History log of /openssh-portable/authfile.h (Results 1 – 23 of 23)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1, V_8_5_P1, V_8_4_P1, V_8_3_P1, V_8_2_P1
# 99aa8035 25-Jan-2020 djm@openbsd.org

upstream: factor out reading/writing sshbufs to dedicated

functions; feedback and ok markus@

OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d


# 878ba435 02-Jan-2020 djm@openbsd.org

upstream: add sshkey_save_public(), to save a public key; ok

markus@

OpenBSD-Commit-ID: 5d6f96a966d10d7fa689ff9aa9e1d6767ad5a076


Revision tags: V_8_1_P1
# dd8002fb 03-Sep-2019 djm@openbsd.org

upstream: move advance_past_options to authfile.c and make it

public; ok markus@

OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c


# 6b39a7b4 05-Aug-2019 dtucker@openbsd.org

upstream: Remove now-redundant perm_ok arg since

sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case. Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-

upstream: Remove now-redundant perm_ok arg since

sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
case. Patch from jitendra.sharma at intel.com, ok djm@

OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77

show more ...


Revision tags: V_8_0_P1, V_7_9_P1, V_7_8_P1, V_7_7_P1, V_7_6_P1, V_7_5_P1, V_7_4_P1, V_7_3_P1, V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1, V_7_0_P1, V_6_9_P1, V_6_8_P1
# 1195f4cb 08-Jan-2015 djm@openbsd.org

upstream commit

deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).

upstream commit

deprecate key_load_private_pem() and
sshkey_load_private_pem() interfaces. Refactor the generic key loading API to
not require pathnames to be specified (they weren't really used).

Fixes a few other things en passant:

Makes ed25519 keys work for hostbased authentication (ssh-keysign
previously used the PEM-only routines).

Fixes key comment regression bz#2306: key pathnames were being lost as
comment fields.

ok markus@

show more ...


# 5e39a499 03-Dec-2014 djm@openbsd.org

upstream commit

add RevokedHostKeys option for the client

Allow textfile or KRL-based revocation of hostkeys.


Revision tags: V_6_7_P1
# 48bae3a3 05-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/07/03 23:18:35
[authfile.h]
remove leakmalloc droppings


# 8668706d 02-Jul-2014 Damien Miller

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-c

- djm@cvs.openbsd.org 2014/06/24 01:13:21
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
[auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
[cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
[digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
[hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
[ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
[ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
[sshconnect2.c sshd.c sshkey.c sshkey.h
[openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
New key API: refactor key-related functions to be more library-like,
existing API is offered as a set of wrappers.

with and ok markus@

Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
Dempsky and Ron Bowes for a detailed review a few months ago.

NB. This commit also removes portable OpenSSH support for OpenSSL
<0.9.8e.

show more ...


Revision tags: V_6_6_P1, V_6_5_P1
# bcd00abd 06-Dec-2013 Damien Miller

- markus@cvs.openbsd.org 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
d

- markus@cvs.openbsd.org 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@

show more ...


Revision tags: V_6_4_P1, V_6_3_P1, V_6_2_P2, V_6_2_P1, V_6_1_P1, V_6_0_P1, V_5_9_P1
# 2ce12ef1 05-May-2011 Damien Miller

- djm@cvs.openbsd.org 2011/05/04 21:15:29
[authfile.c authfile.h ssh-add.c]
allow "ssh-add - < key"; feedback and ok markus@


Revision tags: V_5_8_P2, V_5_8_P1, V_5_7_P1, V_5_6_P1
# c158331f 04-Aug-2010 Damien Miller

- djm@cvs.openbsd.org 2010/08/04 05:42:47
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
[ssh-keysign.c ssh.c]
enable certificates for hostbased authentication, from Ia

- djm@cvs.openbsd.org 2010/08/04 05:42:47
[auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
[ssh-keysign.c ssh.c]
enable certificates for hostbased authentication, from Iain Morgan;
"looks ok" markus@

show more ...


Revision tags: V_5_5_P1, V_5_4_P1
# 1aed65eb 04-Mar-2010 Damien Miller

- djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]

- djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
[authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
[ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
are trusted to authenticate users (in addition than doing it per-user
in authorized_keys).

Add a RevokedKeys option to sshd_config and a @revoked marker to
known_hosts to allow keys to me revoked and banned for user or host
authentication.

feedback and ok markus@

show more ...


Revision tags: V_5_3_P1, V_5_2_P1, V_5_1_P1, V_5_0_P1, V_4_9_P1, V_4_7_P1, V_4_6_P1, V_4_5_P1, V_4_4_P1
# 232b76f9 06-May-2006 Darren Tucker

- dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once

- dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186, ok djm@

show more ...


# 51096383 25-Mar-2006 Damien Miller

- djm@cvs.openbsd.org 2006/03/25 22:22:43
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
[bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
[compat.h c

- djm@cvs.openbsd.org 2006/03/25 22:22:43
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
[bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
[compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
[dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
[gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
[misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
[myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
[scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
[ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
[ttymodes.h uidswap.h uuencode.h xmalloc.h]
standardise spacing in $OpenBSD$ tags; requested by deraadt@

show more ...


