000
|
| 1.7.16.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.2 | 23-Sep-2005 |
wiz | branches: 1.2.6;
Remove trailing whitespace. Punctuation nits. Use .Nm more.
Use .An. Sort SEE ALSO.
|
| 1.1 | 21-Sep-2005 |
tsarna | pam_afslog is used in conjunction with pam_krb5 to obtain AFS tokens and
create a PAG if necessary.
Especially important for home directories on AFS.
|
| 1.2.6.2 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.2.6.1 | 23-Sep-2005 |
tron | file pam_afslog.8 was added on branch netbsd-3 on 2007-01-05 14:14:53 +0000
|
| 1.2 | 20-Jan-2006 |
christos | branches: 1.2.6;
Declare what we services provide, otherwise pam assumes that we provide
everything and this breaks static linking.
|
| 1.1 | 21-Sep-2005 |
tsarna | pam_afslog is used in conjunction with pam_krb5 to obtain AFS tokens and
create a PAG if necessary.
Especially important for home directories on AFS.
|
| 1.2.6.2 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.2.6.1 | 20-Jan-2006 |
tron | file pam_afslog.c was added on branch netbsd-3 on 2007-01-05 14:14:53 +0000
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5 | 03-Jan-2012 |
christos | avoid using %m in format.
|
| 1.4 | 19-Apr-2005 |
christos | branches: 1.4.42;
check for pwd != in getpw*_r functions.
|
| 1.3 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.4 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.2.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.3 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.4.42.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5 | 20-Aug-2013 |
wiz | Whitespace and markup improvements.
Bump date for previous.
|
| 1.4 | 20-Aug-2013 |
perseant | Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their
LDAP password with "passwd".
|
| 1.3 | 26-Feb-2005 |
thorpej | branches: 1.3.48; 1.3.54;
Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3.54.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.3.48.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.4 | 19-Oct-2013 |
mrg | remove useless variable
|
| 1.3 | 20-Aug-2013 |
perseant | Add Edgar Fuss's patch to pam_deny, to allow users to be able to change their
LDAP password with "passwd".
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.48; 1.2.54;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.54.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.2.48.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 13-May-2010 |
joerg | Mask %U
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.4 | 26-Feb-2005 |
wiz | Sort SEE ALSO.
|
| 1.3 | 26-Feb-2005 |
thorpej | Merge PAM20050226.
XXX Hack here until we import OpenPAM Feterita.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 26-Feb-2005 |
thorpej | Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.8 | 30-Oct-2021 |
nia | pam_exec: Convert realloc(x * y) to reallocarr.
Eliminate a now-redundant temporary variable.
|
| 1.7 | 29-Dec-2013 |
christos | Fix incorrect types
|
| 1.6 | 03-Jan-2012 |
christos | branches: 1.6.6;
avoid using %m in format.
|
| 1.5 | 03-Feb-2011 |
christos | branches: 1.5.4;
PR/44505: Mark Davies: pam_exec fails to realloc enough space, while
there add a volatile variable (From FreeBSD)
|
| 1.4 | 26-Feb-2005 |
christos | branches: 1.4.44;
Remove local copy of openpam_free_envlist.
|
| 1.3 | 26-Feb-2005 |
thorpej | Merge PAM20050226.
XXX Hack here until we import OpenPAM Feterita.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 26-Feb-2005 |
thorpej | Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.4.44.1 | 08-Feb-2011 |
bouyer | Sync with HEAD
|
| 1.5.4.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.5.4.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.6.6.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.6 | 28-Feb-2005 |
wiz | Improve wording of the BUGS section to make it easier to understand.
Ok'd by christos.
|
| 1.5 | 28-Feb-2005 |
wiz | Bump date for previous. Remove trailing whitespace. Sort SEE ALSO.
Remove superfluous .Pp.
|
| 1.4 | 28-Feb-2005 |
christos | Document that this is broken and not used.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.6 | 03-Jan-2012 |
christos | avoid using %m in format.
|
| 1.5 | 19-Apr-2005 |
christos | branches: 1.5.42;
Fix getgrnam -> getgrnam_r
|
| 1.4 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.3 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.3 | 11-Jul-2005 |
tron | Pull up revision 1.5 (requested by lukem in ticket #539):
Fix getgrnam -> getgrnam_r
|
| 1.2.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.4 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.2.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.3 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.5.42.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.5 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.4 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.3 | 20-Mar-2008 |
lukem | pam_group needs libutil & libcrypt
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.16; 1.2.22;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.22.1 | 24-Mar-2008 |
keiichi | sync with head.
|
| 1.2.16.1 | 23-Mar-2008 |
matt | sync with HEAD
|
| 1.4 | 02-Feb-2005 |
wiz | We have 2005.
|
| 1.3 | 01-Feb-2005 |
christos | Add a new option "authenticate" that requires the user to enter his own
password to login.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.12 | 08-Mar-2009 |
christos | consistency in password prompt setting code (and with ssh)
|
| 1.11 | 11-Feb-2009 |
christos | custom password prompt that displays the user.
|
| 1.10 | 03-Nov-2006 |
christos | branches: 1.10.26;
don't include syslog.h if you are not going to use it.
|
| 1.9 | 19-Apr-2005 |
christos | fix getgrnam -> getgrnam_r and add a forgotten getpwnam -> gepwnam_r
From john nemeth
|
| 1.8 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.7 | 05-Apr-2005 |
christos | Don't print an error if we are doing authentication.
|
| 1.6 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.5 | 05-Mar-2005 |
christos | branches: 1.5.2;
Free the prompt response.
|
| 1.4 | 05-Mar-2005 |
christos | If authentication failed because the user was not in wheel, say so like
the old su did. From John Nemeth
|
| 1.3 | 01-Feb-2005 |
christos | Add a new option "authenticate" that requires the user to enter his own
password to login.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5.2.4 | 11-Jul-2005 |
tron | Pull up revision 1.9 (requested by lukem in ticket #539):
fix getgrnam -> getgrnam_r and add a forgotten getpwnam -> gepwnam_r
From john nemeth
|
| 1.5.2.3 | 11-Jul-2005 |
tron | Pull up revision 1.8 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.5.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.7 (requested by lukem in ticket #539):
Don't print an error if we are doing authentication.
|
| 1.5.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.6 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.10.26.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 20-Feb-2005 |
wiz | Sort SEE ALSO.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.13 | 13-Jul-2025 |
christos | Get ready to handle the openssl move from bsd -> apache2
|
| 1.12 | 04-Feb-2018 |
christos | branches: 1.12.16;
switch everyone to openssl.old
|
| 1.11 | 26-May-2011 |
joerg | Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
|
| 1.10 | 15-Apr-2011 |
elric | Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.
|
| 1.9 | 20-Jul-2009 |
christos | use the proper libcrypto
|
| 1.8 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.7 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.6 | 25-Apr-2005 |
matt | Remove CPPFLAGS
|
| 1.5 | 25-Apr-2005 |
matt | Add ${DESTDIR}/usr/include/krb5 to CPPFLAGS so <parse_units.h> can be found.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.12.16.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.13 | 20-Jun-2023 |
riastradh | pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.12 | 03-Jul-2017 |
wiz | branches: 1.12.8; 1.12.16;
Remove workaround for ancient HTML generation code.
|
| 1.11 | 02-Dec-2008 |
reed | branches: 1.11.40;
Add missing copyright and license.
This license is identical to that on the pam_krb5.c file minus the
other copyrights and the unrelated contract attribution.
From email communication with the author, Frank Cusack.
|
| 1.10 | 01-Dec-2007 |
wiz | eg -> e.g.
|
| 1.9 | 10-Mar-2007 |
christos | branches: 1.9.4;
bump date
|
| 1.8 | 10-Mar-2007 |
christos | tyop
|
| 1.7 | 10-Mar-2007 |
christos | PR/35968: Jukka Salmi: add option to pam_krb5(8) to request renewable tickets
|
| 1.6 | 28-Feb-2005 |
wiz | Bump date for new SECURITY CONSIDERATIONS section.
|
| 1.5 | 27-Feb-2005 |
thorpej | Add a SECURITY CONSIDERATIONS section.
|
| 1.4 | 26-Feb-2005 |
thorpej | Wording consistency nits.
|
| 1.3 | 20-Feb-2005 |
wiz | <> -> \*[Lt]\*[Gt].
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.9.4.1 | 09-Jan-2008 |
matt | sync with HEAD
|
| 1.11.40.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1844):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.12.16.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #206):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.12.8.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1652):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.32 | 28-Sep-2023 |
riastradh | pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
XXX pullup-10
XXX pullup-9
XXX pullup-8
|
| 1.31 | 20-Jun-2023 |
riastradh | pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.30 | 16-Jan-2022 |
rillig | branches: 1.30.2;
libpam: remove stray semicolon
No binary change.
|
| 1.29 | 12-Jun-2020 |
fox | lib/libpam: Fix the possible -Werror=stringop-truncation
Replace strncpy(3) with the safer strlcpy(3) and adjust the code.
Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.
Reviewed by: kamil@, christos@
|
| 1.28 | 07-Feb-2020 |
christos | there is no potential overflow anymore (thanks Kamil)
|
| 1.27 | 07-Feb-2020 |
christos | stop using sprintf and check for buffer overflow.
|
| 1.26 | 28-Dec-2013 |
christos | branches: 1.26.18; 1.26.26; 1.26.28;
avoid using freed pointers and non-format strings
|
| 1.25 | 25-Apr-2011 |
christos | branches: 1.25.4; 1.25.10;
- make log_krb5 varyadic
- centralize error handling to one function
- check for NULL context
|
| 1.24 | 24-Apr-2011 |
elric | Remove use of functions marked as deprecated in Heimdal.
|
| 1.23 | 02-Apr-2011 |
mbalmer | Fix misplaced parenthesis, from henning.petersen@t-online.de, thanks.
|
| 1.22 | 08-Mar-2009 |
christos | consistency in password prompt setting code (and with ssh)
|
| 1.21 | 27-Jan-2008 |
christos | branches: 1.21.12;
Fix compilation
|
| 1.20 | 10-Mar-2007 |
christos | branches: 1.20.4;
off by one, reported by jukka salmi.
|
| 1.19 | 10-Mar-2007 |
christos | PR/35968: Jukka Salmi: add option to pam_krb5(8) to request renewable tickets
|
| 1.18 | 03-Nov-2006 |
christos | init the syslog data.
|
| 1.17 | 03-Nov-2006 |
christos | use the re-entrant syslog functions so that we don't depend on the syslog
settings of the calling program.
|
| 1.16 | 25-May-2006 |
christos | Coverity CID 3783: Fix uninit variable.
|
| 1.15 | 23-May-2006 |
christos | Coverity CID 3677: Plug memory leak
|
| 1.14 | 19-Mar-2006 |
christos | Coverity CID 1909: Prevent memory leak.
|
| 1.13 | 19-Mar-2006 |
christos | Coverity CID 2480: Move variable initialization higher up to prevent
uninitialized access during error cleanup.
