summaryrefslogtreecommitdiff
path: root/clientloop.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Move up null check and simplify process_escapes.dtucker@openbsd.org2023-04-031-7/+5
| | | | | | | | | Based on Coverity CID 291863 which points out we check the channel pointer for NULLness after dereferencing it. Move this to the start of the function, and while there simplify initialization of efc a bit. ok djm@ OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
* upstream: remove redundant testdjm@openbsd.org2023-03-311-2/+2
| | | | OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-3/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: Check for non-NULL before stringdtucker@openbsd.org2023-03-041-2/+2
| | | | | | comparison. From jjelen at redhat.com via bz#2687. OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f
* upstream: Use time_t for x11_refuse_time timeout. We needdtucker@openbsd.org2023-03-031-5/+5
| | | | | | | SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. Fixes a Coverity warning for 64bit time_t safety, ok djm@ OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d
* upstream: Add channel_force_close()djm@openbsd.org2023-01-061-11/+3
| | | | | | | | | | | | | | | This will forcibly close an open channel by simulating read/write errors, draining the IO buffers and calling the detach function. Previously the detach function was only ever called during channel garbage collection, but there was no way to signal the user of a channel (e.g. session.c) that its channel was being closed deliberately (vs. by the usual state-machine logic). So this adds an extra "force" argument to the channel cleanup callback to indicate this condition. ok markus dtucker OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: replace manual poll/ppoll timeout math with ptimeout APIdjm@openbsd.org2023-01-061-26/+12
| | | | | | feedback markus / ok markus dtucker OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@dtucker@openbsd.org2022-11-301-3/+3
| | | | OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: tighten pledge(2) after session establishmentdjm@openbsd.org2022-11-301-7/+87
| | | | | | feedback, ok & testing in snaps deraadt@ OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: New EnableEscapeCommandline ssh_config(5) optiondjm@openbsd.org2022-11-301-3/+11
| | | | | | | | | | This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: Handle dynamic remote port forwarding in escape commandline'sdtucker@openbsd.org2022-11-111-3/+10
| | | | | | -R processing. bz#3499, ok djm@ OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* upstream: rename client_global_hostkeys_private_confirm() todjm@openbsd.org2022-11-091-4/+4
| | | | | | | client_global_hostkeys_prove_confirm(), as it handles the "hostkeys-prove00@openssh.com" message; no functional change OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Make SetEnv directives first-match-wins in bothdjm@openbsd.org2022-06-031-4/+5
| | | | | | | | | | | sshd_config and sshd_config; previously if the same name was reused then the last would win (which is the opposite to how the config is supposed to work). While there, make the ssh_config parsing more like sshd_config. bz3438, ok dtucker OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b
* upstream: Try to continue running local I/O for channels in statedjm@openbsd.org2022-04-201-4/+3
| | | | | | | | OPEN during SSH transport rekeying. The most visible benefit is that it should make ~-escapes work in the client (e.g. to exit) if the connection happened to have stalled during a rekey event. Based work by and ok dtucker@ OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45
* Put poll.h inside ifdef.Darren Tucker2022-02-101-0/+2
|
* upstream: add a ssh_packet_process_read() function that reads fromdjm@openbsd.org2022-01-251-28/+13
| | | | | | | | | | | | | | a fd directly into the transport input buffer. Use this in the client and server mainloops to avoid unnecessary copying. It also lets us use a more greedy read size without penalty. Yields a 2-3% performance gain on cipher-speed.sh (in a fairly unscientific test tbf) feedback dtucker@ ok markus@ OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
* upstream: add a helper for writing an error message to thedjm@openbsd.org2022-01-251-22/+28
| | | | | | | stderr_buf and setting quit_pending; no functional change but saves a bunch of boilerplate OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d
* upstream: suppress "Connection to xxx closed" messages at LogLevel >=djm@openbsd.org2022-01-121-2/+2
