2024-02-01 03:37:33 +01:00
|
|
|
/* $OpenBSD: session.c,v 1.337 2024/02/01 02:37:33 djm Exp $ */
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
|
* All rights reserved
|
2000-09-16 04:29:08 +02:00
|
|
|
*
|
|
|
|
|
* As far as I am concerned, the code I have written for this software
|
|
|
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
|
|
|
* software must be clearly marked as such, and if the derived work is
|
|
|
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
|
|
|
* called by a name other than "ssh" or "Secure Shell".
|
|
|
|
|
*
|
2000-04-12 10:45:05 +02:00
|
|
|
* SSH2 support by Markus Friedl.
|
2001-07-04 05:32:30 +02:00
|
|
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
2000-09-16 04:29:08 +02:00
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2000-04-12 10:45:05 +02:00
|
|
|
*/
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
#include "includes.h"
|
2006-03-15 01:29:24 +01:00
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
2006-03-15 01:45:54 +01:00
|
|
|
#ifdef HAVE_SYS_STAT_H
|
|
|
|
|
# include <sys/stat.h>
|
|
|
|
|
#endif
|
2006-07-10 13:08:03 +02:00
|
|
|
#include <sys/socket.h>
|
2006-03-15 01:40:10 +01:00
|
|
|
#include <sys/un.h>
|
2006-08-05 03:02:17 +02:00
|
|
|
#include <sys/wait.h>
|
2006-03-15 01:16:59 +01:00
|
|
|
|
2006-07-24 06:07:35 +02:00
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
2016-03-10 12:47:57 +01:00
|
|
|
#include <ctype.h>
|
2006-07-12 14:22:46 +02:00
|
|
|
#include <errno.h>
|
2010-05-10 03:53:54 +02:00
|
|
|
#include <fcntl.h>
|
2006-07-10 12:20:33 +02:00
|
|
|
#include <grp.h>
|
2014-07-03 13:24:19 +02:00
|
|
|
#include <netdb.h>
|
2006-03-15 04:42:54 +01:00
|
|
|
#ifdef HAVE_PATHS_H
|
2006-03-15 01:16:59 +01:00
|
|
|
#include <paths.h>
|
2006-03-15 04:42:54 +01:00
|
|
|
#endif
|
2006-07-10 12:53:08 +02:00
|
|
|
#include <pwd.h>
|
2006-03-15 01:52:09 +01:00
|
|
|
#include <signal.h>
|
2006-08-05 03:37:59 +02:00
|
|
|
#include <stdio.h>
|
2006-08-05 03:34:19 +02:00
|
|
|
#include <stdlib.h>
|
2006-07-24 06:13:33 +02:00
|
|
|
#include <string.h>
|
2019-11-13 05:47:52 +01:00
|
|
|
#include <stdarg.h>
|
2006-07-24 06:07:35 +02:00
|
|
|
#include <unistd.h>
|
2015-01-16 07:40:12 +01:00
|
|
|
#include <limits.h>
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2008-05-19 07:05:07 +02:00
|
|
|
#include "openbsd-compat/sys-queue.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "xmalloc.h"
|
2000-04-01 03:09:21 +02:00
|
|
|
#include "ssh.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "ssh2.h"
|
2001-02-18 20:13:33 +01:00
|
|
|
#include "sshpty.h"
|
2000-04-01 03:09:21 +02:00
|
|
|
#include "packet.h"
|
2018-07-09 23:26:02 +02:00
|
|
|
#include "sshbuf.h"
|
|
|
|
|
#include "ssherr.h"
|
2004-05-02 14:11:30 +02:00
|
|
|
#include "match.h"
|
2000-04-01 03:09:21 +02:00
|
|
|
#include "uidswap.h"
|
2001-06-09 02:36:26 +02:00
|
|
|
#include "channels.h"
|
2018-07-11 20:53:29 +02:00
|
|
|
#include "sshkey.h"
|
2006-08-05 04:39:39 +02:00
|
|
|
#include "cipher.h"
|
|
|
|
|
#ifdef GSSAPI
|
|
|
|
|
#include "ssh-gss.h"
|
|
|
|
|
#endif
|
|
|
|
|
#include "hostfile.h"
|
2000-04-12 10:45:05 +02:00
|
|
|
#include "auth.h"
|
2000-06-18 06:50:44 +02:00
|
|
|
#include "auth-options.h"
|
2013-07-20 05:21:52 +02:00
|
|
|
#include "authfd.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "pathnames.h"
|
|
|
|
|
#include "log.h"
|
2014-07-18 06:11:24 +02:00
|
|
|
#include "misc.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "servconf.h"
|
2001-02-18 20:13:33 +01:00
|
|
|
#include "sshlogin.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "serverloop.h"
|
|
|
|
|
#include "canohost.h"
|
2001-02-09 03:11:24 +01:00
|
|
|
#include "session.h"
|
2005-07-26 13:54:56 +02:00
|
|
|
#include "kex.h"
|
2002-03-22 03:30:41 +01:00
|
|
|
#include "monitor_wrap.h"
|
2008-02-10 12:29:40 +01:00
|
|
|
#include "sftp.h"
|
2017-06-24 08:34:38 +02:00
|
|
|
#include "atomicio.h"
|
2018-11-05 21:22:20 +01:00
|
|
|
#include "pal_doexec.h"
|
2000-04-12 10:45:05 +02:00
|
|
|
|
2004-01-23 12:03:10 +01:00
|
|
|
#if defined(KRB5) && defined(USE_AFS)
|
2004-01-21 01:00:46 +01:00
|
|
|
#include <kafs.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-05-20 03:23:07 +02:00
|
|
|
#ifdef WITH_SELINUX
|
|
|
|
|
#include <selinux/selinux.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2008-11-03 09:17:57 +01:00
|
|
|
#define IS_INTERNAL_SFTP(c) \
|
|
|
|
|
(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
|
|
|
|
|
(c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
|
|
|
|
|
c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
|
|
|
|
|
c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* func */
|
|
|
|
|
|
|
|
|
|
Session *session_new(void);
|
2017-09-12 08:32:07 +02:00
|
|
|
void session_set_fds(struct ssh *, Session *, int, int, int, int, int);
|
2003-10-02 08:12:36 +02:00
|
|
|
void session_pty_cleanup(Session *);
|
2001-07-04 20:23:02 +02:00
|
|
|
void session_proctitle(Session *);
|
2017-09-12 08:32:07 +02:00
|
|
|
int session_setup_x11fwd(struct ssh *, Session *);
|
2018-11-05 21:22:20 +01:00
|
|
|
#ifndef WINDOWS /* !WINDOWS */
|
2017-09-12 08:32:07 +02:00
|
|
|
int do_exec_pty(struct ssh *, Session *, const char *);
|
|
|
|
|
int do_exec_no_pty(struct ssh *, Session *, const char *);
|
2018-11-05 21:22:20 +01:00
|
|
|
#endif
|
2017-09-12 08:32:07 +02:00
|
|
|
int do_exec(struct ssh *, Session *, const char *);
|
|
|
|
|
void do_login(struct ssh *, Session *, const char *);
|
|
|
|
|
void do_child(struct ssh *, Session *, const char *);
|
2001-04-16 10:29:15 +02:00
|
|
|
void do_motd(void);
|
2001-07-04 20:23:02 +02:00
|
|
|
int check_quietlogin(Session *, const char *);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
static void do_authenticated2(struct ssh *, Authctxt *);
|
2001-07-04 20:23:02 +02:00
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
static int session_pty_req(struct ssh *, Session *);
|
2001-03-22 03:02:12 +01:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* import */
|
|
|
|
|
extern ServerOptions options;
|
|
|
|
|
extern char *__progname;
|
|
|
|
|
extern int debug_flag;
|
2000-12-22 02:43:59 +01:00
|
|
|
extern u_int utmp_len;
|
2000-07-11 09:31:38 +02:00
|
|
|
extern int startup_pipe;
|
2001-04-18 17:29:33 +02:00
|
|
|
extern void destroy_sensitive_data(void);
|
2018-07-09 23:26:02 +02:00
|
|
|
extern struct sshbuf *loginmsg;
|
2018-03-03 04:15:51 +01:00
|
|
|
extern struct sshauthopt *auth_opts;
|
2019-01-17 05:45:09 +01:00
|
|
|
extern char *tun_fwd_ifnames; /* serverloop.c */
|
2000-07-11 09:31:38 +02:00
|
|
|
|
2000-09-05 04:34:53 +02:00
|
|
|
/* original command from peer. */
|
2001-06-21 05:17:42 +02:00
|
|
|
const char *original_command = NULL;
|
2000-09-05 04:34:53 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* data */
|
2008-05-19 07:34:50 +02:00
|
|
|
static int sessions_first_unused = -1;
|
|
|
|
|
static int sessions_nalloc = 0;
|
|
|
|
|
static Session *sessions = NULL;
|
2000-09-29 01:57:35 +02:00
|
|
|
|
2010-01-08 07:09:11 +01:00
|
|
|
#define SUBSYSTEM_NONE 0
|
|
|
|
|
#define SUBSYSTEM_EXT 1
|
|
|
|
|
#define SUBSYSTEM_INT_SFTP 2
|
|
|
|
|
#define SUBSYSTEM_INT_SFTP_ERROR 3
|
2008-02-10 12:29:40 +01:00
|
|
|
|
2000-08-23 02:46:23 +02:00
|
|
|
#ifdef HAVE_LOGIN_CAP
|
2002-03-22 02:35:47 +01:00
|
|
|
login_cap_t *lc;
|
2000-08-23 02:46:23 +02:00
|
|
|
#endif
|
|
|
|
|
|
2003-10-02 08:12:36 +02:00
|
|
|
static int is_child = 0;
|
2015-10-25 00:52:22 +02:00
|
|
|
static int in_chroot = 0;
|
2003-10-02 08:12:36 +02:00
|
|
|
|
2017-06-24 08:34:38 +02:00
|
|
|
/* File containing userauth info, if ExposeAuthInfo set */
|
|
|
|
|
static char *auth_info_file = NULL;
|
|
|
|
|
|
2002-06-11 17:59:02 +02:00
|
|
|
/* Name and directory of socket for authentication agent forwarding. */
|
|
|
|
|
static char *auth_sock_name = NULL;
|
|
|
|
|
static char *auth_sock_dir = NULL;
|
|
|
|
|
|
|
|
|
|
/* removes the agent forwarding socket */
|
|
|
|
|
|
|
|
|
|
static void
|
2003-10-02 08:12:36 +02:00
|
|
|
auth_sock_cleanup_proc(struct passwd *pw)
|
2002-06-11 17:59:02 +02:00
|
|
|
{
|
|
|
|
|
if (auth_sock_name != NULL) {
|
|
|
|
|
temporarily_use_uid(pw);
|
|
|
|
|
unlink(auth_sock_name);
|
|
|
|
|
rmdir(auth_sock_dir);
|
|
|
|
|
auth_sock_name = NULL;
|
|
|
|
|
restore_uid();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)
|
2002-06-11 17:59:02 +02:00
|
|
|
{
|
|
|
|
|
Channel *nc;
|
2008-05-19 07:34:50 +02:00
|
|
|
int sock = -1;
|
2002-06-11 17:59:02 +02:00
|
|
|
|
|
|
|
|
if (auth_sock_name != NULL) {
|
|
|
|
|
error("authentication forwarding requested twice.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Temporarily drop privileged uid for mkdir/bind. */
|
|
|
|
|
temporarily_use_uid(pw);
|
|
|
|
|
|
|
|
|
|
/* Allocate a buffer for the socket name, and format the name. */
|
2008-05-19 07:34:50 +02:00
|
|
|
auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
|
2002-06-11 17:59:02 +02:00
|
|
|
|
|
|
|
|
/* Create private directory for socket */
|
|
|
|
|
if (mkdtemp(auth_sock_dir) == NULL) {
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_send_debug(ssh, "Agent forwarding disabled: "
|
2002-06-11 17:59:02 +02:00
|
|
|
"mkdtemp() failed: %.100s", strerror(errno));
|
|
|
|
|
restore_uid();
|
2013-06-01 23:31:17 +02:00
|
|
|
free(auth_sock_dir);
|
2002-06-11 17:59:02 +02:00
|
|
|
auth_sock_dir = NULL;
|
2008-05-19 07:34:50 +02:00
|
|
|
goto authsock_err;
|
2002-06-11 17:59:02 +02:00
|
|
|
}
|
2008-05-19 07:34:50 +02:00
|
|
|
|
|
|
|
|
xasprintf(&auth_sock_name, "%s/agent.%ld",
|
|
|
|
|
auth_sock_dir, (long) getpid());
|
2002-06-11 17:59:02 +02:00
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
/* Start a Unix listener on auth_sock_name. */
|
|
|
|
|
sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0);
|
2002-06-11 17:59:02 +02:00
|
|
|
|
|
|
|
|
/* Restore the privileged uid. */
|
|
|
|
|
restore_uid();
|
|
|
|
|
|
2014-07-18 06:11:24 +02:00
|
|
|
/* Check for socket/bind/listen failure. */
|
|
|
|
|
if (sock < 0)
|
2008-05-19 07:34:50 +02:00
|
|
|
goto authsock_err;
|
2002-06-11 17:59:02 +02:00
|
|
|
|
|
|
|
|
/* Allocate a channel for the authentication agent socket. */
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
nc = channel_new(ssh, "auth-listener",
|
2002-06-11 17:59:02 +02:00
|
|
|
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
|
|
|
|
|
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
|
2003-05-14 05:45:42 +02:00
|
|
|
0, "auth socket", 1);
|
2009-01-28 06:29:49 +01:00
|
|
|
nc->path = xstrdup(auth_sock_name);
|
2002-06-11 17:59:02 +02:00
|
|
|
return 1;
|
2008-05-19 07:34:50 +02:00
|
|
|
|
|
|
|
|
authsock_err:
|
2013-06-01 23:31:17 +02:00
|
|
|
free(auth_sock_name);
|
2008-05-19 07:34:50 +02:00
|
|
|
if (auth_sock_dir != NULL) {
|
2019-02-22 04:37:11 +01:00
|
|
|
temporarily_use_uid(pw);
|
2008-05-19 07:34:50 +02:00
|
|
|
rmdir(auth_sock_dir);
|
2019-02-22 04:37:11 +01:00
|
|
|
restore_uid();
|
2013-06-01 23:31:17 +02:00
|
|
|
free(auth_sock_dir);
|
2008-05-19 07:34:50 +02:00
|
|
|
}
|
|
|
|
|
if (sock != -1)
|
|
|
|
|
close(sock);
|
|
|
|
|
auth_sock_name = NULL;
|
|
|
|
|
auth_sock_dir = NULL;
|
|
|
|
|
return 0;
|
2002-06-11 17:59:02 +02:00
|
|
|
}
|
|
|
|
|
|
2004-02-10 03:23:28 +01:00
|
|
|
static void
|
|
|
|
|
display_loginmsg(void)
|
|
|
|
|
{
|
2018-07-09 23:26:02 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
if (sshbuf_len(loginmsg) == 0)
|
|
|
|
|
return;
|
|
|
|
|
if ((r = sshbuf_put_u8(loginmsg, 0)) != 0)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_fr(r, "sshbuf_put_u8");
|
2018-07-09 23:26:02 +02:00
|
|
|
printf("%s", (char *)sshbuf_ptr(loginmsg));
|
|
|
|
|
sshbuf_reset(loginmsg);
|
2004-02-10 03:23:28 +01:00
|
|
|
}
|
2002-06-11 17:59:02 +02:00
|
|
|
|
2017-06-24 08:34:38 +02:00
|
|
|
static void
|
|
|
|
|
prepare_auth_info_file(struct passwd *pw, struct sshbuf *info)
|
|
|
|
|
{
|
|
|
|
|
int fd = -1, success = 0;
|
|
|
|
|
|
|
|
|
|
if (!options.expose_userauth_info || info == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
temporarily_use_uid(pw);
|
|
|
|
|
auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX");
|
|
|
|
|
if ((fd = mkstemp(auth_info_file)) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("mkstemp: %s", strerror(errno));
|
2017-06-24 08:34:38 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info),
|
|
|
|
|
sshbuf_len(info)) != sshbuf_len(info)) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("write: %s", strerror(errno));
|
2017-06-24 08:34:38 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (close(fd) != 0) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("close: %s", strerror(errno));
|
2017-06-24 08:34:38 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
success = 1;
|
|
|
|
|
out:
|
|
|
|
|
if (!success) {
|
|
|
|
|
if (fd != -1)
|
|
|
|
|
close(fd);
|
|
|
|
|
free(auth_info_file);
|
|
|
|
|
auth_info_file = NULL;
|
|
|
|
|
}
|
|
|
|
|
restore_uid();
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-03 04:15:51 +01:00
|
|
|
static void
|
2018-06-06 20:23:32 +02:00
|
|
|
set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts)
|
2018-03-03 04:15:51 +01:00
|
|
|
{
|
|
|
|
|
char *tmp, *cp, *host;
|
|
|
|
|
int port;
|
|
|
|
|
size_t i;
|
|
|
|
|
|
2018-06-06 20:23:32 +02:00
|
|
|
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) {
|
|
|
|
|
channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL);
|
|
|
|
|
for (i = 0; i < auth_opts->npermitopen; i++) {
|
|
|
|
|
tmp = cp = xstrdup(auth_opts->permitopen[i]);
|
|
|
|
|
/* This shouldn't fail as it has already been checked */
|
2022-02-08 09:59:12 +01:00
|
|
|
if ((host = hpdelim2(&cp, NULL)) == NULL)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("internal error: hpdelim");
|
2018-06-06 20:23:32 +02:00
|
|
|
host = cleanhostname(host);
|
|
|
|
|
if (cp == NULL || (port = permitopen_port(cp)) < 0)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("internal error: permitopen port");
|
2018-06-06 20:23:32 +02:00
|
|
|
channel_add_permission(ssh,
|
|
|
|
|
FORWARD_USER, FORWARD_LOCAL, host, port);
|
|
|
|
|
free(tmp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0) {
|
|
|
|
|
channel_clear_permission(ssh, FORWARD_USER, FORWARD_REMOTE);
|
|
|
|
|
for (i = 0; i < auth_opts->npermitlisten; i++) {
|
|
|
|
|
tmp = cp = xstrdup(auth_opts->permitlisten[i]);
|
|
|
|
|
/* This shouldn't fail as it has already been checked */
|
|
|
|
|
if ((host = hpdelim(&cp)) == NULL)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("internal error: hpdelim");
|
2018-06-06 20:23:32 +02:00
|
|
|
host = cleanhostname(host);
|
|
|
|
|
if (cp == NULL || (port = permitopen_port(cp)) < 0)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("internal error: permitlisten port");
|
2018-06-06 20:23:32 +02:00
|
|
|
channel_add_permission(ssh,
|
|
|
|
|
FORWARD_USER, FORWARD_REMOTE, host, port);
|
|
|
|
|
free(tmp);
|
|
|
|
|
}
|
2018-03-03 04:15:51 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-22 03:02:12 +01:00
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
do_authenticated(struct ssh *ssh, Authctxt *authctxt)
|
2001-03-22 03:02:12 +01:00
|
|
|
{
|
2003-02-24 01:57:01 +01:00
|
|
|
setproctitle("%s", authctxt->pw->pw_name);
|
|
|
|
|
|
2018-03-03 04:15:51 +01:00
|
|
|
auth_log_authopts("active", auth_opts, 0);
|
|
|
|
|
|
2001-03-22 03:02:12 +01:00
|
|
|
/* setup the channel layer */
|
2014-07-18 06:11:24 +02:00
|
|
|
/* XXX - streamlocal? */
|
2018-06-06 20:23:32 +02:00
|
|
|
set_fwdpermit_from_authopts(ssh, auth_opts);
|
2001-03-22 03:02:12 +01:00
|
|
|
|
2018-06-06 20:22:41 +02:00
|
|
|
if (!auth_opts->permit_port_forwarding_flag ||
|
|
|
|
|
options.disable_forwarding) {
|
|
|
|
|
channel_disable_admin(ssh, FORWARD_LOCAL);
|
|
|
|
|
channel_disable_admin(ssh, FORWARD_REMOTE);
|
|
|
|
|
} else {
|
|
|
|
|
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
|
|
|
|
|
channel_disable_admin(ssh, FORWARD_LOCAL);
|
|
|
|
|
else
|
|
|
|
|
channel_permit_all(ssh, FORWARD_LOCAL);
|
|
|
|
|
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0)
|
|
|
|
|
channel_disable_admin(ssh, FORWARD_REMOTE);
|
|
|
|
|
else
|
|
|
|
|
channel_permit_all(ssh, FORWARD_REMOTE);
|
|
|
|
|
}
|
2019-01-19 22:41:18 +01:00
|
|
|
auth_debug_send(ssh);
|
2010-03-07 13:05:17 +01:00
|
|
|
|
2017-06-24 08:34:38 +02:00
|
|
|
prepare_auth_info_file(authctxt->pw, authctxt->session_info);
|
|
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
do_authenticated2(ssh, authctxt);
|
2017-06-24 08:34:38 +02:00
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
do_cleanup(ssh, authctxt);
|
2001-03-22 03:02:12 +01:00
|
|
|
}
|
|
|
|
|
|
2016-03-10 12:47:57 +01:00
|
|
|
/* Check untrusted xauth strings for metacharacters */
|
|
|
|
|
static int
|
|
|
|
|
xauth_valid_string(const char *s)
|
|
|
|
|
{
|
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; s[i] != '\0'; i++) {
|
|
|
|
|
if (!isalnum((u_char)s[i]) &&
|
|
|
|
|
s[i] != '.' && s[i] != ':' && s[i] != '/' &&
|
|
|
|
|
s[i] != '-' && s[i] != '_')
|
2018-07-25 15:56:23 +02:00
|
|
|
return 0;
|
2016-03-10 12:47:57 +01:00
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-19 05:28:01 +01:00
|
|
|
#define USE_PIPES 1
|
2016-12-19 23:46:28 +01:00
|
|
|
|
2018-11-05 21:22:20 +01:00
|
|
|
#ifndef WINDOWS /* !WINDOWS */
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* This is called to fork and execute a command when we have no tty. This
|
|
|
|
|
* will call do_child from the child, and server_loop from the parent after
|
|
|
|
|
* setting up file descriptors and such.
