establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms). Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.
OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
1. Add support to take key files with windows new line ending (PowerShell/Win32-OpenSSH#1130)
2. add test cases for CRLF
3. Update test helper script to catch the exitcode of unittest and report the failure
4. Enable uni test unittest-sshkey and unittest-sshkey
5. Disable resource check for signal tests due to some API issue to follow.
6. Remove workaround for windows new line ending in test scripts
7. Add test validation for ACL of registry entries when perform ssh-add
options to allow underscores in variable names (regression introduced in
7.7). bz2851, ok deraadt@
OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
- Removed debug statements that were interfering with APC wakeup due to the way that logging works in atomicio6().
- Filled in a missing parameter in a debug statement.
- Reworked resolved_path() into resolved_path_utf16() that combined utf16 conversion and path conditioning into a single function. This eliminated the previously non-threadsafe resolved_path() function.
- Adjusted functions to use resolved_path_utf16().
- Collapsed copy_file() function that was only used once.
- Corrected compilation errors when debug4() and debug5() are enabled.
fileio_open previously treated all O_CREAT flags as CREATE_* flags in
CreateFile; CREATE_* always truncates files but O_CREAT only truncates
files when O_TRUNC is also set on POSIX platforms. This becomes
noticeable under SFTP sessions where remote files are opened with
O_APPEND: the file is instead truncated as in O_CREAT | O_TRUNC.
https://github.com/PowerShell/Win32-OpenSSH/issues/1078
Fixes following issues:
- gettimeofday : Incorrect converting 100ns intervals (from GetSystemTimeAsFileTime) to timeval.
(us % RATE_DIFF) means number of microseconds but it may be great than 10**6
- nanosleep : SetWaitableTimer works with 100ns intervals but get nanoseconnds (only part of timespec) Missed CloseHandle call in WaitForSingleObject error case.
https://github.com/PowerShell/Win32-OpenSSH/issues/1094
On at least some revisions of AIX, strndup returns unterminated strings
under some conditions, apparently because strnlen returns incorrect
values in those cases. Disable both on AIX and use the replacements
from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