| | | | | | error bz3378; ok dtucker@ OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
* upstream: stricter UpdateHostkey signature verification logic ondjm@openbsd.org2022-01-071-14/+34
| | | | | | | | | the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 ok markus@ OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
* upstream: convert ssh, sshd mainloops from select() to poll();djm@openbsd.org2022-01-071-81/+88
| | | | | | feedback & ok deraadt@ and markus@ has been in snaps for a few months OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
* upstream: spelling ok dtucker@jsg@openbsd.org2022-01-011-2/+2
| | | | OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
* upstream: ssh client side of bindingdjm@openbsd.org2021-12-201-1/+7
| | | | | | | | | | send session ID, hostkey, signature and a flag indicating whether the agent connection is being forwarded to ssh agent each time a connection is opened via a new "session-bind@openssh.com" agent extension. ok markus@ OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135
* upstream: less confusing debug message; bz#3365djm@openbsd.org2021-11-191-2/+2
| | | | OpenBSD-Commit-ID: 836268d3642c2cdc84d39b98d65837f5241e4a50
* upstream: wrap at 80 columnsdjm@openbsd.org2021-08-301-2/+3
| | | | OpenBSD-Commit-ID: 47ca2286d6b52a9747f34da16d742879e1a37bf0
* upstream: Add a ForkAfterAuthentication ssh_config(5) counterpartdjm@openbsd.org2021-07-231-5/+2
| | | | | | | to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok dtucker OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
* upstream: Add a StdinNull directive to ssh_config(5) that allowsdjm@openbsd.org2021-07-231-4/+1
| | | | | | | the config file to do the same thing as -n does on the ssh(1) commandline. Patch from Volker Diels-Grabsch via GHPR231; ok dtucker OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
* upstream: Explicitly check for and start time-based rekeying in thedjm@openbsd.org2021-07-161-1/+5
| | | | | | | | | | | | client and server mainloops. Previously the rekey timeout could expire but rekeying would not start until a packet was sent or received. This could cause us to spin in select() on the rekey timeout if the connection was quiet. ok markus@ OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
* upstream: add a SessionType directive to ssh_config, allowing thedjm@openbsd.org2021-07-141-6/+3
| | | | | | | | | | configuration file to offer equivalent control to the -N (no session) and -s (subsystem) command-line flags. Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; feedback and ok dtucker@ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
* upstream: Fix a couple of whitespace things. Portable already hasdtucker@openbsd.org2021-07-081-1/+1
| | | | | | these so this removes two diffs between the two. OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
* upstream: fix SEGV in UpdateHostkeys debug() message, triggereddjm@openbsd.org2021-05-261-2/+2
| | | | | | | when the update removed more host keys than remain present. Fix tested by reporter James Cook, via bugs@ OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3
* upstream: restore blocking status on stdio fds before closedjm@openbsd.org2021-05-191-9/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | ssh(1) needs to set file descriptors to non-blocking mode to operate but it was not restoring the original state on exit. This could cause problems with fds shared with other programs via the shell, e.g. > $ cat > test.sh << _EOF > #!/bin/sh > { > ssh -Fnone -oLogLevel=verbose ::1 hostname > cat /usr/share/dict/words > } | sleep 10 > _EOF > $ ./test.sh > Authenticated to ::1 ([::1]:22). > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds > Bytes per second: sent 44338.9, received 55197.4 > cat: stdout: Resource temporarily unavailable This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) abandons/closes them. This was reported as bz3280 and GHPR246; ok dtucker@ OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
* upstream: Don't pass NULL as a string in debugging as it does not workdtucker@openbsd.org2021-05-051-2/+2
| | | | | | on some platforms in -portable. ok djm@ OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9
* upstream: more debugging for UpdateHostKeys signature failuresdjm@openbsd.org2021-05-031-2/+5
| | | | OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36
* upstream: a little debugging in the main mux process for statusdjm@openbsd.org2021-04-301-1/+3
| | | | | | confirmation failures in multiplexed sessions OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49
* polish whitespace for portable filesDamien Miller2021-04-031-1/+1
