summaryrefslogtreecommitdiffstats
path: root/sshlogin.h (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-08-15retire testing aginst older LibreSSL versionsDamien Miller1-2/+0
libressl prior to 3.4.x lack support for the EVP_DigestSign and EVP_DigestVerify APIs that we need now that sshkey is converted to EVP_PKEY. If someone makes a good case for why we should support these versions then we could bring back support with wrappers.
2024-08-15sync TEST_MALLOC_OPTIONS for OpenBSDDamien Miller1-1/+1
2024-08-15remove gratuitious difference from OpenBSDDamien Miller1-6/+6
2024-08-15upstream: adapt to EVP_PKEY conversiondjm@openbsd.org3-25/+30
OpenBSD-Regress-ID: 0e2d4efb0ed0e392e23cd8fda183fe56531ac446
2024-08-15upstream: test transfers in mux proxy mode toodjm@openbsd.org1-14/+15
OpenBSD-Regress-ID: 2edfc980628cfef3550649cab8d69fa23b5cd6c4
2024-08-15upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API.djm@openbsd.org14-522/+749
DSA remains unconverted as it will be removed within six months. Based on patches originally from Dmitry Belyavskiy, but significantly reworked based on feedback from Bob Beck, Joel Sing and especially Theo Buehler (apologies to anyone I've missed). ok tb@ OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5
2024-08-15upstream: Reorder calloc argumentstobias@openbsd.org2-5/+5
The first argument should be the amount, the second argument should be the element size. Fixing this also silences some gcc compiler warnings for portable. Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 711ad6f7bd7fb48bf52208f2cf9f108cddb6d41a
2024-08-15upstream: Extend sshbuf validationtobias@openbsd.org1-2/+4
Multiple sshbuf structs can be linked through a parent/child relationship. Make sure that a single sshbuf cannot be its own parent. If this would ever happen, it would result in reference counting issues. This is a cheap way of testing this with very little overhead. It does not detect A->B->A linkages though for performance reason and the fact that it takes a programming error for this to occur anyway. Authored with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16
2024-08-15upstream: Use freezero for better readabilitytobias@openbsd.org1-5/+3
It has the same meaning as the current pair of calling explicit_bzero and free. Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 939fbe9ccf52d0d48c5fa53694d6f3bb9927970c
2024-08-15upstream: Fix typo in commenttobias@openbsd.org1-2/+2
Spotted with Benny Baumann (BenBE at geshi dot org). ok djm@ OpenBSD-Commit-ID: 829160ac8ef3ad3409695ce3a3ade835061cae57
2024-08-15upstream: add a random amount of time (up to 4 seconds) to thedlg@openbsd.org1-4/+17
grace login time. ok deraadt@ djm@ OpenBSD-Commit-ID: abd3c57aaa5861517529b322df79b6be35ee67f4
2024-08-15upstream: document the reduced logingrace penaltynaddy@openbsd.org1-3/+3
OpenBSD-Commit-ID: 9b63e0e3599d524ddc10edc4f978081382c3548b
2024-07-28Explicitly install libssl-devel cygwin.Darren Tucker1-1/+1
Should fix CI tests for cygwin default config.
2024-07-26upstream: reduce logingrace penalty.djm@openbsd.org1-2/+2
A single forgotton login that times out should be below the penalty threshold. ok deraadt/claudio OpenBSD-Commit-ID: cee1f7d17597c97bff8e5092af5d136fdb08f81d
2024-07-26upstream: Fix proxy multiplexing (-O proxy) bugdjm@openbsd.org4-20/+26
If a mux started with ControlPersist then later has a forwarding added using mux proxy connection and the forwarding was used, then when the mux proxy session terminates, the mux master process will send a channel close to the server with a bad channel ID and crash the connection. This was caused by my stupidly reusing c->remote_id for mux channel associations when I should have just added another member to struct channel. ok markus@ OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2
2024-07-26upstream: mention mux proxy modedjm@openbsd.org1-2/+4
OpenBSD-Commit-ID: fd77a77779f06d316a314e4540dc57c93fc3369a
2024-07-26upstream: fix double word; ok dtucker@jsg@openbsd.org1-3/+3
OpenBSD-Commit-ID: e6aff005914fa350b896d2be030be3d3b56ec0e8
2024-07-25Check for SA_RESTART before using it.Darren Tucker1-0/+2
ok djm@
2024-07-20Class-imposed login restrictionsYuichiro Naito2-0/+20
If the following functions are available, add an additional check if users are allowed to login imposed by login class. * auth_hostok(3) * auth_timeok(3) These functions are implemented on FreeBSD.
