#
1.22 |
|
17-May-2024 |
djm |
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned.
After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs.
This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.21 |
|
27-May-2022 |
dtucker |
f sshpkt functions fail, then password is not cleared with freezero. Unconditionally call freezero to guarantee that password is removed from RAM.
From tobias@ and c3h2_ctf via github PR#286, ok djm@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
19-Dec-2021 |
djm |
prepare for multiple names for authmethods
allow authentication methods to have one additional name beyond their primary name.
allow lookup by this synonym
Use primary name for authentication decisions, e.g. for PermitRootLogin=publickey
Pass actual invoked name to the authmethods, so they can tell whether they were requested via the their primary name or synonym.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.18 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.17 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.21 |
|
27-May-2022 |
dtucker |
f sshpkt functions fail, then password is not cleared with freezero. Unconditionally call freezero to guarantee that password is removed from RAM.
From tobias@ and c3h2_ctf via github PR#286, ok djm@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.20 |
|
19-Dec-2021 |
djm |
prepare for multiple names for authmethods
allow authentication methods to have one additional name beyond their primary name.
allow lookup by this synonym
Use primary name for authentication decisions, e.g. for PermitRootLogin=publickey
Pass actual invoked name to the authmethods, so they can tell whether they were requested via the their primary name or synonym.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.18 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.17 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.20 |
|
19-Dec-2021 |
djm |
prepare for multiple names for authmethods
allow authentication methods to have one additional name beyond their primary name.
allow lookup by this synonym
Use primary name for authentication decisions, e.g. for PermitRootLogin=publickey
Pass actual invoked name to the authmethods, so they can tell whether they were requested via the their primary name or synonym.
ok markus@
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.19 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.18 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.17 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.19 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.18 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.17 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.18 |
|
26-Feb-2020 |
jsg |
change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry.
ok deraadt@ djm@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.17 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.17 |
|
06-Sep-2019 |
djm |
lots of things were relying on libcrypto headers to transitively include various system headers (mostly stdlib.h); include them explicitly
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.16 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
#
1.15 |
|
03-Mar-2018 |
djm |
switch over to the new authorized_keys options API and remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines.
feedback and ok markus@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.14 |
|
30-May-2017 |
markus |
switch auth2 to ssh_dispatch API; ok djm@
|
#
1.13 |
|
30-May-2017 |
markus |
switch auth2-passwd.c to modern APIs; ok djm@
|
Revision tags: OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.12 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.11 |
|
02-Feb-2014 |
djm |
convert memset of potentially-private data to explicit_bzero()
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.10 |
|
17-May-2013 |
djm |
bye, bye xfree(); ok markus@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.9 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.8 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.7 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.6 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.5 |
|
31-Dec-2003 |
dtucker |
branches: 1.5.8; 1.5.10; Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.4 |
|
26-Aug-2003 |
markus |
branches: 1.4.2; fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
|
#
1.3 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.2 |
|
31-May-2002 |
markus |
branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8; move Authmethod definitons to per-method file.
|
#
1.1 |
|
25-May-2002 |
markus |
split auth2.c into one file per method; ok provos@/deraadt@
|