|
| 1.12 | 19-Mar-2006 |
christos | Coverity CID 2481: Move initialization of variable higher up to prevent
uninitialized access in error path.
|
| 1.11 | 19-Mar-2006 |
christos | Coverity CID 2595: Don't call cc_destroy after cc_close because cc_close
free's the second argument.
|
| 1.10 | 27-Sep-2005 |
tsarna | Implement PAM_REFRESH_CRED / PAM_REINITIALIZE_CRED
support in pam_sm_setcred()
With this and a suitably pam-aware screen locker (eg xscreensaver built
with PAM), you now get the nice Windows-style behavior of having
your tickets refreshed (and tokens, with pam_afslog) when you unlock
your screen.
|
| 1.9 | 19-Apr-2005 |
lukem | getpw*_r() may return 0 and set pwd==NULL
|
| 1.8 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.7 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.6 | 26-Feb-2005 |
thorpej | branches: 1.6.2;
Place some limits on the creds acquired for password change. Other
minor cleanup inspired by passwd(1).
|
| 1.5 | 26-Feb-2005 |
thorpej | Use the more familar princ@realm style of password prompt.
|
| 1.4 | 26-Feb-2005 |
thorpej | Check for PAM_PRELIM_CHECK and simply do nothing. (Did this even work
in FreeBSD?)
|
| 1.3 | 26-Feb-2005 |
thorpej | Merge PAM20050226.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 26-Feb-2005 |
thorpej | Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.6.2.4 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.6.2.3 | 11-Jul-2005 |
tron | Pull up revision 1.9 (requested by lukem in ticket #539):
getpw*_r() may return 0 and set pwd==NULL
|
| 1.6.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.8 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.6.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.7 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.20.4.1 | 23-Mar-2008 |
matt | sync with HEAD
|
| 1.21.12.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.25.10.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.25.4.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.26.28.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1734):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.32
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
|
| 1.26.28.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1652):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.26.26.1 | 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.26.18.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1898):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.32
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
|
| 1.26.18.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1844):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.30.2.2 | 02-Oct-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #380):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.32
pam_krb5: Fix PR lib/57631.
Loose ends in the fix for NetBSD-SA2023-006 that weren't caught by
review or, somehow, by my own testing. Evidently we need automatic
tests for this pam business.
|
| 1.30.2.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #206):
lib/libpam/modules/pam_krb5/pam_krb5.c: revision 1.31
lib/libpam/modules/pam_krb5/pam_krb5.8: revision 1.13
pam_krb5: Refuse to operate without a key to verify tickets.
New allow_kdc_spoof overrides this to restore previous behaviour
which was vulnerable to KDC spoofing, because without a host or
service key, pam_krb5 can't distinguish the legitimate KDC from a
spoofed one.
This way, having pam_krb5 enabled isn't dangerous even if you create
an empty /etc/krb5.conf to use client SSO without any host services.
Perhaps this should use krb5_verify_init_creds(3) instead, and
thereby respect the rather obscurely named krb5.conf option
verify_ap_req_nofail like the Linux pam_krb5 does, but:
- verify_ap_req_nofail is default-off (i.e., vulnerable by default),
- changing verify_ap_req_nofail to default-on would probably affect
more things and therefore be riskier,
- allow_kdc_spoof is a much clearer way to spell the idea,
- this patch is a smaller semantic change and thus less risky, and
- a security change with compatibility issues shouldn't have a
workaround that might introduce potentially worse security issues
or more compatibility issues.
Perhaps this should use krb5_verify_user(3) with secure=1 instead,
for simplicity, but it's not clear how to do that without first
prompting for the password -- which we shouldn't do at all if we
later decide we won't be able to use it anyway -- and without
repeating a bunch of the logic here anyway to pick the service name.
References about verify_ap_req_nofail:
- mit-krb5 discussion about verify_ap_req_nofail:
https://mailman.mit.edu/pipermail/krbdev/2011-January/009778.html
- Oracle has the default-secure setting in their krb5 system:
https://docs.oracle.com/cd/E26505_01/html/E27224/setup-148.html
https://docs.oracle.com/cd/E26505_01/html/816-5174/krb5.conf-4.html#REFMAN4krb5.conf-4
https://docs.oracle.com/cd/E19253-01/816-4557/gihyu/
- Heimdal issue on verify_ap_req_nofail default:
https://github.com/heimdal/heimdal/issues/1129
|
| 1.13 | 13-Jul-2025 |
christos | Get ready to handle the openssl move from bsd -> apache2
|
| 1.12 | 04-Feb-2018 |
christos | branches: 1.12.16;
switch everyone to openssl.old
|
| 1.11 | 26-May-2011 |
joerg | Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
|
| 1.10 | 15-Apr-2011 |
elric | Upgrade Heimdal to 1.5pre1 by switching the build from crypto/dist/heimdal
to crypto/external/bsd/heimdal. The latter was just imported as the head
of the Heimdal tree as of a few days ago.
|
| 1.9 | 20-Jul-2009 |
christos | use the proper libcrypto
|
| 1.8 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.7 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.6 | 25-Apr-2005 |
matt | Remove CPPFLAGS
|
| 1.5 | 25-Apr-2005 |
matt | Add ${DESTDIR}/usr/include/krb5 to CPPFLAGS so <parse_units.h> can be found.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.12.16.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.4 | 26-Feb-2005 |
thorpej | Oops, one more nit.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.11 | 07-Sep-2023 |
riastradh | pam_ksu(8): Allow homedir access during kuserok.
Otherwise, the default kuserok logic to look at ~targetuser/.k5login
would be blocked by the security measure to thwart NetBSD-SA2023-005.
(There are other ways, e.g. setting SYSTEM-K5LOGIN in /etc/krb5.conf
so the file is /etc/k5login.d/user instead of ~user/.k5login, but
that's not the default configuration and there are plenty of
deployments that rely on ~user/.k5login today.)
I reviewed libkrb5 for homedir access checks. There are three:
1. krb5_config_parse_file_multi, called only by:
- verify_krb5_conf -- not relevant
- krb5_config_parse_file -- not used here as far as I can tell,
only by libhdb ldap logic and test code in heimdal
- krb5_set_config_files -- used here only via krb5_init_context,
which is done at this point
2. plugin_get_hosts in krbhst.c, used to look up hosts for KDC I/O,
which shouldn't be happening at this point, so this is almost
certainly unreachable; also it only appears to control whether
some old plugin API can be used, long after we have read the krb5
config controlling which plugins are available, so this is
probably harmless
3. krb5_kuserok, which is the one we want to allow
Note: This will have to be updated again in the next Heimdal update,
which eliminates the global homedir access flag in favour of making
the default per-context homedir access flag conditional on !issuid.
XXX pullup-10
XXX pullup-9
XXX pullup-8
|
| 1.10 | 20-Jun-2023 |
riastradh | pam_ksu: No need for homedir access.
|
| 1.9 | 27-Feb-2014 |
joerg | branches: 1.9.18; 1.9.28; 1.9.36;
Remove tautological check.
|
| 1.8 | 29-Dec-2013 |
christos | Fix incorrect types
|
| 1.7 | 28-Dec-2013 |
christos | avoid using freed pointers and non-format strings
|
| 1.6 | 25-Apr-2011 |
christos | branches: 1.6.4; 1.6.10;
fix pasto (of no consequence)
|
| 1.5 | 25-Apr-2011 |
christos | - make log_krb5 varyadic and merge the last error message.
- check for NULL context.
- print a more meaningful error when things go south
|
| 1.4 | 24-Apr-2011 |
elric | Stop using functions that are marked as deprecated in Heimdal.
|
| 1.3 | 08-Mar-2009 |
christos | consistency in password prompt setting code (and with ssh)
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.34;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.34.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.6.10.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.6.4.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.9.36.2 | 08-Sep-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #357):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.11
pam_ksu(8): Allow homedir access during kuserok.
Otherwise, the default kuserok logic to look at ~targetuser/.k5login
would be blocked by the security measure to thwart NetBSD-SA2023-005.
(There are other ways, e.g. setting SYSTEM-K5LOGIN in /etc/krb5.conf
so the file is /etc/k5login.d/user instead of ~user/.k5login, but
that's not the default configuration and there are plenty of
deployments that rely on ~user/.k5login today.)
I reviewed libkrb5 for homedir access checks. There are three:
1. krb5_config_parse_file_multi, called only by:
- verify_krb5_conf -- not relevant
- krb5_config_parse_file -- not used here as far as I can tell,
only by libhdb ldap logic and test code in heimdal
- krb5_set_config_files -- used here only via krb5_init_context,
which is done at this point
2. plugin_get_hosts in krbhst.c, used to look up hosts for KDC I/O,
which shouldn't be happening at this point, so this is almost
certainly unreachable; also it only appears to control whether
some old plugin API can be used, long after we have read the krb5
config controlling which plugins are available, so this is
probably harmless
3. krb5_kuserok, which is the one we want to allow
Note: This will have to be updated again in the next Heimdal update,
which eliminates the global homedir access flag in favour of making
the default per-context homedir access flag conditional on !issuid.
|
| 1.9.36.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #207):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.10
pam_ksu: No need for homedir access.
|
| 1.9.28.2 | 08-Sep-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1728):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.11
pam_ksu(8): Allow homedir access during kuserok.
Otherwise, the default kuserok logic to look at ~targetuser/.k5login
would be blocked by the security measure to thwart NetBSD-SA2023-005.
(There are other ways, e.g. setting SYSTEM-K5LOGIN in /etc/krb5.conf
so the file is /etc/k5login.d/user instead of ~user/.k5login, but
that's not the default configuration and there are plenty of
deployments that rely on ~user/.k5login today.)
I reviewed libkrb5 for homedir access checks. There are three:
1. krb5_config_parse_file_multi, called only by:
- verify_krb5_conf -- not relevant
- krb5_config_parse_file -- not used here as far as I can tell,
only by libhdb ldap logic and test code in heimdal
- krb5_set_config_files -- used here only via krb5_init_context,
which is done at this point
2. plugin_get_hosts in krbhst.c, used to look up hosts for KDC I/O,
which shouldn't be happening at this point, so this is almost
certainly unreachable; also it only appears to control whether
some old plugin API can be used, long after we have read the krb5
config controlling which plugins are available, so this is
probably harmless
3. krb5_kuserok, which is the one we want to allow
Note: This will have to be updated again in the next Heimdal update,
which eliminates the global homedir access flag in favour of making
the default per-context homedir access flag conditional on !issuid.
|
| 1.9.28.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1653):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.10
pam_ksu: No need for homedir access.
|
| 1.9.18.2 | 08-Sep-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1896):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.11
pam_ksu(8): Allow homedir access during kuserok.
Otherwise, the default kuserok logic to look at ~targetuser/.k5login
would be blocked by the security measure to thwart NetBSD-SA2023-005.
