Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Define __bounded__ to fix the gcc build. While there, raise WARNS.

Update for API changes in OpenSSH 6.8p1.

First, the authfd API now uses a direct file descriptor for the control
socket instead of a more abstract AuthenticationConnection structure.
Second, the functions now consistently return an error value.

Reviewed by: bdrewery

Passing NULL as a key casues a segfault when loading SSH 1 keys. Use
an empty string instead.

key_load_private() ignores the passphrase argument if the private key
is unencrypted. This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after: 1 week
Noticed by: Guy Helmer <guy.helmer@palisadesystems.com>

Load the ECDSA key if there is one.

MFC after: 1 week

No newline required.

MFC after: 2 weeks

Upgrade to OpenSSH 5.4p1.

MFC after: 1 month

Adjust for OpenPAM Hydrangea.

Fix build.

Correct the logic for determining whether the user has already entered
a password. Also, work around some harmless type pun warnings.

MFC after: 3 days

Do not use passphraseless keys for authentication unless the nullok
option was specified.

PR: bin/81231
Submitted by: "Daniel O'Connor" <doconnor@gsoft.com.au>
MFC after: 3 days

Narrow the use of user credentials.
Fix one case where openpam_restore_cred() might be called twice in a row.

MFC after: 3 days

Fix numerous constness and aliasing issues.

Ignore ECHILD from waitpid(2) (our child may have been reaped by the
calling process's SIGCHLD handler)

PR: bin/45669

Use pam_get_user(3) instead of pam_get_item(3) where appropriate.

Complete rewrite of pam_ssh(8). The previous version was becoming hard
to maintain, and had security issues which would have required a major
rewrite to address anyway.

This implementation currently starts a separate agent for each session
instead of connecting each new session to the agent started by the first
one. While this would be a Good Thing (and the old pam_ssh(8) tried to
do it), it's hard to get right. I'll revisit this issue when I've had a
chance to test some modifications to ssh-agent(1).

Merge in most non-style differences from Andrew Korty's pam_ssh 1.7.

Major cleanup:

- add __unused where appropriate
- PAM_RETURN -> return since OpenPAM already logs the return value.
- make PAM_LOG use openpam_log()
- make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
for PAM_SILENT
- remove dummy functions since OpenPAM handles missing service
functions
- fix various warnings

Sponsored by: DARPA, NAI Labs

Remove debugging code that was inadvertantly brought in by previous commit.

Use OpenPAM's credential switching functions.

Sponsored by: DARPA, NAI Labs

Aggressive cleanup of warnings + authtok-related code in preparation for
PAMifying passwd(1).

Sponsored by: DARPA, NAI Labs.

Remove some duplicate free()s and add some that were missing.

Submitted by: tmm

pam_get_pass() -> pam_get_authtok()

Upgrade to something quite close, but not identical, to version 1.6 of
Andrew Korty's pam_ssh. The most notable difference is that this uses
commas rather than colons to separate items in the "keyfiles" option.

Sponsored by: DARPA, NAI Labs

NAI DBA update.

Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by: DARPA, NAI Labs

#include cleanup.

Sponsored by: DARPA, NAI Labs

ssh_get_authentication_connection() gets its parameters from environment
variables, so temporarily switch to the PAM environment before calling it.

Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>

WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.

PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The
caller is supposed to check the PAM envlist and export the variables it
contains; if it doesn't, it's broken.

Sponsored by: DARPA, NAI Labs

Make libssh.so useable (undefined reference to IPv4or6).

Reviewed by: des, markm
Approved by: markm

Back out previous commit.

Requested by: ru

Get pam_mod_misc.h from .CURDIR rather than .OBJDIR or /usr/include.

Sponsored by: DARPA, NAI Labs

Add dummy functions for all module types. These dummies return PAM_IGNORE
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.

Sponsored by: DARPA, NAI Labs

Fix pam_ssh by adding an IPv4or6 (evidently, this was broken by my last
OpenSSH import) declaration and strdup(3)ing a value which is later
free(3)d, rather than letting the system try to free it invalidly.

Add __FBSDID()s to libpam

Fix:

/usr/src/lib/libpam/modules/pam_ssh/pam_ssh.c has couple of bugs which cause:

1) xdm dumps core
2) ssh1 private key is not passed to ssh-agent
3) ssh2 RSA key seems not handled properly (just a guess from source)
4) ssh_get_authentication_connectionen() fails to get connection because of
SSH_AUTH_SOCK not defined.

PR: 29609
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>

Code clean up; make logging same as other modules and fix warnings.

Fix style/consistency in Makefile and repair static module building.

Submitted by: bde(partially)

Repair the get/set UID() stuff so this works in both su(1) and login(1)
modes.

(Re)Add an SSH module for PAM, heavily based on Andrew Korty's module
from ports.

Forgot to remove the old line in the last commit.

In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
back to the original environ unconditionally. The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set. Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR: bin/22670
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>

Correct an arguement to ssh_add_identity, this matches what is currently
in ports/security/openssh/files/pam_ssh.c

PR: 22164
Submitted by: Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by: green
Approved by: green

Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
from the openssh port)

Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>

Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by: msmith and others

Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by: phk
Reviewed by: phk
Approved by: mdodd

Fix a memory leak.

PR: 17360
Submitted by: Andrew J. Korty <ajk@iu.edu>

Redo this with a repo copy from the original file and reset the
__PREFIX__ markers.

Upgrade to the pam_ssh module, version 1.1..

(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used. XDM and its variants
should now work without modification. Note that the new code uses
the macros in <sys/queue.h>.

Submitted by: Andrew J. Korty <ajk@iu.edu>

Add the PAM SSH RSA key authentication module. For example, you can add,
"login auth sufficient pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR: 15158
Submitted by: Andrew J. Korty <ajk@waterspout.com>
Reviewed by: obrien