summaryrefslogtreecommitdiff
path: root/clientloop.c
AgeCommit message (Collapse)Author
2016-03-10GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2016-01-04 Patch-Name: gssapi.patch
2016-02-08upstream commitdjm@openbsd.org
refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@ Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
2016-02-05upstream commitmillert@openbsd.org
Avoid ugly "DISPLAY "(null)" invalid; disabling X11 forwarding" message when DISPLAY is not set. This could also result in a crash on systems with a printf that doesn't handle NULL. OK djm@ Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
2016-01-30upstream commitdtucker@openbsd.org
Remove leftover roaming dead code. ok djm markus. Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be
2016-01-27upstream commitjsg@openbsd.org
Zero a stack buffer with explicit_bzero() instead of memset() when returning from client_loop() for consistency with buffer_free()/sshbuf_free(). ok dtucker@ deraadt@ djm@ Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66
2016-01-27upstream commitmarkus@openbsd.org
remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-14upstream commitdjm@openbsd.org
eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@ Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
2016-01-07upstream commitsemarie@openbsd.org
adjust pledge promises for ControlMaster: when using "ask" or "autoask", the process will use ssh-askpass for asking confirmation. problem found by halex@ ok halex@ Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
2015-12-04upstream commitsemarie@openbsd.org
pledges ssh client: - mux client: which is used when ControlMaster is in use. will end with "stdio proc tty" (proc is to permit sending SIGWINCH to mux master on window resize) - client loop: several levels of pledging depending of your used options ok deraadt@ Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
2015-10-25upstream commitmmcc@openbsd.org
Replace a function-local allocation with stack memory. ok djm@ Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
2015-07-15upstream commitmarkus@openbsd.org
Turn off DSA by default; add HostKeyAlgorithms to the server and PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@ Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
2015-07-01upstream commitdjm@openbsd.org
better refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires; reported by Jann Horn Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
2015-05-10upstream commitdjm@openbsd.org
Remove pattern length argument from match_pattern_list(), we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
2015-02-26upstream commitdjm@openbsd.org
fix small memory leak when UpdateHostkeys=no
2015-02-24upstream commitdjm@openbsd.org
fix setting/clearing of TTY raw mode around UpdateHostKeys=ask confirmation question; reported by Herb Goldman
2015-02-21upstream commitdjm@openbsd.org
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
2015-02-17upstream commitdjm@openbsd.org
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
2015-02-17upstream commitdjm@openbsd.org
Refactor hostkeys_foreach() and dependent code Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-01-27upstream commitdjm@openbsd.org
Host key rotation support. Add a hostkeys@openssh.com protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
2015-01-26upstream commitderaadt@openbsd.org
Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
2015-01-20upstream commitmarkus@openbsd.org
adapt kex to sshbuf and struct ssh; ok djm@
2015-01-20upstream commitmarkus@openbsd.org
move dispatch to struct ssh; ok djm@
2015-01-20upstream commitmarkus@openbsd.org
update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
2015-01-15upstream commitdjm@openbsd.org
move authfd.c and its tentacles to the new buffer/key API; ok markus@
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-07-02 - markus@cvs.openbsd.org 2014/06/27 16:41:56Damien Miller
[channels.c channels.h clientloop.c ssh.c] fix remote fwding with same listen port but different listen address with gerhard@, ok djm@
2014-05-15 - djm@cvs.openbsd.org 2014/04/29 13:10:30Damien Miller
[clientloop.c serverloop.c] bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@
2014-02-04 - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:54:10Damien Miller
[canohost.c clientloop.c match.c readconf.c sftp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus
2013-11-08 - djm@cvs.openbsd.org 2013/11/08 00:39:15Damien Miller
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] [sftp-client.c sftp-glob.c] use calloc for all structure allocations; from markus@
2013-09-14 - djm@cvs.openbsd.org 2013/09/12 01:41:12Damien Miller
[clientloop.c] fix connection crash when sending break (~B) on ControlPersist'd session; ok dtucker@
2013-06-10 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52Damien Miller
[channels.c channels.h clientloop.c] Add an "ABANDONED" channel state and use for mux sessions that are disconnected via the ~. escape sequence. Channels in this state will be able to close if the server responds, but do not count as active channels. This means that if you ~. all of the mux clients when using ControlPersist on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@.
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29Darren Tucker
[clientloop.h clientloop.c mux.c] No need for the mux cleanup callback to be visible so restore it to static and call it through the detach_user function pointer. ok djm@
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-05-16 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34Darren Tucker
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c ssh_config.5 packet.h] Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
2013-01-09 - djm@cvs.openbsd.org 2013/01/02 00:32:07Damien Miller
[clientloop.c mux.c] channel_setup_local_fwd_listener() returns 0 on failure, not -ve bz#2055 reported by mathieu.lacage AT gmail.com
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21Darren Tucker
[clientloop.c] when muxmaster is run with -N, make it shut down gracefully when a client sends it "-O stop" rather than hanging around (bz#1985). ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21Darren Tucker
[clientloop.c] Merge escape help text for ~v and ~V; ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19Darren Tucker
[clientloop.c] Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@ (note: previous commit with this description was a mistake on my part while pulling changes from OpenBSD)
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39Darren Tucker
[clientloop.c log.c ssh.1 log.h] Add ~v and ~V escape sequences to raise and lower the logging level respectively. Man page help from jmc, ok deraadt jmc
2012-09-06 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45Darren Tucker
[clientloop.c clientloop.h mux.c] Force a clean shutdown of ControlMaster client sessions when the ~. escape sequence is used. This means that ~. should now work in mux clients even if the server is no longer responding. Found by tedu, ok djm.
2012-06-20 - djm@cvs.openbsd.org 2012/06/20 04:42:58Damien Miller
[clientloop.c serverloop.c] initialise accept() backoff timer to avoid EINVAL from select(2) in rekeying
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-02-11 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43Damien Miller
[clientloop.c] Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2011-09-22 - markus@cvs.openbsd.org 2011/09/10 22:26:34Damien Miller
[channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@