|
* upstream: return non-zero exit status when killed by signal; bz#3281 okdjm@openbsd.org2021-03-191-2/+2
| | | | | | dtucker@ OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816
* upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_tdjm@openbsd.org2021-01-271-6/+3
| | | | | | | and use that instead of global variables containing copies of it. feedback/ok markus@ OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
* upstream: remove global variable used to stash compat flags and use thedjm@openbsd.org2021-01-271-2/+2
| | | | | | purpose-built ssh->compat variable instead; feedback/ok markus@ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
* upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*djm@openbsd.org2020-12-211-3/+3
| | | | | | | | | | | | | | | | | Add load_hostkeys_file() and hostkeys_foreach_file() that accept a FILE* argument instead of opening the file directly. Original load_hostkeys() and hostkeys_foreach() are implemented using these new interfaces. Add a u_int note field to the hostkey_entry and hostkey_foreach_line structs that is passed directly from the load_hostkeys() and hostkeys_foreach() call. This is a lightweight way to annotate results between different invocations of load_hostkeys(). ok markus@ OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
* upstream: UpdateHostkeys: fixed/better detection of host keys thatdjm@openbsd.org2020-10-291-9/+16
| | | | | | | exist under other names and addresses; spotted by and debugged with lots of help from jca@ OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-184/+152
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: make UpdateHostkeys still more conservative: refuse todjm@openbsd.org2020-10-141-38/+76
| | | | | | | | | | | proceed if one of the keys offered by the server is already in known_hosts under another name. This avoid collisions between address entries for different host aliases when CheckHostIP=yes Also, do not attempt to fix known_hosts with incomplete host/ip matches when there are no new or deprecated hostkeys. OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3
* upstream: UpdateHostkeys: check for keys under other namesdjm@openbsd.org2020-10-121-7/+82
| | | | | | | | | | | | | | | Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different name or address to the host that is being connected to. This avoids UpdateHostkeys from making known_hosts inconsistent in some cases. For example, multiple host aliases sharing address-based known_hosts on different lines, or hosts that resolves to multiple addresses. ok markus@ OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
* upstream: UpdateHostkeys: better CheckHostIP handlingdjm@openbsd.org2020-10-121-25/+46
| | | | | | | | | | | | | | When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled) and ensure that, at the end of the operation, entries for both are recorded. Make sure this works with HashKnownHosts too, which requires maintaining a list of entry-types seen across the whole file for each key. ok markus@ OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
* upstream: UpdateHostkeys: better detect manual host entriesdjm@openbsd.org2020-10-121-17/+37
| | | | | | | | | | Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@ OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820
* upstream: don't misdetect comma-separated hostkey names as wildcards;djm@openbsd.org2020-10-091-4/+4
| | | | | | spotted by naddy@ OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce
* upstream: revert kex->flags cert hostkey downgrade back to a plaindjm@openbsd.org2020-10-071-7/+1
| | | | | | | | | key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
* upstream: disable UpdateHostkeys when a wildcard hostname patterndjm@openbsd.org2020-10-031-2/+31
| | | | | | is encountered or when a certificate host key is in use. feedback/ok markus@ OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd
* upstream: Remove unused buf, last user was removed when switchingdtucker@openbsd.org2020-09-161-3/+1
| | | | | | to the sshbuf API. Patch from Sebastian Andrzej Siewior. OpenBSD-Commit-ID: 250fa17f0cec01039cc4abd95917d9746e24c889
* upstream: Only reset the serveralive check when we receive traffic fromdtucker@openbsd.org2020-07-031-14/+22
| | | | | | | | | the server and ignore traffic from a port forwarding client, preventing a client from keeping a connection alive when it should be terminated. Based on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok djm@ OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd
View Lorry Controller Status