Commit Graph

8714 Commits

Author SHA1 Message Date
Damien Miller c9792783a9 Add a gnome-ssh-askpass3 target for GTK+3 version
Based on patch from Colin Watson via bz#2640
2016-12-06 18:43:37 +11:00
Damien Miller 7be85ae02b Make gnome-ssh-askpass2.c GTK+3-friendly
Patch from Colin Watson via bz#2640
2016-12-06 18:43:37 +11:00
djm@openbsd.org b9844a45c7 upstream commit
Fix public key authentication when multiple
authentication is in use. Instead of deleting and re-preparing the entire
keys list, just reset the 'used' flags; the keys list is already in a good
order (with already- tried keys at the back)

Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@

Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
2016-12-05 17:24:42 +11:00
dtucker@openbsd.org f2398eb774 upstream commit
Unlink PidFile on SIGHUP and always recreate it when the
new sshd starts. Regression tests (and possibly other things) depend on the
pidfile being recreated after SIGHUP, and unlinking it means it won't contain
a stale pid if sshd fails to restart.  ok djm@ markus@

Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
2016-12-05 17:24:42 +11:00
djm@openbsd.org 85aa2efeba upstream commit
test new behaviour of cert force-command restriction vs.
authorized_key/ principals

Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
2016-11-30 19:44:50 +11:00
jmc@openbsd.org 5d333131cd upstream commit
tweak previous; while here fix up FILES and AUTHORS;

Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
2016-11-30 19:44:25 +11:00
djm@openbsd.org 786d5994da upstream commit
add a whitelist of paths from which ssh-agent will load
(via ssh-pkcs11-helper) a PKCS#11 module; ok markus@

Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
2016-11-30 19:44:24 +11:00
djm@openbsd.org 7844f357cd upstream commit
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.

This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@

Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
2016-11-30 19:44:01 +11:00
djm@openbsd.org fd6dcef203 upstream commit
When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, refuse to accept the
certificate unless they are identical.

The previous (documented) behaviour of having the certificate forced-
command override the other could be a bit confused and more error-prone.

Pointed out by Jann Horn of Project Zero; ok dtucker@

Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
2016-11-30 19:44:01 +11:00
dtucker@openbsd.org 7fc4766ac7 upstream commit
On startup, check to see if sshd is already daemonized
and if so, skip the call to daemon() and do not rewrite the PidFile.  This
means that when sshd re-execs itself on SIGHUP the process ID will no longer
change.  Should address bz#2641.  ok djm@ markus@.

Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
2016-11-30 19:44:01 +11:00
Damien Miller c9f880c195 factor out common PRNG reseed before privdrop
Add a call to RAND_poll() to ensure than more than pid+time gets
stirred into child processes states. Prompted by analysis from Jann
Horn at Project Zero. ok dtucker@
2016-11-30 13:51:49 +11:00
dtucker@openbsd.org 79e4829ec8 upstream commit
Allow PuTTY interop tests to run unattended.  bz#2639,
patch from cjwatson at debian.org.

Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0
2016-11-29 17:19:57 +11:00
dtucker@openbsd.org 504c3a9a1b upstream commit
Reverse args to sshd-log-wrapper.  Matches change in
portable, where it allows sshd do be optionally run under Valgrind.

Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
2016-11-29 17:19:21 +11:00
dtucker@openbsd.org bd13017736 upstream commit
Fix typo in trace message; from portable.

Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a
2016-11-29 17:17:19 +11:00
tb@openbsd.org 7da751d8b0 upstream commit
Clean up MALLOC_OPTIONS.  For the unittests, move
MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.

ok otto

Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
2016-11-29 17:16:29 +11:00
tb@openbsd.org 36f58e6822 upstream commit
Remove the obsolete A and P flags from MALLOC_OPTIONS.

ok dtucker

Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59
2016-11-29 17:14:27 +11:00
dtucker@openbsd.org b0899ee26a upstream commit
Factor out code to disconnect from controlling terminal
into its own function.  ok djm@

Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
2016-11-29 16:51:27 +11:00
djm@openbsd.org 54d022026a upstream commit
use sshbuf_allocate() to pre-allocate the buffer used for
loading keys. This avoids implicit realloc inside the buffer code, which
might theoretically leave fragments of the key on the heap. This doesn't
appear to happen in practice for normal sized keys, but was observed for
novelty oversize ones.

Pointed out by Jann Horn of Project Zero; ok markus@

Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1
2016-11-29 16:48:02 +11:00
djm@openbsd.org a9c7460887 upstream commit
split allocation out of sshbuf_reserve() into a separate
sshbuf_allocate() function; ok markus@

Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
2016-11-29 16:48:02 +11:00
markus@openbsd.org f0ddedee46 upstream commit
allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
djm

Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
2016-11-24 16:07:26 +11:00
djm@openbsd.org 1a6f9d2e24 upstream commit
unbreak DenyUsers; reported by henning@

Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
2016-11-10 10:33:51 +11:00
djm@openbsd.org 010359b326 upstream commit
Validate address ranges for AllowUser/DenyUsers at
configuration load time and refuse to accept bad ones. It was previously
possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
these would always match.