(There are other ways, e.g. setting SYSTEM-K5LOGIN in /etc/krb5.conf
so the file is /etc/k5login.d/user instead of ~user/.k5login, but
that's not the default configuration and there are plenty of
deployments that rely on ~user/.k5login today.)
I reviewed libkrb5 for homedir access checks. There are three:
1. krb5_config_parse_file_multi, called only by:
- verify_krb5_conf -- not relevant
- krb5_config_parse_file -- not used here as far as I can tell,
only by libhdb ldap logic and test code in heimdal
- krb5_set_config_files -- used here only via krb5_init_context,
which is done at this point
2. plugin_get_hosts in krbhst.c, used to look up hosts for KDC I/O,
which shouldn't be happening at this point, so this is almost
certainly unreachable; also it only appears to control whether
some old plugin API can be used, long after we have read the krb5
config controlling which plugins are available, so this is
probably harmless
3. krb5_kuserok, which is the one we want to allow
Note: This will have to be updated again in the next Heimdal update,
which eliminates the global homedir access flag in favour of making
the default per-context homedir access flag conditional on !issuid.
|
| 1.9.18.1 | 21-Jun-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1845):
lib/libpam/modules/pam_ksu/pam_ksu.c: revision 1.10
pam_ksu: No need for homedir access.
|
| 1.12 | 03-Jun-2023 |
lukem | bsd.own.mk: rename GCC_NO_* to CC_WNO_*
Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.
GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH
Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
|
| 1.11 | 13-Oct-2019 |
mrg | introduce some common variables for use in GCC warning disables:
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
|
| 1.10 | 10-Oct-2019 |
kre | Only exclude gcc-8 warnings if the gcc we're using is gcc>=8
|
| 1.9 | 09-Oct-2019 |
christos | don't warn for strncpy wtmp fields, they are not NUL terminated.
|
| 1.8 | 27-Oct-2008 |
mrg | branches: 1.8.60;
use LIBDPLIBS+= not =.
|
| 1.7 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.6 | 03-Mar-2005 |
christos | - Fix the quiet option; use login_cap to determine if we should print or not.
- Add nested user handling, including a no_nested option to control it.
|
| 1.5 | 01-Feb-2005 |
christos | Re-write to use both utmp and utmpx properly.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.8.60.1 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.7 | 03-Mar-2005 |
christos | Document the no_nested option.
|
| 1.6 | 26-Feb-2005 |
thorpej | Merge PAM20050226.
|
| 1.5 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.4 | 02-Feb-2005 |
wiz | Sort SEE ALSO, fix an xref, and s/FreeBSD/.Fx/.
|
| 1.3 | 01-Feb-2005 |
christos | Re-write to use both utmp and utmpx properly.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 26-Feb-2005 |
thorpej | Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.15 | 07-Jan-2014 |
joerg | Annotate logit to provide transitive format string checks.
|
| 1.14 | 03-Jan-2012 |
christos | branches: 1.14.6;
avoid using %m in format.
|
| 1.13 | 26-Jan-2009 |
lukem | branches: 1.13.8;
sign-compare fixes
|
| 1.12 | 03-Nov-2006 |
christos | init the syslog data.
|
| 1.11 | 03-Nov-2006 |
christos | use the re-entrant syslog functions so that we don't depend on the syslog
settings of the calling program.
|
| 1.10 | 18-Mar-2006 |
jnemeth | Fix Coverity run 5, issue 2022 -- memory leak.
Approved by christos@.
|
| 1.9 | 19-Feb-2006 |
christos | PR/32870: Johan Veenhuizen: login(1) does not obey .hushlogin
|
| 1.8 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.7 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.6 | 05-Mar-2005 |
christos | branches: 1.6.2;
PR/29566: Izumi Tsutsui: login(1) shows wrong last-login-from host
Caused by improper initialization of struct lastlogx. Code has been
completely restructured, and we also now use pam_prompt() instead of
printf().
cvs: ----------------------------------------------------------------------
|
| 1.5 | 03-Mar-2005 |
christos | - Fix the quiet option; use login_cap to determine if we should print or not.
- Add nested user handling, including a no_nested option to control it.
|
| 1.4 | 04-Feb-2005 |
he | Introduce a few more temporary variables, in order to avoid an ugly
double cast in the pam_get_item() invocations. The double cast
triggered a "discards qualifier" warning/error from gcc 2.95.3, while
trying to fix that by adding "cost" to the "void *" cast produced
a similar warning from gcc 3.3. This now compiles without warning
with both compilers.
Approved by christos
|
| 1.3 | 01-Feb-2005 |
christos | Re-write to use both utmp and utmpx properly.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.6.2.3 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.6.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.8 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.6.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.7 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.13.8.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.13.8.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.14.6.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.3 | 08-Jan-2005 |
manu | Missing man page: login.access(5)
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 23-Jun-2013 |
dholland | add missing word
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | branches: 1.1.1.1.48; 1.1.1.1.54;
- Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.1.1.1.54.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.1.1.1.48.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.8 | 07-Jan-2014 |
joerg | Annotate logit to provide transitive format string checks.
|
| 1.7 | 29-Dec-2013 |
christos | Fix incorrect types
|
| 1.6 | 03-Jan-2012 |
christos | branches: 1.6.6;
avoid using %m in format.
|
| 1.5 | 03-Nov-2006 |
christos | branches: 1.5.40;
init the syslog data.
|
| 1.4 | 03-Nov-2006 |
christos | don't include syslog.h if you are not going to use it.
|
| 1.3 | 19-Apr-2005 |
christos | Fix getgrnam -> getgrnam_r
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.1 | 11-Jul-2005 |
tron | Pull up revision 1.3 (requested by lukem in ticket #539):
Fix getgrnam -> getgrnam_r
|
| 1.5.40.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.5.40.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.6.6.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.4 | 19-Aug-2011 |
cheusov | Minor grammar fix
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.4 | 28-Dec-2011 |
christos | - reverse the order of printf formatting to make it easier for compilers to
check printf arguments
- add compiler checking for printf formats and fix broken ones.
From joerg@
|
| 1.3 | 03-Nov-2006 |
christos | branches: 1.3.40;
don't include syslog.h if you are not going to use it.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3.40.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.6 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.5 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5 | 25-Apr-2005 |
yamt | s!/var/run/nologin!/etc/nologin!g to match with the code.
|
| 1.4 | 26-Feb-2005 |
thorpej | branches: 1.4.2;
Minor wording consistency nit.
|
| 1.3 | 20-Feb-2005 |
wiz | Fix Xref.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.4.2.1 | 01-May-2005 |
tron | Pull up revision 1.5 (requested by yamt in ticket #235):
s!/var/run/nologin!/etc/nologin!g to match with the code.
|
| 1.10 | 29-Dec-2013 |
christos | Fix incorrect types
|
| 1.9 | 20-Jun-2013 |
christos | use login_getpwclass() everywhere for consistency.
|
| 1.8 | 17-Jan-2010 |
wiz | branches: 1.8.6; 1.8.12;
Close file handle after using it. Found by cppcheck.
|
| 1.7 | 27-Jan-2008 |
christos | Fix compilation
|
| 1.6 | 15-Feb-2006 |
bouyer | branches: 1.6.10;
Use the class of the user, not then default class, when checking for
nologin and ignorelogin login.conf(5) capabilities.
|
| 1.5 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.4 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.3 | 23-Jan-2005 |
manu | branches: 1.3.2;
Set correct default for the nologin file: /etc/nologin
Handle the ignorenologin capability
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3.2.3 | 20-Feb-2006 |
tron | Pull up following revision(s) (requested by bouyer in ticket #1176):
lib/libpam/modules/pam_nologin/pam_nologin.c: revision 1.6
Use the class of the user, not then default class, when checking for
nologin and ignorelogin login.conf(5) capabilities.
|
| 1.3.2.2 | 11-Jul-2005 |
tron | branches: 1.3.2.2.2;
Pull up revision 1.5 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.3.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.4 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.3.2.2.2.1 | 20-Feb-2006 |
tron | Pull up following revision(s) (requested by bouyer in ticket #1176):
lib/libpam/modules/pam_nologin/pam_nologin.c: revision 1.6
Use the class of the user, not then default class, when checking for
nologin and ignorelogin login.conf(5) capabilities.
|
| 1.6.10.1 | 23-Mar-2008 |
matt | sync with HEAD
|
| 1.8.12.2 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.8.12.1 | 23-Jun-2013 |
tls | resync from head
|
| 1.8.6.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 26-Feb-2005 |
thorpej | Fix a markup bug and a minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.7 | 28-Dec-2013 |
christos | warns 6
|
| 1.6 | 27-Oct-2008 |
mrg | branches: 1.6.18; 1.6.24;
use LIBDPLIBS+= not =.
|
| 1.5 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.6.24.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.6.18.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.7 | 18-Mar-2014 |
riastradh | Merge riastradh-drm2 to HEAD.
|
| 1.6 | 20-Jul-2013 |
wiz | Use Mt for email addresses.
|
| 1.5 | 26-Feb-2005 |
wiz | branches: 1.5.48; 1.5.54; 1.5.60;
Add article.
|
| 1.4 | 26-Feb-2005 |
thorpej | Merge PAM20050226.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 26-Feb-2005 |
thorpej | Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5.60.1 | 23-Jul-2013 |
riastradh | sync with HEAD
|
| 1.5.54.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.5.48.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.8 | 07-Jan-2014 |
joerg | Annotate logit to provide transitive format string checks.
|
| 1.7 | 03-Nov-2006 |
christos | branches: 1.7.40; 1.7.46;
init the syslog data.
|
| 1.6 | 03-Nov-2006 |
christos | use the re-entrant syslog functions so that we don't depend on the syslog
settings of the calling program.
|
| 1.5 | 25-Apr-2005 |
matt | Don't cast the lvalue; cast the rhs instead.
|
| 1.4 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.3 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.3 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.2.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.4 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.2.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.3 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.7.46.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.7.40.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.4 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.3 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.4 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.2.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.3 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 03-Nov-2006 |
christos | don't include syslog.h if you are not going to use it.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.7 | 03-Nov-2006 |
christos | init the syslog data.
|
| 1.6 | 03-Nov-2006 |
christos | use the re-entrant syslog functions so that we don't depend on the syslog
settings of the calling program.
|
| 1.5 | 06-Mar-2006 |
jnemeth | PR/30923: Zafer Aydogan: pam too verbose
Syslog root login failures on insecure terminals.
Approved by christos@.
|
| 1.4 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.3 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.3 | 09-Mar-2006 |
tron | Pull up following revision(s) (requested by jnemeth in ticket #1199):
lib/libpam/modules/pam_securetty/pam_securetty.c: revision 1.5
PR/30923: Zafer Aydogan: pam too verbose
Syslog root login failures on insecure terminals.
