History log of /openssh-portable/auth.c (Results 1 - 25 of 386)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


Revision tags: V_8_0_P1
# 79a87d32 02-Apr-2019 Darren Tucker

Remove "struct ssh" from sys_auth_record_login.

It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.


# f02afa35 20-Feb-2019 Corinna Vinschen

Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"

This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.

Signed-off-by: Corinna Vinschen <vinschen@r

Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"

This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

show more ...


# 9b655dc9 19-Jan-2019 Damien Miller

last bits of old packet API / active_state global


# 08f66d9f 19-Jan-2019 Damien Miller

remove vestiges of old packet API from loginrec.c


# 3a00a921 19-Jan-2019 djm@openbsd.org

upstream: convert auth.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4


# 172a592a 19-Jan-2019 djm@openbsd.org

upstream: convert servconf.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4


# 0fa174eb 19-Jan-2019 djm@openbsd.org

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4

show more ...


# 943d0965 16-Jan-2019 djm@openbsd.org

upstream: include time.h for time(3)/nanosleep(2); from Ian

McKellar

OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51


# a784fa8c 12-Dec-2018 Kevin Adler

Don't pass loginmsg by address now that it's an sshbuf*

In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_all

Don't pass loginmsg by address now that it's an sshbuf*

In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_allowed_user and sys_auth_record_login which passed
loginmsg by address. Now that it's a pointer, just pass it directly.

This only affects AIX, unless there are out of tree users.

show more ...


# 2a35862e 15-Nov-2018 djm@openbsd.org

upstream: use path_absolute() for pathname checks; from Manoj Ampalam

OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925


Revision tags: V_7_9_P1
# 50e2687e 11-Sep-2018 djm@openbsd.org

upstream: log certificate fingerprint in authentication

success/failure message (previously we logged only key ID and CA key
fingerprint).

ok markus@

OpenBSD-Commit-ID:

upstream: log certificate fingerprint in authentication

success/failure message (previously we logged only key ID and CA key
fingerprint).

ok markus@

OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d

show more ...


Revision tags: V_7_8_P1
# 5dc4c59d 11-Jul-2018 martijn@openbsd.org

upstream: s/wuth/with/ in comment

OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c


# 120a1ec7 10-Jul-2018 Damien Miller

Adapt portable to legacy buffer API removal


# c7d39ac8 09-Jul-2018 markus@openbsd.org

upstream: sshd: switch authentication to sshbuf API; ok djm@

OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641


# 93c06ab6 06-Jun-2018 djm@openbsd.org

upstream: permitlisten option for authorized_keys; ok markus@

OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672


# 9c935dd9 31-May-2018 djm@openbsd.org

upstream: make UID available as a %-expansion everywhere that the

username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client

upstream: make UID available as a %-expansion everywhere that the

username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@

OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95

show more ...


# fbb4b5fd 25-May-2018 djm@openbsd.org

upstream: Do not ban PTY allocation when a sshd session is restricted

because the user password is expired as it breaks password change dialog.

regression in openssh-7.7 reported by

upstream: Do not ban PTY allocation when a sshd session is restricted

because the user password is expired as it breaks password change dialog.

regression in openssh-7.7 reported by Daniel Wagner

OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73

show more ...


Revision tags: V_7_7_P1
# bf0fbf2b 11-Mar-2018 djm@openbsd.org

upstream: add valid-before="[time]" authorized_keys option. A

simple way of giving a key an expiry date. ok markus@

OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947


# 7c856857 02-Mar-2018 djm@openbsd.org

upstream: switch over to the new authorized_keys options API and

remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file li

upstream: switch over to the new authorized_keys options API and

remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df

show more ...


# 25cf9105 08-Jan-2018 markus@openbsd.org

upstream commit

move subprocess() so scp/sftp do not need uidswap.o; ok
djm@

OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8


Revision tags: V_7_6_P1
# dbee4119 12-Sep-2017 djm@openbsd.org

upstream commit

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "st

upstream commit

refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f

show more ...


# de4ae07f 18-Aug-2017 djm@openbsd.org

upstream commit

Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.

feedba

upstream commit

Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.

feedback & ok dtucker@

Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049

show more ...


# 8f574959 24-Jun-2017 djm@openbsd.org

upstream commit

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and

upstream commit

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb

show more ...


# 54d90ace 30-May-2017 markus@openbsd.org

upstream commit

switch from Key typedef with struct sshkey; ok djm@

Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f


12345678910>>...16