summaryrefslogtreecommitdiffstats
path: root/auth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - dtucker@cvs.openbsd.org 2013/02/06 00:22:21Damien Miller2013-02-121-2/+2
| | | | | [auth.c] Fix comment, from jfree.e1 at gmail
* - djm@cvs.openbsd.org 2013/01/17 23:00:01Damien Miller2013-01-181-2/+13
| | | | | | | | | | [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] [krl.c krl.h PROTOCOL.krl] add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
* - dtucker@cvs.openbsd.org 2012/12/14 05:26:43Damien Miller2013-01-091-3/+2
| | | | | [auth.c] use correct string in error message; from rustybsd at gmx.fr
* - djm@cvs.openbsd.org 2012/12/02 20:34:10Damien Miller2012-12-021-4/+8
| | | | | | | | | | | | | | | | [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] [monitor.c monitor.h] Fixes logging of partial authentication when privsep is enabled Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@
* - djm@cvs.openbsd.org 2012/10/30 21:29:55Damien Miller2012-10-301-15/+38
| | | | | | | | | | | | [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] [sshd.c sshd_config sshd_config.5] new sshd_config option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run as the target server user unless another specified via a new AuthorizedKeysCommandUser option. patch originally by jchadima AT redhat.com, reworked by me; feedback and ok markus@
* - (dtucker) OpenBSD CVS SyncDarren Tucker2012-05-191-3/+4
| | | | | | | - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
* - djm@cvs.openbsd.org 2012/04/11 13:17:54Damien Miller2012-04-221-2/+3
| | | | | | [auth.c] Support "none" as an argument for AuthorizedPrincipalsFile to indicate no file should be read.
* - djm@cvs.openbsd.org 2011/05/23 03:33:38Damien Miller2011-05-291-6/+3
| | | | | [auth.c] make secure_filename() spam debug logs less
* OpenBSD CVS SyncDamien Miller2011-05-291-8/+2
| | | | | | | | | | | | - djm@cvs.openbsd.org 2011/05/23 03:30:07 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
* - djm@cvs.openbsd.org 2011/05/11 04:47:06Damien Miller2011-05-151-7/+1
| | | | | | | [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@
* - djm@cvs.openbsd.org 2010/11/29 23:45:51Damien Miller2010-12-011-12/+18
| | | | | | | | | [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] [sshconnect.h sshconnect2.c] automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
* - djm@cvs.openbsd.org 2010/11/23 02:35:50Damien Miller2010-12-011-2/+2
| | | | | | [auth.c] use strict_modes already passed as function argument over referencing global options.strict_modes
* - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.Tim Rice2010-08-121-1/+1
|
* - djm@cvs.openbsd.org 2010/08/04 05:42:47Damien Miller2010-08-051-2/+2
| | | | | | | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] [ssh-keysign.c ssh.c] enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
* - djm@cvs.openbsd.org 2010/06/22 04:49:47Damien Miller2010-06-261-1/+4
| | | | | | | [auth.c] queue auth debug messages for bad ownership or permissions on the user's keyfiles. These messages will be sent after the user has successfully authenticated (where our client will display them with LogLevel=debug).
* - djm@cvs.openbsd.org 2010/05/07 11:30:30Damien Miller2010-05-101-11/+30
| | | | | | | | | | | | | | | | | | | | | | | | [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] [key.c servconf.c servconf.h sshd.8 sshd_config.5] add some optional indirection to matching of principal names listed in certificates. Currently, a certificate must include the a user's name to be accepted for authentication. This change adds the ability to specify a list of certificate principal names that are acceptable. When authenticating using a CA trusted through ~/.ssh/authorized_keys, this adds a new principals="name1[,name2,...]" key option. For CAs listed through sshd_config's TrustedCAKeys option, a new config option "AuthorizedPrincipalsFile" specifies a per-user file containing the list of acceptable names. If either option is absent, the current behaviour of requiring the username to appear in principals continues to apply. These options are useful for role accounts, disjoint account namespaces and "user@realm"-style naming policies in certificates. feedback and ok markus@
* - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so thatDarren Tucker2010-03-071-0/+8
| | | | | it gets the passwd struct from the LAM that knows about the user which is not necessarily the default. Patch from Alexandre Letourneau.
* - djm@cvs.openbsd.org 2010/03/05 02:58:11Damien Miller2010-03-051-2/+3
| | | | | [auth.c] make the warning for a revoked key louder and more noticable
* - djm@cvs.openbsd.org 2010/03/04 10:36:03Damien Miller2010-03-041-1/+30
| | | | | | | | | | | | | | | [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c] [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h] [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5] Add a TrustedUserCAKeys option to sshd_config to specify CA keys that are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
* - (djm) [auth.c] On Cygwin, refuse usernames that have differences inDamien Miller2010-02-281-0/+13
| | | | | | | case from that matched in the system password database. On this platform, passwords are stored case-insensitively, but sshd requires exact case matching for Match blocks in sshd_config(5). Based on a patch from vinschen AT redhat.com.
