a6ac5d36ef
upstream: Add Include to the list of permitted keywords after a
...
Match keyword. ok markus@
OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb
2020-02-07 09:53:00 +11:00
a47f6a6c0e
upstream: Replace "security key" with "authenticator" in program
...
messages.
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
849a9b8714
Don't look for UINT32_MAX in inttypes.h
...
... unless we are actually going to use it. Fixes build on HP-UX
without the potential impact to other platforms of a header change
shortly before release.
2020-02-06 12:21:49 +11:00
a2437f8ed0
depend
2020-02-06 12:02:22 +11:00
9716e8c495
Fix sha2 MAKE_CLONE no-op definition
...
The point of the dummy declaration is so that MAKE_CLONE(...) can have
a trailing semicolon without introducing an empty declaration. So,
the macro replacement text should *not* have a trailing semicolon,
just like DEF_WEAK.
2020-02-06 11:53:38 +11:00
d596b1d30d
upstream: require FIDO application strings to start with "ssh:"; ok
...
markus@
OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
2020-02-04 21:08:10 +11:00
501f358243
upstream: revert enabling UpdateHostKeys by default - there are still
...
corner cases we need to address; ok markus
OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
2020-02-04 10:52:17 +11:00
072f3b832d
upstream: use better markup for challenge and write-attestation, and
...
rejig the challenge text a little;
ok djm
OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
2020-02-04 10:00:18 +11:00
262eb05a22
mention libfido2 in dependencies section
2020-02-03 21:22:15 +11:00
ccd3b247d5
add clock_gettime64(2) to sandbox allowed syscalls
...
bz3093
2020-02-03 19:40:12 +11:00
adffbe1c64
upstream: Output (none) in debug in the case in the CheckHostIP=no case
...
as suggested by markus@
OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
2020-02-02 21:18:07 +11:00
58c819096a
upstream: Prevent possible null pointer deref of ip_str in debug.
...
OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
2020-02-02 20:31:48 +11:00
0facae7bc8
upstream: shuffle the challenge keyword to keep the -O list sorted;
...
OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
2020-02-02 20:25:09 +11:00
6fb3dd0ccd
upstream: tweak previous;
...
OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3
2020-02-02 20:25:09 +11:00
92725d4d3f
Use sys-queue.h from compat library.
...
Fixes build on platforms that don't have sys/queue.h (eg MUSL).
2020-02-01 17:25:09 +11:00
677d0ece67
upstream: regress test for sshd_config Include directive; from Jakub
...
Jelen
OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
2020-02-01 10:28:33 +11:00
d4f4cdd681
upstream: whitespace
...
OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772
2020-02-01 10:22:33 +11:00
245399dfb3
upstream: force early logging to stderr if debug_flag (-d) is set;
...
avoids missing messages from re-exec config passing
OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
2020-02-01 10:22:32 +11:00
7365f28a66
upstream: mistake in previous: filling the incorrect buffer
...
OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
2020-02-01 10:22:10 +11:00
c2bd7f74b0
upstream: Add a sshd_config "Include" directive to allow inclusion
...
of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@
OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
2020-02-01 10:20:24 +11:00
ba261a1dd3
upstream: spelling fix;
...
OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
2020-02-01 10:15:27 +11:00
771891a044
upstream: document changed default for UpdateHostKeys
...
OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
2020-01-31 09:27:10 +11:00
d53a518536
upstream: enable UpdateKnownHosts=yes if the configuration
...
specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@
OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
2020-01-31 09:27:10 +11:00
bb63ff844e
Look in inttypes.h for UINT32_MAX.
...
Should prevent warnings on at least some AIX versions.
2020-01-30 18:54:42 +11:00
afeb6a960d
upstream: use sshpkt_fatal() instead of plain fatal() for
...
ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@
OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
2020-01-30 18:22:34 +11:00
65d6fd0a8a
upstream: check the return value of ssh_packet_write_poll() and
...
call sshpkt_fatal() if it fails; avoid potential busy-loop under some
circumstances. Based on patch by Mike Frysinger; ok dtucker@
OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec
2020-01-30 18:22:34 +11:00
dce74eab0c
upstream: have sshpkt_fatal() save/restore errno before we
...
potentially call strerror() (via ssh_err()); ok dtucker
OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787
2020-01-30 18:22:34 +11:00
14ef4efe2b
upstream: markus suggests a simplification to previous
...
OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de
2020-01-30 18:22:34 +11:00
101ebc3a8c
upstream: give more context to UpdateHostKeys messages, mentioning
...
that the changes are validated by the existing trusted host key. Prompted by
espie@ feedback and ok markus@
OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5
2020-01-29 18:52:55 +11:00
24c0f752ad
upstream: changes to support FIDO attestation
...
