djm@openbsd.org
7e4fadd324
upstream: for the pty control tests, just check that the PTY path
...
points to something in /dev (rather than checking the device node itself);
makes life easier for portable, where systems with dynamic ptys can delete
nodes before we get around to testing their existence.
OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
2018-03-04 12:47:42 +11:00
Darren Tucker
13ef4cf53f
Update PAM password change to new opts API.
2018-03-03 16:21:20 +11:00
Darren Tucker
33561e68e0
Add strndup for platforms that need it.
...
Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
and FreeBSD 6.
2018-03-03 14:58:34 +11:00
Darren Tucker
e8a17feba9
Flatten and alphabetize object file lists.
...
This will make maintenance and changes easier. "no objection" tim@
2018-03-03 14:58:34 +11:00
djm@openbsd.org
de1920d743
upstream: unit tests for new authorized_keys options API
...
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
2018-03-03 14:39:25 +11:00
djm@openbsd.org
dc3e92df17
upstream: fix testing of pty option, include positive test and
...
testing of restrict keyword
OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
2018-03-03 14:38:26 +11:00
djm@openbsd.org
3d1edd1ebb
upstream: better testing for port-forwarding and restrict flags in
...
authorized_keys
OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
2018-03-03 14:38:26 +11:00
djm@openbsd.org
7c85685760
upstream: switch over to the new authorized_keys options API and
...
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
djm@openbsd.org
90c4bec8b5
upstream: Introduce a new API for handling authorized_keys options.
...
This API parses options to a dedicated structure rather than the old API's
approach of setting global state. It also includes support for merging
options, e.g. from authorized_keys, authorized_principals and/or
certificates.
feedback and ok markus@
OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
2018-03-03 14:22:11 +11:00
djm@openbsd.org
2607438076
upstream: warn when the agent returns a signature type that was
...
different to what was requested. This might happen when an old/non-OpenSSH
agent is asked to make a rsa-sha2-256/512 signature but only supports
ssh-rsa. bz#2799 feedback and ok markus@
OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
2018-03-03 14:20:47 +11:00
jmc@openbsd.org
f493d2b0b6
upstream: apply a lick of paint; tweaks/ok dtucker
...
OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
2018-03-03 14:20:47 +11:00
djm@openbsd.org
713d9cb510
upstream: Allow escaped quotes \" and \' in ssh_config and
...
sshd_config quotes option strings. bz#1596 ok markus@
OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
2018-03-02 14:39:17 +11:00
djm@openbsd.org
94b4e2d29a
upstream: refactor sshkey_read() to make it a little more, err,
...
readable. ok markus
OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
2018-03-02 14:39:16 +11:00
markus@openbsd.org
5886b92968
upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by
...
jmc@
OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
2018-03-02 14:30:15 +11:00
dtucker@openbsd.org
3b36bed3d2
upstream: Remove unneeded (local) include. ok markus@
...
OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
2018-03-02 14:30:02 +11:00
dtucker@openbsd.org
27b9f3950e
upstream: Add $OpenBSD$ markers to xmss files to help keep synced
...
with portable. ok djm@.
OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
2018-03-02 14:29:25 +11:00
dtucker@openbsd.org
afd830847a
upstream: Add newline at end of file to prevent compiler warnings.
...
OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
2018-03-02 14:29:01 +11:00
Darren Tucker
941e0d3e9b
Add WITH_XMSS, move to prevent conflicts.
...
Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
includes.h so it's less likely to conflict and will pick up WITH_XMSS if
added to config.h.
2018-02-28 19:59:35 +11:00
Darren Tucker
a10d8552d0
Conditionally compile XMSS code.
...
The XMSS code is currently experimental and, unlike the rest of OpenSSH
cannot currently be compiled with a c89 compiler.
2018-02-28 16:52:12 +11:00
Darren Tucker
146c3bd28c
Check dlopen has RTLD_NOW before enabling pkcs11.
2018-02-27 15:28:31 +11:00
Darren Tucker
1323f120d0
Check for attributes on prototype args.
...
Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481 )
do not accept __attribute__ on function pointer prototype args. Check for
this and hide them if they're not accepted.
2018-02-27 08:51:56 +11:00
Darren Tucker
f0b245b043
Check if HAVE_DECL_BZERO correctly.
2018-02-27 08:51:52 +11:00
Darren Tucker
c7ef4a3991
Wrap <stdint.h> in #ifdef HAVE_STDINT_H.
2018-02-26 17:42:56 +11:00
Darren Tucker
ac53ce46cf
Replace $(CURDIR) with $(PWD).
...
