summaryrefslogtreecommitdiffstats
path: root/serverloop.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: fix error in refactor: use ssh_packet_disconnect() instead ofdjm@openbsd.org2019-01-191-4/+6
| | | | | | | sshpkt_error(). The first one logs the error and exits (what we want) instead of just logging and blundering on. OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae
* upstream: remove last references to active_statedjm@openbsd.org2019-01-191-3/+3
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
* upstream: convert serverloop.c to new packet APIdjm@openbsd.org2019-01-191-152/+204
| | | | | | with & ok markus@ OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-191-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: Remove uid checks from low port binds. Now that sshdtucker@openbsd.org2018-07-311-1/+12
| | | | | | | | | cannot be setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@ OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* upstream: sshd: switch config to sshbuf API; ok djm@markus@openbsd.org2018-07-101-2/+2
| | | | OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
* upstream: fix some over-long lines and __func__ up some debugdjm@openbsd.org2018-06-091-9/+9
| | | | | | messages OpenBSD-Commit-ID: c70a60b4c8207d9f242fc2351941ba50916bb267
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-15/+18
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* Replace remaining mysignal() with signal().Darren Tucker2018-02-151-1/+1
| | | | | | These seem to have been missed during the replacement of mysignal with #define signal in commit 5ade9ab. Both include the requisite headers to pick up the #define.
* upstream Don't reset signal handlers inside handlers.dtucker@openbsd.org2018-02-121-4/+1
| | | | | | | | | | | The signal handlers from the original ssh1 code on which OpenSSH is based assume unreliable signals and reinstall their handlers. Since OpenBSD (and pretty much every current system) has reliable signals this is not needed. In the unlikely even that -portable is still being used on such systems we will deal with it in the compat layer. ok deraadt@ OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
* Whitespace sync with upstream.Darren Tucker2018-02-121-0/+1
|
* upstream commitdjm@openbsd.org2018-01-231-5/+3
| | | | | | | | | | | | | Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
* upstream commitdjm@openbsd.org2017-12-191-3/+11
| | | | | | | | unbreak hostkey rotation; attempting to sign with a desired signature algorithm of kex->hostkey_alg is incorrect when the key type isn't capable of making those signatures. ok markus@ OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
* upstream commitdjm@openbsd.org2017-12-191-2/+3
| | | | | | | | pass negotiated signing algorithm though to sshkey_verify() and check that the negotiated algorithm matches the type in the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
* upstream commitdtucker@openbsd.org2017-12-121-2/+4
| | | | | | | | Put remote client info back into the ClientAlive connection termination message. Based in part on diff from lars.nooden at gmail, ok djm OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
* upstream commitdjm@openbsd.org2017-10-231-2/+20
| | | | | | | | | | | | | | | Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
* adapt portable to channels API changesDamien Miller2017-09-121-1/+1
|
* upstream commitdjm@openbsd.org2017-09-121-1/+5
| | | | | | | | | | | | | | | Make remote channel ID a u_int Previously we tracked the remote channel IDs in an int, but this is strictly incorrect: the wire protocol uses uint32 and there is nothing in-principle stopping a SSH implementation from sending, say, 0xffff0000. In practice everyone numbers their channels sequentially, so this has never been a problem. ok markus@ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
* upstream commitdjm@openbsd.org2017-09-121-53/+52
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitdjm@openbsd.org2017-09-041-4/+4
| | | | | | | pass packet state down to some of the channels function (more to come...); ok markus@ Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
* upstream commitdtucker@openbsd.org2017-08-121-2/+2
| | | | | | | | Tweak previous keepalive commit: if last_time + keepalive <= now instead of just "<" so client_alive_check will fire if the select happens to return on exact second of the timeout. ok djm@ Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc
* upstream commitdtucker@openbsd.org2017-08-121-3/+15
| | | | | | | | | | | | Keep track of the last time we actually heard from the client and use this to also schedule a client_alive_check(). Prevents activity on a forwarded port from indefinitely preventing the select timeout so that client_alive_check() will eventually (although not optimally) be called. Analysis by willchan at google com via bz#2756, feedback & ok djm@ Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e
* upstream commitmarkus@openbsd.org2017-06-011-2/+2
| | | | | | remove now obsolete ctx from ssh_dispatch_run; ok djm@ Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
* upstream commitmarkus@openbsd.org2017-05-311-5/+5
| | | | | | protocol handlers all get struct ssh passed; ok djm@ Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