|
|
|
|
|
*/
|
2008-05-19 07:34:50 +02:00
|
|
|
int
|
2017-09-12 08:32:07 +02:00
|
|
|
do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2002-06-11 18:42:49 +02:00
|
|
|
pid_t pid;
|
2000-04-01 03:09:21 +02:00
|
|
|
#ifdef USE_PIPES
|
|
|
|
|
int pin[2], pout[2], perr[2];
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2010-05-10 03:53:54 +02:00
|
|
|
if (s == NULL)
|
|
|
|
|
fatal("do_exec_no_pty: no session");
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Allocate pipes for communicating with the program. */
|
2019-06-28 15:35:04 +02:00
|
|
|
if (pipe(pin) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("pipe in: %.100s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2019-06-28 15:35:04 +02:00
|
|
|
if (pipe(pout) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("pipe out: %.100s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
close(pin[0]);
|
|
|
|
|
close(pin[1]);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2019-06-28 15:35:04 +02:00
|
|
|
if (pipe(perr) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("pipe err: %.100s", strerror(errno));
|
2010-06-26 02:00:14 +02:00
|
|
|
close(pin[0]);
|
|
|
|
|
close(pin[1]);
|
|
|
|
|
close(pout[0]);
|
|
|
|
|
close(pout[1]);
|
|
|
|
|
return -1;
|
2008-05-19 07:34:50 +02:00
|
|
|
}
|
|
|
|
|
#else
|
2000-04-01 03:09:21 +02:00
|
|
|
int inout[2], err[2];
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2010-05-10 03:53:54 +02:00
|
|
|
if (s == NULL)
|
|
|
|
|
fatal("do_exec_no_pty: no session");
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Uses socket pairs to communicate with the program. */
|
2019-06-28 15:35:04 +02:00
|
|
|
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("socketpair #1: %.100s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2019-06-28 15:35:04 +02:00
|
|
|
if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("socketpair #2: %.100s", strerror(errno));
|
2010-06-26 02:00:14 +02:00
|
|
|
close(inout[0]);
|
|
|
|
|
close(inout[1]);
|
|
|
|
|
return -1;
|
2008-05-19 07:34:50 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
session_proctitle(s);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/* Fork the child. */
|
2008-05-19 07:34:50 +02:00
|
|
|
switch ((pid = fork())) {
|
|
|
|
|
case -1:
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("fork: %.100s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
#ifdef USE_PIPES
|
|
|
|
|
close(pin[0]);
|
|
|
|
|
close(pin[1]);
|
|
|
|
|
close(pout[0]);
|
|
|
|
|
close(pout[1]);
|
2010-06-26 02:00:14 +02:00
|
|
|
close(perr[0]);
|
2008-05-19 07:34:50 +02:00
|
|
|
close(perr[1]);
|
|
|
|
|
#else
|
|
|
|
|
close(inout[0]);
|
|
|
|
|
close(inout[1]);
|
|
|
|
|
close(err[0]);
|
2010-06-26 02:00:14 +02:00
|
|
|
close(err[1]);
|
2008-05-19 07:34:50 +02:00
|
|
|
#endif
|
|
|
|
|
return -1;
|
|
|
|
|
case 0:
|
2003-10-02 08:12:36 +02:00
|
|
|
is_child = 1;
|
2002-07-23 23:01:56 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* Create a new session and process group since the 4.4BSD
|
|
|
|
|
* setlogin() affects the entire process group.
|
|
|
|
|
*/
|
2019-06-28 15:35:04 +02:00
|
|
|
if (setsid() == -1)
|
2000-04-01 03:09:21 +02:00
|
|
|
error("setsid failed: %.100s", strerror(errno));
|
|
|
|
|
|
|
|
|
|
#ifdef USE_PIPES
|
|
|
|
|
/*
|
|
|
|
|
* Redirect stdin. We close the parent side of the socket
|
|
|
|
|
* pair, and make the child side the standard input.
|
|
|
|
|
*/
|
|
|
|
|
close(pin[1]);
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(pin[0], 0) == -1)
|
2000-04-01 03:09:21 +02:00
|
|
|
perror("dup2 stdin");
|
|
|
|
|
close(pin[0]);
|
|
|
|
|
|
|
|
|
|
/* Redirect stdout. */
|
|
|
|
|
close(pout[0]);
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(pout[1], 1) == -1)
|
2000-04-01 03:09:21 +02:00
|
|
|
perror("dup2 stdout");
|
|
|
|
|
close(pout[1]);
|
|
|
|
|
|
|
|
|
|
/* Redirect stderr. */
|
2010-06-26 02:00:14 +02:00
|
|
|
close(perr[0]);
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(perr[1], 2) == -1)
|
2000-04-01 03:09:21 +02:00
|
|
|
perror("dup2 stderr");
|
|
|
|
|
close(perr[1]);
|
2008-05-19 07:34:50 +02:00
|
|
|
#else
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* Redirect stdin, stdout, and stderr. Stdin and stdout will
|
|
|
|
|
* use the same socket, as some programs (particularly rdist)
|
|
|
|
|
* seem to depend on it.
|
|
|
|
|
*/
|
|
|
|
|
close(inout[1]);
|
2010-06-26 02:00:14 +02:00
|
|
|
close(err[1]);
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(inout[0], 0) == -1) /* stdin */
|
2000-04-01 03:09:21 +02:00
|
|
|
perror("dup2 stdin");
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(inout[0], 1) == -1) /* stdout (same as stdin) */
|
2000-04-01 03:09:21 +02:00
|
|
|
perror("dup2 stdout");
|
2008-05-19 07:34:50 +02:00
|
|
|
close(inout[0]);
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(err[0], 2) == -1) /* stderr */
|
2000-04-01 03:09:21 +02:00
|
|
|
perror("dup2 stderr");
|
2008-05-19 07:34:50 +02:00
|
|
|
close(err[0]);
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Do processing for the child (exec command etc). */
|
2017-09-12 08:32:07 +02:00
|
|
|
do_child(ssh, s, command);
|
2000-04-01 03:09:21 +02:00
|
|
|
/* NOTREACHED */
|
2008-05-19 07:34:50 +02:00
|
|
|
default:
|
|
|
|
|
break;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2000-09-05 07:13:06 +02:00
|
|
|
#ifdef HAVE_CYGWIN
|
2009-03-08 01:40:27 +01:00
|
|
|
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
|
2000-09-05 07:13:06 +02:00
|
|
|
#endif
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
s->pid = pid;
|
2001-01-18 03:04:35 +01:00
|
|
|
/* Set interactive/non-interactive mode. */
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_set_interactive(ssh, s->display != NULL,
|
2010-11-20 05:19:38 +01:00
|
|
|
options.ip_qos_interactive, options.ip_qos_bulk);
|
2008-05-19 07:34:50 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Clear loginmsg, since it's the child's responsibility to display
|
|
|
|
|
* it to the user, otherwise multiple sessions may accumulate
|
|
|
|
|
* multiple copies of the login messages.
|
|
|
|
|
*/
|
2018-07-10 11:39:52 +02:00
|
|
|
sshbuf_reset(loginmsg);
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
#ifdef USE_PIPES
|
|
|
|
|
/* We are the parent. Close the child sides of the pipes. */
|
|
|
|
|
close(pin[0]);
|
|
|
|
|
close(pout[1]);
|
|
|
|
|
close(perr[1]);
|
|
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
session_set_fds(ssh, s, pin[1], pout[0], perr[0],
|
2016-08-13 19:47:40 +02:00
|
|
|
s->is_subsystem, 0);
|
2008-05-19 07:34:50 +02:00
|
|
|
#else
|
2000-04-01 03:09:21 +02:00
|
|
|
/* We are the parent. Close the child sides of the socket pairs. */
|
|
|
|
|
close(inout[0]);
|
|
|
|
|
close(err[0]);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Enter the interactive session. Note: server_loop must be able to
|
|
|
|
|
* handle the case that fdin and fdout are the same.
|
|
|
|
|
*/
|
2019-02-05 12:35:56 +01:00
|
|
|
session_set_fds(ssh, s, inout[1], inout[1], err[1],
|
2016-08-13 19:47:40 +02:00
|
|
|
s->is_subsystem, 0);
|
2008-05-19 07:34:50 +02:00
|
|
|
#endif
|
|
|
|
|
return 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This is called to fork and execute a command when we have a tty. This
|
|
|
|
|
* will call do_child from the child, and server_loop from the parent after
|
|
|
|
|
* setting up file descriptors, controlling tty, updating wtmp, utmp,
|
|
|
|
|
* lastlog, and other such operations.
|
|
|
|
|
*/
|
2008-05-19 07:34:50 +02:00
|
|
|
int
|
2017-09-12 08:32:07 +02:00
|
|
|
do_exec_pty(struct ssh *ssh, Session *s, const char *command)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
int fdout, ptyfd, ttyfd, ptymaster;
|
|
|
|
|
pid_t pid;
|
|
|
|
|
|
|
|
|
|
if (s == NULL)
|
|
|
|
|
fatal("do_exec_pty: no session");
|
|
|
|
|
ptyfd = s->ptyfd;
|
|
|
|
|
ttyfd = s->ttyfd;
|
|
|
|
|
|
2008-05-19 07:34:50 +02:00
|
|
|
/*
|
|
|
|
|
* Create another descriptor of the pty master side for use as the
|
|
|
|
|
* standard input. We could use the original descriptor, but this
|
|
|
|
|
* simplifies code in server_loop. The descriptor is bidirectional.
|
|
|
|
|
* Do this before forking (and cleanup in the child) so as to
|
|
|
|
|
* detect and gracefully fail out-of-fd conditions.
|
|
|
|
|
*/
|
2019-06-28 15:35:04 +02:00
|
|
|
if ((fdout = dup(ptyfd)) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("dup #1: %s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
close(ttyfd);
|
|
|
|
|
close(ptyfd);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
/* we keep a reference to the pty master */
|
2019-06-28 15:35:04 +02:00
|
|
|
if ((ptymaster = dup(ptyfd)) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("dup #2: %s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
close(ttyfd);
|
|
|
|
|
close(ptyfd);
|
|
|
|
|
close(fdout);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Fork the child. */
|
2008-05-19 07:34:50 +02:00
|
|
|
switch ((pid = fork())) {
|
|
|
|
|
case -1:
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("fork: %.100s", strerror(errno));
|
2008-05-19 07:34:50 +02:00
|
|
|
close(fdout);
|
|
|
|
|
close(ptymaster);
|
|
|
|
|
close(ttyfd);
|
|
|
|
|
close(ptyfd);
|
|
|
|
|
return -1;
|
|
|
|
|
case 0:
|
2003-10-02 08:12:36 +02:00
|
|
|
is_child = 1;
|
2001-07-04 06:53:53 +02:00
|
|
|
|
2008-05-19 07:34:50 +02:00
|
|
|
close(fdout);
|
|
|
|
|
close(ptymaster);
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/* Close the master side of the pseudo tty. */
|
|
|
|
|
close(ptyfd);
|
|
|
|
|
|
|
|
|
|
/* Make the pseudo tty our controlling tty. */
|
|
|
|
|
pty_make_controlling_tty(&ttyfd, s->tty);
|
|
|
|
|
|
2001-10-10 07:02:46 +02:00
|
|
|
/* Redirect stdin/stdout/stderr from the pseudo tty. */
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(ttyfd, 0) == -1)
|
2001-10-10 07:02:46 +02:00
|
|
|
error("dup2 stdin: %s", strerror(errno));
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(ttyfd, 1) == -1)
|
2001-10-10 07:02:46 +02:00
|
|
|
error("dup2 stdout: %s", strerror(errno));
|
2019-06-28 15:35:04 +02:00
|
|
|
if (dup2(ttyfd, 2) == -1)
|
2001-10-10 07:02:46 +02:00
|
|
|
error("dup2 stderr: %s", strerror(errno));
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/* Close the extra descriptor for the pseudo tty. */
|
|
|
|
|
close(ttyfd);
|
|
|
|
|
|
2000-08-18 05:59:06 +02:00
|
|
|
/* record login, etc. similar to login(1) */
|
2016-08-23 18:21:45 +02:00
|
|
|
#ifndef HAVE_OSF_SIA
|
2017-09-12 08:32:07 +02:00
|
|
|
do_login(ssh, s, command);
|
2001-04-16 10:37:05 +02:00
|
|
|
#endif
|
2008-05-19 07:34:50 +02:00
|
|
|
/*
|
|
|
|
|
* Do common processing for the child, such as execing
|
|
|
|
|
* the command.
|
|
|
|
|
*/
|
2017-09-12 08:32:07 +02:00
|
|
|
do_child(ssh, s, command);
|
2009-06-21 11:50:08 +02:00
|
|
|
/* NOTREACHED */
|
2008-05-19 07:34:50 +02:00
|
|
|
default:
|
|
|
|
|
break;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2000-09-05 07:13:06 +02:00
|
|
|
#ifdef HAVE_CYGWIN
|
2009-03-08 01:40:27 +01:00
|
|
|
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
|
2000-09-05 07:13:06 +02:00
|
|
|
#endif
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
s->pid = pid;
|
|
|
|
|
|
|
|
|
|
/* Parent. Close the slave side of the pseudo tty. */
|
|
|
|
|
close(ttyfd);
|
|
|
|
|
|
|
|
|
|
/* Enter interactive session. */
|
2008-05-19 07:34:50 +02:00
|
|
|
s->ptymaster = ptymaster;
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_set_interactive(ssh, 1,
|
2010-11-20 05:19:38 +01:00
|
|
|
options.ip_qos_interactive, options.ip_qos_bulk);
|
2017-09-12 08:32:07 +02:00
|
|
|
session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1);
|
2008-05-19 07:34:50 +02:00
|
|
|
return 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2016-12-19 23:46:28 +01:00
|
|
|
#endif /* !WINDOWS */
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2001-06-21 05:13:10 +02:00
|
|
|
/*
|
|
|
|
|
* This is called to fork and execute a command. If another command is
|
|
|
|
|
* to be forced, execute that instead.
|
|
|
|
|
*/
|
2008-05-19 07:34:50 +02:00
|
|
|
int
|
2017-09-12 08:32:07 +02:00
|
|
|
do_exec(struct ssh *ssh, Session *s, const char *command)
|
2001-06-21 05:13:10 +02:00
|
|
|
{
|
2008-05-19 07:34:50 +02:00
|
|
|
int ret;
|
2016-02-16 04:37:48 +01:00
|
|
|
const char *forced = NULL, *tty = NULL;
|
|
|
|
|
char session_type[1024];
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2006-07-24 06:06:47 +02:00
|
|
|
if (options.adm_forced_command) {
|
|
|
|
|
original_command = command;
|
|
|
|
|
command = options.adm_forced_command;
|
2013-10-15 03:12:02 +02:00
|
|
|
forced = "(config)";
|
2018-03-03 04:15:51 +01:00
|
|
|
} else if (auth_opts->force_command != NULL) {
|
2001-06-21 05:13:10 +02:00
|
|
|
original_command = command;
|
2018-03-03 04:15:51 +01:00
|
|
|
command = auth_opts->force_command;
|
2013-10-15 03:12:02 +02:00
|
|
|
forced = "(key-option)";
|
|
|
|
|
}
|
2018-10-02 14:40:07 +02:00
|
|
|
s->forced = 0;
|
2013-10-15 03:12:02 +02:00
|
|
|
if (forced != NULL) {
|
2018-10-02 14:40:07 +02:00
|
|
|
s->forced = 1;
|
2010-01-08 07:09:11 +01:00
|
|
|
if (IS_INTERNAL_SFTP(command)) {
|
|
|
|
|
s->is_subsystem = s->is_subsystem ?
|
|
|
|
|
SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
|
|
|
|
|
} else if (s->is_subsystem)
|
2008-02-10 12:29:40 +01:00
|
|
|
s->is_subsystem = SUBSYSTEM_EXT;
|
2013-10-15 03:12:02 +02:00
|
|
|
snprintf(session_type, sizeof(session_type),
|
|
|
|
|
"forced-command %s '%.900s'", forced, command);
|
|
|
|
|
} else if (s->is_subsystem) {
|
|
|
|
|
snprintf(session_type, sizeof(session_type),
|
|
|
|
|
"subsystem '%.900s'", s->subsys);
|
|
|
|
|
} else if (command == NULL) {
|
|
|
|
|
snprintf(session_type, sizeof(session_type), "shell");
|
|
|
|
|
} else {
|
|
|
|
|
/* NB. we don't log unforced commands to preserve privacy */
|
|
|
|
|
snprintf(session_type, sizeof(session_type), "command");
|
2001-06-21 05:13:10 +02:00
|
|
|
}
|
|
|
|
|
|
2013-10-15 03:12:02 +02:00
|
|
|
if (s->ttyfd != -1) {
|
|
|
|
|
tty = s->tty;
|
|
|
|
|
if (strncmp(tty, "/dev/", 5) == 0)
|
|
|
|
|
tty += 5;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-16 04:37:48 +01:00
|
|
|
verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",
|
2013-10-15 03:12:02 +02:00
|
|
|
session_type,
|
|
|
|
|
tty == NULL ? "" : " on ",
|
|
|
|
|
tty == NULL ? "" : tty,
|
|
|
|
|
s->pw->pw_name,
|
2016-03-07 20:02:43 +01:00
|
|
|
ssh_remote_ipaddr(ssh),
|
|
|
|
|
ssh_remote_port(ssh),
|
2016-02-16 04:37:48 +01:00
|
|
|
s->self);
|
2013-10-15 03:12:02 +02:00
|
|
|
|
2005-02-08 11:52:47 +01:00
|
|
|
#ifdef SSH_AUDIT_EVENTS
|
2005-02-02 14:20:53 +01:00
|
|
|
if (command != NULL)
|
|
|
|
|
PRIVSEP(audit_run_command(command));
|
|
|
|
|
else if (s->ttyfd == -1) {
|
|
|
|
|
char *shell = s->pw->pw_shell;
|
|
|
|
|
|
|
|
|
|
if (shell[0] == '\0') /* empty shell means /bin/sh */
|
|
|
|
|
shell =_PATH_BSHELL;
|
|
|
|
|
PRIVSEP(audit_run_command(shell));
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2001-06-21 05:13:10 +02:00
|
|
|
if (s->ttyfd != -1)
|
2017-09-12 08:32:07 +02:00
|
|
|
ret = do_exec_pty(ssh, s, command);
|
2001-06-21 05:13:10 +02:00
|
|
|
else
|
2017-09-12 08:32:07 +02:00
|
|
|
ret = do_exec_no_pty(ssh, s, command);
|
2001-06-21 05:13:10 +02:00
|
|
|
|
2001-06-21 05:17:42 +02:00
|
|
|
original_command = NULL;
|
2001-06-21 05:13:10 +02:00
|
|
|
|
2004-07-17 09:05:14 +02:00
|
|
|
/*
|
|
|
|
|
* Clear loginmsg: it's the child's responsibility to display
|
|
|
|
|
* it to the user, otherwise multiple sessions may accumulate
|
|
|
|
|
* multiple copies of the login messages.
|
|
|
|
|
*/
|
2018-07-09 23:26:02 +02:00
|
|
|
sshbuf_reset(loginmsg);
|
2008-05-19 07:34:50 +02:00
|
|
|
|
|
|
|
|
return ret;
|
2004-07-17 09:05:14 +02:00
|
|
|
}
|
2002-02-19 22:50:43 +01:00
|
|
|
|
2000-08-18 05:59:06 +02:00
|
|
|
/* administrative, login(1)-like work */
|
|
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
do_login(struct ssh *ssh, Session *s, const char *command)
|
2000-08-18 05:59:06 +02:00
|
|
|
{
|
|
|
|
|
socklen_t fromlen;
|
|
|
|
|
struct sockaddr_storage from;
|
|
|
|
|
struct passwd * pw = s->pw;
|
|
|
|
|
pid_t pid = getpid();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Get IP address of client. If the connection is not a socket, let
|
|
|
|
|
* the address be 0.0.0.0.
