1. 02 Dec, 2012 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2012/12/02 20:34:10 · 15b05cfa
      Damien Miller authored
           [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
           [monitor.c monitor.h]
           Fixes logging of partial authentication when privsep is enabled
           Previously, we recorded "Failed xxx" since we reset authenticated before
           calling auth_log() in auth2.c. This adds an explcit "Partial" state.
           Add a "submethod" to auth_log() to report which submethod is used
           for keyboard-interactive.
           Fix multiple authentication when one of the methods is
           ok markus@
  2. 20 Jun, 2011 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2011/06/17 21:44:31 · 8f0bf237
      Damien Miller authored
           [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
           make the pre-auth privsep slave log via a socketpair shared with the
           monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
  3. 05 Nov, 2008 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2008/11/04 08:22:13 · 01ed2272
      Damien Miller authored
           [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
           [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
           [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
           Add support for an experimental zero-knowledge password authentication
           method using the J-PAKE protocol described in F. Hao, P. Ryan,
           "Password Authenticated Key Exchange by Juggling", 16th Workshop on
           Security Protocols, Cambridge, April 2008.
           This method allows password-based authentication without exposing
           the password to the server. Instead, the client and server exchange
           cryptographic proofs to demonstrate of knowledge of the password while
           revealing nothing useful to an attacker or compromised endpoint.
           This is experimental, work-in-progress code and is presently
           compiled-time disabled (turn on -DJPAKE in Makefile.inc).
           "just commit it.  It isn't too intrusive." deraadt@
  4. 26 Mar, 2006 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2006/03/25 22:22:43 · 51096383
      Damien Miller authored
           [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
           [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
           [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
           [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
           [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
           [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
           [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
           [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
           [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
           [ttymodes.h uidswap.h uuencode.h xmalloc.h]
           standardise spacing in $OpenBSD$ tags; requested by deraadt@
  5. 02 Feb, 2005 1 commit
  6. 17 Nov, 2003 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2003/11/17 11:06:07 · 0425d401
      Damien Miller authored
           [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
           [monitor_wrap.h sshconnect2.c ssh-gss.h]
           replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
           test + ok jakob.
  7. 02 Oct, 2003 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2003/09/23 20:17:11 · 3e33cecf
      Darren Tucker authored
           [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
           cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
           monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
           ssh-agent.c sshd.c]
           replace fatal_cleanup() and linked list of fatal callbacks with static
           cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
           allocate sshd's authctxt eary to allow simpler cleanup in sshd.
           tested by many, ok deraadt@
  8. 02 Sep, 2003 1 commit
    • Damien Miller's avatar
      - markus@cvs.openbsd.org 2003/08/28 12:54:34 · 1a0c0b96
      Damien Miller authored
           [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
           [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
           [sshconnect1.c sshd.c sshd_config sshd_config.5]
           remove kerberos support from ssh1, since it has been replaced with GSSAPI;
           but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
  9. 26 Aug, 2003 1 commit
    • Darren Tucker's avatar
      - markus@cvs.openbsd.org 2003/08/22 10:56:09 · 0efd155c
      Darren Tucker authored
           [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
           gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
           readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
           ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
           support GSS API user authentication; patches from Simon Wilkinson,
           stripped down and tested by Jakob and myself.
  10. 25 Aug, 2003 1 commit
  11. 02 Aug, 2003 3 commits
    • Darren Tucker's avatar
      Sync OpenBSD ID · 19c4bbc3
      Darren Tucker authored
    • Darren Tucker's avatar
      - (dtucker) OpenBSD CVS Sync · 6aaa58c4
      Darren Tucker authored
         - markus@cvs.openbsd.org 2003/07/22 13:35:22
           [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
           monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
           ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
           remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
           test+ok henning@
       - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
       - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
      I hope I got this right....
