Commit Graph

506 Commits

Author SHA1 Message Date
deraadt@openbsd.org 4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
djm@openbsd.org cb8f56570f upstream: slightly more instructive error message when the user
specifies multiple -J options on the commandline. bz3015 ok dtucker@

OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
2019-06-14 14:15:01 +10:00
jmc@openbsd.org 7349149da1 upstream: Hostname->HostName cleanup; from lauri tirkkonen ok
dtucker

OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
2019-06-14 13:01:28 +10:00
otto@openbsd.org 0323d9b619 upstream: Replace calls to ssh_malloc_init() by a static init of
malloc_options. Prepares for changes in the way malloc is initialized.  ok
guenther@ dtucker@

OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2019-06-08 00:25:42 +10:00
dtucker@openbsd.org 3a7db919d5 upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@
OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
2019-05-08 18:42:03 +10:00
djm@openbsd.org 04c091fc19 upstream: remove last references to active_state
with & ok markus@

OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
2019-01-20 09:45:18 +11:00
djm@openbsd.org 25b2ed6672 upstream: convert ssh.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
2019-01-20 09:02:36 +11:00
djm@openbsd.org 0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org 0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
djm@openbsd.org 9e34e0c59a upstream: add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
2018-11-23 16:09:12 +11:00
Damien Miller 42c5ec4b97 refactor libcrypto initialisation
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.

Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().

Prompted by patch from Rosen Penev
2018-11-23 10:42:05 +11:00
djm@openbsd.org a65784c9f9 upstream: refer to OpenSSL not SSLeay;
we're old, but we don't have to act it

OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
2018-10-23 16:57:54 +11:00
djm@openbsd.org 5eff5b858e upstream: Allow ssh_config IdentityAgent directive to accept
environment variable names as well as explicit paths. ok dtucker@

OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
2018-10-03 16:39:58 +10:00
djm@openbsd.org 383a33d160 upstream: Treat connections with ProxyJump specified the same as ones
with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't
try to canonicalise the hostname unless CanonicalizeHostname is set to
'always').

Patch from Sven Wegener via bz#2896

OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
2018-09-21 13:12:48 +10:00
djm@openbsd.org aa083aa962 upstream: fix "ssh -Q sig" to show correct signature algorithm list
(it was erroneously showing certificate algorithms); prompted by markus@

OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
2018-09-20 14:00:29 +10:00
djm@openbsd.org 357128ac48 upstream: Add "ssh -Q sig" to allow listing supported signature
algorithms ok markus@

OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
2018-09-12 16:49:21 +10:00
dtucker@openbsd.org e655ee04a3 upstream: Now that ssh can't be setuid, remove the
original_real_uid and original_effective_uid globals and replace with calls
to plain getuid(). ok djm@

OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
2018-07-31 12:20:13 +10:00
beck@openbsd.org 8e433c2083 upstream: Use the caller provided (copied) pwent struct in
load_public_identity_files instead of calling getpwuid() again and discarding
the argument. This prevents a client crash where tilde_expand_filename calls
getpwuid() again before the pwent pointer is used. Issue noticed and reported
by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@

OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157
2018-07-26 13:54:30 +10:00
dtucker@openbsd.org 95d41e90ea upstream: Deprecate UsePrivilegedPort now that support for running
ssh(1) setuid has been removed, remove supporting code and clean up
references to it in the man pages

We have not shipped ssh(1) the setuid bit since 2002.  If ayone
really needs to make connections from a low port number this can
be implemented via a small setuid ProxyCommand.

ok markus@ jmc@ djm@

OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
2018-07-19 21:44:21 +10:00
dtucker@openbsd.org 258dc8bb07 upstream: Remove support for running ssh(1) setuid and fatal if
attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
2018-07-19 21:41:42 +10:00
dtucker@openbsd.org ac590760b2 upstream: Slot 0 in the hostbased key array was previously RSA1,
but that is now gone and the slot is unused so remove it.  Remove two
now-unused macros, and add an array bounds check to the two remaining ones
(array is statically sized, so mostly a safety check on future changes). ok
markus@

OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a
2018-07-19 20:17:33 +10:00
dtucker@openbsd.org 26efc2f5df upstream: Remove support for loading HostBasedAuthentication keys
directly in ssh(1) and always use ssh-keysign.  This removes one of the few
remaining reasons why ssh(1) might be setuid.  ok markus@

OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
2018-07-19 20:17:33 +10:00
djm@openbsd.org 3eb7f1038d upstream: keep options.identity_file_userprovided array in sync when we
load keys, fixing some spurious error messages; ok markus

OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00
2018-07-16 17:08:13 +10:00
markus@openbsd.org 5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
markus@openbsd.org cecee2d607 upstream: client: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
2018-07-10 15:14:26 +10:00
djm@openbsd.org 0368889f82 upstream: fix incorrect expansion of %i in
load_public_identity_files(); reported by Roumen Petrov

OpenBSD-Commit-ID: a827289e77149b5e0850d72a350c8b0300e7ef25
2018-06-09 13:10:59 +10:00
djm@openbsd.org 115063a664 upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).

