search for: socketentry

...= -1) ret = 1; } diff -u -r -p openssh-6.9p1/ssh-agent.c openssh.cert_shadow/ssh-agent.c --- openssh-6.9p1/ssh-agent.c 2015-07-01 04:35:31.000000000 +0200 +++ openssh.cert_shadow/ssh-agent.c 2015-07-26 14:59:53.733842195 +0200 @@ -112,9 +112,15 @@ typedef struct { u_int sockets_alloc = 0; SocketEntry *sockets = NULL; +typedef struct refcountkey { + struct sshkey *key; + int count; +} RefcountKey; + typedef struct identity { TAILQ_ENTRY(identity) next; - struct sshkey *key; + RefcountKey *idkey; + RefcountKey *shadowed_key; char *comment; char *provider; time_t death; @@ -188,16 +194,...

...TION +#ifdef HAVE_LIBPTHREAD + , AUTH_INUSE +#endif } sock_type; typedef struct { @@ -137,6 +145,50 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; +#ifdef HAVE_LIBPTHREAD + +#define MAX_THREADS 20 + +#define REQ_QUEUE_LEN (MAX_THREADS * 2) + +typedef void (*AuthWorker)(SocketEntry*); + +struct AuthRequestQueueEntry { + AuthWorker worker; + SocketEntry *e; +}; + +struct AuthRequestQueue { + struct AuthRequestQueueEntry queue[REQ_QUEUE_LEN]; + int first; + int used; + int inprogress; /* operated by get() */ + pthread_mutex_t lock; + pthread_cond_t cond; +}; + +struct Thread {...

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Hello, I noticed a problem recently when running some test code against the OpenSSH 7.6p1 ssh-agent. These tests ran fine against OpenSSH 7.5p1 and earlier, but with OpenSSH 7.6p1, they were suddenly causing ssh-agent to exit. The request being made was a ?sign? request, and the point of the test was to have the sign operation fail. To trigger this, I was passing in an invalid key blob

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...+- 1 files changed, 1 insertion(+), 1 deletion(-) diff -uprN openssh-4.3p2/ssh-agent.c openssh-4.3p2-kylie/ssh-agent.c --- openssh-4.3p2/ssh-agent.c 2005-11-04 22:15:00.000000000 -0600 +++ openssh-4.3p2-kylie/ssh-agent.c 2006-05-04 15:05:48.000000000 -0500 @@ -305,8 +305,8 @@ process_sign_request2(SocketEntry *e) Identity *id = lookup_identity(key, 2); if (id != NULL && (!id->confirm || confirm_key(id) == 0)) ok = key_sign(id->key, &signature, &slen, data, dlen); + key_free(key); } - key_free(key); buffer_init(&msg); if (ok == 0) { buffer_put_char(&msg,...

...before use catam --- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300 +++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300 @@ -111,9 +111,6 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; -/* global confirm */ -static int confirm = 0; - static void close_socket(SocketEntry *e) { @@ -246,7 +243,7 @@ goto failure; id = lookup_identity(key, 1); - if (id != NULL && ((!confirm && !id->confirm) || confirm_key(id) == 0)) { + if (id != NULL && (!id->confirm || confirm_key(id) == 0)) { Key...

...enSSH 7.6p1, they were suddenly causing >> ssh-agent to exit. > > Sorry, I've committed this fix: > > > diff --git a/ssh-agent.c b/ssh-agent.c > index 9693722..0c88ab1 100644 > --- a/ssh-agent.c > +++ b/ssh-agent.c > @@ -272,8 +272,11 @@ process_sign_request2(SocketEntry *e) > fatal("%s: sshbuf_new failed", __func__); > if ((r = sshkey_froms(e->request, &key)) != 0 || > (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 || > - (r = sshbuf_get_u32(e->request, &flags)) != 0) > - fatal("%s:...

...; #include "ssh-pkcs11.h" #include "sk-api.h" +#ifdef USE_OPENSSL_ENGINE +#include "ssh-engine.h" +#endif + #ifndef DEFAULT_PROVIDER_WHITELIST # define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" #endif @@ -640,6 +645,78 @@ no_identities(SocketEntry *e) sshbuf_free(msg); } +#ifdef USE_OPENSSL_ENGINE +static void +process_add_engine_key(SocketEntry *e) +{ + char *engine, *pin, *file, *comment; + int r, confirm = 0; + u_int seconds; + time_t death = 0; + u_char type; + struct sshkey *k, *kp; + Identity *id; + + if ((r = sshbuf_get_cstring(e...

...1/ssh-agent.c 2007-02-28 05:19:58.000000000 -0500 +++ openssh-4.6p1-agentmod2/ssh-agent.c 2007-08-20 19:56:38.000000000 -0400 @@ -134,6 +134,9 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; +static int run_inform = 0; +char inform_cmd[MAXPATHLEN]; + static void close_socket(SocketEntry *e) { @@ -247,6 +250,28 @@ MD5_CTX md; Key *key; +#if defined(SO_PEERCRED) + if (AUTH_CONNECTION == e->type) { + struct ucred cred; + socklen_t len = sizeof(cred); + char inform_cmdline[MAXPATHLEN]; + + if (run_inform && getsockopt(e->fd, SOL_SOCKET, SO_PEERCRED, &cred,...

...0-11-30 19:50:35.000000000 -0500 +++ openssh-5.8p2.dontbestrict//ssh-agent.c 2011-05-18 10:25:33.000000000 -0400 @@ -137,6 +137,9 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; +/* Flag for allowing mismatched peer EUIDs */ +static int U_flag = 0; + static void close_socket(SocketEntry *e) { @@ -1023,11 +1026,18 @@ break; } if ((euid != 0) && (getuid() != euid)) { - error("uid mismatch: " - "peer euid %u != uid %u", - (u_int) euid, (u_int) getuid()); - close(sock); - break; + if (U_flag) { + verbose...

during my seminar of advanced exploitation techniques (SEAT, [1]) i developed some methods to crack into system via DMA (e.g. via firewire). as part of this i developed a program that steals loaded ssh private keys from ssh-agents. i was astonished to find that the keys are not immediately removed from the agent when a timeout occurs, but only the next time the agent is queried via its socket. i

...quot;misc.h" +#include "pathnames.h" +#include "readconf.h" #ifdef SMARTCARD #include "scard.h" @@ -111,6 +113,11 @@ /* Default lifetime (0 == forever) */ static int lifetime = 0; +Options options; + +uid_t original_real_uid; + + static void close_socket(SocketEntry *e) { @@ -1015,6 +1022,8 @@ extern char *optarg; pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + char buf[256]; + struct passwd *pw; /* drop */ setegid(getgid()); @@ -1030,6 +1039,19 @@ __progname = ssh_get_progname(av[0]); init_rng(); seed_rng(); + + initialize_options(&opt...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: