Some systems don't have a hostname command (it's not required by POSIX).
The do have uname -n (which is), but as found by tim@ some others (eg
UnixWare) do not report the FQDN from uname -n.
out uname -n doesn't do what we need for some platforms in portable, so we'll
fix the original problem (that some other platforms don't have hostname at
all) by providing wrapper function to implement it.
OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341
works on OpenBSD it can cause problems on other platforms. From kircherlike
at outlook.com via bz#3259, ok djm@
OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668
consistency between redundant fields in private key certificate and private
key body; ok markus@
OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240
types once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
oss-fuzz #30078).
ok markus@
OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def
NULLing the returned string. OpenBSD's getline handles this just fine, but
some implementations used by -portable do not. ok djm@
OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.
This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
Key constraints parsing code previously existed in both the "add regular
key" and "add smartcard key" path. This unifies them but also introduces
more consistency checking: duplicated constraints and constraints that
are nonsensical for a particular situation (e.g. FIDO provider for a
smartcard key) are now banned.
ok markus@
OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
Allow confirm_key() to accept an additional reason suffix
Factor publickey userauth parsing out into its own function and allow
it to optionally return things it parsed out of the message to its
caller.
feedback/ok markus@
OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
also clear socket entries that are being marked as unused.
spinkle in some debug2() spam to make it easier to watch an agent
do its thing.
ok markus
OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922
Add a ssh_request_reply_decode() function that sends a message to
the agent, reads and parses a success/failure reply.
Use it for all requests that only expect success/failure
ok markus@
OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb
algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.
spotted with dtucker@ ok markus@
OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
markus@openbsd.org
dlg@openbsd.org
djm@openbsd.org
Darren Tucker
dtucker@openbsd.org
David Carlier
Luca Weiss
Damien Miller
naddy@openbsd.org