summaryrefslogtreecommitdiffstats
path: root/auth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: add a "Match invalid-user" predicate to sshd_config Matchdjm@openbsd.org2024-09-151-1/+2
| | | | | | | | | | | | | | | | | | options. This allows writing Match conditions that trigger for invalid username. E.g. PerSourcePenalties refuseconnection:90s Match invalid-user RefuseConnection yes Will effectively penalise bots try to guess passwords for bogus accounts, at the cost of implicitly revealing which accounts are invalid. feedback markus@ OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07
* Class-imposed login restrictionsYuichiro Naito2024-07-201-0/+18
| | | | | | | | | | If the following functions are available, add an additional check if users are allowed to login imposed by login class. * auth_hostok(3) * auth_timeok(3) These functions are implemented on FreeBSD.
* upstream: Start the process of splitting sshd into separatedjm@openbsd.org2024-05-171-101/+7
| | | | | | | | | | | | | | | | | | | | binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out. OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
* upstream: Remove unused compat.h includes.dtucker@openbsd.org2023-03-051-2/+1
| | | | | | | | We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it. OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
* upstream: Add server debugging for hostbased auth.dtucker@openbsd.org2022-12-091-6/+5
| | | | | | | | auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@ OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: move auth_openprincipals() and auth_openkeyfile() over todjm@openbsd.org2022-06-031-57/+1
| | | | | | auth2-pubkeyfile.c too; they make more sense there. OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee
* upstream: split the low-level file handling functions out fromdjm@openbsd.org2022-05-271-93/+1
| | | | | | | | | | | | auth2-pubkey.c Put them in a new auth2-pubkeyfile.c to make it easier to refer to them (e.g. in unit/fuzz tests) without having to refer to everything else pubkey auth brings in. ok dtucker@ OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217
* upstream: refactor authorized_keys/principals handlingdjm@openbsd.org2022-05-271-6/+4
| | | | | | | | | | remove "struct ssh *" from arguments - this was only used to pass the remote host/address. These can be passed in instead and the resulting code is less tightly coupled to ssh_api.[ch] ok dtucker@ OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d
* upstream: Check sshauthopt_new() for NULL. bz#3425, fromdtucker@openbsd.org2022-04-271-2/+3
| | | | | | tessgauthier at microsoft.com. ok djm@ OpenBSD-Commit-ID: af0315bc3e44aa406daa7e0ae7c2d719a974483f
* Remove now-unused passwd variable.Darren Tucker2022-03-261-1/+1
|
* Factor out platform-specific locked account check.Darren Tucker2022-03-261-47/+3
| | | | | | Also fixes an incorrect free on platforms with both libiaf and shadow passwords (probably only Unixware). Prompted by github PR#284, originally from @c3h2_ctf and stoeckmann@.
* upstream: randomise the password used in fakepwdjm@openbsd.org2022-02-231-3/+13
| | | | OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947
* upstream: Remove comment referencing now-removeddtucker@openbsd.org2021-07-081-4/+2
| | | | | | RhostsRSAAuthentication. ok djm@ OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
* Remove some whitespace not in upstream.Darren Tucker2021-07-031-1/+0
| | | | Reduces diff vs OpenBSD by a small amount.
* auth_log: dont log partial successes as failuresVincent Brillault2021-06-041-13/+16
| | | | | | | | By design, 'partial' logins are successful logins, so initially with authenticated set to 1, for which another authentication is required. As a result, authenticated is always reset to 0 when partial is set to 1. However, even if authenticated is 0, those are not failed login attempts, similarly to attempts with authctxt->postponed set to 1.
