aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/monitor.c
Commit message (Collapse)AuthorAgeFilesLines
* sshd: make getpwclass wrapper MON_ISAUTH not MON_AUTHEd Maste2019-11-201-1/+1
| | | | | | | | | | | | | | | | In r339216 a privsep wrapper was added for login_getpwclass to address PR 231172. Unfortunately the change used the MON_AUTH flag in the wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an auth_log() on each invocation. getpwclass() does not participate in the authentication decision, so should be MON_ISAUTH instead. PR: 234793 Submitted by: Henry Hu Reviewed by: Yuichiro NAITO MFC after: 1 week Notes: svn path=/head/; revision=354897
* Fix portability issues with the Capsicum patch committed in r339216:Dag-Erling Smørgrav2018-10-091-0/+6
| | | | | | | | | | | | | - Wrap access to pw_change and pw_expire in the appropriate #ifdefs. - Wrap calls to login_cap(3) API in appropriate #ifdefs. - Add wrapper for transferring time_t, which is still only 32 bits wide on FreeBSD i386. - Use a temporary variable to deserialize size_t. Approved by: re (gjb) Notes: svn path=/head/; revision=339263
* sshd: address capsicum issuesEd Maste2018-10-061-12/+43
| | | | | | | | | | | | | | | | | | * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in capability mode. * Cache timezone data via caph_cache_tzdata() as we cannot access the timezone file. * Reverse resolve hostname before entering capability mode. PR: 231172 Submitted by: naito.yuichiro@gmail.com Reviewed by: cem, des Approved by: re (rgrimes) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D17128 Notes: svn path=/head/; revision=339216
* openssh: cherry-pick OpenSSL 1.1.1 compatibilityEd Maste2018-10-061-3/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compatibility with existing OpenSSL versions is maintained. Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl. Trivial conflicts in sshkey.c and test_sshkey.c were resolved. Connect libressl-api-compat.c to the build, and regenerate config.h Reviewed by: des Approved by: re (rgrimes) MFC after: 2 seeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17444 Notes: svn path=/head/; revision=339213
* | Upgrade to OpenSSH 7.8p1.Dag-Erling Smørgrav2018-09-101-331/+348
|\| | | | | | | | | | | | | Approved by: re (kib@) Notes: svn path=/head/; revision=338561
* | Upgrade to OpenSSH 7.7p1.Dag-Erling Smørgrav2018-05-111-45/+71
|\| | | | | | | Notes: svn path=/head/; revision=333490
* | Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.Dag-Erling Smørgrav2018-05-081-35/+68
|\| | | | | | | | | | | | | | | | | This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11. Notes: svn path=/head/; revision=333389
* | Upgrade to OpenSSH 7.5p1.Dag-Erling Smørgrav2017-08-041-1/+6
|\| | | | | | | Notes: svn path=/head/; revision=322052
* | Upgrade to OpenSSH 7.4p1.Dag-Erling Smørgrav2017-03-061-345/+62
|\| | | | | | | Notes: svn path=/head/; revision=314720
* | Upgrade to OpenSSH 7.3p1.Dag-Erling Smørgrav2017-03-021-15/+30
|\| | | | | | | Notes: svn path=/head/; revision=314527
* | Upgrade to OpenSSH 7.2p2.Dag-Erling Smørgrav2016-03-111-21/+18
|\| | | | | | | Notes: svn path=/head/; revision=296633
* | Upgrade to OpenSSH 6.9p1.Dag-Erling Smørgrav2016-01-191-9/+13
|\| | | | | | | Notes: svn path=/head/; revision=294336
* | Upgrade to OpenSSH 6.8p1.Dag-Erling Smørgrav2016-01-191-252/+143
|\| | | | | | | Notes: svn path=/head/; revision=294332
* | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removedDag-Erling Smørgrav2016-01-191-3/+30
|\| | | | | | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week Notes: svn path=/head/; revision=294328
* | Fix OpenSSH multiple vulnerabilities by backporting three changesXin LI2015-08-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | from OpenSSH-portable master. Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b 5e75f5198769056089fb06c4d738ab0e5abc66f7 d4697fe9a28dab7255c60433e4dd23cf7fce8a8b Reviewed by: des Security: FreeBSD-SA-15:22.openssh Notes: svn path=/head/; revision=287143
* | Upgrade to OpenSSH 6.6p1.Dag-Erling Smørgrav2014-03-251-229/+5
|\| | | | | | | Notes: svn path=/head/; revision=263712
* | Upgrade to OpenSSH 6.5p1.Dag-Erling Smørgrav2014-01-311-1/+2
|\| | | | | | | Notes: svn path=/head/; revision=261320
* | Upgrade to 6.3p1.Dag-Erling Smørgrav2013-09-211-97/+117
|\| | | | | | | | | | | | | Approved by: re (gjb) Notes: svn path=/head/; revision=255767
* | Upgrade to OpenSSH 6.2p1. The most important new features are supportDag-Erling Smørgrav2013-03-221-14/+50