Approved by christos@.
|
| 1.2.2.2 | 11-Jul-2005 |
tron | branches: 1.2.2.2.2;
Pull up revision 1.4 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.2.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.3 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.2.2.2.2.1 | 09-Mar-2006 |
tron | Pull up following revision(s) (requested by jnemeth in ticket #1199):
lib/libpam/modules/pam_securetty/pam_securetty.c: revision 1.5
PR/30923: Zafer Aydogan: pam too verbose
Syslog root login failures on insecure terminals.
Approved by christos@.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5 | 03-Nov-2006 |
christos | don't include syslog.h if you are not going to use it.
|
| 1.4 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.3 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.2 | 12-Dec-2004 |
christos | branches: 1.2.2;
- NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.2.2.2 | 11-Jul-2005 |
tron | Pull up revision 1.4 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.2.2.1 | 04-Apr-2005 |
tron | Pull up revision 1.3 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.3 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.2 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.1 | 27-Feb-2005 |
thorpej | Add an S/Key PAM module.
|
| 1.2 | 30-Apr-2008 |
martin | Convert TNF licenses to new 2 clause variant
|
| 1.1 | 27-Feb-2005 |
thorpej | branches: 1.1.24;
Add an S/Key PAM module.
|
| 1.1.24.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.3 | 28-Apr-2008 |
martin | Remove clause 3 and 4 from TNF licenses
|
| 1.2 | 20-Mar-2005 |
christos | branches: 1.2.18;
Make S/Key prompt compliant with RFC 2289. Patch supplied by Dave Huang
in PR bin/23167.
|
| 1.1 | 27-Feb-2005 |
thorpej | branches: 1.1.2;
Add an S/Key PAM module.
|
| 1.1.2.1 | 21-Mar-2005 |
tron | Pull up revision 1.2 (requested by christos in ticket #43):
Make S/Key prompt compliant with RFC 2289. Patch supplied by Dave Huang
in PR bin/23167.
|
| 1.2.18.1 | 18-May-2008 |
yamt | sync with head.
|
| 1.14 | 13-Jul-2025 |
christos | Get ready to handle the openssl move from bsd -> apache2
|
| 1.13 | 01-Mar-2020 |
christos | branches: 1.13.10;
Redo the sshsk_sign() stuff properly, but putting the helper in libssh.so
|
| 1.12 | 01-Mar-2020 |
christos | Add the sign client part.
|
| 1.11 | 04-Feb-2018 |
christos | branches: 1.11.4; 1.11.6;
switch everyone to openssl.old
|
| 1.10 | 20-Jul-2009 |
christos | branches: 1.10.8; 1.10.14; 1.10.20;
use new openssh tree
|
| 1.9 | 20-Jul-2009 |
christos | use the proper libcrypto
|
| 1.8 | 09-Jun-2009 |
mrg | build libnetpgp and libssh earlier.
look for libssh in the right place.
|
| 1.7 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.6 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.5 | 03-Jan-2005 |
lukem | Build & install pam_ssh.so.0 now that libssh is available for use.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.10.20.1 | 15-Aug-2017 |
snj | Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
|
| 1.10.14.1 | 15-Aug-2017 |
snj | Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
|
| 1.10.8.1 | 15-Aug-2017 |
snj | Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
|
| 1.11.6.1 | 25-Dec-2023 |
martin | Pull up the following, requested by kim in ticket #1780:
crypto/external/bsd/openssh/Makefile.inc up to 1.15 (+patch)
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.4
crypto/external/bsd/openssh/bin/scp/Makefile up to 1.6
crypto/external/bsd/openssh/bin/sftp/Makefile up to 1.11
crypto/external/bsd/openssh/bin/sftp-server/Makefile up to 1.4
crypto/external/bsd/openssh/bin/ssh/Makefile up to 1.20
crypto/external/bsd/openssh/bin/ssh-add/Makefile up to 1.3
crypto/external/bsd/openssh/bin/ssh-agent/Makefile up to 1.7
crypto/external/bsd/openssh/bin/ssh-keygen/Makefile up to 1.10
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.6
crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile up to 1.4
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.27 (+patch)
crypto/external/bsd/openssh/dist/PROTOCOL.sshsig up to 1.1.1.2
crypto/external/bsd/openssh/dist/srclimit.c up to 1.3
crypto/external/bsd/openssh/dist/sftp-realpath.c up to 1.3
crypto/external/bsd/openssh/dist/sntrup761.c up to 1.3
crypto/external/bsd/openssh/dist/sntrup761.sh up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshsig.c up to 1.12
crypto/external/bsd/openssh/dist/sshsig.h up to 1.1.1.5
crypto/external/bsd/openssh/dist/addr.c up to 1.6
crypto/external/bsd/openssh/dist/PROTOCOL.u2f up to 1.1.1.3
crypto/external/bsd/openssh/dist/sk-api.h up to 1.1.1.6
crypto/external/bsd/openssh/dist/sk-usbhid.c up to 1.9
crypto/external/bsd/openssh/dist/ssh-ecdsa-sk.c up to 1.4
crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c up to 1.5
crypto/external/bsd/openssh/dist/ssh-sk-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-sk-helper.8 up to 1.1.1.2
crypto/external/bsd/openssh/dist/ssh-sk-helper.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-sk.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-sk.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshbuf-io.c up to 1.2
crypto/external/bsd/openssh/dist/addr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/kexsntrup761x25519.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly-libcrypto.c up to 1.3
crypto/external/bsd/openssh/dist/srclimit.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/auth2-pubkeyfile.c up to 1.3
crypto/external/bsd/openssh/dist/sftp-usergroup.c up to 1.3
crypto/external/bsd/openssh/dist/sftp-usergroup.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ed25519.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/crc32.c delete
crypto/external/bsd/openssh/dist/crc32.h delete
crypto/external/bsd/openssh/dist/fe25519.c delete
crypto/external/bsd/openssh/dist/fe25519.h delete
crypto/external/bsd/openssh/dist/ge25519.c delete
crypto/external/bsd/openssh/dist/ge25519.h delete
crypto/external/bsd/openssh/dist/ge25519_base.data delete
crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c delete
crypto/external/bsd/openssh/dist/sc25519.c delete
crypto/external/bsd/openssh/dist/sc25519.h delete
crypto/external/bsd/openssh/dist/sntrup4591761.c delete
crypto/external/bsd/openssh/dist/sntrup4591761.sh delete
crypto/external/bsd/openssh/dist/uuencode.c delete
crypto/external/bsd/openssh/dist/uuencode.h delete
crypto/external/bsd/openssh/dist/verify.c delete
crypto/external/bsd/openssh/dist/LICENCE up to 1.7
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.23
crypto/external/bsd/openssh/dist/PROTOCOL.agent up to 1.15
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys up to 1.13
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.4
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.3
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.5
crypto/external/bsd/openssh/dist/PROTOCOL.mux up to 1.12
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.15
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.16
crypto/external/bsd/openssh/dist/auth-options.c up to 1.29
crypto/external/bsd/openssh/dist/auth-options.h up to 1.15
crypto/external/bsd/openssh/dist/auth-pam.c up to 1.21
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.13
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.16
crypto/external/bsd/openssh/dist/auth.c up to 1.34
crypto/external/bsd/openssh/dist/auth.h up to 1.23
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.19
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.17
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.23
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.15
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.10
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.14
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.16
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.34
crypto/external/bsd/openssh/dist/auth2.c up to 1.29
crypto/external/bsd/openssh/dist/authfd.c up to 1.27
crypto/external/bsd/openssh/dist/authfd.h up to 1.17
crypto/external/bsd/openssh/dist/authfile.c up to 1.28
crypto/external/bsd/openssh/dist/authfile.h up to 1.10
crypto/external/bsd/openssh/dist/canohost.c up to 1.16
crypto/external/bsd/openssh/dist/chacha.c up to 1.6
crypto/external/bsd/openssh/dist/chacha.h up to 1.3
crypto/external/bsd/openssh/dist/channels.c up to 1.42
crypto/external/bsd/openssh/dist/channels.h up to 1.26
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.3
crypto/external/bsd/openssh/dist/cipher.c up to 1.21
crypto/external/bsd/openssh/dist/cipher.h up to 1.17
crypto/external/bsd/openssh/dist/clientloop.c up to 1.39
crypto/external/bsd/openssh/dist/clientloop.h up to 1.18
crypto/external/bsd/openssh/dist/compat.c up to 1.26
crypto/external/bsd/openssh/dist/compat.h up to 1.18
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.5
crypto/external/bsd/openssh/dist/dh.c up to 1.20
crypto/external/bsd/openssh/dist/dh.h up to 1.13
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.8
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.9
crypto/external/bsd/openssh/dist/dispatch.c up to 1.11
crypto/external/bsd/openssh/dist/dns.c up to 1.23
crypto/external/bsd/openssh/dist/dns.h up to 1.13
crypto/external/bsd/openssh/dist/ed25519.c up to 1.6
crypto/external/bsd/openssh/dist/fatal.c up to 1.7
crypto/external/bsd/openssh/dist/getrrsetbyname.c up to 1.6
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.11
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.15
crypto/external/bsd/openssh/dist/hash.c up to 1.7
crypto/external/bsd/openssh/dist/hmac.c up to 1.8
crypto/external/bsd/openssh/dist/hostfile.c up to 1.23
crypto/external/bsd/openssh/dist/hostfile.h up to 1.11
crypto/external/bsd/openssh/dist/includes.h up to 1.9
crypto/external/bsd/openssh/dist/kex.c up to 1.34
crypto/external/bsd/openssh/dist/kex.h up to 1.24
crypto/external/bsd/openssh/dist/kexdh.c up to 1.10
crypto/external/bsd/openssh/dist/kexgen.c up to 1.7
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.17
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.23
crypto/external/bsd/openssh/dist/krl.c up to 1.23
crypto/external/bsd/openssh/dist/krl.h up to 1.6
crypto/external/bsd/openssh/dist/ldapauth.c up to 1.8
crypto/external/bsd/openssh/dist/ldapauth.h up to 1.6
crypto/external/bsd/openssh/dist/log.c up to 1.27
crypto/external/bsd/openssh/dist/log.h up to 1.17
crypto/external/bsd/openssh/dist/mac.c up to 1.16
crypto/external/bsd/openssh/dist/match.c up to 1.16
crypto/external/bsd/openssh/dist/match.h up to 1.11
crypto/external/bsd/openssh/dist/misc.c up to 1.35
crypto/external/bsd/openssh/dist/misc.h up to 1.27
crypto/external/bsd/openssh/dist/moduli up to 1.10
crypto/external/bsd/openssh/dist/moduli.c up to 1.17
crypto/external/bsd/openssh/dist/monitor.c up to 1.43
crypto/external/bsd/openssh/dist/monitor.h up to 1.13
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.9
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.34
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.23
crypto/external/bsd/openssh/dist/msg.c up to 1.11
crypto/external/bsd/openssh/dist/mux.c up to 1.35
crypto/external/bsd/openssh/dist/myproposal.h up to 1.24
crypto/external/bsd/openssh/dist/namespace.h up to 1.10
crypto/external/bsd/openssh/dist/nchan.c up to 1.14
crypto/external/bsd/openssh/dist/packet.c up to 1.50
crypto/external/bsd/openssh/dist/packet.h up to 1.26
