summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Use existing format_absolute_time() function whendtucker@openbsd.org2021-07-121-17/+5
| | | | | | printing cert validity instead of doing it inline. Part of bz#3329. OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
* upstream: silence redundant error message; reported by Fabian Stelzerdjm@openbsd.org2021-07-091-2/+3
| | | | OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
* Re-indent krb5 section after pkg-config addition.John Ericson2021-07-091-68/+68
|
* Support finding Kerberos via pkg-configJohn Ericson2021-07-091-0/+39
| | | | This makes cross compilation easier.
* Update comments about EGD to include prngd.Darren Tucker2021-07-091-2/+2
|
* upstream: Fix a couple of whitespace things. Portable already hasdtucker@openbsd.org2021-07-082-2/+2
| | | | | | these so this removes two diffs between the two. OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
* upstream: Order includes as per style(9). Portable already hasdtucker@openbsd.org2021-07-084-4/+4
| | | | | | these so this removes a handful of diffs between the two. OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
* upstream: Remove comment referencing now-removeddtucker@openbsd.org2021-07-081-4/+2
| | | | | | RhostsRSAAuthentication. ok djm@ OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
* upstream: allow spaces to appear in usernames for local to remote,djm@openbsd.org2021-07-051-5/+10
| | | | | | and scp -3 remote to remote copies. with & ok dtucker bz#1164 OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
* upstream: Remove obsolete comments about SSHv1 auth methods. okdtucker@openbsd.org2021-07-051-2/+7
| | | | | | djm@ OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
* Remove reference to ChallengeResponse.Darren Tucker2021-07-031-1/+0
| | | | | challenge_response_authentication was removed from the struct, keeping kbd_interactive_authentication.
* Move signal.h up include order to match upstream.Darren Tucker2021-07-031-1/+1
|
* Remove old OpenBSD version marker.Darren Tucker2021-07-031-2/+0
| | | | Looks like an accidental leftover from a sync.
* Remove duplicate error on error path.Darren Tucker2021-07-031-1/+0
| | | | | There's an extra error() call on the listen error path, it looks like its removal was missed during an upstream sync.
* Remove some whitespace not in upstream.Darren Tucker2021-07-033-3/+1
| | | | Reduces diff vs OpenBSD by a small amount.
* Replace remaining references to ChallengeResponse.Darren Tucker2021-07-032-6/+6
| | | | | Portable had a few additional references to ChallengeResponse related to UsePAM, replaces these with equivalent keyboard-interactive ones.
* Sync remaining ChallengeResponse removal.Darren Tucker2021-07-0311-47/+23
| | | | These were omitted from commit 88868fd131.
* Disable rocky84 to figure out why agent test failsDarren Tucker2021-07-031-2/+2
|
* Remove now-unused SSHv1 enums.Darren Tucker2021-07-021-1/+0
| | | | | sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options and are no longer used.
* upstream: Remove references to ChallengeResponseAuthentication indtucker@openbsd.org2021-07-024-40/+19
| | | | | | | | | | | | | favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as deprecated alias so config files continue to work and a reference in the man page for people looking for it. Prompted by bz#3303 which pointed out the discrepancy between the two when used with Match. Man page help & ok jmc@, with & ok djm@ OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e
* Fix ifdefs around get_random_bytes_prngd.Darren Tucker2021-07-021-2/+2
| | | | | get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET are defined, so adjust ifdef accordingly.
* wrap get_random_bytes_prngd() in ifdefDamien Miller2021-07-021-0/+2
| | | | avoid unused static function warning
* Add rocky84 test target.Darren Tucker2021-06-281-0/+2
|
* upstream: fix decoding of X.509 subject name; from Leif Thuressondjm@openbsd.org2021-06-251-2/+2
| | | | | | via bz3327 ok markus@ OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8
* upstream: Use better language to refer to the user. From l1vingdtucker@openbsd.org2021-06-252-7/+7
| | | | | | via github PR#250, ok jmc@ OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
* upstream: Replace SIGCHLD/notify_pipe kludge with pselect.dtucker@openbsd.org2021-06-251-80/+28
| | | | | | | | | | | | | | | Previously sshd's SIGCHLD handler would wake up select() by writing a byte to notify_pipe. We can remove this by blocking SIGCHLD, checking for child terminations then passing the original signal mask through to pselect. This ensures that the pselect will immediately wake up if a child terminates between wait()ing on them and the pselect. In -portable, for platforms that do not have pselect the kludge is still there but is hidden behind a pselect interface. Based on other changes for bz#2158, ok djm@ OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813
* Move closefrom() to before first malloc.Darren Tucker2021-06-251-6/+6
| | | | | | | | When built against tcmalloc, tcmalloc allocates a descriptor for its internal use, so calling closefrom() afterward causes the descriptor number to be reused resulting in a corrupted connection. Moving the closefrom a little earlier should resolve this. From kircherlike at outlook.com via bz#3321, ok djm@
* Put second -lssh in link line for sftp-server.Darren Tucker2021-06-181-1/+1
| | | | | | | When building --without-openssl the recent port-prngd.c change adds a dependency on atomicio, but since nothing else in sftp-server uses it, the linker may not find it. Add a second -lssh similar to other binaries.
