Commit Graph

12099 Commits

Author SHA1 Message Date
djm@openbsd.org dd6d3dded7 upstream: document the unbound/host-bound options to
PubkeyAuthentication; spotted by HARUYAMA Seigo

OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981
2022-02-15 16:14:40 +11:00
Darren Tucker df93529dd7 Test if sshd accidentally acquires controlling tty
When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour
in the STREAMS code before activating the workaround.  ok djm@
2022-02-14 14:19:40 +11:00
Darren Tucker 766176cfdb Add cygwin-release test config.
This tests the flags used to build the cygwin release binaries.
2022-02-12 10:24:56 +11:00
Darren Tucker b30698662b Move SSHD_ACQUIRES_CTTY workaround into compat.
On some (most? all?) SysV based systems with STREAMS based ptys,
sshd could acquire a controlling terminal during pty setup when
it pushed the "ptem" module, due to what is probably a bug in
the STREAMS driver that's old enough to vote.  Because it was the
privileged sshd's controlling terminal, it was not available for
the user's session, which ended up without one.  This is known to
affect at least Solaris <=10, derivatives such as OpenIndiana and
several other SysV systems.  See bz#245 for the backstory.

In the we past worked around that by not calling setsid in the
privileged sshd child, which meant it was not a session or process
group leader.  This solved controlling terminal problem because sshd
was not eligble to acquire one, but had other side effects such as
not cleaning up helper subprocesses in the SIGALRM handler since it
was not PG leader.  Recent cleanups in the signal handler uncovered
this, resulting in the LoginGraceTime timer not cleaning up privsep
unprivileged processes.

This change moves the workaround into the STREAMS pty allocation code,
by allocating a sacrificial pty to act as sshd's controlling terminal
before allocating user ptys, so those are still available for users'
sessions.

On the down side:
 - this will waste a pty per ssh connection on affected platforms.

On the up side:
 - it makes the process group behaviour consistent between platforms.

 - it puts the workaround nearest the code that actually causes the
   problem and competely out of the mainline code.

 - the workaround is only activated if you use the STREAMS code.  If,
   say, Solaris 11 has the bug but also a working openpty() it doesn't
   matter that we defined SSHD_ACQUIRES_CTTY.

 - the workaround is only activated when the fist pty is allocated,
   ie in the post-auth privsep monitor.  This means there's no risk
   of fd leaks to the unprivileged processes, and there's no effect on
   sessions that do not allocate a pty.

Based on analysis and work by djm@, ok djm@
2022-02-11 21:00:35 +11:00
Darren Tucker cd00b48cf1 Simplify handling of --with-ssl-dir.
ok djm@
2022-02-11 20:09:32 +11:00
Darren Tucker ea13fc830f Stop testing OpenBSD HEAD on 6.9 and 7.0.
HEAD is not guaranteed to work on previous stable branches, and at the
moment is broken due to libfido API changes.
2022-02-11 13:42:36 +11:00
dtucker@openbsd.org 50b9e4a451 upstream: Always initialize delim before passing to hpdelim2 which
might not set it. Found by the Valgrind tests on github, ok deraadt@

OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d
2022-02-11 12:17:07 +11:00
Darren Tucker 6ee53064f4 Fix helper include path and remove excess code.
Looks like test_hpdelim.c was imported twice into the same file.
Spotted by kevin.brott at gmail com and chris at cataclysmal org.
2022-02-11 10:05:31 +11:00
Darren Tucker 9fa63a19f6 Put poll.h inside ifdef. 2022-02-10 23:51:02 +11:00
Darren Tucker 3ac00dfeb5 We now support POLLPRI so actually define it. 2022-02-10 22:18:02 +11:00
dtucker@openbsd.org 25bd659cc7 upstream: Add test for empty hostname with port.
OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3
2022-02-10 15:17:28 +11:00
dtucker@openbsd.org a29af853cf upstream: Add unit tests for hpdelim.
OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018
2022-02-10 15:17:28 +11:00
djm@openbsd.org 9699151b03 upstream: revert for imminent OpenSSH release, which wil ship with
scp in RCP mode.

