aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/sshd.c
Commit message (Collapse)AuthorAgeFilesLines
* openssh: refer to OpenSSL not SSLeay, part 2Ed Maste2020-07-151-1/+1
| | | | | | | | | | | | | | This change was made upstream between 7.9p1 and 8.0p1. We've made local changes in the same places for handling the version_addendum; apply the SSLeay_version to OpenSSL_version change in advance of importing 8.0p1. This should have been part of r363225. Obtained from: OpenSSH-portable a65784c9f9c5 MFC with: r363225 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=363235
* openssh: refer to OpenSSL not SSLeayEd Maste2020-07-151-1/+1
| | | | | | | | | | | | This change was made upstream between 7.9p1 and 8.0p1. We've made local changes in the same places for handling the version_addendum; apply the SSLeay_version to OpenSSL_version change in advance of importing 8.0p1. Obtained from: OpenSSH-portable a65784c9f9c5 Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=363225
* Upgrade to OpenSSH 7.9p1.Ed Maste2020-02-141-3/+2
|\ | | | | | | | | | | | | | | MFC after: 2 months Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=357926
* | sshd: address capsicum issuesEd Maste2018-10-061-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in capability mode. * Cache timezone data via caph_cache_tzdata() as we cannot access the timezone file. * Reverse resolve hostname before entering capability mode. PR: 231172 Submitted by: naito.yuichiro@gmail.com Reviewed by: cem, des Approved by: re (rgrimes) MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D17128 Notes: svn path=/head/; revision=339216
* | openssh: cherry-pick OpenSSL 1.1.1 compatibilityEd Maste2018-10-061-3/+3
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compatibility with existing OpenSSL versions is maintained. Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl. Trivial conflicts in sshkey.c and test_sshkey.c were resolved. Connect libressl-api-compat.c to the build, and regenerate config.h Reviewed by: des Approved by: re (rgrimes) MFC after: 2 seeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17444 Notes: svn path=/head/; revision=339213
* | openssh: rename local macro to avoid OpenSSL 1.1.1 conflictEd Maste2018-09-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Local changes introduced an OPENSSH_VERSION macro, but this conflicts with a macro of the same name introduced with OepnsSL 1.1.1 Reviewed by: des Approved by: re (gjb) MFC after: 1 week Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=338810
* | Upgrade to OpenSSH 7.8p1.Dag-Erling Smørgrav2018-09-101-89/+143
|\| | | | | | | | | | | | | Approved by: re (kib@) Notes: svn path=/head/; revision=338561
* | Upgrade to OpenSSH 7.7p1.Dag-Erling Smørgrav2018-05-111-77/+141
|\| | | | | | | Notes: svn path=/head/; revision=333490
* | Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.Dag-Erling Smørgrav2018-05-081-44/+43
|\| | | | | | | | | | | | | | | | | This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11. Notes: svn path=/head/; revision=333389
* | Upgrade to OpenSSH 7.5p1.Dag-Erling Smørgrav2017-08-041-5/+19
|\| | | | | | | Notes: svn path=/head/; revision=322052
* | Refine and update blacklist support in sshdKurt Lidl2017-05-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adjust notification points slightly to catch all auth failures, rather than just the ones caused by bad usernames. Modify notification point for bad usernames to send new type of BLACKLIST_BAD_USER. (Support in libblacklist will be forthcoming soon.) Add guards to allow library headers to expose the enum of action values. Reviewed by: des Approved by: des Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=318242
* | Upgrade to OpenSSH 7.4p1.Dag-Erling Smørgrav2017-03-061-536/+64
|\| | | | | | | Notes: svn path=/head/; revision=314720
* | Upgrade to OpenSSH 7.3p1.Dag-Erling Smørgrav2017-03-021-58/+121
|\| | | | | | | Notes: svn path=/head/; revision=314527
