summaryrefslogtreecommitdiffstats
path: root/ssh-agent.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: amake ssh-agent drop all keys when it receives SIGUSR1;djm@openbsd.org2024-10-241-6/+27
| | | | | | | | let's users zap keys without access to $SSH_AUTH_SOCK ok deraadt@ OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023
* upstream: some extra paranoia, reminded by jsg@djm@openbsd.org2024-09-251-1/+5
| | | | OpenBSD-Commit-ID: 22072bfa1df1391858ae7768a6c627e08593a91e
* upstream: avoid logging in signal handler by converting mainloop todjm@openbsd.org2024-03-091-17/+25
| | | | | | ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f
* upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11djm@openbsd.org2024-03-061-2/+4
| | | | OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923
* upstream: match flag type (s/int/u_int)djm@openbsd.org2024-01-081-2/+2
| | | | OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a
* upstream: ssh-agent: record failed session-bind attemptsdjm@openbsd.org2023-12-181-3/+15
| | | | | | | | | | | | | | | | Record failed attempts to session-bind a connection and refuse signing operations on that connection henceforth. Prevents a future situation where we add a new hostkey type that is not recognised by an older ssh-agent, that consequently causes session-bind to fail (this situation is only likely to arise when people mix ssh(1) and ssh-agent(1) of different versions on the same host). Previously, after such a failure the agent socket would be considered unbound and not subject to restriction. Spotted by Jann Horn OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e
* upstream: Make it possible to load certs from PKCS#11 tokensdjm@openbsd.org2023-12-181-26/+98
| | | | | | | | | Adds a protocol extension to allow grafting certificates supplied by ssh-add to keys loaded from PKCS#11 tokens in the agent. feedback/ok markus@ OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f
* upstream: apply destination constraints to all p11 keysdjm@openbsd.org2023-12-181-5/+100
| | | | | | | | Previously applied only to the first key returned from each token. ok markus@ OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d
* upstream: Disallow remote addition of FIDO/PKCS11 providerdjm@openbsd.org2023-07-191-2/+21
| | | | | | | | | | | | | | | libraries to ssh-agent by default. The old behaviour of allowing remote clients from loading providers can be restored using `ssh-agent -O allow-remote-pkcs11`. Detection of local/remote clients requires a ssh(1) that supports the `session-bind@openssh.com` extension. Forwarding access to a ssh-agent socket using non-OpenSSH tools may circumvent this control. ok markus@ OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c
* upstream: misplaced debug messagedjm@openbsd.org2023-07-141-2/+2
| | | | OpenBSD-Commit-ID: d0f12af0a5067a756aa707bc39a83fa6f58bf7e5
* upstream: Explictly ignore return codesdtucker@openbsd.org2023-03-311-3/+3
| | | | | | where we don't check them. OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740
* upstream: modify parentheses in conditionals to make it clearer what isjcs@openbsd.org2023-03-101-3/+3
| | | | | | | | being assigned and what is being checked ok djm dtucker OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8
* upstream: Delete obsolete /* ARGSUSED */ lint comments.guenther@openbsd.org2023-03-081-2/+1
| | | | | | ok miod@ millert@ OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c
* upstream: Remove unused compat.h includes.dtucker@openbsd.org2023-03-051-2/+1
| | | | | | | | We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it. OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4
* upstream: Remove duplicate includes.dtucker@openbsd.org2022-12-041-2/+1
| | | | | | Patch from AtariDreams via github PR#364. OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,jmc@openbsd.org2022-10-241-4/+4
| | | | | | | | | wrap a long line ssh-agent.c: - add -O to usage() OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: actually hook up restrict_websafe; the command-line flagdjm@openbsd.org2022-09-171-2/+3
| | | | | | was never actually used. Spotted by Matthew Garrett OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: a little extra debuggingdjm@openbsd.org2022-09-141-1/+2
| | | | OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: ssh-agent: attempt FIDO key signing without PIN and usedjm@openbsd.org2022-09-141-11/+2
| | | | | | | the error to determine whether a PIN is required and prompt only if necessary. from Corinna Vinschen OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: notifier_complete(NULL, ...) is a noop, so no need to testdjm@openbsd.org2022-09-091-5/+3
| | | | | | that ctx!=NULL; from Corinna Vinschen OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix memleak on session-bind path; from Pedro Martelletto, okdjm@openbsd.org2022-04-291-1/+2
| | | | | | dtucker@ OpenBSD-Commit-ID: e85899a26ba402b4c0717b531317e8fc258f0a7e
* upstream: allow pin-required FIDO keys to be added to ssh-agent(1).djm@openbsd.org2022-01-181-6/+35
| | | | | | | | ssh-askpass will be used to request the PIN at authentication time. From Pedro Martelletto, ok djm OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950
* upstream: Don't log NULL hostname in restricted agent code,dtucker@openbsd.org2022-01-121-4/+5
| | | | | | printf("%s", NULL) is not safe on all platforms. with & ok djm OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
* upstream: fix memleak in process_extension(); oss-fuzz issue #42719djm@openbsd.org2022-01-011-1/+2
| | | | OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e
* upstream: spelling ok dtucker@jsg@openbsd.org2022-01-011-2/+2
| | | | OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
* remove sys/param.h in -portable, after upstreamDamien Miller2021-12-211-1/+0
|
* upstream: Use hostkey parsed from hostbound userauth requestdjm@openbsd.org2021-12-191-3/+23
| | | | | | | | | | | | Require host-bound userauth requests for forwarded SSH connections. The hostkey parsed from the host-bound userauth request is now checked against the most recently bound session ID / hostkey on the agent socket and the signature refused if they do not match. ok markus@ OpenBSD-Commit-ID: d69877c9a3bd8d1189a5dbdeceefa432044dae02
* upstream: agent support for parsing hostkey-bound signaturesdjm@openbsd.org2021-12-191-7/+17
| | | | | | | | | | | Allow parse_userauth_request() to work with blobs from publickey-hostbound-v00@openssh.com userauth attempts. Extract hostkey from these blobs. ok markus@ OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8
* upstream: ssh-agent side of destination constraintsdjm@openbsd.org2021-12-191-42/+463
| | | | | | | | | | | | | | | Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com constraints and to apply them to keys. Check constraints against the hostkeys recorded for a SocketEntry when attempting a signature, adding, listing or deleting keys. Note that the "delete all keys" request will remove constrained keys regardless of location. feedback Jann Horn & markus@ ok markus@ OpenBSD-Commit-ID: 84a7fb81106c2d609a6ac17469436df16d196319
* upstream: ssh-agent side of bindingdjm@openbsd.org2021-12-191-9/+168
| | | | | | | | | | | record session ID/hostkey/forwarding status for each active socket. Attempt to parse data-to-be-signed at signature request time and extract session ID from the blob if it is a pubkey userauth request. ok markus@ OpenBSD-Commit-ID: a80fd41e292b18b67508362129e9fed549abd318
* upstream: check for POLLHUP wherever we check for POLLINdjm@openbsd.org2021-11-181-4/+3
| | | | OpenBSD-Commit-ID: 6aa6f3ec6b17c3bd9bfec672a917f003a76d93e5
* upstream: highly polished whitespace, mostly fixing spaces-for-tabdjm@openbsd.org2021-04-031-4/+4
| | | | | | and bad indentation on continuation lines. Prompted by GHPR#185 OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
* upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its owndjm@openbsd.org2021-02-171-41/+59
| | | | | | function and remove an unused variable; ok dtucker@ OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559
* upstream: memleak on error path; ok markus@djm@openbsd.org2021-02-051-2/+2
| | | | OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8
* upstream: fix the values of enum sock_typedjm@openbsd.org2021-01-301-4/+4
| | | | OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd
* upstream: give typedef'd struct a struct name; makes the fuzzer I'mdjm@openbsd.org2021-01-301-2/+2
| | | | | | writing a bit easier OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb
* upstream: Logical not bitwise or. ok djm@dtucker@openbsd.org2021-01-271-2/+2
| | | | OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5
* upstream: Remove unused variables leftover from refactoring. okdtucker@openbsd.org2021-01-261-6/+4
| | | | | | djm@ OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8
* upstream: refactor key constraint parsing in ssh-agentdjm@openbsd.org2021-01-261-69/+95
| | | | | | | | | | | | Key constraints parsing code previously existed in both the "add regular key" and "add smartcard key" path. This unifies them but also introduces more consistency checking: duplicated constraints and constraints that are nonsensical for a particular situation (e.g. FIDO provider for a smartcard key) are now banned. ok markus@ OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
* upstream: more ssh-agent refactoringdjm@openbsd.org2021-01-261-67/+130
| | | | | | | | | | | | Allow confirm_key() to accept an additional reason suffix Factor publickey userauth parsing out into its own function and allow it to optionally return things it parsed out of the message to its caller. feedback/ok markus@ OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
* upstream: use recallocarray to allocate the agent sockets table;djm@openbsd.org2021-01-261-4/+16
| | | | | | | | | | | also clear socket entries that are being marked as unused. spinkle in some debug2() spam to make it easier to watch an agent do its thing. ok markus OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922
* upstream: Change convtime() from returning long to returning int.dtucker@openbsd.org2021-01-111-2/+2
| | | | | | | | On platforms where sizeof(int) != sizeof(long), convtime could accept values >MAX_INT which subsequently truncate when stored in an int during config parsing. bz#3250, ok djm@ OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
* upstream: when requesting a security key touch on stderr, inform thedjm@openbsd.org2020-11-081-2/+2
| | | | | | user once the touch has been recorded; requested by claudio@ ok markus@ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-95/+77
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org2020-10-031-10/+4
| | | | | | | | stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
* upstream: handle multiple messages in a single read()djm@openbsd.org2020-09-181-6/+13
| | | | | | PR#183 by Dennis Kaarsemaker; feedback and ok markus@ OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1
* upstream: support for user-verified FIDO keysdjm@openbsd.org2020-08-271-2/+3
| | | | | | | | | | | | | | | | | FIDO2 supports a notion of "user verification" where the user is required to demonstrate their identity to the token before particular operations (e.g. signing). Typically this is done by authenticating themselves using a PIN that has been set on the token. This adds support for generating and using user verified keys where the verification happens via PIN (other options might be added in the future, but none are in common use now). Practically, this adds another key generation option "verify-required" that yields a key that requires a PIN before each authentication. feedback markus@ and Pedro Martelletto; ok markus@ OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-4/+4
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: updated argument name for -P in first synopsis wasjmc@openbsd.org2020-06-261-2/+2
| | | | | | missed in previous; OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7
* upstream: better terminology for permissions; feedback & ok markus@djm@openbsd.org2020-06-221-12/+12
| | | | OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 21:01:44 +0100