Pete [Wed, 27 Mar 2024 23:15:29 +0000 (16:15 -0700)]
That would have bugged me if I didn't do this.
Pete [Wed, 27 Mar 2024 23:09:37 +0000 (16:09 -0700)]
Fix the tests.
This is a total hatchet-job, but the tests seem to do a lot of things that they should not.
At any rate, there are no more bare escapes embedded in these files. I do not know why the
build script wants `make test` to pass.
Pete [Wed, 27 Mar 2024 21:36:47 +0000 (14:36 -0700)]
Update Go version.
A part that I didn't write requires 1.17 or higher.
Pete [Sat, 3 Feb 2024 01:10:38 +0000 (01:10 +0000)]
Default theme to mono.
Seems like doing themes as map[string]*Theme would be
nicer than []Theme but maybe upstream knows something
I don't.
Pete [Sat, 3 Feb 2024 00:55:13 +0000 (00:55 +0000)]
Default to timestamp on.
The commit is coming from in the car!
Andrey Petrov [Fri, 22 Dec 2023 18:27:17 +0000 (13:27 -0500)]
Merge pull request #427 from bsiegert/crypto
Bump golang.org/x/crypto to 0.17.0 (security)
Benny Siegert [Fri, 22 Dec 2023 17:25:25 +0000 (18:25 +0100)]
Bump golang.org/x/crypto to 0.17.0 (security)
This fixes the following vulnerabilities, as reported by govulncheck:
Vulnerability #1: GO-2023-2402
Man-in-the-middle attacker can compromise integrity of secure channel in
golang.org/x/crypto
More info: https://pkg.go.dev/vuln/GO-2023-2402
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.0.0-
20200420104511-
884d27f42877
Fixed in: golang.org/x/crypto@v0.17.0
Example traces found:
#1: work/ssh-chat-1.10/sshd/client.go:42:33: sshd.ConnectShell calls ssh.Client.NewSession
#2: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial
#3: work/ssh-chat-1.10/sshd/net.go:49:2: sshd.SSHListener.handleConn calls ssh.DiscardRequests
#4: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
#5: work/ssh-chat-1.10/sshd/terminal.go:222:13: sshd.Terminal.listen calls ssh.Request.Reply
#6: work/ssh-chat-1.10/sshd/client.go:46:2: sshd.ConnectShell calls ssh.Session.Close
#7: work/ssh-chat-1.10/sshd/client.go:70:30: sshd.ConnectShell calls ssh.Session.SendRequest
#8: work/ssh-chat-1.10/sshd/client.go:65:21: sshd.ConnectShell calls ssh.Session.Shell
#9: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.channel.Read
#10: work/ssh-chat-1.10/sshd/terminal/terminal.go:954:17: terminal.Terminal.SetBracketedPasteMode calls io.WriteString, which calls ssh.channel.Write
#11: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.extChannel.Read
Vulnerability #4: GO-2022-0968
Panic on malformed packets in golang.org/x/crypto/ssh
More info: https://pkg.go.dev/vuln/GO-2022-0968
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.0.0-
20200420104511-
884d27f42877
Fixed in: golang.org/x/crypto@v0.0.0-
20211202192323-
5770296d904e
Example traces found:
#1: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial
#2: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
Vulnerability #5: GO-2021-0356
Denial of service via crafted Signer in golang.org/x/crypto/ssh
More info: https://pkg.go.dev/vuln/GO-2021-0356
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.0.0-
20200420104511-
884d27f42877
Fixed in: golang.org/x/crypto@v0.0.0-
20220314234659-
1baeb1ce4c0b
Example traces found:
#1: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:122:19: ssh.main calls ssh.ServerConfig.AddHostKey
Vulnerability #6: GO-2021-0227
Panic on crafted authentication request message in golang.org/x/crypto/ssh
More info: https://pkg.go.dev/vuln/GO-2021-0227
Module: golang.org/x/crypto
Found in: golang.org/x/crypto@v0.0.0-
20200420104511-
884d27f42877
Fixed in: golang.org/x/crypto@v0.0.0-
20201216223049-
8b5274cf687f
Example traces found:
#1: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
Andrey Petrov [Thu, 2 Feb 2023 17:16:01 +0000 (12:16 -0500)]
Merge pull request #421 from DejavuMoe/build/linux-arm64
add: build releases for linux/arm64
DejavuMoe [Thu, 2 Feb 2023 07:23:02 +0000 (15:23 +0800)]
add: build releases for linux/arm64
Andrey Petrov [Mon, 28 Nov 2022 02:15:03 +0000 (20:15 -0600)]
go mod update
Fixes #419 #409
Andrey Petrov [Sun, 31 Jul 2022 14:08:56 +0000 (10:08 -0400)]
Merge pull request #416 from sleibrock/master
Fixing emojis being sent in PMs when no theme is set (#414)
Andrey Petrov [Sat, 30 Jul 2022 19:05:16 +0000 (15:05 -0400)]
Merge pull request #417 from sleibrock/motd-bot-fix
host.go: avoiding motd output if bot mode set
Steven Leibrock [Sat, 30 Jul 2022 01:57:49 +0000 (21:57 -0400)]
host.go: avoiding motd output if bot mode set
Steven L [Thu, 28 Jul 2022 16:29:53 +0000 (12:29 -0400)]
message.go: stripping emoji for when no theme is set
Andrey Petrov [Mon, 7 Mar 2022 19:44:07 +0000 (14:44 -0500)]
Merge pull request #410 from pataquets/master
Docker Compose manifest: mount host's keys and few other improvements.
