summaryrefslogtreecommitdiff
path: root/clientloop.c
AgeCommit message (Collapse)Author
2014-10-07GSSAPI key exchange supportSimon Wilkinson
This patch has been rejected upstream: "None of the OpenSSH developers are in favour of adding this, and this situation has not changed for several years. This is not a slight on Simon's patch, which is of fine quality, but just that a) we don't trust GSSAPI implementations that much and b) we don't like adding new KEX since they are pre-auth attack surface. This one is particularly scary, since it requires hooks out to typically root-owned system resources." However, quite a lot of people rely on this in Debian, and it's better to have it merged into the main openssh package rather than having separate -krb5 packages (as we used to have). It seems to have a generally good security history. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 Last-Updated: 2014-10-07 Patch-Name: gssapi.patch
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-07-02 - markus@cvs.openbsd.org 2014/06/27 16:41:56Damien Miller
[channels.c channels.h clientloop.c ssh.c] fix remote fwding with same listen port but different listen address with gerhard@, ok djm@
2014-05-15 - djm@cvs.openbsd.org 2014/04/29 13:10:30Damien Miller
[clientloop.c serverloop.c] bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@
2014-02-04 - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
2014-02-04 - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:54:10Damien Miller
[canohost.c clientloop.c match.c readconf.c sftp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus
2013-11-08 - djm@cvs.openbsd.org 2013/11/08 00:39:15Damien Miller
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] [sftp-client.c sftp-glob.c] use calloc for all structure allocations; from markus@
2013-09-14 - djm@cvs.openbsd.org 2013/09/12 01:41:12Damien Miller
[clientloop.c] fix connection crash when sending break (~B) on ControlPersist'd session; ok dtucker@
2013-06-10 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52Damien Miller
[channels.c channels.h clientloop.c] Add an "ABANDONED" channel state and use for mux sessions that are disconnected via the ~. escape sequence. Channels in this state will be able to close if the server responds, but do not count as active channels. This means that if you ~. all of the mux clients when using ControlPersist on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@.
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29Darren Tucker
[clientloop.h clientloop.c mux.c] No need for the mux cleanup callback to be visible so restore it to static and call it through the detach_user function pointer. ok djm@
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-05-16 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34Darren Tucker
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c ssh_config.5 packet.h] Add an optional second argument to RekeyLimit in the client to allow rekeying based on elapsed time in addition to amount of traffic. with djm@ jmc@, ok djm
2013-01-09 - djm@cvs.openbsd.org 2013/01/02 00:32:07Damien Miller
[clientloop.c mux.c] channel_setup_local_fwd_listener() returns 0 on failure, not -ve bz#2055 reported by mathieu.lacage AT gmail.com
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21Darren Tucker
[clientloop.c] when muxmaster is run with -N, make it shut down gracefully when a client sends it "-O stop" rather than hanging around (bz#1985). ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21Darren Tucker
[clientloop.c] Merge escape help text for ~v and ~V; ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19Darren Tucker
[clientloop.c] Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@ (note: previous commit with this description was a mistake on my part while pulling changes from OpenBSD)
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39Darren Tucker
[clientloop.c log.c ssh.1 log.h] Add ~v and ~V escape sequences to raise and lower the logging level respectively. Man page help from jmc, ok deraadt jmc
2012-09-06 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45Darren Tucker
[clientloop.c clientloop.h mux.c] Force a clean shutdown of ControlMaster client sessions when the ~. escape sequence is used. This means that ~. should now work in mux clients even if the server is no longer responding. Found by tedu, ok djm.
