| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In r339216 a privsep wrapper was added for login_getpwclass to address
PR 231172. Unfortunately the change used the MON_AUTH flag in the
wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an
auth_log() on each invocation. getpwclass() does not participate in the
authentication decision, so should be MON_ISAUTH instead.
PR: 234793
Submitted by: Henry Hu
Reviewed by: Yuichiro NAITO
MFC after: 1 week
Notes:
svn path=/head/; revision=354897
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
on FreeBSD i386.
- Use a temporary variable to deserialize size_t.
Approved by: re (gjb)
Notes:
svn path=/head/; revision=339263
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.
PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128
Notes:
svn path=/head/; revision=339216
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Compatibility with existing OpenSSL versions is maintained.
Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
Connect libressl-api-compat.c to the build, and regenerate config.h
Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444
Notes:
svn path=/head/; revision=339213
|
|\|
| |
| |
| |
| |
| |
| | |
Approved by: re (kib@)
Notes:
svn path=/head/; revision=338561
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=333490
|
|\|
| |
| |
| |
| |
| |
| |
| |
| | |
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
Notes:
svn path=/head/; revision=333389
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=322052
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=314720
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=314527
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=296633
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=294336
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=294332
|
|\|
| |
| |
| |
| |
| |
| |
| |
| | |
upstream) and a number of security fixes which we had already backported.
MFC after: 1 week
Notes:
svn path=/head/; revision=294328
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
from OpenSSH-portable master.
Git revisions: 45b0eb752c94954a6de046bfaaf129e518ad4b5b
5e75f5198769056089fb06c4d738ab0e5abc66f7
d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by: des
Security: FreeBSD-SA-15:22.openssh
Notes:
svn path=/head/; revision=287143
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=263712
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=261320
|
|\|
| |
| |
| |
| |
| |
| | |
Approved by: re (gjb)
Notes:
svn path=/head/; revision=255767
|
|\|
| |
| |
| |
| |
| |
| | |
for a key revocation list and more fine-grained authentication control.
Notes:
svn path=/head/; revision=248619
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=240075
|
|\|
| |
| |
| |
| |
| |
| | |
MFC after: 3 months
Notes:
svn path=/head/; revision=226046
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=221420
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=215116
|
|\|
| |
| |
| |
| |
| |
| | |
MFC after: 1 month
Notes:
svn path=/head/; revision=204917
|
|\|
| |
| |
| | |
Notes:
svn path=/head/; revision=197679
|
|\|
| |
| |
| |
| |
| |
| | |
MFC after: 3 months
Notes:
svn path=/head/; revision=192595
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
Notes:
svn path=/head/; revision=181111
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=180720
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=164146
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=162852
|
| |
| |
| |
| |
| |
| |
| | |
BSM was enabled.
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=162359
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=157016
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=149749
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=147001
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=146998
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=137015
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=128456
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=126274
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=124208
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=113908
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=106121
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=99060
|
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=98937
|
| |
| |
| |
| |
| |
| |
| | |
that code in ages - we use pam_opie(8) instead - so this is a NOP.
Notes:
svn path=/head/; revision=181090
|
| |
| |
| |
| | |
Notes:
svn path=/head/; revision=164149
|
| |
| |
| |
| |
| |
| |
| | |
MFC after: 1 week
Notes:
svn path=/head/; revision=162856
|
| |
| |
| |
| |
| |
| |
| | |
MFC after: 1 week
Notes:
svn path=/head/; revision=162360
|
| |
| |
| |
| | |
Notes:
svn path=/head/; revision=157019
|
| |
| |
| |
| | |
Notes:
svn path=/head/; revision=149753
|
| |
| |
| |
| | |
Notes:
svn path=/head/; revision=147005
|