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-2/+2
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* prefer login_getpwclass() to login_getclass()Damien Miller2021-02-181-1/+1
| | | | | | | | FreeBSD has login_getpwclass() that does some special magic for UID=0. Prefer this to login_getclass() as its easier to emulate the former with the latter. Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@
* upstream: move subprocess() from auth.c to misc.cdjm@openbsd.org2020-12-221-153/+1
| | | | | | | | | | | | make privilege dropping optional but allow it via callbacks (to avoid need to link uidswap.c everywhere) add some other flags (keep environment, disable strict path safety check) that make this more useful for client-side use. feedback & ok markus@ OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
* upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*djm@openbsd.org2020-12-211-3/+3
| | | | | | | | | | | | | | | | | Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@ OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-20/+18
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: LogVerbose keyword for ssh and sshddjm@openbsd.org2020-10-161-1/+5
| | | | | | | | | Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
* upstream: support for requiring user verified FIDO keys in sshddjm@openbsd.org2020-08-271-4/+5
| | | | | | | | | | | | | This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@ OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6
* upstream: Add a sshd_config "Include" directive to allow inclusiondjm@openbsd.org2020-02-011-2/+3
| | | | | | | | of files. This has sensible semantics wrt Match blocks and accepts glob(3) patterns to specify the included files. Based on patch by Jakub Jelen in bz2468; feedback and ok markus@ OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-2/+2
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: strdup may return NULL if memory allocation fails. Usetobhe@openbsd.org2019-12-201-7/+7
| | | | | | | | the safer xstrdup which fatals on allocation failures. ok markus@ OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
* upstream: add a "no-touch-required" option for authorized_keys anddjm@openbsd.org2019-11-251-3/+4
| | | | | | | | | | a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
* upstream: potential NULL dereference for revoked hostkeys; reporteddjm@openbsd.org2019-10-161-2/+2
| | | | | | by krishnaiah bommu OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
* upstream: remove some duplicate #includesdjm@openbsd.org2019-10-021-2/+1
| | | | OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
* upstream: lots of things were relying on libcrypto headers todjm@openbsd.org2019-09-061-1/+2
| | | | | | | transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-8/+8
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* Remove "struct ssh" from sys_auth_record_login.Darren Tucker2019-04-021-1/+1
| | | | | It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
* Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen2019-02-221-13/+0
| | | | | | This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
* last bits of old packet API / active_state globalDamien Miller2019-01-201-2/+2
|
* remove vestiges of old packet API from loginrec.cDamien Miller2019-01-191-3/+3
|
* upstream: convert auth.c to new packet APIdjm@openbsd.org2019-01-191-16/+10
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
* upstream: convert servconf.c to new packet APIdjm@openbsd.org2019-01-191-2/+3
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: include time.h for time(3)/nanosleep(2); from Iandjm@openbsd.org2019-01-171-1/+2
| | | | | | McKellar OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
* Don't pass loginmsg by address now that it's an sshbuf*Kevin Adler2018-12-131-2/+2
| | | | | | | | | In 120a1ec74, loginmsg was changed from the legacy Buffer type to struct sshbuf*, but it missed changing calls to sys_auth_allowed_user and sys_auth_record_login which passed loginmsg by address. Now that it's a pointer, just pass it directly. This only affects AIX, unless there are out of tree users.
* upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org2018-11-161-3/+3
| | | | OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
* upstream: log certificate fingerprint in authenticationdjm@openbsd.org2018-09-121-9/+13
| | | | | | | | | success/failure message (previously we logged only key ID and CA key fingerprint). ok markus@ OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
* upstream: s/wuth/with/ in commentmartijn@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
* Adapt portable to legacy buffer API removalDamien Miller2018-07-101-1/+1
|
* upstream: sshd: switch authentication to sshbuf API; ok djm@markus@openbsd.org2018-07-101-18/+21
| | | | OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
* upstream: permitlisten option for authorized_keys; ok markus@djm@openbsd.org2018-06-061-3/+12
| | | | OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
* upstream: make UID available as a %-expansion everywhere that thedjm@openbsd.org2018-06-011-3/+5
| | | | | | | | username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
* upstream: Do not ban PTY allocation when a sshd session is restricteddjm@openbsd.org2018-05-251-1/+2
| | | | | | | | because the user password is expired as it breaks password change dialog. regression in openssh-7.7 reported by Daniel Wagner OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
* upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org2018-03-141-5/+23
| | | | | | simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-5/+175
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* upstream commitmarkus@openbsd.org2018-01-231-1/+154
| | | | | | | move subprocess() so scp/sftp do not need uidswap.o; ok djm@ OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-30 20:30:30 +0100