summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/monitor.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@djm2017-10-021-1/+3
|
* refactor channels.cdjm2017-09-121-2/+3
| | | | | | | | | | | | | | | | | | Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@
* refactor authentication loggingdjm2017-06-241-18/+23
| | | | | | | optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@
* use SO_ZEROIZE for privsep communication (if available)markus2017-05-311-1/+10
|
* clear session keys from memory; ok djm@markus2017-05-311-1/+12
|
* switch auth2-pubkey.c to modern APIs; with & ok djm@markus2017-05-301-18/+23
|
* switch from Key typedef with struct sshkey; ok djm@markus2017-05-301-3/+3
|
* use ssh_packet_set_log_preamble() to include connection usernamedjm2017-02-031-1/+6
| | | | | | | | in packet log messages, e.g. Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] ok markus@ bz#113
* Remove support for pre-authentication compression. Doing compressiondjm2016-09-281-47/+1
| | | | | | | | | | | | | | | | | early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Moreover, to support it across privilege-separation zlib needed the assistance of a complex shared-memory manager that made the required attack surface considerably larger. Prompted by Guido Vranken pointing out a compiler-elided security check in the shared memory manager found by Stack (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ NB. pre-auth authentication has been disabled by default in sshd for >10 years.
* enforce expected request flow for GSSAPI calls; thanks to Jakub Jelendjm2016-09-051-4/+4
| | | | for testing; ok markus@
* restrict monitor auth calls to be allowed only when theirdjm2016-08-301-1/+19
| | | | | | respective authentication methods are enabled in the configuration. prompted by Solar Designer; ok markus dtucker
* remove UseLogin option and support for having /bin/login managedjm2016-08-191-4/+1
| | | | login sessions; ok deraadt markus dtucker
* remove ssh1 server code; ok djm@markus2016-08-131-266/+17
|
* move debug("%p", key) to before key is free'd; probable undefineddjm2016-07-221-4/+5
| | | | behaviour on strict compilers; reported by Jakub Jelen bz#2581
* add support for additional fixed DH groups fromdjm2016-05-021-1/+4
| | | | | | | | | | | draft-ietf-curdle-ssh-kex-sha2-03 diffie-hellman-group14-sha256 (2K group) diffie-hellman-group16-sha512 (4K group) diffie-hellman-group18-sha512 (8K group) based on patch from Mark D. Baushke and Darren Tucker ok markus@
* fix signed/unsigned errors reported by clang-3.7; adddjm2016-05-021-11/+16
| | | | | | sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
* refactor canohost.c: move functions that cache results closer to thedjm2016-03-071-2/+3
| | | | | | | places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@
* memleak of algorithm name in mm_answer_sign; reported by Jakub Jelendjm2016-02-151-5/+5
|
* remove roaming support; ok djm@markus2016-01-141-2/+1
|
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-5/+7
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* Compare pointers to NULL rather than 0.mmcc2015-10-201-3/+3
| | | | ok djm@
* don't record hostbased authentication hostkeys as user keysdjm2015-09-041-2/+2
| | | | in test for multiple authentication with the same key
* Fix occurrences of "r = func() != 0" which result in the wrong errorjsg2015-09-021-2/+2
| | | | | | codes being returned due to != having higher precedence than =. ok deraadt@ markus@
* Improve size == 0, count == 0 checking in mm_zalloc, which is "array" like.deraadt2015-08-211-8/+3
| | | | Discussed with tedu, millert, otto.... and ok djm
* Don't count successful partial authentication as failures in monitor;djm2015-06-221-2/+2
| | | | | this may have caused the monitor to refuse multiple authentications that would otherwise have successfully completed; ok markus@
* Remove pattern length argument from match_pattern_list(),djm2015-05-041-5/+3
| | | | | | | | | | we only ever use it for strlen(pattern). Prompted by hanno AT hboeck.de pointing an out-of-bound read error caused by an incorrect pattern length found using AFL and his own tools. ok markus@
* prevent authorized_keys options picked up on public key tests withoutdjm2015-05-011-4/+7
| | | | | a corresponding private key authentication being applied to other authentication methods. Reported by halex@, ok markus@
* fix compilation with OPENSSL=no; ok dtucker@djm2015-04-271-1/+3
|
* don't call record_login() in monitor when UseLogin is enabled;djm2015-04-171-1/+4
| | | | bz#278 reported by drk AT sgi.com; ok dtucker
* UpdateHostKeys fixes:djm2015-02-201-4/+4
| | | | | | | | | | | | | | I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
* Revise hostkeys@openssh.com hostkey learning extension.djm2015-02-161-6/+39
| | | | | | | | | | The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
* make rekey_limit for sshd w/privsep work; ok djm@ dtucker@markus2015-02-131-6/+1
|
* SIZE_MAX is standard, we should be using it in preference to themillert2015-02-061-3/+3
| | | | obsolete SIZE_T_MAX. OK miod@ beck@
* Reduce use of <sys/param.h> and transition to <limits.h> throughout.deraadt2015-01-201-2/+2
| | | | ok djm markus
* adapt kex to sshbuf and struct ssh; ok djm@markus2015-01-191-2/+2
|
* update packet.c & isolate, introduce struct sshmarkus2015-01-191-228/+61
| | | | | | | | a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* move authfd.c and its tentacles to the new buffer/key API;djm2015-01-141-18/+24
| | | | ok markus@
* add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypesdjm2015-01-131-1/+13
| | | | | options to allow sshd to control what public key types will be accepted. Currently defaults to all. Feedback & ok markus@
* remember which public keys have been used for authentication anddjm2014-12-221-2/+8
| | | | | | | | | refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ pubkeys. ok markus@
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-2/+2
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-1/+3
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* unbreak compression, by re-init-ing the compression code in themarkus2014-05-031-1/+3
| | | | | | post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+22
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* convert memset of potentially-private data to explicit_bzero()djm2014-02-021-4/+4
|
* replace most bzero with explicit_bzero, except a few that cna be memsettedu2014-01-311-2/+2
| | | | ok djm dtucker
* remove experimental, never-enabled JPAKE code; ok markus@djm2014-01-291-225/+1
|
* fix rekeying for KEX_C25519_SHA256; noted by dtucker@markus2013-11-041-1/+2
|
* add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,markus2013-07-191-4/+14
| | | | | or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@
* for hostbased authentication, print the client host and user ondjm2013-06-211-2/+5
| | | | the auth success/failure line; bz#2064, ok dtucker@
* Standardise logging of supplemental information during userauth. Keysdjm2013-05-191-5/+4
| | | | | | | | | | and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. "I like it" markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.