2012-06-20 - djm@cvs.openbsd.org 2012/06/20 04:42:58Damien Miller
[clientloop.c serverloop.c] initialise accept() backoff timer to avoid EINVAL from select(2) in rekeying
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-02-11 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43Damien Miller
[clientloop.c] Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2011-09-22 - markus@cvs.openbsd.org 2011/09/10 22:26:34Damien Miller
[channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:57:25Damien Miller
[clientloop.c] setproctitle for a mux master that has been gracefully stopped; bz#1911 from Bert.Wesarg AT googlemail.com
2011-05-15 - djm@cvs.openbsd.org 2011/05/08 12:52:01Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c] improve our behaviour when TTY allocation fails: if we are in RequestTTY=auto mode (the default), then do not treat at TTY allocation error as fatal but rather just restore the local TTY to cooked mode and continue. This is more graceful on devices that never allocate TTYs. If RequestTTY is set to "yes" or "force", then failure to allocate a TTY is fatal. ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:34:32Damien Miller
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/17 22:42:42Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests; ok markus@
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 12:05:59Damien Miller
[clientloop.c] a couple more tweaks to the post-close protocol 1 stderr/stdout flush: now that we use atomicio(), convert them from while loops to if statements add test and cast to compile cleanly with -Wsigned
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 11:50:05Damien Miller
[clientloop.c] Use atomicio when flushing protocol 1 std{out,err} buffers at session close. This was a latent bug exposed by setting a SIGCHLD handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2011-01-11 - djm@cvs.openbsd.org 2011/01/11 06:13:10Damien Miller
[clientloop.c ssh-keygen.c sshd.c] some unsigned long long casts that make things a bit easier for portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 - djm@cvs.openbsd.org 2011/01/08 10:51:51Damien Miller
[clientloop.c] use host and not options.hostname, as the latter may have unescaped substitution characters
2011-01-07 - djm@cvs.openbsd.org 2011/01/06 22:23:02Damien Miller
[clientloop.c] when exiting due to ServerAliveTimeout, mention the hostname that caused it (useful with backgrounded controlmaster)
2010-12-01 - djm@cvs.openbsd.org 2010/11/23 23:57:24Damien Miller
[clientloop.c] avoid NULL deref on receiving a channel request on an unknown or invalid channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 - djm@cvs.openbsd.org 2010/11/21 01:01:13Damien Miller
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
2010-11-20 - djm@cvs.openbsd.org 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-10-07 - djm@cvs.openbsd.org 2010/10/06 06:39:28Damien Miller
[clientloop.c ssh.c sshconnect.c sshconnect.h] kill proxy command on fatal() (we already kill it on clean exit); ok markus@
2010-08-03 - djm@cvs.openbsd.org 2010/07/19 09:15:12Damien Miller
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5] add a "ControlPersist" option that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but further hacked on by wmertens AT cisco.com, apb AT cequrux.com, martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
2010-06-26 - djm@cvs.openbsd.org 2010/06/25 23:10:30Damien Miller
[ssh.c] log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts; "nice!" markus@
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 02:08:44Damien Miller
[clientloop.c] bz#1698: kill channel when pty allocation requests fail. Fixed stuck client if the server refuses pty allocation. ok dtucker@ "think so" markus@
2010-03-22 - djm@cvs.openbsd.org 2010/03/13 21:10:38Damien Miller
[clientloop.c] protocol conformance fix: send language tag when disconnecting normally; spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
2010-01-30 - djm@cvs.openbsd.org 2010/01/28 00:21:18Damien Miller
[clientloop.c] downgrade an error() to a debug() - this particular case can be hit in normal operation for certain sequences of mux slave vs session closure and is harmless
2010-01-26 - djm@cvs.openbsd.org 2010/01/26 01:28:35Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] rewrite ssh(1) multiplexing code to a more sensible protocol. The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
2010-01-09 - djm@cvs.openbsd.org 2010/01/09 05:04:24Darren Tucker
[mux.c sshpty.h clientloop.c sshtty.c] quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we usually don't actually have a tty to read/set; bz#1686 ok dtucker@
2010-01-08 - djm@cvs.openbsd.org 2009/11/17 05:31:44Darren Tucker
[clientloop.c] fix incorrect exit status when multiplexing and channel ID 0 is recycled bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:15:29Darren Tucker
[clientloop.c] client_loop() must detect if the session has been suspended and resumed, and take appropriate action in that case. From Martin Forssen, maf at appgate dot com ok markus@
2009-08-28 - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO bufferDarren Tucker
size a compile-time option and set it to 64k on Cygwin, since Corinna reports that it makes a significant difference to performance. ok djm@