summaryrefslogtreecommitdiffstats
path: root/monitor.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-01-18upstream: when transferring multiple files in SFTP mode, create thedjm@openbsd.org1-15/+40
destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@ OpenBSD-Commit-ID: cf44dfa231d4112f697c24ff39d7ecf2e6311407
2022-01-18upstream: allow pin-required FIDO keys to be added to ssh-agent(1).djm@openbsd.org2-12/+36
ssh-askpass will be used to request the PIN at authentication time. From Pedro Martelletto, ok djm OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950
2022-01-14upstream: ssh-sk: free a resident key's user iddjm@openbsd.org1-1/+2
From Pedro Martelletto; ok dtucker & me OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9
2022-01-14upstream: sshsk_load_resident: don't preallocate respdjm@openbsd.org1-3/+2
resp is allocated by client_converse(), at which point we lose the original pointer. From Pedro Martelletto; ok dtucker & me OpenBSD-Commit-ID: 1f1b5ea3282017d6584dfed4f8370dc1db1f44b1
2022-01-14upstream: sshsk_sign: trim call to sshkey_fingerprint()djm@openbsd.org1-8/+1
the resulting fingerprint doesn't appear to be used for anything, and we end up leaking it. from Pedro Martelletto; ok dtucker & me OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7
2022-01-14upstream: use status error message to communicate ~user expansiondjm@openbsd.org1-2/+3
failures; provides better experience for scp in sftp mode, where ~user paths are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & markus (forgot to include this file in previous commit) OpenBSD-Commit-ID: d37cc4c8c861ce48cd6ea9899e96aaac3476847b
2022-01-14fix edge case in poll(2) wrapperDamien Miller1-14/+9
Correct handling of select(2) exceptfds. These should only be consulted for POLLPRI flagged pfds and not unconditionally converted to POLLERR. with and ok dtucker@
2022-01-14Wrap OpenSSL includes in unit tests in ifdef.Darren Tucker4-0/+8
Fixes unit test on systems that do not have OpenSSL headers installed.
2022-01-13Remove sort wrapper.Darren Tucker1-6/+0
agent-restrict now takes care of this itself.
2022-01-13upstream: Set LC_ALL in both local and remote shells so that sorteddtucker@openbsd.org1-1/+5
output matches regardless of what the user's shell sets it to. ok djm@ OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f
2022-01-13upstream: Avoid %'s in commands (not used in OpenBSD, but used indtucker@openbsd.org1-2/+2
-portable's Valgrind test) being interpretted as printf format strings. OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043
2022-01-12Stop on first test failure to minimize logs.Darren Tucker1-1/+4
2022-01-12upstream: Use egrep when searching for an anchored string.dtucker@openbsd.org1-2/+2
OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4
2022-01-12Add "rev" command replacement if needed.Darren Tucker1-0/+6
2022-01-12upstream: Don't log NULL hostname in restricted agent code,dtucker@openbsd.org1-4/+5
printf("%s", NULL) is not safe on all platforms. with & ok djm OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02
2022-01-11upstream: remove hardcoded domain and use window.location.host, so thisdjm@openbsd.org1-3/+3
can be run anywhere OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92
2022-01-11upstream: "void" functions should not return anything. From Tim Ricedtucker@openbsd.org1-1/+1
via -portable. OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a
2022-01-11upstream: suppress "Connection to xxx closed" messages at LogLevel >=djm@openbsd.org2-4/+4
error bz3378; ok dtucker@ OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c
2022-01-11OS X poll(2) is broken; use compat replacementDamien Miller2-6/+10
Darwin's poll(2) implementation is broken. For character-special devices like /dev/null, it returns POLLNVAL when polled with POLLIN. Apparently this is Apple bug 3710161, which is AFAIK not public, but a websearch will find other OSS projects rediscovering it periodically since it was first identified in 2005 (!!)
2022-01-11libhardended_malloc.so moved into out dir.Darren Tucker1-1/+1
2022-01-10Make USL compilers happyTim Rice1-1/+1
UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value
2022-01-10Add wrapper for "sort" to set LC_ALL=C.Darren Tucker1-0/+6
Found by djm, this should make sorts stable and reduce test flakiness.
