control its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969
communication with it's ssh sub-processes. We no longer need to reserve two
descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main(). Based on an original diff from djm@.
OK deraadt@ djm@
OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d
This test relies on loopback addresses which minix does not have.
Previously the test would not run at all since it also doesn't have
netcat, but now we use our own netcat it tries and fails.
It's possible to install an OpenSSL in a path not in the system's
default library search path. OpenSSH can still use this (eg if you
specify an rpath) but the openssl binary there may not work. If one is
available on the system path just use that.
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
djm@openbsd.org
Damien Miller
millert@openbsd.org
jmc@openbsd.org
Darren Tucker
dtucker@openbsd.org
tb@openbsd.org
deraadt@openbsd.org
cheloha@openbsd.org
Rose