|
|
|
|
|
*/
|
|
|
|
|
memset(&from, 0, sizeof(from));
|
2003-01-02 00:43:55 +01:00
|
|
|
fromlen = sizeof(from);
|
2019-01-19 22:41:53 +01:00
|
|
|
if (ssh_packet_connection_is_on_socket(ssh)) {
|
|
|
|
|
if (getpeername(ssh_packet_get_connection_in(ssh),
|
2019-06-28 15:35:04 +02:00
|
|
|
(struct sockaddr *)&from, &fromlen) == -1) {
|
2000-08-18 05:59:06 +02:00
|
|
|
debug("getpeername: %.100s", strerror(errno));
|
2003-10-02 08:12:36 +02:00
|
|
|
cleanup_exit(255);
|
2000-08-18 05:59:06 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Record that there was a login on that tty from the remote host. */
|
2002-04-02 22:32:46 +02:00
|
|
|
if (!use_privsep)
|
|
|
|
|
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
|
2016-03-07 20:02:43 +01:00
|
|
|
session_get_remote_name_or_ip(ssh, utmp_len,
|
2003-06-03 02:25:48 +02:00
|
|
|
options.use_dns),
|
2002-09-04 08:45:09 +02:00
|
|
|
(struct sockaddr *)&from, fromlen);
|
2000-08-18 05:59:06 +02:00
|
|
|
|
2000-10-14 15:36:13 +02:00
|
|
|
#ifdef USE_PAM
|
|
|
|
|
/*
|
|
|
|
|
* If password change is needed, do it now.
|
|
|
|
|
* This needs to occur before the ~/.hushlogin check.
|
|
|
|
|
*/
|
2004-02-10 03:23:28 +01:00
|
|
|
if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) {
|
|
|
|
|
display_loginmsg();
|
2000-10-14 15:36:13 +02:00
|
|
|
do_pam_chauthtok();
|
2004-02-10 03:23:28 +01:00
|
|
|
s->authctxt->force_pwchange = 0;
|
2003-08-25 05:08:49 +02:00
|
|
|
/* XXX - signal [net] parent to enable forwardings */
|
2000-10-14 15:36:13 +02:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-04-16 10:29:15 +02:00
|
|
|
if (check_quietlogin(s, command))
|
2000-08-18 05:59:06 +02:00
|
|
|
return;
|
|
|
|
|
|
2004-02-10 03:23:28 +01:00
|
|
|
display_loginmsg();
|
2000-08-18 05:59:06 +02:00
|
|
|
|
2001-04-16 10:29:15 +02:00
|
|
|
do_motd();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Display the message of the day.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
do_motd(void)
|
|
|
|
|
{
|
|
|
|
|
FILE *f;
|
|
|
|
|
char buf[256];
|
|
|
|
|
|
2000-08-18 05:59:06 +02:00
|
|
|
if (options.print_motd) {
|
2000-08-23 02:46:23 +02:00
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
|
|
|
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
|
|
|
|
|
"/etc/motd"), "r");
|
|
|
|
|
#else
|
2000-08-18 05:59:06 +02:00
|
|
|
f = fopen("/etc/motd", "r");
|
2000-08-23 02:46:23 +02:00
|
|
|
#endif
|
2000-08-18 05:59:06 +02:00
|
|
|
if (f) {
|
|
|
|
|
while (fgets(buf, sizeof(buf), f))
|
|
|
|
|
fputs(buf, stdout);
|
|
|
|
|
fclose(f);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-07-04 20:23:02 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check for quiet login, either .hushlogin or command given.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
check_quietlogin(Session *s, const char *command)
|
|
|
|
|
{
|
|
|
|
|
char buf[256];
|
|
|
|
|
struct passwd *pw = s->pw;
|
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
|
|
/* Return 1 if .hushlogin exists or a command given. */
|
|
|
|
|
if (command != NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
|
|
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
|
|
|
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
|
|
|
|
|
return 1;
|
|
|
|
|
#else
|
|
|
|
|
if (stat(buf, &st) >= 0)
|
|
|
|
|
return 1;
|
|
|
|
|
#endif
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* Reads environment variables from the given file and adds/overrides them
|
|
|
|
|
* into the environment. If the file does not exist, this does nothing.
|
|
|
|
|
* Otherwise, it must consist of empty lines, comments (line starts with '#')
|
|
|
|
|
* and assignments of the form name=value. No other forms are allowed.
|
2020-07-06 01:59:45 +02:00
|
|
|
* If allowlist is not NULL, then it is interpreted as a pattern list and
|
2018-07-03 12:59:35 +02:00
|
|
|
* only variable names that match it will be accepted.
|
2000-04-01 03:09:21 +02:00
|
|
|
*/
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-12-22 02:43:59 +01:00
|
|
|
read_environment_file(char ***env, u_int *envsize,
|
2020-07-06 01:59:45 +02:00
|
|
|
const char *filename, const char *allowlist)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
FILE *f;
|
2018-06-06 20:29:18 +02:00
|
|
|
char *line = NULL, *cp, *value;
|
|
|
|
|
size_t linesize = 0;
|
2002-06-26 15:51:06 +02:00
|
|
|
u_int lineno = 0;
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
f = fopen(filename, "r");
|
|
|
|
|
if (!f)
|
|
|
|
|
return;
|
|
|
|
|
|
2018-06-06 20:29:18 +02:00
|
|
|
while (getline(&line, &linesize, f) != -1) {
|
2002-06-26 15:51:06 +02:00
|
|
|
if (++lineno > 1000)
|
|
|
|
|
fatal("Too many lines in environment file %s", filename);
|
2018-06-06 20:29:18 +02:00
|
|
|
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
|
2000-04-01 03:09:21 +02:00
|
|
|
;
|
|
|
|
|
if (!*cp || *cp == '#' || *cp == '\n')
|
|
|
|
|
continue;
|
2007-09-17 08:09:15 +02:00
|
|
|
|
|
|
|
|
cp[strcspn(cp, "\n")] = '\0';
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
value = strchr(cp, '=');
|
|
|
|
|
if (value == NULL) {
|
2002-06-26 15:51:06 +02:00
|
|
|
fprintf(stderr, "Bad line %u in %.100s\n", lineno,
|
|
|
|
|
filename);
|
2000-04-01 03:09:21 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2000-05-30 05:44:51 +02:00
|
|
|
/*
|
|
|
|
|
* Replace the equals sign by nul, and advance value to
|
|
|
|
|
* the value string.
|
|
|
|
|
*/
|
2000-04-01 03:09:21 +02:00
|
|
|
*value = '\0';
|
|
|
|
|
value++;
|
2020-07-06 01:59:45 +02:00
|
|
|
if (allowlist != NULL &&
|
|
|
|
|
match_pattern_list(cp, allowlist, 0) != 1)
|
2018-07-03 12:59:35 +02:00
|
|
|
continue;
|
2000-04-01 03:09:21 +02:00
|
|
|
child_set_env(env, envsize, cp, value);
|
|
|
|
|
}
|
2018-06-06 20:29:18 +02:00
|
|
|
free(line);
|
2000-04-01 03:09:21 +02:00
|
|
|
fclose(f);
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-16 03:52:19 +02:00
|
|
|
#ifdef HAVE_ETC_DEFAULT_LOGIN
|
|
|
|
|
/*
|
|
|
|
|
* Return named variable from specified environment, or NULL if not present.
|
|
|
|
|
*/
|
|
|
|
|
static char *
|
|
|
|
|
child_get_env(char **env, const char *name)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
|
|
len = strlen(name);
|
|
|
|
|
for (i=0; env[i] != NULL; i++)
|
|
|
|
|
if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
|
|
|
|
|
return(env[i] + len + 1);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Read /etc/default/login.
|
|
|
|
|
* We pick up the PATH (or SUPATH for root) and UMASK.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
|
|
|
|
|
{
|
|
|
|
|
char **tmpenv = NULL, *var;
|
2003-09-19 12:56:51 +02:00
|
|
|
u_int i, tmpenvsize = 0;
|
2003-10-02 12:07:09 +02:00
|
|
|
u_long mask;
|
2003-09-16 03:52:19 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We don't want to copy the whole file to the child's environment,
|
|
|
|
|
* so we use a temporary environment and copy the variables we're
|
|
|
|
|
* interested in.
|
|
|
|
|
*/
|
2018-07-05 05:32:01 +02:00
|
|
|
read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login",
|
2020-07-15 07:30:43 +02:00
|
|
|
options.permit_user_env_allowlist);
|
2003-09-16 03:52:19 +02:00
|
|
|
|
2003-09-19 12:56:51 +02:00
|
|
|
if (tmpenv == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
2003-09-16 03:52:19 +02:00
|
|
|
if (uid == 0)
|
|
|
|
|
var = child_get_env(tmpenv, "SUPATH");
|
|
|
|
|
else
|
|
|
|
|
var = child_get_env(tmpenv, "PATH");
|
|
|
|
|
if (var != NULL)
|
|
|
|
|
child_set_env(env, envsize, "PATH", var);
|
2003-11-21 13:56:47 +01:00
|
|
|
|
2003-09-16 03:52:19 +02:00
|
|
|
if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
|
|
|
|
|
if (sscanf(var, "%5lo", &mask) == 1)
|
2003-10-02 12:07:09 +02:00
|
|
|
umask((mode_t)mask);
|
2003-11-21 13:56:47 +01:00
|
|
|
|
2003-09-16 03:52:19 +02:00
|
|
|
for (i = 0; tmpenv[i] != NULL; i++)
|
2013-06-02 00:07:31 +02:00
|
|
|
free(tmpenv[i]);
|
|
|
|
|
free(tmpenv);
|
2003-09-16 03:52:19 +02:00
|
|
|
}
|
|
|
|
|
#endif /* HAVE_ETC_DEFAULT_LOGIN */
|
|
|
|
|
|
2020-01-21 02:32:16 +01:00
|
|
|
#if defined(USE_PAM) || defined(HAVE_CYGWIN)
|
2017-07-28 06:50:59 +02:00
|
|
|
static void
|
2020-10-21 11:11:10 +02:00
|
|
|
copy_environment_denylist(char **source, char ***env, u_int *envsize,
|
|
|
|
|
const char *denylist)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2002-01-08 00:59:32 +01:00
|
|
|
char *var_name, *var_val;
|
2000-04-01 03:09:21 +02:00
|
|
|
int i;
|
|
|
|
|
|
2002-01-08 00:59:32 +01:00
|
|
|
if (source == NULL)
|
2000-04-01 03:09:21 +02:00
|
|
|
return;
|
2001-02-05 13:42:17 +01:00
|
|
|
|
2002-01-08 00:59:32 +01:00
|
|
|
for(i = 0; source[i] != NULL; i++) {
|
|
|
|
|
var_name = xstrdup(source[i]);
|
|
|
|
|
if ((var_val = strstr(var_name, "=")) == NULL) {
|
2013-06-02 00:07:31 +02:00
|
|
|
free(var_name);
|
2000-04-01 03:09:21 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2002-01-08 00:59:32 +01:00
|
|
|
*var_val++ = '\0';
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2020-10-21 11:11:10 +02:00
|
|
|
if (denylist == NULL ||
|
|
|
|
|
match_pattern_list(var_name, denylist, 0) != 1) {
|
2017-07-28 06:50:59 +02:00
|
|
|
debug3("Copy environment: %s=%s", var_name, var_val);
|
|
|
|
|
child_set_env(env, envsize, var_name, var_val);
|
|
|
|
|
}
|
2003-11-21 13:56:47 +01:00
|
|
|
|
2013-06-02 00:07:31 +02:00
|
|
|
free(var_name);
|
2000-09-29 03:12:36 +02:00
|
|
|
}
|
|
|
|
|
}
|
2020-01-21 02:32:16 +01:00
|
|
|
#endif /* defined(USE_PAM) || defined(HAVE_CYGWIN) */
|
2000-09-29 03:12:36 +02:00
|
|
|
|
2020-01-20 11:56:48 +01:00
|
|
|
#ifdef HAVE_CYGWIN
|
|
|
|
|
static void
|
2017-07-28 06:50:59 +02:00
|
|
|
copy_environment(char **source, char ***env, u_int *envsize)
|
|
|
|
|
{
|
2020-10-21 11:11:10 +02:00
|
|
|
copy_environment_denylist(source, env, envsize, NULL);
|
2017-07-28 06:50:59 +02:00
|
|
|
}
|
2020-01-20 11:56:48 +01:00
|
|
|
#endif
|
2017-07-28 06:50:59 +02:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
static char **
|
2017-09-12 08:32:07 +02:00
|
|
|
do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
|
|
|
|
char buf[256];
|
2018-03-03 04:15:51 +01:00
|
|
|
size_t n;
|
2002-02-19 22:50:43 +01:00
|
|
|
u_int i, envsize;
|
2018-06-09 05:03:10 +02:00
|
|
|
char *ocp, *cp, *value, **env, *laddr;
|
2002-02-19 22:50:43 +01:00
|
|
|
struct passwd *pw = s->pw;
|
2009-03-08 01:40:27 +01:00
|
|
|
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
|
2006-07-24 07:03:06 +02:00
|
|
|
char *path = NULL;
|
|
|
|
|
#endif
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/* Initialize the environment. */
|
|
|
|
|
envsize = 100;
|
2006-05-04 08:24:34 +02:00
|
|
|
env = xcalloc(envsize, sizeof(char *));
|
2000-04-01 03:09:21 +02:00
|
|
|
env[0] = NULL;
|
|
|
|
|
|
2000-09-05 07:13:06 +02:00
|
|
|
#ifdef HAVE_CYGWIN
|
|
|
|
|
/*
|
|
|
|
|
* The Windows environment contains some setting which are
|
|
|
|
|
* important for a running system. They must not be dropped.
|
|
|
|
|
*/
|
2004-08-30 12:42:08 +02:00
|
|
|
{
|
|
|
|
|
char **p;
|
|
|
|
|
|
|
|
|
|
p = fetch_windows_environment();
|
|
|
|
|
copy_environment(p, &env, &envsize);
|
|
|
|
|
free_windows_environment(p);
|
|
|
|
|
}
|
2000-09-05 07:13:06 +02:00
|
|
|
#endif
|
|
|
|
|
|
2003-08-26 03:49:55 +02:00
|
|
|
#ifdef GSSAPI
|
2003-11-21 13:48:55 +01:00
|
|
|
/* Allow any GSSAPI methods that we've used to alter
|
2020-03-13 04:17:07 +01:00
|
|
|
* the child's environment as they see fit
|
2003-08-26 03:49:55 +02:00
|
|
|
*/
|
|
|
|
|
ssh_gssapi_do_child(&env, &envsize);
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-08-19 05:18:06 +02:00
|
|
|
/* Set basic environment. */
|
|
|
|
|
for (i = 0; i < s->num_env; i++)
|
|
|
|
|
child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
|
2004-05-02 14:11:30 +02:00
|
|
|
|
2016-08-19 05:18:06 +02:00
|
|
|
child_set_env(&env, &envsize, "USER", pw->pw_name);
|
|
|
|
|
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
|
2003-01-03 04:52:53 +01:00
|
|
|
#ifdef _AIX
|
2016-08-19 05:18:06 +02:00
|
|
|
child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
|
2003-01-03 04:52:53 +01:00
|
|
|
#endif
|
2016-08-19 05:18:06 +02:00
|
|
|
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
|
2000-08-23 02:46:23 +02:00
|
|
|
#ifdef HAVE_LOGIN_CAP
|
2016-08-19 05:18:06 +02:00
|
|
|
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
|
|
|
|
|
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
|
|
|
|
|
else
|
|
|
|
|
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
|
2000-09-29 03:12:36 +02:00
|
|
|
#else /* HAVE_LOGIN_CAP */
|
|
|
|
|
# ifndef HAVE_CYGWIN
|
2016-08-19 05:18:06 +02:00
|
|
|
/*
|
|
|
|
|
* There's no standard path on Windows. The path contains
|
|
|
|
|
* important components pointing to the system directories,
|
|
|
|
|
* needed for loading shared libraries. So the path better
|
|
|
|
|
* remains intact here.
|
|
|
|
|
*/
|
2003-09-16 03:52:19 +02:00
|
|
|
# ifdef HAVE_ETC_DEFAULT_LOGIN
|
2016-08-19 05:18:06 +02:00
|
|
|
read_etc_default_login(&env, &envsize, pw->pw_uid);
|
|
|
|
|
path = child_get_env(env, "PATH");
|
2003-09-16 03:52:19 +02:00
|
|
|
# endif /* HAVE_ETC_DEFAULT_LOGIN */
|
2016-08-19 05:18:06 +02:00
|
|
|
if (path == NULL || *path == '\0') {
|
|
|
|
|
child_set_env(&env, &envsize, "PATH",
|
|
|
|
|
s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
|
|
|
|
|
}
|
2000-09-29 03:12:36 +02:00
|
|
|
# endif /* HAVE_CYGWIN */
|
|
|
|
|
#endif /* HAVE_LOGIN_CAP */
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2019-02-08 04:53:35 +01:00
|
|
|
if (!options.use_pam) {
|
|
|
|
|
snprintf(buf, sizeof buf, "%.200s/%.50s",
|
|
|
|
|
_PATH_MAILDIR, pw->pw_name);
|
|
|
|
|
child_set_env(&env, &envsize, "MAIL", buf);
|
|
|
|
|
}
|
2016-08-19 05:18:06 +02:00
|
|
|
|
|
|
|
|
/* Normal systems set SHELL by default. */
|
|
|
|
|
child_set_env(&env, &envsize, "SHELL", shell);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
if (getenv("TZ"))
|
|
|
|
|
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
2001-03-17 01:32:57 +01:00
|
|
|
if (s->term)
|
|
|
|
|
child_set_env(&env, &envsize, "TERM", s->term);
|
|
|
|
|
if (s->display)
|
|
|
|
|
child_set_env(&env, &envsize, "DISPLAY", s->display);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2005-02-02 08:30:33 +01:00
|
|
|
/*
|
|
|
|
|
* Since we clear KRB5CCNAME at startup, if it's set now then it
|
|
|
|
|
* must have been set by a native authentication method (eg AIX or
|
|
|
|
|
* SIA), so copy it to the child.
|
|
|
|
|
*/
|
|
|
|
|
{
|
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
|
|
if ((cp = getenv("KRB5CCNAME")) != NULL)
|
|
|
|
|
child_set_env(&env, &envsize, "KRB5CCNAME", cp);
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
#ifdef _AIX
|
2002-02-24 21:42:46 +01:00
|
|
|
{
|
|
|
|
|
char *cp;
|
|
|
|
|
|
|
|
|
|
if ((cp = getenv("AUTHSTATE")) != NULL)
|
|
|
|
|
child_set_env(&env, &envsize, "AUTHSTATE", cp);
|
2018-07-05 05:32:01 +02:00
|
|
|
read_environment_file(&env, &envsize, "/etc/environment",
|
2020-07-15 07:30:43 +02:00
|
|
|
options.permit_user_env_allowlist);
|
2002-02-24 21:42:46 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
#endif
|
2001-07-04 06:21:14 +02:00
|
|
|
#ifdef KRB5
|
2004-04-16 14:47:55 +02:00
|
|
|
if (s->authctxt->krb5_ccname)
|
2001-07-04 06:21:14 +02:00
|
|
|
child_set_env(&env, &envsize, "KRB5CCNAME",
|
2004-04-16 14:47:55 +02:00
|
|
|
s->authctxt->krb5_ccname);
|
2001-07-04 06:21:14 +02:00
|
|
|
#endif
|
2018-06-09 04:58:02 +02:00
|
|
|
if (auth_sock_name != NULL)
|
|
|
|
|
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
|
|
|
|
|
auth_sock_name);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Set custom environment options from pubkey authentication. */
|
|
|
|
|
if (options.permit_user_env) {
|
|
|
|
|
for (n = 0 ; n < auth_opts->nenv; n++) {
|
|
|
|
|
ocp = xstrdup(auth_opts->env[n]);
|
|
|
|
|
cp = strchr(ocp, '=');
|
2020-11-28 04:27:59 +01:00
|
|
|
if (cp != NULL) {
|
2018-06-09 04:58:02 +02:00
|
|
|
*cp = '\0';
|
2020-07-06 01:59:45 +02:00
|
|
|
/* Apply PermitUserEnvironment allowlist */
|
|
|
|
|
if (options.permit_user_env_allowlist == NULL ||
|
2018-07-03 12:59:35 +02:00
|
|
|
match_pattern_list(ocp,
|
2020-07-06 01:59:45 +02:00
|
|
|
options.permit_user_env_allowlist, 0) == 1)
|
2018-07-03 12:59:35 +02:00
|
|
|
child_set_env(&env, &envsize,
|
|
|
|
|
ocp, cp + 1);
|
2018-06-09 04:58:02 +02:00
|
|
|
}
|
|
|
|
|
free(ocp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* read $HOME/.ssh/environment. */
|
|
|
|
|
if (options.permit_user_env) {
|
2020-12-14 04:13:12 +01:00
|
|
|
snprintf(buf, sizeof buf, "%.200s/%s/environment",
|
|
|
|
|
pw->pw_dir, _PATH_SSH_USER_DIR);
|
2018-07-03 12:59:35 +02:00
|
|
|
read_environment_file(&env, &envsize, buf,
|
2020-07-06 01:59:45 +02:00
|
|
|
options.permit_user_env_allowlist);
|
2018-06-09 04:58:02 +02:00
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
#ifdef USE_PAM
|
2002-07-23 02:44:07 +02:00
|
|
|
/*
|
|
|
|
|
* Pull in any environment variables that may have
|
|
|
|
|
* been set by PAM.