* Try EGD/PRNGD if random device fails.Darren Tucker2021-06-181-3/+9
| | | | | When built --without-openssl, try EGD/PRGGD (if configured) as a last resort before failing.
* Split EGD/PRNGD interface into its own file.Darren Tucker2021-06-184-123/+164
| | | | This will allow us to use it when building --without-openssl.
* Handle GIDs > 2^31 in getgrouplist.Darren Tucker2021-06-171-4/+4
| | | | | | When compiled in 32bit mode, the getgrouplist implementation may fail for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel at tui.com.
* upstream: Use $SUDO when reading sshd's pidfile here too.dtucker@openbsd.org2021-06-101-2/+2
| | | | OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409
* upstream: Use $SUDO when reading sshd's pidfile in case it wasdtucker@openbsd.org2021-06-101-1/+1
| | | | | | created with a very restrictive umask. This resyncs with -portable. OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d
* upstream: Set umask when creating hostkeys to prevent excessivedtucker@openbsd.org2021-06-101-2/+2
| | | | | | permissions warning. OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef
* upstream: Add regress test for SIGHUP restartdtucker@openbsd.org2021-06-101-1/+23
| | | | | | | while handling active and unauthenticated clients. Should catch anything similar to the pselect bug just fixed in sshd.c. OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73
* upstream: Continue accept loop when pselectdtucker@openbsd.org2021-06-101-2/+2
| | | | | | | | | returns -1, eg if it was interrupted by a signal. This should prevent the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has an unauthenticated child and goes on to a blocking read on a notify_pipe. feedback deraadt@, ok djm@ OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0
* upstream: test that UserKnownHostsFile correctly accepts multipledjm@openbsd.org2021-06-091-3/+9
| | | | | | arguments; would have caught readconf.c r1.356 regression OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a
* upstream: fix regression in r1.356: for ssh_config options thatdjm@openbsd.org2021-06-091-2/+3
| | | | | | | accepted multiple string arguments, ssh was only recording the first. Reported by Lucas via bugs@ OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d
* upstream: test argv_split() optional termination on commentsdjm@openbsd.org2021-06-081-29/+69
| | | | OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c
* upstream: Add testcases from bz#3319 for IPQoS and TunnelDevicedtucker@openbsd.org2021-06-081-1/+12
| | | | | | being overridden on the command line. OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8
* upstream: sprinkle some "# comment" at end of configuration linesdjm@openbsd.org2021-06-083-20/+20
| | | | | | to test comment handling OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7
* upstream: more descriptive failure messagedjm@openbsd.org2021-06-081-2/+2
| | | | OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509
* upstream: test AuthenticationMethods inside a Match block as welldjm@openbsd.org2021-06-081-5/+14
| | | | | | as in the main config section OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7
* upstream: prepare for stricter sshd_config parsing that will refusedjm@openbsd.org2021-06-081-5/+3
| | | | | | | a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent arguments. Such lines are permitted but are nonsensical noops ATM OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650
* upstream: switch sshd_config parsing to argv_split()djm@openbsd.org2021-06-081-283/+331
| | | | | | | | | | | | | similar to the previous commit, this switches sshd_config parsing to the newer tokeniser. Config parsing will be a little stricter wrt quote correctness and directives appearing without arguments. feedback and ok markus@ tested in snaps for the last five or so days - thanks Theo and those who caught bugs OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e
* upstream: Switch ssh_config parsing to use argv_split()djm@openbsd.org2021-06-082-152/+273
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a couple of problems with the previous tokeniser, strdelim() 1. strdelim() is permissive wrt accepting '=' characters. This is intended to allow it to tokenise "Option=value" but because it cannot keep state, it will incorrectly split "Opt=val=val2". 2. strdelim() has rudimentry handling of quoted strings, but it is incomplete and inconsistent. E.g. it doesn't handle escaped quotes inside a quoted string. 3. It has no support for stopping on a (unquoted) comment. Because of this readconf.c r1.343 added chopping of lines at '#', but this caused a regression because these characters may legitimately appear inside quoted strings. The new tokeniser is stricter is a number of cases, including #1 above but previously it was also possible for some directives to appear without arguments. AFAIK these were nonsensical in all cases, and the new tokeniser refuses to accept them. The new code handles quotes much better, permitting quoted space as well as escaped closing quotes. Finally, comment handling should be fixed - the tokeniser will terminate only on unquoted # characters. feedback & ok markus@ tested in snaps for the last five or so days - thanks Theo and those who caught bugs OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
* upstream: Check if IPQoS or TunnelDevice are already set beforedtucker@openbsd.org2021-06-081-3/+3
| | | | | | | overriding. Prevents values in config files from overriding values supplied on the command line. bz#3319, ok markus. OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74
* upstream: Allow argv_split() to optionally terminate tokenisationdjm@openbsd.org2021-06-084-12/+63
| | | | | | | | | | | | when it encounters an unquoted comment. Add some additional utility function for working with argument vectors, since we'll be switching to using them to parse ssh/sshd_config shortly. ok markus@ as part of a larger diff; tested in snaps OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
* Save logs on failure for upstream testDarren Tucker2021-06-071-0/+7
|
* Add obsdsnap-i386 upstream test target.Darren Tucker2021-06-071-1/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 05:56:14 +0100