Allow writing to disk the attestation certificate that is generated by
the FIDO token at key enrollment time. These certificates may be used
by an out-of-band workflow to prove that a particular key is held in
trustworthy hardware.
Allow passing in a challenge that will be sent to the card during
key enrollment. These are needed to build an attestation workflow
that resists replay attacks.
ok markus@
OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6
2020-01-29 18:52:55 +11:00
156bef36f9
upstream: disable UpdateHostKeys=ask when in quiet mode; "work for
...
me" matthieu@
OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7
2020-01-29 18:52:55 +11:00
ec8a759b40
compat for missing IPTOS_DSCP_LE in system headers
2020-01-28 12:57:25 +11:00
4594c76276
upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,
...
based on patch by veegish AT cyberstorm.mu
OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
2020-01-28 12:52:46 +11:00
da22216b5d
upstream: disable UpdateHostKeys=ask if command is specified; ok
...
djm@ sthen@
OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7
2020-01-28 12:52:46 +11:00
1e1db0544f
upstream: unbreak unittests for recent API / source file changes
...
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
2020-01-28 12:50:38 +11:00
0d11447691
Move definition of UINT32_MAX.
...
This allows us to always define it if needed not just if we also
define the type ourself.
2020-01-26 15:09:15 +11:00
f73ab8a811
upstream: unbreak unittests for recent API / source file changes
...
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
2020-01-26 14:19:43 +11:00
0373f9eba2
Include signal.h to prevent redefintion of _NSIG.
2020-01-26 14:09:17 +11:00
638a45b5c1
Wrap stdint.h in tests inside HAVE_STDINT_H.
2020-01-26 14:05:40 +11:00
74dfc2c859
upstream: for UpdateHostKeys, don't report errors for unsupported
...
key types - just ignore them. spotted by and ok dtucker@
OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473
2020-01-26 13:25:55 +11:00
b59618246c
upstream: downgrade error() for missing subsequent known_hosts
...
files to debug() as it was intended to be; spotted by dtucker@
OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9
2020-01-26 13:25:55 +11:00
469df611f7
upstream: clarify that BatchMode applies to all interactive prompts
...
(e.g. host key confirmation) and not just password prompts.
OpenBSD-Commit-ID: 97b001883d89d3fb1620d2e6b747c14a26aa9818
2020-01-26 10:34:50 +11:00
de40876c4a
upstream: tidy headers; some junk snuck into sshbuf-misc.c and
...
sshbuf-io.c doesn't need SSHBUF_INTERNAL set
OpenBSD-Commit-ID: 27a724d2e0b2619c1a1490f44093bbd73580d9e6
2020-01-26 10:34:50 +11:00
6a10760635
depend
2020-01-26 10:28:21 +11:00
59d01f1d72
upstream: improve the error message for u2f enrollment errors by
...
making ssh-keygen be solely responsible for printing the error message and
convertint some more common error responses from the middleware to a useful
ssherr.h status code. more detail remains visible via -v of course.
also remove indepedent copy of sk-api.h declarations in sk-usbhid.c
and just include it.
feedback & ok markus@
OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb
2020-01-26 10:18:42 +11:00
99aa803555
upstream: factor out reading/writing sshbufs to dedicated
...
functions; feedback and ok markus@
OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d
2020-01-26 10:18:42 +11:00
065064fcf4
upstream: add a comment describing the ranges of channel IDs that
...
we use; requested by markus@
OpenBSD-Commit-ID: 83a1f09810ffa3a96a55fbe32675b34ba739e56b
2020-01-26 10:15:13 +11:00
69334996ae
upstream: make sshd_config:ClientAliveCountMax=0 disable the
...
connection killing behaviour, rather than killing the connection after
sending the first liveness test probe (regardless of whether the client was
responsive) bz2627; ok markus
OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf
2020-01-26 10:15:13 +11:00
bf986a9e27
upstream: clarify order of AllowUsers/DenyUsers vs
...
AllowGroups/DenyGroups; bz1690, ok markus@
OpenBSD-Commit-ID: 5637584ec30db9cf64822460f41b3e42c8f9facd
2020-01-26 10:15:13 +11:00
022ce92fa0
upstream: when AddKeysToAgent=yes is set and the key contains no
...
comment, add the key to the agent with the key's path as the comment. bz2564
OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f
2020-01-25 18:20:01 +11:00
naddy@openbsd.org
Darren Tucker
Damien Miller
Michael Forney
djm@openbsd.org
jmc@openbsd.org
dtucker@openbsd.org
markus@openbsd.org