Commit Graph

40 Commits

Author SHA1 Message Date
djm@openbsd.org 17b566eeb7
upstream: g/c unused variable
OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010
2024-05-17 14:42:49 +10:00
djm@openbsd.org 03e3de416e
upstream: Start the process of splitting sshd into separate
binaries. This step splits sshd into a listener and a session binary. More
splits are planned.

After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.

This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.

feedback/ok markus@ deraadt@

NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.

OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
2024-05-17 14:41:35 +10:00
djm@openbsd.org 8ba2d4764b
upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker
OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4
2023-03-31 15:32:37 +11:00
djm@openbsd.org dbb339f015 upstream: prepare for multiple names for authmethods
allow authentication methods to have one additional name beyond their
primary name.

allow lookup by this synonym

Use primary name for authentication decisions, e.g. for
PermitRootLogin=publickey

Pass actual invoked name to the authmethods, so they can tell whether they
were requested via the their primary name or synonym.

ok markus@

OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559
2021-12-20 09:28:07 +11:00
djm@openbsd.org 67f47f1965 upstream: this needs kex.h now
OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41
2021-01-27 21:16:45 +11:00
djm@openbsd.org 39be3dc209 upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@

OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
2021-01-27 21:10:57 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org 74287f5df9 upstream: delay bailout for invalid authentic
=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?=
=?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?=
=?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
2018-07-31 13:13:26 +10:00
djm@openbsd.org 0f3958c1e6 upstream: kerberos/gssapi fixes for buffer removal
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
2018-07-10 19:15:35 +10:00
markus@openbsd.org b8d9214d96 upstream: sshd: switch GSSAPI to sshbuf API; ok djm@
OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
2018-07-10 15:28:30 +10:00
djm@openbsd.org 8f57495927 upstream commit
refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-06-24 16:56:11 +10:00
markus@openbsd.org eb272ea409 upstream commit
switch auth2 to ssh_dispatch API; ok djm@

Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
2017-05-31 10:50:33 +10:00
markus@openbsd.org 2ae666a8fc upstream commit
protocol handlers all get struct ssh passed; ok djm@

Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
2017-05-31 10:50:05 +10:00
markus@openbsd.org 5f4082d886 upstream commit
sshd: pass struct ssh to auth functions; ok djm@

Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
2017-05-31 10:49:50 +10:00
markus@openbsd.org 3fdc88a0de upstream commit
move dispatch to struct ssh; ok djm@
2015-01-20 09:14:16 +11:00
Darren Tucker 450bc1180d - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used
in servconf.h.
2014-07-19 06:23:18 +10:00
Damien Miller e6a74aeeac - djm@cvs.openbsd.org 2014/02/26 20:28:44
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
     bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
     sandboxing, as running this code in the sandbox can cause violations;
     ok markus@
2014-02-27 10:17:49 +11:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller d677ad14ff - djm@cvs.openbsd.org 2013/04/05 00:14:00
[auth2-gss.c krl.c sshconnect2.c]
     hush some {unused, printf type} warnings
2013-04-23 15:18:51 +10:00
Damien Miller 15b05cfa17 - djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
     [monitor.c monitor.h]
     Fixes logging of partial authentication when privsep is enabled
     Previously, we recorded "Failed xxx" since we reset authenticated before
     calling auth_log() in auth2.c. This adds an explcit "Partial" state.

     Add a "submethod" to auth_log() to report which submethod is used
     for keyboard-interactive.

     Fix multiple authentication when one of the methods is
     keyboard-interactive.

     ok markus@
2012-12-03 09:53:20 +11:00
Damien Miller 3fcdfd55a3 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57
     [auth2-gss.c auth2.c]
     allow GSSAPI authentication to detect when a server-side failure causes
     authentication failure and don't count such failures against MaxAuthTries;
     bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 14:04:11 +10:00
Darren Tucker 541dab2db4 - dtucker@cvs.openbsd.org 2007/10/29 00:52:45
[auth2-gss.c]
     Allow build without -DGSSAPI; ok deraadt@
     (Id sync only, Portable already has the ifdefs)
2007-12-02 22:59:45 +11:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Darren Tucker 8c6fedaf22 - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. 2006-08-05 15:24:59 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller 51096383e9 - djm@cvs.openbsd.org 2006/03/25 22:22:43
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
     [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
     [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
     [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
     [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
     [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
     [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
     [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
     [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
     [ttymodes.h uidswap.h uuencode.h xmalloc.h]
     standardise spacing in $OpenBSD$ tags; requested by deraadt@
2006-03-26 14:30:00 +11:00
Damien Miller f23c09670a - djm@cvs.openbsd.org 2006/03/20 04:07:22
[auth2-gss.c]
     GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
     reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:04:53 +11:00
Damien Miller 6fd6defbce - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
[auth2-gss.c gss-genr.c gss-serv.c monitor.c]
     KNF; ok djm@
2005-11-05 15:07:05 +11:00
Damien Miller 5434eb2a69 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
[auth2-gss.c gss-genr.c gss-serv.c]
     remove unneeded #includes; ok markus@
2005-11-05 15:03:24 +11:00
Damien Miller 0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Darren Tucker 3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
2004-06-22 12:56:01 +10:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller 0425d40194 - markus@cvs.openbsd.org 2003/11/17 11:06:07
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h sshconnect2.c ssh-gss.h]
     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
     test + ok jakob.
2003-11-17 22:18:21 +11:00
Darren Tucker 655a5e0987 - markus@cvs.openbsd.org 2003/11/02 11:01:03
[auth2-gss.c compat.c compat.h sshconnect2.c]
     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-11-03 20:09:03 +11:00
Darren Tucker 8cc39788cb - markus@cvs.openbsd.org 2003/10/21 09:50:06
[auth2-gss.c]
     make sure the doid is larger than 2
2003-11-03 20:05:03 +11:00
Damien Miller 982d326045 - markus@cvs.openbsd.org 2003/09/01 20:44:54
[auth2-gss.c]
     fix leak
2003-09-02 22:59:01 +10:00
Damien Miller 55c47edc81 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2003/08/24 17:36:51
     [auth2-gss.c]
     64 bit cleanups; markus ok
2003-09-02 22:14:07 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00