2022-01-08upstream: Remove errant "set -x" left over from debugging.dtucker@openbsd.org1-2/+1
OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc
2022-01-08upstream: Enable all supported hostkey algorithms (but no others).dtucker@openbsd.org1-8/+13
Allows hostbased test to pass when built without OpenSSL. OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562
2022-01-08upstream: use status error message to communicate ~user expansiondjm@openbsd.org1-3/+7
failures; provides better experience for scp in sftp mode, where ~user paths are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & markus OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f
2022-01-08upstream: fix some corner-case bugs in scp sftp-mode handling ofdjm@openbsd.org1-5/+10
~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222
2022-01-08upstream: more idiomatic error messages; spotted by jsg & deraadtdjm@openbsd.org1-3/+3
ok jsg & markus OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8
2022-01-08upstream: add a variant of send_status() that allows overriding thedjm@openbsd.org1-4/+11
default, generic error message. feedback/ok markus & jsg OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f
2022-01-08upstream: refactor tilde_expand_filename() and make it handle ~userdjm@openbsd.org1-30/+46
paths with no trailing slash; feedback/ok markus and jsg OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d
2022-01-06upstream: Don't explicitly set HostbasedAuthentication indtucker@openbsd.org1-2/+1
sshd_config. It defaults to "no", and not explicitly setting it allows us to enable it for the (optional) hostbased test. OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c
2022-01-06upstream: Add test for hostbased auth. It requires some externaldtucker@openbsd.org2-3/+65
setup (see comments at the top) and thus is disabled unless TEST_SSH_HOSTBASED_AUTH and SUDO are set. OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a
2022-01-06dependDamien Miller1-3/+3
2022-01-06upstream: allow hostbased auth to select RSA keys when onlydjm@openbsd.org1-4/+5
RSA/SHA2 are configured (this is the default case); ok markus@ OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827
2022-01-06upstream: add a helper function to match a key type to a list ofdjm@openbsd.org2-2/+29
signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@ OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff
2022-01-06upstream: log some details on hostkeys that ssh loads fordjm@openbsd.org1-1/+7
hostbased authn ok markus@ OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38
2022-01-06upstream: log signature algorithm during verification by monitor;djm@openbsd.org1-2/+3
ok markus OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc
2022-01-06upstream: piece of UpdateHostkeys client strictification: whendjm@openbsd.org1-2/+2
updating known_hosts with new keys, ignore NULL keys (forgot to include in prior commit) OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08
2022-01-06upstream: include rejected signature algorithm in error messagedjm@openbsd.org1-3/+3
and not the (useless) key type; ok markus OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023
2022-01-06upstream: make ssh-keysign use the requested signature algorithmdjm@openbsd.org1-9/+20
and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@ OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc
2022-01-06upstream: stricter UpdateHostkey signature verification logic ondjm@openbsd.org1-14/+34
the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 ok markus@ OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29
2022-01-06upstream: Fix signature algorithm selection logic fordjm@openbsd.org3-11/+44
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375 Mostly by Dmitry Belyavskiy with some tweaks by me. ok markus@ OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029
2022-01-06upstream: convert ssh, sshd mainloops from select() to poll();djm@openbsd.org4-281/+436
feedback & ok deraadt@ and markus@ has been in snaps for a few months OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c
2022-01-06upstream: prepare for conversion of ssh, sshd mainloop fromdjm@openbsd.org2-83/+139
select() to poll() by moving FD_SET construction out of channel handlers into separate functions. ok markus OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027
2022-01-06upstream: add a comment so I don't make this mistake againdjm@openbsd.org1-3/+5
OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e
2022-01-06upstream: fix cut-and-pasto in error messagedjm@openbsd.org1-2/+2
OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198
2022-01-05upstream: select all RSA hostkey algorithms for UpdateHostkeys tests,djm@openbsd.org1-4/+13
not just RSA-SHA1 OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8
2022-01-05upstream: regress test both sshsig message hash algorithms, possibledjm@openbsd.org1-8/+18
now because the algorithm is controllable via the CLI OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f
2022-01-05upstream: allow selection of hash at sshsig signing time; codedjm@openbsd.org2-17/+39
already supported either sha512 (default) or sha256, but plumbing wasn't there mostly by Linus Nordberg OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd
2022-01-05upstream: add missing -O option to usage() for ssh-keygen -Y sign;djm@openbsd.org1-2/+2
from Linus Nordberg OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0
2022-01-05upstream: move sig_process_opts() to before sig_sign(); nodjm@openbsd.org1-38/+39
functional code change OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 14:00:41 +0100