summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/auth-options.c
AgeCommit message (Expand)Author
2020-10-18use the new variant log macros instead of prepending __func__ andDamien Miller
2020-08-27support for requiring user verified FIDO keys in sshdDamien Miller
2020-03-06fix null-deref on calloc failure; ok djmMarkus Friedl
2020-02-26change explicit_bzero();free() to freezero()Jonathan Gray
2019-11-25add a "no-touch-required" option for authorized_keys and a similarDamien Miller
2019-09-13Plug mem leaks on error paths, based in part on github pr#120 fromDarren Tucker
2019-09-06lots of things were relying on libcrypto headers to transitivelyDamien Miller
2019-09-03move authorized_keys option parsing helpsers to misc.c and makeDamien Miller
2019-07-09cap the number of permiopen/permitlisten directives we're willing toDamien Miller
2019-06-27Some asprintf() calls were checked < 0, rather than the precise == -1.Theo de Raadt
2018-10-03Allow ssh_config IdentityAgent directive to accept environment variableDamien Miller
2018-06-19allow bare port numbers to appear in PermitListen directives, e.g.Damien Miller
2018-06-07some permitlisten fixes from markus@ that I missed in my insomnia-fueledDamien Miller
2018-06-07fix regression caused by recent permitlisten option commit:Damien Miller
2018-06-06permitlisten option for authorized_keys; ok markus@Damien Miller
2018-04-06relax checking of authorized_keys environment="..." options to allowDamien Miller
2018-03-14rename recently-added "valid-before" key restriction to "expiry-time"Damien Miller
2018-03-12add valid-before="[time]" authorized_keys option. A simple way ofDamien Miller
2018-03-03switch over to the new authorized_keys options API and remove theDamien Miller
2018-03-03Introduce a new API for handling authorized_keys options. This APIDamien Miller
2017-09-12refactor channels.cDamien Miller
2017-05-31make sure we don't pass a NULL string to vfprintf (triggered by theMarkus Friedl
2016-11-30When a forced-command appears in both a certificate and anDamien Miller
2016-03-07refactor canohost.c: move functions that cache results closer to theDamien Miller
2015-12-10Remove NULL-checks before free().mmcc
2015-11-16Add a new authorized_keys option "restrict" that includes all currentDamien Miller
2015-07-03delete support for legacy v00 certificates; "sure" markus@ dtucker@Damien Miller
2015-05-01Don't make parsing of authorized_keys' environment= option conditionalDamien Miller
2015-04-22unknown certificate extensions are non-fatal, so don't fatalDamien Miller
2015-01-14swith auth-options to new sshbuf/sshkey; ok djm@Markus Friedl
2014-07-15Add support for Unix domain socket forwarding. A remote TCP portTodd C. Miller
2014-06-24New key API: refactor key-related functions to be more library-like,Damien Miller
2013-12-19simplify freeing of source-address certificate restrictionDamien Miller
2013-11-08use calloc for all structure allocations; from markus@Damien Miller
2013-11-02no need to include monitor_wrap.h and ssh-gss.hMarkus Friedl
2013-07-12fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@Damien Miller
2013-05-17bye, bye xfree(); ok markus@Damien Miller
2012-12-02make AllowTcpForwarding accept "local" and "remote" in addition to itsDamien Miller
2011-10-18remove explict search for \0 in packet strings, this job is now doneDamien Miller
2011-09-23Add wildcard support to PermitOpen, allowing things like "PermitOpenDarren Tucker
2010-12-24don't send the actual forced command in a debug message; ok markus deraadtDamien Miller
2010-08-31Add buffer_get_cstring() and related functions that verify that theDamien Miller
2010-05-20Move the permit-* options to the non-critical "extensions" field for v01Damien Miller
2010-05-07add some optional indirection to matching of principal names listedDamien Miller
2010-04-16revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with theDamien Miller
2010-03-16spelling in error message. ok djm kettenisKevin Steves
2010-03-07Hold authentication debug messages until after successful authentication.Darren Tucker
2010-03-04"force-command" is not spelled "forced-command"; spotted byDamien Miller
2010-03-03reject strings with embedded ASCII nul chars in certificate key IDs,Damien Miller
2010-02-26Add support for certificate key types for users and hosts.Damien Miller