    • Darren Tucker's avatar
  12. 10 May, 2003 1 commit
  13. 27 Sep, 2002 1 commit
  14. 11 Sep, 2002 1 commit
  15. 11 Jun, 2002 1 commit
  16. 06 Jun, 2002 1 commit
  17. 13 May, 2002 1 commit
  18. 23 Apr, 2002 1 commit
  19. 26 Mar, 2002 1 commit
  20. 22 Mar, 2002 1 commit
    • Ben Lindstrom's avatar
      - provos@cvs.openbsd.org 2002/03/18 17:50:31 · 7a2073c5
      Ben Lindstrom authored
           [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
            auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
            session.h servconf.h serverloop.c session.c sshd.c]
           integrate privilege separated openssh; its turned off by default for now.
           work done by me and markus@
      applied, but outside of ensure that smaller code bits migrated with
      their owners.. no work was tried to 'fix' it to work. =)  Later project!
  21. 13 Mar, 2002 2 commits
  22. 09 May, 2001 1 commit
  23. 05 Mar, 2001 1 commit
    • Ben Lindstrom's avatar
      - deraadt@cvs.openbsd.org 2001/03/02 18:54:31 · 92a2e38f
      Ben Lindstrom authored
           [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
            scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
            ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
           make copyright lines the same format
  24. 22 Jan, 2001 1 commit
    • Ben Lindstrom's avatar
      Hopefully things did not get mixed around too much. It compiles under · 226cfa03
      Ben Lindstrom authored
      Linux and works.  So that is at least a good sign. =)
       - (bal) OpenBSD Resync
         - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
           [servconf.c ssh.h sshd.c]
           only auth-chall.c needs #ifdef SKEY
         - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
           [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
            packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
            session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
            ssh1.h sshconnect1.c sshd.c ttymodes.c]
           move ssh1 definitions to ssh1.h, pathnames to pathnames.h
         - markus@cvs.openbsd.org 2001/01/19 16:48:14
           fix typo; from stevesk@
         - markus@cvs.openbsd.org 2001/01/19 16:50:58
           clear and free digest, make consistent with other code (use dlen); from
         - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
           [auth-options.c auth-options.h auth-rsa.c auth2.c]
           pass the filename to auth_parse_options()
         - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
           fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
         - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
           dh_new_group() does not return NULL.  ok markus@
         - markus@cvs.openbsd.org 2001/01/20 21:33:42
           do not loop forever if askpass does not exist; from
         - djm@cvs.openbsd.org 2001/01/20 23:00:56
           Check for NULL return from strdelim; ok markus
         - djm@cvs.openbsd.org 2001/01/20 23:02:07
           KNF; ok markus
         - jakob@cvs.openbsd.org 2001/01/21 9:00:33
           remove -R flag; ok markus@
         - markus@cvs.openbsd.org 2001/01/21 19:05:40
           [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
            auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
            auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
            bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
            cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
            deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
            key.c key.h log-client.c log-server.c log.c log.h login.c login.h
            match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
            readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
            session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
            ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
            sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
            ttysmodes.c uidswap.c xmalloc.c]
           split ssh.h and try to cleanup the #include mess. remove unnecessary
           #includes.  rename util.[ch] -> misc.[ch]
       - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
       - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
         conflict when compiling for non-kerb install
       - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
         on 1/19.
  25. 28 Oct, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Sync with OpenBSD: · 69b69aa5
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/10/16 15:46:32
           fixes from pekkas@netcore.fi
         - markus@cvs.openbsd.org  2000/10/17 14:28:11
           return number of characters processed; ok deraadt@
         - markus@cvs.openbsd.org  2000/10/18 12:04:02
         - markus@cvs.openbsd.org  2000/10/18 12:23:02
           replace atomicio(read,...) with read(); ok deraadt@
         - markus@cvs.openbsd.org  2000/10/18 12:42:00
           restore old record login behaviour
         - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
           fmt string problem in unused code
         - provos@cvs.openbsd.org  2000/10/19 10:45:16
           don't reference freed memory. okay deraadt@
         - markus@cvs.openbsd.org  2000/10/21 11:04:23
           typo, eramore@era-t.ericsson.se; ok niels@
         - markus@cvs.openbsd.org  2000/10/23 13:31:55
           non-alignment dependent swap_bytes(); from
         - markus@cvs.openbsd.org  2000/10/26 12:38:28
           add older vandyke products
         - markus@cvs.openbsd.org  2000/10/27 01:32:19
           [channels.c channels.h clientloop.c serverloop.c session.c]
           [ssh.c util.c]
           enable non-blocking IO on channels, and tty's (except for the
           client ttys).
