Lines Matching refs:pam
48 /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
65 #include <pam/pam_appl.h>
87 #include "auth-pam.h"
151 return; /* handler called after PAM cleanup, shouldn't happen */
154 /* PAM thread has not exitted, privsep slave must have */
164 sigdie("PAM: authentication thread exited unexpectedly");
166 sigdie("PAM: authentication thread exited uncleanly");
236 /* Some PAM implementations don't implement this */
244 * env vars (e.g. KRB5CCNAME) from the PAM environment.
254 * This wraps pam_chauthtok and sets/restore the real uid so PAM will do
264 fatal("PAM: sshpam_authctxt not initialized");
280 fatal("%s: PAM authctxt not initialized", __func__);
293 /* Import regular and PAM environment from subprocess */
301 debug3("PAM: %s entering", __func__);
314 debug3("PAM: num env strings %d", num_env);
320 /* Import PAM environment from subprocess */
322 debug("PAM: num PAM env strings %d", num_env);
329 error("PAM: pam_putenv: %s",
349 debug3("PAM: %s entering, %d messages", __func__, n);
353 error("PAM: conversation function passed a null context");
448 error("PAM: could not set TZ environment: %s",
452 setproctitle("%s [pam]",
461 fatal("%s: PAM authctxt not initialized", __func__);
500 /* Export any environment strings set by PAM in child */
533 debug3("PAM: %s entering", __func__);
548 debug3("PAM: %s entering, %d messages", __func__, n);
562 debug3("PAM: %s called with %d messages", __func__, n);
603 debug("PAM: cleanup");
606 debug("PAM: closing session");
611 debug("PAM: deleting credentials");
628 /* We already have a PAM context; check if the user matches */
636 debug("PAM: initializing for \"%s\"", user);
647 debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
656 * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
660 debug("PAM: setting PAM_TTY to \"ssh\"");
677 debug3("PAM: %s entering", __func__);
679 * Refuse to start if we don't have PAM enabled or do_pam_account
685 /* Initialize PAM */
687 error("PAM: initialization failed");
695 error("PAM: failed create sockets: %s", strerror(errno));
702 error("PAM: failed to start authentication thread: %s",
724 debug3("PAM: %s entering", __func__);
762 debug3("PAM: %s", pam_strerror(sshpam_handle, type));
776 debug("PAM: %s", **prompts);
786 fatal("Internal error: PAM auth "
796 error("PAM: %s for %s%.100s from %.100s", msg,
819 debug2("PAM: %s entering, %u responses", __func__, num);
830 error("PAM: expected one response, got %u", num);
853 debug3("PAM: %s entering", __func__);
857 * We don't call sshpam_cleanup() here because we may need the PAM
865 "pam",
873 "pam",
881 * This replaces auth-pam.c
887 fatal("PAM: initialisation requested when UsePAM=no");
890 fatal("PAM: initialisation failed");
907 debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
926 debug("PAM: setting PAM_TTY to \"%s\"", tty);
929 fatal("PAM: failed to set PAM_TTY: %s",
940 fatal("PAM: failed to set PAM_CONV: %s",
943 debug("PAM: establishing credentials");
946 debug("PAM: reinitializing credentials");
954 fatal("PAM: pam_setcred(): %s",
957 debug("PAM: pam_setcred(): %s",
969 debug3("PAM: %s called with %d messages", __func__, n);
1030 fatal("PAM: failed to set PAM_CONV: %s",
1032 debug("PAM: changing password");
1035 fatal("PAM: pam_chauthtok(): %s",
1042 debug3("PAM: opening session");
1046 fatal("PAM: failed to set PAM_CONV: %s",
1054 error("PAM: pam_open_session(): %s",
1067 * Set a PAM environment string. We need to do this so that the session
1128 debug3("PAM: %s called with %d messages", __func__, n);
1178 * Attempt password authentication via PAM
1187 fatal("PAM: %s called when PAM disabled or failed to "
1196 * information via timing (eg if the PAM config has a delay on fail).
1205 fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
1211 debug("PAM: password authentication accepted for %.100s",
1215 debug("PAM: password authentication failed for %.100s: %s",