pataquets [Mon, 7 Mar 2022 19:13:41 +0000 (20:13 +0100)]
Docker Compose manifest: mount host's keys and few other improvements.
* Add SSH keys mount (mimicking default non-Docker behaviour).
* Increase manifest version to lowest 3.x supporting bind mounts.
* Change restart policy from `always` to `unless-stopped`.
* Set a container name.
* Fix port indentation to 2 spaces, as done elsewhere.
Andrey Petrov [Sat, 29 Jan 2022 20:05:59 +0000 (15:05 -0500)]
go mod update
mik2k2 [Thu, 6 Jan 2022 14:09:51 +0000 (15:09 +0100)]
Add /allowlist command (#399)
* move loading whitelist+ops from file to auth and save the loaded files fro reloading
* add /whitelist command with lots of open questions
* add test for /whitelist
* gofmt
* use the same auth (the tests don't seem to care, but htis is more right)
* mutex whitelistMode and remove some deferred TODOs
* s/whitelist/allowlist/ (user-facing); move helper functions outside the handler function
* check for ops in Auth.CheckPublicKey and move /allowlist handling to helper functions
* possibly fix the test timeout in HostNameCollision
* Revert "possibly fix the test timeout in HostNameCollision" (didn't work)
This reverts commit
664dbb0976f8f10ea7a673950a879591c2e7c320.
* managed to reproduce the timeout after updating, hopefully it's the same one
* remove some unimportant TODOs; add a message when reverify kicks people; add a reverify test
* add client connection with key; add test for /allowlist import AGE
* hopefully make test less racy
* s/whitelist/allowlist/
* fix crash on specifying exactly one more -v flag than the max level
* use a key loader function to move file reading out of auth
* add loader to allowlist test
* minor message changes
* add --whitelist with a warning; update tests for messages
* apparently, we have another prefix
* check names directly on the User objects in TestHostNameCollision
* not allowlisted -> not allowed
* small message change
* update test
Andrey Petrov [Fri, 3 Dec 2021 16:02:15 +0000 (11:02 -0500)]
go mod update for golang.org/x/crypto/ssh
Andrey Petrov [Wed, 13 Oct 2021 15:30:58 +0000 (11:30 -0400)]
Update ssh.chat pubkey
Akshay Shekher [Wed, 13 Oct 2021 15:00:11 +0000 (08:00 -0700)]
/back, /away: Change no-op to return err
Fixes #402
When the user is not set as away, using the
`/back` or `/away` command should return error.
The previous behaviour was inconsistent,
`/away` sent a message and `/back` ignored it.
New behaviour is error for both cases.
Co-authored-by: Akshay <akshay.shekher@gmail.com>
Andrey Petrov [Wed, 13 Oct 2021 14:43:49 +0000 (10:43 -0400)]
sshd/terminal/terminal.go: Clamp pos to protect from some fuzzing failures
Andrey Petrov [Wed, 13 Oct 2021 14:27:04 +0000 (10:27 -0400)]
cmd/ssh-chat: Accept multiple --identity keys
Fixes #401
Andrey Petrov [Mon, 11 Oct 2021 14:18:03 +0000 (10:18 -0400)]
Makefile: deploy tweak
mik2k2 [Sat, 3 Jul 2021 17:37:09 +0000 (19:37 +0200)]
set: Allow nil/expired items
Fixes #397
mik2k2 [Mon, 31 May 2021 14:08:30 +0000 (16:08 +0200)]
main, sshd: Refactor authentication, add IP throttling, improve passphrase auth
* Move password authentication handling into sshd/auth (fixes #394).
Password authentication is now completely handeled in Auth. The normal
keyboard-interactive handler checks if passwords are supported and asks
for them, removing the need to override the callbacks.
