upstream: spelling ok dtucker@
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
This commit is contained in:
parent
6b977f8080
commit
cb885178f3
|
@ -21,7 +21,7 @@ The message format is:
|
||||||
bool is_forwarding
|
bool is_forwarding
|
||||||
|
|
||||||
Where 'hostkey' is the encoded server host public key, 'session
|
Where 'hostkey' is the encoded server host public key, 'session
|
||||||
identfier' is the exchange hash derived from the initial key
|
identifier' is the exchange hash derived from the initial key
|
||||||
exchange, 'signature' is the server's signature of the session
|
exchange, 'signature' is the server's signature of the session
|
||||||
identifier using the private hostkey, as sent in the final
|
identifier using the private hostkey, as sent in the final
|
||||||
SSH2_MSG_KEXDH_REPLY/SSH2_MSG_KEXECDH_REPLY message of the initial key
|
SSH2_MSG_KEXDH_REPLY/SSH2_MSG_KEXECDH_REPLY message of the initial key
|
||||||
|
@ -62,12 +62,12 @@ An a keyspec consists of:
|
||||||
When receiving this message, the agent will ensure that the
|
When receiving this message, the agent will ensure that the
|
||||||
'from_username' field is empty, and that 'to_hostname' and 'to_hostkeys'
|
'from_username' field is empty, and that 'to_hostname' and 'to_hostkeys'
|
||||||
have been supplied (empty 'from_hostname' and 'from_hostkeys' are valid
|
have been supplied (empty 'from_hostname' and 'from_hostkeys' are valid
|
||||||
and signify the inital hop from the host running ssh-agent). The agent
|
and signify the initial hop from the host running ssh-agent). The agent
|
||||||
will then record the constraint against the key.
|
will then record the constraint against the key.
|
||||||
|
|
||||||
Subsequent operations on this key including add/remove/request
|
Subsequent operations on this key including add/remove/request
|
||||||
identities and, in particular, signature requests will check the key
|
identities and, in particular, signature requests will check the key
|
||||||
constraints agains the session-bind@openssh.com bindings recorded for
|
constraints against the session-bind@openssh.com bindings recorded for
|
||||||
the agent connection over which they were received.
|
the agent connection over which they were received.
|
||||||
|
|
||||||
3. SSH_AGENT_CONSTRAIN_MAXSIGN key constraint
|
3. SSH_AGENT_CONSTRAIN_MAXSIGN key constraint
|
||||||
|
@ -81,4 +81,4 @@ the constraint is:
|
||||||
|
|
||||||
This option is only valid for XMSS keys.
|
This option is only valid for XMSS keys.
|
||||||
|
|
||||||
$OpenBSD: PROTOCOL.agent,v 1.15 2021/12/19 22:15:21 djm Exp $
|
$OpenBSD: PROTOCOL.agent,v 1.16 2022/01/01 01:55:30 jsg Exp $
|
||||||
|
|
|
@ -15,7 +15,7 @@ Most messages from the client to the server contain a "request id"
|
||||||
field. This field is returned in replies as "client request id" to
|
field. This field is returned in replies as "client request id" to
|
||||||
facilitate matching of responses to requests.
|
facilitate matching of responses to requests.
|
||||||
|
|
||||||
Many muliplexing (mux) client requests yield immediate responses from
|
Many multiplexing (mux) client requests yield immediate responses from
|
||||||
the mux process; requesting a forwarding, performing an alive check or
|
the mux process; requesting a forwarding, performing an alive check or
|
||||||
requesting the master terminate itself fall in to this category.
|
requesting the master terminate itself fall in to this category.
|
||||||
|
|
||||||
|
@ -216,7 +216,7 @@ MUX_S_FAILURE.
