summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-25upstream commitdjm@openbsd.org
uninitialised variable in PermitTunnel printing code Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a
2017-10-25provide hooks and fallbacks for rdomain supportDamien Miller
2017-10-25check for net/route.h and sys/sysctl.hDamien Miller
2017-10-25upstream commitdjm@openbsd.org
transfer ownership of stdout to the session channel by dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to the local side; reported by David Newall, ok markus@ Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
2017-10-25upstream commitdjm@openbsd.org
add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which rdomain(4) a connection was recevied on. ok markus@ Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
2017-10-25upstream commitdjm@openbsd.org
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@ Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2017-10-25upstream commitdjm@openbsd.org
Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25upstream commitmillert@openbsd.org
Kill dead store and some spaces vs. tabs indent in parse_user_host_path(). Noticed by markus@ Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
2017-10-25upstream commitjmc@openbsd.org
tweak previous; ok djm Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
2017-10-23avoid -Wsign-compare warning in argv copyingDamien Miller
2017-10-23upstream commitdjm@openbsd.org
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23upstream commitmillert@openbsd.org
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-20Fix missed RCSID mergesDamien Miller
2017-10-20upstream commitdjm@openbsd.org
more RCSIDs Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
2017-10-20upstream commitdjm@openbsd.org
add RCSIDs to these; they make syncing portable a bit easier Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
2017-10-20upstream commitDamien Miller
Apply missing commit 1.11 to kexc25519s.c Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
2017-10-20upstream commitDamien Miller
Apply missing commit 1.127 to servconf.h Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
2017-10-20upstream commitjmc@openbsd.org
remove unused Pp; Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
2017-10-20upstream commitdjm@openbsd.org
In the description of pattern-lists, clarify negated matches by explicitly stating that a negated match will never yield a positive result, and that at least one positive term in the pattern-list must match. bz#1918 Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
2017-10-20upstream commitdjm@openbsd.org
log debug messages sent to peer; ok deraadt markus Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
2017-10-20upstream commitjmc@openbsd.org
trim permitrootlogin description somewhat, to avoid ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and myself ok sthen schwarze deraadt Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
2017-10-20upstream commitdjm@openbsd.org
mention SSH_USER_AUTH in the list of environment variables Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
2017-10-20upstream commitdjm@openbsd.org
BIO_get_mem_data() is supposed to take a char* as pointer argument, so don't pass it a const char* Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
2017-10-20upstream commitbenno@openbsd.org
clarify the order in which config statements are used. ok jmc@ djm@ Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
2017-10-20upstream commitdjm@openbsd.org
replace statically-sized arrays in ServerOptions with dynamic ones managed by xrecallocarray, removing some arbitrary (though large) limits and saving a bit of memory; "much nicer" markus@ Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2017-10-20upstream commitjmc@openbsd.org
%C is hashed; from klemens nanni ok markus Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
2017-10-05upstream commitdjm@openbsd.org
exercise PermitOpen a little more thoroughly Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
2017-10-05upstream commitdtucker@openbsd.org
UsePrivilegeSeparation is gone, stop trying to test it. Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
2017-10-05upstream commitdjm@openbsd.org
fix (another) problem in PermitOpen introduced during the channels.c refactor: the third and subsequent arguments to PermitOpen were being silently ignored; ok markus@ Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
2017-10-03upstream commitdjm@openbsd.org
Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
2017-10-01update URL againDamien Miller
I spotted a typo in the draft so uploaded a new version...
2017-10-01sync release notes URLDamien Miller
2017-10-01sync contrib/ssh-copy-id with upstreamDamien Miller
2017-10-01update version in RPM spec filesDamien Miller
2017-10-01update agent draft URLDamien Miller
2017-10-01upstream commitdjm@openbsd.org
openssh-7.6; ok deraadt@ Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
2017-10-01upstream commitjmc@openbsd.org
tweak EposeAuthinfo; diff from lars nooden tweaked by sthen; ok djm dtucker Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
2017-09-28don't fatal ./configure for LibreSSLDamien Miller
2017-09-28abort in configure when only openssl-1.1.x foundDamien Miller
We don't support openssl-1.1.x yet (see multiple threads on the openssh-unix-dev@ mailing list for the reason), but previously ./configure would accept it and the compilation would subsequently fail. This makes ./configure display an explicit error message and abort. ok dtucker@
2017-09-27Check for and handle calloc(p, 0) = NULL.Darren Tucker
On some platforms (AIX, maybe others) allocating zero bytes of memory via the various *alloc functions returns NULL, which is permitted by the standards. Autoconf has some macros for detecting this (with the exception of calloc for some reason) so use these and if necessary activate shims for them. ok djm@
2017-09-26upstream commitmarkus@openbsd.org
test reverse dynamic forwarding with SOCKS Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
2017-09-26sync missing changes in dynamic-forward.shDamien Miller
2017-09-25Add minimal strsignal for platforms without it.Darren Tucker
2017-09-24upstream commitdjm@openbsd.org
fix inverted test on channel open failure path that "upgraded" a transient failure into a fatal error; reported by sthen and also seen by benno@; ok sthen@ Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
2017-09-24upstream commitdjm@openbsd.org
write the correct buffer when tunnel forwarding; doesn't matter on OpenBSD (they are the same) but does matter on portable where we use an output filter to translate os-specific tun/tap headers Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
2017-09-24upstream commitdjm@openbsd.org
fix tunnel forwarding problem introduced in refactor; reported by stsp@ ok markus@ Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
2017-09-22upstream commitmarkus@openbsd.org
Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
2017-09-22upstream commitdtucker@openbsd.org
Use strsignal in debug message instead of casting for the benefit of portable where sig_atomic_t might not be int. "much nicer" deraadt@ Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
2017-09-22upstream commitmillert@openbsd.org
Use explicit_bzero() instead of bzero() before free() to prevent the compiler from optimizing away the bzero() call. OK djm@ Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
2017-09-19upstream commitdjm@openbsd.org
fix use-after-free in ~^Z escape handler path, introduced in channels.c refactor; spotted by millert@ "makes sense" deraadt@ Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22