Brute force throttling is removed; I'd like to base it on IP address
banning, which requires changes to the checks.
I'm not sure, but I think timing attacks against the password are fixed:
- The hashing of the real password happens only at startup.
- The hashing of a provided password is something an attacker can do
themselves; It doesn't leak anything about the real password.
- The hash comparison is constant-time.
* refactor checks, IP-ban incorrect passphrases, renames
- s/assword/assphrase/, typo fixes
- bans are checked separately from public keys
- an incorrect passphrase results in a one-minute IP ban
- whitelists no longer override bans (i.e. you can get banned if you're
whitelisted)
* (hopefully) final changes
Akshay Shekher [Sun, 2 May 2021 17:02:39 +0000 (10:02 -0700)]
tests: Fixed flaky test by using user joined callback. (#393)
Instead of relying on the go scheduler to do the expected thing >_>
Co-authored-by: Akshay <akshay.shekher@gmail.com>
Akshay Shekher [Sun, 2 May 2021 16:18:31 +0000 (09:18 -0700)]
Fix SSHCHAT_TIMESTAMP env variables (#392)
* Fixes Env Vars to pass config to ssh-chat.
The env vars were beign parsed and set to the host
before the user was even added to the host and
hence ignored. This change moves the env var parsing
to after initializing the user.
TODO: tests, completeness+reliability
* cleaned up the test
* reduced test flakyness by adding wait instead of being optimistic
Co-authored-by: Akshay <akshay.shekher@gmail.com>
Andrey Petrov [Sat, 24 Apr 2021 16:49:09 +0000 (12:49 -0400)]
Merge pull request #390 from shazow/shazow-patch-3
tests: Skip flakey TestHostNameCollision
Andrey Petrov [Sat, 24 Apr 2021 16:22:42 +0000 (12:22 -0400)]
tests: Skip flakey TestHostNameCollision
Andrey Petrov [Sat, 24 Apr 2021 16:18:44 +0000 (12:18 -0400)]
Merge pull request #389 from shazow/shazow-patch-2
ci: Test all sub-packages
Andrey Petrov [Sat, 24 Apr 2021 16:16:10 +0000 (12:16 -0400)]
ci: Test all sub-packages
Andrey Petrov [Sat, 24 Apr 2021 16:15:22 +0000 (12:15 -0400)]
Merge pull request #388 from voldyman/ill-be-back
Added /back and tests for all away commands
Andrey Petrov [Sat, 24 Apr 2021 16:14:24 +0000 (12:14 -0400)]
chat: /back help formatting.
Akshay [Sat, 24 Apr 2021 14:54:50 +0000 (07:54 -0700)]
Added /back and tests for all away commands
Andrey Petrov [Mon, 19 Apr 2021 13:45:02 +0000 (09:45 -0400)]
Merge pull request #385 from sytranvn/build-apple-silocon
Add build script for apple silicon
Sy Tran [Sun, 18 Apr 2021 00:31:13 +0000 (07:31 +0700)]
Add build script for apple silicon
Andrey Petrov [Tue, 13 Apr 2021 15:32:24 +0000 (11:32 -0400)]
Makefile: Add deploy helper
Andrey Petrov [Tue, 13 Apr 2021 15:27:38 +0000 (11:27 -0400)]
/away: Fix output for admin whois
cc #377
Andrey Petrov [Tue, 13 Apr 2021 15:24:53 +0000 (11:24 -0400)]
Merge pull request #383 from shazow/add-mute
chat: Add /mute command for op
Andrey Petrov [Tue, 13 Apr 2021 15:21:16 +0000 (11:21 -0400)]
chat: Add /mute command for op
Andrey Petrov [Tue, 6 Apr 2021 13:28:48 +0000 (09:28 -0400)]
host: Fix /msg vs /reply message formatting
Closes #382
Andrey Petrov [Mon, 5 Apr 2021 15:06:44 +0000 (11:06 -0400)]
sshd, chat/message: Add more debug logging for close failures
Andrey Petrov [Fri, 26 Mar 2021 16:49:08 +0000 (12:49 -0400)]
main: Update host_test.go to pass vet, use errgroup
Andrey Petrov [Fri, 26 Mar 2021 16:26:18 +0000 (12:26 -0400)]
cmd/ssh-chat: Use x/term instead of howeyc/gopass, update prompt
Fixes #380
Andrey Petrov [Fri, 26 Mar 2021 16:17:55 +0000 (12:17 -0400)]
go mod update
Andrey Petrov [Mon, 15 Mar 2021 15:07:52 +0000 (11:07 -0400)]
host: Factor out PM code, add away status