         - markus@cvs.openbsd.org  2000/10/27 01:48:22
           channels.c channels.h clientloop.c
           deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
  26. 16 Sep, 2000 1 commit
    • Damien Miller's avatar
      - (djm) Merge OpenBSD changes: · e4340be5
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/09/05 02:59:57
           print hostname (not hushlogin)
         - markus@cvs.openbsd.org  2000/09/05 13:18:48
           [authfile.c ssh-add.c]
           enable ssh-add -d for DSA keys
         - markus@cvs.openbsd.org  2000/09/05 13:20:49
         - markus@cvs.openbsd.org  2000/09/06 03:46:41
         - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
           cleanup copyright notices on all files.  I have attempted to be
           accurate with the details.  everything is now under Tatu's licence
           (which I copied from his readme), and/or the core-sdi bsd-ish thing
           for deattack, or various openbsd developers under a 2-term bsd
           licence.  We're not changing any rules, just being accurate.
         - markus@cvs.openbsd.org  2000/09/07 14:40:30
           [channels.c channels.h clientloop.c serverloop.c ssh.c]
           cleanup window and packet sizes for ssh2 flow control; ok niels
         - markus@cvs.openbsd.org  2000/09/07 14:53:00
         - markus@cvs.openbsd.org  2000/09/07 15:13:37
           [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
           [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
           [pty.c readconf.c]
           some more Copyright fixes
         - markus@cvs.openbsd.org  2000/09/08 03:02:51
           bye bye
         - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
           [LICENCE cipher.c]
           a few more comments about it being ARC4 not RC4
         - markus@cvs.openbsd.org  2000/09/12 14:53:11
           [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
           multiple debug levels
         - markus@cvs.openbsd.org  2000/09/14 14:25:15
         - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
           check return value for setenv(3) for failure, and deal appropriately
  27. 08 Jul, 2000 1 commit
  28. 22 Jun, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Updates: · 6536c7d3
      Damien Miller authored
         - markus@cvs.openbsd.org  2000/06/18 18:50:11
           [auth2.c compat.c compat.h sshconnect2.c]
           make userauth+pubkey interop with ssh.com-2.2.0
         - markus@cvs.openbsd.org  2000/06/18 20:56:17
           mem leak + be more paranoid in dsa_verify.
         - markus@cvs.openbsd.org  2000/06/18 21:29:50
           cleanup fingerprinting, less hardcoded sizes
         - markus@cvs.openbsd.org  2000/06/19 19:39:45
           [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
           [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
           [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
           [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
           [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
           [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
           [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
           [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
           OpenBSD tag
         - markus@cvs.openbsd.org  2000/06/21 10:46:10
           sshconnect2.c missing free; nuke old comment
  29. 16 Apr, 2000 1 commit
    • Damien Miller's avatar
      - Reduce diff against OpenBSD source · 5f05637b
      Damien Miller authored
         - All OpenSSL includes are now unconditionally referenced as
         - Pick up formatting changes
         - Other minor changed (typecasts, etc) that I missed
  30. 17 Mar, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS updates: · 7684ee17
      Damien Miller authored
         - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
           [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
           pedantic: signed vs. unsigned, void*-arithm, etc
         - [ssh.1 sshd.8]
           Various cleanups and standardizations.
