1. 19 Jan, 2015 1 commit
  2. 22 Dec, 2014 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 161cf419
      djm@openbsd.org authored
      make internal handling of filename arguments of "none"
       more consistent with ssh. "none" arguments are now replaced with NULL when
       the configuration is finalised.
      
      Simplifies checking later on (just need to test not-NULL rather than
      that + strcmp) and cleans up some inconsistencies. ok markus@
      161cf419
  3. 21 Dec, 2014 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 058f839f
      djm@openbsd.org authored
      don't count partial authentication success as a failure
       against MaxAuthTries; ok deraadt@
      058f839f
  4. 18 Jul, 2014 1 commit
    • Damien Miller's avatar
      - millert@cvs.openbsd.org 2014/07/15 15:54:14 · 7acefbbc
      Damien Miller authored
           [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
           [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
           [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
           [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
           [sshd_config.5 sshlogin.c]
           Add support for Unix domain socket forwarding.  A remote TCP port
           may be forwarded to a local Unix domain socket and vice versa or
           both ends may be a Unix domain socket.  This is a reimplementation
           of the streamlocal patches by William Ahern from:
               http://www.25thandclement.com/~william/projects/streamlocal.html
           OK djm@ markus@
      7acefbbc
  5. 03 Jul, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/07/03 11:16:55 · 686feb56
      Damien Miller authored
           [auth.c auth.h auth1.c auth2.c]
           make the "Too many authentication failures" message include the
           user, source address, port and protocol in a format similar to the
           authentication success / failure messages; bz#2199, ok dtucker
      686feb56
  6. 04 Feb, 2014 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2014/01/29 06:18:35 · 7cc194f7
      Damien Miller authored
           [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
           [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
           [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
           remove experimental, never-enabled JPAKE code; ok markus@
      7cc194f7
  7. 01 Jun, 2013 2 commits
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/19 02:42:42 · 0acca379
      Darren Tucker authored
           [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
           Standardise logging of supplemental information during userauth. Keys
           and ruser is now logged in the auth success/failure message alongside
           the local username, remote host/port and protocol in use. Certificates
           contents and CA are logged too.
           Pushing all logging onto a single line simplifies log analysis as it is
           no longer necessary to relate information scattered across multiple log
           entries. "I like it" markus@
      0acca379
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  8. 23 Apr, 2013 1 commit
  9. 02 Dec, 2012 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2012/12/02 20:34:10 · 15b05cfa
      Damien Miller authored
           [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
           [monitor.c monitor.h]
           Fixes logging of partial authentication when privsep is enabled
           Previously, we recorded "Failed xxx" since we reset authenticated before
           calling auth_log() in auth2.c. This adds an explcit "Partial" state.
      
           Add a "submethod" to auth_log() to report which submethod is used
           for keyboard-interactive.
      
           Fix multiple authentication when one of the methods is
           keyboard-interactive.
      
           ok markus@
      15b05cfa
  10. 04 Nov, 2012 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2012/11/04 11:09:15 · a6e3f01d
      Damien Miller authored
           [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
           [sshd_config.5]
           Support multiple required authentication via an AuthenticationMethods
           option. This option lists one or more comma-separated lists of
           authentication method names. Successful completion of all the methods in
           any list is required for authentication to complete;
           feedback and ok markus@
      a6e3f01d
  11. 18 Dec, 2011 1 commit
  12. 05 May, 2011 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 3fcdfd55
      Damien Miller authored
         - djm@cvs.openbsd.org 2011/03/10 02:52:57
           [auth2-gss.c auth2.c]
           allow GSSAPI authentication to detect when a server-side failure causes
           authentication failure and don't count such failures against MaxAuthTries;
           bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
      3fcdfd55
  13. 31 Aug, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/08/31 09:58:37 · da108ece
      Damien Miller authored
           [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
           [packet.h ssh-dss.c ssh-rsa.c]
           Add buffer_get_cstring() and related functions that verify that the
           string extracted from the buffer contains no embedded \0 characters*
           This prevents random (possibly malicious) crap from being appended to
           strings where it would not be noticed if the string is used with
           a string(3) function.
      
           Use the new API in a few sensitive places.
      
           * actually, we allow a single one at the end of the string for now because
           we don't know how many deployed implementations get this wrong, but don't
           count on this to remain indefinitely.
      da108ece
  14. 22 Jun, 2009 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2009/06/22 05:39:28 · 821d3dbe
      Darren Tucker authored
           [monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
           alphabetize includes; reduces diff vs portable and style(9).
           ok stevesk djm
           (Id sync only; these were already in order in -portable)
      821d3dbe
  15. 21 Jun, 2009 1 commit
  16. 05 Nov, 2008 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2008/11/04 08:22:13 · 01ed2272
      Damien Miller authored
           [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
           [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
           [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
           [Makefile.in]
           Add support for an experimental zero-knowledge password authentication
           method using the J-PAKE protocol described in F. Hao, P. Ryan,
           "Password Authenticated Key Exchange by Juggling", 16th Workshop on
           Security Protocols, Cambridge, April 2008.
      