Andrey Petrov [Mon, 15 Mar 2021 14:23:33 +0000 (10:23 -0400)]
chat: /away tweaks
Akshay [Sat, 13 Mar 2021 16:34:49 +0000 (08:34 -0800)]
chat: Added support for user away status, fixes #377
made away toggle status, like irc
updated /away feature
* added away message
* added broadcast away message as emote
* updated names list to show away users on the same line, with colors
added /away -> back message
Update away time to be time since marked away
reverted changes made for /list
Andrey Petrov [Sat, 13 Mar 2021 15:08:49 +0000 (10:08 -0500)]
Merge pull request #376 from medinae/reply-to-user-with-symbol-fix
Fix ~ Reply to user with symbol returning Err user not found
Abdelkader Bouadjadja [Sat, 13 Mar 2021 10:56:36 +0000 (14:56 +0400)]
Fix ~ Reply to user with symbol returning Err user not found
Andrey Petrov [Sat, 6 Feb 2021 14:33:28 +0000 (09:33 -0500)]
Update bug_report.md
Andrey Petrov [Sat, 6 Feb 2021 14:30:05 +0000 (09:30 -0500)]
Delete issue_template.md
Andrey Petrov [Sat, 6 Feb 2021 14:29:53 +0000 (09:29 -0500)]
Update issue templates
Andrey Petrov [Wed, 11 Nov 2020 20:44:24 +0000 (15:44 -0500)]
go mod update
Andrey Petrov [Thu, 29 Oct 2020 13:48:30 +0000 (09:48 -0400)]
Merge pull request #366 from Niwla23/dockerfiles
Add Dockerfile and docker-compose.yml
Alwin Lohrie [Wed, 28 Oct 2020 15:19:16 +0000 (16:19 +0100)]
Add Dockerfile and docker-compose.yml
Andrey Petrov [Mon, 3 Aug 2020 18:13:51 +0000 (14:13 -0400)]
main: /rename should not complain when symbol is set and name is unchanged
Andrey Petrov [Mon, 3 Aug 2020 17:57:11 +0000 (13:57 -0400)]
chat/message: Use user.ID() names for mono bot theme
Andrey Petrov [Mon, 3 Aug 2020 17:26:12 +0000 (13:26 -0400)]
/motd: Add reload functionality when msg is @
Andrey Petrov [Mon, 3 Aug 2020 16:34:43 +0000 (12:34 -0400)]
motd.txt: Sync up the latest motd
Andrey Petrov [Mon, 3 Aug 2020 16:32:03 +0000 (12:32 -0400)]
Update CODE_OF_CONDUCT.md
Andrey Petrov [Mon, 3 Aug 2020 15:51:56 +0000 (11:51 -0400)]
README: Add CoC link
Andrey Petrov [Mon, 3 Aug 2020 15:48:40 +0000 (11:48 -0400)]
Update CODE_OF_CONDUCT.md
Andrey Petrov [Mon, 3 Aug 2020 15:45:22 +0000 (11:45 -0400)]
Create CODE_OF_CONDUCT.md
Andrey Petrov [Mon, 3 Aug 2020 15:43:17 +0000 (11:43 -0400)]
Merge pull request #352 from shazow/sponsor-prefix
chat, main: Add /rename op command, optional symbol prefix
Andrey Petrov [Mon, 3 Aug 2020 15:41:19 +0000 (11:41 -0400)]
Merge branch 'master' into sponsor-prefix
Andrey Petrov [Mon, 3 Aug 2020 15:40:28 +0000 (11:40 -0400)]
Merge pull request #356 from shazow/focus-cmd
/focus: Add command to only show messages from focused users
Andrey Petrov [Mon, 3 Aug 2020 15:32:55 +0000 (11:32 -0400)]
chat: Add /focus command
Only show messages from focused users
Andrey Petrov [Mon, 3 Aug 2020 15:32:16 +0000 (11:32 -0400)]
set: Add Interface, ZeroValue helper
Andrey Petrov [Thu, 30 Jul 2020 17:10:41 +0000 (13:10 -0400)]
/whois: Add extra room info for admins
Will need to add room context to non-admins eventually too
Andrey Petrov [Thu, 30 Jul 2020 16:52:32 +0000 (12:52 -0400)]
chat/message: Set LastMsg during render of self public messages, fix sorting
Also fixed chat tests
Andrey Petrov [Thu, 30 Jul 2020 16:05:38 +0000 (12:05 -0400)]
chat: go fmt
Andrey Petrov [Thu, 30 Jul 2020 16:03:35 +0000 (12:03 -0400)]
Merge pull request #355 from pavelz/my_name_last_autocomplete
main: Autocomplete deprioritize own name
Andrey Petrov [Thu, 30 Jul 2020 16:02:07 +0000 (12:02 -0400)]
chat/message: Fix RecentActiveUsers sort order
Pavel Zaitsev [Mon, 27 Jul 2020 23:11:03 +0000 (19:11 -0400)]
updated tests, moved code closer to the caller.