|
||||||
|
|
||||||
9. Requesting proxy mode
|
9. Requesting proxy mode
|
||||||
|
|
||||||
A client may request that the the control connection be placed in proxy
|
A client may request that the control connection be placed in proxy
|
||||||
mode:
|
mode:
|
||||||
|
|
||||||
uint32 MUX_C_PROXY
|
uint32 MUX_C_PROXY
|
||||||
|
@ -295,4 +295,4 @@ XXX session inspection via master
|
||||||
XXX signals via mux request
|
XXX signals via mux request
|
||||||
XXX list active connections via mux
|
XXX list active connections via mux
|
||||||
|
|
||||||
$OpenBSD: PROTOCOL.mux,v 1.12 2020/03/13 03:17:07 djm Exp $
|
$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
|
/* $OpenBSD: authfile.c,v 1.142 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -368,7 +368,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
|
||||||
* Returns success if the specified "key" is listed in the file "filename",
|
* Returns success if the specified "key" is listed in the file "filename",
|
||||||
* SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
|
* SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
|
||||||
* If "strict_type" is set then the key type must match exactly,
|
* If "strict_type" is set then the key type must match exactly,
|
||||||
* otherwise a comparison that ignores certficiate data is performed.
|
* otherwise a comparison that ignores certificate data is performed.
|
||||||
* If "check_ca" is set and "key" is a certificate, then its CA key is
|
* If "check_ca" is set and "key" is a certificate, then its CA key is
|
||||||
* also checked and sshkey_in_file() will return success if either is found.
|
* also checked and sshkey_in_file() will return success if either is found.
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: channels.c,v 1.408 2021/09/14 11:04:21 mbuhl Exp $ */
|
/* $OpenBSD: channels.c,v 1.409 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -543,7 +543,7 @@ permission_set_get_array(struct ssh *ssh, int who, int where,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Adds an entry to the spcified forwarding list */
|
/* Adds an entry to the specified forwarding list */
|
||||||
static int
|
static int
|
||||||
permission_set_add(struct ssh *ssh, int who, int where,
|
permission_set_add(struct ssh *ssh, int who, int where,
|
||||||
const char *host_to_connect, int port_to_connect,
|
const char *host_to_connect, int port_to_connect,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: clientloop.c,v 1.372 2021/12/19 22:08:48 djm Exp $ */
|
/* $OpenBSD: clientloop.c,v 1.373 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1231,7 +1231,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
||||||
fatal_f("pledge(): %s", strerror(errno));
|
fatal_f("pledge(): %s", strerror(errno));
|
||||||
|
|
||||||
} else if (options.update_hostkeys) {
|
} else if (options.update_hostkeys) {
|
||||||
debug("pledge: fileystem");
|
debug("pledge: filesystem");
|
||||||
if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
|
if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
|
||||||
NULL) == -1)
|
NULL) == -1)
|
||||||
fatal_f("pledge(): %s", strerror(errno));
|
fatal_f("pledge(): %s", strerror(errno));
|
||||||
|
|
2
packet.c
2
packet.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: packet.c,v 1.303 2021/11/25 23:02:24 djm Exp $ */
|
/* $OpenBSD: packet.c,v 1.304 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp-client.c,v 1.157 2021/11/06 10:13:39 dtucker Exp $ */
|
/* $OpenBSD: sftp-client.c,v 1.158 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||||
*
|
*
|
||||||
|
@ -341,7 +341,7 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
|
||||||
return handle;
|
return handle;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* XXX returing &static is error-prone. Refactor to fill *Attrib argument */
|
/* XXX returning &static is error-prone. Refactor to fill *Attrib argument */
|
||||||
static Attrib *
|
static Attrib *
|
||||||
get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
||||||
{
|
{
|
||||||
|
@ -381,7 +381,7 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
||||||
sshbuf_free(msg);
|
sshbuf_free(msg);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
debug3("Recevied stat reply T:%u I:%u F:0x%04x M:%05o",
|
debug3("Received stat reply T:%u I:%u F:0x%04x M:%05o",
|
||||||
type, id, a.flags, a.perm);
|
type, id, a.flags, a.perm);
|
||||||
sshbuf_free(msg);
|
sshbuf_free(msg);
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp-client.h,v 1.34 2021/08/09 23:47:44 djm Exp $ */
|
/* $OpenBSD: sftp-client.h,v 1.35 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||||
|
@ -183,7 +183,7 @@ int crossload_dir(struct sftp_conn *from, struct sftp_conn *to,
|
||||||
char *path_append(const char *, const char *);
|
char *path_append(const char *, const char *);
|
||||||
|
|
||||||
/* Make absolute path if relative path and CWD is given. Does not modify
|
/* Make absolute path if relative path and CWD is given. Does not modify
|
||||||
* original if the the path is already absolute. */
|
* original if the path is already absolute. */
|
||||||
char *make_absolute(char *, const char *);
|
char *make_absolute(char *, const char *);
|
||||||
|
|
||||||
/* Check if remote path is directory */
|
/* Check if remote path is directory */
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: sftp-server.c,v 1.134 2021/11/18 03:06:03 djm Exp $ */
|
/* $OpenBSD: sftp-server.c,v 1.135 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -667,7 +667,7 @@ send_statvfs(u_int32_t id, struct statvfs *st)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare SSH2_FXP_VERSION extension advertisement for a single extension.
