Commit Graph

202 Commits

Author SHA1 Message Date
djm@openbsd.org 32ebaa0dbc upstream: avoid integer overflow of auth attempts (harmless, caught
by monitor)

OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86
2022-02-23 22:22:20 +11:00
djm@openbsd.org 6b977f8080 upstream: split method list search functionality from
authmethod_lookup() into a separate authmethod_byname(), for cases where we
don't need to check whether a method is enabled, etc.

use this to fix the "none" authentication method regression reported
by Nam Nguyen via bugs@

ok deraadt@

OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17
2021-12-27 10:40:22 +11:00
djm@openbsd.org dbb339f015 upstream: prepare for multiple names for authmethods
allow authentication methods to have one additional name beyond their
primary name.

allow lookup by this synonym

Use primary name for authentication decisions, e.g. for
PermitRootLogin=publickey

Pass actual invoked name to the authmethods, so they can tell whether they
were requested via the their primary name or synonym.

ok markus@

OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559
2021-12-20 09:28:07 +11:00
djm@openbsd.org 31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org 39be3dc209 upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
and use that instead of global variables containing copies of it. feedback/ok
markus@

OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
2021-01-27 21:10:57 +11:00
djm@openbsd.org 816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
Darren Tucker ed6bef77f5 Always send any PAM account messages.
If the PAM account stack reaturns any messages, send them to the user
not just if the check succeeds.  bz#2049, ok djm@
2020-08-07 17:14:56 +10:00
markus@openbsd.org 16d4f9961c upstream: exit on parse failures in input_service_request; ok djm
OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2
2020-03-13 13:13:30 +11:00
Damien Miller edd1d3a626 remove duplicate #includes
Prompted by Jakub Jelen
2019-10-02 10:54:28 +10:00
djm@openbsd.org be02d7cbde upstream: lots of things were relying on libcrypto headers to
transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06 17:54:21 +10:00
deraadt@openbsd.org e8c974043c upstream: asprintf returns -1, not an arbitrary value < 0. Also
upon error the (very sloppy specification) leaves an undefined value in *ret,
so it is wrong to inspect it, the error condition is enough. discussed a
little with nicm, and then much more with millert until we were exasperated

OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
2019-07-02 15:59:26 +10:00
djm@openbsd.org 4f0019a9af upstream: Fix authentication failures when "AuthenticationMethods
any" in a Match block overrides a more restrictive global default.

Spotted by jmc@, ok markus@

OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-26 10:20:41 +11:00
Damien Miller 9b655dc9c9 last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
Damien Miller 3f0786bbe7 remove PAM dependencies on old packet API
Requires some caching of values, because the PAM code isn't
always called with packet context.
2019-01-20 10:22:18 +11:00
Damien Miller 08f66d9f17 remove vestiges of old packet API from loginrec.c 2019-01-20 09:58:45 +11:00
djm@openbsd.org 3a00a92159 upstream: convert auth.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
Damien Miller 5ebce136a6 upstream: convert auth2.c to new packet API
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20 09:44:53 +11:00
djm@openbsd.org 0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org 943d096526 upstream: include time.h for time(3)/nanosleep(2); from Ian
McKellar

OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2019-01-17 15:47:24 +11:00
djm@openbsd.org 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@

OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-09-13 12:12:33 +10:00
markus@openbsd.org 5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Damien Miller 120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
markus@openbsd.org c7d39ac8dc upstream: sshd: switch authentication to sshbuf API; ok djm@
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
2018-07-10 15:27:43 +10:00
dtucker@openbsd.org fdba503fdf upstream: Explicit cast when snprintf'ing an uint64. Prevents
warnings on platforms where int64 is long not long long.  ok djm@

OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001
2018-05-11 13:56:23 +10:00
dtucker@openbsd.org e9d910b028 upstream: Defend against user enumeration timing attacks. This
establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms).  Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.

OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
2018-04-13 15:26:11 +10:00
djm@openbsd.org 7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
Darren Tucker ddc0f38148 Remove UNICOS support.
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
2018-02-15 20:04:02 +11:00
Damien Miller 552ea155be one SSH_BUG_BANNER instance that got away 2018-01-23 16:49:22 +11:00
djm@openbsd.org 14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
djm@openbsd.org 8f57495927 upstream commit
refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-06-24 16:56:11 +10:00
markus@openbsd.org 92e9fe6331 upstream commit
remove now obsolete ctx from ssh_dispatch_run; ok djm@

Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
2017-06-01 14:53:33 +10:00
markus@openbsd.org 17ad5b3460 upstream commit
use the ssh_dispatch_run_fatal variant

Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
2017-05-31 18:39:10 +10:00
markus@openbsd.org eb272ea409 upstream commit
switch auth2 to ssh_dispatch API; ok djm@

Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
2017-05-31 10:50:33 +10:00
markus@openbsd.org 2ae666a8fc upstream commit
protocol handlers all get struct ssh passed; ok djm@

Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
2017-05-31 10:50:05 +10:00
markus@openbsd.org 5f4082d886 upstream commit
sshd: pass struct ssh to auth functions; ok djm@

Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
2017-05-31 10:49:50 +10:00
djm@openbsd.org f1a193464a upstream commit
use ssh_packet_set_log_preamble() to include connection
username in packet log messages, e.g.

Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]

ok markus@ bz#113

Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
2017-02-04 10:09:43 +11:00
djm@openbsd.org 1a31d02b24 upstream commit
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
markus@openbsd.org 3fdc88a0de upstream commit
move dispatch to struct ssh; ok djm@
2015-01-20 09:14:16 +11:00
djm@openbsd.org 161cf419f4 upstream commit
make internal handling of filename arguments of "none"
 more consistent with ssh. "none" arguments are now replaced with NULL when
 the configuration is finalised.

Simplifies checking later on (just need to test not-NULL rather than
that + strcmp) and cleans up some inconsistencies. ok markus@
2014-12-22 19:08:12 +11:00
djm@openbsd.org 058f839fe1 upstream commit
don't count partial authentication success as a failure
 against MaxAuthTries; ok deraadt@
2014-12-22 09:31:19 +11:00
Damien Miller 7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller 686feb560e - djm@cvs.openbsd.org 2014/07/03 11:16:55
[auth.c auth.h auth1.c auth2.c]
     make the "Too many authentication failures" message include the
     user, source address, port and protocol in a format similar to the
     authentication success / failure messages; bz#2199, ok dtucker
2014-07-03 21:29:38 +10:00
Damien Miller 7cc194f70d - djm@cvs.openbsd.org 2014/01/29 06:18:35
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
     remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 11:12:56 +11:00
Darren Tucker 0acca3797d - djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
     Standardise logging of supplemental information during userauth. Keys
     and ruser is now logged in the auth success/failure message alongside
     the local username, remote host/port and protocol in use. Certificates
     contents and CA are logged too.
     Pushing all logging onto a single line simplifies log analysis as it is
     no longer necessary to relate information scattered across multiple log
     entries. "I like it" markus@
2013-06-02 07:41:51 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller 91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
Damien Miller 15b05cfa17 - djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
     [monitor.c monitor.h]
     Fixes logging of partial authentication when privsep is enabled
     Previously, we recorded "Failed xxx" since we reset authenticated before
     calling auth_log() in auth2.c. This adds an explcit "Partial" state.

     Add a "submethod" to auth_log() to report which submethod is used
     for keyboard-interactive.

     Fix multiple authentication when one of the methods is
     keyboard-interactive.

     ok markus@
2012-12-03 09:53:20 +11:00
Damien Miller a6e3f01d1e - djm@cvs.openbsd.org 2012/11/04 11:09:15
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
     [sshd_config.5]
     Support multiple required authentication via an AuthenticationMethods
     option. This option lists one or more comma-separated lists of
     authentication method names. Successful completion of all the methods in
     any list is required for authentication to complete;
     feedback and ok markus@
2012-11-04 23:21:40 +11:00
Damien Miller 8ed4de8f1d - djm@cvs.openbsd.org 2011/12/07 05:44:38
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
     fix some harmless and/or unreachable int overflows;
     reported Xi Wang, ok markus@
2011-12-19 10:52:50 +11:00
Damien Miller 3fcdfd55a3 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57
     [auth2-gss.c auth2.c]
     allow GSSAPI authentication to detect when a server-side failure causes
     authentication failure and don't count such failures against MaxAuthTries;
     bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 14:04:11 +10:00