| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
dup could in theory return fd 0 although currently it doesn't in practice.
From Dmitry Belyavskiy vi github PR#238.
OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
|
|
|
|
|
|
|
| |
The only way the if statement can be true is if both dup()s fail, and
in that case the tmp2 can never be set. Coverity CID 291805, ok djm@
OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
|
|
|
|
|
|
|
| |
and not in the pledge(2)'d unprivileged process; fixes regression caused by
recent refactoring spotted by henning@
OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d
|
|
|
|
|
|
|
|
|
|
| |
remove "struct ssh *" from arguments - this was only used to pass the
remote host/address. These can be passed in instead and the resulting
code is less tightly coupled to ssh_api.[ch]
ok dtucker@
OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d
|
|
|
|
|
|
| |
ok djm@
OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa
|
|
|
|
|
|
|
|
|
| |
privsep process. No longer copy entire struct w/ pointer addresses, but pass
remaining scalar fields explicitly,
Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53
|
|
|
|
| |
Caught by the PAM -Werror tinderbox build.
|
|
|
|
|
|
| |
__func__ and appending ssh_err(r) manually; ok markus@
OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
|
|
|
|
|
|
|
|
|
| |
Allows forcing maximum debug logging by file/function/line pattern-
lists.
ok markus@
OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
|
|
|
|
|
|
|
|
|
| |
log functions receive function, filename and line number of caller.
We can use this to selectively enable logging via pattern-lists.
ok markus@
OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIDO2 supports a notion of "user verification" where the user is
required to demonstrate their identity to the token before particular
operations (e.g. signing). Typically this is done by authenticating
themselves using a PIN that has been set on the token.
This adds support for generating and using user verified keys where
the verification happens via PIN (other options might be added in the
future, but none are in common use now). Practically, this adds
another key generation option "verify-required" that yields a key that
requires a PIN before each authentication.
feedback markus@ and Pedro Martelletto; ok markus@
OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
keys.
Previously we didn't do this because we didn't want to expose
the attack surface presented by USB and FIDO protocol handling,
but now that this is insulated behind ssh-sk-helper there is
less risk.
ok markus@
OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
|
|
|
|
|
|
|
|
|
|
|
| |
This is populated during signature verification with additional fields
that are present in and covered by the signature. At the moment, it is
only used to record security key-specific options, especially the flags
field.
with and ok markus@
OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49
|
|
|
|
|
|
| |
WITH_OPENSSL; ok djm@
OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
including the new U2F signatures.
Don't use sshsk_ecdsa_sign() directly, instead make it reachable via
sshkey_sign() like all other signature operations. This means that
we need to add a provider argument to sshkey_sign(), so most of this
change is mechanically adding that.
Suggested by / ok markus@
OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c
|
|
|
|
|
|
|
|
| |
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
|
|
|
|
|
|
|
|
| |
parsing rather than make the caller do it. Saves a lot of boilerplate code.
from markus@ ok djm@
OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
|
| |
|
|
|
|
|
| |
Requires some caching of values, because the PAM code isn't
always called with packet context.
|
|
|
|
|
|
| |
with & ok markus@
OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
|
|
|
|
|
|
| |
with & ok markus@
OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
|
|
|
|
|
|
| |
with & ok markus@
OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
API, started almost exactly six years ago.
This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.
with & ok markus@
OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
|
|
|
|
|
|
| |
Most people will 1) be using modern multi-factor authentication methods
like TOTP/OATH etc and 2) be getting support for multi-factor
authentication via PAM or BSD Auth.
|
|
|
|
| |
OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
|
|
|
|
| |
Supply missing "int r" and fix error path for sshbuf_new().
|
|
|
|
| |
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
|
| |
|
|
|
|
|
| |
During the change to the new buffer api the third arg to
sshbuf_get_cstring was ommitted. Fixes build when configured with skey.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This time, make sure to not remove things that are necessary for
pre-auth compression on the client. Add a comment that pre-auth
compression is still supported in the client.
ok markus@
OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
|
| |
|
|
|
|
| |
OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
|
|
|
|
|
|
| |
djm@
OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
|
|
|
|
| |
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out we still support pre-auth compression on the client.
Therefore revert the previous two commits:
date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
Rename COMP_DELAYED to COMP_ZLIB
Only delayed compression is supported nowadays.
ok markus@
date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
Remove leftovers from pre-authentication compression
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
|
|
|
|
|
|
|
|
|
| |
Support for this has been removed in 2016.
COMP_DELAYED will be renamed in a later commit.
ok markus@
OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
|
|
|
|
| |
Spotted using https://github.com/lucasdemarchi/codespell
|
|
|
|
|
|
|
|
|
|
|
| |
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
|
|
|
|
|
|
| |
uuencode.h is not used
OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
|
|
|
|
|
|
|
|
| |
revert stricter key type / signature type checking in
userauth path; too much software generates inconsistent messages, so we need
a better plan.
OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
|
|
|
|
|
|
|
|
| |
pass negotiated signing algorithm though to
sshkey_verify() and check that the negotiated algorithm matches the type in
the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
|
|
|
|
|
|
|
|
| |
replace statically-sized arrays in ServerOptions with
dynamic ones managed by xrecallocarray, removing some arbitrary (though
large) limits and saving a bit of memory; "much nicer" markus@
Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
|
|
|
|
|
|
| |
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
|
|
|
|
|
|
| |
switch auth2-pubkey.c to modern APIs; with & ok djm@
Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
|
|
|
|
|
|
| |
switch from Key typedef with struct sshkey; ok djm@
Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
|
|
|
|
|
|
|
| |
allow LogLevel in sshd_config Match blocks; ok dtucker
bz#2717
Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
|
|
|
|
|
|
| |
remove ssh1 server code; ok djm@
Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
|