Commit Graph

157 Commits

Author SHA1 Message Date
djm@openbsd.org
f5ba85dadd upstream: make sure that UseDNS hostname lookup happens in the monitor
and not in the pledge(2)'d unprivileged process; fixes regression caused by
recent refactoring spotted by henning@

OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d
2022-06-16 02:12:11 +10:00
djm@openbsd.org
3b0b142d2a upstream: refactor authorized_keys/principals handling
remove "struct ssh *" from arguments - this was only used to pass the
remote host/address. These can be passed in instead and the resulting
code is less tightly coupled to ssh_api.[ch]

ok dtucker@

OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d
2022-05-27 16:36:06 +10:00
markus@openbsd.org
faf2b86a46 upstream: do not pass file/func to monitor; noted by Ilja van Sprundel;
ok djm@

OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa
2021-04-16 13:24:33 +10:00
djm@openbsd.org
b2bcec13f1 upstream: clean up passing of struct passwd from monitor to preauth
privsep process. No longer copy entire struct w/ pointer addresses, but pass
remaining scalar fields explicitly,

Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@

OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53
2020-11-27 13:16:32 +11:00
Darren Tucker
7715a3b171 Use fatal_fr not fatal_r when passing r.
Caught by the PAM -Werror tinderbox build.
2020-10-19 10:54:41 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
793b583d09 upstream: LogVerbose keyword for ssh and sshd
Allows forcing maximum debug logging by file/function/line pattern-
lists.

ok markus@

OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
2020-10-17 00:43:17 +11:00
djm@openbsd.org
752250caab upstream: revised log infrastructure for OpenSSH
log functions receive function, filename and line number of caller.
We can use this to selectively enable logging via pattern-lists.

ok markus@

OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
2020-10-17 00:42:29 +11:00
djm@openbsd.org
9b8ad93824 upstream: support for user-verified FIDO keys
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.

This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.

feedback markus@ and Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
2020-08-27 11:28:36 +10:00
djm@openbsd.org
56584cce75 upstream: allow security keys to act as host keys as well as user
keys.

Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.

ok markus@

OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
2019-12-16 14:19:41 +11:00
djm@openbsd.org
b7e74ea072 upstream: Add new structure for signature options
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.

with and ok markus@

OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-25 12:23:33 +11:00
naddy@openbsd.org
189550f5bc upstream: additional missing stdarg.h includes when built without
WITH_OPENSSL; ok djm@

OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
2019-11-20 09:27:29 +11:00
djm@openbsd.org
9a14c64c38 upstream: Refactor signing - use sshkey_sign for everything,
including the new U2F signatures.

Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.

Suggested by / ok markus@

OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
2019-11-01 09:46:10 +11:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
djm@openbsd.org
7be8572b32 upstream: Make sshpkt_get_bignum2() allocate the bignum it is
parsing rather than make the caller do it. Saves a lot of boilerplate code.

from markus@ ok djm@

OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
2019-01-21 21:47:28 +11:00
Damien Miller
9b655dc9c9 last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
Damien Miller
3f0786bbe7 remove PAM dependencies on old packet API
Requires some caching of values, because the PAM code isn't
always called with packet context.
2019-01-20 10:22:18 +11:00
djm@openbsd.org
04c091fc19 upstream: remove last references to active_state
with & ok markus@

OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
2019-01-20 09:45:18 +11:00
djm@openbsd.org
ec00f918b8 upstream: convert monitor.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
2019-01-20 09:45:18 +11:00
djm@openbsd.org
3a00a92159 upstream: convert auth.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
djm@openbsd.org
0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
Damien Miller
87f08be054 Remove support for S/Key
Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.
2018-07-31 12:59:30 +10:00
djm@openbsd.org
6ad8648e83 upstream: remove unused zlib.h
OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
2018-07-20 14:32:07 +10:00
Darren Tucker
1dd32c23f2 Fallout from buffer conversion in AUDIT_EVENTS.
Supply missing "int r" and fix error path for sshbuf_new().
2018-07-13 13:38:10 +10:00
markus@openbsd.org
5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Darren Tucker
416287d45f Fix sshbuf_new error path in skey. 2018-07-11 10:11:17 +10:00
Darren Tucker
7aab109b8b Supply missing third arg in skey.
During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted.  Fixes build when configured with skey.
2018-07-11 10:11:17 +10:00
Darren Tucker
380320bb72 Supply some more missing "int r" in skey 2018-07-11 10:11:17 +10:00
sf@openbsd.org
984bacfaac upstream: re-remove some pre-auth compression bits
This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.

