It's still on by default, but now it's possible to turn it off using
--without-hardening. This is useful since it's known to cause problems
with some -fsanitize options. ok dtucker@
Print SKIPPED if sudo and doas configuration is missing.
Prevents that running the regression test with wrong environment is reported
as failure. Keep the fatal there to avoid interfering with other setups for
portable ssh. OK dtucker@
Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
Don't call fatal from stop_sshd since it calls cleanup
which calls stop_sshd which will probably fail in the same way. Instead,
just bail. Differentiate between sshd dying without cleanup and not shutting
down.
Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
Revert commitid: gJtIN6rRTS3CHy9b.
-------------
identify the case where SSHFP records are missing but other DNS RR
types are present and display a more useful error message for this
case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-------------
This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
are missing but the user already has the key in known_hosts
Spotted by dtucker@
Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
Make remote channel ID a u_int
Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.
In practice everyone numbers their channels sequentially, so this has
never been a problem.
ok markus@
Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
in particular santization and fuzzer options that break assumptions
about memory and file descriptor dispositions.
This adds two flags to configure --with-cflags-after and
--with-ldflags-after that allow specifying additional compiler and
linker options that are added to the resultant Makefiles but not
used in the configure run itself.
E.g.
env CC=clang-3.9 ./configure \
--with-cflags-after=-fsantize=address \
--with-ldflags-after="-g -fsanitize=address"
Expand ssh_config's StrictModes option with two new
settings:
StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.
StrictModes=off is the same as StrictModes=no
Motivation:
StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.
Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.
At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.
bz#2400, suggested by Michael Samuel; ok markus
Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
identify the case where SSHFP records are missing but
other DNS RR types are present and display a more useful error message for
this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
add a -q option to ssh-add to make it quiet on success.
if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can hide error output which you
should see.
ok djm@
Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
Increase the buffer sizes for user prompts to ensure that
they won't be truncated by snprintf. Based on patch from cjwatson at
debian.org via bz#2768, ok djm@
Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to
avoid future conflicts with POSIX capabilities (the last release that
didn't have it was 9.3) so switch to that. Patch from des at des.no.
add a "quiet" flag to exited_cleanly() that supresses
errors about exit status (failure due to signal is still reported)
Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.
feedback & ok dtucker@
Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
Issue is within msv1_0.dll (NTLM SSP provider). Working around by doing a fake login that populates internal state within msv1_0.dll so further S4U logons work as expected.
PowerShell/Win32-OpenSSH#727