Thanks to Laurence Parry for a detailed bug report. ok markus (for
a previous diff version)

Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
2016-11-06 16:48:29 +11:00
djm@openbsd.org efb494e81d upstream commit
Improve pkcs11_add_provider() logging: demote some
excessively verbose error()s to debug()s, include PKCS#11 provider name and
slot in log messages where possible. bz#2610, based on patch from Jakub Jelen

Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
2016-11-06 16:47:43 +11:00
Darren Tucker 5ee3fb5aff Use ptrace(PT_DENY_ATTACH, ..) on OS X. 2016-11-01 08:12:33 +11:00
Damien Miller 315d2a4e67 Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
ok dtucker@
2016-10-28 14:34:56 +11:00
Darren Tucker a9ff3950b8 Move OPENSSL_NO_RIPEMD160 to compat.
Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
ripemd160 MACs.
2016-10-28 14:26:58 +11:00
Darren Tucker bce5888516 Check if RIPEMD160 is disabled in OpenSSL. 2016-10-28 13:52:31 +11:00
Darren Tucker d924640d4c Skip ssh1 specfic ciphers.
cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try
to compile them when Protocol 1 is not enabled.
2016-10-28 13:38:19 +11:00
jsg@openbsd.org 79d078e7a4 upstream commit
Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted().  This broke ssh port
forwarding for non-priv ports as a non root user.

ok dtucker@ 'looks good' deraadt@

Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
2016-10-26 08:52:46 +11:00
dtucker@openbsd.org a903e315de upstream commit
Remove dead breaks, found via opencoverage.net.  ok
deraadt@

Upstream-ID: ad9cc655829d67fad219762810770787ba913069
2016-10-26 08:52:46 +11:00
Darren Tucker b4e96b4c9b Use !=NULL instead of >0 for getdefaultproj.
getdefaultproj() returns a pointer so test it for NULL inequality
instead of >0.  Fixes compiler warning and is more correct.  Patch from
David Binderman.
2016-10-26 08:43:25 +11:00
dtucker@openbsd.org 1c4ef0b808 upstream commit
Factor out "can bind to low ports" check into its own function.  This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625).  ok djm@, "doesn't offend me too much"
deraadt@.

Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
2016-10-24 10:42:57 +11:00
dtucker@openbsd.org 0b9ee623d5 upstream commit
When tearing down ControlMaster connecctions, don't
pollute stderr when LogLevel=quiet.  Patch from Tim Kuijsten via tech@.

Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
2016-10-24 10:42:57 +11:00
Darren Tucker 09e6a7d835 Wrap stdint.h include in ifdef. 2016-10-24 09:06:18 +11:00
Darren Tucker 08d9e9516e Fix formatting. 2016-10-21 09:46:46 +11:00
Darren Tucker 461f50e7ab Update links to https.
www.openssh.com now supports https and ftp.openbsd.org no longer
supports ftp.  Make all links to these https.
2016-10-21 06:55:58 +11:00
Darren Tucker dd4e7212a6 Update host key generation examples.
Remove ssh1 host key generation, add ssh-keygen -A
2016-10-21 06:48:46 +11:00
Darren Tucker 6d49ae8263 Update links.
Make links to openssh.com HTTPS now that it's supported, point release
notes link to the HTML release notes page, and update a couple of other
links and bits of text.
2016-10-21 05:22:55 +11:00
Darren Tucker fe0d1ca6ac Remote channels .orig and .rej files.
These files were incorrectly added during an OpenBSD sync.
2016-10-20 03:42:09 +11:00
dtucker@openbsd.org 246aa842a4 upstream commit
Remove channel_input_port_forward_request(); the only caller
was the recently-removed SSH1 server code so it's now dead code.  ok markus@

Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
2016-10-19 07:16:01 +11:00
millert@openbsd.org 2c6697c443 upstream commit
Install a signal handler for tty-generated signals and
wait for the ssh child to suspend before suspending sftp.  This lets ssh
restore the terminal mode as needed when it is suspended at the password
prompt.  OK dtucker@

Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
2016-10-19 03:30:04 +11:00
jmc@openbsd.org fd2a8f1033 upstream commit
various formatting fixes, specifically removing Dq;

Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
2016-10-19 03:30:04 +11:00
Darren Tucker 8f866d8a57 Import readpassphrase.c rev 1.26.
Author: miller@openbsd.org:
Avoid generate SIGTTOU when restoring the terminal mode.  If we get
SIGTTOU it means the process is not in the foreground process group
which, in most cases, means that the shell has taken control of the tty.
Requiring the user the fg the process in this case doesn't make sense
and can result in both SIGTSTP and SIGTTOU being sent which can lead to
the process being suspended again immediately after being brought into
the foreground.
2016-10-19 03:26:09 +11:00
Darren Tucker f901440cc8 Import readpassphrase.c rev 1.25.
Wrap <readpassphrase.h> so internal calls go direct and
readpassphrase is weak.

(DEF_WEAK is a no-op in portable.)
2016-10-19 03:23:16 +11:00
Darren Tucker 032147b695 Move DEF_WEAK into defines.h.
As well pull in more recent changes from OpenBSD these will start to
arrive so put it where the definition is shared.
2016-10-15 05:51:12 +11:00
Darren Tucker e0259a82dd Remove do_pam_set_tty which is dead code.
The callers of do_pam_set_tty were removed in 2008, so this is now dead
code.  bz#2604, pointed out by jjelen at redhat.com.
2016-10-15 04:34:46 +11:00
Damien Miller ca04de83f2 unbreak principals-command test
Undo inconsistetly updated variable name.
2016-10-13 18:55:25 +11:00
djm@openbsd.org 1723ec92eb upstream commit
fix the KEX fuzzer - the previous method of obtaining the
packet contents was broken. This now uses the new per-packet input hook, so
it sees exact post-decrypt packets and doesn't have to pass packet integrity
checks. ok markus@

Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
2016-10-13 18:55:25 +11:00
natano@openbsd.org 09f997893f upstream commit
Move USER out of the way to unbreak the BUILDUSER
mechanism. ok tb

Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
2016-10-13 18:55:25 +11:00
bluhm@openbsd.org 3049a012c4 upstream commit
In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
environment can change it. OK djm@

Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
2016-10-13 18:55:25 +11:00