|
|
|
|
|
*/
|
2016-08-19 05:18:06 +02:00
|
|
|
if (options.use_pam) {
|
2003-11-17 11:41:42 +01:00
|
|
|
char **p;
|
2003-11-21 13:56:47 +01:00
|
|
|
|
2017-07-28 06:50:59 +02:00
|
|
|
/*
|
2018-12-07 05:41:16 +01:00
|
|
|
* Don't allow PAM-internal env vars to leak
|
|
|
|
|
* back into the session environment.
|
2017-07-28 06:50:59 +02:00
|
|
|
*/
|
2020-10-21 11:11:10 +02:00
|
|
|
#define PAM_ENV_DENYLIST "SSH_AUTH_INFO*,SSH_CONNECTION*"
|
2003-11-17 11:41:42 +01:00
|
|
|
p = fetch_pam_child_environment();
|
2020-10-21 11:11:10 +02:00
|
|
|
copy_environment_denylist(p, &env, &envsize,
|
|
|
|
|
PAM_ENV_DENYLIST);
|
2003-11-17 11:41:42 +01:00
|
|
|
free_pam_environment(p);
|
2002-07-23 02:44:07 +02:00
|
|
|
|
2003-11-17 11:41:42 +01:00
|
|
|
p = fetch_pam_environment();
|
2020-10-21 11:11:10 +02:00
|
|
|
copy_environment_denylist(p, &env, &envsize,
|
|
|
|
|
PAM_ENV_DENYLIST);
|
2002-07-23 02:44:07 +02:00
|
|
|
free_pam_environment(p);
|
|
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
#endif /* USE_PAM */
|
|
|
|
|
|
2018-06-09 05:03:10 +02:00
|
|
|
/* Environment specified by admin */
|
|
|
|
|
for (i = 0; i < options.num_setenv; i++) {
|
|
|
|
|
cp = xstrdup(options.setenv[i]);
|
|
|
|
|
if ((value = strchr(cp, '=')) == NULL) {
|
|
|
|
|
/* shouldn't happen; vars are checked in servconf.c */
|
|
|
|
|
fatal("Invalid config SetEnv: %s", options.setenv[i]);
|
|
|
|
|
}
|
|
|
|
|
*value++ = '\0';
|
|
|
|
|
child_set_env(&env, &envsize, cp, value);
|
2023-03-07 07:09:14 +01:00
|
|
|
free(cp);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2018-06-09 05:03:10 +02:00
|
|
|
|
2018-06-09 04:58:02 +02:00
|
|
|
/* SSH_CLIENT deprecated */
|
|
|
|
|
snprintf(buf, sizeof buf, "%.50s %d %d",
|
|
|
|
|
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
|
|
|
|
|
ssh_local_port(ssh));
|
|
|
|
|
child_set_env(&env, &envsize, "SSH_CLIENT", buf);
|
|
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
laddr = get_local_ipaddr(ssh_packet_get_connection_in(ssh));
|
2018-06-09 04:58:02 +02:00
|
|
|
snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
|
|
|
|
|
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
|
|
|
|
|
laddr, ssh_local_port(ssh));
|
|
|
|
|
free(laddr);
|
|
|
|
|
child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
|
|
|
|
|
|
|
|
|
|
if (tun_fwd_ifnames != NULL)
|
|
|
|
|
child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames);
|
|
|
|
|
if (auth_info_file != NULL)
|
|
|
|
|
child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file);
|
|
|
|
|
if (s->ttyfd != -1)
|
|
|
|
|
child_set_env(&env, &envsize, "SSH_TTY", s->tty);
|
|
|
|
|
if (original_command)
|
|
|
|
|
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
|
|
|
|
|
original_command);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
if (debug_flag) {
|
|
|
|
|
/* dump the environment */
|
2022-03-15 21:13:19 +01:00
|
|
|
fprintf(stderr, "Environment:\n");
|
2022-03-12 03:09:53 +01:00
|
|
|
for (i = 0; env[i]; i++)
|
2000-04-01 03:09:21 +02:00
|
|
|
fprintf(stderr, " %.200s\n", env[i]);
|
|
|
|
|
}
|
2002-02-19 22:50:43 +01:00
|
|
|
return env;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
|
|
|
|
|
* first in this order).
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2018-03-03 04:15:51 +01:00
|
|
|
do_rc_files(struct ssh *ssh, Session *s, const char *shell)
|
2002-02-19 22:50:43 +01:00
|
|
|
{
|
|
|
|
|
FILE *f = NULL;
|
2020-06-26 06:45:11 +02:00
|
|
|
char *cmd = NULL, *user_rc = NULL;
|
2002-02-19 22:50:43 +01:00
|
|
|
int do_xauth;
|
|
|
|
|
struct stat st;
|
|
|
|
|
|
|
|
|
|
do_xauth =
|
|
|
|
|
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
|
2020-07-03 09:02:37 +02:00
|
|
|
xasprintf(&user_rc, "%s/%s", s->pw->pw_dir, _PATH_SSH_USER_RC);
|
2002-02-19 22:50:43 +01:00
|
|
|
|
2008-03-27 01:02:02 +01:00
|
|
|
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
|
2008-03-27 01:02:27 +01:00
|
|
|
if (!s->is_subsystem && options.adm_forced_command == NULL &&
|
2018-03-03 04:15:51 +01:00
|
|
|
auth_opts->permit_user_rc && options.permit_user_rc &&
|
2020-06-26 06:45:11 +02:00
|
|
|
stat(user_rc, &st) >= 0) {
|
|
|
|
|
if (xasprintf(&cmd, "%s -c '%s %s'", shell, _PATH_BSHELL,
|
|
|
|
|
user_rc) == -1)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("xasprintf: %s", strerror(errno));
|
2002-02-19 22:50:43 +01:00
|
|
|
if (debug_flag)
|
|
|
|
|
fprintf(stderr, "Running %s\n", cmd);
|
|
|
|
|
f = popen(cmd, "w");
|
|
|
|
|
if (f) {
|
|
|
|
|
if (do_xauth)
|
|
|
|
|
fprintf(f, "%s %s\n", s->auth_proto,
|
|
|
|
|
s->auth_data);
|
|
|
|
|
pclose(f);
|
|
|
|
|
} else
|
|
|
|
|
fprintf(stderr, "Could not run %s\n",
|
2020-06-26 06:45:11 +02:00
|
|
|
user_rc);
|
2002-02-19 22:50:43 +01:00
|
|
|
} else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
|
|
|
|
|
if (debug_flag)
|
|
|
|
|
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
|
|
|
|
|
_PATH_SSH_SYSTEM_RC);
|
|
|
|
|
f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
|
|
|
|
|
if (f) {
|
|
|
|
|
if (do_xauth)
|
|
|
|
|
fprintf(f, "%s %s\n", s->auth_proto,
|
|
|
|
|
s->auth_data);
|
|
|
|
|
pclose(f);
|
|
|
|
|
} else
|
|
|
|
|
fprintf(stderr, "Could not run %s\n",
|
|
|
|
|
_PATH_SSH_SYSTEM_RC);
|
|
|
|
|
} else if (do_xauth && options.xauth_location != NULL) {
|
|
|
|
|
/* Add authority data to .Xauthority if appropriate. */
|
|
|
|
|
if (debug_flag) {
|
|
|
|
|
fprintf(stderr,
|
2002-12-23 03:15:57 +01:00
|
|
|
"Running %.500s remove %.100s\n",
|
2003-10-02 08:12:36 +02:00
|
|
|
options.xauth_location, s->auth_display);
|
2002-12-23 03:15:57 +01:00
|
|
|
fprintf(stderr,
|
|
|
|
|
"%.500s add %.100s %.100s %.100s\n",
|
2002-02-19 22:50:43 +01:00
|
|
|
options.xauth_location, s->auth_display,
|
|
|
|
|
s->auth_proto, s->auth_data);
|
|
|
|
|
}
|
2020-06-26 06:45:11 +02:00
|
|
|
if (xasprintf(&cmd, "%s -q -", options.xauth_location) == -1)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("xasprintf: %s", strerror(errno));
|
2002-02-19 22:50:43 +01:00
|
|
|
f = popen(cmd, "w");
|
|
|
|
|
if (f) {
|
2002-12-23 03:15:57 +01:00
|
|
|
fprintf(f, "remove %s\n",
|
|
|
|
|
s->auth_display);
|
2002-02-19 22:50:43 +01:00
|
|
|
fprintf(f, "add %s %s %s\n",
|
|
|
|
|
s->auth_display, s->auth_proto,
|
|
|
|
|
s->auth_data);
|
|
|
|
|
pclose(f);
|
|
|
|
|
} else {
|
|
|
|
|
fprintf(stderr, "Could not run %s\n",
|
|
|
|
|
cmd);
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-06-26 06:45:11 +02:00
|
|
|
free(cmd);
|
|
|
|
|
free(user_rc);
|
2002-02-19 22:50:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
do_nologin(struct passwd *pw)
|
|
|
|
|
{
|
|
|
|
|
FILE *f = NULL;
|
2010-01-12 09:51:48 +01:00
|
|
|
char buf[1024], *nl, *def_nl = _PATH_NOLOGIN;
|
|
|
|
|
struct stat sb;
|
2002-02-19 22:50:43 +01:00
|
|
|
|
|
|
|
|
#ifdef HAVE_LOGIN_CAP
|
2012-04-22 03:08:10 +02:00
|
|
|
if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
|
2010-01-12 09:51:48 +01:00
|
|
|
return;
|
|
|
|
|
nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
|
2002-02-19 22:50:43 +01:00
|
|
|
#else
|
2010-01-12 09:51:48 +01:00
|
|
|
if (pw->pw_uid == 0)
|
|
|
|
|
return;
|
|
|
|
|
nl = def_nl;
|
2002-02-19 22:50:43 +01:00
|
|
|
#endif
|
2021-02-18 00:33:58 +01:00
|
|
|
if (stat(nl, &sb) == -1)
|
2010-01-12 09:51:48 +01:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* /etc/nologin exists. Print its contents if we can and exit. */
|
|
|
|
|
logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
|
|
|
|
|
if ((f = fopen(nl, "r")) != NULL) {
|
2018-02-12 22:25:46 +01:00
|
|
|
while (fgets(buf, sizeof(buf), f))
|
|
|
|
|
fputs(buf, stderr);
|
|
|
|
|
fclose(f);
|
|
|
|
|
}
|
2010-01-12 09:51:48 +01:00
|
|
|
exit(254);
|
2002-02-19 22:50:43 +01:00
|
|
|
}
|
|
|
|
|
|
2008-02-10 12:40:12 +01:00
|
|
|
/*
|
|
|
|
|
* Chroot into a directory after checking it for safety: all path components
|
|
|
|
|
* must be root-owned directories with strict permissions.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
safely_chroot(const char *path, uid_t uid)
|
|
|
|
|
{
|
|
|
|
|
const char *cp;
|
2015-01-16 07:40:12 +01:00
|
|
|
char component[PATH_MAX];
|
2008-02-10 12:40:12 +01:00
|
|
|
struct stat st;
|
|
|
|
|
|
2018-11-16 04:26:01 +01:00
|
|
|
if (!path_absolute(path))
|
2008-02-10 12:40:12 +01:00
|
|
|
fatal("chroot path does not begin at root");
|
|
|
|
|
if (strlen(path) >= sizeof(component))
|
|
|
|
|
fatal("chroot path too long");
|
2018-05-23 06:49:58 +02:00
|
|
|
|
|
|
|
|
#ifdef WINDOWS
|
|
|
|
|
/* ensure chroot path exists and is a directory */
|
|
|
|
|
if (stat(path, &st) != 0)
|
|
|
|
|
fatal("%s: stat(\"%s\"): %s", __func__,
|
|
|
|
|
path, strerror(errno));
|
|
|
|
|
if (!S_ISDIR(st.st_mode))
|
|
|
|
|
fatal("chroot path %s is not a directory",
|
|
|
|
|
path);
|
|
|
|
|
#else
|
2008-02-10 12:40:12 +01:00
|
|
|
/*
|
|
|
|
|
* Descend the path, checking that each component is a
|
|
|
|
|
* root-owned directory with strict permissions.
|
|
|
|
|
*/
|
|
|
|
|
for (cp = path; cp != NULL;) {
|
|
|
|
|
if ((cp = strchr(cp, '/')) == NULL)
|
|
|
|
|
strlcpy(component, path, sizeof(component));
|
|
|
|
|
else {
|
|
|
|
|
cp++;
|
|
|
|
|
memcpy(component, path, cp - path);
|
|
|
|
|
component[cp - path] = '\0';
|
|
|
|
|
}
|
2024-02-01 03:37:33 +01:00
|
|
|
|
2020-10-18 13:32:01 +02:00
|
|
|
debug3_f("checking '%s'", component);
|
2008-02-10 12:40:12 +01:00
|
|
|
|
|
|
|
|
if (stat(component, &st) != 0)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("stat(\"%s\"): %s",
|
2008-02-10 12:40:12 +01:00
|
|
|
component, strerror(errno));
|
|
|
|
|
if (st.st_uid != 0 || (st.st_mode & 022) != 0)
|
|
|
|
|
fatal("bad ownership or modes for chroot "
|
2019-01-19 22:41:53 +01:00
|
|
|
"directory %s\"%s\"",
|
2008-02-10 12:40:12 +01:00
|
|
|
cp == NULL ? "" : "component ", component);
|
|
|
|
|
if (!S_ISDIR(st.st_mode))
|
|
|
|
|
fatal("chroot path %s\"%s\" is not a directory",
|
|
|
|
|
cp == NULL ? "" : "component ", component);
|
|
|
|
|
|
|
|
|
|
}
|
2018-05-11 23:45:20 +02:00
|
|
|
#endif
|
2008-02-10 12:40:12 +01:00
|
|
|
if (chdir(path) == -1)
|
|
|
|
|
fatal("Unable to chdir to chroot path \"%s\": "
|
|
|
|
|
"%s", path, strerror(errno));
|
|
|
|
|
if (chroot(path) == -1)
|
|
|
|
|
fatal("chroot(\"%s\"): %s", path, strerror(errno));
|
|
|
|
|
if (chdir("/") == -1)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("chdir(/) after chroot: %s", strerror(errno));
|
2008-02-10 12:40:12 +01:00
|
|
|
verbose("Changed root directory to \"%s\"", path);
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/* Set login name, uid, gid, and groups. */
|
2002-03-22 03:30:41 +01:00
|
|
|
void
|
2002-02-19 22:50:43 +01:00
|
|
|
do_setusercontext(struct passwd *pw)
|
|
|
|
|
{
|
2018-06-01 05:33:53 +02:00
|
|
|
char uidstr[32], *chroot_path, *tmp;
|
2008-02-10 12:48:55 +01:00
|
|
|
|
2010-11-05 02:03:05 +01:00
|
|
|
platform_setusercontext(pw);
|
|
|
|
|
|
2010-11-05 04:47:01 +01:00
|
|
|
if (platform_privileged_uidswap()) {
|
2002-02-19 22:50:43 +01:00
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
|
|
|
if (setusercontext(lc, pw, pw->pw_uid,
|
2008-02-10 12:40:12 +01:00
|
|
|
(LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
|
2002-02-19 22:50:43 +01:00
|
|
|
perror("unable to set user context");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
if (setlogin(pw->pw_name) < 0)
|
|
|
|
|
error("setlogin failed: %s", strerror(errno));
|
|
|
|
|
if (setgid(pw->pw_gid) < 0) {
|
|
|
|
|
perror("setgid");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
/* Initialize the group list. */
|
|
|
|
|
if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
|
|
|
|
|
perror("initgroups");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
endgrent();
|
2008-02-10 12:40:12 +01:00
|
|
|
#endif
|
|
|
|
|
|
2010-11-05 02:36:15 +01:00
|
|
|
platform_setusercontext_post_groups(pw);
|
2010-03-26 01:04:09 +01:00
|
|
|
|
2015-10-25 00:52:22 +02:00
|
|
|
if (!in_chroot && options.chroot_directory != NULL &&
|
2008-02-10 12:40:12 +01:00
|
|
|
strcasecmp(options.chroot_directory, "none") != 0) {
|
2021-04-03 08:18:40 +02:00
|
|
|
tmp = tilde_expand_filename(options.chroot_directory,
|
2008-02-10 12:48:55 +01:00
|
|
|
pw->pw_uid);
|
2018-06-01 05:33:53 +02:00
|
|
|
snprintf(uidstr, sizeof(uidstr), "%llu",
|
|
|
|
|
(unsigned long long)pw->pw_uid);
|
2008-02-10 12:48:55 +01:00
|
|
|
chroot_path = percent_expand(tmp, "h", pw->pw_dir,
|
2018-06-01 05:33:53 +02:00
|
|
|
"u", pw->pw_name, "U", uidstr, (char *)NULL);
|
2008-02-10 12:40:12 +01:00
|
|
|
safely_chroot(chroot_path, pw->pw_uid);
|
2008-02-10 12:48:55 +01:00
|
|
|
free(tmp);
|
2008-02-10 12:40:12 +01:00
|
|
|
free(chroot_path);
|
2013-04-23 07:24:18 +02:00
|
|
|
/* Make sure we don't attempt to chroot again */
|
|
|
|
|
free(options.chroot_directory);
|
|
|
|
|
options.chroot_directory = NULL;
|
2015-10-25 00:52:22 +02:00
|
|
|
in_chroot = 1;
|
2008-02-10 12:40:12 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
|
|
|
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
|
|
|
|
|
perror("unable to set user context (setuser)");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
2013-03-15 01:22:37 +01:00
|
|
|
/*
|
|
|
|
|
* FreeBSD's setusercontext() will not apply the user's
|
|
|
|
|
* own umask setting unless running with the user's UID.
|
|
|
|
|
*/
|
|
|
|
|
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
|
2008-02-10 12:40:12 +01:00
|
|
|
#else
|
2014-01-21 02:59:28 +01:00
|
|
|
# ifdef USE_LIBIAF
|
2015-10-25 00:52:22 +02:00
|
|
|
/*
|
|
|
|
|
* In a chroot environment, the set_id() will always fail;
|
|
|
|
|
* typically because of the lack of necessary authentication
|
|
|
|
|
* services and runtime such as ./usr/lib/libiaf.so,
|
|
|
|
|
* ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the
|
|
|
|
|
* internal sftp chroot case. We'll lose auditing and ACLs but
|
|
|
|
|
* permanently_set_uid will take care of the rest.
|
|
|
|
|
*/
|
|
|
|
|
if (!in_chroot && set_id(pw->pw_name) != 0)
|
|
|
|
|
fatal("set_id(%s) Failed", pw->pw_name);
|
2014-01-21 02:59:28 +01:00
|
|
|
# endif /* USE_LIBIAF */
|
2002-02-19 22:50:43 +01:00
|
|
|
/* Permanently switch to the desired uid. */
|
|
|
|
|
permanently_set_uid(pw);
|
|
|
|
|
#endif
|
2013-04-23 07:24:18 +02:00
|
|
|
} else if (options.chroot_directory != NULL &&
|
|
|
|
|
strcasecmp(options.chroot_directory, "none") != 0) {
|
|
|
|
|
fatal("server lacks privileges to chroot to ChrootDirectory");
|
2013-04-23 07:22:13 +02:00
|
|
|
}
|
2003-02-24 03:04:01 +01:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
|
|
|
|
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
|
|
|
|
}
|
|
|
|
|
|
2004-02-06 06:24:31 +01:00
|
|
|
static void
|
|
|
|
|
do_pwchange(Session *s)
|
|
|
|
|
{
|
2004-07-17 09:05:14 +02:00
|
|
|
fflush(NULL);
|
2004-02-06 06:24:31 +01:00
|
|
|
fprintf(stderr, "WARNING: Your password has expired.\n");
|
|
|
|
|
if (s->ttyfd != -1) {
|
2004-07-17 08:12:08 +02:00
|
|
|
fprintf(stderr,
|
2004-02-06 06:24:31 +01:00
|
|
|
"You must change your password now and login again!\n");
|
2011-05-20 03:23:07 +02:00
|
|
|
#ifdef WITH_SELINUX
|
|
|
|
|
setexeccon(NULL);
|
|
|
|
|
#endif
|
2005-02-09 12:17:28 +01:00
|
|
|
#ifdef PASSWD_NEEDS_USERNAME
|
|
|
|
|
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
|
|
|
|
|
(char *)NULL);
|
|
|
|
|
#else
|
2004-02-06 06:24:31 +01:00
|
|
|
execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
|
2005-02-09 12:17:28 +01:00
|
|
|
#endif
|
2004-02-06 06:24:31 +01:00
|
|
|
perror("passwd");
|
|
|
|
|
} else {
|
|
|
|
|
fprintf(stderr,
|
|
|
|
|
"Password change required but no TTY available.\n");
|
|
|
|
|
}
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2017-09-12 08:32:07 +02:00
|
|
|
child_close_fds(struct ssh *ssh)
|
2004-02-06 06:24:31 +01:00
|
|
|
{
|
2015-01-14 21:05:27 +01:00
|
|
|
extern int auth_sock;
|
2013-07-20 05:21:52 +02:00
|
|
|
|
2015-01-14 21:05:27 +01:00
|
|
|
if (auth_sock != -1) {
|
|
|
|
|
close(auth_sock);
|
|
|
|
|
auth_sock = -1;
|
2013-07-20 05:21:52 +02:00
|
|
|
}
|
|
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if (ssh_packet_get_connection_in(ssh) ==
|
|
|
|
|
ssh_packet_get_connection_out(ssh))
|
|
|
|
|
close(ssh_packet_get_connection_in(ssh));
|
2004-02-06 06:24:31 +01:00
|
|
|
else {
|
2019-01-19 22:41:53 +01:00
|
|
|
close(ssh_packet_get_connection_in(ssh));
|
|
|
|
|
close(ssh_packet_get_connection_out(ssh));
|
2004-02-06 06:24:31 +01:00
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Close all descriptors related to channels. They will still remain
|
|
|
|
|
* open in the parent.
|
|
|
|
|
*/
|
|
|
|
|
/* XXX better use close-on-exec? -markus */
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_close_all(ssh);
|
2004-02-06 06:24:31 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Close any extra file descriptors. Note that there may still be
|
|
|
|
|
* descriptors left by system functions. They will be closed later.
|
|
|
|
|
*/
|
|
|
|
|
endpwent();
|
|
|
|
|
|
2020-07-03 08:46:41 +02:00
|
|
|
/* Stop directing logs to a high-numbered fd before we close it */
|
|
|
|
|
log_redirect_stderr_to(NULL);
|
|
|
|
|
|
2004-02-06 06:24:31 +01:00
|
|
|
/*
|
2005-11-05 05:14:59 +01:00
|
|
|
* Close any extra open file descriptors so that we don't have them
|
2004-02-06 06:24:31 +01:00
|
|
|
* hanging around in clients. Note that we want to do this after
|
|
|
|
|
* initgroups, because at least on Solaris 2.3 it leaves file
|
|
|
|
|
* descriptors open.
|
|
|
|
|
*/
|
2010-12-01 02:02:59 +01:00
|
|
|
closefrom(STDERR_FILENO + 1);
|
2004-02-06 06:24:31 +01:00
|
|
|
}
|
|
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/*
|
|
|
|
|
* Performs common processing for the child, such as setting up the
|
|
|
|
|
* environment, closing extra file descriptors, setting the user and group
|
|
|
|
|
* ids, and executing the command or shell.
|
|
|
|
|
*/
|
2008-02-10 12:29:40 +01:00
|
|
|
#define ARGV_MAX 10
|
2002-02-19 22:50:43 +01:00
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
do_child(struct ssh *ssh, Session *s, const char *command)
|
2002-02-19 22:50:43 +01:00
|
|
|
{
|
2016-12-19 23:46:28 +01:00
|
|
|
#ifdef WINDOWS
|
|
|
|
|
/*not called for Windows */
|
|
|
|
|
return;
|
|
|
|
|
#else /* !WINDOWS */
|
2002-02-19 22:50:43 +01:00
|
|
|
extern char **environ;
|
2019-02-10 12:10:57 +01:00
|
|
|
char **env, *argv[ARGV_MAX], remote_id[512];
|
2016-08-19 05:18:06 +02:00
|
|
|
const char *shell, *shell0;
|
2002-02-19 22:50:43 +01:00
|
|
|
struct passwd *pw = s->pw;
|
2008-06-15 23:53:16 +02:00
|
|
|
int r = 0;
|
2002-02-19 22:50:43 +01:00
|
|
|
|
2019-02-10 12:10:57 +01:00
|
|
|
sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
|
|
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/* remove hostkey from the child's memory */
|
|
|
|
|
destroy_sensitive_data();
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_clear_keys(ssh);
|
2002-02-19 22:50:43 +01:00
|
|
|
|
2004-02-06 06:24:31 +01:00
|
|
|
/* Force a password change */
|
|
|
|
|
if (s->authctxt->force_pwchange) {
|
|
|
|
|
do_setusercontext(pw);
|
2017-09-12 08:32:07 +02:00
|
|
|
child_close_fds(ssh);
|
2004-02-06 06:24:31 +01:00
|
|
|
do_pwchange(s);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/*
|
|
|
|
|
* Login(1) does this as well, and it needs uid 0 for the "-h"
|
|
|
|
|
* switch, so we let login(1) to this for us.
|
|
|
|
|
*/
|
|
|
|
|
#ifdef HAVE_OSF_SIA
|
2016-08-19 05:18:06 +02:00
|
|
|
session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
|
|
|
|
|
if (!check_quietlogin(s, command))
|
|
|
|
|
do_motd();
|
2002-02-19 22:50:43 +01:00
|
|
|
#else /* HAVE_OSF_SIA */
|
2016-08-19 05:18:06 +02:00
|
|
|
/* When PAM is enabled we rely on it to do the nologin check */
|
|
|
|
|
if (!options.use_pam)
|
|
|
|
|
do_nologin(pw);
|
|
|
|
|
do_setusercontext(pw);
|
|
|
|
|
/*
|
|
|
|
|
* PAM session modules in do_setusercontext may have
|
|
|
|
|
* generated messages, so if this in an interactive
|
|
|
|
|
* login then display them too.
|
|
|
|
|
*/
|
|
|
|
|
if (!check_quietlogin(s, command))
|
|
|
|
|
display_loginmsg();
|
2002-02-19 22:50:43 +01:00
|
|
|
#endif /* HAVE_OSF_SIA */
|
|
|
|
|
|
2004-09-11 14:17:26 +02:00
|
|
|
#ifdef USE_PAM
|
2016-08-19 05:18:06 +02:00
|
|
|
if (options.use_pam && !is_pam_session_open()) {
|
2005-04-21 11:50:55 +02:00
|
|
|
debug3("PAM session not opened, exiting");
|
2004-09-11 14:17:26 +02:00
|
|
|
display_loginmsg();
|
|
|
|
|
exit(254);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/*
|
|
|
|
|
* Get the shell from the password data. An empty shell field is
|
|
|
|
|
* legal, and means /bin/sh.
|
|
|
|
|
*/
|
|
|
|
|
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
|
2002-12-23 03:26:08 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure $SHELL points to the shell from the password file,
|
|
|
|
|
* even if shell is overridden from login.conf
|
|
|
|
|
*/
|
2017-09-12 08:32:07 +02:00
|
|
|
env = do_setup_env(ssh, s, shell);
|
2002-12-23 03:26:08 +01:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
#ifdef HAVE_LOGIN_CAP
|
|
|
|
|
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
|
|
|
|
|
#endif
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* Close the connection descriptors; note that this is the child, and
|
|
|
|
|
* the server will still have the socket open, and it is important
|
|
|
|
|
* that we do not shutdown it. Note that the descriptors cannot be
|
|
|
|
|
* closed before building the environment, as we call
|
2016-03-07 20:02:43 +01:00
|
|
|
* ssh_remote_ipaddr there.
|
2000-04-01 03:09:21 +02:00
|
|
|
*/
|
2017-09-12 08:32:07 +02:00
|
|
|
child_close_fds(ssh);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/*
|
2002-02-10 08:32:28 +01:00
|
|
|
* Must take new environment into use so that .ssh/rc,
|
|
|
|
|
* /etc/ssh/sshrc and xauth are run in the proper environment.
|
2000-04-01 03:09:21 +02:00
|
|
|
*/
|
|
|
|
|
environ = env;
|
|
|
|
|
|
2004-01-23 12:03:10 +01:00
|
|
|
#if defined(KRB5) && defined(USE_AFS)
|
2003-12-31 01:37:34 +01:00
|
|
|
/*
|
|
|
|
|
* At this point, we check to see if AFS is active and if we have
|
|
|
|
|
* a valid Kerberos 5 TGT. If so, it seems like a good idea to see
|
|
|
|
|
* if we can (and need to) extend the ticket into an AFS token. If
|
|
|
|
|
* we don't do this, we run into potential problems if the user's
|
|
|
|
|
* home directory is in AFS and it's not world-readable.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (options.kerberos_get_afs_token && k_hasafs() &&
|
2005-07-17 09:22:45 +02:00
|
|
|
(s->authctxt->krb5_ctx != NULL)) {
|
2003-12-31 01:37:34 +01:00
|
|
|
char cell[64];
|
|
|
|
|
|
|
|
|
|
debug("Getting AFS token");
|
|
|
|
|
|
|
|
|
|
k_setpag();
|
|
|
|
|
|
|
|
|
|
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
|
|
|
|
|
krb5_afslog(s->authctxt->krb5_ctx,
|
|
|
|
|
s->authctxt->krb5_fwd_ccache, cell, NULL);
|
|
|
|
|
|
|
|
|
|
krb5_afslog_home(s->authctxt->krb5_ctx,
|
|
|
|
|
s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-11-05 05:14:59 +01:00
|
|
|
/* Change current directory to the user's home directory. */
|
2019-06-28 15:35:04 +02:00
|
|
|
if (chdir(pw->pw_dir) == -1) {
|
2008-06-15 23:53:16 +02:00
|
|
|
/* Suppress missing homedir warning for chroot case */
|
2001-10-10 07:07:44 +02:00
|
|
|
#ifdef HAVE_LOGIN_CAP
|
2008-06-15 23:53:16 +02:00
|
|
|
r = login_getcapbool(lc, "requirehome", 0);
|
2001-10-10 07:07:44 +02:00
|
|
|
#endif
|
2015-10-25 00:52:22 +02:00
|
|
|
if (r || !in_chroot) {
|
2008-06-15 23:53:16 +02:00
|
|
|
fprintf(stderr, "Could not chdir to home "
|
|
|
|
|
"directory %s: %s\n", pw->pw_dir,
|
|
|
|
|
strerror(errno));
|
2015-10-25 00:52:22 +02:00
|
|
|
}
|
2008-06-15 23:53:16 +02:00
|
|
|
if (r)
|
|
|
|
|
exit(1);
|
2001-10-10 07:07:44 +02:00
|
|
|
}
|
|
|
|
|
|
2008-03-15 07:27:58 +01:00
|
|
|
closefrom(STDERR_FILENO + 1);
|
|
|
|
|
|
2018-03-03 04:15:51 +01:00
|
|
|
do_rc_files(ssh, s, shell);
|
2001-03-24 01:43:26 +01:00
|
|
|
|
|
|
|
|
/* restore SIGPIPE for child */
|
2020-01-23 08:10:22 +01:00
|
|
|
ssh_signal(SIGPIPE, SIG_DFL);
|
2001-03-24 01:43:26 +01:00
|
|
|
|
2010-01-08 07:09:11 +01:00
|
|
|
if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
|
2019-02-10 12:10:57 +01:00
|
|
|
error("Connection from %s: refusing non-sftp session",
|
|
|
|
|
remote_id);
|
2010-01-08 07:09:11 +01:00
|
|
|
printf("This service allows sftp connections only.\n");
|
|
|
|
|
fflush(NULL);
|
|
|
|
|
exit(1);
|
|
|
|
|
} else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
|
2008-02-10 12:29:40 +01:00
|
|
|
extern int optind, optreset;
|
|
|
|
|
int i;
|
|
|
|
|
char *p, *args;
|
|
|
|
|
|
2009-06-21 09:55:23 +02:00
|
|
|
setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
|
2008-11-03 09:20:49 +01:00
|
|
|
args = xstrdup(command ? command : "sftp-server");
|
2008-02-10 12:29:40 +01:00
|
|
|
for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
|
|
|
|
|
if (i < ARGV_MAX - 1)
|
|
|
|
|
argv[i++] = p;
|
|
|
|
|
argv[i] = NULL;
|
|
|
|
|
optind = optreset = 1;
|
|
|
|
|
__progname = argv[0];
|
2009-10-24 06:04:12 +02:00
|
|
|
#ifdef WITH_SELINUX
|
|
|
|
|
ssh_selinux_change_context("sftpd_t");
|
|
|
|
|
#endif
|
2008-02-10 12:40:12 +01:00
|
|
|
exit(sftp_server_main(i, argv, s->pw));
|
2008-02-10 12:29:40 +01:00
|
|
|
}
|
|
|
|
|
|
2009-10-07 00:02:18 +02:00
|
|
|
fflush(NULL);
|
|
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/* Get the last component of the shell name. */
|
|
|
|
|
if ((shell0 = strrchr(shell, '/')) != NULL)
|
|
|
|
|
shell0++;
|
|
|
|
|
else
|
|
|
|
|
shell0 = shell;
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
/*
|
|
|
|
|
* If we have no command, execute the shell. In this case, the shell
|
|
|
|
|
* name to be passed in argv[0] is preceded by '-' to indicate that
|
|
|
|
|
* this is a login shell.
|
|
|
|
|
*/
|
|
|
|
|
if (!command) {
|
2002-02-19 22:50:43 +01:00
|
|
|
char argv0[256];
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/* Start the shell. Set initial character to '-'. */
|
|
|
|
|
argv0[0] = '-';
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
|
|
|
|
|
>= sizeof(argv0) - 1) {
|
|
|
|
|
errno = EINVAL;
|
2000-04-01 03:09:21 +02:00
|
|
|
perror(shell);
|
|
|
|
|
exit(1);
|
2002-02-19 22:50:43 +01:00
|
|
|
}
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/* Execute the shell. */
|
|
|
|
|
argv[0] = argv0;
|
|
|
|
|
argv[1] = NULL;
|
|
|
|
|
execve(shell, argv, env);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
2002-02-19 22:50:43 +01:00
|
|
|
/* Executing the shell failed. */
|
|
|
|
|
perror(shell);
|
|
|
|
|
exit(1);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Execute the command using the user's shell. This uses the -c
|
|
|
|
|
* option to execute the command.
|
|
|
|
|
*/
|
2002-02-19 22:50:43 +01:00
|
|
|
argv[0] = (char *) shell0;
|
2000-04-01 03:09:21 +02:00
|
|
|
argv[1] = "-c";
|
|
|
|
|
argv[2] = (char *) command;
|
|
|
|
|
argv[3] = NULL;
|
|
|
|
|
execve(shell, argv, env);
|
|
|
|
|
perror(shell);
|
|
|
|
|
exit(1);
|
2016-12-19 23:46:28 +01:00
|
|
|
#endif /* !WINDOWS */
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
|
2008-05-19 07:34:50 +02:00
|
|
|
void
|
|
|
|
|
session_unused(int id)
|
|
|
|
|
{
|
2020-10-18 13:32:01 +02:00
|
|
|
debug3_f("session id %d unused", id);
|
2008-05-19 07:34:50 +02:00
|
|
|
if (id >= options.max_sessions ||
|
|
|
|
|
id >= sessions_nalloc) {
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("insane session id %d (max %d nalloc %d)",
|
|
|
|
|
id, options.max_sessions, sessions_nalloc);
|
2008-05-19 07:34:50 +02:00
|
|
|
}
|
2014-02-04 01:18:20 +01:00
|
|
|
memset(&sessions[id], 0, sizeof(*sessions));
|
2008-05-19 07:34:50 +02:00
|
|
|
sessions[id].self = id;
|
|
|
|
|
sessions[id].used = 0;
|
|
|
|
|
sessions[id].chanid = -1;
|
|
|
|
|
sessions[id].ptyfd = -1;
|
|
|
|
|
sessions[id].ttyfd = -1;
|
|
|
|
|
sessions[id].ptymaster = -1;
|
|
|
|
|
sessions[id].x11_chanids = NULL;
|
|
|
|
|
sessions[id].next_unused = sessions_first_unused;
|
|
|
|
|
sessions_first_unused = id;
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-01 03:09:21 +02:00
|
|
|
Session *
|
|
|
|
|
session_new(void)
|
|
|
|
|
{
|
2008-05-19 07:34:50 +02:00
|
|
|
Session *s, *tmp;
|
|
|
|
|
|
|
|
|
|
if (sessions_first_unused == -1) {
|
|
|
|
|
if (sessions_nalloc >= options.max_sessions)
|
|
|
|
|
return NULL;
|
2020-10-18 13:32:01 +02:00
|
|
|
debug2_f("allocate (allocated %d max %d)",
|
|
|
|
|
sessions_nalloc, options.max_sessions);
|
2017-05-31 11:15:42 +02:00
|
|
|
tmp = xrecallocarray(sessions, sessions_nalloc,
|
|
|
|
|
sessions_nalloc + 1, sizeof(*sessions));
|
2008-05-19 07:34:50 +02:00
|
|
|
if (tmp == NULL) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("cannot allocate %d sessions",
|
|
|
|
|
sessions_nalloc + 1);
|
2008-05-19 07:34:50 +02:00
|
|
|
return NULL;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2008-05-19 07:34:50 +02:00
|
|
|
sessions = tmp;
|
|
|
|
|
session_unused(sessions_nalloc++);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2008-05-19 07:34:50 +02:00
|
|
|
|
|
|
|
|
if (sessions_first_unused >= sessions_nalloc ||
|
|
|
|
|
sessions_first_unused < 0) {
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("insane first_unused %d max %d nalloc %d",
|
|
|
|
|
sessions_first_unused, options.max_sessions,
|
2008-05-19 07:34:50 +02:00
|
|
|
sessions_nalloc);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2008-05-19 07:34:50 +02:00
|
|
|
|
|
|
|
|
s = &sessions[sessions_first_unused];
|
2020-10-18 13:32:01 +02:00
|
|
|
if (s->used)
|
|
|
|
|
fatal_f("session %d already used", sessions_first_unused);
|
2008-05-19 07:34:50 +02:00
|
|
|
sessions_first_unused = s->next_unused;
|
|
|
|
|
s->used = 1;
|
|
|
|
|
s->next_unused = -1;
|
|
|
|
|
debug("session_new: session %d", s->self);
|
|
|
|
|
|
|
|
|
|
return s;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2000-04-01 03:09:21 +02:00
|
|
|
session_dump(void)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
2000-04-01 03:09:21 +02:00
|
|
|
Session *s = &sessions[i];
|
2008-05-19 07:34:50 +02:00
|
|
|
|
2021-08-11 07:20:17 +02:00
|
|
|
debug("dump: used %d next_unused %d session %d "
|
2008-05-19 07:34:50 +02:00
|
|
|
"channel %d pid %ld",
|
2000-04-01 03:09:21 +02:00
|
|
|
s->used,
|
2008-05-19 07:34:50 +02:00
|
|
|
s->next_unused,
|
2000-04-01 03:09:21 +02:00
|
|
|
s->self,
|
|
|
|
|
s->chanid,
|
2002-06-11 18:42:49 +02:00
|
|
|
(long)s->pid);
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2000-04-12 10:45:05 +02:00
|
|
|
int
|
2001-07-04 06:53:53 +02:00
|
|
|
session_open(Authctxt *authctxt, int chanid)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
|
|
|
|
Session *s = session_new();
|
|
|
|
|
debug("session_open: channel %d", chanid);
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
error("no more sessions");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2001-07-04 06:53:53 +02:00
|
|
|
s->authctxt = authctxt;
|
|
|
|
|
s->pw = authctxt->pw;
|
2003-11-17 11:13:40 +01:00
|
|
|
if (s->pw == NULL || !authctxt->valid)
|
2001-02-11 15:12:08 +01:00
|
|
|
fatal("no user for session %d", s->self);
|
2000-04-30 02:00:53 +02:00
|
|
|
debug("session_open: session %d: link with channel %d", s->self, chanid);
|
|
|
|
|
s->chanid = chanid;
|
2000-04-12 10:45:05 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-22 03:30:41 +01:00
|
|
|
Session *
|
|
|
|
|
session_by_tty(char *tty)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
2002-03-22 03:30:41 +01:00
|
|
|
Session *s = &sessions[i];
|
|
|
|
|
if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
|
|
|
|
|
debug("session_by_tty: session %d tty %s", i, tty);
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
debug("session_by_tty: unknown tty %.100s", tty);
|
|
|
|
|
session_dump();
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static Session *
|
2000-04-12 10:45:05 +02:00
|
|
|
session_by_channel(int id)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
2000-04-12 10:45:05 +02:00
|
|
|
Session *s = &sessions[i];
|
|
|
|
|
if (s->used && s->chanid == id) {
|
2008-05-19 07:34:50 +02:00
|
|
|
debug("session_by_channel: session %d channel %d",
|
|
|
|
|
i, id);
|
2000-04-12 10:45:05 +02:00
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
debug("session_by_channel: unknown channel %d", id);
|
|
|
|
|
session_dump();
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2005-07-17 09:19:24 +02:00
|
|
|
static Session *
|
|
|
|
|
session_by_x11_channel(int id)
|
|
|
|
|
{
|
|
|
|
|
int i, j;
|
|
|
|
|
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
2005-07-17 09:19:24 +02:00
|
|
|
Session *s = &sessions[i];
|
|
|
|
|
|
|
|
|
|
if (s->x11_chanids == NULL || !s->used)
|
|
|
|
|
continue;
|
|
|
|
|
for (j = 0; s->x11_chanids[j] != -1; j++) {
|
|
|
|
|
if (s->x11_chanids[j] == id) {
|
|
|
|
|
debug("session_by_x11_channel: session %d "
|
|
|
|
|
"channel %d", s->self, id);
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
debug("session_by_x11_channel: unknown channel %d", id);
|
|
|
|
|
session_dump();
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static Session *
|
2000-04-12 10:45:05 +02:00
|
|
|
session_by_pid(pid_t pid)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
2002-06-11 18:42:49 +02:00
|
|
|
debug("session_by_pid: pid %ld", (long)pid);
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
2000-04-12 10:45:05 +02:00
|
|
|
Session *s = &sessions[i];
|
|
|
|
|
if (s->used && s->pid == pid)
|
|
|
|
|
return s;
|
|
|
|
|
}
|
2002-06-11 18:42:49 +02:00
|
|
|
error("session_by_pid: unknown pid %ld", (long)pid);
|
2000-04-12 10:45:05 +02:00
|
|
|
session_dump();
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_window_change_req(struct ssh *ssh, Session *s)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
2019-01-19 22:41:53 +01:00