* | Add refactored blacklist support to sshdKurt Lidl2016-08-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change the calls to of blacklist_init() and blacklist_notify to be macros defined in the blacklist_client.h file. This avoids the need for #ifdef USE_BLACKLIST / #endif except in the blacklist.c file. Remove redundent initialization attempts from within blacklist_notify - everything always goes through blacklistd_init(). Added UseBlacklist option to sshd, which defaults to off. To enable the functionality, use '-o UseBlacklist=yes' on the command line, or uncomment in the sshd_config file. Reviewed by: des Approved by: des MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D7051 Notes: svn path=/head/; revision=305065
* | Revert r301551, which added blacklistd(8) to sshd(8).Glen Barber2016-06-241-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | This change has functional impact, and other concerns raised by the OpenSSH maintainer. Requested by: des PR: 210479 (related) Approved by: re (marius) Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=302182
* | Add blacklist support to sshdKurt Lidl2016-06-071-0/+13
| | | | | | | | | | | | | | | | | | | | | | Reviewed by: rpaulo Approved by: rpaulo (earlier version of changes) Relnotes: YES Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D5915 Notes: svn path=/head/; revision=301551
* | Upgrade to OpenSSH 7.2p2.Dag-Erling Smørgrav2016-03-111-36/+38
|\| | | | | | | Notes: svn path=/head/; revision=296633
* | Upgrade to OpenSSH 7.1p2.Dag-Erling Smørgrav2016-01-211-2/+8
|\| | | | | | | Notes: svn path=/head/; revision=294496
* | Upgrade to OpenSSH 7.0p1.Dag-Erling Smørgrav2016-01-201-28/+21
|\| | | | | | | Notes: svn path=/head/; revision=294464
* | Upgrade to OpenSSH 6.9p1.Dag-Erling Smørgrav2016-01-191-8/+17
|\| | | | | | | Notes: svn path=/head/; revision=294336
* | Upgrade to OpenSSH 6.8p1.Dag-Erling Smørgrav2016-01-191-110/+191
|\| | | | | | | Notes: svn path=/head/; revision=294332
* | Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removedDag-Erling Smørgrav2016-01-191-13/+45
|\| | | | | | | | | | | | | | | | | upstream) and a number of security fixes which we had already backported. MFC after: 1 week Notes: svn path=/head/; revision=294328
* | As previously threatened, remove the HPN patch from OpenSSH.Dag-Erling Smørgrav2016-01-191-16/+6
| | | | | | | | Notes: svn path=/head/; revision=294325
* | Retire the NONE cipher option.Dag-Erling Smørgrav2015-11-231-6/+0
| | | | | | | | Notes: svn path=/head/; revision=291198
* | Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").Dag-Erling Smørgrav2015-11-111-1/+0
| | | | | | | | Notes: svn path=/head/; revision=290672
* | Apply upstream patch for EC calculation bug and bump version addendum.Dag-Erling Smørgrav2014-04-201-0/+3
|\| | | | | | | Notes: svn path=/head/; revision=264691
* | Upgrade to OpenSSH 6.6p1.Dag-Erling Smørgrav2014-03-251-20/+33
|\| | | | | | | Notes: svn path=/head/; revision=263712
* | Upgrade to OpenSSH 6.5p1.Dag-Erling Smørgrav2014-01-311-19/+37
|\| | | | | | | Notes: svn path=/head/; revision=261320
* | Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of aDag-Erling Smørgrav2013-09-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius) Notes: svn path=/head/; revision=255829
* | Upgrade to 6.3p1.Dag-Erling Smørgrav2013-09-211-21/+104
|\| | | | | | | | | | | | | Approved by: re (gjb) Notes: svn path=/head/; revision=255767
* | Upgrade to OpenSSH 6.2p1. The most important new features are supportDag-Erling Smørgrav2013-03-221-3/+41
|\| | | | | | | | | | | | | for a key revocation list and more fine-grained authentication control. Notes: svn path=/head/; revision=248619
* | Upgrade OpenSSH to 6.1p1.Dag-Erling Smørgrav2012-09-031-41/+54
|\| | | | | | | Notes: svn path=/head/; revision=240075
* | OpenSSH: allow VersionAddendum to be used againEygene Ryabinkin2012-05-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this, setting VersionAddendum will be a no-op: one will always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum set in the config and a bare BASE_VERSION + VERSION_HPN when there is no VersionAddendum is set. HPN patch requires both parties to have the "hpn" inside their advertized versions, so we add VERSION_HPN to the VERSION_BASE if HPN is enabled and omitting it if HPN is disabled. VersionAddendum now uses the following logics: * unset (default value): append " " and VERSION_ADDENDUM; * VersionAddendum is set and isn't empty: append " " and VersionAddendum; * VersionAddendum is set and empty: don't append anything. Approved by: des Reviewed by: bz MFC after: 3 days Notes: svn path=/head/; revision=236139