* addded condition for zero time on lastMsg.
* removed extra paramter in NamePrefix
* moved code from NamePrefix to completeName
* removed extra parameter in tests calling to NamePrefix
Pavel Zaitsev [Fri, 24 Jul 2020 14:44:23 +0000 (10:44 -0400)]
update, to fix tests.
Pavel Zaitsev [Fri, 24 Jul 2020 14:16:29 +0000 (10:16 -0400)]
in autocomplete list moves your name to last item in the list of sorted current users
Andrey Petrov [Mon, 20 Jul 2020 16:27:34 +0000 (12:27 -0400)]
Merge pull request #353 from pavelz/show_admin_status
/whois: Show op status for ops
Pavel Zaitsev [Wed, 15 Jul 2020 04:32:53 +0000 (00:32 -0400)]
updated in line with comments in PR
* reduce change footprint to parameter list
* moved Op flag display to last line as to not break bots
Andrey Petrov [Thu, 16 Jul 2020 17:29:38 +0000 (13:29 -0400)]
Merge pull request #354 from lucash-diskkun/master2
chat: Sort /names output
Lucas Hourahine [Thu, 16 Jul 2020 17:25:14 +0000 (13:25 -0400)]
sorting nicks on /names and /list
Pavel Zaitsev [Wed, 8 Jul 2020 03:24:25 +0000 (23:24 -0400)]
now if both are ops it will be reflected in output of whois command
Andrey Petrov [Wed, 24 Jun 2020 17:53:24 +0000 (13:53 -0400)]
main: Add symbol support
Andrey Petrov [Wed, 24 Jun 2020 17:53:14 +0000 (13:53 -0400)]
chat: Use user.ID() instead of user.Name()
Andrey Petrov [Wed, 24 Jun 2020 16:36:02 +0000 (12:36 -0400)]
chat, main: Add /rename op command
Andrey Petrov [Fri, 1 May 2020 16:03:20 +0000 (12:03 -0400)]
Merge pull request #350 from shazow/shazow-patch-1
.github: Improve CI test step
Andrey Petrov [Fri, 1 May 2020 15:50:16 +0000 (11:50 -0400)]
.github: Improve CI test step
Andrey Petrov [Fri, 1 May 2020 15:49:42 +0000 (11:49 -0400)]
.github: Add github action for CI
Andrey Petrov [Fri, 1 May 2020 15:41:35 +0000 (11:41 -0400)]
chat: Fix ignore test, reduce flakeyness
Andrey Petrov [Fri, 1 May 2020 15:41:19 +0000 (11:41 -0400)]
chat: Clean up ignore comparisons
Abdelkader Bouadjadja [Thu, 30 Apr 2020 01:09:21 +0000 (05:09 +0400)]
Ignored people still show up when they send private `/msg`
Abdelkader Bouadjadja [Wed, 29 Apr 2020 20:34:40 +0000 (00:34 +0400)]
Fix test comment
Abdelkader Bouadjadja [Wed, 29 Apr 2020 20:28:06 +0000 (00:28 +0400)]
Ignored people still show up when they `/me` emote
Andrey Petrov [Mon, 20 Apr 2020 19:36:38 +0000 (15:36 -0400)]
Merge pull request #347 from shazow/fix-key-parse
main: Use new x/crypto/ssh key parsing helpers
Andrey Petrov [Mon, 20 Apr 2020 19:34:42 +0000 (15:34 -0400)]
main: Use x/crypto/ssh helpers for parsing passworded keys
Andrey Petrov [Mon, 20 Apr 2020 19:34:28 +0000 (15:34 -0400)]
go mod: Update, mostly for x/crypto
Andrey Petrov [Fri, 17 Apr 2020 16:28:27 +0000 (12:28 -0400)]
Merge pull request #343 from shazow/term-bot-nopty
sshd: Terminal.Term() fallback to Env TERM
Andrey Petrov [Fri, 17 Apr 2020 16:22:31 +0000 (12:22 -0400)]
sshd: Terminal.Term() fallback to Env TERM
Andrey Petrov [Thu, 16 Apr 2020 16:56:15 +0000 (12:56 -0400)]
main: Sort flags, unhide --unsafe-passphrase for now