* upstream commitdtucker@openbsd.org2017-02-031-7/+10
| | | | | | | Return true reason for port forwarding failures where feasible rather than always "administratively prohibited". bz#2674, ok djm@ Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
* upstream commitdjm@openbsd.org2017-01-301-8/+13
| | | | | | | unbreak Unix domain socket forwarding for root; ok markus@ Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
* upstream commitdjm@openbsd.org2016-12-141-3/+5
| | | | | | | disable Unix-domain socket forwarding when privsep is disabled Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
* upstream commitdjm@openbsd.org2016-11-301-5/+5
| | | | | | | | | | | | Add a sshd_config DisableForwaring option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. This, like the 'restrict' authorized_keys flag, is intended to be a simple and future-proof way of restricting an account. Suggested as a complement to 'restrict' by Jann Horn; ok markus@ Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
* upstream commitdtucker@openbsd.org2016-10-241-3/+3
| | | | | | | | | Factor out "can bind to low ports" check into its own function. This will make it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@. Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
* upstream commitderaadt@openbsd.org2016-09-121-5/+4
| | | | | | | | Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
* upstream commitmarkus@openbsd.org2016-08-141-574/+22
| | | | | | remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
* Remove NO_IPPORT_RESERVED_CONCEPTDarren Tucker2016-04-081-6/+3
| | | | | | | Replace by defining IPPORT_RESERVED to zero on Cygwin, which should have the same effect without causing problems syncing patches with OpenBSD. Resync the two affected functions with OpenBSD. ok djm, sanity checked by Corinna.
* upstream commitdjm@openbsd.org2016-03-071-5/+7
| | | | | | | | | | refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
* upstream commitdjm@openbsd.org2016-03-041-13/+15
| | | | | | | | fix ClientAliveInterval when a time-based RekeyLimit is set; previously keepalive packets were not being sent. bz#2252 report and analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@ Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
* upstream commitdjm@openbsd.org2016-02-081-13/+7
| | | | | | | | | | | | | | | refactor activation of rekeying This makes automatic rekeying internal to the packet code (previously the server and client loops needed to assist). In doing to it makes application of rekey limits more accurate by accounting for packets about to be sent as well as packets queued during rekeying events themselves. Based on a patch from dtucker@ which was in turn based on a patch Aleksander Adamowski in bz#2521; ok markus@ Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
* upstream commitmarkus@openbsd.org2016-01-271-6/+2
| | | | | | remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
* upstream commitmarkus@openbsd.org2015-12-071-2/+2
| | | | | | | | implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; with & ok djm@ Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
* upstream commitdjm@openbsd.org2015-11-281-2/+3
| | | | | | | | don't include port number in tcpip-forward replies for requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok markus Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a
* upstream commitdjm@openbsd.org2015-02-201-5/+5
| | | | | | | | | | | | | | | | UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
* upstream commitdjm@openbsd.org2015-02-161-4/+84
| | | | | | | | | | | | Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
* upstream commitderaadt@openbsd.org2015-01-261-2/+2
| | | | | Reduce use of <sys/param.h> and transition to <limits.h> throughout. ok djm markus
* upstream commitmarkus@openbsd.org2015-01-191-3/+3
| | | | adapt kex to sshbuf and struct ssh; ok djm@
* upstream commitmarkus@openbsd.org2015-01-191-9/+16
| | | | move dispatch to struct ssh; ok djm@
* upstream commitmarkus@openbsd.org2015-01-191-6/+5
| | | | | | | | update packet.c & isolate, introduce struct ssh a) switch packet.c to buffer api and isolate per-connection info into struct ssh b) (de)serialization of the state is moved from monitor to packet.c c) the old packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and integrated into packet.c with and ok djm@
* - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna VinschenDamien Miller2014-08-191-2/+2
|
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-23/+84
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - djm@cvs.openbsd.org 2014/04/29 13:10:30Damien Miller2014-05-151-2/+2
| | | | | | | [clientloop.c serverloop.c] bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@
* - djm@cvs.openbsd.org 2014/02/02 03:44:32Damien Miller2014-02-041-2/+2
| | | | | | | | | | | [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
* - dtucker@cvs.openbsd.org 2013/12/19 00:19:12Damien Miller2013-12-291-2/+3
| | | | | | | [serverloop.c] Cast client_alive_interval to u_int64_t before assinging to max_time_milliseconds to avoid potential integer overflow in the timeout. bz#2170, patch from Loganaden Velvindron, ok djm@
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 20:37:49 +0100