Displaying 15 results from an estimated 15 matches for "socketentry".
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...= -1)
ret = 1;
}
diff -u -r -p openssh-6.9p1/ssh-agent.c openssh.cert_shadow/ssh-agent.c
--- openssh-6.9p1/ssh-agent.c 2015-07-01 04:35:31.000000000 +0200
+++ openssh.cert_shadow/ssh-agent.c 2015-07-26 14:59:53.733842195 +0200
@@ -112,9 +112,15 @@ typedef struct {
u_int sockets_alloc = 0;
SocketEntry *sockets = NULL;
+typedef struct refcountkey {
+ struct sshkey *key;
+ int count;
+} RefcountKey;
+
typedef struct identity {
TAILQ_ENTRY(identity) next;
- struct sshkey *key;
+ RefcountKey *idkey;
+ RefcountKey *shadowed_key;
char *comment;
char *provider;
time_t death;
@@ -188,16 +194,...
2012 Mar 11
2
[patch] Threading support in ssh-agent
...TION
+#ifdef HAVE_LIBPTHREAD
+ , AUTH_INUSE
+#endif
} sock_type;
typedef struct {
@@ -137,6 +145,50 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;
+#ifdef HAVE_LIBPTHREAD
+
+#define MAX_THREADS 20
+
+#define REQ_QUEUE_LEN (MAX_THREADS * 2)
+
+typedef void (*AuthWorker)(SocketEntry*);
+
+struct AuthRequestQueueEntry {
+ AuthWorker worker;
+ SocketEntry *e;
+};
+
+struct AuthRequestQueue {
+ struct AuthRequestQueueEntry queue[REQ_QUEUE_LEN];
+ int first;
+ int used;
+ int inprogress; /* operated by get() */
+ pthread_mutex_t lock;
+ pthread_cond_t cond;
+};
+
+struct Thread {...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2017 Nov 14
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
Hello,
I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2006 May 15
0
[PATCH 9/12] bug fix: openssh 4.3p2 possible NULL dereference
...+-
1 files changed, 1 insertion(+), 1 deletion(-)
diff -uprN openssh-4.3p2/ssh-agent.c openssh-4.3p2-kylie/ssh-agent.c
--- openssh-4.3p2/ssh-agent.c 2005-11-04 22:15:00.000000000 -0600
+++ openssh-4.3p2-kylie/ssh-agent.c 2006-05-04 15:05:48.000000000 -0500
@@ -305,8 +305,8 @@ process_sign_request2(SocketEntry *e)
Identity *id = lookup_identity(key, 2);
if (id != NULL && (!id->confirm || confirm_key(id) == 0))
ok = key_sign(id->key, &signature, &slen, data, dlen);
+ key_free(key);
}
- key_free(key);
buffer_init(&msg);
if (ok == 0) {
buffer_put_char(&msg,...
2006 Aug 28
0
patch for ssh-agent force confirm keys
...before use
catam
--- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300
+++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300
@@ -111,9 +111,6 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;
-/* global confirm */
-static int confirm = 0;
-
static void
close_socket(SocketEntry *e)
{
@@ -246,7 +243,7 @@
goto failure;
id = lookup_identity(key, 1);
- if (id != NULL && ((!confirm && !id->confirm) || confirm_key(id) == 0)) {
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
Key...
2017 Nov 15
2
OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
...enSSH 7.6p1, they were suddenly causing
>> ssh-agent to exit.
>
> Sorry, I've committed this fix:
>
>
> diff --git a/ssh-agent.c b/ssh-agent.c
> index 9693722..0c88ab1 100644
> --- a/ssh-agent.c
> +++ b/ssh-agent.c
> @@ -272,8 +272,11 @@ process_sign_request2(SocketEntry *e)
> fatal("%s: sshbuf_new failed", __func__);
> if ((r = sshkey_froms(e->request, &key)) != 0 ||
> (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 ||
> - (r = sshbuf_get_u32(e->request, &flags)) != 0)
> - fatal("%s:...
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...;
#include "ssh-pkcs11.h"
#include "sk-api.h"
+#ifdef USE_OPENSSL_ENGINE
+#include "ssh-engine.h"
+#endif
+
#ifndef DEFAULT_PROVIDER_WHITELIST
# define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
#endif
@@ -640,6 +645,78 @@ no_identities(SocketEntry *e)
sshbuf_free(msg);
}
+#ifdef USE_OPENSSL_ENGINE
+static void
+process_add_engine_key(SocketEntry *e)
+{
+ char *engine, *pin, *file, *comment;
+ int r, confirm = 0;
+ u_int seconds;
+ time_t death = 0;
+ u_char type;
+ struct sshkey *k, *kp;
+ Identity *id;
+
+ if ((r = sshbuf_get_cstring(e...
2007 Aug 21
1
ssh-agent security
...1/ssh-agent.c 2007-02-28 05:19:58.000000000 -0500
+++ openssh-4.6p1-agentmod2/ssh-agent.c 2007-08-20 19:56:38.000000000 -0400
@@ -134,6 +134,9 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;
+static int run_inform = 0;
+char inform_cmd[MAXPATHLEN];
+
static void
close_socket(SocketEntry *e)
{
@@ -247,6 +250,28 @@
MD5_CTX md;
Key *key;
+#if defined(SO_PEERCRED)
+ if (AUTH_CONNECTION == e->type) {
+ struct ucred cred;
+ socklen_t len = sizeof(cred);
+ char inform_cmdline[MAXPATHLEN];
+
+ if (run_inform && getsockopt(e->fd, SOL_SOCKET, SO_PEERCRED, &cred,...
2011 May 18
2
Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?
...0-11-30 19:50:35.000000000 -0500
+++ openssh-5.8p2.dontbestrict//ssh-agent.c 2011-05-18 10:25:33.000000000 -0400
@@ -137,6 +137,9 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;
+/* Flag for allowing mismatched peer EUIDs */
+static int U_flag = 0;
+
static void
close_socket(SocketEntry *e)
{
@@ -1023,11 +1026,18 @@
break;
}
if ((euid != 0) && (getuid() != euid)) {
- error("uid mismatch: "
- "peer euid %u != uid %u",
- (u_int) euid, (u_int) getuid());
- close(sock);
- break;
+ if (U_flag) {
+ verbose...
2007 Feb 23
1
ssh-agent does not immediately clean timeouted keys from memory
during my seminar of advanced exploitation techniques (SEAT, [1]) i
developed some methods to crack into system via DMA (e.g. via firewire).
as part of this i developed a program that steals loaded ssh private
keys from ssh-agents. i was astonished to find that the keys are not
immediately removed from the agent when a timeout occurs, but only the
next time the agent is queried via its socket. i
2004 Oct 03
3
[PATCH] PreferAskpass in ssh_config
...quot;misc.h"
+#include "pathnames.h"
+#include "readconf.h"
#ifdef SMARTCARD
#include "scard.h"
@@ -111,6 +113,11 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;
+Options options;
+
+uid_t original_real_uid;
+
+
static void
close_socket(SocketEntry *e)
{
@@ -1015,6 +1022,8 @@
extern char *optarg;
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
+ char buf[256];
+ struct passwd *pw;
/* drop */
setegid(getgid());
@@ -1030,6 +1039,19 @@
__progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
+
+ initialize_options(&opt...
2003 Sep 16
5
OpenSSH Security Advisory: buffer.adv
This is the 1st revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.
2. Solution:
Upgrade to OpenSSH
2008 Aug 16
21
[Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
https://bugzilla.mindrot.org/show_bug.cgi?id=1506
Summary: rationalize agent behavior on smartcard
removal/reattachment
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: