History log of /openssh-portable/monitor_wrap.c (Results 1 - 25 of 273)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 7715a3b1 18-Oct-2020 Darren Tucker

Use fatal_fr not fatal_r when passing r.

Caught by the PAM -Werror tinderbox build.


# 816036f1 18-Oct-2020 djm@openbsd.org

upstream: use the new variant log macros instead of prepending

__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8


# 793b583d 16-Oct-2020 djm@openbsd.org

upstream: LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7

upstream: LogVerbose keyword for ssh and sshd

Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356

show more ...


# 752250ca 16-Oct-2020 djm@openbsd.org

upstream: revised log infrastructure for OpenSSH

log functions receive function, filename and line number of caller.
We can use this to selectively enable logging via pattern-lists.

upstream: revised log infrastructure for OpenSSH

log functions receive function, filename and line number of caller.
We can use this to selectively enable logging via pattern-lists.

ok markus@

OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349

show more ...


Revision tags: V_8_4_P1
# 9b8ad938 26-Aug-2020 djm@openbsd.org

upstream: support for user-verified FIDO keys

FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
o

upstream: support for user-verified FIDO keys

FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15

show more ...


Revision tags: V_8_3_P1, V_8_2_P1
# 56584cce 15-Dec-2019 djm@openbsd.org

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FID

upstream: allow security keys to act as host keys as well as user

keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c

show more ...


# b7e74ea0 24-Nov-2019 djm@openbsd.org

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment,

upstream: Add new structure for signature options

This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49

show more ...


# 189550f5 18-Nov-2019 naddy@openbsd.org

upstream: additional missing stdarg.h includes when built without

WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b


# 9a14c64c 31-Oct-2019 djm@openbsd.org

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign()

upstream: Refactor signing - use sshkey_sign for everything,

including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c

show more ...


Revision tags: V_8_1_P1
# 4d28fa78 28-Jun-2019 deraadt@openbsd.org

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this be

upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075

show more ...


Revision tags: V_8_0_P1
# 7be8572b 21-Jan-2019 djm@openbsd.org

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commi

upstream: Make sshpkt_get_bignum2() allocate the bignum it is

parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9

show more ...


# 9b655dc9 19-Jan-2019 Damien Miller

last bits of old packet API / active_state global


# 3f0786bb 19-Jan-2019 Damien Miller

remove PAM dependencies on old packet API

Requires some caching of values, because the PAM code isn't
always called with packet context.


# 04c091fc 19-Jan-2019 djm@openbsd.org

upstream: remove last references to active_state

with & ok markus@

OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2


# ec00f918 19-Jan-2019 djm@openbsd.org

upstream: convert monitor.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5


# 3a00a921 19-Jan-2019 djm@openbsd.org

upstream: convert auth.c to new packet API

with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4


# 0fa174eb 19-Jan-2019 djm@openbsd.org

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes

upstream: begin landing remaining refactoring of packet parsing

API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4

show more ...


Revision tags: V_7_9_P1, V_7_8_P1
# 87f08be0 19-Jul-2018 Damien Miller

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM

Remove support for S/Key

Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.

show more ...


# 6ad8648e 19-Jul-2018 djm@openbsd.org

upstream: remove unused zlib.h

OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1


# 1dd32c23 12-Jul-2018 Darren Tucker

Fallout from buffer conversion in AUDIT_EVENTS.

Supply missing "int r" and fix error path for sshbuf_new().


# 5467fbcb 11-Jul-2018 markus@openbsd.org

upstream: remove legacy key emulation layer; ok djm@

OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d


# 416287d4 10-Jul-2018 Darren Tucker

Fix sshbuf_new error path in skey.


# 7aab109b 10-Jul-2018 Darren Tucker

Supply missing third arg in skey.

During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted. Fixes build when configured with skey.


# 380320bb 10-Jul-2018 Darren Tucker

Supply some more missing "int r" in skey


# 984bacfa 10-Jul-2018 sf@openbsd.org

upstream: re-remove some pre-auth compression bits

This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
co

upstream: re-remove some pre-auth compression bits

This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.

ok markus@

OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784

show more ...


1234567891011