ok markus@

OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
2018-07-11 09:52:08 +10:00
Damien Miller
120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
djm@openbsd.org
0f3958c1e6 upstream: kerberos/gssapi fixes for buffer removal
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
2018-07-10 19:15:35 +10:00
markus@openbsd.org
235c7c4e3b upstream: sshd: switch monitor to sshbuf API; lots of help & ok
djm@

OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
2018-07-10 16:40:18 +10:00
markus@openbsd.org
2808d18ca4 upstream: sshd: switch loginmsg to sshbuf API; ok djm@
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
2018-07-10 15:21:58 +10:00
sf@openbsd.org
168b46f405 upstream: Revert previous two commits
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:

date: 2018/07/06 09:06:14;  author: sf;  commitid: yZVYKIRtUZWD9CmE;
 Rename COMP_DELAYED to COMP_ZLIB

 Only delayed compression is supported nowadays.

 ok markus@

date: 2018/07/06 09:05:01;  author: sf;  commitid: rEGuT5UgI9f6kddP;
 Remove leftovers from pre-authentication compression

 Support for this has been removed in 2016.
 COMP_DELAYED will be renamed in a later commit.

 ok markus@

OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
2018-07-10 15:13:41 +10:00
sf@openbsd.org
95db395d2e upstream: Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.

ok markus@

OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
2018-07-10 15:13:40 +10:00
Damien Miller
10479cc2a4 Many typo fixes from Karsten Weiss
Spotted using https://github.com/lucasdemarchi/codespell
2018-04-10 10:19:02 +10:00
djm@openbsd.org
7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
markus@openbsd.org
25aae35d3d upstream commit
uuencode.h is not used

OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
2018-01-23 16:28:31 +11:00
djm@openbsd.org
d45d69f2a9 upstream commit
revert stricter key type / signature type checking in
userauth path; too much software generates inconsistent messages, so we need
a better plan.

OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
2017-12-21 15:40:19 +11:00
djm@openbsd.org
04c7e28f83 upstream commit
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@

OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-12-19 15:21:37 +11:00
djm@openbsd.org
dceabc7ad7 upstream commit
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@

Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2017-10-20 12:01:02 +11:00
djm@openbsd.org
66bf74a921 upstream commit
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@

Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
2017-10-03 06:34:26 +11:00
djm@openbsd.org
dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
markus@openbsd.org
00ed75c92d upstream commit
switch auth2-pubkey.c to modern APIs; with & ok djm@

Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
2017-05-31 10:47:31 +10:00
markus@openbsd.org
54d90ace1d upstream commit
switch from Key typedef with struct sshkey; ok djm@

Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
2017-05-31 10:47:31 +10:00
djm@openbsd.org
54cd41a466 upstream commit
allow LogLevel in sshd_config Match blocks; ok dtucker
bz#2717

Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
2017-05-17 11:25:22 +10:00
markus@openbsd.org
6cb6dcffe1 upstream commit
remove ssh1 server code; ok djm@

Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2016-08-14 11:19:14 +10:00
Darren Tucker
01558b7b07 Handle PAM_MAXTRIES from modules.
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
password and keyboard-interative authentication methods.  Should prevent
"sshd ignoring max retries" warnings in the log.  ok djm@

It probably won't trigger with keyboard-interactive in the default
configuration because the retry counter is stored in module-private
storage which goes away with the sshd PAM process (see bz#688).  On the
other hand, those cases probably won't log a warning either.
2016-07-18 09:33:25 +10:00
djm@openbsd.org
95767262ca upstream commit
refactor canohost.c: move functions that cache results closer
 to the places that use them (authn and session code). After this, no state is
 cached in canohost.c

feedback and ok markus@

Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
2016-03-08 06:20:35 +11:00
markus@openbsd.org
a306863831 upstream commit
remove roaming support; ok djm@

Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-27 16:54:10 +11:00