summaryrefslogtreecommitdiff
path: root/authfd.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: modify parentheses in conditionals to make it clearer what isjcs@openbsd.org2023-03-101-3/+3
| | | | | | | | being assigned and what is being checked ok djm dtucker OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
* upstream: include destination constraints for smartcard keys too.djm@openbsd.org2023-03-091-2/+2
| | | | | | Spotted by Luci Stanescu; ok deraadt@ markus@ OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
* upstream: Remove unused compat.h includes.dtucker@openbsd.org2023-03-051-2/+1
| | | | | | | | We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it. OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
* upstream: Add authfd path to debug output. ok markus@dtucker@openbsd.org2022-04-271-1/+2
| | | | OpenBSD-Commit-ID: f735a17d1a6f2bee63bfc609d76ef8db8c090890
* upstream: ssh-add side of destination constraintsdjm@openbsd.org2021-12-201-7/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Have ssh-add accept a list of "destination constraints" that allow restricting where keys may be used in conjunction with a ssh-agent/ssh that supports session ID/hostkey binding. Constraints are specified as either "[user@]host-pattern" or "host-pattern>[user@]host-pattern". The first form permits a key to be used to authenticate as the specified user to the specified host. The second form permits a key that has previously been permitted for use at a host to be available via a forwarded agent to an additional host. For example, constraining a key with "user1@host_a" and "host_a>host_b". Would permit authentication as "user1" at "host_a", and allow the key to be available on an agent forwarded to "host_a" only for authentication to "host_b". The key would not be visible on agent forwarded to other hosts or usable for authentication there. Internally, destination constraints use host keys to identify hosts. The host patterns are used to obtain lists of host keys for that destination that are communicated to the agent. The user/hostkeys are encoded using a new restrict-destination-v00@openssh.com key constraint. host keys are looked up in the default client user/system known_hosts files. It is possible to override this set on the command-line. feedback Jann Horn & markus@ ok markus@ OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e
* upstream: ssh client side of bindingdjm@openbsd.org2021-12-201-1/+30
| | | | | | | | | | send session ID, hostkey, signature and a flag indicating whether the agent connection is being forwarded to ssh agent each time a connection is opened via a new "session-bind@openssh.com" agent extension. ok markus@ OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
* upstream: factor out common code in the agent clientdjm@openbsd.org2021-01-261-24/+39
| | | | | | | | | | Add a ssh_request_reply_decode() function that sends a message to the agent, reads and parses a success/failure reply. Use it for all requests that only expect success/failure ok markus@ OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb
* upstream: whitespace; no code changedjm@openbsd.org2020-10-291-2/+2
| | | | OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
* upstream: Adapt XMSS to new logging infrastructure. With markus@, okdtucker@openbsd.org2020-10-201-2/+2
| | | | | | djm@. OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
* upstream: constify a few things; ok dtucker (as part of anotherdjm@openbsd.org2020-06-261-3/+3
| | | | | | diff) OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6
* upstream: ssh_fetch_identitylist() returns the return value frommarkus@openbsd.org2020-03-131-2/+2
| | | | | | ssh_request_reply() so we should also check against != 0 ok djm OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-5/+3
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: Allow forwarding a different agent socket to the pathdjm@openbsd.org2019-12-211-11/+25
| | | | | | | | | | specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. Patch by Eric Chiang, manpage by me; ok markus@ OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265
* upstream: stdarg.h required more broadly; ok djmderaadt@openbsd.org2019-11-151-2/+2
| | | | OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
* upstream: enable ed25519 support; ok djmmarkus@openbsd.org2019-11-131-1/+3
| | | | OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e
* upstream: add new agent key constraint for U2F/FIDO providerdjm@openbsd.org2019-11-011-6/+19
| | | | | | feedback & ok markus@ OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172
* upstream: authfd: add function to check if key is in agentdjm@openbsd.org2019-09-031-1/+27
| | | | | | | | | This commit adds a helper function which allows the caller to check if a given public key is present in ssh-agent. work by Sebastian Kinne; ok markus@ OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
* upstream: fix memleak in ssh_free_identitylist(); ok markus@djm@openbsd.org2019-09-031-1/+3
| | | | OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-3/+3
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Add protection for private keys at rest in RAM againstdjm@openbsd.org2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@ OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
* upstream: Request RSA-SHA2 signatures fordjm@openbsd.org2018-12-281-4/+6
| | | | | | rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@ OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
* upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293djm@openbsd.org2018-12-071-2/+2
| | | | OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
* upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@markus@openbsd.org2018-07-101-2/+2
| | | | OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
* upstream: Improve strictness and control over RSA-SHA2 signaturedjm@openbsd.org2018-07-031-11/+13
| | | | | | | | | | | | | | | | | | | | | | | In ssh, when an agent fails to return a RSA-SHA2 signature when requested and falls back to RSA-SHA1 instead, retry the signature to ensure that the public key algorithm sent in the SSH_MSG_USERAUTH matches the one in the signature itself. In sshd, strictly enforce that the public key algorithm sent in the SSH_MSG_USERAUTH message matches what appears in the signature. Make the sshd_config PubkeyAcceptedKeyTypes and HostbasedAcceptedKeyTypes options control accepted signature algorithms (previously they selected supported key types). This allows these options to ban RSA-SHA1 in favour of RSA-SHA2. Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures with certificate keys. feedback and ok markus@ OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
* upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org2018-04-101-2/+2
| | | | | | | after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-21/+18
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream commitdjm@openbsd.org2018-02-101-4/+4
| | | | | | | constify some private key-related functions; based on https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
* upstream commitdjm@openbsd.org2018-01-231-3/+1
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdjm@openbsd.org2017-07-211-2/+1
| | | | | | | remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
* upstream commitdjm@openbsd.org2017-06-281-3/+3
| | | | | | | Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
* upstream commitnaddy@openbsd.org2017-05-081-33/+13
| | | | | | | more simplification and removal of SSHv1-related code; ok djm@ Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
* upstream commitdjm@openbsd.org2017-05-081-1/+5
| | | | | | | | since a couple of people have asked, leave a comment explaining why we retain SSH v.1 support in the "delete all keys from agent" path. Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
* upstream commitdjm@openbsd.org2017-05-011-122/+1
| | | | | | unifdef WITH_SSH1 ok markus@ Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
* upstream commitmarkus@openbsd.org2015-12-071-2/+16
| | | | | | | | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
* upstream commitjsg@openbsd.org2015-09-031-2/+2
| | | | | | | | | Fix occurrences of "r = func() != 0" which result in the wrong error codes being returned due to != having higher precedence than =. ok deraadt@ markus@ Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
* upstream commitdjm@openbsd.org2015-07-151-3/+1
| | | | | | | delete support for legacy v00 certificates; "sure" markus@ dtucker@ Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
* upstream commitmarkus@openbsd.org2015-03-271-7/+4
| | | | | sigp and lenp are not optional in ssh_agent_sign(); ok djm@
* upstream commitmarkus@openbsd.org2015-03-271-2/+2
| | | | unbreak ssh_agent_sign (lenp vs *lenp)
* upstream commitmarkus@openbsd.org2015-03-271-2/+3
| | | | | consistent check for NULL as noted by Nicholas Lemonias; ok djm@
* upstream commitdjm@openbsd.org2015-01-151-399/+441
| | | | | move authfd.c and its tentacles to the new buffer/key API; ok markus@
* - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller2014-05-151-5/+17
| | | | | | | | | | [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
* - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller2014-02-041-2/+2
| | | | | | | | | | [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
* - djm@cvs.openbsd.org 2013/12/29 04:29:25Damien Miller2013-12-291-4/+2
| | | | | [authfd.c] allow deletion of ed25519 keys from the agent
* - markus@cvs.openbsd.org 2013/12/06 13:39:49Damien Miller2013-12-071-1/+3
| | | | | | | | | | | | [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] support ed25519 keys (hostkeys and user identities) using the public domain ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html feedback, help & ok djm@
* - markus@cvs.openbsd.org 2013/12/06 13:30:08Damien Miller2013-12-071-54/+3
| | | | | [authfd.c key.c key.h ssh-agent.c] move private key (de)serialization to key.c; ok djm
* - djm@cvs.openbsd.org 2013/11/08 00:39:15Damien Miller2013-11-081-2/+2
| | | | | | | [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] [sftp-client.c sftp-glob.c] use calloc for all structure allocations; from markus@
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-021-5/+5
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - tedu@cvs.openbsd.org 2011/07/06 18:09:21Damien Miller2011-08-061-1/+2
| | | | | | | [authfd.c] bzero the agent address. the kernel was for a while very cranky about these things. evne though that's fixed, always good to initialize memory. ok deraadt djm
* - OpenBSD CVS SyncDamien Miller2011-05-201-2/+2
| | | | | | - djm@cvs.openbsd.org 2011/05/15 08:09:01 [authfd.c monitor.c serverloop.c] use FD_CLOEXEC consistently; patch from zion AT x96.org
* - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]Damien Miller2010-09-101-0/+2
| | | | | | [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
View Lorry Controller Status