|
|
|
int r;
|
2018-10-04 23:16:02 +02:00
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->row)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2000-04-12 10:45:05 +02:00
|
|
|
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_pty_req(struct ssh *ssh, Session *s)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
2019-01-19 22:41:53 +01:00
|
|
|
int r;
|
2002-03-22 03:54:23 +01:00
|
|
|
|
2018-03-03 04:15:51 +01:00
|
|
|
if (!auth_opts->permit_pty_flag || !options.permit_tty) {
|
|
|
|
|
debug("Allocating a pty not permitted for this connection.");
|
2000-06-18 06:50:44 +02:00
|
|
|
return 0;
|
2001-06-13 06:37:36 +02:00
|
|
|
}
|
|
|
|
|
if (s->ttyfd != -1) {
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_disconnect(ssh, "Protocol error: you already have a pty.");
|
2000-04-16 03:18:38 +02:00
|
|
|
return 0;
|
2001-06-13 06:37:36 +02:00
|
|
|
}
|
|
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->col)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->row)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->ypixel)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2000-04-12 10:45:05 +02:00
|
|
|
|
|
|
|
|
if (strcmp(s->term, "") == 0) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->term);
|
2000-04-12 10:45:05 +02:00
|
|
|
s->term = NULL;
|
|
|
|
|
}
|
2001-06-13 06:37:36 +02:00
|
|
|
|
2000-04-12 10:45:05 +02:00
|
|
|
/* Allocate a pty and open it. */
|
2001-06-13 06:37:36 +02:00
|
|
|
debug("Allocating pty.");
|
2018-01-15 22:57:31 +01:00
|
|
|
#ifdef WINDOWS
|
|
|
|
|
if (!(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
|
|
|
|
|
#else
|
2008-05-19 07:34:50 +02:00
|
|
|
if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
|
2018-01-15 22:57:31 +01:00
|
|
|
#endif
|
2008-05-19 07:34:50 +02:00
|
|
|
sizeof(s->tty)))) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->term);
|
2000-04-12 10:45:05 +02:00
|
|
|
s->term = NULL;
|
|
|
|
|
s->ptyfd = -1;
|
|
|
|
|
s->ttyfd = -1;
|
|
|
|
|
error("session_pty_req: session %d alloc failed", s->self);
|
2000-04-16 03:18:38 +02:00
|
|
|
return 0;
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
debug("session_pty_req: session %d alloc %s", s->self, s->tty);
|
2001-06-13 06:37:36 +02:00
|
|
|
|
2018-07-09 23:20:26 +02:00
|
|
|
ssh_tty_parse_modes(ssh, s->ttyfd);
|
2001-06-13 06:37:36 +02:00
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
|
|
|
|
|
2002-03-22 03:30:41 +01:00
|
|
|
if (!use_privsep)
|
|
|
|
|
pty_setowner(s->pw, s->tty);
|
2001-06-13 06:37:36 +02:00
|
|
|
|
|
|
|
|
/* Set window size from the packet. */
|
2000-04-12 10:45:05 +02:00
|
|
|
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
|
|
|
|
|
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
session_proctitle(s);
|
2000-04-12 10:45:05 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_subsystem_req(struct ssh *ssh, Session *s)
|
2000-04-30 02:00:53 +02:00
|
|
|
{
|
2001-10-10 07:08:06 +02:00
|
|
|
struct stat st;
|
2019-01-19 22:41:53 +01:00
|
|
|
int r, success = 0;
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
char *prog, *cmd, *type;
|
2005-06-17 04:59:34 +02:00
|
|
|
u_int i;
|
2000-04-30 02:00:53 +02:00
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2013-10-15 03:12:02 +02:00
|
|
|
debug2("subsystem request for %.100s by user %s", s->subsys,
|
2010-06-26 01:47:43 +02:00
|
|
|
s->pw->pw_name);
|
2000-04-30 02:00:53 +02:00
|
|
|
|
2000-06-18 06:50:44 +02:00
|
|
|
for (i = 0; i < options.num_subsystems; i++) {
|
2013-10-15 03:12:02 +02:00
|
|
|
if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
|
2006-07-10 12:36:47 +02:00
|
|
|
prog = options.subsystem_command[i];
|
|
|
|
|
cmd = options.subsystem_args[i];
|
2010-01-08 07:09:50 +01:00
|
|
|
if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
|
2008-02-10 12:29:40 +01:00
|
|
|
s->is_subsystem = SUBSYSTEM_INT_SFTP;
|
2010-01-08 07:09:50 +01:00
|
|
|
debug("subsystem: %s", prog);
|
2008-02-10 12:29:40 +01:00
|
|
|
} else {
|
2019-06-28 15:35:04 +02:00
|
|
|
if (stat(prog, &st) == -1)
|
2010-01-08 07:09:50 +01:00
|
|
|
debug("subsystem: cannot stat %s: %s",
|
|
|
|
|
prog, strerror(errno));
|
2008-02-10 12:29:40 +01:00
|
|
|
s->is_subsystem = SUBSYSTEM_EXT;
|
2010-01-08 07:09:50 +01:00
|
|
|
debug("subsystem: exec() %s", cmd);
|
2001-10-10 07:08:06 +02:00
|
|
|
}
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
xasprintf(&type, "session:subsystem:%s",
|
|
|
|
|
options.subsystem_name[i]);
|
|
|
|
|
channel_set_xtype(ssh, s->chanid, type);
|
|
|
|
|
free(type);
|
2017-09-12 08:32:07 +02:00
|
|
|
success = do_exec(ssh, s, cmd) == 0;
|
2002-02-05 02:15:07 +01:00
|
|
|
break;
|
2000-06-18 06:50:44 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!success)
|
2013-10-15 03:12:02 +02:00
|
|
|
logit("subsystem request for %.100s by user %s failed, "
|
|
|
|
|
"subsystem not found", s->subsys, s->pw->pw_name);
|
2000-06-18 06:50:44 +02:00
|
|
|
|
2000-04-30 02:00:53 +02:00
|
|
|
return success;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_x11_req(struct ssh *ssh, Session *s)
|
2000-04-30 02:00:53 +02:00
|
|
|
{
|
2019-01-19 22:41:53 +01:00
|
|
|
int r, success;
|
|
|
|
|
u_char single_connection = 0;
|
2000-04-30 02:00:53 +02:00
|
|
|
|
2005-07-17 09:19:24 +02:00
|
|
|
if (s->auth_proto != NULL || s->auth_data != NULL) {
|
|
|
|
|
error("session_x11_req: session %d: "
|
2005-12-20 06:14:15 +01:00
|
|
|
"x11 forwarding already active", s->self);
|
2005-07-17 09:19:24 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_u8(ssh, &single_connection)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_u32(ssh, &s->screen)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
|
|
|
|
|
|
|
|
|
s->single_connection = single_connection;
|
2000-04-30 02:00:53 +02:00
|
|
|
|
2016-03-10 12:47:57 +01:00
|
|
|
if (xauth_valid_string(s->auth_proto) &&
|
|
|
|
|
xauth_valid_string(s->auth_data))
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_setup_x11fwd(ssh, s);
|
2016-03-10 12:47:57 +01:00
|
|
|
else {
|
|
|
|
|
success = 0;
|
|
|
|
|
error("Invalid X11 forwarding data");
|
|
|
|
|
}
|
2001-06-09 03:29:12 +02:00
|
|
|
if (!success) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->auth_proto);
|
|
|
|
|
free(s->auth_data);
|
2001-06-12 02:21:34 +02:00
|
|
|
s->auth_proto = NULL;
|
|
|
|
|
s->auth_data = NULL;
|
2000-04-30 02:00:53 +02:00
|
|
|
}
|
2001-06-09 03:29:12 +02:00
|
|
|
return success;
|
2000-04-30 02:00:53 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_shell_req(struct ssh *ssh, Session *s)
|
2000-06-18 06:50:44 +02:00
|
|
|
{
|
2019-01-19 22:41:53 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
if ((r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
|
|
|
|
|
channel_set_xtype(ssh, s->chanid, "session:shell");
|
|
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
return do_exec(ssh, s, NULL) == 0;
|
2000-06-18 06:50:44 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_exec_req(struct ssh *ssh, Session *s)
|
2000-06-18 06:50:44 +02:00
|
|
|
{
|
2019-01-19 22:41:53 +01:00
|
|
|
u_int success;
|
|
|
|
|
int r;
|
|
|
|
|
char *command = NULL;
|
|
|
|
|
|
|
|
|
|
if ((r = sshpkt_get_cstring(ssh, &command, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2008-05-19 07:34:50 +02:00
|
|
|
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
channel_set_xtype(ssh, s->chanid, "session:command");
|
|
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
success = do_exec(ssh, s, command) == 0;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(command);
|
2008-05-19 07:34:50 +02:00
|
|
|
return success;
|
2000-06-18 06:50:44 +02:00
|
|
|
}
|
|
|
|
|
|
2003-05-15 02:20:13 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_break_req(struct ssh *ssh, Session *s)
|
2003-05-15 02:20:13 +02:00
|
|
|
{
|
2019-01-19 22:41:53 +01:00
|
|
|
int r;
|
2003-05-15 02:20:13 +02:00
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* ignore */
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2003-05-15 02:20:13 +02:00
|
|
|
|
2019-06-28 15:35:04 +02:00
|
|
|
if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1)
|
2003-05-15 02:20:13 +02:00
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-02 14:11:30 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_env_req(struct ssh *ssh, Session *s)
|
2004-05-02 14:11:30 +02:00
|
|
|
{
|
|
|
|
|
char *name, *val;
|
2019-01-19 22:41:53 +01:00
|
|
|
u_int i;
|
|
|
|
|
int r;
|
2004-05-02 14:11:30 +02:00
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_cstring(ssh, &val, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2004-05-02 14:11:30 +02:00
|
|
|
|
|
|
|
|
/* Don't set too many environment variables */
|
|
|
|
|
if (s->num_env > 128) {
|
|
|
|
|
debug2("Ignoring env request %s: too many env vars", name);
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < options.num_accept_env; i++) {
|
|
|
|
|
if (match_pattern(name, options.accept_env[i])) {
|
|
|
|
|
debug2("Setting env %d: %s=%s", s->num_env, name, val);
|
2017-05-31 11:15:42 +02:00
|
|
|
s->env = xrecallocarray(s->env, s->num_env,
|
|
|
|
|
s->num_env + 1, sizeof(*s->env));
|
2004-05-02 14:11:30 +02:00
|
|
|
s->env[s->num_env].name = name;
|
|
|
|
|
s->env[s->num_env].val = val;
|
|
|
|
|
s->num_env++;
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
debug2("Ignoring env request %s: disallowed name", name);
|
|
|
|
|
|
|
|
|
|
fail:
|
2013-06-01 23:31:17 +02:00
|
|
|
free(name);
|
|
|
|
|
free(val);
|
2004-05-02 14:11:30 +02:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 14:40:07 +02:00
|
|
|
/*
|
|
|
|
|
* Conversion of signals from ssh channel request names.
|
|
|
|
|
* Subset of signals from RFC 4254 section 6.10C, with SIGINFO as
|
|
|
|
|
* local extension.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
name2sig(char *name)
|
|
|
|
|
{
|
|
|
|
|
#define SSH_SIG(x) if (strcmp(name, #x) == 0) return SIG ## x
|
|
|
|
|
SSH_SIG(HUP);
|
|
|
|
|
SSH_SIG(INT);
|
|
|
|
|
SSH_SIG(KILL);
|
|
|
|
|
SSH_SIG(QUIT);
|
|
|
|
|
SSH_SIG(TERM);
|
|
|
|
|
SSH_SIG(USR1);
|
|
|
|
|
SSH_SIG(USR2);
|
|
|
|
|
#undef SSH_SIG
|
2018-10-02 14:49:40 +02:00
|
|
|
#ifdef SIGINFO
|
2018-10-02 14:40:07 +02:00
|
|
|
if (strcmp(name, "INFO@openssh.com") == 0)
|
|
|
|
|
return SIGINFO;
|
2018-10-02 14:49:40 +02:00
|
|
|
#endif
|
2018-10-02 14:40:07 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
session_signal_req(struct ssh *ssh, Session *s)
|
|
|
|
|
{
|
|
|
|
|
char *signame = NULL;
|
|
|
|
|
int r, sig, success = 0;
|
|
|
|
|
|
|
|
|
|
if ((r = sshpkt_get_cstring(ssh, &signame, NULL)) != 0 ||
|
|
|
|
|
(r = sshpkt_get_end(ssh)) != 0) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_fr(r, "parse");
|
2018-10-02 14:40:07 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if ((sig = name2sig(signame)) == -1) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("unsupported signal \"%s\"", signame);
|
2018-10-02 14:40:07 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (s->pid <= 0) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("no pid for session %d", s->self);
|
2018-10-02 14:40:07 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (s->forced || s->is_subsystem) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("refusing to send signal %s to %s session",
|
2018-10-02 14:40:07 +02:00
|
|
|
signame, s->forced ? "forced-command" : "subsystem");
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (!use_privsep || mm_is_monitor()) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("session signalling requires privilege separation");
|
2018-10-02 14:40:07 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig);
|
2018-10-02 14:40:07 +02:00
|
|
|
temporarily_use_uid(s->pw);
|
|
|
|
|
r = killpg(s->pid, sig);
|
|
|
|
|
restore_uid();
|
|
|
|
|
if (r != 0) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("killpg(%ld, %d): %s", (long)s->pid,
|
2018-10-02 14:40:07 +02:00
|
|
|
sig, strerror(errno));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* success */
|
|
|
|
|
success = 1;
|
|
|
|
|
out:
|
|
|
|
|
free(signame);
|
|
|
|
|
return success;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_auth_agent_req(struct ssh *ssh, Session *s)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
|
static int called = 0;
|
2019-01-19 22:41:53 +01:00
|
|
|
int r;
|
2018-03-03 04:15:51 +01:00
|
|
|
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_get_end(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
2018-03-03 04:15:51 +01:00
|
|
|
if (!auth_opts->permit_agent_forwarding_flag ||
|
|
|
|
|
!options.allow_agent_forwarding) {
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("agent forwarding disabled");
|
2000-11-21 22:24:55 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
if (called) {
|
|
|
|
|
return 0;
|
|
|
|
|
} else {
|
|
|
|
|
called = 1;
|
2017-09-12 08:32:07 +02:00
|
|
|
return auth_input_request_forwarding(ssh, s->pw);
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-02-05 02:21:42 +01:00
|
|
|
int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
|
|
|
|
int success = 0;
|
|
|
|
|
Session *s;
|
|
|
|
|
|
2002-02-05 02:21:42 +01:00
|
|
|
if ((s = session_by_channel(c->self)) == NULL) {
|
2020-10-18 13:32:01 +02:00
|
|
|
logit_f("no session %d req %.100s", c->self, rtype);
|
2002-02-05 02:21:42 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("session %d req %s", s->self, rtype);
|
2000-04-12 10:45:05 +02:00
|
|
|
|
|
|
|
|
/*
|
2001-03-22 02:27:23 +01:00
|
|
|
* a session is in LARVAL state until a shell, a command
|
|
|
|
|
* or a subsystem is executed
|
2000-04-12 10:45:05 +02:00
|
|
|
*/
|
|
|
|
|
if (c->type == SSH_CHANNEL_LARVAL) {
|
|
|
|
|
if (strcmp(rtype, "shell") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_shell_req(ssh, s);
|
2000-04-12 10:45:05 +02:00
|
|
|
} else if (strcmp(rtype, "exec") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_exec_req(ssh, s);
|
2000-04-12 10:45:05 +02:00
|
|
|
} else if (strcmp(rtype, "pty-req") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_pty_req(ssh, s);
|
2000-04-30 02:00:53 +02:00
|
|
|
} else if (strcmp(rtype, "x11-req") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_x11_req(ssh, s);
|
2000-11-13 12:57:25 +01:00
|
|
|
} else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_auth_agent_req(ssh, s);
|
2000-04-30 02:00:53 +02:00
|
|
|
} else if (strcmp(rtype, "subsystem") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_subsystem_req(ssh, s);
|
2004-05-02 14:11:30 +02:00
|
|
|
} else if (strcmp(rtype, "env") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_env_req(ssh, s);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(rtype, "window-change") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_window_change_req(ssh, s);
|
2004-06-30 14:41:07 +02:00
|
|
|
} else if (strcmp(rtype, "break") == 0) {
|
2017-09-12 08:32:07 +02:00
|
|
|
success = session_break_req(ssh, s);
|
2018-10-02 14:40:07 +02:00
|
|
|
} else if (strcmp(rtype, "signal") == 0) {
|
|
|
|
|
success = session_signal_req(ssh, s);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
2004-06-30 14:41:07 +02:00
|
|
|
|
2002-02-05 02:21:42 +01:00
|
|
|
return success;
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
session_set_fds(struct ssh *ssh, Session *s,
|
|
|
|
|
int fdin, int fdout, int fderr, int ignore_fderr, int is_tty)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* now that have a child and a pipe to the child,
|
|
|
|
|
* we can activate our channel and register the fd's
|
|
|
|
|
*/
|
|
|
|
|
if (s->chanid == -1)
|
|
|
|
|
fatal("no channel for session %d", s->self);
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_set_fds(ssh, s->chanid,
|
2000-04-12 10:45:05 +02:00
|
|
|
fdout, fdin, fderr,
|
2010-06-26 02:00:14 +02:00
|
|
|
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
|
2008-06-16 15:29:18 +02:00
|
|
|
1, is_tty, CHAN_SES_WINDOW_DEFAULT);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-13 06:35:43 +02:00
|
|
|
/*
|
|
|
|
|
* Function to perform pty cleanup. Also called if we get aborted abnormally
|
|
|
|
|
* (e.g., due to a dropped connection).
|
|
|
|
|
*/
|
2002-03-22 03:30:41 +01:00
|
|
|
void
|
2003-10-02 08:12:36 +02:00
|
|
|
session_pty_cleanup2(Session *s)
|
2000-04-01 03:09:21 +02:00
|
|
|
{
|
2001-06-13 06:35:43 +02:00
|
|
|
if (s == NULL) {
|
2020-10-18 13:32:01 +02:00
|
|
|
error_f("no session");
|
2001-06-13 06:35:43 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (s->ttyfd == -1)
|
2000-04-01 03:09:21 +02:00
|
|
|
return;
|
|
|
|
|
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("session %d release %s", s->self, s->tty);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/* Record that the user has logged out. */
|
2001-06-13 06:35:43 +02:00
|
|
|
if (s->pid != 0)
|
2002-02-25 02:56:46 +01:00
|
|
|
record_logout(s->pid, s->tty, s->pw->pw_name);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/* Release the pseudo-tty. */
|
2002-03-22 03:30:41 +01:00
|
|
|
if (getuid() == 0)
|
|
|
|
|
pty_release(s->tty);
|
2000-04-01 03:09:21 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Close the server side of the socket pairs. We must do this after
|
|
|
|
|
* the pty cleanup, so that another process doesn't get this pty
|
|
|
|
|
* while we're still cleaning up.