|
* Prepare SSH2_FXP_VERSION extension advertisement for a single extension.
|
||||||
* The extension is checked for permission prior to advertisment.
|
* The extension is checked for permission prior to advertisement.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
compose_extension(struct sshbuf *msg, const char *name, const char *ver)
|
compose_extension(struct sshbuf *msg, const char *name, const char *ver)
|
||||||
|
@ -704,7 +704,7 @@ process_init(void)
|
||||||
(r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
|
(r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
|
||||||
fatal_fr(r, "compose");
|
fatal_fr(r, "compose");
|
||||||
|
|
||||||
/* extension advertisments */
|
/* extension advertisements */
|
||||||
compose_extension(msg, "posix-rename@openssh.com", "1");
|
compose_extension(msg, "posix-rename@openssh.com", "1");
|
||||||
compose_extension(msg, "statvfs@openssh.com", "2");
|
compose_extension(msg, "statvfs@openssh.com", "2");
|
||||||
compose_extension(msg, "fstatvfs@openssh.com", "2");
|
compose_extension(msg, "fstatvfs@openssh.com", "2");
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh-agent.c,v 1.283 2021/12/19 22:13:55 djm Exp $ */
|
/* $OpenBSD: ssh-agent.c,v 1.284 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -450,7 +450,7 @@ identity_permitted(Identity *id, SocketEntry *e, char *user,
|
||||||
* request (i.e. no 'user' supplied), then only permit the key if
|
* request (i.e. no 'user' supplied), then only permit the key if
|
||||||
* there is a permission that would allow it to be used at another
|
* there is a permission that would allow it to be used at another
|
||||||
* destination. This hides keys that are allowed to be used to
|
* destination. This hides keys that are allowed to be used to
|
||||||
* authenicate *to* a host but not permitted for *use* beyond it.
|
* authenticate *to* a host but not permitted for *use* beyond it.
|
||||||
*/
|
*/
|
||||||
hks = &e->session_ids[e->nsession_ids - 1];
|
hks = &e->session_ids[e->nsession_ids - 1];
|
||||||
if (hks->forwarded && user == NULL &&
|
if (hks->forwarded && user == NULL &&
|
||||||
|
|
4
umac.h
4
umac.h
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: umac.h,v 1.4 2019/06/07 14:18:48 dtucker Exp $ */
|
/* $OpenBSD: umac.h,v 1.5 2022/01/01 01:55:30 jsg Exp $ */
|
||||||
/* -----------------------------------------------------------------------
|
/* -----------------------------------------------------------------------
|
||||||
*
|
*
|
||||||
* umac.h -- C Implementation UMAC Message Authentication
|
* umac.h -- C Implementation UMAC Message Authentication
|
||||||
|
@ -59,7 +59,7 @@ struct umac_ctx *umac_new(const u_char key[]);
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
int umac_reset(struct umac_ctx *ctx);
|
int umac_reset(struct umac_ctx *ctx);
|
||||||
/* Reset a umac_ctx to begin authenicating a new message */
|
/* Reset a umac_ctx to begin authenticating a new message */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int umac_update(struct umac_ctx *ctx, const u_char *input, long len);
|
int umac_update(struct umac_ctx *ctx, const u_char *input, long len);
|
||||||
|
|
Loading…
Reference in New Issue