crypto/external/bsd/openssh/dist/pathnames.h up to 1.15
crypto/external/bsd/openssh/dist/pfilter.c up to 1.8 (+patch)
crypto/external/bsd/openssh/dist/poly1305.c up to 1.6
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.15
crypto/external/bsd/openssh/dist/readconf.c up to 1.44
crypto/external/bsd/openssh/dist/readconf.h up to 1.34
crypto/external/bsd/openssh/dist/readpass.c up to 1.18
crypto/external/bsd/openssh/dist/rijndael.h up to 1.3
crypto/external/bsd/openssh/dist/sandbox-pledge.c up to 1.3
crypto/external/bsd/openssh/dist/sandbox-rlimit.c up to 1.7
crypto/external/bsd/openssh/dist/scp.1 up to 1.31
crypto/external/bsd/openssh/dist/scp.c up to 1.41
crypto/external/bsd/openssh/dist/servconf.c up to 1.44
crypto/external/bsd/openssh/dist/servconf.h up to 1.30
crypto/external/bsd/openssh/dist/serverloop.c up to 1.35
crypto/external/bsd/openssh/dist/session.c up to 1.38
crypto/external/bsd/openssh/dist/session.h up to 1.10
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.35
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.18
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.14
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.8
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.15
crypto/external/bsd/openssh/dist/sftp-server-main.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.14
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.30
crypto/external/bsd/openssh/dist/sftp.1 up to 1.30
crypto/external/bsd/openssh/dist/sftp.c up to 1.39
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.18
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.30
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.19
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.37
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.18
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.10
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.34
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.46
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.18
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.32
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.14
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.24
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.19
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 up to 1.12
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.22
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.26
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.9
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.19
crypto/external/bsd/openssh/dist/ssh-xmss.c up to 1.6
crypto/external/bsd/openssh/dist/ssh.1 up to 1.39
crypto/external/bsd/openssh/dist/ssh.c up to 1.45
crypto/external/bsd/openssh/dist/ssh.h up to 1.13
crypto/external/bsd/openssh/dist/ssh2.h up to 1.15
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.15
crypto/external/bsd/openssh/dist/ssh_config up to 1.16
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.40
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.12
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.11
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.14
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.14
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.19
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.37
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.17
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.46
crypto/external/bsd/openssh/dist/sshd.8 up to 1.31
crypto/external/bsd/openssh/dist/sshd.c up to 1.50
crypto/external/bsd/openssh/dist/sshd_config up to 1.28
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.42
crypto/external/bsd/openssh/dist/ssherr.c up to 1.10
crypto/external/bsd/openssh/dist/ssherr.h up to 1.4
crypto/external/bsd/openssh/dist/sshkey-xmss.c up to 1.10
crypto/external/bsd/openssh/dist/sshkey-xmss.h up to 1.5
crypto/external/bsd/openssh/dist/sshkey.c up to 1.32
crypto/external/bsd/openssh/dist/sshkey.h up to 1.19
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.13
crypto/external/bsd/openssh/dist/sshpty.c up to 1.8
crypto/external/bsd/openssh/dist/ttymodes.c up to 1.12
crypto/external/bsd/openssh/dist/uidswap.c up to 1.10
crypto/external/bsd/openssh/dist/umac.c up to 1.22
crypto/external/bsd/openssh/dist/umac.h up to 1.10
crypto/external/bsd/openssh/dist/utf8.c up to 1.9
crypto/external/bsd/openssh/dist/utf8.h up to 1.5
crypto/external/bsd/openssh/dist/version.h up to 1.44
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.13
crypto/external/bsd/openssh/dist/xmalloc.h up to 1.16
crypto/external/bsd/openssh/dist/xmss_hash.c up to 1.3
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.3
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.3
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.16
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.18
crypto/external/bsd/openssh/lib/Makefile up to 1.38
crypto/external/bsd/openssh/lib/shlib_version up to 1.36
crypto/external/bsd/openssh/openssh2netbsd up to 1.4
lib/libpam/modules/pam_ssh/Makefile up to 1.13
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.30
distrib/sets/lists/base/shl.mi (apply patch)
distrib/sets/lists/debug/shl.mi (apply patch)
doc/3RDPARTY (apply patch)
Update OpenSSH to 9.6.
|
| 1.11.4.1 | 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.13.10.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.8 | 18-Mar-2014 |
riastradh | Merge riastradh-drm2 to HEAD.
|
| 1.7 | 20-Jul-2013 |
wiz | Use Mt for email addresses.
|
| 1.6 | 16-Dec-2011 |
drochner | branches: 1.6.6; 1.6.10;
support ECDSA keys used by recent ssh
|
| 1.5 | 28-Feb-2005 |
wiz | branches: 1.5.48;
Bump date for new SECURITY CONSIDERATIONS section.
|
| 1.4 | 27-Feb-2005 |
thorpej | Add a SECURITY CONSIDRATIONS section.
|
| 1.3 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5.48.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.5.48.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.6.10.1 | 23-Jul-2013 |
riastradh | sync with HEAD
|
| 1.6.6.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.32 | 12-Oct-2025 |
kre | Adapt call of ssh_add_identity_constrained() after openssh update
Note, this commit log entry belongs to the previous commit (1.31)
and is to fix my screwup in the previous commit, Apologies all.
With the recent openssh update, ssh_add_identity_constrained() has had
its "maxsign" parameter removed. Adapt the mapping macro from
ssh_add_identity() -> ssh_add_identity_constrained() to cope.
While here, change the octal 0 (00) that was being passed to as the
final (size_t) arg to be a nice simple decimal 0 instead.
This should fix the current build breakage.
|
| 1.31 | 12-Oct-2025 |
kre | /* $NetBSD: pam_ssh.c,v 1.30 2022/06/15 08:31:34 hannken Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
__RCSID("$NetBSD: pam_ssh.c,v 1.30 2022/06/15 08:31:34 hannken Exp $");
#endif
#include <sys/param.h>
#include <sys/wait.h>
#include <errno.h>
#include <fcntl.h>
#include <paths.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#define PAM_SM_AUTH
#define PAM_SM_SESSION
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/openpam.h>
#include <openssl/evp.h>
#include "sshkey.h"
#include "sshbuf.h"
#include "authfd.h"
#include "authfile.h"
#define ssh_add_identity(auth, key, comment) \
ssh_add_identity_constrained(auth, key, comment, 0, 0, NULL, NULL, 0)
extern char **environ;
struct pam_ssh_key {
struct sshkey *key;
char *comment;
};
static const char *pam_ssh_prompt = "SSH passphrase: ";
static const char *pam_ssh_have_keys = "pam_ssh_have_keys";
static const char *pam_ssh_keyfiles[] = {
".ssh/identity", /* SSH1 RSA key */
".ssh/id_rsa", /* SSH2 RSA key */
".ssh/id_dsa", /* SSH2 DSA key */
".ssh/id_ecdsa", /* SSH2 ECDSA key */
NULL
};
static const char *pam_ssh_agent = "/usr/bin/ssh-agent";
static const char *const pam_ssh_agent_argv[] = { "ssh_agent", "-s", NULL };
static const char *const pam_ssh_agent_envp[] = { NULL };
/*
* Attempts to load a private key from the specified file in the specified
* directory, using the specified passphrase. If successful, returns a
* struct pam_ssh_key containing the key and its comment.
*/
static struct pam_ssh_key *
pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase,
int nullok)
{
struct pam_ssh_key *psk;
char fn[PATH_MAX];
int r;
char *comment;
struct sshkey *key;
if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
return (NULL);
comment = NULL;
/*
* If the key is unencrypted, OpenSSL ignores the passphrase, so
* it will seem like the user typed in the right one. This allows
* a user to circumvent nullok by providing a dummy passphrase.
* Verify that the key really *is* encrypted by trying to load it
* with an empty passphrase, and if the key is not encrypted,
* accept only an empty passphrase.
*/
r = sshkey_load_private(fn, "", &key, &comment);
if (r == 0 && !(*passphrase == '\0' && nullok)) {
openpam_log(PAM_LOG_DEBUG, "rejected unencrypted key from %s", fn);
sshkey_free(key);
free(comment);
return (NULL);
}
if (r)
r = sshkey_load_private(fn, passphrase, &key, &comment);
if (r) {
openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
if (comment != NULL)
free(comment);
return (NULL);
}
openpam_log(PAM_LOG_DEBUG, "loaded '%s' from %s", comment, fn);
if ((psk = malloc(sizeof(*psk))) == NULL) {
sshkey_free(key);
free(comment);
return (NULL);
}
psk->key = key;
psk->comment = comment;
return (psk);
}
/*
* Wipes a private key and frees the associated resources.
*/
static void
pam_ssh_free_key(pam_handle_t *pamh __unused,
void *data, int pam_err __unused)
{
struct pam_ssh_key *psk;
psk = data;
sshkey_free(psk->key);
free(psk->comment);
free(psk);
}
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
const char **kfn, *passphrase, *user;
const void *item;
struct passwd *pwd, pwres;
struct pam_ssh_key *psk;
int nkeys, nullok, pam_err, pass;
char pwbuf[1024];
nullok = (openpam_get_option(pamh, "nullok") != NULL);
/* PEM is not loaded by default */
OpenSSL_add_all_algorithms();
/* get user name and home directory */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
pwd == NULL)
return (PAM_USER_UNKNOWN);
if (pwd->pw_dir == NULL)
return (PAM_AUTH_ERR);
nkeys = 0;
pass = (pam_get_item(pamh, PAM_AUTHTOK, &item) == PAM_SUCCESS &&
item != NULL);
load_keys:
/* get passphrase */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
&passphrase, pam_ssh_prompt);
if (pam_err != PAM_SUCCESS)
return (pam_err);
/* switch to user credentials */
pam_err = openpam_borrow_cred(pamh, pwd);
if (pam_err != PAM_SUCCESS)
return (pam_err);
/* try to load keys from all keyfiles we know of */
for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase, nullok);
if (psk != NULL) {
pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);
++nkeys;
}
}
/* switch back to arbitrator credentials */
openpam_restore_cred(pamh);
/*
* If we tried an old token and didn't get anything, and
* try_first_pass was specified, try again after prompting the
* user for a new passphrase.
*/
if (nkeys == 0 && pass == 1 &&
openpam_get_option(pamh, "try_first_pass") != NULL) {
pam_set_item(pamh, PAM_AUTHTOK, NULL);
pass = 0;
goto load_keys;
}
/* no keys? */
if (nkeys == 0)
return (PAM_AUTH_ERR);
pam_set_data(pamh, pam_ssh_have_keys, NULL, NULL);
return (PAM_SUCCESS);
}
PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
return (PAM_SUCCESS);
}
/*
* Parses a line from ssh-agent's output.