|\| | | | | | | | | | | | | for a key revocation list and more fine-grained authentication control. Notes: svn path=/head/; revision=248619
* | Upgrade OpenSSH to 6.1p1.Dag-Erling Smørgrav2012-09-031-4/+2
|\| | | | | | | Notes: svn path=/head/; revision=240075
* | Upgrade to OpenSSH 5.9p1.Dag-Erling Smørgrav2011-10-051-23/+133
|\| | | | | | | | | | | | | MFC after: 3 months Notes: svn path=/head/; revision=226046
* | Upgrade to OpenSSH 5.8p2.Dag-Erling Smørgrav2011-05-041-4/+5
|\| | | | | | | Notes: svn path=/head/; revision=221420
* | Upgrade to OpenSSH 5.6p1.Dag-Erling Smørgrav2010-11-111-10/+10
|\| | | | | | | Notes: svn path=/head/; revision=215116
* | Upgrade to OpenSSH 5.4p1.Dag-Erling Smørgrav2010-03-091-17/+3
|\| | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=204917
* | Upgrade to OpenSSH 5.3p1.Dag-Erling Smørgrav2009-10-011-6/+19
|\| | | | | | | Notes: svn path=/head/; revision=197679
* | Upgrade to OpenSSH 5.2p1.Dag-Erling Smørgrav2009-05-221-2/+229
|\| | | | | | | | | | | | | MFC after: 3 months Notes: svn path=/head/; revision=192595
* | Upgrade to OpenSSH 5.1p1.Dag-Erling Smørgrav2008-08-011-8/+25
|\| | | | | | | | | | | | | | | | | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks Notes: svn path=/head/; revision=181111
| * Properly flatten openssh/dist.Dag-Erling Smørgrav2008-07-221-1954/+0
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=180720
| * Vendor import of OpenSSH 4.5p1.Dag-Erling Smørgrav2006-11-101-4/+4
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=164146
| * Vendor import of OpenSSH 4.4p1.Dag-Erling Smørgrav2006-09-301-20/+61
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=162852
| * Vendor patch for a problem that prevented using protocol version 1 whenDag-Erling Smørgrav2006-09-161-4/+1
| | | | | | | | | | | | | | BSM was enabled. Notes: svn path=/vendor-crypto/openssh/dist/; revision=162359
| * Vendor import of OpenSSH 4.3p1.Dag-Erling Smørgrav2006-03-221-8/+6
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=157016
| * Vendor import of OpenSSH 4.2p1.Dag-Erling Smørgrav2005-09-031-4/+4
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=149749
| * Vendor import of OpenSSH 4.1p1.Dag-Erling Smørgrav2005-06-051-4/+4
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=147001
| * Vendor import of OpenSSH 4.0p1.Dag-Erling Smørgrav2005-06-051-2/+71
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=146998
| * Vendor import of OpenSSH 3.9p1.Dag-Erling Smørgrav2004-10-281-75/+81
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=137015
| * Vendor import of OpenSSH 3.8.1p1.Dag-Erling Smørgrav2004-04-201-8/+9
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=128456
| * Vendor import of OpenSSH 3.8p1.Dag-Erling Smørgrav2004-02-261-17/+46
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=126274
| * Vendor import of OpenSSH 3.7.1p2.Dag-Erling Smørgrav2004-01-071-108/+271
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=124208
| * Vendor import of OpenSSH-portable 3.6.1p1.Dag-Erling Smørgrav2003-04-231-16/+26
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=113908
| * Vendor import of OpenSSH-portable 3.5p1.Dag-Erling Smørgrav2002-10-291-16/+114
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=106121
| * Vendor import of OpenSSH 3.4p1.Dag-Erling Smørgrav2002-06-291-7/+8
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=99060
| * Vendor import of OpenSSH 3.3p1.Dag-Erling Smørgrav2002-06-271-0/+43
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=98937
* | Revert an old hack I put in to replace S/Key with OPIE. We haven't usedDag-Erling Smørgrav2008-08-011-9/+0
| | | | | | | | | | | | | | that code in ages - we use pam_opie(8) instead - so this is a NOP. Notes: svn path=/head/; revision=181090
* | Resolve conflicts.Dag-Erling Smørgrav2006-11-101-4/+4
| | | | | | | | Notes: svn path=/head/; revision=164149
* | Merge conflicts.Dag-Erling Smørgrav2006-09-301-22/+63
| | | | | | | | | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=162856
* | Merge vendor patch for BSM problem in protocol version 1.Dag-Erling Smørgrav2006-09-161-4/+1
| | | | | | | | | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=162360
* | Merge conflicts.Dag-Erling Smørgrav2006-03-221-8/+6
| | | | | | | | Notes: svn path=/head/; revision=157019
* | Resolve conflicts.Dag-Erling Smørgrav2005-09-031-4/+4
| | | | | | | | Notes: svn path=/head/; revision=149753
* | Resolve conflicts.Dag-Erling Smørgrav2005-06-051-3/+72
| | | | | | | | Notes: svn path=/head/; revision=147005
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-04 14:51:06 +0000