summaryrefslogtreecommitdiff
path: root/ssh-agent.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Explictly ignore return codesdtucker@openbsd.org2023-03-311-3/+3
| | | | | | where we don't check them. OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740
* upstream: modify parentheses in conditionals to make it clearer what isjcs@openbsd.org2023-03-101-3/+3
| | | | | | | | being assigned and what is being checked ok djm dtucker OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-2/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: Remove unused compat.h includes.dtucker@openbsd.org2023-03-051-2/+1
| | | | | | | | We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it. OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
* upstream: Remove duplicate includes.dtucker@openbsd.org2022-12-041-2/+1
| | | | | | Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,jmc@openbsd.org2022-10-251-4/+4
| | | | | | | | | wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: actually hook up restrict_websafe; the command-line flagdjm@openbsd.org2022-09-171-2/+3
| | | | | | was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: a little extra debuggingdjm@openbsd.org2022-09-141-1/+2
| | | | OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: ssh-agent: attempt FIDO key signing without PIN and usedjm@openbsd.org2022-09-141-11/+2
| | | | | | | the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: notifier_complete(NULL, ...) is a noop, so no need to testdjm@openbsd.org2022-09-091-5/+3
| | | | | | that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix memleak on session-bind path; from Pedro Martelletto, okdjm@openbsd.org2022-04-291-1/+2
| | | | | | dtucker@ OpenBSD-Commit-ID: e85899a26ba402b4c0717b531317e8fc258f0a7e
* upstream: allow pin-required FIDO keys to be added to ssh-agent(1).djm@openbsd.org2022-01-181-6/+35
| | | | | | | | ssh-askpass will be used to request the PIN at authentication time. From Pedro Martelletto, ok djm OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950
* upstream: Don't log NULL hostname in restricted agent code,dtucker@openbsd.org2022-01-121-4/+5
| | | | | | printf("%s", NULL) is not safe on all platforms. with & ok djm OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
* upstream: fix memleak in process_extension(); oss-fuzz issue #42719djm@openbsd.org2022-01-011-1/+2
| | | | OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e
* upstream: spelling ok dtucker@jsg@openbsd.org2022-01-011-2/+2
| | | | OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
* remove sys/param.h in -portable, after upstreamDamien Miller2021-12-221-1/+0
|
* upstream: Use hostkey parsed from hostbound userauth requestdjm@openbsd.org2021-12-201-3/+23
| | | | | | | | | | | | Require host-bound userauth requests for forwarded SSH connections. The hostkey parsed from the host-bound userauth request is now checked against the most recently bound session ID / hostkey on the agent socket and the signature refused if they do not match. ok markus@ OpenBSD-Commit-ID: d69877c9a3bd8d1189a5dbdeceefa432044dae02
* upstream: agent support for parsing hostkey-bound signaturesdjm@openbsd.org2021-12-201-7/+17
| | | | | | | | | | | Allow parse_userauth_request() to work with blobs from publickey-hostbound-v00@openssh.com userauth attempts. Extract hostkey from these blobs. ok markus@ OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8
* upstream: ssh-agent side of destination constraintsdjm@openbsd.org2021-12-201-42/+463
| | | | | | | | | | | | | | | Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com constraints and to apply them to keys. Check constraints against the hostkeys recorded for a SocketEntry when attempting a signature, adding, listing or deleting keys. Note that the "delete all keys" request will remove constrained keys regardless of location. feedback Jann Horn & markus@ ok markus@ OpenBSD-Commit-ID: 84a7fb81106c2d609a6ac17469436df16d196319
* upstream: ssh-agent side of bindingdjm@openbsd.org2021-12-201-9/+168
| | | | | | | | | | | record session ID/hostkey/forwarding status for each active socket. Attempt to parse data-to-be-signed at signature request time and extract session ID from the blob if it is a pubkey userauth request. ok markus@ OpenBSD-Commit-ID: a80fd41e292b18b67508362129e9fed549abd318
* upstream: check for POLLHUP wherever we check for POLLINdjm@openbsd.org2021-11-181-4/+3
| | | | OpenBSD-Commit-ID: 6aa6f3ec6b17c3bd9bfec672a917f003a76d93e5
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-4/+4
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its owndjm@openbsd.org2021-02-171-41/+59
| | | | | | function and remove an unused variable; ok dtucker@ OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559
* upstream: memleak on error path; ok markus@djm@openbsd.org2021-02-051-2/+2
| | | | OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8
* upstream: fix the values of enum sock_typedjm@openbsd.org2021-01-301-4/+4
| | | | OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd
* upstream: give typedef'd struct a struct name; makes the fuzzer I'mdjm@openbsd.org2021-01-301-2/+2
| | | | | | writing a bit easier OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb
* upstream: Logical not bitwise or. ok djm@dtucker@openbsd.org2021-01-271-2/+2
| | | | OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5
* upstream: Remove unused variables leftover from refactoring. okdtucker@openbsd.org2021-01-261-6/+4
| | | | | | djm@ OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8
* upstream: refactor key constraint parsing in ssh-agentdjm@openbsd.org2021-01-261-69/+95
| | | | | | | | | | | | Key constraints parsing code previously existed in both the "add regular key" and "add smartcard key" path. This unifies them but also introduces more consistency checking: duplicated constraints and constraints that are nonsensical for a particular situation (e.g. FIDO provider for a smartcard key) are now banned. ok markus@ OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
* upstream: more ssh-agent refactoringdjm@openbsd.org2021-01-261-67/+130
| | | | | | | | | | | | Allow confirm_key() to accept an additional reason suffix Factor publickey userauth parsing out into its own function and allow it to optionally return things it parsed out of the message to its caller. feedback/ok markus@ OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
* upstream: use recallocarray to allocate the agent sockets table;djm@openbsd.org2021-01-261-4/+16
| | | | | | | | | | | also clear socket entries that are being marked as unused. spinkle in some debug2() spam to make it easier to watch an agent do its thing. ok markus OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922
* upstream: Change convtime() from returning long to returning int.dtucker@openbsd.org2021-01-111-2/+2
| | | | | | | | On platforms where sizeof(int) != sizeof(long), convtime could accept values >MAX_INT which subsequently truncate when stored in an int during config parsing. bz#3250, ok djm@ OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
* upstream: when requesting a security key touch on stderr, inform thedjm@openbsd.org2020-11-091-2/+2
| | | | | | user once the touch has been recorded; requested by claudio@ ok markus@ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-95/+77
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-031-10/+4
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: handle multiple messages in a single read()djm@openbsd.org2020-09-181-6/+13
| | | | | | PR#183 by Dennis Kaarsemaker; feedback and ok markus@ OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-2/+3
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-4/+4
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: updated argument name for -P in first synopsis wasjmc@openbsd.org2020-06-261-2/+2
| | | | | | missed in previous; OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
* upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org2020-06-221-12/+12
| | | | OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
* upstream: Correct synopsis and usage for the options accepted whendtucker@openbsd.org2020-06-221-2/+4
| | | | | | passing a command to ssh-agent. ok jmc@ OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846
* upstream: Restrict ssh-agent from signing web challenges for FIDOdjm@openbsd.org2020-05-271-10/+100
| | | | | | | | | | | | | | | | | | | | | keys. When signing messages in ssh-agent using a FIDO key that has an application string that does not start with "ssh:", ensure that the message being signed is one of the forms expected for the SSH protocol (currently pubkey authentication and sshsig signatures). This prevents ssh-agent forwarding on a host that has FIDO keys attached granting the ability for the remote side to sign challenges for web authentication using those keys too. Note that the converse case of web browsers signing SSH challenges is already precluded because no web RP can have the "ssh:" prefix in the application string that we require. ok markus@ OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19
* upstream: initialize seconds for debug message; ok djmmarkus@openbsd.org2020-03-131-2/+2
| | | | OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81
* upstream: change explicit_bzero();free() to freezero()jsg@openbsd.org2020-02-281-3/+2
| | | | | | | | | | While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
* upstream: Replace "security key" with "authenticator" in programnaddy@openbsd.org2020-02-071-3/+3
| | | | | | | | | | | messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@ OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
* upstream: process security key provider via realpath() in agent,djm@openbsd.org2020-01-251-7/+19
| | | | | | | | | avoids malicious client from being able to cause agent to load arbitrary libraries into ssh-sk-helper. reported by puck AT puckipedia.com; ok markus OpenBSD-Commit-ID: 1086643df1b7eee4870825c687cf0c26a6145d1c
* upstream: expose PKCS#11 key labels/X.509 subjects as commentsdjm@openbsd.org2020-01-251-6/+13
| | | | | | | | | | | | | Extract the key label or X.509 subject string when PKCS#11 keys are retrieved from the token and plumb this through to places where it may be used as a comment. based on https://github.com/openssh/openssh-portable/pull/138 by Danielle Church feedback and ok markus@ OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-5/+5
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: use ssh-sk-helper for all security key signing operationsdjm@openbsd.org2019-12-141-140/+20
| | | | | | | | | | | This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@ OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f
* upstream: revert previous: naddy pointed out what's meant tojmc@openbsd.org2019-11-201-3/+4
| | | | | | happen. rethink needed... OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421
View Lorry Controller Status