summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/clientloop.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Hostname->HostName cleanup; from lauri tirkkonenjmc2019-06-121-2/+2
| | | | ok dtucker
* Use the LogLevel typdef instead of int where appropriate. Patch fromdtucker2019-04-231-2/+2
| | | | Markus Schmidt via openssh-unix-dev, ok markus@
* when logging/fataling on error, include a bit more detail than just thedjm2019-03-291-17/+21
| | | | function name and the error message
* convert the remainder of clientloop.c to new packet APIdjm2019-01-191-35/+32
| | | | with & ok markus@
* convert clientloop.c to new packet APIdjm2019-01-191-121/+166
| | | | with & ok markus@
* begin landing remaining refactoring of packet parsing API, starteddjm2019-01-191-1/+4
| | | | | | | | | | | almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
* Allow ssh_config ForwardX11Timeout=0 to disable the timeout and allowdjm2018-09-211-15/+28
| | | | X11 connections in untrusted mode indefinitely. ok dtucker@
* remove legacy key emulation layer; ok djm@markus2018-07-111-2/+2
|
* ttymodes: switch to sshbuf API; ok djm@markus2018-07-091-2/+2
|
* client: switch to sshbuf API; ok djm@markus2018-07-091-89/+113
|
* whitespacedjm2018-06-261-4/+4
|
* add a SetEnv directive to ssh_config that allows setting environmentdjm2018-06-091-5/+19
| | | | | | | | variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@
* lots of typos in comments/docs. Patch from Karsten Weiss after checkingdjm2018-04-101-2/+2
| | | | with codespell tool (https://github.com/lucasdemarchi/codespell)
* Don't reset signal handlers inside handlers.dtucker2018-02-111-2/+1
| | | | | | | | | The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-11/+4
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* unbreak hostkey rotation; attempting to sign with a desired signaturedjm2017-12-181-3/+12
| | | | | algorithm of kex->hostkey_alg is incorrect when the key type isn't capable of making those signatures. ok markus@
* pass negotiated signing algorithm though to sshkey_verify() anddjm2017-12-181-2/+3
| | | | | check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
* Remove get_current_time() and replace with calls to monotime_double()dtucker2017-11-251-16/+3
| | | | which uses CLOCK_MONOTONIC and works over clock steps. "I like" markus@
* Expose devices allocated for tun/tap forwarding.djm2017-10-231-5/+7
| | | | | | | | | | | At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus
* fix use-after-free in ~^Z escape handler path, introduced in channels.cdjm2017-09-191-13/+4
| | | | refactor; spotted by millert@ "makes sense" deraadt@
* Make remote channel ID a u_intdjm2017-09-121-1/+5
| | | | | | | | | | | Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@
* refactor channels.cdjm2017-09-121-91/+100
| | | | | | | | | | | | | | | | | | Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
* pass packet state down to some of the channels function (moredjm2017-08-301-4/+4
| | | | to come...); ok markus@
* Make ""Killed by signal 1" LogLevel verbose so it's not shown at the defaultdtucker2017-07-141-3/+5
| | | | | level. Prevents it from appearing during ssh -J and equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@
* When using the escape sequence &~ the code path is client_loop() ->mestre2017-06-231-2/+2
| | | | | | | | | client_simple_escape_filter() -> process_escapes() -> fork() and the pledge for this path lacks the proc promise and therefore aborts the process. The solution is to just add proc the promise to this specific pledge. Reported by Gregoire Jadi gjadi ! omecha.info Insight with tb@, OK jca@
* Switch to recallocarray() for a few operations. Both growth and shrinkagederaadt2017-05-311-5/+5
| | | | | | are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
* remove now obsolete ctx from ssh_dispatch_run; ok djm@markus2017-05-311-2/+2
|
* protocol handlers all get struct ssh passed; ok djm@markus2017-05-301-6/+6
|
* remove miscellaneous SSH1 leftovers; ok markus@naddy2017-05-031-2/+2
|
* obliterate ssh1.h and some dead code that used itdjm2017-04-301-2/+1
| | | | ok markus@
* remove SSHv1-related buffers from client codedjm2017-04-301-58/+25
|
* remove KEY_RSA1djm2017-04-301-3/+2
| | | | ok markus@
* remove compat20/compat13/compat15 variablesdjm2017-04-301-485/+54
| | | | ok markus@
* When updating hostkeys, accept RSA keys if HostkeyAlgorithms containsdjm2017-03-101-5/+22
| | | | | | | any RSA keytype. Previously, ssh could ignore RSA keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok dtucker@
* Fix typo in ~C error message for bad port forward cancellation.dtucker2017-01-291-2/+2
| | | | bz#2672, from Brad Marshall via Colin Watson and Ubuntu's bugtracker.
* ssh proxy mux mode (-O proxy; idea from Simon Tatham):markus2016-09-301-6/+39
| | | | | | | | | - mux client speaks the ssh-packet protocol directly over unix-domain socket. - mux server acts as a proxy, translates channel IDs and relays to the server. - no filedescriptor passing necessary. - combined with unix-domain forwarding it's even possible to run mux client and server on different machines. feedback & ok djm@
* replace two arc4random loops with arc4random_buftedu2016-09-171-8/+7
| | | | ok deraadt natano
* Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitionsderaadt2016-09-121-9/+8
| | | | | rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
* fix pledge violation with ssh -f; reported by Valentin Kozamernikdjm2016-07-231-3/+7
| | | | ok dtucker@
* Add missing "recvfd" pledge promise: Raf Czlonka reported ssh coredumpstb2016-07-111-2/+2
| | | | | | | when Control* keywords were set in ssh_config. This patch also fixes similar problems with scp and sftp. ok deraadt, looks good to millert
* refactor activation of rekeyingdjm2016-02-081-16/+12
| | | | | | | | | | | This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@
* Avoid ugly "DISPLAY "(null)" invalid; disabling X11 forwarding"millert2016-02-011-3/+4
| | | | | message when DISPLAY is not set. This could also result in a crash on systems with a printf that doesn't handle NULL. OK djm@
* Remove leftover roaming dead code. ok djm markus.dtucker2016-01-291-11/+1
|
* Zero a stack buffer with explicit_bzero() instead of memset() whenjsg2016-01-231-2/+2
| | | | | | | returning from client_loop() for consistency with buffer_free()/sshbuf_free(). ok dtucker@ deraadt@ djm@
* remove roaming support; ok djm@markus2016-01-141-5/+4
|
* eliminate fallback from untrusted X11 forwarding to trusteddjm2016-01-131-44/+70
| | | | | forwarding when the X server disables the SECURITY extension; Reported by Thomas Hoger; ok deraadt@
* adjust pledge promises for ControlMaster: when using "ask" or "autoask", the process will use ssh-askpass for asking confirmation.semarie2015-12-261-9/+9
| | | | | | problem found by halex@ ok halex@
* pledges ssh client:semarie2015-12-031-1/+31
| | | | | | | | | - mux client: which is used when ControlMaster is in use. will end with "stdio proc tty" (proc is to permit sending SIGWINCH to mux master on window resize) - client loop: several levels of pledging depending of your used options ok deraadt@
* Replace a function-local allocation with stack memory.mmcc2015-10-201-7/+2
| | | | ok djm@
* Turn off DSA by default; add HostKeyAlgorithms to the server andmarkus2015-07-101-4/+6
| | | | | PubkeyAcceptedKeyTypes to the client side, so it still can be tested or turned back on; feedback and ok djm@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.