2024-07-10upstream: correct keyword; from Yatao Su via GHPR509djm@openbsd.org1-3/+3
OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2
2024-07-08upstream: don't need return at end of void functiondjm@openbsd.org1-2/+1
OpenBSD-Commit-ID: 42d322d37f13aa075ae7b1ad9eef591e20b89717
2024-07-08upstream: fix grammar: "a pattern lists" -> "one or more patterndjm@openbsd.org2-8/+8
lists" OpenBSD-Commit-ID: f3c844763398faa9800687e8ff6621225498202a
2024-07-07Cast to sockaddr * in systemd interface.Darren Tucker1-1/+1
Fixes build with musl libx. bz#3707.
2024-07-04Add 9.8 branch to ci-status page.Darren Tucker1-0/+4
2024-07-03Fix detection of setres*id on GNU/HurdSamuel Thibault1-0/+7
Like Linux, proper _SOURCE macros need to be set to get declarations of various standard functions, notably setres*id. Now that Debian is using -Werror=implicit-function-declaration this is really required. While at it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses the same glibc.
2024-07-01version numbersDamien Miller3-3/+3
2024-07-01upstream: openssh-9.8djm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
2024-07-01upstream: when sending ObscureKeystrokeTiming chaff packets, wedjm@openbsd.org1-3/+4
can't rely on channel_did_enqueue to tell that there is data to send. This flag indicates that the channels code enqueued a packet on _this_ ppoll() iteration, not that data was enqueued in _any_ ppoll() iteration in the timeslice. ok markus@ OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
2024-07-01upstream: use "lcd" to change directory before "lls" rather then "cd",djm@openbsd.org1-2/+2
since the directory we're trying to list is local. Spotted by Corinna Vinschen OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
2024-06-28upstream: delete obsolete commentdjm@openbsd.org1-20/+2
OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
2024-06-28upstream: retire unused APIdjm@openbsd.org2-22/+2
OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
2024-06-28upstream: ssl(8) no longer contains a HISTORY section;jmc@openbsd.org1-5/+2
OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
2024-06-28upstream: move child process waitpid() loop out of SIGCHLD handler;djm@openbsd.org1-21/+18
ok deraadt OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
2024-06-28upstream: Instead of using possibly complex ssh_signal(), write allderaadt@openbsd.org1-2/+11
the parts of the grace_alarm_handler() using the exact things allowed by the signal-safe rules. This is a good rule of thumb: Handlers should be written to either set a global volatile sig_atomic_t inspected from outside, and/or directly perform only safe operations listed in our sigaction(2) manual page. ok djm markus OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
2024-06-28upstream: save_errno wrappers inside two small signal handlers thatderaadt@openbsd.org2-2/+6
perform system calls, for systems with libc that do perform libc sigtramps. ok djm markus OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
2024-06-28upstream: - uppercase start of sentence - correct sentence grammarjmc@openbsd.org1-3/+3
ok djm OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
2024-06-28upstream: mention SshdSessionPath optiondjm@openbsd.org1-2/+9
OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
2024-06-20Rerun upstream tests on .sh file changes too.Darren Tucker1-1/+1
2024-06-20upstream: Work around dbclient cipher/mac query bug.dtucker@openbsd.org1-10/+5
Unlike earlier versions, recent Dropbear (at least v2024.85) requires a host arg when querying supported ciphers and macs via "-c/-m help". Earlier versions accept but do not require it, so always provide it. If these queries fail, skip the test with a warning. OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
2024-06-20upstream: Remove dropbear key types not supporteddtucker@openbsd.org1-11/+9
by current OpenSSH. Allows subsequent test runs to work if OpenSSH is rebuilt w/out OpenSSL. OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
2024-06-20upstream: stricter check for overfull tables in penalty record pathdjm@openbsd.org1-1/+1
OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
2024-06-20upstream: put back reaping of preauth child process when writesdjm@openbsd.org1-19/+24
from the monitor fail. Not sure how this got lost in the avalanche of patches. OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5
2024-06-20upstream: remove one more mention of DSAnaddy@openbsd.org1-2/+1
OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca
2024-06-19Move -f to the place needed to restart sshd.Darren Tucker1-1/+1
2024-06-19Need to supply "-f" to restart sshd.Darren Tucker1-1/+1
2024-06-19upstream: Provide defaults for ciphers and macsdtucker@openbsd.org1-3/+13
if querying for them fails since on some versions of Dropbear (at least v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey algorithms in the server. OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
2024-06-19upstream: Use ed25519 keys for kex testsdtucker@openbsd.org1-8/+6
since that's supported by OpenSSH even when built without OpenSSL. Only test diffie-hellman kex if OpenSSH is compiled with support for it. OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
2024-06-19upstream: Rework dropbear key setupdtucker@openbsd.org1-8/+16
to always generate ed25519 keys, other types only if OpenSSH has support for the corresponding key type. OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
2024-06-19Restart sshd after installing it for testing.Darren Tucker1-1/+1
When installing an sshd built without OpenSSL the mismatch between the running sshd and newly installed sshd-session will cause the remainder of the test to fail.
2024-06-19Remove macos-11 runner.Darren Tucker1-2/+0
Github is retiring them soon.