Commit Graph

195 Commits

Author SHA1 Message Date
markus@openbsd.org
16d4f9961c upstream: exit on parse failures in input_service_request; ok djm
OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2
2020-03-13 13:13:30 +11:00
Damien Miller
edd1d3a626 remove duplicate #includes
Prompted by Jakub Jelen
2019-10-02 10:54:28 +10:00
djm@openbsd.org
be02d7cbde upstream: lots of things were relying on libcrypto headers to
transitively include various system headers (mostly stdlib.h); include them
explicitly

OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
2019-09-06 17:54:21 +10:00
deraadt@openbsd.org
e8c974043c upstream: asprintf returns -1, not an arbitrary value < 0. Also
upon error the (very sloppy specification) leaves an undefined value in *ret,
so it is wrong to inspect it, the error condition is enough. discussed a
little with nicm, and then much more with millert until we were exasperated

OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
2019-07-02 15:59:26 +10:00
djm@openbsd.org
4f0019a9af upstream: Fix authentication failures when "AuthenticationMethods
any" in a Match block overrides a more restrictive global default.

Spotted by jmc@, ok markus@

OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-26 10:20:41 +11:00
Damien Miller
9b655dc9c9 last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
Damien Miller
3f0786bbe7 remove PAM dependencies on old packet API
Requires some caching of values, because the PAM code isn't
always called with packet context.
2019-01-20 10:22:18 +11:00
Damien Miller
08f66d9f17 remove vestiges of old packet API from loginrec.c 2019-01-20 09:58:45 +11:00
djm@openbsd.org
3a00a92159 upstream: convert auth.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
Damien Miller
5ebce136a6 upstream: convert auth2.c to new packet API
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20 09:44:53 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org
943d096526 upstream: include time.h for time(3)/nanosleep(2); from Ian
McKellar

OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2019-01-17 15:47:24 +11:00
djm@openbsd.org
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x API in
OpenSSH; feedback and ok tb@ jsing@ markus@

OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
2018-09-13 12:12:33 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Damien Miller
120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
markus@openbsd.org
c7d39ac8dc upstream: sshd: switch authentication to sshbuf API; ok djm@
OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
2018-07-10 15:27:43 +10:00
dtucker@openbsd.org
fdba503fdf upstream: Explicit cast when snprintf'ing an uint64. Prevents
warnings on platforms where int64 is long not long long.  ok djm@

OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001
2018-05-11 13:56:23 +10:00
dtucker@openbsd.org
e9d910b028 upstream: Defend against user enumeration timing attacks. This
establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms).  Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.

OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
2018-04-13 15:26:11 +10:00
djm@openbsd.org
7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
Darren Tucker
ddc0f38148 Remove UNICOS support.
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
2018-02-15 20:04:02 +11:00
Damien Miller
552ea155be one SSH_BUG_BANNER instance that got away 2018-01-23 16:49:22 +11:00
djm@openbsd.org
14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
djm@openbsd.org
8f57495927 upstream commit
refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-06-24 16:56:11 +10:00
markus@openbsd.org
92e9fe6331 upstream commit
remove now obsolete ctx from ssh_dispatch_run; ok djm@

Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
2017-06-01 14:53:33 +10:00
markus@openbsd.org
17ad5b3460 upstream commit
use the ssh_dispatch_run_fatal variant

Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
2017-05-31 18:39:10 +10:00
markus@openbsd.org
eb272ea409 upstream commit
switch auth2 to ssh_dispatch API; ok djm@

Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
2017-05-31 10:50:33 +10:00
markus@openbsd.org
2ae666a8fc upstream commit
protocol handlers all get struct ssh passed; ok djm@

Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
2017-05-31 10:50:05 +10:00
markus@openbsd.org
5f4082d886 upstream commit
sshd: pass struct ssh to auth functions; ok djm@

Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
2017-05-31 10:49:50 +10:00
djm@openbsd.org
f1a193464a upstream commit
use ssh_packet_set_log_preamble() to include connection
username in packet log messages, e.g.

Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]

ok markus@ bz#113

Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
2017-02-04 10:09:43 +11:00
djm@openbsd.org
1a31d02b24 upstream commit
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
markus@openbsd.org
3fdc88a0de upstream commit
move dispatch to struct ssh; ok djm@
2015-01-20 09:14:16 +11:00
djm@openbsd.org
161cf419f4 upstream commit
make internal handling of filename arguments of "none"
 more consistent with ssh. "none" arguments are now replaced with NULL when
 the configuration is finalised.

Simplifies checking later on (just need to test not-NULL rather than
that + strcmp) and cleans up some inconsistencies. ok markus@
2014-12-22 19:08:12 +11:00
djm@openbsd.org
058f839fe1 upstream commit
don't count partial authentication success as a failure
 against MaxAuthTries; ok deraadt@
2014-12-22 09:31:19 +11:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
686feb560e - djm@cvs.openbsd.org 2014/07/03 11:16:55
[auth.c auth.h auth1.c auth2.c]
     make the "Too many authentication failures" message include the
     user, source address, port and protocol in a format similar to the
     authentication success / failure messages; bz#2199, ok dtucker
2014-07-03 21:29:38 +10:00
Damien Miller
7cc194f70d - djm@cvs.openbsd.org 2014/01/29 06:18:35
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
     remove experimental, never-enabled JPAKE code; ok markus@
2014-02-04 11:12:56 +11:00
Darren Tucker
0acca3797d - djm@cvs.openbsd.org 2013/05/19 02:42:42
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
     Standardise logging of supplemental information during userauth. Keys
     and ruser is now logged in the auth success/failure message alongside
     the local username, remote host/port and protocol in use. Certificates
     contents and CA are logged too.
     Pushing all logging onto a single line simplifies log analysis as it is
     no longer necessary to relate information scattered across multiple log
     entries. "I like it" markus@
2013-06-02 07:41:51 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
Damien Miller
15b05cfa17 - djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
     [monitor.c monitor.h]
     Fixes logging of partial authentication when privsep is enabled
     Previously, we recorded "Failed xxx" since we reset authenticated before
     calling auth_log() in auth2.c. This adds an explcit "Partial" state.

