g/c unused variable

Start the process of splitting sshd into separate binaries. This step
splits sshd into a listener and a session binary. More splits are
planned.

After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.

This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.

feedback/ok markus@ deraadt@

NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.

clamp max number of GSSAPI mechanisms to 2048; ok dtucker

prepare for multiple names for authmethods

allow authentication methods to have one additional name beyond their
primary name.

allow lookup by this synonym

Use primary name for authentication decisions, e.g. for
PermitRootLogin=publickey

Pass actual invoked name to the authmethods, so they can tell whether they
were requested via the their primary name or synonym.

ok markus@

this needs kex.h now

make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Micha�� Sajdak; ok deraadt

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

clamp max number of GSSAPI mechanisms to 2048; ok dtucker

prepare for multiple names for authmethods

allow authentication methods to have one additional name beyond their
primary name.

allow lookup by this synonym

Use primary name for authentication decisions, e.g. for
PermitRootLogin=publickey

Pass actual invoked name to the authmethods, so they can tell whether they
were requested via the their primary name or synonym.

ok markus@

this needs kex.h now

make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Micha�� Sajdak; ok deraadt

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

prepare for multiple names for authmethods

allow authentication methods to have one additional name beyond their
primary name.

allow lookup by this synonym

Use primary name for authentication decisions, e.g. for
PermitRootLogin=publickey

Pass actual invoked name to the authmethods, so they can tell whether they
were requested via the their primary name or synonym.

ok markus@

this needs kex.h now

make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Micha�� Sajdak; ok deraadt

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

this needs kex.h now

make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Micha�� Sajdak; ok deraadt

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Micha�� Sajdak; ok deraadt

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

delay bailout for invalid authenticating user until after the packet
containing the request has been fully parsed. Reported by Dariusz Tytko
and Micha�� Sajdak; ok deraadt

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

kerberos/gssapi fixes for buffer removal

sshd: switch GSSAPI to sshbuf API; ok djm@

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.

refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

switch auth2 to ssh_dispatch API; ok djm@

protocol handlers all get struct ssh passed; ok djm@

sshd: pass struct ssh to auth functions; ok djm@

move dispatch to struct ssh; ok djm@

bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@

bye, bye xfree(); ok markus@

hush some {unused, printf type} warnings

Fixes logging of partial authentication when privsep is enabled
Previously, we recorded "Failed xxx" since we reset authenticated before
calling auth_log() in auth2.c. This adds an explcit "Partial" state.

Add a "submethod" to auth_log() to report which submethod is used
for keyboard-interactive.

Fix multiple authentication when one of the methods is
keyboard-interactive.

ok markus@

allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock

Allow build without -DGSSAPI; ok deraadt@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

standardise spacing in $OpenBSD$ tags; requested by deraadt@

GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok

branches: 1.12.2;
KNF; ok djm@

remove unneeded #includes; ok markus@

branches: 1.10.2;
knf says that a 2nd level indent is four (not three or five) spaces

make this -Wsign-compare clean; ok avsm@ markus@

branches: 1.8.2; 1.8.4;
make ssh -Wshadow clean, no functional changes
markus@ ok

branches: 1.7.2;
unexpand and delete whitespace at EOL; ok markus@

replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; test + ok jakob.

remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk

make sure the doid is larger than 2

branches: 1.3.2; 1.3.4; 1.3.6;
fix leak

64 bit cleanups; markus ok

support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.