Commit Graph

11248 Commits

Author SHA1 Message Date
Darren Tucker 7909a566f6 Skip scp3 tests on all dfly58 and 60 configs. 2021-08-15 12:45:10 +10:00
Tim Rice e65198e52c openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h
to get sigset_t from signal.h needed for the pselect replacement.
2021-08-14 13:08:07 -07:00
Darren Tucker e50635640f Test OpenSSH from OpenBSD head on 6.8 and 6.9. 2021-08-13 13:21:00 +10:00
Darren Tucker e0ba38861c Skip scp3 test on dragonfly 58 and 60.
The tests hang, so skip until we figure them out.
2021-08-13 13:00:14 +10:00
djm@openbsd.org dcce2a2bcf upstream: mention that CASignatureAlgorithms accepts +/- similarly to
the other algorithm list directives; ok jmc bz#3335

OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9
2021-08-13 10:01:15 +10:00
schwarze@openbsd.org 090a82486e upstream: In the editline(3) branch of the sftp(1) event loop,
handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to
discard the currently edited command line and get a fresh prompt, just like
in ftp(1), bc(1), and in shells.

It is critical to not use ssl_signal() for this particular case
because that function unconditionally sets SA_RESTART, but here we
need the signal to interrupt the read(2) in the el_gets(3) event loop.

OK dtucker@ deraadt@

OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299
2021-08-12 23:05:33 +10:00
naddy@openbsd.org e1371e4f58 upstream: scp: tweak man page and error message for -3 by default
Now that the -3 option is enabled by default, flip the documentation
and error message logic from "requires -3" to "blocked by -R".

ok djm@

OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020
2021-08-12 23:03:13 +10:00
naddy@openbsd.org 49f46f6d77 upstream: scp: do not spawn ssh with two -s flags for
remote-to-remote copies

Do not add another "-s" to the argument vector every time an SFTP
connection is initiated.  Instead, introduce a subsystem flag to
do_cmd() and add "-s" when the flag is set.

ok djm@

OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1
2021-08-12 23:03:13 +10:00
djm@openbsd.org 2a2cd00783 upstream: test -Oprint-pubkey
OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0
2021-08-11 18:56:35 +10:00
djm@openbsd.org b9f4635ea5 upstream: when verifying sshsig signatures, support an option
(-Oprint-pubkey) to dump the full public key to stdout; based on patch from
Fabian Stelzer; ok markus@

OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2
2021-08-11 18:56:29 +10:00
djm@openbsd.org 750c1a45ba upstream: oops, missed one more %p
OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb
2021-08-11 18:37:30 +10:00
djm@openbsd.org b5aa27b69a upstream: remove a bunch of %p in format strings; leftovers of
debuggings past. prompted by Michael Forney, ok dtucker@

OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac
2021-08-11 18:37:30 +10:00
Darren Tucker 419aa01123 Add includes.h to compat tests.
On platforms where closefrom returns void (eg glibc>=2.34) the prototype
for closefrom in its compat tests would cause compile errors.  Remove
this and have the tests pull in the compat headers in the same way as
the main code.  bz#3336.
2021-08-11 09:21:09 +10:00
djm@openbsd.org 931f592f26 upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too
OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0
2021-08-10 13:37:27 +10:00
djm@openbsd.org 391ca67fb9 upstream: Prepare for a future where scp(1) uses the SFTP protocol by
default. Replace recently added -M option to select the protocol with -O
(olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
it will be removed in the near future (so no, don't use it in scripts!).

prompted by/feedback from deraadt@

OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
2021-08-10 13:37:20 +10:00
djm@openbsd.org bfdd4b722f upstream: make scp -3 the default for remote-to-remote copies. It
provides a much better and more intuitive user experience and doesn't require
exposing credentials to the source host.

thanks naddy@ for catching the missing argument in usage()

"Yes please!" - markus@
"makes a lot of sense" - deraadt@
"the right thing to do" - dtucker@

OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9
2021-08-10 12:47:46 +10:00
djm@openbsd.org 2f7a3b51ce upstream: make scp in SFTP mode try to use relative paths as much
as possible. Previosuly, it would try to make relative and ~/-rooted paths
absolute before requesting transfers.

prompted by and much discussion deraadt@
ok markus@

OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566
2021-08-10 12:47:46 +10:00
djm@openbsd.org 2ab864010e upstream: SFTP protocol extension to allow the server to expand
~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discussion deraadt@
ok markus@

OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
2021-08-10 12:47:46 +10:00
djm@openbsd.org 41b019ac06 upstream: when scp is in SFTP mode, try to deal better with ~
prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted
and prefixed with the SFTP server starting directory (more to come)

prompted by and discussed with deraadt@
ok markus@

OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d
2021-08-10 12:47:45 +10:00
djm@openbsd.org b4b3f3da6c upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

(this was originally committed as r1.223 along with unrelated stuff that
I rolled back in r1.224)

OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b
2021-08-10 12:47:45 +10:00
djm@openbsd.org 2ae7771749 upstream: rever r1.223 - I accidentally committed unrelated changes
OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9
2021-08-10 12:47:45 +10:00
djm@openbsd.org 986abe94d4 upstream: show only the final path component in the progress meter;
more useful with long paths (that may truncate) and better matches
traditional scp behaviour; spotted by naddy@ ok deraadt@

OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3
2021-08-10 12:47:39 +10:00
djm@openbsd.org 2b67932bb3 upstream: on fatal errors, make scp wait for ssh connection before
exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
after scp has returned exited and control has returned to the shell; ok
markus@

OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
2021-08-10 12:47:39 +10:00
dtucker@openbsd.org 724eb900ac upstream: xstrdup environment variable used by ForwardAgent. bz#3328
from goetze at dovetail.com, ok djm@ deraadt@

OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742
2021-08-08 19:14:51 +10:00
dtucker@openbsd.org 86b4cb3a88 upstream: Although it's POSIX, not all shells used in Portable support
the implicit 'in "$@"' after 'for i'.

OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc
2021-08-08 18:43:41 +10:00
Darren Tucker f2ccf6c9f3 Move portable specific settings down.
This brings the top hunk of the file back in sync with OpenBSD
so patches to the CVS Id should apply instead of always being
rejected.
2021-08-08 17:39:56 +10:00
dtucker@openbsd.org 71b0eb997e upstream: Move setting of USER further down the startup In portable
we have to change this and having it in the same hunk as the CVS Id string
means applying changes fails every. single. time.

OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b
2021-08-08 17:35:45 +10:00
dtucker@openbsd.org f0aca2706c upstream: Drop -q in ssh-log-wrapper.sh to preserve logs.
scp and sftp like to add -q to the command line passed to ssh which
overrides the LogLevel we set in the config files and suppresses output
to the debug logs so drop any "-q" from the invoked ssh.  In the one
case where we actually want to use -q in the banner test, call the ssh
binary directly bypassing the logging wrapper.

OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75
2021-08-08 17:19:56 +10:00
dtucker@openbsd.org cf27810a64 upstream: Fix prototype mismatch for do_cmd. ok djm@
OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d
2021-08-07 12:11:03 +10:00
djm@openbsd.org 85de69f646 upstream: sftp-client.c needs poll.h
remove unused variable

OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16
2021-08-07 11:57:13 +10:00
Darren Tucker 397c4d72e5 Include poll.h and friends for struct pollfd. 2021-08-07 11:30:57 +10:00
djm@openbsd.org a9e2c53319 upstream: do_upload() used a near-identical structure for
tracking expected status replies from the server to what do_download() was
using.

Refactor it to use the same structure and factor out some common
code into helper functions.

OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054
2021-08-07 10:20:31 +10:00
djm@openbsd.org 7b1cbcb759 upstream: make scp(1) in SFTP mode follow symlinks like
traditional scp(1) ok markus@

OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231
2021-08-07 10:20:31 +10:00
djm@openbsd.org 133b44e500 upstream: fix incorrect directory permissions on scp -3
transfers; ok markus@

OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2
2021-08-07 10:20:31 +10:00
djm@openbsd.org 98b59244ca upstream: a bit more debugging of file attributes being
sent/received over the wire

OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b
2021-08-07 10:20:31 +10:00
djm@openbsd.org c677e65365 upstream: make scp(1) in SFTP mode output better match original
scp(1) by suppressing "Retrieving [path]" lines that were emitted to support
the interactive sftp(1) client. ok markus@

OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc
2021-08-07 10:20:31 +10:00
djm@openbsd.org 48cd39b7a4 upstream: factor out a structure duplicated between downloading
and crossloading; ok markus@

OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39
2021-08-07 10:20:31 +10:00
djm@openbsd.org 318c06bb04 upstream: use sftp_client crossloading to implement scp -3
feedback/ok markus@

OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9
2021-08-07 10:20:31 +10:00
djm@openbsd.org de7115b373 upstream: support for "cross"-loading files/directories, i.e.
downloading from one SFTP server while simultaneously uploading to another.

feedback & ok markus@

OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235
2021-08-07 10:20:24 +10:00
djm@openbsd.org a50bd0367f upstream: factor our SSH2_FXP_OPEN calls into their own function;
"looks fine" markus@

OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb
2021-08-07 10:20:24 +10:00
djm@openbsd.org e3c0ba0587 upstream: prepare for scp -3 implemented via sftp
OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44
2021-08-07 10:20:24 +10:00
dtucker@openbsd.org 395d8fbdb0 upstream: Make diff invocation more portable.
POSIX does not require diff to have -N, so compare in both directions
with just -r, which should catch missing files in either directory.

OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7
2021-08-06 19:33:31 +10:00
djm@openbsd.org d247a73ce2 upstream: regression test for scp -3
OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d
2021-08-06 16:57:37 +10:00
dtucker@openbsd.org 35c8e41a6f upstream: Document "ProxyJump none". bz#3334.
OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7
2021-08-06 16:54:34 +10:00
dtucker@openbsd.org 911ec64118 upstream: Allow for different (but POSIX compliant) behaviour of
basename(3) and prevent a use-after-free in that case in the new sftp-compat
code.

POSIX allows basename(3) to either return a pointer to static storage
or modify the passed string and return a pointer to that.  OpenBSD does
the former and works as is, but on other platforms "filename" points
into "tmp" which was just freed.  This makes the freeing of tmp
consistent with the other variable in the loop.

Pinpointed by the -portable Valgrind regress test.  ok djm@ deraadt@

OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374
2021-08-04 12:04:33 +10:00
Damien Miller 6df1fecb5d use openbsd-compat glob.h is required 2021-08-04 11:05:11 +10:00
Darren Tucker 9ebd182888 Missing space between macro arg and punctuation.
From jmc@
2021-08-03 21:03:23 +10:00
Darren Tucker 0fd3f62edd Avoid lines >80 chars. From jmc@ 2021-08-03 21:02:33 +10:00
djm@openbsd.org af5d8094d8 upstream: regression tests for scp SFTP protocol support; mostly by
Jakub Jelen in GHPR#194 ok markus

OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715
2021-08-03 11:15:06 +10:00
anton@openbsd.org e4673b7f67 upstream: Treat doas with arguments as a valid SUDO variable.
Allows one to specify SUDO="doas -n" which I do while running make regress.

ok dtucker@

OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005
2021-08-03 11:08:46 +10:00