summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/monitor.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* don't sshbuf_get_u32() into an enum; reported by goetze ATdjm2021-03-031-4/+4
| | | | dovetail.com via bz3269
* make ssh->kex->session_id a sshbuf instead of u_char*/size_t anddjm2021-01-271-21/+28
| | | | | use that instead of global variables containing copies of it. feedback/ok markus@
* remove global variable used to stash compat flags and use thedjm2021-01-271-5/+5
| | | | purpose-built ssh->compat variable instead; feedback/ok markus@
* Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) todtucker2021-01-261-2/+2
| | | | | | HostbasedAcceptedAlgorithms, which more accurately reflects its effect. This matches a previous change to PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok djm@
* Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms.dtucker2021-01-221-2/+2
| | | | | | | | While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
* Update/replace the experimental post-quantim hybrid key exchangedjm2020-12-291-2/+2
| | | | | | | | | | | | | | | | | | method based on Streamlined NTRU Prime (coupled with X25519). The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced with sntrup761x25519-sha512@openssh.com. Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761. The sntrup761 implementaion, like sntrup4591761 before it, is public domain code extracted from the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html). Thanks for Daniel J Bernstein for guidance on algorithm selection. Patch from Tobias Heider; feedback & ok markus@ and myself (note this both the updated method and the one that it replaced are disabled by default)
* clean up passing of struct passwd from monitor to preauth privsepdjm2020-11-271-6/+16
| | | | | | | process. No longer copy entire struct w/ pointer addresses, but pass remaining scalar fields explicitly, Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-154/+140
| | | | appending ssh_err(r) manually; ok markus@
* variants of the log methods that append a ssherr.h string fromdjm2020-10-181-4/+3
| | | | a supplied error code; ok markus@
* revised log infrastructure for OpenSSHdjm2020-10-161-5/+10
| | | | | | | log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@
* support for requiring user verified FIDO keys in sshddjm2020-08-271-2/+15
| | | | | | | | | | | This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@
* support for user-verified FIDO keysdjm2020-08-271-2/+2
| | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@
* correct recently broken commentsderaadt2020-07-071-2/+2
|
* some language improvements; ok markusdjm2020-07-051-2/+2
|
* spelling errors in comments; no code changedjm2020-03-131-2/+2
| | | | from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html
* change explicit_bzero();free() to freezero()jsg2020-02-261-3/+2
| | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@
* Replace "security key" with "authenticator" in program messages.naddy2020-02-061-3/+4
| | | | | | | This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
* Replace all calls to signal(2) with a wrapper around sigaction(2).dtucker2020-01-231-4/+4
| | | | | | This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
* allow security keys to act as host keys as well as user keys.djm2019-12-151-2/+2
| | | | | | | | | Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@
* redundant testdjm2019-11-251-2/+2
|
* add a "no-touch-required" option for authorized_keys and a similardjm2019-11-251-2/+3
| | | | | | | | extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus
* Add a sshd_config PubkeyAuthOptions directivedjm2019-11-251-24/+39
| | | | | | | | | This directive has a single valid option "no-touch-required" that causes sshd to skip checking whether user presence was tested before a security key signature was made (usually by the user touching the key). ok markus@
* Add new structure for signature optionsdjm2019-11-251-3/+11
| | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
* a little more information from the monitor when signaturedjm2019-11-191-3/+4
| | | | verification fails.
* Refactor signing - use sshkey_sign for everything, including the newdjm2019-10-311-2/+2
| | | | | | | | | | | U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
* reversed test yielded incorrect debug messagedjm2019-10-071-2/+2
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-5/+5
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* merge kexkem[cs] into kexgendjm2019-01-211-9/+9
| | | | from markus@ ok djm@
* use KEM API for vanilla ECDHdjm2019-01-211-2/+2
| | | | from markus@ ok djm@
* use KEM API for vanilla DH KEXdjm2019-01-211-6/+6
| | | | from markus@ ok djm@
* use KEM API for vanilla c25519 KEXdjm2019-01-211-2/+2
|
* Add support for a PQC KEX/KEM: sntrup4591761x25519-sha512@tinyssh.orgdjm2019-01-211-1/+2
| | | | | | | | | using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default. introduce KEM API; a simplified framework for DH-ish KEX methods. from markus@ feedback & ok djm@
* remove last references to active_statedjm2019-01-191-4/+4
| | | | with & ok markus@
* convert monitor.c to new packet APIdjm2019-01-191-74/+63
| | | | with & ok markus@
* convert auth.c to new packet APIdjm2019-01-191-4/+4
| | | | with & ok markus@
* begin landing remaining refactoring of packet parsing API, starteddjm2019-01-191-1/+4
| | | | | | | | | | | almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@
* fix bug in HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options.djm2018-11-161-5/+34
| | | | | | | If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
* hold our collective noses and use the openssl-1.1.x API in OpenSSH;djm2018-09-131-3/+5
| | | | feedback and ok tb@ jsing@ markus@
* remove unused zlib.hdjm2018-07-201-2/+2
|
* remove legacy key emulation layer; ok djm@markus2018-07-111-7/+8
|
* kerberos/gssapi fixes for buffer removaldjm2018-07-101-6/+9
|
* sshd: switch monitor to sshbuf API; lots of help & ok djm@markus2018-07-091-207/+268
|
* sshd: switch authentication to sshbuf API; ok djm@markus2018-07-091-3/+1
|
* sshd: switch loginmsg to sshbuf API; ok djm@markus2018-07-091-4/+4
|
* switch over to the new authorized_keys options API and remove thedjm2018-03-031-25/+45
| | | | | | | | | legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
* Add a couple of non-negativity checks to avoid close(-1).tb2018-02-051-5/+9
| | | | ok djm
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-13/+8
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* revert stricter key type / signature type checking in userauth path;djm2017-12-211-1/+8
| | | | | too much software generates inconsistent messages, so we need a better plan.
* pass negotiated signing algorithm though to sshkey_verify() anddjm2017-12-181-3/+5
| | | | | check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
* replace statically-sized arrays in ServerOptions with dynamic onesdjm2017-10-051-3/+1
| | | | | managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.