summaryrefslogtreecommitdiffstats
path: root/auth2-hostbased.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: lots of things were relying on libcrypto headers todjm@openbsd.org2019-09-061-1/+2
| | | | | | | transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
* upstream: remove last references to active_statedjm@openbsd.org2019-01-191-7/+5
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+3
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: Add sshd_config CASignatureAlgorithms option to allowdjm@openbsd.org2018-09-201-1/+8
| | | | | | | | | | control over which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@ OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
* upstream: fix build with DEBUG_PK enabledmestre@openbsd.org2018-09-091-2/+2
| | | | | | OK dtucker@ OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
* upstream: delay bailout for invalid authenticdjm@openbsd.org2018-07-311-5/+6
| | | | | | | | | | | =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
* upstream: sshd: switch authentication to sshbuf API; ok djm@markus@openbsd.org2018-07-101-2/+2
| | | | OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
* upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org2018-07-031-3/+2
| | | | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
* upstream commitdjm@openbsd.org2018-01-231-5/+3
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdjm@openbsd.org2017-12-191-2/+2
| | | | | | | | pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
* upstream commitdjm@openbsd.org2017-06-241-4/+4
| | | | | | | | | | | refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@ Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
* upstream commitmarkus@openbsd.org2017-05-311-3/+3
| | | | | | switch auth2 to ssh_dispatch API; ok djm@ Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
* upstream commitmarkus@openbsd.org2017-05-311-48/+53
| | | | | | switch auth2-hostbased.c to modern APIs; ok djm@ Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e
* upstream commitmarkus@openbsd.org2017-05-311-3/+3
| | | | | | switch auth2-pubkey.c to modern APIs; with & ok djm@ Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
* upstream commitmarkus@openbsd.org2017-05-311-3/+3
| | | | | | switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
* upstream commitdjm@openbsd.org2016-03-071-3/+4
| | | | | | | | | | refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
* upstream commitdjm@openbsd.org2015-05-101-3/+2
| | | | | | | | | | | Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
* upstream commitdjm@openbsd.org2015-01-291-5/+7
| | | | | update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
* upstream commitdjm@openbsd.org2015-01-281-2/+1
| | | | remove obsolete comment
* upstream commitdjm@openbsd.org2015-01-131-1/+10
| | | | | | add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@
* upstream commitdjm@openbsd.org2015-01-081-1/+2
| | | | | | | | | | | | | | | | deprecate key_load_private_pem() and sshkey_load_private_pem() interfaces. Refactor the generic key loading API to not require pathnames to be specified (they weren't really used). Fixes a few other things en passant: Makes ed25519 keys work for hostbased authentication (ssh-keysign previously used the PEM-only routines). Fixes key comment regression bz#2306: key pathnames were being lost as comment fields. ok markus@
* upstream commitdjm@openbsd.org2015-01-081-5/+13
| | | | KNF and add a little more debug()
* upstream commitdjm@openbsd.org2014-12-211-3/+4
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-1/+2
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - djm@cvs.openbsd.org 2013/12/30 23:52:28Damien Miller2013-12-311-1/+7
| | | | | | | | | [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
* - djm@cvs.openbsd.org 2013/06/21 00:34:49Damien Miller2013-07-181-1/+5
| | | | | | [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] for hostbased authentication, print the client host and user on the auth success/failure line; bz#2064, ok dtucker@
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-7/+7
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - djm@cvs.openbsd.org 2010/08/04 05:42:47Damien Miller2010-08-051-3/+28
| | | | | | | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] [ssh-keysign.c ssh.c] enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
* - djm@cvs.openbsd.org 2010/03/04 10:36:03Damien Miller2010-03-041-1/+4
| | | | | | | | | | | | | | | [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c] [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h] [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5] Add a TrustedUserCAKeys option to sshd_config to specify CA keys that are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
* - djm@cvs.openbsd.org 2008/07/17 08:51:07Damien Miller2008-07-171-5/+6
| | | | | | [auth2-hostbased.c] strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes report and patch from res AT qoxp.net (bz#1200); ok markus@
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller2006-07-101-1/+5
| | | | | | | | | | | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - markus@cvs.openbsd.org 2004/01/19 21:25:15Damien Miller2004-01-211-2/+2
| | | | | [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
* - markus@cvs.openbsd.org 2003/06/24 08:23:46Darren Tucker2003-06-281-2/+2
| | | | | | [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] int -> u_int; ok djm@, deraadt@, mouring@
* - (djm) OpenBSD CVS SyncDamien Miller2003-06-031-2/+2
| | | | | | | | | | | | | - markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
* - (djm) RCSID sync w/ OpenBSDDamien Miller2003-05-141-1/+1
|
* *** empty log message ***Damien Miller2003-04-091-2/+2
|
* - markus@cvs.openbsd.org 2002/05/25 18:51:07Ben Lindstrom2002-06-061-0/+182
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c Makefile.in] split auth2.c into one file per method; ok provos@/deraadt@ NOTE: Merged back noticable cygwin and pam stuff. May need review to ensure I did not miss anything.