struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50. Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
modified: openbsd-compat/port-aix.c
modified: openbsd-compat/port-uw.c
propogate changes to auth-passwd.c in commit
7c85685760 to other providers
of sys_auth_passwd()
OpenBSD they are both non-blocking, but on many other -portable platforms it
blocks, stalling tests.
OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc
https://github.com/PowerShell/Win32-OpenSSH/issues/1096https://github.com/PowerShell/Win32-OpenSSH/issues/191
- Updated wait_for_multiple_objects_enhanced() to handle a no-event request while alterable.
- Simplified wait_for_any_event() to by taking advantage of no-event alterable request in wait_for_multiple_objects_enhanced().
- Updated wait_for_any_event() to use MAX_CHILDREN limit instead of MAXIMUM_WAIT_OBJECTS limit.
- Removed unnecessary ZeroMemory() call.
- Created distinct definition MAXIMUM_WAIT_OBJECTS_ENHANCED
and modified functions to use it.
- Upped w32_select() event limit.
- Modified wait_for_multiple_objects_enhanced() to allow for 0 millisecond wait.
Issue: When sshd times out due to login grace timeout, it leaves behind the unprivileged worker orphaned.
Fix: Add missing child's reference in monitor.
- Added wait_for_multiple_objects_enhanced() function that can logically handle wait-any on many children (system resources permitting).
- Added unit tests for wait_for_multiple_objects_enhanced().
- Incorporated use of wait_for_multiple_objects_enhanced() into main signal handler.
- Upped max child processes to 500.
"expiry-time" as the former is confusing wrt similar terminology in X.509;
pointed out by jsing@
OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793
"expiry-time" as the former is confusing wrt similar terminology in X.509;
pointed out by jsing@
OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6
1. Expand wildcard for input parameters
2. add scp tests with wildcard
3. for debug mode, need to enable the log to local log file.
4. update the path to log file
Regression: Service is unable to start if "ssh" programdata directory is missing.
Reason: This is due to refactored changes around w32_programdir() that moved its initialization to within win32_posix_initialize. sshd_main() is relying on this call even before the POSIX layer gets initialized.
Fix: Reverted the refactoring changes and added comments to consolidate these changes later. Also removed directory creation logic in install-sshd.ps1 that masked this issue before.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
This patch fixes that problem by setting the right value to
seccomp_audit_arch taking into account the MIPS64 ABI.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
points to something in /dev (rather than checking the device node itself);
makes life easier for portable, where systems with dynamic ptys can delete
nodes before we get around to testing their existence.
OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
This API parses options to a dedicated structure rather than the old API's
approach of setting global state. It also includes support for merging
options, e.g. from authorized_keys, authorized_principals and/or
certificates.
feedback and ok markus@
OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
different to what was requested. This might happen when an old/non-OpenSSH
agent is asked to make a rsa-sha2-256/512 signature but only supports
ssh-rsa. bz#2799 feedback and ok markus@
OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
Darren Tucker
markus@openbsd.org
Damien Miller
Tim Rice
dtucker@openbsd.org
Bryan Berns
Manoj Ampalam
djm@openbsd.org
jmc@openbsd.org
Yanbing
Vicente Olivert Riera
Alan Yee