> revision 1.106
> date: 2021/10/15 14:46:46;  author: deraadt;  state: Exp;  lines: +13 -9;  commitid: w5n9B2RE38tFfggl;
> openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
> protocol for copying.  Let's get back to testing the SFTP protocol.

This will be put back once the OpenSSH release is done.

OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768
2022-02-10 15:14:24 +11:00
dtucker@openbsd.org 45279abceb upstream: Switch hpdelim interface to accept only ":" as delimiter.
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports.  These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it.  Make hpdelim accept only ":" and use hpdelim2
in the other cases.  ok djm@

OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
2022-02-10 15:14:17 +11:00
Vivian Thiebaut 602a02995a
Handle Path Variable: Prepend System path to User path (#563) 2022-02-07 15:00:39 -08:00
Tess Gauthier c2765de0f7
change build tools chocolatey install error message (#562) 2022-02-07 10:27:45 -08:00
pedro martelletto a1bcbf04a7 fix typos in previous 2022-02-07 21:26:14 +11:00
Damien Miller 56192518e3 compat code for fido_assert_set_clientdata() 2022-02-07 12:53:47 +11:00
djm@openbsd.org d6b5aa08fd upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead
of manually hashing data outselves. Saves a fair bit of code and makes life
easier for some -portable platforms.

OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0
2022-02-07 12:35:46 +11:00
jsg@openbsd.org 86cc93fd3c upstream: remove please from manual pages ok jmc@ sthen@ millert@
OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa
2022-02-07 12:27:48 +11:00
dtucker@openbsd.org ad16a84e64 upstream: Since they are deprecated, move DSA to the end of the
default list of public keys so that they will be tried last.  From github
PR#295 from "ProBackup-nl", ok djm@

OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
2022-02-07 12:27:48 +11:00
Tess Gauthier 9d733203d6
fix folder permissions for programdata\ssh during server install (#549) 2022-02-04 16:22:59 -08:00
Andrew 762704b8b0
Switched to use MS mirror of libfido2 (#561) 2022-02-04 13:07:05 -08:00
vthiebaut10 66b991a47c
New SSH connections have updated environment variables (#509) 2022-02-04 09:58:11 -08:00
Damien Miller 253de42753 portable-specific string array constification
from Mike Frysinger
2022-02-02 16:52:07 +11:00
djm@openbsd.org dfdcc2220c upstream: test 'ssh-keygen -Y find-principals' with wildcard
principals; from Fabian Stelzer

OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40
2022-02-02 16:51:04 +11:00
dtucker@openbsd.org 968e508967 upstream: Enable all supported ciphers and macs in the server
before trying to benchmark them.  Increase the data file size to get more
signal.

OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6
2022-02-02 16:51:04 +11:00
bagajjal 0d88c342a5
Spin up ssh-sk-helper in user context when called from ssh-agent (#560) 2022-02-01 18:46:19 -08:00
djm@openbsd.org 15b7199a1f upstream: allow 'ssh-keygen -Y find-principals' to match wildcard
principals in allowed_signers files; from Fabian Stelzer

OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098
2022-02-02 10:38:59 +11:00
djm@openbsd.org 541667fe6d upstream: mark const string array contents const too, i.e. static
const char *array => static const char * const array from Mike Frysinger

OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
2022-02-02 10:38:59 +11:00
djm@openbsd.org 8cfa73f8a2 upstream: better match legacy scp behaviour: show un-expanded paths
in error messages. Spotted by and ok tb@

OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7
2022-02-02 10:38:59 +11:00
dtucker@openbsd.org 4e62c13ab4 upstream: Remove explicit kill of privsep preauth child's PID in
SIGALRM handler. It's no longer needed since the child will get terminated by
the SIGTERM to the process group that cleans up any auth helpers, it
simplifies the signal handler and removes the risk of a race when updating
the PID. Based on analysis by HerrSpace in github PR#289, ok djm@

OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663
2022-02-01 19:20:30 +11:00
guenther@openbsd.org 2a7ccd2ec4 upstream: When it's the possessive of 'it', it's spelled "its",
without the apostrophe.

OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7
2022-02-01 19:20:30 +11:00
Alex James 8a0848cdd3 sandbox-seccomp-filter: allow gettid
Some allocators (such as Scudo) use gettid while tracing allocations [1].
Allow gettid in preauth to prevent sshd from crashing with Scudo.

[1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46
2022-01-31 16:45:10 +11:00
pedro martelletto f82b197a3e
bump LibreSSL to 3.4.2.0 and fetch libfido2 from developers.yubico.com (#556) 2022-01-28 14:41:23 -08:00
djm@openbsd.org b30d32159d upstream: add a ssh_packet_process_read() function that reads from
a fd directly into the transport input buffer.

Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.

Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)

feedback dtucker@ ok markus@

OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
2022-01-25 12:18:35 +11:00
djm@openbsd.org a1a8efeaaa upstream: Use sshbuf_read() to read directly into the channel input
buffer rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok
markus@

OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572
2022-01-25 12:13:05 +11:00
Damien Miller 29a76994e2 depend 2022-01-25 11:52:34 +11:00
djm@openbsd.org 754e0d5c77 upstream: Add a sshbuf_read() that attempts to read(2) directly in
to a sshbuf; ok markus@

OpenBSD-Commit-ID: 2d8f249040a4279f3bc23c018947384de8d4a45b
2022-01-25 10:45:47 +11:00
djm@openbsd.org c7964fb982 upstream: add a helper for writing an error message to the
stderr_buf and setting quit_pending; no functional change but saves a bunch
of boilerplate

OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d
2022-01-25 10:45:39 +11:00
djm@openbsd.org d23b4f7fdb upstream: correct comment and use local variable instead of long
indirection; spotted by dtucker@

OpenBSD-Commit-ID: 5f65f5f69db2b7d80a0a81b08f390a63f8845965
2022-01-25 10:33:03 +11:00
deraadt@openbsd.org d069b020a0 upstream: When poll(2) returns -1, for some error conditions
pfd[].revents is not cleared.  There are subtle errors in various programs.
In this particular case, the program should error out. ok djm millert

OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c
2022-01-25 10:33:03 +11:00
Damien Miller e204b34337 restore tty force-read hack
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe (a precursor to the mainloop poll(2) conversion).

Spotted by John in bz3383
2022-01-22 11:38:21 +11:00
Tess Gauthier 1fa768f365
detect add-type edge case with powershell 7 (#554) 2022-01-21 11:33:53 -08:00
pedro martelletto af7130c91b
ssh-sk-helper: check RP ID against ssh: prefix (#553) 2022-01-21 11:33:17 -08:00
Corinna Vinschen 68085066b6 Fix signedness bug in Cygwin code
The Cygwin-specific pattern match code has a bug.  It checks
the size_t value returned by mbstowcs for being < 0.  The right
thing to do is to check against (size_t) -1.  Fix that.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-01-21 09:53:07 +11:00
Darren Tucker 2e5cfed513 Improve compatibility of early exit trap handling.
Dash (as used by the github runners) has some differences in its trap
builtin:
 - it doesn't have -p (which is fine, that's not in posix).
 - it doesn't work in a subshell (which turns out to be in compliance
   with posix, which means bash isn't).
 - it doesn't work in a pipeline, ie "trap|cat" produces no output.
2022-01-20 13:43:54 +11:00
Darren Tucker 3fe6800b60 Move more tests out of valgrind-1 runner. 2022-01-20 00:49:57 +11:00
Darren Tucker 20da6ed136 Invoke EXIT handler early when using Valgrind.
When using Valgrind, we need to wait for all invoked programs to
complete before checking their valgrind logs.  Some tests, notably
agent-restrict, set an EXIT trap handler to clean up things like
ssh-agent, but those do not get invoked until test-exec.sh exits.
This causes the Valgrind wait to deadlock, so if present invoke
the EXIT handler before checking the Valgrind logs.
2022-01-19 15:37:39 +11:00
hamletg d4b3264993
Fix linux build (#552) 2022-01-18 11:47:03 -08:00