path: root/auth.c
AgeCommit message (Collapse)Author
2021-07-08upstream: Remove comment referencing
RhostsRSAAuthentication. ok djm@ OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
2021-07-03Remove some whitespace not in upstream.Darren Tucker
Reduces diff vs OpenBSD by a small amount.
2021-06-04auth_log: dont log partial successes as failuresVincent Brillault
By design, 'partial' logins are successful logins, so initially with authenticated set to 1, for which another authentication is required. As a result, authenticated is always reset to 0 when partial is set to 1. However, even if authenticated is 0, those are not failed login attempts, similarly to attempts with authctxt->postponed set to 1.
2021-04-03upstream: highly polished whitespace, mostly fixing
and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-02-18prefer login_getpwclass() to login_getclass()Damien Miller
FreeBSD has login_getpwclass() that does some special magic for UID=0. Prefer this to login_getclass() as its easier to emulate the former with the latter. Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@
2020-12-22upstream: move subprocess() from auth.c to
make privilege dropping optional but allow it via callbacks (to avoid need to link uidswap.c everywhere) add some other flags (keep environment, disable strict path safety check) that make this more useful for client-side use. feedback & ok markus@ OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
2020-12-21upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@ OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
2020-10-18upstream: use the new variant log macros instead of
__func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-17upstream: LogVerbose keyword for ssh and
Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
2020-08-27upstream: support for requiring user verified FIDO keys in
This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@ OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6
2020-02-01upstream: Add a sshd_config "Include" directive to allow
of files. This has sensible semantics wrt Match blocks and accepts glob(3) patterns to specify the included files. Based on patch by Jakub Jelen in bz2468; feedback and ok markus@ OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
2020-01-23upstream: Replace all calls to signal(2) with a wrapper
sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2019-12-20upstream: strdup may return NULL if memory allocation fails.
the safer xstrdup which fatals on allocation failures. ok markus@ OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0
2019-11-25upstream: add a "no-touch-required" option for authorized_keys
a similar extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
2019-10-16upstream: potential NULL dereference for revoked hostkeys;
by krishnaiah bommu OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506
2019-10-02upstream: remove some duplicate
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-09-06upstream: lots of things were relying on libcrypto headers
transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-07-05upstream: When system calls indicate an error they return -1,
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-04-03Remove "struct ssh" from sys_auth_record_login.Darren Tucker
It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
2019-02-22Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <>
2019-01-20last bits of old packet API / active_state globalDamien Miller
2019-01-20remove vestiges of old packet API from loginrec.cDamien Miller
2019-01-20upstream: convert auth.c to new packet
with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20upstream: convert servconf.c to new packet
with & ok markus@ OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20upstream: begin landing remaining refactoring of packet
API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-17upstream: include time.h for time(3)/nanosleep(2); from
McKellar OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2018-12-13Don't pass loginmsg by address now that it's an sshbuf*Kevin Adler
In 120a1ec74, loginmsg was changed from the legacy Buffer type to struct sshbuf*, but it missed changing calls to sys_auth_allowed_user and sys_auth_record_login which passed loginmsg by address. Now that it's a pointer, just pass it directly. This only affects AIX, unless there are out of tree users.
2018-11-16upstream: use path_absolute() for pathname checks; from Manoj
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-09-12upstream: log certificate fingerprint in
success/failure message (previously we logged only key ID and CA key fingerprint). ok markus@ OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
2018-07-12upstream: s/wuth/with/ in
OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
2018-07-10Adapt portable to legacy buffer API removalDamien Miller
2018-07-10upstream: sshd: switch authentication to sshbuf API; ok
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
2018-06-07upstream: permitlisten option for authorized_keys; ok
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
2018-06-01upstream: make UID available as a %-expansion everywhere that
username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-05-25upstream: Do not ban PTY allocation when a sshd session is
because the user password is expired as it breaks password change dialog. regression in openssh-7.7 reported by Daniel Wagner OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
2018-03-14upstream: add valid-before="[time]" authorized_keys option.
simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-03upstream: switch over to the new authorized_keys options API
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
move subprocess() so scp/sftp do not need uidswap.o; ok djm@ OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@ Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
allow LogLevel in sshd_config Match blocks; ok dtucker bz#2717 Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
Add missing braces in DenyUsers code. Patch from zev at, ok deraadt@ Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
unbreak DenyUsers; reported by henning@ Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
Validate address ranges for AllowUser/DenyUsers at configuration load time and refuse to accept bad ones. It was previously possible to specify invalid CIDR address ranges (e.g. djm@ and these would always match. Thanks to Laurence Parry for a detailed bug report. ok markus (for a previous diff version) Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message about forward and reverse DNS not matching. We haven't supported IP-based auth methods for a very long time so it's now misleading. part of bz#2585, ok markus@ Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
2016-03-08auth_get_canonical_hostname in portable code.Darren Tucker
"refactor canohost.c" replaced get_canonical_hostname, this makes the same change to some portable-specific code.
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e