summaryrefslogtreecommitdiffstats
path: root/sshd-auth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: spelling; ok djm@jsg@openbsd.org2024-12-041-2/+2
| | | | OpenBSD-Commit-ID: c8ff3f70020451eef214e598117b7ce1a29853ef
* Seed RNG when starting up sshd-auth.Darren Tucker2024-10-171-0/+2
| | | | | | Makes builds configured --without-openssl work again since otherwise the first use of the RNG comes after the sandbox init and it can't open /dev/random.
* fix breakage; missing saved_argc symbolDamien Miller2024-10-151-0/+2
|
* put back some portable bits for sshd-auth.cDamien Miller2024-10-141-3/+20
|
* there's only one sandbox, move to a static globalDamien Miller2024-10-141-2/+5
|
* upstream: Split per-connection sshd-session binarydjm@openbsd.org2024-10-141-0/+861
This splits the user authentication code from the sshd-session binary into a separate sshd-auth binary. This will be executed by sshd-session to complete the user authentication phase of the protocol only. Splitting this code into a separate binary ensures that the crucial pre-authentication attack surface has an entirely disjoint address space from the code used for the rest of the connection. It also yields a small runtime memory saving as the authentication code will be unloaded after thhe authentication phase completes. Joint work with markus@ feedback deraadt@ Tested in snaps since last week OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 08:40:40 +0100