| Commit message (Collapse) | Author | Files | Lines |
|---|
|
OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
|
|
|
|
This makes cross compilation easier.
|
|
|
|
these so this removes two diffs between the two.
OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
|
|
these so this removes a handful of diffs between the two.
OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
|
|
RhostsRSAAuthentication. ok djm@
OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
|
|
and scp -3 remote to remote copies. with & ok dtucker bz#1164
OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
|
|
djm@
OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
|
|
challenge_response_authentication was removed from the struct, keeping
kbd_interactive_authentication.
|
|
|
|
Looks like an accidental leftover from a sync.
|
|
There's an extra error() call on the listen error path, it looks like
its removal was missed during an upstream sync.
|
|
Reduces diff vs OpenBSD by a small amount.
|
|
Portable had a few additional references to ChallengeResponse related to
UsePAM, replaces these with equivalent keyboard-interactive ones.
|
|
These were omitted from commit 88868fd131.
|
|
|
|
sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options
and are no longer used.
|
|
favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but
not entirely equivalent. We retain the old name as deprecated alias so
config files continue to work and a reference in the man page for people
looking for it.
Prompted by bz#3303 which pointed out the discrepancy between the two
when used with Match. Man page help & ok jmc@, with & ok djm@
OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e
|
|
get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET
are defined, so adjust ifdef accordingly.
|
|
avoid unused static function warning
|
|
|
|
via bz3327 ok markus@
OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8
|
|
via github PR#250, ok jmc@
OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
|
|
Previously sshd's SIGCHLD handler would wake up select() by writing a
byte to notify_pipe. We can remove this by blocking SIGCHLD, checking
for child terminations then passing the original signal mask through
to pselect. This ensures that the pselect will immediately wake up if
a child terminates between wait()ing on them and the pselect.
In -portable, for platforms that do not have pselect the kludge is still
there but is hidden behind a pselect interface.
Based on other changes for bz#2158, ok djm@
OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813
|
|
When built against tcmalloc, tcmalloc allocates a descriptor for its
internal use, so calling closefrom() afterward causes the descriptor
number to be reused resulting in a corrupted connection. Moving the
closefrom a little earlier should resolve this. From kircherlike at
outlook.com via bz#3321, ok djm@
|
|
When building --without-openssl the recent port-prngd.c change adds
a dependency on atomicio, but since nothing else in sftp-server uses
it, the linker may not find it. Add a second -lssh similar to other
binaries.
|
|
When built --without-openssl, try EGD/PRGGD (if configured) as a last
resort before failing.
|
|
This will allow us to use it when building --without-openssl.
|
|
When compiled in 32bit mode, the getgrouplist implementation may fail
for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel
at tui.com.
|
|
OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409
|
|
created with a very restrictive umask. This resyncs with -portable.
OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d
|
|
permissions warning.
OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef
|
|
while handling active and unauthenticated clients. Should catch anything
similar to the pselect bug just fixed in sshd.c.
OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73
|
|
returns -1, eg if it was interrupted by a signal. This should prevent
the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has
an unauthenticated child and goes on to a blocking read on a notify_pipe.
feedback deraadt@, ok djm@
OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0
|
|
arguments; would have caught readconf.c r1.356 regression
OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a
|
|
accepted multiple string arguments, ssh was only recording the first.
Reported by Lucas via bugs@
OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d
|
|
OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c
|
|
being overridden on the command line.
OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8
|
|
to test comment handling
OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7
|
|
OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509
|
|
as in the main config section
OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7
|
|
a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent
arguments. Such lines are permitted but are nonsensical noops ATM
OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650
|
|
similar to the previous commit, this switches sshd_config parsing to
the newer tokeniser. Config parsing will be a little stricter wrt
quote correctness and directives appearing without arguments.
feedback and ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e
|
|
This fixes a couple of problems with the previous tokeniser,
strdelim()
1. strdelim() is permissive wrt accepting '=' characters. This is
intended to allow it to tokenise "Option=value" but because it
cannot keep state, it will incorrectly split "Opt=val=val2".
2. strdelim() has rudimentry handling of quoted strings, but it
is incomplete and inconsistent. E.g. it doesn't handle escaped
quotes inside a quoted string.
3. It has no support for stopping on a (unquoted) comment. Because
of this readconf.c r1.343 added chopping of lines at '#', but
this caused a regression because these characters may legitimately
appear inside quoted strings.
The new tokeniser is stricter is a number of cases, including #1 above
but previously it was also possible for some directives to appear
without arguments. AFAIK these were nonsensical in all cases, and the
new tokeniser refuses to accept them.
The new code handles quotes much better, permitting quoted space as
well as escaped closing quotes. Finally, comment handling should be
fixed - the tokeniser will terminate only on unquoted # characters.
feedback & ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
|
|
overriding. Prevents values in config files from overriding values supplied
on the command line. bz#3319, ok markus.
OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74
|
|
when it encounters an unquoted comment.
Add some additional utility function for working with argument
vectors, since we'll be switching to using them to parse
ssh/sshd_config shortly.
ok markus@ as part of a larger diff; tested in snaps
OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
|
|
|
|
|
|
certificate being attempted for user authentication. Previously it would
print the certificate's path, whereas it was supposed to be showing the
private key's path. Patch from Alex Sherwin via GHPR247
OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b
|