*/
static void
pam_ssh_process_agent_output(pam_handle_t *pamh, FILE *f)
{
char *line, *p, *key, *val;
size_t len;
while ((line = fgetln(f, &len)) != NULL) {
if (len < 4 || strncmp(line, "SSH_", 4) != 0)
continue;
/* find equal sign at end of key */
for (p = key = line; p < line + len; ++p)
if (*p == '=')
break;
if (p == line + len || *p != '=')
continue;
*p = '\0';
/* find semicolon at end of value */
for (val = ++p; p < line + len; ++p)
if (*p == ';')
break;
if (p == line + len || *p != ';')
continue;
*p = '\0';
/* store key-value pair in environment */
openpam_log(PAM_LOG_DEBUG, "got %s: %s", key, val);
pam_setenv(pamh, key, val, 1);
}
}
/*
* Starts an ssh agent and stores the environment variables derived from
* its output.
*/
static int
pam_ssh_start_agent(pam_handle_t *pamh, struct passwd *pwd)
{
int agent_pipe[2];
pid_t pid;
FILE *f;
/* get a pipe which we will use to read the agent's output */
if (pipe(agent_pipe) == -1)
return (PAM_SYSTEM_ERR);
/* start the agent */
openpam_log(PAM_LOG_DEBUG, "starting an ssh agent");
pid = fork();
if (pid == (pid_t)-1) {
/* failed */
close(agent_pipe[0]);
close(agent_pipe[1]);
return (PAM_SYSTEM_ERR);
}
if (pid == 0) {
#ifndef F_CLOSEM
int fd;
#endif
/* child: drop privs, close fds and start agent */
if (setgid(pwd->pw_gid) == -1) {
openpam_log(PAM_LOG_DEBUG, "%s: Cannot setgid %d (%s)",
__func__, (int)pwd->pw_gid, strerror(errno));
goto done;
}
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
openpam_log(PAM_LOG_DEBUG,
"%s: Cannot initgroups for %s (%s)",
__func__, pwd->pw_name, strerror(errno));
goto done;
}
if (setuid(pwd->pw_uid) == -1) {
openpam_log(PAM_LOG_DEBUG, "%s: Cannot setuid %d (%s)",
__func__, (int)pwd->pw_uid, strerror(errno));
goto done;
}
(void)close(STDIN_FILENO);
(void)open(_PATH_DEVNULL, O_RDONLY);
(void)dup2(agent_pipe[1], STDOUT_FILENO);
(void)dup2(agent_pipe[1], STDERR_FILENO);
#ifdef F_CLOSEM
(void)fcntl(3, F_CLOSEM, 0);
#else
for (fd = 3; fd < getdtablesize(); ++fd)
(void)close(fd);
#endif
(void)execve(pam_ssh_agent,
(char **)__UNCONST(pam_ssh_agent_argv),
(char **)__UNCONST(pam_ssh_agent_envp));
done:
_exit(127);
}
/* parent */
close(agent_pipe[1]);
if ((f = fdopen(agent_pipe[0], "r")) == NULL)
return (PAM_SYSTEM_ERR);
pam_ssh_process_agent_output(pamh, f);
fclose(f);
return (PAM_SUCCESS);
}
/*
* Adds previously stored keys to a running agent.
*/
static int
pam_ssh_add_keys_to_agent(pam_handle_t *pamh)
{
const struct pam_ssh_key *psk;
const char **kfn;
char **envlist, **env;
int pam_err;
int agent_fd;
/* switch to PAM environment */
envlist = environ;
if ((environ = pam_getenvlist(pamh)) == NULL) {
openpam_log(PAM_LOG_DEBUG, "%s: cannot get envlist",
__func__);
environ = envlist;
return (PAM_SYSTEM_ERR);
}
/* get a connection to the agent */
if (ssh_get_authentication_socket(&agent_fd) != 0) {
openpam_log(PAM_LOG_DEBUG,
"%s: cannot get authentication connection",
__func__);
pam_err = PAM_SYSTEM_ERR;
agent_fd = -1;
goto end;
}
/* look for keys to add to it */
for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
const void *vp;
pam_err = pam_get_data(pamh, *kfn, &vp);
psk = vp;
if (pam_err == PAM_SUCCESS && psk != NULL) {
if (ssh_add_identity(agent_fd, psk->key, psk->comment))
openpam_log(PAM_LOG_DEBUG,
"added %s to ssh agent", psk->comment);
else
openpam_log(PAM_LOG_DEBUG, "failed "
"to add %s to ssh agent", psk->comment);
/* we won't need the key again, so wipe it */
pam_set_data(pamh, *kfn, NULL, NULL);
}
}
pam_err = PAM_SUCCESS;
end:
/* disconnect from agent */
if (agent_fd != -1)
ssh_close_authentication_socket(agent_fd);
/* switch back to original environment */
for (env = environ; *env != NULL; ++env)
free(*env);
free(environ);
environ = envlist;
return (pam_err);
}
PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
struct passwd *pwd, pwres;
const char *user;
const void *data;
int pam_err = PAM_SUCCESS;
char pwbuf[1024];
/* no keys, no work */
if (pam_get_data(pamh, pam_ssh_have_keys, &data) != PAM_SUCCESS &&
openpam_get_option(pamh, "want_agent") == NULL)
return (PAM_SUCCESS);
/* switch to user credentials */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 ||
pwd == NULL)
return (PAM_USER_UNKNOWN);
/* start the agent */
pam_err = pam_ssh_start_agent(pamh, pwd);
if (pam_err != PAM_SUCCESS)
return pam_err;
pam_err = openpam_borrow_cred(pamh, pwd);
if (pam_err != PAM_SUCCESS)
return pam_err;
/* we have an agent, see if we can add any keys to it */
pam_err = pam_ssh_add_keys_to_agent(pamh);
if (pam_err != PAM_SUCCESS) {
/* XXX ignore failures */
openpam_log(PAM_LOG_DEBUG, "failed adding keys to ssh agent");
pam_err = PAM_SUCCESS;
}
openpam_restore_cred(pamh);
return pam_err;
}
PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
const char *ssh_agent_pid;
char *end;
int status;
pid_t pid;
if ((ssh_agent_pid = pam_getenv(pamh, "SSH_AGENT_PID")) == NULL) {
openpam_log(PAM_LOG_DEBUG, "no ssh agent");
return (PAM_SUCCESS);
}
pid = (pid_t)strtol(ssh_agent_pid, &end, 10);
if (*ssh_agent_pid == '\0' || *end != '\0') {
openpam_log(PAM_LOG_DEBUG, "invalid ssh agent pid");
return (PAM_SESSION_ERR);
}
openpam_log(PAM_LOG_DEBUG, "killing ssh agent %d", (int)pid);
if (kill(pid, SIGTERM) == -1 ||
(waitpid(pid, &status, 0) == -1 && errno != ECHILD))
return (PAM_SYSTEM_ERR);
return (PAM_SUCCESS);
}
PAM_MODULE_ENTRY("pam_ssh");
|
| 1.30 | 15-Jun-2022 |
hannken | Set provider to NULL -- "pam" is not a valid security key helper library.
Now ssh-agent no longer fails key addition with
error: Cannot add provider: RSA is not an authenticator-hosted key
|
| 1.29 | 24-Feb-2022 |
christos | Add constrain arguments
|
| 1.28 | 27-Feb-2020 |
christos | This takes a provider now
|
| 1.27 | 01-Jun-2019 |
mlelstv | branches: 1.27.2;
Fix key loading logic and add log message when rejecting an unencrypted key.
|
| 1.26 | 26-Aug-2018 |
christos | adjust to new libssh api.
|
| 1.25 | 07-Apr-2018 |
christos | branches: 1.25.2;
fix and use the macro.
|
| 1.24 | 07-Apr-2018 |
christos | function grew an extra argument now.
|
| 1.23 | 04-Apr-2015 |
christos | branches: 1.23.14;
Adapt to the new API.
|
| 1.22 | 06-Jan-2012 |
drochner | branches: 1.22.2; 1.22.8; 1.22.14; 1.22.18;
pull in from FreeBSD rev.1.41: Narrow the use of user credentials.
(call pam_get_authtok() with caller's rights rather than user's)
|
| 1.21 | 03-Jan-2012 |
christos | avoid using %m in format.
|
| 1.20 | 16-Dec-2011 |
drochner | support ECDSA keys used by recent ssh
|
| 1.19 | 16-Dec-2011 |
drochner | disallow empty passphrases per default, and implement the "nullok"
option to allow it if the administator wishes, from FreeBSD
|
| 1.18 | 16-Dec-2011 |
drochner | -remove remainders of the misguided changes in revs 1.5-1.9
-iron out more unnecessary differences to FreeBSD
|
| 1.17 | 06-May-2011 |
drochner | branches: 1.17.4;
remove excess newlines in debug output
|
| 1.16 | 21-Nov-2010 |
adam | Use ssh_add_identity_constrained() instead of ssh_add_identity()
|
| 1.15 | 27-Jan-2008 |
christos | Fix compilation
|
| 1.14 | 15-Sep-2007 |
ragge | __FUNCTION__ -> __func__.
|
| 1.13 | 29-Sep-2006 |
dogcow | branches: 1.13.8;
new ssh import requires another include
|
| 1.12 | 19-Mar-2006 |
jnemeth | Fix coverity run 5, issue 2018 -- memory leak.
Approved by christos.
|
| 1.11 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.10 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.9 | 17-Mar-2005 |
christos | remove debugging printf's
|
| 1.8 | 14-Mar-2005 |
christos | branches: 1.8.2;
remove code to deal with authorized keys. it has no place here.
|
| 1.7 | 14-Mar-2005 |
christos | Go back to rev-1.5. This is better than what was there before, but I am
still uncertain about the proper way to dealing what keys to accept.
|
| 1.6 | 14-Mar-2005 |
christos | Revert previous. This is not the right fix.
|
| 1.5 | 14-Mar-2005 |
christos | Do not let keys that are not listed in authorized_keys participate
in authentication. Problem reported by Maximum Entropy.
|
| 1.4 | 27-Feb-2005 |
christos | NetBSD does not allow setuid(user) when euid=user, and ruid=0. Change
the logic for setting the uid/gid/groups for the agent around and also
add error checking. I.e. Don't exec the agent, if we could not set
the proper environment for it. Add a few more debugging lines. Now ssh
authentication works through xdm.
|
| 1.3 | 03-Jan-2005 |
lukem | s/ifndef/ifdef/ for __FreeBSD__
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.8.2.4 | 05-Jan-2007 |
tron | Apply patch (request by ghen in ticket #1617):
Update OpenPAM to 20050616 ("Figwort") and add the pam_afslog(8)
authentication module.