* | Polish diff against upstream.Ed Schouten2012-02-131-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | - Revert unneeded whitespace changes. - Revert modifications to loginrec.c, as the upstream version already does the right thing. - Fix indentation and whitespace of local changes. Approved by: des MFC after: 1 month Notes: svn path=/head/; revision=231584
* | Upgrade to OpenSSH 5.9p1.Dag-Erling Smørgrav2011-10-051-11/+33
|\| | | | | | | | | | | | | MFC after: 3 months Notes: svn path=/head/; revision=226046
* | Add support for dynamically adjusted buffers to allow the full use ofBrooks Davis2011-08-031-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) Notes: svn path=/head/; revision=224638
* | Upgrade to OpenSSH 5.8p2.Dag-Erling Smørgrav2011-05-041-3/+11
|\| | | | | | | Notes: svn path=/head/; revision=221420
* | Upgrade to OpenSSH 5.6p1.Dag-Erling Smørgrav2010-11-111-3/+12
|\| | | | | | | Notes: svn path=/head/; revision=215116
* | Enhance r199804 by marking the daemonised child as immune to OOM insteadKonstantin Belousov2010-04-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | of short-living parent. Only mark the master process that accepts connections, do not protect connection handlers spawned from inetd. Submitted by: Mykola Dzham <i levsha me> Reviewed by: attilio MFC after: 1 week Notes: svn path=/head/; revision=206397
* | Upgrade to OpenSSH 5.4p1.Dag-Erling Smørgrav2010-03-091-22/+115
|\| | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=204917
* | Make OpenSSH work with utmpx.Ed Schouten2010-01-131-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Partially revert r184122 (sshd.c). Our ut_host is now big enough to fit proper hostnames. - Change config.h to match reality. - defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows the utmpx code to work. This makes no sense to me. I've already mentioned this upstream. - Add our own platform-specific handling of lastlog. The version I will send to the OpenSSH folks will use proper autoconf generated definitions instead of `#if 1'. Notes: svn path=/head/; revision=202213
* | Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swapAttilio Rao2009-11-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | environments. Please note that this can't be done while such processes run in jails. Note: in future it would be interesting to find a way to do that selectively for any desired proccess (choosen by user himself), probabilly via a ptrace interface or whatever. Obtained from: Sandvine Incorporated Reviewed by: emaste, arch@ Sponsored by: Sandvine Incorporated MFC: 1 month Notes: svn path=/head/; revision=199804
* | Upgrade to OpenSSH 5.3p1.Dag-Erling Smørgrav2009-10-011-4/+5
|\| | | | | | | Notes: svn path=/head/; revision=197679
* | Upgrade to OpenSSH 5.2p1.Dag-Erling Smørgrav2009-05-221-3/+2
|\| | | | | | | | | | | | | MFC after: 3 months Notes: svn path=/head/; revision=192595
* | At some point, construct_utmp() was changed to use realhostname() to fillDag-Erling Smørgrav2008-10-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in the struct utmp due to concerns about the length of the hostname buffer. However, this breaks the UseDNS option. There is a simpler and better solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the buffer. PR: bin/97499 Submitted by: Bruce Cran <bruce@cran.org.uk> MFC after: 1 week Notes: svn path=/head/; revision=184122
* | Upgrade to OpenSSH 5.1p1.Dag-Erling Smørgrav2008-08-011-40/+123
|\| | | | | | | | | | | | | | | | | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks Notes: svn path=/head/; revision=181111
| * Properly flatten openssh/dist.Dag-Erling Smørgrav2008-07-221-2156/+0
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=180720
| * Vendor import of OpenSSH 4.5p1.Dag-Erling Smørgrav2006-11-101-10/+14
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=164146
| * Vendor import of OpenSSH 4.4p1.Dag-Erling Smørgrav2006-09-301-346/+428
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=162852
| * Vendor import of OpenSSH 4.3p1.Dag-Erling Smørgrav2006-03-221-15/+37
| | | | | | | | Notes: svn path=/vendor-crypto/openssh/dist/; revision=157016
generated by cgit v1.3 (git 2.53.0) at 2026-05-27 12:54:30 +0000