summaryrefslogtreecommitdiff
path: root/clientloop.c
AgeCommit message (Collapse)Author
2020-02-21GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2020-02-21 Patch-Name: gssapi.patch
2020-02-02upstream: Output (none) in debug in the case in the CheckHostIP=no casedtucker@openbsd.org
as suggested by markus@ OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
2020-02-02upstream: Prevent possible null pointer deref of ip_str in debug.dtucker@openbsd.org
OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
2020-01-30upstream: check the return value of ssh_packet_write_poll() anddjm@openbsd.org
call sshpkt_fatal() if it fails; avoid potential busy-loop under some circumstances. Based on patch by Mike Frysinger; ok dtucker@ OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
2020-01-30upstream: markus suggests a simplification to previousdjm@openbsd.org
OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
2020-01-29upstream: give more context to UpdateHostKeys messages, mentioningdjm@openbsd.org
that the changes are validated by the existing trusted host key. Prompted by espie@ feedback and ok markus@ OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
2020-01-26upstream: for UpdateHostKeys, don't report errors for unsupporteddjm@openbsd.org
key types - just ignore them. spotted by and ok dtucker@ OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473
2020-01-26upstream: downgrade error() for missing subsequent known_hostsdjm@openbsd.org
files to debug() as it was intended to be; spotted by dtucker@ OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9
2020-01-25upstream: allow UpdateKnownHosts=yes to function when multipledjm@openbsd.org
known_hosts files are in use. When updating host keys, ssh will now search subsequent known_hosts files, but will add new/changed host keys to the first specified file only. bz#2738 ok markus@ OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c
2020-01-23upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org
sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23upstream: Remove unsupported algorithms from list of defaults at rundtucker@openbsd.org
time and remove ifdef and distinct settings for OPENSSL=no case. This will make things much simpler for -portable where the exact set of algos depends on the configuration of both OpenSSH and the libcrypto it's linked against (if any). ok djm@ OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
2019-12-21upstream: Allow forwarding a different agent socket to the pathdjm@openbsd.org
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@ OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
2019-11-25upstream: Add new structure for signature optionsdjm@openbsd.org
This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@ OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
2019-11-15upstream: stdarg.h required more broadly; ok djmderaadt@openbsd.org
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
2019-07-30upstream: When using a combination of a Yubikey+GnuPG+remotemestre@openbsd.org
forwarding the gpg-agent (and options ControlMaster+RemoteForward in ssh_config(5)) then the codepath taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath then pledge(2) kills the process. The solution is to add "sendfd" to pledge(2), which is not too bad considering a little bit later we reduce pledge(2) to only "stdio proc tty" in that codepath. Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org> OK deraadt@ OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
2019-07-05upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-06-27upstream: Remove unneeded unlink of xauthfile odtucker@openbsd.org
=?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?= =?UTF-8?q?b,=20ok=20djm@=20deraadt@?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632
2019-06-14upstream: Hostname->HostName cleanup; from lauri tirkkonen okjmc@openbsd.org
dtucker OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
2019-05-08upstream: Use the LogLevel typdef instead of int where appropriate. Patch ↵dtucker@openbsd.org
from Markus Schmidt via openssh-unix-dev, ok markus@ OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
2019-04-03upstream: when logging/fataling on error, include a bit more detaildjm@openbsd.org
than just the function name and the error message OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
2019-01-20upstream: convert the remainder of clientloop.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
2019-01-20upstream: convert clientloop.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
2019-01-20upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org
API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2018-09-21upstream: Allow ssh_config ForwardX11Timeout=0 to disable thedjm@openbsd.org
timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
2018-07-12upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-10upstream: ttymodes: switch to sshbuf API; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
2018-07-10upstream: client: switch to sshbuf API; ok djm@markus@openbsd.org
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-06-26upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572
2018-06-09upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org
environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-04-10upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org
after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-02-13upstream Don't reset signal handlers inside handlers.dtucker@openbsd.org
The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@ OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
2018-01-23upstream commitdjm@openbsd.org
Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2017-12-19upstream commitdjm@openbsd.org
unbreak hostkey rotation; attempting to sign with a desired signature algorithm of kex->hostkey_alg is incorrect when the key type isn't capable of making those signatures. ok markus@ OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
2017-12-19upstream commitdjm@openbsd.org
pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
2017-11-28upstream commitdtucker@openbsd.org@openbsd.org
Remove get_current_time() and replace with calls to monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I like" markus@ OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952
2017-10-23upstream commitdjm@openbsd.org
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-09-19upstream commitdjm@openbsd.org
fix use-after-free in ~^Z escape handler path, introduced in channels.c refactor; spotted by millert@ "makes sense" deraadt@ Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
2017-09-12adapt portable to channels API changesDamien Miller
2017-09-12upstream commitdjm@openbsd.org
Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
2017-09-12upstream commitdjm@openbsd.org
refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-04upstream commitdjm@openbsd.org
pass packet state down to some of the channels function (more to come...); ok markus@ Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
2017-07-21upstream commitdtucker@openbsd.org
Make ""Killed by signal 1" LogLevel verbose so it's not shown at the default level. Prevents it from appearing during ssh -J and equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
2017-06-24upstream commitmestre@openbsd.org
When using the escape sequence &~ the code path is client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() and the pledge for this path lacks the proc promise and therefore aborts the process. The solution is to just add proc the promise to this specific pledge. Reported by Gregoire Jadi gjadi ! omecha.info Insight with tb@, OK jca@ Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b
2017-06-01upstream commitderaadt@openbsd.org
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-06-01upstream commitmarkus@openbsd.org
remove now obsolete ctx from ssh_dispatch_run; ok djm@ Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
2017-05-31upstream commitmarkus@openbsd.org
protocol handlers all get struct ssh passed; ok djm@ Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
2017-05-08upstream commitnaddy@openbsd.org
remove miscellaneous SSH1 leftovers; ok markus@ Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
2017-05-01upstream commitdjm@openbsd.org
obliterate ssh1.h and some dead code that used it ok markus@ Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
2017-05-01upstream commitdjm@openbsd.org
remove SSHv1-related buffers from client code Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd
2017-05-01upstream commitdjm@openbsd.org
remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133