|
| 1.8.2.3 | 11-Jul-2005 |
tron | Pull up revision 1.11 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.8.2.2 | 04-Apr-2005 |
tron | Pull up revision 1.10 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.8.2.1 | 19-Mar-2005 |
tron | Pull up revision 1.9 (requested by christos in ticket #23):
remove debugging printf's
|
| 1.13.8.2 | 23-Mar-2008 |
matt | sync with HEAD
|
| 1.13.8.1 | 06-Nov-2007 |
matt | sync with HEAD
|
| 1.17.4.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.22.18.1 | 30-Apr-2015 |
riz | Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201
Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
|
| 1.22.14.1 | 15-Aug-2017 |
snj | Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
|
| 1.22.8.1 | 15-Aug-2017 |
snj | Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
|
| 1.22.2.1 | 15-Aug-2017 |
snj | Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
|
| 1.23.14.2 | 06-Sep-2018 |
pgoyette | Sync with HEAD
Resolve a couple of conflicts (result of the uimin/uimax changes)
|
| 1.23.14.1 | 16-Apr-2018 |
pgoyette | Sync with HEAD, resolve some conflicts
|
| 1.25.2.2 | 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.25.2.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.27.2.1 | 25-Dec-2023 |
martin | Pull up the following, requested by kim in ticket #1780:
crypto/external/bsd/openssh/Makefile.inc up to 1.15 (+patch)
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.4
crypto/external/bsd/openssh/bin/scp/Makefile up to 1.6
crypto/external/bsd/openssh/bin/sftp/Makefile up to 1.11
crypto/external/bsd/openssh/bin/sftp-server/Makefile up to 1.4
crypto/external/bsd/openssh/bin/ssh/Makefile up to 1.20
crypto/external/bsd/openssh/bin/ssh-add/Makefile up to 1.3
crypto/external/bsd/openssh/bin/ssh-agent/Makefile up to 1.7
crypto/external/bsd/openssh/bin/ssh-keygen/Makefile up to 1.10
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.6
crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile up to 1.4
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.27 (+patch)
crypto/external/bsd/openssh/dist/PROTOCOL.sshsig up to 1.1.1.2
crypto/external/bsd/openssh/dist/srclimit.c up to 1.3
crypto/external/bsd/openssh/dist/sftp-realpath.c up to 1.3
crypto/external/bsd/openssh/dist/sntrup761.c up to 1.3
crypto/external/bsd/openssh/dist/sntrup761.sh up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshsig.c up to 1.12
crypto/external/bsd/openssh/dist/sshsig.h up to 1.1.1.5
crypto/external/bsd/openssh/dist/addr.c up to 1.6
crypto/external/bsd/openssh/dist/PROTOCOL.u2f up to 1.1.1.3
crypto/external/bsd/openssh/dist/sk-api.h up to 1.1.1.6
crypto/external/bsd/openssh/dist/sk-usbhid.c up to 1.9
crypto/external/bsd/openssh/dist/ssh-ecdsa-sk.c up to 1.4
crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c up to 1.5
crypto/external/bsd/openssh/dist/ssh-sk-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-sk-helper.8 up to 1.1.1.2
crypto/external/bsd/openssh/dist/ssh-sk-helper.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-sk.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-sk.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshbuf-io.c up to 1.2
crypto/external/bsd/openssh/dist/addr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/kexsntrup761x25519.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly-libcrypto.c up to 1.3
crypto/external/bsd/openssh/dist/srclimit.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/auth2-pubkeyfile.c up to 1.3
crypto/external/bsd/openssh/dist/sftp-usergroup.c up to 1.3
crypto/external/bsd/openssh/dist/sftp-usergroup.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ed25519.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/crc32.c delete
crypto/external/bsd/openssh/dist/crc32.h delete
crypto/external/bsd/openssh/dist/fe25519.c delete
crypto/external/bsd/openssh/dist/fe25519.h delete
crypto/external/bsd/openssh/dist/ge25519.c delete
crypto/external/bsd/openssh/dist/ge25519.h delete
crypto/external/bsd/openssh/dist/ge25519_base.data delete
crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c delete
crypto/external/bsd/openssh/dist/sc25519.c delete
crypto/external/bsd/openssh/dist/sc25519.h delete
crypto/external/bsd/openssh/dist/sntrup4591761.c delete
crypto/external/bsd/openssh/dist/sntrup4591761.sh delete
crypto/external/bsd/openssh/dist/uuencode.c delete
crypto/external/bsd/openssh/dist/uuencode.h delete
crypto/external/bsd/openssh/dist/verify.c delete
crypto/external/bsd/openssh/dist/LICENCE up to 1.7
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.23
crypto/external/bsd/openssh/dist/PROTOCOL.agent up to 1.15
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys up to 1.13
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.4
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.3
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.5
crypto/external/bsd/openssh/dist/PROTOCOL.mux up to 1.12
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.15
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.16
crypto/external/bsd/openssh/dist/auth-options.c up to 1.29
crypto/external/bsd/openssh/dist/auth-options.h up to 1.15
crypto/external/bsd/openssh/dist/auth-pam.c up to 1.21
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.13
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.16
crypto/external/bsd/openssh/dist/auth.c up to 1.34
crypto/external/bsd/openssh/dist/auth.h up to 1.23
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.19
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.17
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.23
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.15
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.10
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.14
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.16
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.34
crypto/external/bsd/openssh/dist/auth2.c up to 1.29
crypto/external/bsd/openssh/dist/authfd.c up to 1.27
crypto/external/bsd/openssh/dist/authfd.h up to 1.17
crypto/external/bsd/openssh/dist/authfile.c up to 1.28
crypto/external/bsd/openssh/dist/authfile.h up to 1.10
crypto/external/bsd/openssh/dist/canohost.c up to 1.16
crypto/external/bsd/openssh/dist/chacha.c up to 1.6
crypto/external/bsd/openssh/dist/chacha.h up to 1.3
crypto/external/bsd/openssh/dist/channels.c up to 1.42
crypto/external/bsd/openssh/dist/channels.h up to 1.26
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.3
crypto/external/bsd/openssh/dist/cipher.c up to 1.21
crypto/external/bsd/openssh/dist/cipher.h up to 1.17
crypto/external/bsd/openssh/dist/clientloop.c up to 1.39
crypto/external/bsd/openssh/dist/clientloop.h up to 1.18
crypto/external/bsd/openssh/dist/compat.c up to 1.26
crypto/external/bsd/openssh/dist/compat.h up to 1.18
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.5
crypto/external/bsd/openssh/dist/dh.c up to 1.20
crypto/external/bsd/openssh/dist/dh.h up to 1.13
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.8
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.9
crypto/external/bsd/openssh/dist/dispatch.c up to 1.11
crypto/external/bsd/openssh/dist/dns.c up to 1.23
crypto/external/bsd/openssh/dist/dns.h up to 1.13
crypto/external/bsd/openssh/dist/ed25519.c up to 1.6
crypto/external/bsd/openssh/dist/fatal.c up to 1.7
crypto/external/bsd/openssh/dist/getrrsetbyname.c up to 1.6
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.11
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.15
crypto/external/bsd/openssh/dist/hash.c up to 1.7
crypto/external/bsd/openssh/dist/hmac.c up to 1.8
crypto/external/bsd/openssh/dist/hostfile.c up to 1.23
crypto/external/bsd/openssh/dist/hostfile.h up to 1.11
crypto/external/bsd/openssh/dist/includes.h up to 1.9
crypto/external/bsd/openssh/dist/kex.c up to 1.34
crypto/external/bsd/openssh/dist/kex.h up to 1.24
crypto/external/bsd/openssh/dist/kexdh.c up to 1.10
crypto/external/bsd/openssh/dist/kexgen.c up to 1.7
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.17
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.23
crypto/external/bsd/openssh/dist/krl.c up to 1.23
crypto/external/bsd/openssh/dist/krl.h up to 1.6
crypto/external/bsd/openssh/dist/ldapauth.c up to 1.8
crypto/external/bsd/openssh/dist/ldapauth.h up to 1.6
crypto/external/bsd/openssh/dist/log.c up to 1.27
crypto/external/bsd/openssh/dist/log.h up to 1.17
crypto/external/bsd/openssh/dist/mac.c up to 1.16
crypto/external/bsd/openssh/dist/match.c up to 1.16
crypto/external/bsd/openssh/dist/match.h up to 1.11
crypto/external/bsd/openssh/dist/misc.c up to 1.35
crypto/external/bsd/openssh/dist/misc.h up to 1.27
crypto/external/bsd/openssh/dist/moduli up to 1.10
crypto/external/bsd/openssh/dist/moduli.c up to 1.17
crypto/external/bsd/openssh/dist/monitor.c up to 1.43
crypto/external/bsd/openssh/dist/monitor.h up to 1.13
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.9
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.34
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.23
crypto/external/bsd/openssh/dist/msg.c up to 1.11
crypto/external/bsd/openssh/dist/mux.c up to 1.35
crypto/external/bsd/openssh/dist/myproposal.h up to 1.24
crypto/external/bsd/openssh/dist/namespace.h up to 1.10
crypto/external/bsd/openssh/dist/nchan.c up to 1.14
crypto/external/bsd/openssh/dist/packet.c up to 1.50
crypto/external/bsd/openssh/dist/packet.h up to 1.26
crypto/external/bsd/openssh/dist/pathnames.h up to 1.15
crypto/external/bsd/openssh/dist/pfilter.c up to 1.8 (+patch)
crypto/external/bsd/openssh/dist/poly1305.c up to 1.6
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.15
crypto/external/bsd/openssh/dist/readconf.c up to 1.44
crypto/external/bsd/openssh/dist/readconf.h up to 1.34
crypto/external/bsd/openssh/dist/readpass.c up to 1.18
crypto/external/bsd/openssh/dist/rijndael.h up to 1.3
crypto/external/bsd/openssh/dist/sandbox-pledge.c up to 1.3
crypto/external/bsd/openssh/dist/sandbox-rlimit.c up to 1.7
crypto/external/bsd/openssh/dist/scp.1 up to 1.31
crypto/external/bsd/openssh/dist/scp.c up to 1.41
crypto/external/bsd/openssh/dist/servconf.c up to 1.44
crypto/external/bsd/openssh/dist/servconf.h up to 1.30
crypto/external/bsd/openssh/dist/serverloop.c up to 1.35
crypto/external/bsd/openssh/dist/session.c up to 1.38
crypto/external/bsd/openssh/dist/session.h up to 1.10
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.35
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.18
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.14
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.8
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.15
crypto/external/bsd/openssh/dist/sftp-server-main.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.14
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.30
crypto/external/bsd/openssh/dist/sftp.1 up to 1.30
crypto/external/bsd/openssh/dist/sftp.c up to 1.39
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.18
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.30
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.19
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.37
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.18
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.10
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.34
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.46
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.18
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.32
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.14
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.24
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.19
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 up to 1.12
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.22
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.26
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.9
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.19
crypto/external/bsd/openssh/dist/ssh-xmss.c up to 1.6
crypto/external/bsd/openssh/dist/ssh.1 up to 1.39
crypto/external/bsd/openssh/dist/ssh.c up to 1.45
crypto/external/bsd/openssh/dist/ssh.h up to 1.13
crypto/external/bsd/openssh/dist/ssh2.h up to 1.15
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.15
crypto/external/bsd/openssh/dist/ssh_config up to 1.16
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.40
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.12
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.11
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.14
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.14
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.19
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.37
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.17
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.46
crypto/external/bsd/openssh/dist/sshd.8 up to 1.31
crypto/external/bsd/openssh/dist/sshd.c up to 1.50
crypto/external/bsd/openssh/dist/sshd_config up to 1.28
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.42
crypto/external/bsd/openssh/dist/ssherr.c up to 1.10
crypto/external/bsd/openssh/dist/ssherr.h up to 1.4
crypto/external/bsd/openssh/dist/sshkey-xmss.c up to 1.10
crypto/external/bsd/openssh/dist/sshkey-xmss.h up to 1.5
crypto/external/bsd/openssh/dist/sshkey.c up to 1.32
crypto/external/bsd/openssh/dist/sshkey.h up to 1.19
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.13
crypto/external/bsd/openssh/dist/sshpty.c up to 1.8
crypto/external/bsd/openssh/dist/ttymodes.c up to 1.12
crypto/external/bsd/openssh/dist/uidswap.c up to 1.10
crypto/external/bsd/openssh/dist/umac.c up to 1.22
crypto/external/bsd/openssh/dist/umac.h up to 1.10
crypto/external/bsd/openssh/dist/utf8.c up to 1.9
crypto/external/bsd/openssh/dist/utf8.h up to 1.5
crypto/external/bsd/openssh/dist/version.h up to 1.44
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.13
crypto/external/bsd/openssh/dist/xmalloc.h up to 1.16
crypto/external/bsd/openssh/dist/xmss_hash.c up to 1.3
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.3
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.3
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.16
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.18
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.18
crypto/external/bsd/openssh/lib/Makefile up to 1.38
crypto/external/bsd/openssh/lib/shlib_version up to 1.36
crypto/external/bsd/openssh/openssh2netbsd up to 1.4
lib/libpam/modules/pam_ssh/Makefile up to 1.13
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.30
distrib/sets/lists/base/shl.mi (apply patch)
distrib/sets/lists/debug/shl.mi (apply patch)
doc/3RDPARTY (apply patch)
Update OpenSSH to 9.6.
