summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-agent.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Replace calls to ssh_malloc_init() by a static init of malloc_options.otto2019-06-061-2/+1
| | | | Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
* backoff reading messages from active connections when the input bufferdjm2019-01-221-4/+18
| | | | | is too full to read one, or if the output buffer is too full to enqueue a response; feedback & ok dtucker@
* typo in error message; caught by Debian lintian, via Colin Watsondjm2018-11-091-2/+2
|
* implement EMFILE mitigation for ssh-agent: remember the fd rlimitdjm2018-05-111-11/+49
| | | | | | | and stop accepting new connections when it is exceeded (with some grace). Accept is resumed when enough connections are closed. bz#2576. feedback deraadt; ok dtucker@
* lots of typos in comments/docs. Patch from Karsten Weiss after checkingdjm2018-04-101-2/+2
| | | | with codespell tool (https://github.com/lucasdemarchi/codespell)
* don't kill ssh-agent's listening socket entriely if we fail to accept adjm2018-04-091-4/+3
| | | | connection; bz#2837, patch from Lukas Kuster
* Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)markus2018-02-231-5/+19
| | | | | | | The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
* Drop compatibility hacks for some ancient SSH implementations, includingdjm2018-01-231-3/+1
| | | | | | | | | | ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@
* downgrade a couple more request parsing errors from process-fatal todjm2017-11-151-10/+23
| | | | | just returning failure, making them consistent with the others that were already like that.
* fix regression in 7.6: failure to parse a signature request messagedjm2017-11-151-3/+6
| | | | | shouldn't be fatal to the process, just the request. Reported by Ron Frederick
* g/c unused variable; make a little more portabledjm2017-07-241-5/+3
|
* switch from select() to poll() for the ssh-agent mainloop; ok markusdjm2017-07-191-125/+183
|
* remove post-SSHv1 removal dead code from rsa.c and merge thedjm2017-07-011-2/+1
| | | | remaining bit that it still used into ssh-rsa.c; ok markus
* flense SSHv1 support from ssh-agent, considerably simplifying itdjm2017-04-301-162/+90
| | | | ok markus
* remove KEY_RSA1djm2017-04-301-16/+12
| | | | ok markus@
* unifdef WITH_SSH1djm2017-04-301-172/+1
| | | | ok markus@
* accidents happen to the best of us; ok djmderaadt2017-03-151-1/+2
|
* fix regression in 7.4: deletion of PKCS#11-hosted keys would faildjm2017-03-151-4/+11
| | | | | unless they were specified by full physical pathname. Report and fix from Jakub Jelen via bz#2682; ok dtucker@
* relax PKCS#11 whitelist a bit to allow libexec as well as libdjm2017-01-041-2/+2
| | | | directories.
* add a whitelist of paths from which ssh-agent will load (viadjm2016-11-301-8/+35
| | | | ssh-pkcs11-helper) a PKCS#11 module; ok markus@
* Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitionsderaadt2016-09-121-5/+4
| | | | | rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker
* fix signed/unsigned errors reported by clang-3.7; adddjm2016-05-021-7/+8
| | | | | | sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with better safety checking; feedback and ok markus@
* Add a function to enable security-related malloc_options. With and okdtucker2016-02-151-1/+2
| | | | deraadt@, something similar has been in the snaps for a while.
* Add "id" to ssh-agent pledge for subprocess support.doug2015-12-111-2/+2
| | | | | | | Found the hard way by Jan Johansson when using ssh-agent with X. Also, rearranged proc/exec and retval to match other pledge calls in the tree. ok djm@
* fflush stdout so that output is seen even when running in debug mode whendtucker2015-12-111-1/+2
| | | | output may otherwise not be flushed. Patch from dustin at null-ptr.net.
* correct error messages; from Tomas Kuthan bz#2507djm2015-12-111-3/+3
|
* implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth)markus2015-12-041-2/+14
| | | | | based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@
* Add "cpath" to the ssh-agent pledge so the cleanup handler can unlink().doug2015-12-021-2/+2
| | | | ok djm@
* ssh-agent pledge needs proc for askpass; spotted by todd@djm2015-12-021-2/+2
|
* basic pledge() for ssh-agent, more refinement neededdjm2015-12-011-1/+4
|
* no need to include the old buffer/key APImarkus2015-07-081-4/+1
|
* Use a salted hash of the lock passphrase instead of plain text and dodtucker2015-05-151-13/+40
| | | | | | constant-time comparisons of it. Should prevent leaking any information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s incrementing delay for each failed unlock attempt up to 10s. ok markus@ (earlier version), djm@
* combine -Dd onto one line and update usage();jmc2015-04-241-2/+2
|
* add ssh-agent -D to leave ssh-agent in foreground without enablingdjm2015-04-241-8/+15
| | | | debug mode; bz#2381 ok dtucker@
* rename xrealloc() to xreallocarray() since it follows that form.deraadt2015-04-241-2/+2
| | | | ok djm
* make ssh-add -D work with !SSH1 agentdjm2015-03-041-3/+3
|
* add SSH1 Makefile knob to make it easier to build without SSH1 support;djm2015-03-031-1/+3
| | | | ok markus@
* update to new API (key_fingerprint => sshkey_fingerprint)djm2015-01-281-2/+3
| | | | | check sshkey_fingerprint return values; ok markus
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-4/+5
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* fix small regression: ssh-agent would return a success messagedjm2015-01-141-14/+23
| | | | | but an empty signature if asked to sign using an unknown key; ok markus@
* switch to sshbuf/sshkey; with & ok djm@markus2015-01-141-212/+308
|
* tweak previous;jmc2014-12-211-3/+3
|
* Add FingerprintHash option to control algorithm used for keydjm2014-12-211-4/+11
| | | | | | | fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* Nuke more obvious #include duplications.krw2014-11-181-2/+1
| | | | ok deraadt@ millert@ tedu@
* Clear buffer used for handling messages. This prevents keys beingdtucker2014-07-251-1/+2
| | | | | | left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt
* restore umask around listener socket creation (dropped in streamlocal patchdjm2014-07-181-1/+5
| | | | merge)
* Add support for Unix domain socket forwarding. A remote TCP portmillert2014-07-151-16/+3
| | | | | | | | may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* Only cleanup agent socket in the main agent process and not in anydjm2014-07-031-1/+9
| | | | | | subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 patch from Dmitry V. Levin
* New key API: refactor key-related functions to be more library-like,djm2014-06-241-8/+16
| | | | | | | | | existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago.
* make compiling against OpenSSL optional (make OPENSSL=no);markus2014-04-291-1/+11
| | | | | reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.