           This method allows password-based authentication without exposing
           the password to the server. Instead, the client and server exchange
           cryptographic proofs to demonstrate of knowledge of the password while
           revealing nothing useful to an attacker or compromised endpoint.
      
           This is experimental, work-in-progress code and is presently
           compiled-time disabled (turn on -DJPAKE in Makefile.inc).
      
           "just commit it.  It isn't too intrusive." deraadt@
      01ed2272
  17. 04 Jul, 2008 2 commits
  18. 02 Jul, 2008 1 commit
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2008/07/02 12:36:39 · 4230a5dc
      Darren Tucker authored
           [auth2-none.c auth2.c]
           Make protocol 2 MaxAuthTries behaviour a little more sensible:
           Check whether client has exceeded MaxAuthTries before running
           an authentication method and skip it if they have, previously it
           would always allow one try (for "none" auth).
           Preincrement failure count before post-auth test - previously this
           checked and postincremented, also to allow one "none" try.
           Together, these two changes always count the "none" auth method
           which could be skipped by a malicious client (e.g. an SSH worm)
           to get an extra attempt at a real auth method. They also make
           MaxAuthTries=0 a useful way to block users entirely (esp. in a
           sshd_config Match block).
           Also, move sending of any preauth banner from "none" auth method
           to the first call to input_userauth_request(), so worms that skip
           the "none" method get to see it too.
      4230a5dc
  19. 26 Oct, 2007 1 commit
  20. 20 May, 2007 1 commit
  21. 01 Mar, 2007 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 · 1d75f22c
      Darren Tucker authored
           [auth2.c sshd_config.5 servconf.c]
           Remove ChallengeResponseAuthentication support inside a Match
           block as its interaction with KbdInteractive makes it difficult to
           support.  Also, relocate the CR/kbdint option special-case code into
           servconf.  "please commit" djm@, ok markus@ for the relocation.
      1d75f22c
  22. 05 Aug, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 · d7834353
      Damien Miller authored
           [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
           [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
           [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
           [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
           [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
           [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
           [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
           [serverloop.c session.c session.h sftp-client.c sftp-common.c]
           [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
           [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
           [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
           [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
           [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
           almost entirely get rid of the culture of ".h files that include .h files"
           ok djm, sort of ok stevesk
           makes the pain stop in one easy step
           NB. portable commit contains everything *except* removing includes.h, as
           that will take a fair bit more work as we move headers that are required
           for portability workarounds to defines.h. (also, this step wasn't "easy")
      d7834353
  23. 24 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 · e3476ed0
      Damien Miller authored
           [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
           [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
           [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
           [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
           [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
           [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
           [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
           [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
           [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
           move #include <string.h> out of includes.h
      e3476ed0
  24. 10 Jul, 2006 1 commit
    • Damien Miller's avatar
      - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 · 9f2abc47
      Damien Miller authored
           [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
           [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
           [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
           [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
           [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
           [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
           [uidswap.h]
           move #include <pwd.h> out of includes.h; ok markus@
      9f2abc47
  25. 26 Mar, 2006 2 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 13:17:03 · 57c30117
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
           [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
           [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
           [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
           [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
           [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
           [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
           [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
           [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
           [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
           [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
           [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
           [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c]
           Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
           Theo nuked - our scripts to sync -portable need them in the files
      57c30117
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/20 18:17:20 · 91d4b12f
      Damien Miller authored
           [auth1.c auth2.c sshd.c]
           sprinkle some ARGSUSED for table driven functions (which sometimes
           must ignore their args)
      91d4b12f
  26. 25 Mar, 2006 1 commit
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 · b0fb6872
      Damien Miller authored
           [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
           [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
           [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
           [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
           [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
           [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
           [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
           [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
           [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
           [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
           [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
           [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
           [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
           [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
           [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
           [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
           [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
           [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
           [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
           [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
           [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
           [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
           [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
           RCSID() can die
      b0fb6872
  27. 24 Sep, 2005 1 commit
  28. 17 Jul, 2005 1 commit
  29. 08 Feb, 2005 1 commit
  30. 02 Feb, 2005 1 commit
  31. 03 Dec, 2004 1 commit
  32. 11 Sep, 2004 1 commit
  33. 12 Aug, 2004 1 commit
  34. 21 Jul, 2004 1 commit
  35. 24 May, 2004 1 commit
  36. 08 Mar, 2004 1 commit
  37. 17 Nov, 2003 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2003/11/04 08:54:09 · 3e3b5145
      Damien Miller authored
           [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
           [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
           [session.c]
           standardise arguments to auth methods - they should all take authctxt.
           check authctxt->valid rather then pw != NULL; ok markus@
      3e3b5145