summaryrefslogtreecommitdiffstats
path: root/monitor.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: log signature algorithm during verification by monitor;djm@openbsd.org2022-01-061-2/+3
| | | | | | ok markus OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc
* upstream: sshd side of hostbound public key authdjm@openbsd.org2021-12-191-5/+21
| | | | | | | | | This is identical to the standard "publickey" method, but it also includes the initial server hostkey in the message signed by the client. feedback / ok markus@ OpenBSD-Commit-ID: 7ea01bb7238a560c1bfb426fda0c10a8aac07862
* upstream: remove a bunch of %p in format strings; leftovers ofdjm@openbsd.org2021-08-111-6/+4
| | | | | | debuggings past. prompted by Michael Forney, ok dtucker@ OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac
* Sync remaining ChallengeResponse removal.Darren Tucker2021-07-031-2/+2
| | | | These were omitted from commit 88868fd131.
* upstream: Remove now-unused skey function prototypes leftover fromdtucker@openbsd.org2021-04-301-3/+1
| | | | | | skey removal. OpenBSD-Commit-ID: 2fc36d519fd37c6f10ce74854c628561555a94c3
* upstream: do not pass file/func to monitor; noted by Ilja van Sprundel;markus@openbsd.org2021-04-161-10/+6
| | | | | | ok djm@ OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa
* upstream: don't sshbuf_get_u32() into an enum; reported by goetzedjm@openbsd.org2021-03-031-4/+4
| | | | | | AT dovetail.com via bz3269 OpenBSD-Commit-ID: 99a30a8f1df9bd72be54e21eee5c56a0f050921a
* upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_tdjm@openbsd.org2021-01-271-21/+28
| | | | | | | and use that instead of global variables containing copies of it. feedback/ok markus@ OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-5/+5
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: Rename HostbasedKeyTypes (ssh) anddtucker@openbsd.org2021-01-261-2/+2
| | | | | | | | | HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
* upstream: Rename PubkeyAcceptedKeyTypes keyword todtucker@openbsd.org2021-01-221-2/+2
| | | | | | | | | | PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
* upstream: Update/replace the experimental post-quantim hybrid keydjm@openbsd.org2020-12-291-2/+2
| | | | | | | | | | | | | | | | | | | | exchange method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default) OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
* upstream: clean up passing of struct passwd from monitor to preauthdjm@openbsd.org2020-11-271-6/+20
| | | | | | | | | privsep process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly, Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@ OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-154/+141
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: variants of the log methods that append a ssherr.h stringdjm@openbsd.org2020-10-181-4/+3
| | | | | | from a supplied error code; ok markus@ OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf
* upstream: revised log infrastructure for OpenSSHdjm@openbsd.org2020-10-161-5/+10
| | | | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@ OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
* upstream: support for requiring user verified FIDO keys in sshddjm@openbsd.org2020-08-271-2/+15
| | | | | | | | | | | | | This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@ OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-2/+2
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: correct recently broken commentsderaadt@openbsd.org2020-07-151-2/+2
| | | | OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-2/+2
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: spelling errors in comments; no code change fromdjm@openbsd.org2020-03-141-2/+2
| | | | OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-3/+2
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-061-3/+4
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-5/+5
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: allow security keys to act as host keys as well as userdjm@openbsd.org2019-12-161-2/+2
| | | | | | | | | | | | | keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@ OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
* upstream: redundant testdjm@openbsd.org2019-11-251-2/+2
| | | | OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3
* upstream: add a "no-touch-required" option for authorized_keys anddjm@openbsd.org2019-11-251-2/+3
| | | | | | | | | | a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
* upstream: Add a sshd_config PubkeyAuthOptions directivedjm@openbsd.org2019-11-251-24/+39
| | | | | | | | | | | This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@ OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de
* upstream: Add new structure for signature optionsdjm@openbsd.org2019-11-251-3/+11
| | | | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
* upstream: a little more information from the monitor when signaturedjm@openbsd.org2019-11-191-3/+4
| | | | | | verification fails. OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3
* upstream: Refactor signing - use sshkey_sign for everything,djm@openbsd.org2019-10-311-2/+2
| | | | | | | | | | | | | including the new U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@ OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
* upstream: reversed test yielded incorrect debug messagedjm@openbsd.org2019-10-091-2/+2
| | | | OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
* wrap stdint.h include in HAVE_STDINT_HDamien Miller2019-10-091-1/+1
| | | | | | make the indenting a little more consistent too.. Fixes Solaris 2.6; reported by Tom G. Christensen
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-5/+5
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: rename kex->kem_client_pub -> kex->client_pub now thatdjm@openbsd.org2019-01-211-9/+9
| | | | | | | | KEM has been renamed to kexgen from markus@ ok djm@ OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
* upstream: use KEM API for vanilla ECDHdjm@openbsd.org2019-01-211-2/+2
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
* upstream: use KEM API for vanilla DH KEXdjm@openbsd.org2019-01-211-6/+6
| | | | | | from markus@ ok djm@ OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
* upstream: use KEM API for vanilla c25519 KEXdjm@openbsd.org2019-01-211-2/+2
| | | | OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
* upstream: Add support for a PQC KEX/KEM:djm@openbsd.org2019-01-211-1/+2
| | | | | | | | | | | | sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@ OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
* last bits of old packet API / active_state globalDamien Miller2019-01-201-1/+1
|
* remove PAM dependencies on old packet APIDamien Miller2019-01-201-1/+1
| | | | | Requires some caching of values, because the PAM code isn't always called with packet context.
* upstream: remove last references to active_statedjm@openbsd.org2019-01-191-4/+4
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
* upstream: convert monitor.c to new packet APIdjm@openbsd.org2019-01-191-89/+80
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
* upstream: convert auth.c to new packet APIdjm@openbsd.org2019-01-191-4/+4
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: fix bug in HostbasedAcceptedKeyTypes anddjm@openbsd.org2018-11-161-5/+34
| | | | | | | | | PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
* adapt -portable to OpenSSL 1.1x APIDamien Miller2018-09-131-1/+3
| | | | Polyfill missing API with replacement functions extracted from LibreSSL
* upstream: hold our collective noses and use the openssl-1.1.x API indjm@openbsd.org2018-09-131-2/+4
| | | | | | OpenSSH; feedback and ok tb@ jsing@ markus@ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
* Remove support for S/KeyDamien Miller2018-07-311-66/+0
| | | | | | Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
* upstream: remove unused zlib.hdjm@openbsd.org2018-07-201-8/+1
| | | | OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 08:00:34 +0100