|
|
|
|
|
*/
|
2019-06-28 15:35:04 +02:00
|
|
|
if (s->ptymaster != -1 && close(s->ptymaster) == -1)
|
2008-05-19 07:34:50 +02:00
|
|
|
error("close(s->ptymaster/%d): %s",
|
|
|
|
|
s->ptymaster, strerror(errno));
|
2001-10-12 03:35:50 +02:00
|
|
|
|
|
|
|
|
/* unlink pty from session */
|
|
|
|
|
s->ttyfd = -1;
|
2000-04-01 03:09:21 +02:00
|
|
|
}
|
2000-04-12 10:45:05 +02:00
|
|
|
|
2002-03-22 03:30:41 +01:00
|
|
|
void
|
2003-10-02 08:12:36 +02:00
|
|
|
session_pty_cleanup(Session *s)
|
2002-03-22 03:30:41 +01:00
|
|
|
{
|
2003-10-02 08:12:36 +02:00
|
|
|
PRIVSEP(session_pty_cleanup2(s));
|
2002-03-22 03:30:41 +01:00
|
|
|
}
|
|
|
|
|
|
2002-09-04 08:39:02 +02:00
|
|
|
static char *
|
|
|
|
|
sig2name(int sig)
|
|
|
|
|
{
|
|
|
|
|
#define SSH_SIG(x) if (sig == SIG ## x) return #x
|
|
|
|
|
SSH_SIG(ABRT);
|
|
|
|
|
SSH_SIG(ALRM);
|
|
|
|
|
SSH_SIG(FPE);
|
|
|
|
|
SSH_SIG(HUP);
|
|
|
|
|
SSH_SIG(ILL);
|
|
|
|
|
SSH_SIG(INT);
|
|
|
|
|
SSH_SIG(KILL);
|
|
|
|
|
SSH_SIG(PIPE);
|
|
|
|
|
SSH_SIG(QUIT);
|
|
|
|
|
SSH_SIG(SEGV);
|
|
|
|
|
SSH_SIG(TERM);
|
|
|
|
|
SSH_SIG(USR1);
|
|
|
|
|
SSH_SIG(USR2);
|
|
|
|
|
#undef SSH_SIG
|
|
|
|
|
return "SIG@openssh.com";
|
|
|
|
|
}
|
|
|
|
|
|
2005-07-17 09:19:24 +02:00
|
|
|
static void
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close_x11(struct ssh *ssh, int id)
|
2005-07-17 09:19:24 +02:00
|
|
|
{
|
|
|
|
|
Channel *c;
|
|
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
if ((c = channel_by_id(ssh, id)) == NULL) {
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("x11 channel %d missing", id);
|
2005-07-17 09:19:24 +02:00
|
|
|
} else {
|
|
|
|
|
/* Detach X11 listener */
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("detach x11 channel %d", id);
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_cancel_cleanup(ssh, id);
|
2005-07-17 09:19:24 +02:00
|
|
|
if (c->ostate != CHAN_OUTPUT_CLOSED)
|
2017-09-12 08:32:07 +02:00
|
|
|
chan_mark_dead(ssh, c);
|
2005-07-17 09:19:24 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
session_close_single_x11(struct ssh *ssh, int id, int force, void *arg)
|
2005-07-17 09:19:24 +02:00
|
|
|
{
|
|
|
|
|
Session *s;
|
|
|
|
|
u_int i;
|
|
|
|
|
|
2020-10-18 13:32:01 +02:00
|
|
|
debug3_f("channel %d", id);
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_cancel_cleanup(ssh, id);
|
2007-02-19 12:10:25 +01:00
|
|
|
if ((s = session_by_x11_channel(id)) == NULL)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("no x11 channel %d", id);
|
2005-07-17 09:19:24 +02:00
|
|
|
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("session %d: closing channel %d",
|
|
|
|
|
s->self, s->x11_chanids[i]);
|
2005-07-17 09:19:24 +02:00
|
|
|
/*
|
|
|
|
|
* The channel "id" is already closing, but make sure we
|
|
|
|
|
* close all of its siblings.
|
|
|
|
|
*/
|
|
|
|
|
if (s->x11_chanids[i] != id)
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close_x11(ssh, s->x11_chanids[i]);
|
2005-07-17 09:19:24 +02:00
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->x11_chanids);
|
2005-07-17 09:19:24 +02:00
|
|
|
s->x11_chanids = NULL;
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->display);
|
|
|
|
|
s->display = NULL;
|
|
|
|
|
free(s->auth_proto);
|
|
|
|
|
s->auth_proto = NULL;
|
|
|
|
|
free(s->auth_data);
|
|
|
|
|
s->auth_data = NULL;
|
|
|
|
|
free(s->auth_display);
|
|
|
|
|
s->auth_display = NULL;
|
2005-07-17 09:19:24 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2017-09-12 08:32:07 +02:00
|
|
|
session_exit_message(struct ssh *ssh, Session *s, int status)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
|
|
|
|
Channel *c;
|
2019-01-19 22:41:53 +01:00
|
|
|
int r;
|
2023-08-11 01:05:48 +02:00
|
|
|
char *note = NULL;
|
2002-02-08 12:06:48 +01:00
|
|
|
|
2017-09-12 08:32:07 +02:00
|
|
|
if ((c = channel_lookup(ssh, s->chanid)) == NULL)
|
2020-10-18 13:32:01 +02:00
|
|
|
fatal_f("session %d: no channel %d", s->self, s->chanid);
|
2000-04-12 10:45:05 +02:00
|
|
|
|
|
|
|
|
if (WIFEXITED(status)) {
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_request_start(ssh, s->chanid, "exit-status", 0);
|
2019-01-19 22:41:53 +01:00
|
|
|
if ((r = sshpkt_put_u32(ssh, WEXITSTATUS(status))) != 0 ||
|
|
|
|
|
(r = sshpkt_send(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: exit reply", __func__);
|
2023-08-11 01:05:48 +02:00
|
|
|
xasprintf(¬e, "exit %d", WEXITSTATUS(status));
|
2000-04-12 10:45:05 +02:00
|
|
|
} else if (WIFSIGNALED(status)) {
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_request_start(ssh, s->chanid, "exit-signal", 0);
|
2019-01-19 22:41:53 +01:00
|
|
|
#ifndef WCOREDUMP
|
|
|
|
|
# define WCOREDUMP(x) (0)
|
|
|
|
|
#endif
|
|
|
|
|
if ((r = sshpkt_put_cstring(ssh, sig2name(WTERMSIG(status)))) != 0 ||
|
|
|
|
|
(r = sshpkt_put_u8(ssh, WCOREDUMP(status)? 1 : 0)) != 0 ||
|
|
|
|
|
(r = sshpkt_put_cstring(ssh, "")) != 0 ||
|
|
|
|
|
(r = sshpkt_put_cstring(ssh, "")) != 0 ||
|
|
|
|
|
(r = sshpkt_send(ssh)) != 0)
|
|
|
|
|
sshpkt_fatal(ssh, r, "%s: exit reply", __func__);
|
2023-08-11 01:05:48 +02:00
|
|
|
xasprintf(¬e, "signal %d%s", WTERMSIG(status),
|
|
|
|
|
WCOREDUMP(status) ? " core dumped" : "");
|
2000-04-12 10:45:05 +02:00
|
|
|
} else {
|
|
|
|
|
/* Some weird exit cause. Just exit. */
|
2023-08-11 01:05:48 +02:00
|
|
|
ssh_packet_disconnect(ssh, "wait returned status %04x.",
|
|
|
|
|
status);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-11 01:05:48 +02:00
|
|
|
debug_f("session %d channel %d pid %ld %s", s->self, s->chanid,
|
|
|
|
|
(long)s->pid, note == NULL ? "UNKNOWN" : note);
|
|
|
|
|
free(note);
|
|
|
|
|
|
2000-04-12 10:45:05 +02:00
|
|
|
/* disconnect channel */
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("release channel %d", s->chanid);
|
2005-11-05 04:52:50 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Adjust cleanup callback attachment to send close messages when
|
2006-03-26 04:58:55 +02:00
|
|
|
* the channel gets EOF. The session will be then be closed
|
2020-03-13 04:17:07 +01:00
|
|
|
* by session_close_by_channel when the child sessions close their fds.
|
2005-11-05 04:52:50 +01:00
|
|
|
*/
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_register_cleanup(ssh, c->self, session_close_by_channel, 1);
|
2005-11-05 04:52:50 +01:00
|
|
|
|
2000-04-19 23:42:21 +02:00
|
|
|
/*
|
|
|
|
|
* emulate a write failure with 'chan_write_failed', nobody will be
|
|
|
|
|
* interested in data we write.
|
|
|
|
|
* Note that we must not call 'chan_read_failed', since there could
|
|
|
|
|
* be some more data waiting in the pipe.
|
|
|
|
|
*/
|
2000-04-30 02:00:53 +02:00
|
|
|
if (c->ostate != CHAN_OUTPUT_CLOSED)
|
2017-09-12 08:32:07 +02:00
|
|
|
chan_write_failed(ssh, c);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
2002-03-22 03:30:41 +01:00
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close(struct ssh *ssh, Session *s)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
2005-06-17 04:59:34 +02:00
|
|
|
u_int i;
|
2004-05-02 14:11:30 +02:00
|
|
|
|
2016-02-16 04:37:48 +01:00
|
|
|
verbose("Close session: user %s from %.200s port %d id %d",
|
|
|
|
|
s->pw->pw_name,
|
2016-03-07 20:02:43 +01:00
|
|
|
ssh_remote_ipaddr(ssh),
|
|
|
|
|
ssh_remote_port(ssh),
|
2016-02-16 04:37:48 +01:00
|
|
|
s->self);
|
|
|
|
|
|
2003-10-02 08:12:36 +02:00
|
|
|
if (s->ttyfd != -1)
|
2001-06-13 06:35:43 +02:00
|
|
|
session_pty_cleanup(s);
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->term);
|
|
|
|
|
free(s->display);
|
|
|
|
|
free(s->x11_chanids);
|
|
|
|
|
free(s->auth_display);
|
|
|
|
|
free(s->auth_data);
|
|
|
|
|
free(s->auth_proto);
|
2013-10-15 03:12:02 +02:00
|
|
|
free(s->subsys);
|
2006-08-30 03:07:39 +02:00
|
|
|
if (s->env != NULL) {
|
|
|
|
|
for (i = 0; i < s->num_env; i++) {
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->env[i].name);
|
|
|
|
|
free(s->env[i].val);
|
2006-08-30 03:07:39 +02:00
|
|
|
}
|
2013-06-01 23:31:17 +02:00
|
|
|
free(s->env);
|
2006-08-30 03:07:39 +02:00
|
|
|
}
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
session_proctitle(s);
|
2008-05-19 07:34:50 +02:00
|
|
|
session_unused(s->self);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close_by_pid(struct ssh *ssh, pid_t pid, int status)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
|
|
|
|
Session *s = session_by_pid(pid);
|
|
|
|
|
if (s == NULL) {
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("no session for pid %ld", (long)pid);
|
2000-04-12 10:45:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (s->chanid != -1)
|
2017-09-12 08:32:07 +02:00
|
|
|
session_exit_message(ssh, s, status);
|
2005-11-05 04:52:50 +01:00
|
|
|
if (s->ttyfd != -1)
|
|
|
|
|
session_pty_cleanup(s);
|
2006-02-08 00:17:44 +01:00
|
|
|
s->pid = 0;
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* this is called when a channel dies before
|
|
|
|
|
* the session 'child' itself dies
|
|
|
|
|
*/
|
|
|
|
|
void
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
session_close_by_channel(struct ssh *ssh, int id, int force, void *arg)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
|
|
|
|
Session *s = session_by_channel(id);
|
2005-11-05 04:52:50 +01:00
|
|
|
u_int i;
|
2005-07-17 09:19:24 +02:00
|
|
|
|
2000-04-12 10:45:05 +02:00
|
|
|
if (s == NULL) {
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("no session for id %d", id);
|
2000-04-12 10:45:05 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("channel %d child %ld", id, (long)s->pid);
|
2001-10-10 07:14:37 +02:00
|
|
|
if (s->pid != 0) {
|
2020-10-18 13:32:01 +02:00
|
|
|
debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd);
|
2001-10-12 03:35:50 +02:00
|
|
|
/*
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
* delay detach of session (unless this is a forced close),
|
|
|
|
|
* but release pty, since the fd's to the child are already
|
|
|
|
|
* closed
|
2001-10-12 03:35:50 +02:00
|
|
|
*/
|
2003-10-02 08:12:36 +02:00
|
|
|
if (s->ttyfd != -1)
|
2001-10-12 03:35:50 +02:00
|
|
|
session_pty_cleanup(s);
|
Merge 9.2 (#657)
* upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302
OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
* Install Cygwin packages based on OS not config.
* initial list of allowed signers
* upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
* upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
* Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
* Add Windows 2022 test targets.
* Add libcrypt-devel to cygwin-release deps.
Based on feedback from vinschen at redhat.com.
* cross-sign allowed_signers with PGP key
Provides continuity of trust from legacy PGP release key to
the SSHSIG signing keys that we will use henceforth for git
signing.
* additional keys
* upstream: whitespace
OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232
* Move sftp from valgrind-2 to 3 to rebalance.
* upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd
* Remove arc4random_uniform from arc4random.c
This was previously moved into its own file (matching OpenBSD) which
prematurely committed in commit 73541f2.
* Move OPENBSD ORIGINAL marker.
Putting this after the copyright statement (which doesn't change)
instead of before the version identifier (which does) prevents merge
conflicts when resyncing changes.
* Resync arc4random with OpenBSD.
This brings us up to current, including djm's random-reseeding change,
as prompted by logan at cyberstorm.mu in bz#3467. It brings the
platform-specific hooks from LibreSSL Portable, simplified to match our
use case. ok djm@.
* Remove DEF_WEAK, it's already in defines.h.
* openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
Fixes the following build failure with Clang 15 on musl:
```
bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
do not support
implicit function declarations [-Wimplicit-function-declaration]
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
^
bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
1 error generated.
```
* upstream: notifier_complete(NULL, ...) is a noop, so no need to test
that ctx!=NULL; from Corinna Vinschen
OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a
* upstream: fix repeated words ok miod@ jmc@
OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7
* upstream: .Li -> .Vt where appropriate; from josiah frentsos,
tweaked by schwarze
ok schwarze
OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed
* upstream: ssh-agent: attempt FIDO key signing without PIN and use
the error to determine whether a PIN is required and prompt only if
necessary. from Corinna Vinschen
OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd
* upstream: a little extra debugging
OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
* upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f
* upstream: sftp: Don't attempt to complete arguments for
non-existent commands
If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.
From Michal Privoznik
OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a
* upstream: sftp: Be a bit more clever about completions
There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.
By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.
By Michal Privoznik, ok dtucker@
OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b
* upstream: correct error value
OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4
* upstream: actually hook up restrict_websafe; the command-line flag
was never actually used. Spotted by Matthew Garrett
OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1
* upstream: Add a sshkey_check_rsa_length() call for checking the
length of an RSA key; ok markus@
OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134
* upstream: add a RequiredRSASize for checking RSA key length in
ssh(1). User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then the connection
will be terminated (unfortunately there are no fallbacks in the protocol for
host authentication).
feedback deraadt, Dmitry Belyavskiy; ok markus@
OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a
* upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
beneath this limit will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1
* upstream: better debugging for connect_next()
OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
* upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
extension request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
Will be used to make directory listings more useful and consistent
in sftp(1).
ok markus@
OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3
* upstream: extend sftp-common.c:extend ls_file() to support supplied
user/group names; ok markus@
OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0
* upstream: sftp client library support for
users-groups-by-id@openssh.com; ok markus@
OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de
* upstream: use users-groups-by-id@openssh.com sftp-server extension
(when available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names. ok markus@
OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e
* avoid Wuninitialized false positive in gcc-12ish
* no need for glob.h here
it also causes portability problems
* upstream: add RequiredRSASize to the list of keywords accepted by
-o; spotted by jmc@
OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e
* upstream: Fix typo. From AlexanderStohr via github PR#343.
OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497
* upstream: openssh-9.1
OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56
* crank versions in RPM spec files
* update release notes URL
* update .depend
* remove mention of --with-security-key-builtin
it is enabled by default when libfido2 is installed
* mention libfido2 autodetection
* whitespace at EOL
* Test commits to all branches of portable.
Only test OpenBSD upstream on commits to master since that's what it
tracks.
* Add 9.1 branch to CI status page.
* Add LibreSSL 3.6.0 to test suite.
While there, bump OpenSSL to latest 1.1.1q release.
* upstream: honour user's umask if it is more restrictive then the ssh
default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@
OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d
* skip bsd-poll.h if poll.h found; ok dtucker
* Fix snprintf configure test for clang 15
Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
A handful of tests have "main(..." and not "int main(..." which caused
the tests to produce incorrect results.
* undef _get{short,long} before redefining
* revert c64b62338b4 and guard POLL* defines instead
c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2)
Spotted by dtucker
* OpenSSL dev branch now identifies as 3.2.0.
* upstream: document "-O no-restrict-websafe"; spotted by Ross L
Richardson
OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b
* upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here,
wrap a long line
ssh-agent.c:
- add -O to usage()
OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389
* upstream: use correct type with sizeof ok djm@
OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143
* upstream: when scp(1) is using the SFTP protocol for transport (the
default), better match scp/rcp's handling of globs that don't match the
globbed characters but do match literally (e.g. trying to transfer
"foo.[1]").
Previously scp(1) in SFTP mode would not match these pathnames but
legacy scp/rcp mode would.
Reported by Michael Yagliyan in bz3488; ok dtucker@
OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11
* upstream: regress test for unmatched glob characters; fails before
previous commit but passes now. bz3488; prodded by dtucker@
OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd
* upstream: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.
reported by David Leadbeater, ok deraadt@
OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad
* upstream: begin big refactor of sshkey
Move keytype data and some of the type-specific code (allocation,
cleanup, etc) out into each key type's implementation. Subsequent
commits will move more, with the goal of having each key-*.c file
owning as much of its keytype's implementation as possible.
lots of feedback + ok markus@
OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec
* upstream: factor out sshkey_equal_public()
feedback/ok markus@
OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94
* upstream: factor out public key serialization
feedback/ok markus@
OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033
* upstream: refactor and simplify sshkey_read()
feedback/ok markus@
OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971
* upstream: factor out key generation
feedback/ok markus@
OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb
* upstream: refactor sshkey_from_private()
feedback/ok markus@
OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53
* upstream: refactor sshkey_from_blob_internal()
feedback/ok markus@
OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283
* upstream: refactor sshkey_sign() and sshkey_verify()
feedback/ok markus@
OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc
* upstream: refactor certify
feedback/ok markus@
OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6
* upstream: refactor sshkey_private_serialize_opt()
feedback/ok markus@
OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd
* upstream: refactor sshkey_private_deserialize
feedback/ok markus@
OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f
* fix merge botch
* upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
* upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak
OPENSSL=no builds
OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e
* OpenSSL dev branch is 302 not 320.
While there, also accept 301 which it shat it was previously.
* upstream: Use variable for diff options
instead of unconditionally specifying "-rN". This will make life easier
in -portable where not all diff's understand -N.
OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3
* Check for sockaddr_in.sin_len.
If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan
tests on platforms with this (eg old NetBSD).
* Always use compat getentropy.
Have it call native getentropy and fall back as required. Should fix
issues of platforms where libc has getentropy but it is not implemented
in the kernel. Based on github PR#354 from simsergey.
* Include time.h when defining timegm.
Fixes build on some platforms eg recent AIX.
* Compat tests need libcrypto.
This was moved to CHANNELLIBS during the libs refactor. Spotted by
rapier at psc.edu.
* Run compat regress tests too.
* Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1.
* Only run opensslver tests if built with OpenSSL.
* Increase selfhosted job timeout.
The default job timeout of 360 (6h) is not enough to complete the
regress tests for some of the slow VMs depending on the load on the host.
Increase to 600 (10h).
* Fix compat regress to work with non-GNU make.
* Link libssh into compat tests.
The cygwin compat code uses xmalloc, so add libssh.a so pick up that.
* Rerun tests on changes to Makefile.in in any dir.
* upstream: replace recently-added valid_domain() check for hostnames
going to known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@
OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0
* Don't run openbsd-compat tests on Cygwin.
Add "compat-tests" to the default TEST_TARGET so we can override as
necessary. Override TEST_TARGET for Cygwin as the tests don't currently
compile there.
* Fix broken zlib link.
* configure.ac: Add <pty.h> include for openpty
Another Clang 16ish fix (which makes -Wimplicit-function-declaration
an error by default). github PR#355.
See: 2efd71da49b9cfeab7987058cf5919e473ff466b
See: be197635329feb839865fdc738e34e24afd1fca8
* configure.ac: Fix -Wstrict-prototypes
Clang 16 now warns on this and it'll be removed in C23, so let's
just be future proof. It also reduces noise when doing general
Clang 16 porting work (which is a big job as it is). github PR#355.
Signed-off-by: Sam James <sam@gentoo.org>
* Fix setres*id checks to work with clang-16.
glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
and clang 16 will error out on implicit function definitions, so add
_GNU_SOURCE and the required headers to the configure checks. From
sam at @gentoo.org via bz#3497.
* Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly. From
emaste at freebsd.org.
* Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
* Link to branch-specific queries for V_9_1 status.
* upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
* upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
* Add CIFuzz integration
* Run cifuzz workflow on the actions as regular CI.
* Whitespace change to trigger CIFuzz workflow.
* Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
* Add CIFuzz status badge.
* Branch-specific links for master status badges.
* Fix merge conflict.
* upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
* upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@
OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
* upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable. ok djm@
OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
* upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
* Split out rekey test since it runs the longest.
* Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
* Add valrind-5 test here too.
* Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
* Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
* Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.
The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
* Fix comment text. From emaste at freebsd.org.
* Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use. bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
* upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
* upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change
OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
* upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.
OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
* upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.
OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
* Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test. See bz#3483 for details.
* Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.
ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
* upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@
OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
* Add dfly62 test target.
* If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
* Add fallback for old platforms w/out MAP_ANON.
* Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
* Remove unused self-hosted test targets.
* Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
* Add "libvirt" label to dfly30.
* Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
* Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
* Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
* Skip unit tests on slow riscv64 hardware.
* Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
* upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
* upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
* upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
* upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
* upstream: Log output of ssh-agent and ssh-add
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
* upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
* Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
* upstream: make struct sshbuf private
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
* upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
* Fix typo in comment. Spotted by tim@
* Update autotools
Regenerate config files using latest autotools
* disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
* Add SANDBOX_DEBUG to the kitchensink test build.
* upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
* upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
* upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
* upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
* use calloc for allocating arc4random structs
ok dtucker
* Move obsdsnap test VMs to ephemeral runners.
* Run upstream obsdsnap tests on ephemeral runners.
* obsdsnap test VMs runs-on libvirt too.
* Fetch regress logs from obj dir.
* Set group perms on regress dir.
This ensures that the tests don't fail due to StrictMode checks.
* Use sudo when resetting perms on directories.
* Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s.
* Simply handling of SSH_CONNECTION PAM env var.
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
* upstream: The idiomatic way of coping with signed char vs unsigned
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
* upstream: add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
* upstream: add -X to usage();
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
* upstream: Clear signal mask early in main(); sshd may have been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
* upstream: Mention that scp uses the SFTP protocol and remove
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
* upstream: spelling fixes; from paul tagliamonte amendments to his
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
* upstream: fix bug in PermitRemoteOpen which caused it to ignore its
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
* upstream: regression test for PermitRemoteOpen
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
* upstream: suppress "Connection closed" message when in quiet mode
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
* upstream: add ptimeout API for keeping track of poll/ppoll
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
* upstream: replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
* upstream: Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
* upstream: tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
* upstream: Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
* upstream: Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
* unbreak scp on NetBSD 4.x
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
* upstream: Copy bytes from the_banana[] rather than banana()
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
* upstream: unit tests for misc.c:ptimeout_* API
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
* upstream: fix typo in verbose logging
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
* upstream: regression test for ChannelTimeout
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
* upstream: Save debug logs from ssh for debugging purposes.
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
* Set OPENSSL_BIN from OpenSSL directory.
* Check openssl_bin path is executable before using.
* Use autoconf to find openssl binary.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
* Use our own netcat for dynamic-forward test.
That way we can be surer about its behaviour rather than trying to
second-guess the behaviour of various netcat implementations.
* upstream: When OpenSSL is not available, skip parts of percent test
that require it. Based on github pr#368 from ren mingshuai.
OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2
* don't test IPv6 addresses if platform lacks support
* Skip dynamic-forward test on minix3.
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
* try to improve logging for dynamic-forward test
previously the logs from the ssh used to exercise the forwarding
channel would clobber the logs from the ssh actually doing the
forwarding
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858
* upstream: Switch scp from using pipes to a socketpair for
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
* add back use of pipes in scp.c under USE_PIPES
This matches sftp.c which prefers socketpair but uses pipes on
some older platforms.
* remove buffer len workaround for NetBSD 4.x
Switching to from pipes to a socketpair for communicating with the
ssh process avoids the (kernel bug?) problem.
* upstream: rewrite this test to use a multiplexed ssh session so we can
control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
* upstream: remove whitespace at EOL from code extracted from SUPERCOP
OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4
* upstream: ignore bogus upload/download buffer lengths in the limits
extension
OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8
* upstream: clamp the minimum buffer lengths and number of inflight
requests too
OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56
* upstream: avoid printf("%s", NULL) if using ssh
-oUserKnownHostsFile=none and a hostkey in one of the system known hosts file
changes; ok dtucker@
OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614
* upstream: Add a "Host" line to the output of ssh -G showing the
original host arg. Inspired by patch from vincent at bernat.ch via bz#3343,
ok djm@
OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883
* Remove skipping test when scp not in path.
An upcoming change renders this obsolete by adding scp's path to the
test sshd's PATH, and removing this first will make the subsequent sync
easier.
* upstream: Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find
it. Prompted by bz#3518.
OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0
* upstream: Move scp path setting to a helper function. The previous
commit to add scp to the test sshd's path causes the t-envpass test to fail
when the test scp is given using a fully qualified path. Put this in a
helper function and only call it from the scp tests.
OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4
* Retry package installation 3 times.
When setting up the CI environment, retry package installation 3 times
before going up. Should help prevent spurious failures during
infrastructure issues.
* upstream: Document "UserKnownHostsFile none". ok djm@
OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5
* upstream: fix double phrase in previous;
OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2
* upstream: Instead of skipping the all-tokens test if we don't have
OpenSSL (since we use it to compute the hash), put the hash at the end and
just omit it if we don't have it. Prompted by bz#3521.
OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea
* upstream: Shell syntax fix. From ren mingshuai vi github PR#369.
OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9
* Allow writev is seccomp sandbox.
This seems to be used by recent glibcs at least in some configurations.
From bz#3512, ok djm@
* upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP
(20221122) and change the import approach to the same one we use for
Streamlined NTRUPrime: use a shell script to extract the bits we need from
SUPERCOP, make some minor adjustments and squish them all into a single file.
ok tb@ tobhe@
OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b
* upstream: adapt to ed25519 changes in src/usr.bin/ssh
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
* upstream: Add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for some length of time. This
complements the recently-added ChannelTimeout option that terminates inactive
channels after a timeout.
ok markus@
OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9
* upstream: unbreak test: cannot access shell positional parameters
past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac
* upstream: regression test for UnusedConnectionTimeout
OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084
* upstream: also check that an active session inhibits
UnusedConnectionTimeout idea markus@
OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003
* upstream: For "ssh -V" always exit 0, there is no need to check opt
again. This was missed when the fallthrough in the switch case above it was
removed. OK deraadt@
OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120
* upstream: Add a -V (version) option to sshd like the ssh client
has. OK markus@ deraadt@
OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e
* upstream: when restoring non-blocking mode to stdio fds, restore
exactly the flags that ssh started with and don't just clobber them with
zero, as this could also remove the append flag from the set;
bz3523; ok dtucker@
OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0
* Skip connection-timeout when missing FD passing.
This tests uses multiplexing which uses file descriptor passing, so
skip it if we don't have that. Fixes test failures on Cygwin.
* Skip connection-timeout test under Valgrind.
Valgrind slows things down so much that the timeout test fails. Skip
this test until we figure out if we can make it work.
* upstream: tweak previous; ok djm
OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3
* upstream: Create and install sshd random relink kit.
../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
be too fragile, we'll see if we need a different approach. The resulting sshd
binary is tested with the new sshd -V option before installation. As the
binary layout is now semi-unknown (meaning relative, fixed, and gadget
offsets are not precisely known), change the filesystem permissions to 511 to
prevent what I call "logged in BROP". I have ideas for improving this further
but this is a first step ok djm
OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8
* upstream: delete useless dependency
OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad
* fix libfido2 detection without pkg-config
Place libfido2 before additional libraries (that it may depend upon)
and not after. bz3530 from James Zhang; ok dtucker@
* Skip connection-timeout test on minix3.
Minix 3's Unix domain sockets don't seem to work the way we expect, so
skip connection-timeout test on that platform. While there, group
together all similarly skipped tests and explicitly comment.
* upstream: fix double-free caused by compat_kex_proposal(); bz3522
by dtucker@, ok me
OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80
* upstream: openssh-9.2
OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923
* upstream: Check if we can copy sshd or need to use sudo to do so
during reexec test. Skip test if neither can work. Patch from anton@, tweaks
from me.
OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d
* upstream: test compat_kex_proposal(); by dtucker@
OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2
* adapt compat_kex_proposal() test to portable
* update version in README
* crank versions in RPM specs
* remove files from libssh project
* re-merge arc4random.c
* re-merge misc.c
* remove unused files from libssh.vcxproj
* fix outstanding merge conflicts
* fix build errors
* modify upstream workflows to trigger on workflow dispatch instead of all PRs
* fix scp client hanging with pipes
* fix some failing bash tests
* make bash test compatible with Windows
* address scp's sftp mode buf len limitations
* address review feedback
* address review feedback
* update comment
---------
Signed-off-by: Sam James <sam@gentoo.org>
Co-authored-by: djm@openbsd.org <djm@openbsd.org>
Co-authored-by: Darren Tucker <dtucker@dtucker.net>
Co-authored-by: Damien Miller <djm@mindrot.org>
Co-authored-by: Sam James <sam@gentoo.org>
Co-authored-by: jsg@openbsd.org <jsg@openbsd.org>
Co-authored-by: jmc@openbsd.org <jmc@openbsd.org>
Co-authored-by: dtucker@openbsd.org <dtucker@openbsd.org>
Co-authored-by: Harmen Stoppels <harmenstoppels@gmail.com>
Co-authored-by: Rochdi Nassah <rochdinassah.1998@gmail.com>
Co-authored-by: David Korczynski <david@adalogics.com>
Co-authored-by: Pierre Ossman <ossman@cendio.se>
Co-authored-by: mbuhl@openbsd.org <mbuhl@openbsd.org>
Co-authored-by: Rose <83477269+AtariDreams@users.noreply.github.com>
Co-authored-by: cheloha@openbsd.org <cheloha@openbsd.org>
Co-authored-by: deraadt@openbsd.org <deraadt@openbsd.org>
Co-authored-by: tb@openbsd.org <tb@openbsd.org>
Co-authored-by: millert@openbsd.org <millert@openbsd.org>
2023-02-09 22:57:36 +01:00
|
|
|
if (!force)
|
|
|
|
|
return;
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
2001-10-12 03:35:04 +02:00
|
|
|
/* detach by removing callback */
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_cancel_cleanup(ssh, s->chanid);
|
2005-11-05 04:52:50 +01:00
|
|
|
|
|
|
|
|
/* Close any X11 listeners associated with this session */
|
|
|
|
|
if (s->x11_chanids != NULL) {
|
|
|
|
|
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close_x11(ssh, s->x11_chanids[i]);
|
2005-11-05 04:52:50 +01:00
|
|
|
s->x11_chanids[i] = -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-10-12 03:35:04 +02:00
|
|
|
s->chanid = -1;
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close(ssh, s);
|
2001-10-10 07:14:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
session_destroy_all(struct ssh *ssh, void (*closefunc)(Session *))
|
2001-10-10 07:14:37 +02:00
|
|
|
{
|
|
|
|
|
int i;
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
2001-10-10 07:14:37 +02:00
|
|
|
Session *s = &sessions[i];
|
2002-03-22 03:30:41 +01:00
|
|
|
if (s->used) {
|
|
|
|
|
if (closefunc != NULL)
|
|
|
|
|
closefunc(s);
|
|
|
|
|
else
|
2017-09-12 08:32:07 +02:00
|
|
|
session_close(ssh, s);
|
2002-03-22 03:30:41 +01:00
|
|
|
}
|
2001-10-10 07:14:37 +02:00
|
|
|
}
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static char *
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
session_tty_list(void)
|
|
|
|
|
{
|
|
|
|
|
static char buf[1024];
|
|
|
|
|
int i;
|
2003-01-09 23:53:12 +01:00
|
|
|
char *cp;
|
|
|
|
|
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
buf[0] = '\0';
|
2008-05-19 07:34:50 +02:00
|
|
|
for (i = 0; i < sessions_nalloc; i++) {
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
Session *s = &sessions[i];
|
|
|
|
|
if (s->used && s->ttyfd != -1) {
|
2003-11-21 13:56:47 +01:00
|
|
|
|
2003-01-09 23:53:12 +01:00
|
|
|
if (strncmp(s->tty, "/dev/", 5) != 0) {
|
|
|
|
|
cp = strrchr(s->tty, '/');
|
|
|
|
|
cp = (cp == NULL) ? s->tty : cp + 1;
|
|
|
|
|
} else
|
|
|
|
|
cp = s->tty + 5;
|
2003-11-21 13:56:47 +01:00
|
|
|
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
if (buf[0] != '\0')
|
|
|
|
|
strlcat(buf, ",", sizeof buf);
|
2003-01-09 23:53:12 +01:00
|
|
|
strlcat(buf, cp, sizeof buf);
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (buf[0] == '\0')
|
|
|
|
|
strlcpy(buf, "notty", sizeof buf);
|
|
|
|
|
return buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
session_proctitle(Session *s)
|
|
|
|
|
{
|
|
|
|
|
if (s->pw == NULL)
|
|
|
|
|
error("no user for session %d", s->self);
|
|
|
|
|
else
|
|
|
|
|
setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-09 03:29:12 +02:00
|
|
|
int
|
2017-09-12 08:32:07 +02:00
|
|
|
session_setup_x11fwd(struct ssh *ssh, Session *s)
|
2001-06-09 03:29:12 +02:00
|
|
|
{
|
|
|
|
|
struct stat st;
|
2001-12-19 18:58:01 +01:00
|
|
|
char display[512], auth_display[512];
|
2014-07-03 13:24:19 +02:00
|
|
|
char hostname[NI_MAXHOST];
|
2005-07-17 09:19:24 +02:00
|
|
|
u_int i;
|
2001-06-09 03:29:12 +02:00
|
|
|
|
2018-03-03 04:15:51 +01:00
|
|
|
if (!auth_opts->permit_x11_forwarding_flag) {
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
|
2001-06-09 03:29:12 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (!options.x11_forwarding) {
|
|
|
|
|
debug("X11 forwarding disabled in server configuration file.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2014-12-22 08:55:51 +01:00
|
|
|
if (options.xauth_location == NULL ||
|
2001-06-09 03:29:12 +02:00
|
|
|
(stat(options.xauth_location, &st) == -1)) {
|
2019-01-19 22:41:53 +01:00
|
|
|
ssh_packet_send_debug(ssh, "No xauth program; cannot forward X11.");
|
2001-06-09 03:29:12 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
2001-06-13 06:41:41 +02:00
|
|
|
if (s->display != NULL) {
|
2001-06-09 03:29:12 +02:00
|
|
|
debug("X11 display already set.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2017-09-12 08:32:07 +02:00
|
|
|
if (x11_create_display_inet(ssh, options.x11_display_offset,
|
2002-06-23 23:48:28 +02:00
|
|
|
options.x11_use_localhost, s->single_connection,
|
2005-07-17 09:19:24 +02:00
|
|
|
&s->display_number, &s->x11_chanids) == -1) {
|
2001-06-13 06:41:41 +02:00
|
|
|
debug("x11_create_display_inet failed.");
|
2001-06-09 03:29:12 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
2005-07-17 09:19:24 +02:00
|
|
|
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
2017-09-12 08:32:07 +02:00
|
|
|
channel_register_cleanup(ssh, s->x11_chanids[i],
|
2005-11-05 04:52:50 +01:00
|
|
|
session_close_single_x11, 0);
|
2005-07-17 09:19:24 +02:00
|
|
|
}
|
2001-12-19 18:58:01 +01:00
|
|
|
|
|
|
|
|
/* Set up a suitable value for the DISPLAY variable. */
|
2019-06-28 15:35:04 +02:00
|
|
|
if (gethostname(hostname, sizeof(hostname)) == -1)
|
2001-12-19 18:58:01 +01:00
|
|
|
fatal("gethostname: %.100s", strerror(errno));
|
|
|
|
|
/*
|
|
|
|
|
* auth_display must be used as the displayname when the
|
|
|
|
|
* authorization entry is added with xauth(1). This will be
|
|
|
|
|
* different than the DISPLAY string for localhost displays.
|
|
|
|
|
*/
|
2002-02-05 02:11:34 +01:00
|
|
|
if (options.x11_use_localhost) {
|
2002-06-23 23:48:28 +02:00
|
|
|
snprintf(display, sizeof display, "localhost:%u.%u",
|
2001-12-19 18:58:01 +01:00
|
|
|
s->display_number, s->screen);
|
2002-06-23 23:48:28 +02:00
|
|
|
snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
|
2002-02-05 02:11:02 +01:00
|
|
|
s->display_number, s->screen);
|
2001-12-19 18:58:01 +01:00
|
|
|
s->display = xstrdup(display);
|
2002-02-05 02:11:02 +01:00
|
|
|
s->auth_display = xstrdup(auth_display);
|
2001-12-19 18:58:01 +01:00
|
|
|
} else {
|
|
|
|
|
#ifdef IPADDR_IN_DISPLAY
|
|
|
|
|
struct hostent *he;
|
|
|
|
|
struct in_addr my_addr;
|
|
|
|
|
|
|
|
|
|
he = gethostbyname(hostname);
|
|
|
|
|
if (he == NULL) {
|
|
|
|
|
error("Can't get IP address for X11 DISPLAY.");
|
2019-04-03 17:47:40 +02:00
|
|
|
ssh_packet_send_debug(ssh, "Can't get IP address for X11 DISPLAY.");
|
2001-12-19 18:58:01 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
|
2002-06-23 23:48:28 +02:00
|
|
|
snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
|
2001-12-19 18:58:01 +01:00
|
|
|
s->display_number, s->screen);
|
|
|
|
|
#else
|
2002-06-23 23:48:28 +02:00
|
|
|
snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
|
2001-12-19 18:58:01 +01:00
|
|
|
s->display_number, s->screen);
|
|
|
|
|
#endif
|
|
|
|
|
s->display = xstrdup(display);
|
2002-02-05 02:11:02 +01:00
|
|
|
s->auth_display = xstrdup(display);
|
2001-12-19 18:58:01 +01:00
|
|
|
}
|
|
|
|
|
|
2001-06-09 03:29:12 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static void
|
2017-09-12 08:32:07 +02:00
|
|
|
do_authenticated2(struct ssh *ssh, Authctxt *authctxt)
|
2000-04-12 10:45:05 +02:00
|
|
|
{
|
2017-09-12 08:32:07 +02:00
|
|
|
server_loop2(ssh, authctxt);
|
2003-10-02 08:12:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2017-09-12 08:32:07 +02:00
|
|
|
do_cleanup(struct ssh *ssh, Authctxt *authctxt)
|
2003-10-02 08:12:36 +02:00
|
|
|
{
|
|
|
|
|
static int called = 0;
|
|
|
|
|
|
|
|
|
|
debug("do_cleanup");
|
|
|
|
|
|
|
|
|
|
/* no cleanup if we're in the child for login shell */
|
|
|
|
|
if (is_child)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* avoid double cleanup */
|
|
|
|
|
if (called)
|
|
|
|
|
return;
|
|
|
|
|
called = 1;
|
|
|
|
|
|
2007-08-16 15:28:04 +02:00
|
|
|
if (authctxt == NULL)
|
2003-10-02 08:12:36 +02:00
|
|
|
return;
|
2007-08-16 15:28:04 +02:00
|
|
|
|
|
|
|
|
#ifdef USE_PAM
|
|
|
|
|
if (options.use_pam) {
|
|
|
|
|
sshpam_cleanup();
|
|
|
|
|
sshpam_thread_cleanup();
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (!authctxt->authenticated)
|
|
|
|
|
return;
|
|
|
|
|
|
2003-10-02 08:12:36 +02:00
|
|
|
#ifdef KRB5
|
|
|
|
|
if (options.kerberos_ticket_cleanup &&
|
|
|
|
|
authctxt->krb5_ctx)
|
|
|
|
|
krb5_cleanup_proc(authctxt);
|
2003-08-26 03:49:55 +02:00
|
|
|
#endif
|
2003-10-02 08:12:36 +02:00
|
|
|
|
|
|
|
|
#ifdef GSSAPI
|
2016-08-13 19:47:40 +02:00
|
|
|
if (options.gss_cleanup_creds)
|
2003-10-02 08:12:36 +02:00
|
|
|
ssh_gssapi_cleanup_creds();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* remove agent socket */
|
|
|
|
|
auth_sock_cleanup_proc(authctxt->pw);
|
|
|
|
|
|
2017-06-24 08:34:38 +02:00
|
|
|
/* remove userauth info */
|
|
|
|
|
if (auth_info_file != NULL) {
|
|
|
|
|
temporarily_use_uid(authctxt->pw);
|
|
|
|
|
unlink(auth_info_file);
|
|
|
|
|
restore_uid();
|
|
|
|
|
free(auth_info_file);
|
|
|
|
|
auth_info_file = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-02 08:12:36 +02:00
|
|
|
/*
|
|
|
|
|
* Cleanup ptys/utmp only if privsep is disabled,
|
|
|
|
|
* or if running in monitor.
|
|
|
|
|
*/
|
|
|
|
|
if (!use_privsep || mm_is_monitor())
|
2017-09-12 08:32:07 +02:00
|
|
|
session_destroy_all(ssh, session_pty_cleanup2);
|
2000-04-12 10:45:05 +02:00
|
|
|
}
|
2016-03-07 20:02:43 +01:00
|
|
|
|
|
|
|
|
/* Return a name for the remote host that fits inside utmp_size */
|
|
|
|
|
|
|
|
|
|
const char *
|
|
|
|
|
session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns)
|
|
|
|
|
{
|
|
|
|
|
const char *remote = "";
|
|
|
|
|
|
|
|
|
|
if (utmp_size > 0)
|
|
|
|
|
remote = auth_get_canonical_hostname(ssh, use_dns);
|
|
|
|
|
if (utmp_size == 0 || strlen(remote) > utmp_size)
|
|
|
|
|
remote = ssh_remote_ipaddr(ssh);
|
|
|
|
|
return remote;
|
|
|
|
|
}
|
2018-11-05 21:22:20 +01:00
|
|
|
/*
|
|
|
|
|
* Since in_chroot is static for now, create this function
|
|
|
|
|
* to have unix code intact
|
|
|
|
|
*/
|
|
|
|
|
#ifdef WINDOWS
|
|
|
|
|
int get_in_chroot()
|
|
|
|
|
{
|
|
|
|
|
return in_chroot;
|
|
|
|
|
}
|
2016-03-07 20:02:43 +01:00
|
|
|
|
2018-11-05 21:22:20 +01:00
|
|
|
/*
|
|
|
|
|
* Since do_setup_env is static for now, create this function
|
|
|
|
|
* to have unix code intact
|
|
|
|
|
*/
|
|
|
|
|
char **
|
|
|
|
|
do_setup_env_proxy(struct ssh *ssh, Session *s, const char *shell)
|
|
|
|
|
{
|
|
|
|
|
return do_setup_env(ssh, s, shell);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