|
| 1.7 | 27-Oct-2008 |
mrg | use LIBDPLIBS+= not =.
|
| 1.6 | 27-Oct-2008 |
mrg | don't set LIBDPLIBS in libpam/modules/Makefile - it is not necessary
and it interferes with the compat lib build. don't use LIB_ROOT_DIR.
|
| 1.5 | 03-Jan-2005 |
lukem | Set NOxxx before including <bsd.own.mk>; we can't rely upon ../mod.mk
in this situation.
|
| 1.4 | 29-Dec-2004 |
lukem | Use LIBDPLIBS to provide the list of libraries for the modules to depend
upon, because:
* it's MUCH quicker; no need to calculate the OBJDIRS of every library
we might require in every subdir.
(make obj drops from 21s to 3s on my system.)
* it's more robust when building to a fresh DESTDIR.
|
| 1.3 | 29-Dec-2004 |
christos | Link with libraries from the source build directory.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.9 | 23-Dec-2019 |
reed | Simply Subsection headers
There was a formatting issue with mandoc showing the
literal "Ss" macros. I reported this bug to mandoc since groff
didn't have same formatting. It was recommended to simplify
the formatting due to the weird feature.
Note because of this for groff I didn't use the Ux macro but spelled
out UNIX literally for these subsection headers
(since the macro reset the subsection formatting which was why
the Ss macro was repeated before to reactivate it).
|
| 1.8 | 26-Feb-2005 |
thorpej | branches: 1.8.90;
Merge PAM20050226.
|
| 1.7 | 26-Feb-2005 |
wiz | Drop trailing whitespace.
|
| 1.6 | 26-Feb-2005 |
wiz | Bump date for previous.
|
| 1.5 | 26-Feb-2005 |
thorpej | Remove references to local_pass and nis_pass. Add description of
passwd_db option of the password management module.
|
| 1.4 | 26-Feb-2005 |
thorpej | Minor wording consistency nit.
|
| 1.3 | 20-Feb-2005 |
wiz | Fix Xref.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD build glue
- Warning fixes
- RCSID's
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 | 26-Feb-2005 |
thorpej | Import FreeBSD's PAM modules corresponding to the ones we currently
support as of today (20050226). This brings in some fixes to a few
of the PAM modules.
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.8.90.1 | 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.19 | 26-Oct-2022 |
andvar | nix double n, i or g in "ing", in comments and documentation.
|
| 1.18 | 10-Apr-2022 |
andvar | fix various typos in comments and output/log messages.
|
| 1.17 | 16-May-2018 |
joerg | Improve type safety by using the correct enum values.
|
| 1.16 | 29-Dec-2013 |
christos | branches: 1.16.24;
Fix incorrect types
|
| 1.15 | 20-Jun-2013 |
christos | use login_getpwclass() everywhere for consistency.
|
| 1.14 | 18-Nov-2009 |
drochner | branches: 1.14.6; 1.14.12;
if changing the password, don't clear PAM_AUTHTOK at the beginning -- this
sabotages external password strength checkers
|
| 1.13 | 14-Jun-2009 |
tonnerre | Restore the good old UNIX behavior of root password changing: only root
may change the root password.
(Checked that everybody else's password can be changed without any problem,
and checked that root can still change the root password.)
|
| 1.12 | 26-Jan-2009 |
lukem | sign-compare fixes
|
| 1.11 | 30-May-2006 |
jnemeth | branches: 1.11.4; 1.11.14; 1.11.26; 1.11.28;
PR/30730 force changing password via chsh fails
PR/33502 password aging not working
copy old_pwd to new_pwd before modifying
|
| 1.10 | 18-Mar-2006 |
jnemeth | Fix Coverity run 5, issue 2498 -- uninitialized variable
Fix Coverity run 5, issue 707 -- unreachable code
Approved by Christos.
|
| 1.9 | 19-Apr-2005 |
lukem | Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially if we're going to ignore the return result.
|
| 1.8 | 19-Apr-2005 |
christos | check for pwd != in getpw*_r functions.
|
| 1.7 | 31-Mar-2005 |
thorpej | Use getpwnam_r().
|
| 1.6 | 17-Mar-2005 |
christos | Clear the authorization token at the entry of each loop, so that
we get a chance to re-enter.
|
| 1.5 | 26-Feb-2005 |
thorpej | branches: 1.5.2;
Make sure to set yppwd.oldpass.
|
| 1.4 | 12-Jan-2005 |
christos | adapt to pw_gensalt() change.
|
| 1.3 | 11-Jan-2005 |
christos | eliminate the third copy of pwd_gensalt.
|
| 1.2 | 12-Dec-2004 |
christos | - NetBSD specific fixes.
- Changes from Jason to use our YP stuff.
|
| 1.1 | 12-Dec-2004 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 | 12-Dec-2004 |
christos | - Import freebsd's version of libpam as of today (20041212).
- Did not import opie, passwdqc, tacplus. We need to decide what to do
with them.
- Imported radius and ssh, although they will not work until we
import libradius and re-structure our tree to install libssh.
|
| 1.5.2.6 | 12-Jun-2006 |
tron | Pull up following revision(s) (requested by jnemeth in ticket #1370):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.11
PR/30730 force changing password via chsh fails
PR/33502 password aging not working
copy old_pwd to new_pwd before modifying
|
| 1.5.2.5 | 20-Mar-2006 |
riz | Pull up following revision(s) (requested by jnemeth in ticket #1206):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.10
Fix Coverity run 5, issue 2498 -- uninitialized variable
Fix Coverity run 5, issue 707 -- unreachable code
Approved by Christos.
|
| 1.5.2.4 | 11-Jul-2005 |
tron | branches: 1.5.2.4.2;
Pull up revision 1.9 (requested by lukem in ticket #539):
Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
failures, especially if we're going to ignore the return result.
|
| 1.5.2.3 | 11-Jul-2005 |
tron | Pull up revision 1.8 (requested by lukem in ticket #539):
check for pwd != in getpw*_r functions.
|
| 1.5.2.2 | 04-Apr-2005 |
tron | Pull up revision 1.7 (requested by thorpej in ticket #96):
Use getpwnam_r().
|
| 1.5.2.1 | 19-Mar-2005 |
tron | Pull up revision 1.6 (requested by christos in ticket #22):
Clear the authorization token at the entry of each loop, so that
we get a chance to re-enter.
|
| 1.5.2.4.2.2 | 12-Jun-2006 |
tron | Pull up following revision(s) (requested by jnemeth in ticket #1370):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.11
PR/30730 force changing password via chsh fails
PR/33502 password aging not working
copy old_pwd to new_pwd before modifying
|
| 1.5.2.4.2.1 | 20-Mar-2006 |
riz | Pull up following revision(s) (requested by jnemeth in ticket #1206):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.10
Fix Coverity run 5, issue 2498 -- uninitialized variable
Fix Coverity run 5, issue 707 -- unreachable code
Approved by Christos.
|
| 1.11.28.1 | 17-Jun-2009 |
bouyer | branches: 1.11.28.1.2;
Pull up following revision(s) (requested by tonnerre in ticket #817):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.13
Restore the good old UNIX behavior of root password changing: only root
may change the root password.
(Checked that everybody else's password can be changed without any problem,
and checked that root can still change the root password.)
|
| 1.11.28.1.2.1 | 21-Apr-2010 |
matt | sync to netbsd-5
|
| 1.11.26.2 | 13-Mar-2010 |
riz | Pull up following revision(s) (requested by drochner in ticket #1336):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.14
if changing the password, don't clear PAM_AUTHTOK at the beginning -- this
sabotages external password strength checkers
|
| 1.11.26.1 | 17-Jun-2009 |
bouyer | Pull up following revision(s) (requested by tonnerre in ticket #817):
lib/libpam/modules/pam_unix/pam_unix.c: revision 1.13
Restore the good old UNIX behavior of root password changing: only root
may change the root password.
(Checked that everybody else's password can be changed without any problem,
and checked that root can still change the root password.)
|
| 1.11.14.1 | 17-Jun-2009 |
jdc | Pull up revision 1.13 (requested by tonnerre in ticket #1326).
Restore the good old UNIX behavior of root password changing: only root
may change the root password.
(Checked that everybody else's password can be changed without any problem,
and checked that root can still change the root password.)
|
| 1.11.4.1 | 17-Jun-2009 |
jdc | Pull up revision 1.13 (requested by tonnerre in ticket #1326).
Restore the good old UNIX behavior of root password changing: only root
may change the root password.
(Checked that everybody else's password can be changed without any problem,
and checked that root can still change the root password.)
|
| 1.14.12.2 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.14.12.1 | 23-Jun-2013 |
tls | resync from head
|
| 1.14.6.1 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.16.24.1 | 21-May-2018 |
pgoyette | Sync with HEAD
|
