summaryrefslogtreecommitdiff
path: root/auth.c
AgeCommit message (Collapse)Author
2019-10-09Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2019-10-09 Patch-Name: user-group-modes.patch
2019-10-09GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2019-10-09 Patch-Name: gssapi.patch
2019-10-02upstream: remove some duplicate #includesdjm@openbsd.org
OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
2019-09-06upstream: lots of things were relying on libcrypto headers todjm@openbsd.org
transitively include various system headers (mostly stdlib.h); include them explicitly OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-07-05upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-04-03Remove "struct ssh" from sys_auth_record_login.Darren Tucker
It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
2019-02-22Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-01-20last bits of old packet API / active_state globalDamien Miller
2019-01-20remove vestiges of old packet API from loginrec.cDamien Miller
2019-01-20upstream: convert auth.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20upstream: convert servconf.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org
API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-17upstream: include time.h for time(3)/nanosleep(2); from Iandjm@openbsd.org
McKellar OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2018-12-13Don't pass loginmsg by address now that it's an sshbuf*Kevin Adler
In 120a1ec74, loginmsg was changed from the legacy Buffer type to struct sshbuf*, but it missed changing calls to sys_auth_allowed_user and sys_auth_record_login which passed loginmsg by address. Now that it's a pointer, just pass it directly. This only affects AIX, unless there are out of tree users.
2018-11-16upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-09-12upstream: log certificate fingerprint in authenticationdjm@openbsd.org
success/failure message (previously we logged only key ID and CA key fingerprint). ok markus@ OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
2018-07-12upstream: s/wuth/with/ in commentmartijn@openbsd.org
OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
2018-07-10Adapt portable to legacy buffer API removalDamien Miller
2018-07-10upstream: sshd: switch authentication to sshbuf API; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
2018-06-07upstream: permitlisten option for authorized_keys; ok markus@djm@openbsd.org
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
2018-06-01upstream: make UID available as a %-expansion everywhere that thedjm@openbsd.org
username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-05-25upstream: Do not ban PTY allocation when a sshd session is restricteddjm@openbsd.org
because the user password is expired as it breaks password change dialog. regression in openssh-7.7 reported by Daniel Wagner OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
2018-03-14upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org
simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-03upstream: switch over to the new authorized_keys options API anddjm@openbsd.org
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-01-23upstream commitmarkus@openbsd.org
move subprocess() so scp/sftp do not need uidswap.o; ok djm@ OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
2017-09-12upstream commitdjm@openbsd.org
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-08-23upstream commitdjm@openbsd.org
Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
2017-06-24upstream commitdjm@openbsd.org
refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@ Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-05-31upstream commitmarkus@openbsd.org
switch from Key typedef with struct sshkey; ok djm@ Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
2017-05-17upstream commitdjm@openbsd.org
allow LogLevel in sshd_config Match blocks; ok dtucker bz#2717 Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
2016-12-16upstream commitdtucker@openbsd.org
Add missing braces in DenyUsers code. Patch from zev at bewilderbeest.net, ok deraadt@ Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
2016-11-10upstream commitdjm@openbsd.org
unbreak DenyUsers; reported by henning@ Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
2016-11-06upstream commitdjm@openbsd.org
Validate address ranges for AllowUser/DenyUsers at configuration load time and refuse to accept bad ones. It was previously possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and these would always match. Thanks to Laurence Parry for a detailed bug report. ok markus (for a previous diff version) Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
2016-08-14upstream commitmarkus@openbsd.org
remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2016-06-15upstream commitdtucker@openbsd.org
Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message about forward and reverse DNS not matching. We haven't supported IP-based auth methods for a very long time so it's now misleading. part of bz#2585, ok markus@ Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
2016-03-08auth_get_canonical_hostname in portable code.Darren Tucker
"refactor canohost.c" replaced get_canonical_hostname, this makes the same change to some portable-specific code.
2016-03-08upstream commitdjm@openbsd.org
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2015-08-21upstream commitdjm@openbsd.org
fix inverted logic that broke PermitRootLogin; reported by Mantas Mikulenas; ok markus@ Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
2015-08-11upstream commitderaadt@openbsd.org
add prohibit-password as a synonymn for without-password, since the without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
2015-05-10upstream commitdjm@openbsd.org
make handling of AuthorizedPrincipalsFile=none more consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@
2015-02-26upstream commitdjm@openbsd.org
don't leak validity of user in "too many authentication failures" disconnect message; reported by Sebastian Reitenbach
2015-01-26upstream commitderaadt@openbsd.org
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-12-05upstream commitdjm@openbsd.org
add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 11:16:55Damien Miller
[auth.c auth.h auth1.c auth2.c] make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker
2014-05-15 - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
2013-06-02 - djm@cvs.openbsd.org 2013/05/19 02:42:42Darren Tucker
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] Standardise logging of supplemental information during userauth. Keys and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. "I like it" markus@
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-04-23 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] SupportDamien Miller
platforms, such as Android, that lack struct passwd.pw_gecos. Report and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@