* - djm@cvs.openbsd.org 2010/02/09 06:18:46Damien Miller2010-02-111-36/+21
| | | | | | [auth.c] unbreak ChrootDirectory+internal-sftp by skipping check for executable shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
* - djm@cvs.openbsd.org 2010/01/13 23:47:26Darren Tucker2010-01-151-3/+23
| | | | | | | [auth.c] when using ChrootDirectory, make sure we test for the existence of the user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu; ok dtucker
* - (dtucker) OpenBSD CVS SyncDarren Tucker2010-01-131-2/+2
| | | | | | - dtucker@cvs.openbsd.org 2010/01/13 00:19:04 [sshconnect.c auth.c] Fix a couple of typos/mispellings in comments
* - dtucker@cvs.openbsd.org 2010/01/10 07:15:56Darren Tucker2010-01-101-2/+6
| | | | | [auth.c] Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
* - djm@cvs.openbsd.org 2008/11/04 07:58:09Damien Miller2008-11-051-1/+1
| | | | | | [auth.c] need unistd.h for close() prototype (ID sync only)
* - (djm) [auth.c] Missing unistd.h for close()Damien Miller2008-07-091-0/+1
|
* - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowedDamien Miller2008-07-051-2/+1
| | | | | passwords disabled. bz#1083 report & patch from senthilkumar_sen AT hotpop.com, w/ dtucker@
* - dtucker@cvs.openbsd.org 2008/07/02 12:03:51Darren Tucker2008-07-021-2/+43
| | | | | | | [auth-rsa.c auth.c auth2-pubkey.c auth.h] Merge duplicate host key file checks, based in part on a patch from Rob Holland via bz #1348 . Also checks for non-regular files during protocol 1 RSA auth. ok djm@
* - djm@cvs.openbsd.org 2007/09/21 08:15:29Damien Miller2007-10-261-1/+1
| | | | | | | | | | [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c] [monitor.c monitor_wrap.c] unifdef -DBSD_AUTH unifdef -USKEY These options have been in use for some years; ok markus@ "no objection" millert@ (NB. RCD ID sync only for portable)
* - djm@cvs.openbsd.org 2007/08/23 02:55:51Damien Miller2007-09-171-1/+1
| | | | | | [auth-passwd.c auth.c session.c] missed include bits from last commit NB. RCS ID sync only for portable
* - djm@cvs.openbsd.org 2007/08/23 02:49:43Damien Miller2007-09-171-1/+1
| | | | | | [auth-passwd.c auth.c session.c] unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ NB. RCS ID sync only for portable
* 20070326Tim Rice2007-03-261-4/+4
| | | | | | - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
* - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash wouldDamien Miller2006-12-041-2/+2
| | | | | occur if the server did not have the privsep user and an invalid user tried to login and both privsep and krb5 auth are disabled.
* - (djm) [auth.c] gc some dead codeDamien Miller2006-10-271-2/+0
|
* - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it canDamien Miller2006-09-071-0/+3
| | | | | | | be used to drop privilege to; fixes Solaris GSSAPI crash reported by Magnus Abrante; suggestion and feedback dtucker@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes
* - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always callDarren Tucker2006-08-301-0/+5
| | | | | | | | | | | loginsuccess on AIX immediately after authentication to clear the failed login count. Previously this would only happen when an interactive session starts (ie when a pty is allocated) but this means that accounts that have primarily non-interactive sessions (eg scp's) may gradually accumulate enough failures to lock out an account. This change may have a side effect of creating two audit records, one with a tty of "ssh" corresponding to the authentication and one with the allocated pty per interactive session.
* - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrecDamien Miller2006-08-051-0/+2
|
* - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]Damien Miller2006-08-051-1/+0
| | | | | remove last traces of bufaux.h - it was merged into buffer.h in the big includes.h commit
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller2006-08-051-1/+2
| | | | | | | | | | | | | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/26 02:35:17Damien Miller2006-08-051-1/+2
| | | | | | | | | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include <sys/param.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - dtucker@cvs.openbsd.org 2006/07/12 11:34:58Darren Tucker2006-07-121-1/+4
| | | | | | | | | | | | | | [sshd.c servconf.h servconf.c sshd_config.5 auth.c] Add support for conditional directives to sshd_config via a "Match" keyword, which works similarly to the "Host" directive in ssh_config. Lines after a Match line override the default set in the main section if the condition on the Match line is true, eg AllowTcpForwarding yes Match User anoncvs AllowTcpForwarding no will allow port forwarding by all users except "anoncvs". Currently only a very small subset of directives are supported. ok djm@
* - stevesk@cvs.openbsd.org 2006/07/11 20:07:25Darren Tucker2006-07-121-1/+2
| | | | | | | | | [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] move #include <errno.h> out of includes.h; ok markus@
* - stevesk@cvs.openbsd.org 2006/07/10 16:37:36Darren Tucker2006-07-121-2/+2
| | | | | | [readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c auth.c packet.c log.c] move #include <stdarg.h> out of includes.h; ok markus@
* - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller2006-07-101-1/+2
| | | | | | | | | | | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
* - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitorDarren Tucker2006-05-211-36/+2
| | | | | and slave, we can remove the special-case handling in the audit hook in auth_log.
* - dtucker@cvs.openbsd.org 2006/03/30 11:40:21Damien Miller2006-03-311-1/+5
| | | | | [auth.c monitor.c] Prevent duplicate log messages when privsep=yes; ok djm@
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - djm@cvs.openbsd.org 2006/03/25 00:05:41Damien Miller2006-03-261-7/+5
| | | | | | | | | | | | | | | | [auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c] [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c] [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c] [xmalloc.c xmalloc.h] introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@