The former doesn't work on Solaris or BSDs.
2018-02-26 16:24:23 +11:00
Darren Tucker
534b2680a1
Comment out hexdump().
...
Nothing currently uses them but they cause conflicts on at least
FreeBSD, possibly others. ok djm@
2018-02-26 14:51:59 +11:00
Darren Tucker
5aea4aa522
typo: missing ;
2018-02-26 14:39:14 +11:00
Darren Tucker
cd3ab57f9b
Hook up flock() compat code.
...
Also a couple of minor changes: fail if we can't lock instead of
silently succeeding, and apply a couple of minor style fixes.
2018-02-26 14:37:06 +11:00
Darren Tucker
b087998d1b
Import flock() compat from NetBSD.
...
From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
2018-02-26 14:27:02 +11:00
Darren Tucker
89212533dd
Fix breakage when REGRESSTMP not set.
...
BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
instead. Pointed out by djm@.
2018-02-26 12:32:14 +11:00
Damien Miller
f885474137
XMSS-related files get includes.h
2018-02-26 12:18:14 +11:00
Damien Miller
612faa34c7
object files end with .o - not .c
2018-02-26 12:17:55 +11:00
Damien Miller
bda709b8e1
avoid inclusion of deprecated selinux/flask.h
...
Use string_to_security_class() instead.
2018-02-26 12:17:22 +11:00
Damien Miller
2e39643936
updatedepend
2018-02-26 11:48:27 +11:00
markus@openbsd.org
1b11ea7c58
upstream: Add experimental support for PQC XMSS keys (Extended
...
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26 11:40:41 +11:00
jmc@openbsd.org
7d330a1ac0
upstream: some cleanup for BindInterface and ssh-keyscan;
...
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26 11:32:29 +11:00
Darren Tucker
c7b5a47e3b
Invert sense of getpgrp test.
...
AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
declared. Instead, test if the zero-arg version we want to use works.
2018-02-26 00:14:42 +11:00
Darren Tucker
b39593a6de
Add no-op getsid implmentation.
2018-02-26 00:09:04 +11:00
Darren Tucker
11057564eb
bsd-statvfs: include sys/vfs.h, check for f_flags.
2018-02-26 00:09:04 +11:00
Darren Tucker
e9dede06e5
Handle calloc(0,x) where different from malloc.
...
Configure assumes that if malloc(0) returns null then calloc(0,n)
also does. On some old platforms (SunOS4) malloc behaves as expected
(as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this
at configure time and activate the replacement function if found, plus
handle this case in rpl_calloc.
2018-02-26 00:09:04 +11:00
Darren Tucker
2eb4041493
Add prototype for readv if needed.
2018-02-26 00:09:04 +11:00
Darren Tucker
6c8c9a615b
Check for raise and supply if needed.
2018-02-26 00:09:04 +11:00
Darren Tucker
a9004425a0
Check for bzero and supply if needed.
...
Since explicit_bzero uses it via an indirect it needs to be a function
not just a macro.
2018-02-26 00:09:04 +11:00
djm@openbsd.org
1a348359e4
upstream: Add ssh-keyscan -D option to make it print its results in
...
SSHFP format bz#2821, ok dtucker@
OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
2018-02-23 17:00:52 +11:00
dtucker@openbsd.org
3e19fb976a
upstream: Add missing braces.
...
Caught by the tinderbox's -Werror=misleading-indentation, ok djm@
OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca
2018-02-23 15:34:58 +11:00
Darren Tucker
b59162da99
Check for ifaddrs.h for BindInterface.
...
BindInterface required getifaddr and friends so disable if not available
(eg Solaris 10). We should be able to add support for some systems with
a bit more work but this gets the building again.
2018-02-23 15:20:42 +11:00
Damien Miller
a8dd6fe0aa
space before tab in previous
2018-02-23 14:19:55 +11:00
dtucker@openbsd.org
b5e9263c77
upstream: Replace fatal with exit in the case that we do not have
...
$SUDO set. Prevents test failures when neither sudo nor doas are configured.
OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
2018-02-23 14:18:25 +11:00
Darren Tucker
3e9d3192ad
Use portable syntax for REGRESSTMP.
2018-02-23 14:10:53 +11:00
djm@openbsd.org
73282b6118
upstream: unbreak interop test after SSHv1 purge; patch from Colin
...
Watson via bz#2823
OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a
2018-02-23 14:07:23 +11:00
dtucker@openbsd.org
f8985dde5f
upstream: Skip sftp-chroot test when SUDO not set instead of
...
fatal().
OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88
2018-02-23 14:07:23 +11:00