     Add a "submethod" to auth_log() to report which submethod is used
     for keyboard-interactive.

     Fix multiple authentication when one of the methods is
     keyboard-interactive.

     ok markus@
2012-12-03 09:53:20 +11:00
Damien Miller
a6e3f01d1e - djm@cvs.openbsd.org 2012/11/04 11:09:15
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
     [sshd_config.5]
     Support multiple required authentication via an AuthenticationMethods
     option. This option lists one or more comma-separated lists of
     authentication method names. Successful completion of all the methods in
     any list is required for authentication to complete;
     feedback and ok markus@
2012-11-04 23:21:40 +11:00
Damien Miller
8ed4de8f1d - djm@cvs.openbsd.org 2011/12/07 05:44:38
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
     fix some harmless and/or unreachable int overflows;
     reported Xi Wang, ok markus@
2011-12-19 10:52:50 +11:00
Damien Miller
3fcdfd55a3 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/03/10 02:52:57
     [auth2-gss.c auth2.c]
     allow GSSAPI authentication to detect when a server-side failure causes
     authentication failure and don't count such failures against MaxAuthTries;
     bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 14:04:11 +10:00
Damien Miller
da108ece68 - djm@cvs.openbsd.org 2010/08/31 09:58:37
[auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
     [packet.h ssh-dss.c ssh-rsa.c]
     Add buffer_get_cstring() and related functions that verify that the
     string extracted from the buffer contains no embedded \0 characters*
     This prevents random (possibly malicious) crap from being appended to
     strings where it would not be noticed if the string is used with
     a string(3) function.

     Use the new API in a few sensitive places.

     * actually, we allow a single one at the end of the string for now because
     we don't know how many deployed implementations get this wrong, but don't
     count on this to remain indefinitely.
2010-08-31 22:36:39 +10:00
Darren Tucker
821d3dbe36 - dtucker@cvs.openbsd.org 2009/06/22 05:39:28
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
     alphabetize includes; reduces diff vs portable and style(9).
     ok stevesk djm
     (Id sync only; these were already in order in -portable)
2009-06-22 16:11:06 +10:00
Darren Tucker
43e7a358ff - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
header-order changes to reduce diff vs OpenBSD.
2009-06-21 19:50:08 +10:00
Damien Miller
01ed2272a1 - djm@cvs.openbsd.org 2008/11/04 08:22:13
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
     [Makefile.in]
     Add support for an experimental zero-knowledge password authentication
     method using the J-PAKE protocol described in F. Hao, P. Ryan,
     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
     Security Protocols, Cambridge, April 2008.

     This method allows password-based authentication without exposing
     the password to the server. Instead, the client and server exchange
     cryptographic proofs to demonstrate of knowledge of the password while
     revealing nothing useful to an attacker or compromised endpoint.

     This is experimental, work-in-progress code and is presently
     compiled-time disabled (turn on -DJPAKE in Makefile.inc).

     "just commit it.  It isn't too intrusive." deraadt@
2008-11-05 16:20:46 +11:00
Damien Miller
0b4d48ba74 - djm@cvs.openbsd.org 2008/07/04 23:30:16
[auth1.c auth2.c]
     Make protocol 1 MaxAuthTries logic match protocol 2's.
     Do not treat the first protocol 2 authentication attempt as
     a failure IFF it is for method "none".
     Makes MaxAuthTries' user-visible behaviour identical for
     protocol 1 vs 2.
     ok dtucker@
2008-07-05 09:44:53 +10:00
Darren Tucker
7c99b1ceda - djm@cvs.openbsd.org 2008/07/02 13:30:34
[auth2.c]
     really really remove the freebie "none" auth try for protocol 2
2008-07-04 12:53:23 +10:00
Darren Tucker
4230a5dc30 - djm@cvs.openbsd.org 2008/07/02 12:36:39
[auth2-none.c auth2.c]
     Make protocol 2 MaxAuthTries behaviour a little more sensible:
     Check whether client has exceeded MaxAuthTries before running
     an authentication method and skip it if they have, previously it
     would always allow one try (for "none" auth).
     Preincrement failure count before post-auth test - previously this
     checked and postincremented, also to allow one "none" try.
     Together, these two changes always count the "none" auth method
     which could be skipped by a malicious client (e.g. an SSH worm)
     to get an extra attempt at a real auth method. They also make
     MaxAuthTries=0 a useful way to block users entirely (esp. in a
     sshd_config Match block).
     Also, move sending of any preauth banner from "none" auth method
     to the first call to input_userauth_request(), so worms that skip
     the "none" method get to see it too.
2008-07-02 22:56:09 +10:00