  31. 09 Mar, 2000 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS updates to v1.2.3 · 98c7ad60
      Damien Miller authored
      	[ssh.h atomicio.c]
      	 - int atomicio -> ssize_t (for alpha). ok deraadt@
      	 - delay MD5 computation until client sends response, free() early, cleanup.
      	 - void* -> unsigned char*, ok niels@
      	 - remove unused variable 'len'. fix comments.
      	 - remove unused variable
      	[log-client.c log-server.c]
      	 - rename a cpp symbol, to avoid param.h collision
      	 - missing xfree()
      	 - getsockname() requires initialized tolen; andy@guildsoftware.com
      	 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
      	from Holger.Trapp@Informatik.TU-Chemnitz.DE
      	[pty.c pty.h]
      	 - register cleanup for pty earlier. move code for pty-owner handling to
         	pty.c ok provos@, dugsong@
      	 - turn off x11-fwd for the client, too.
      	 - PKCS#1 padding
      	 - allow '.' in usernames; from jedgar@fxp.org
      	 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
      	 - sync with sshd_config
      	 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
      	 - Change invalid 'CHAT' loglevel to 'VERBOSE'
      	 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
      	 - turn off x11-fwd for the client, too.
      	 - missing xfree()
      	 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
      	 - read error vs. "Connection closed by remote host"
      	 - ie. -> i.e.,
      	 - do not link to a commercial page..
      	 - sync with sshd_config
      	 - no need for poll.h; from bright@wintelcom.net
      	 - log with level log() not fatal() if peer behaves badly.
      	 - don't panic if client behaves strange. ok deraadt@
      	 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
      	 - delay close() of pty until the pty has been chowned back to root
      	 - oops, fix comment, too.
      	 - missing xfree()
      	 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
      	 - register cleanup for pty earlier. move code for pty-owner handling to
            pty.c ok provos@, dugsong@
      	 - create x11 cookie file
      	 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
      	 - version 1.2.3
       - Cleaned up
  32. 14 Dec, 1999 1 commit
  33. 07 Dec, 1999 1 commit
  34. 25 Nov, 1999 1 commit
    • Damien Miller's avatar
      · 5428f646
      Damien Miller authored
       - More reformatting merged from OpenBSD CVS
       - Merged OpenBSD CVS changes:
         - [channels.c]
           report from mrwizard@psu.edu via djm@ibs.com.au
         - [channels.c]
           set SO_REUSEADDR and SO_LINGER for forwarded ports.
           chip@valinux.com via damien@ibs.com.au
         - [nchan.c]
           it's not an error() if shutdown_write failes in nchan.
         - [readconf.c]
           remove dead #ifdef-0-code
         - [readconf.c servconf.c]
           strcasecmp instead of tolower
         - [scp.c]
           progress meter overflow fix from damien@ibs.com.au
         - [ssh-add.1 ssh-add.c]
           SSH_ASKPASS support
         - [ssh.1 ssh.c]
           postpone fork_after_authentication until command execution,
           request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
           plus: use daemon() for backgrounding
  35. 24 Nov, 1999 1 commit
    • Damien Miller's avatar
      - Merged very large OpenBSD source code reformat · 95def098
      Damien Miller authored
       - OpenBSD CVS updates
         - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
           [ssh.h sshd.8 sshd.c]
           syslog changes:
           * Unified Logmessage for all auth-types, for success and for failed
           * Standard connections get only ONE line in the LOG when level==LOG:
             Auth-attempts are logged only, if authentication is:
                a) successfull or
                b) with passwd or
                c) we had more than AUTH_FAIL_LOG failues
           * many log() became verbose()
           * old behaviour with level=VERBOSE
         - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
           tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
           messages. allows use of s/key in windows (ttssh, securecrt) and
           ssh-1.2.27 clients without 'ssh -v', ok: niels@
         - [sshd.8]
           -V, for fallback to openssh in SSH2 compatibility mode
         - [sshd.c]
           fix sigchld race; cjc5@po.cwru.edu
  36. 27 Oct, 1999 1 commit