Commit Graph

9217 Commits

Author SHA1 Message Date
djm@openbsd.org 7e4fadd324 upstream: for the pty control tests, just check that the PTY path
points to something in /dev (rather than checking the device node itself);
makes life easier for portable, where systems with dynamic ptys can delete
nodes before we get around to testing their existence.

OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
2018-03-04 12:47:42 +11:00
Darren Tucker 13ef4cf53f Update PAM password change to new opts API. 2018-03-03 16:21:20 +11:00
Darren Tucker 33561e68e0 Add strndup for platforms that need it.
Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
and FreeBSD 6.
2018-03-03 14:58:34 +11:00
Darren Tucker e8a17feba9 Flatten and alphabetize object file lists.
This will make maintenance and changes easier.  "no objection" tim@
2018-03-03 14:58:34 +11:00
djm@openbsd.org de1920d743 upstream: unit tests for new authorized_keys options API
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
2018-03-03 14:39:25 +11:00
djm@openbsd.org dc3e92df17 upstream: fix testing of pty option, include positive test and
testing of restrict keyword

OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
2018-03-03 14:38:26 +11:00
djm@openbsd.org 3d1edd1ebb upstream: better testing for port-forwarding and restrict flags in
authorized_keys

OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
2018-03-03 14:38:26 +11:00
djm@openbsd.org 7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
djm@openbsd.org 90c4bec8b5 upstream: Introduce a new API for handling authorized_keys options.
This API parses options to a dedicated structure rather than the old API's
approach of setting global state. It also includes support for merging
options, e.g. from authorized_keys, authorized_principals and/or
certificates.

feedback and ok markus@

OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
2018-03-03 14:22:11 +11:00
djm@openbsd.org 2607438076 upstream: warn when the agent returns a signature type that was
different to what was requested. This might happen when an old/non-OpenSSH
agent is asked to make a rsa-sha2-256/512 signature but only supports
ssh-rsa. bz#2799 feedback and ok markus@

OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
2018-03-03 14:20:47 +11:00
jmc@openbsd.org f493d2b0b6 upstream: apply a lick of paint; tweaks/ok dtucker
OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
2018-03-03 14:20:47 +11:00
djm@openbsd.org 713d9cb510 upstream: Allow escaped quotes \" and \' in ssh_config and
sshd_config quotes option strings. bz#1596 ok markus@

OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
2018-03-02 14:39:17 +11:00
djm@openbsd.org 94b4e2d29a upstream: refactor sshkey_read() to make it a little more, err,
readable. ok markus

OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
2018-03-02 14:39:16 +11:00
markus@openbsd.org 5886b92968 upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by
jmc@

OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
2018-03-02 14:30:15 +11:00
dtucker@openbsd.org 3b36bed3d2 upstream: Remove unneeded (local) include. ok markus@
OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
2018-03-02 14:30:02 +11:00
dtucker@openbsd.org 27b9f3950e upstream: Add $OpenBSD$ markers to xmss files to help keep synced
with portable. ok djm@.

OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
2018-03-02 14:29:25 +11:00
dtucker@openbsd.org afd830847a upstream: Add newline at end of file to prevent compiler warnings.
OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
2018-03-02 14:29:01 +11:00
Darren Tucker 941e0d3e9b Add WITH_XMSS, move to prevent conflicts.
Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
includes.h so it's less likely to conflict and will pick up WITH_XMSS if
added to config.h.
2018-02-28 19:59:35 +11:00
Darren Tucker a10d8552d0 Conditionally compile XMSS code.
The XMSS code is currently experimental and, unlike the rest of OpenSSH
cannot currently be compiled with a c89 compiler.
2018-02-28 16:52:12 +11:00
Darren Tucker 146c3bd28c Check dlopen has RTLD_NOW before enabling pkcs11. 2018-02-27 15:28:31 +11:00
Darren Tucker 1323f120d0 Check for attributes on prototype args.
Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481)
do not accept __attribute__ on function pointer prototype args.  Check for
this and hide them if they're not accepted.
2018-02-27 08:51:56 +11:00
Darren Tucker f0b245b043 Check if HAVE_DECL_BZERO correctly. 2018-02-27 08:51:52 +11:00
Darren Tucker c7ef4a3991 Wrap <stdint.h> in #ifdef HAVE_STDINT_H. 2018-02-26 17:42:56 +11:00
Darren Tucker ac53ce46cf Replace $(CURDIR) with $(PWD).
The former doesn't work on Solaris or BSDs.
2018-02-26 16:24:23 +11:00
Darren Tucker 534b2680a1 Comment out hexdump().
Nothing currently uses them but they cause conflicts on at least
FreeBSD, possibly others.  ok djm@
2018-02-26 14:51:59 +11:00
Darren Tucker 5aea4aa522 typo: missing ; 2018-02-26 14:39:14 +11:00
Darren Tucker cd3ab57f9b Hook up flock() compat code.
Also a couple of minor changes: fail if we can't lock instead of
silently succeeding, and apply a couple of minor style fixes.
2018-02-26 14:37:06 +11:00
Darren Tucker b087998d1b Import flock() compat from NetBSD.
From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
2018-02-26 14:27:02 +11:00
Darren Tucker 89212533dd Fix breakage when REGRESSTMP not set.
BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
instead.  Pointed out by djm@.
2018-02-26 12:32:14 +11:00
Damien Miller f885474137 XMSS-related files get includes.h 2018-02-26 12:18:14 +11:00
Damien Miller 612faa34c7 object files end with .o - not .c 2018-02-26 12:17:55 +11:00
Damien Miller bda709b8e1 avoid inclusion of deprecated selinux/flask.h
Use string_to_security_class() instead.
2018-02-26 12:17:22 +11:00
Damien Miller 2e39643936 updatedepend 2018-02-26 11:48:27 +11:00
markus@openbsd.org 1b11ea7c58 upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@

OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26 11:40:41 +11:00
jmc@openbsd.org 7d330a1ac0 upstream: some cleanup for BindInterface and ssh-keyscan;
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26 11:32:29 +11:00
Darren Tucker c7b5a47e3b Invert sense of getpgrp test.
AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
declared.  Instead, test if the zero-arg version we want to use works.
2018-02-26 00:14:42 +11:00
Darren Tucker b39593a6de Add no-op getsid implmentation. 2018-02-26 00:09:04 +11:00
Darren Tucker 11057564eb bsd-statvfs: include sys/vfs.h, check for f_flags. 2018-02-26 00:09:04 +11:00
Darren Tucker e9dede06e5 Handle calloc(0,x) where different from malloc.
Configure assumes that if malloc(0) returns null then calloc(0,n)
also does.  On some old platforms (SunOS4) malloc behaves as expected
(as determined by AC_FUNC_MALLOC) but calloc doesn't.  Test for this
at configure time and activate the replacement function if found, plus
handle this case in rpl_calloc.
2018-02-26 00:09:04 +11:00
Darren Tucker 2eb4041493 Add prototype for readv if needed. 2018-02-26 00:09:04 +11:00
Darren Tucker 6c8c9a615b Check for raise and supply if needed. 2018-02-26 00:09:04 +11:00
Darren Tucker a9004425a0 Check for bzero and supply if needed.
Since explicit_bzero uses it via an indirect it needs to be a function
not just a macro.
2018-02-26 00:09:04 +11:00
djm@openbsd.org 1a348359e4 upstream: Add ssh-keyscan -D option to make it print its results in
SSHFP format bz#2821, ok dtucker@

OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
2018-02-23 17:00:52 +11:00
dtucker@openbsd.org 3e19fb976a upstream: Add missing braces.
Caught by the tinderbox's -Werror=misleading-indentation,  ok djm@

OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca
2018-02-23 15:34:58 +11:00
Darren Tucker b59162da99 Check for ifaddrs.h for BindInterface.
BindInterface required getifaddr and friends so disable if not available
(eg Solaris 10).  We should be able to add support for some systems with
a bit more work but this gets the building again.
2018-02-23 15:20:42 +11:00
Damien Miller a8dd6fe0aa space before tab in previous 2018-02-23 14:19:55 +11:00
dtucker@openbsd.org b5e9263c77 upstream: Replace fatal with exit in the case that we do not have
$SUDO set. Prevents test failures when neither sudo nor doas are configured.

OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
2018-02-23 14:18:25 +11:00
Darren Tucker 3e9d3192ad Use portable syntax for REGRESSTMP. 2018-02-23 14:10:53 +11:00
djm@openbsd.org 73282b6118 upstream: unbreak interop test after SSHv1 purge; patch from Colin
Watson via bz#2823

OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a
2018-02-23 14:07:23 +11:00
dtucker@openbsd.org f8985dde5f upstream: Skip sftp-chroot test when SUDO not set instead of
fatal().

OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88
2018-02-23 14:07:23 +11:00