This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.

feedback and ok markus@

OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
2018-06-07 04:27:20 +10:00
djm@openbsd.org 9c935dd9bf upstream: make UID available as a %-expansion everywhere that the
username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@

OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-06-01 13:35:59 +10:00
djm@openbsd.org d8748b91d1 upstream: prefer argv0 to "ssh" when re-executing ssh for ProxyJump
directive; bz2831, feedback and ok dtucker@

OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e
2018-06-01 13:14:54 +10:00
djm@openbsd.org 390c7000a8 upstream: don't free the %C expansion, it's used later for
LocalCommand

OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1
2018-04-15 07:52:57 +10:00
djm@openbsd.org 001aa55484 upstream: lots of typos in comments/docs. Patch from Karsten Weiss
after checking with codespell tool
(https://github.com/lucasdemarchi/codespell)

OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-04-10 10:17:15 +10:00
markus@openbsd.org 1b11ea7c58 upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@

OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26 11:40:41 +11:00
djm@openbsd.org ac2e3026bb upstream: Add BindInterface ssh_config directive and -B
command-line argument to ssh(1) that directs it to bind its outgoing
connection to the address of the specified network interface.

BindInterface prefers to use addresses that aren't loopback or link-
local, but will fall back to those if no other addresses of the
required family are available on that interface.

Based on patch by Mike Manning in bz#2820, ok dtucker@

OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
2018-02-23 13:37:49 +11:00
djm@openbsd.org b8bbff3b3f upstream: remove space before tab
OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
2018-02-13 14:38:05 +11:00
dtucker@openbsd.org 05046d907c upstream Don't reset signal handlers inside handlers.
The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed.  In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer.  ok deraadt@

OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
2018-02-13 09:29:09 +11:00
djm@openbsd.org 14b5c635d1 upstream commit
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
2018-01-23 16:40:29 +11:00
djm@openbsd.org fc21ea9796 upstream commit
don't attempt to force hostnames that are addresses to
lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
remove ambiguities (e.g. ::0001 => ::1) before they are matched against
known_hosts; bz#2763, ok dtucker@

OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
2018-01-23 16:40:28 +11:00
djm@openbsd.org@openbsd.org 939b30ba23 upstream commit
fix broken stdout in ControlPersist mode, introduced by me in
r1.467 and reported by Alf Schlichting

OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509
2017-11-01 11:08:56 +11:00
djm@openbsd.org@openbsd.org dbe0662e9c upstream commit
whitespace at EOL

OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6
2017-10-31 09:08:51 +11:00
djm@openbsd.org 4d5456c7de upstream commit
transfer ownership of stdout to the session channel by
dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to
the local side; reported by David Newall, ok markus@

Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
2017-10-25 12:26:21 +11:00
djm@openbsd.org b7548b12a6 upstream commit
Expose devices allocated for tun/tap forwarding.

At the client, the device may be obtained from a new %T expansion
for LocalCommand.

At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.

ok markus

Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23 16:14:30 +11:00
millert@openbsd.org 887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
markus@openbsd.org 609d7a66ce upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.

The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.

help and ok djm@

Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
2017-09-22 09:14:53 +10:00
djm@openbsd.org dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org 643c2ad829 upstream commit
make "--" before the hostname terminate command-line
option processing completely; previous behaviour would not prevent further
options appearing after the hostname (ssh has a supported options after the
hostname for >20 years, so that's too late to change).

ok deraadt@

Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
2017-08-12 16:47:10 +10:00
bluhm@openbsd.org 1112b534a6 upstream commit
Add RemoteCommand option to specify a command in the
ssh config file instead of giving it on the client's command line.  This
command will be executed on the remote host.  The feature allows to automate
tasks using ssh config. OK markus@

Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
2017-05-31 10:51:09 +10:00
markus@openbsd.org 54d90ace1d upstream commit
switch from Key typedef with struct sshkey; ok djm@

Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
2017-05-31 10:47:31 +10:00
jmc@openbsd.org 4f1ca823ba upstream commit
remove options -12 from usage();

Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
2017-05-08 09:18:04 +10:00
djm@openbsd.org 930e8d2827 upstream commit
obliterate ssh1.h and some dead code that used it

ok markus@

Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
2017-05-01 10:05:06 +10:00
djm@openbsd.org 873d3e7d9a upstream commit
remove KEY_RSA1

ok markus@

Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01 10:05:01 +10:00