Commit Graph

9512 Commits

Author SHA1 Message Date
djm@openbsd.org ec00f918b8 upstream: convert monitor.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
2019-01-20 09:45:18 +11:00
djm@openbsd.org 6350e03169 upstream: convert sshd.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891
2019-01-20 09:45:18 +11:00
djm@openbsd.org a5e2ad88ac upstream: convert session.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e
2019-01-20 09:45:18 +11:00
djm@openbsd.org 3a00a92159 upstream: convert auth.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
djm@openbsd.org 7ec5cb4d15 upstream: convert serverloop.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885
2019-01-20 09:45:17 +11:00
djm@openbsd.org 64c9598ac0 upstream: convert the remainder of sshconnect2.c to new packet
API

with & ok markus@

OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
2019-01-20 09:45:17 +11:00
djm@openbsd.org bc5e1169d1 upstream: convert the remainder of clientloop.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
2019-01-20 09:45:17 +11:00
Damien Miller 5ebce136a6 upstream: convert auth2.c to new packet API
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20 09:44:53 +11:00
djm@openbsd.org 172a592a53 upstream: convert servconf.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20 09:02:44 +11:00
djm@openbsd.org 8cc7a679d2 upstream: convert channels.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
2019-01-20 09:02:37 +11:00
djm@openbsd.org 06232038c7 upstream: convert sshconnect.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f
2019-01-20 09:02:36 +11:00
djm@openbsd.org 25b2ed6672 upstream: convert ssh.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
2019-01-20 09:02:36 +11:00
djm@openbsd.org e3128b3862 upstream: convert mux.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
2019-01-20 09:02:36 +11:00
djm@openbsd.org ed1df7226c upstream: convert sshconnect2.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
2019-01-20 09:02:36 +11:00
djm@openbsd.org 23f22a4aaa upstream: convert clientloop.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
2019-01-20 09:02:36 +11:00
djm@openbsd.org ad60b1179c upstream: allow sshpkt_fatal() to take a varargs format; we'll
use this to give packet-related fatal error messages more context (esp. the
remote endpoint) ok markus@

OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
2019-01-20 09:02:20 +11:00
djm@openbsd.org 0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
tb@openbsd.org 4ae7f80dfd upstream: Print an \r in front of the password prompt so parts of
a password that was entered too early are likely clobbered by the prompt.
Idea from doas.

from and ok djm
"i like it" deraadt

OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e
2019-01-20 09:01:57 +11:00
Darren Tucker a6258e5dc3 Add minimal fchownat and fchmodat implementations.
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18 11:09:01 +11:00
Darren Tucker 091093d258 Add a minimal implementation of utimensat().
Some systems (eg older OS X) do not have utimensat, so provide minimal
implementation in compat layer.  Fixes build on at least El Capitan.
2019-01-18 10:16:11 +11:00
djm@openbsd.org 609644027d upstream: regress bits for banner processing refactor (this test was
depending on ssh returning a particular error message for banner parsing
failure)

reminded by bluhm@

OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575
2019-01-17 16:27:05 +11:00
djm@openbsd.org f47d72ddad upstream: tun_fwd_ifnames variable should b
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
2019-01-17 15:47:24 +11:00
djm@openbsd.org 943d096526 upstream: include time.h for time(3)/nanosleep(2); from Ian
McKellar

OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2019-01-17 15:47:24 +11:00
djm@openbsd.org dbb4dec6d5 upstream: many of the global variables in this file can be made static;
patch from Markus Schmidt

OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
2019-01-17 13:01:25 +11:00
djm@openbsd.org 60d8c84e08 upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to
request they do not follow symlinks. Requires recently-committed
lsetstat@openssh.com extension on the server side.

ok markus@ dtucker@

OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
2019-01-17 11:08:13 +11:00
djm@openbsd.org dbbc7e0eab upstream: add support for a "lsetstat@openssh.com" extension. This
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
with more attribute modifications supported.

ok markus@ dtucker@

OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
2019-01-17 11:08:13 +11:00
djm@openbsd.org 4a526941d3 upstream: eliminate function-static attempt counters for
passwd/kbdint authmethods by moving them to the client authctxt; Patch from
Markus Schmidt, ok markus@

OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
2019-01-04 14:29:37 +11:00
djm@openbsd.org 8a8183474c upstream: fix memory leak of ciphercontext when rekeying; bz#2942
Patch from Markus Schmidt; ok markus@

OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
2019-01-04 14:29:37 +11:00
djm@openbsd.org 5bed70afce upstream: static on global vars, const on handler tables that contain
function pointers; from Mike Frysinger

OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
2019-01-03 10:25:37 +11:00
djm@openbsd.org 007a88b48c upstream: Request RSA-SHA2 signatures for
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@

OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
2018-12-28 10:06:50 +11:00
djm@openbsd.org eb347d086c upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so
don't do explicit kex_free() beforehand

OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf
2018-12-27 14:39:53 +11:00
tedu@openbsd.org bb542f0cf6 upstream: remove unused and problematic sudo clean. ok espie
OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b
2018-12-27 14:39:53 +11:00
djm@openbsd.org 0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
dtucker@openbsd.org 434b587afe upstream: Fix calculation of initial bandwidth limits. Account for
written bytes before the initial timer check so that the first buffer written
is accounted.  Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written.  This prevents an initial burst of traffic and provides a
more accurate bandwidth limit.  bz#2927, ok djm.

OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
2018-12-27 14:30:17 +11:00
djm@openbsd.org a6a0788cbb upstream: only consider the ext-info-c extension during the initial
KEX. It shouldn't be sent in subsequent ones, but if it is present we should
ignore it.

This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
these clients. Reported by Jakub Jelen via bz2929; ok dtucker@

OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
2018-12-27 14:30:17 +11:00
djm@openbsd.org 63bba57a32 upstream: fix option letter pasto in previous
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
2018-12-27 14:30:17 +11:00
djm@openbsd.org 737e4edd82 upstream: mention that the ssh-keygen -F (find host in
authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz#2935

OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
2018-12-27 14:30:17 +11:00
Damien Miller 8a22ffaa13 expose $SSH_CONNECTION in the PAM environment
This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741
2018-12-14 13:23:48 +11:00
Kevin Adler a784fa8c7a Don't pass loginmsg by address now that it's an sshbuf*
In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_allowed_user and sys_auth_record_login which passed
loginmsg by address. Now that it's a pointer, just pass it directly.

This only affects AIX, unless there are out of tree users.
2018-12-13 16:31:36 +11:00
djm@openbsd.org 285310b897 upstream: no need to allocate channels_pre/channels_post in
channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938

OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
2018-12-07 13:58:49 +11:00
djm@openbsd.org 87d6cf1cbc upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
2018-12-07 13:10:57 +11:00
djm@openbsd.org 91b19198c3 upstream: don't truncate user or host name in "user@host's
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
2018-12-07 13:10:57 +11:00
jmc@openbsd.org dd0cf6318d upstream: tweak previous;
OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
2018-12-07 13:10:57 +11:00
Darren Tucker 8a85f5458d Include stdio.h for FILE if needed. 2018-11-25 21:44:05 +11:00
Darren Tucker 16fb23f254 Reverse order of OpenSSL init functions.
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
2018-11-25 14:05:57 +11:00
Darren Tucker 98f878d227 Improve OpenSSL_add_all_algorithms check.
OpenSSL_add_all_algorithms() may be a macro so check for that too.
2018-11-25 14:05:08 +11:00
djm@openbsd.org 9e34e0c59a upstream: add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus

OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
2018-11-23 16:09:12 +11:00
dtucker@openbsd.org 4da58d5873 upstream: Remove now-unneeded ifdef SIGINFO around handler since it is
now always used for SIGUSR1 even when SIGINFO is not defined.  This will make
things simpler in -portable.

OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
2018-11-23 14:42:07 +11:00
Darren Tucker c721d58775 Move RANDOM_SEED_SIZE outside ifdef.
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
This fixes the build with configureed --without-openssl.
2018-11-23 14:11:20 +11:00
Darren Tucker deb51552c3 Resync with OpenBSD by pulling in an ifdef SIGINFO. 2018-11-23 11:34:21 +11:00