# 8275fade 14-Mar-2006 Damien Miller

- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will

- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138, ok djm@

show more ...


Revision tags: V_4_3_P2, V_4_3_P1, V_4_2_P1, V_4_1_P1, V_4_0_P1, V_3_9_P1, V_3_8_1_P1, V_3_8_P1, V_3_7_1_P2, V_3_7_1_P1, V_3_7_P1, AFTER_KRB5_GSSAPI_MERGE, BEFORE_KRB5_GSSAPI_MERGE, POST_KRB4_REMOVAL, PRE_KRB4_REMOVAL, AFTER_FREEBSD_PAM_MERGE, BEFORE_FREEBSD_PAM_MERGE, V_3_6_1_P2, V_3_6_1_P1, V_3_6_P1, V_3_5_P1, V_3_4_P1, V_3_3_P1
# 1bad2568 06-Jun-2002 Ben Lindstrom

- markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
ad

- markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).

Note: Makefile.in untested. Will test after merge is finished.

show more ...


Revision tags: V_3_2_3_P1, V_3_2_2_P1, PRE_SW_KRBV, V_3_1_P1
# 05764b92 04-Mar-2002 Ben Lindstrom

- stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h

- stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
uuencode.c xmalloc.h]
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@

show more ...


Revision tags: V_3_0_2_P1, V_3_0_1_P1, V_3_0_P1, V_2_9_9_P2, V_2_9_9_P1
# 4cc240da 04-Jul-2001 Ben Lindstrom

- markus@cvs.openbsd.org 2001/06/26 17:27:25
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
canohost.h channels.h cipher.h clientloop.h compat.h compress.h
crc32.h deat

- markus@cvs.openbsd.org 2001/06/26 17:27:25
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
canohost.h channels.h cipher.h clientloop.h compat.h compress.h
crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
tildexpand.h uidswap.h uuencode.h xmalloc.h]
remove comments from .h, since they are cut&paste from the .c files
and out of sync

show more ...


# 16ae3d0d 04-Jul-2001 Ben Lindstrom

- itojun@cvs.openbsd.org 2001/06/26 06:32:58
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
compress.h c

- itojun@cvs.openbsd.org 2001/06/26 06:32:58
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
radix.h readconf.h readpass.h rsa.h]
prototype pedant. not very creative...
- () -> (void)
- no variable names

show more ...


Revision tags: V_2_9_P2
# d0fca423 26-Mar-2001 Ben Lindstrom

- markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save in

- markus@cvs.openbsd.org 2001/03/26 08:07:09
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
simpler key load/save interface, see authfile.h

show more ...


Revision tags: V_2_5_2_P2, V_2_5_2_P1, V_2_5_1_P2, V_2_5_1_P1, V_2_5_0_P1, PRE-REORDER, V_2_3_0_P1
# 389edc4c 05-Nov-2000 Damien Miller

- (djm) Manually fix up missed diff hunks (mainly RCS idents)


# e4340be5 15-Sep-2000 Damien Miller

- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c

- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately

show more ...


Revision tags: PRE_CYGWIN_MERGE, V_2_2_0_P1, V_2_1_1_P4, V_2_1_1_P3, ABOUT_TO_ADD_INET_ATON, V_2_1_1_P2, V_2_1_1_P1, PRE_NEW_LOGIN_CODE, V_2_1_0_P3, V_2_1_0_P2, V_2_1_0_P1, V_2_1_0, V_2_0_0_BETA2, V_2_0_0_BETA1, V_2_0_0_TEST1
# eba71bab 29-Apr-2000 Damien Miller

- Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
- interop w/ F-secure windows client
- sync documentation
- ssh_host_dsa_key not ssh_dsa_key
[auth-rsa.c]
- miss

- Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
- interop w/ F-secure windows client
- sync documentation
- ssh_host_dsa_key not ssh_dsa_key
[auth-rsa.c]
- missing fclose
[auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
[readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
[sshd.c uuencode.c uuencode.h authfile.h]
- add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
for trading keys with the real and the original SSH, directly from the
people who invented the SSH protocol.
[auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
- split auth/sshconnect in one file per protocol version
[sshconnect2.c]
- remove debug
[uuencode.c]
- add trailing =
[version.h]
- OpenSSH-2.0
[ssh-keygen.1 ssh-keygen.c]
- add -R flag: exit code indicates if RSA is alive
[sshd.c]
- remove unused
silent if -Q is specified
[ssh.h]
- host key becomes /etc/ssh_host_dsa_key
[readconf.c servconf.c ]
- ssh/sshd default to proto 1 and 2
[uuencode.c]
- remove debug
[auth2.c ssh-keygen.c sshconnect2.c sshd.c]
- xfree DSA blobs
[auth2.c serverloop.c session.c]
- cleanup logging for sshd/2, respect PasswordAuth no
[sshconnect2.c]
- less debug, respect .ssh/config
[README.openssh2 channels.c channels.h]
- clientloop.c session.c ssh.c
- support for x11-fwding, client+server

show more ...