summaryrefslogtreecommitdiff
path: root/monitor_wrap.c
Commit message (Collapse)AuthorAgeFilesLines
* last bits of old packet API / active_state globalDamien Miller2019-01-201-1/+1
|
* remove PAM dependencies on old packet APIDamien Miller2019-01-201-1/+1
| | | | | Requires some caching of values, because the PAM code isn't always called with packet context.
* upstream: remove last references to active_statedjm@openbsd.org2019-01-201-9/+6
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
* upstream: convert monitor.c to new packet APIdjm@openbsd.org2019-01-201-2/+1
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
* upstream: convert auth.c to new packet APIdjm@openbsd.org2019-01-201-3/+2
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-201-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* Remove support for S/KeyDamien Miller2018-07-311-67/+0
| | | | | | Most people will 1) be using modern multi-factor authentication methods like TOTP/OATH etc and 2) be getting support for multi-factor authentication via PAM or BSD Auth.
* upstream: remove unused zlib.hdjm@openbsd.org2018-07-201-8/+1
| | | | OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
* Fallout from buffer conversion in AUDIT_EVENTS.Darren Tucker2018-07-131-2/+4
| | | | Supply missing "int r" and fix error path for sshbuf_new().
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-10/+7
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* Fix sshbuf_new error path in skey.Darren Tucker2018-07-111-2/+2
|
* Supply missing third arg in skey.Darren Tucker2018-07-111-1/+1
| | | | | During the change to the new buffer api the third arg to sshbuf_get_cstring was ommitted. Fixes build when configured with skey.
* Supply some more missing "int r" in skeyDarren Tucker2018-07-111-1/+2
|
* upstream: re-remove some pre-auth compression bitssf@openbsd.org2018-07-111-3/+1
| | | | | | | | | | This time, make sure to not remove things that are necessary for pre-auth compression on the client. Add a comment that pre-auth compression is still supported in the client. ok markus@ OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
* Adapt portable to legacy buffer API removalDamien Miller2018-07-101-79/+113
|
* upstream: kerberos/gssapi fixes for buffer removaldjm@openbsd.org2018-07-101-2/+2
| | | | OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
* upstream: sshd: switch monitor to sshbuf API; lots of help & okmarkus@openbsd.org2018-07-101-201/+284
| | | | | | djm@ OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
* upstream: sshd: switch loginmsg to sshbuf API; ok djm@markus@openbsd.org2018-07-101-4/+5
| | | | OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
* upstream: Revert previous two commitssf@openbsd.org2018-07-101-1/+3
| | | | | | | | | | | | | | | | | | | | | | It turns out we still support pre-auth compression on the client. Therefore revert the previous two commits: date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; Rename COMP_DELAYED to COMP_ZLIB Only delayed compression is supported nowadays. ok markus@ date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; Remove leftovers from pre-authentication compression Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
* upstream: Remove leftovers from pre-authentication compressionsf@openbsd.org2018-07-101-3/+1
| | | | | | | | | Support for this has been removed in 2016. COMP_DELAYED will be renamed in a later commit. ok markus@ OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
* Many typo fixes from Karsten WeissDamien Miller2018-04-101-1/+1
| | | | Spotted using https://github.com/lucasdemarchi/codespell
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-17/+27
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* upstream commitmarkus@openbsd.org2018-01-231-2/+1
| | | | | | uuencode.h is not used OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
* upstream commitdjm@openbsd.org2017-12-211-2/+2
| | | | | | | | revert stricter key type / signature type checking in userauth path; too much software generates inconsistent messages, so we need a better plan. OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
* upstream commitdjm@openbsd.org2017-12-191-2/+3
| | | | | | | | pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
* upstream commitdjm@openbsd.org2017-10-201-7/+3
| | | | | | | | replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@ Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
* upstream commitV_7_6_P1djm@openbsd.org2017-10-031-1/+7
| | | | | | Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
* upstream commitdjm@openbsd.org2017-09-121-1/+3
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitmarkus@openbsd.org2017-05-311-6/+8
| | | | | | switch auth2-pubkey.c to modern APIs; with & ok djm@ Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
* upstream commitmarkus@openbsd.org2017-05-311-6/+8
| | | | | | switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
* upstream commitdjm@openbsd.org2017-05-171-1/+2
| | | | | | | allow LogLevel in sshd_config Match blocks; ok dtucker bz#2717 Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
* upstream commitmarkus@openbsd.org2016-08-141-150/+1
| | | | | | remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
* Handle PAM_MAXTRIES from modules.Darren Tucker2016-07-181-0/+5
| | | | | | | | | | | bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer password and keyboard-interative authentication methods. Should prevent "sshd ignoring max retries" warnings in the log. ok djm@ It probably won't trigger with keyboard-interactive in the default configuration because the retry counter is stored in module-private storage which goes away with the sshd PAM process (see bz#688). On the other hand, those cases probably won't log a warning either.
* upstream commitdjm@openbsd.org2016-03-081-6/+6
| | | | | | | | | | refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
* upstream commitmarkus@openbsd.org2016-01-271-2/+1
| | | | | | remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
* upstream commitmarkus@openbsd.org2015-12-071-2/+3
| | | | | | | | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
* Don't resend username to PAM; it already has it.Damien Miller2015-08-111-1/+0
| | | | Pointed out by Moritz Jodeit; ok dtucker@
* upstream commitdjm@openbsd.org2015-05-101-6/+9
| | | | | | prevent authorized_keys options picked up on public key tests without a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
* remove error() accidentally inserted for debuggingDamien Miller2015-03-201-3/+1
| | | | pointed out by Christian Hesse
* upstream commitdjm@openbsd.org2015-02-171-3/+4
| | | | | | | | | | | | Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
* upstream commitmarkus@openbsd.org2015-01-201-3/+3
| | | | adapt kex to sshbuf and struct ssh; ok djm@
* upstream commitmarkus@openbsd.org2015-01-201-230/+14
| | | | | | | | update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* support --without-openssl at configure timeDamien Miller2015-01-151-1/+3
| | | | | | | | Disables and removes dependency on OpenSSL. Many features don't work and the set of crypto options is greatly restricted. This will only work on system with native arc4random or /dev/urandom. Considered highly experimental for now.
* upstream commitmarkus@openbsd.org2015-01-141-2/+2
| | | | | adapt mac.c to ssherr.h return codes (de-fatal) and simplify dependencies ok djm@
* - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller2014-05-151-1/+11
| | | | | | | | | | [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller2014-02-041-3/+3
| | | | | | | | | | | [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
* - djm@cvs.openbsd.org 2014/01/29 06:18:35Damien Miller2014-02-041-164/+1
| | | | | | | [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] remove experimental, never-enabled JPAKE code; ok markus@
* - markus@cvs.openbsd.org 2013/11/06 16:52:11Damien Miller2013-11-071-2/+2
| | | | | [monitor_wrap.c] fix rekeying for AES-GCM modes; ok deraadt
* - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker2013-06-021-2/+2
| | | | | | | | groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-021-15/+15
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
View Lorry Controller Status