Age | Commit message (Collapse) | Author |
|
Fix logic in add_local_forward() that inverted a test
when code was refactored out into bind_permitted(). This broke ssh port
forwarding for non-priv ports as a non root user.
ok dtucker@ 'looks good' deraadt@
Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
|
|
Remove dead breaks, found via opencoverage.net. ok
deraadt@
Upstream-ID: ad9cc655829d67fad219762810770787ba913069
|
|
getdefaultproj() returns a pointer so test it for NULL inequality
instead of >0. Fixes compiler warning and is more correct. Patch from
David Binderman.
|
|
Factor out "can bind to low ports" check into its own function. This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much"
deraadt@.
Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
|
|
When tearing down ControlMaster connecctions, don't
pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@.
Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
|
|
|
|
|
|
www.openssh.com now supports https and ftp.openbsd.org no longer
supports ftp. Make all links to these https.
|
|
Remove ssh1 host key generation, add ssh-keygen -A
|
|
Make links to openssh.com HTTPS now that it's supported, point release
notes link to the HTML release notes page, and update a couple of other
links and bits of text.
|
|
These files were incorrectly added during an OpenBSD sync.
|
|
Remove channel_input_port_forward_request(); the only caller
was the recently-removed SSH1 server code so it's now dead code. ok markus@
Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
|
|
Install a signal handler for tty-generated signals and
wait for the ssh child to suspend before suspending sftp. This lets ssh
restore the terminal mode as needed when it is suspended at the password
prompt. OK dtucker@
Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
|
|
various formatting fixes, specifically removing Dq;
Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
|
|
Author: miller@openbsd.org:
Avoid generate SIGTTOU when restoring the terminal mode. If we get
SIGTTOU it means the process is not in the foreground process group
which, in most cases, means that the shell has taken control of the tty.
Requiring the user the fg the process in this case doesn't make sense
and can result in both SIGTSTP and SIGTTOU being sent which can lead to
the process being suspended again immediately after being brought into
the foreground.
|
|
Wrap <readpassphrase.h> so internal calls go direct and
readpassphrase is weak.
(DEF_WEAK is a no-op in portable.)
|
|
As well pull in more recent changes from OpenBSD these will start to
arrive so put it where the definition is shared.
|
|
The callers of do_pam_set_tty were removed in 2008, so this is now dead
code. bz#2604, pointed out by jjelen at redhat.com.
|
|
Undo inconsistetly updated variable name.
|
|
fix the KEX fuzzer - the previous method of obtaining the
packet contents was broken. This now uses the new per-packet input hook, so
it sees exact post-decrypt packets and doesn't have to pass packet integrity
checks. ok markus@
Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
|
|
Move USER out of the way to unbreak the BUILDUSER
mechanism. ok tb
Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
|
|
In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
environment can change it. OK djm@
Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
|
|
Add a per-packet input hook that is called with the
decrypted packet contents. This will be used for fuzzing; ok markus@
Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
|
|
Unregister the KEXINIT handler after message has been
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
|
|
revision 1.24
date: 2013/11/24 23:51:29; author: deraadt; state: Exp; lines: +4 -4;
most obvious unsigned char casts for ctype
ok jca krw ingo
|
|
revision 1.23
date: 2010/05/14 13:30:34; author: millert; state: Exp; lines: +41 -39;
Defer installing signal handlers until echo is disabled so that we
get suspended normally when not the foreground process. Fix potential
infinite loop when restoring terminal settings if process is in the
background when restore occurs. OK miod@
|
|
This makes it a no-op when we use it below, which allows us to re-sync
those lines with the upstream and make future updates easier.
|
|
tidy up the formatting in this file. more specifically,
replace .Dq, which looks appalling, with .Cm, where appropriate;
Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738
|
|
add a comment about implicitly-expected checks to
sshkey_ec_validate_public()
Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f
|
|
fix some -Wpointer-sign warnings in the new mux proxy; ok
markus@
Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd
|
|
Add a makefile rule to create the ssh library when
regress needs it. This allows to run the ssh regression tests without doing
a "make build" before. Discussed with dtucker@ and djm@; OK djm@
Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025
|
|
Allow to run ssh regression tests as root. If the user
is already root, the test should not expect that SUDO is set. If ssh needs
another user, use sudo or doas to switch from root if necessary. OK dtucker@
Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2
|
|
ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
client speaks the ssh-packet protocol directly over unix-domain socket. - mux
server acts as a proxy, translates channel IDs and relays to the server. - no
filedescriptor passing necessary. - combined with unix-domain forwarding it's
even possible to run mux client and server on different machines. feedback
& ok djm@
Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b
|
|
put back some pre-auth zlib bits that I shouldn't have
removed - they are still used by the client. Spotted by naddy@
Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2
|
|
restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.
remove a few server-side pre-auth compression bits that escaped
adjust wording of Compression directive in sshd_config(5)
pointed out by naddy@ ok markus@
Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
|
|
use a separate TOKENS section, as we've done for
sshd_config(5); help/ok djm
Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d
|
|
We no longer need to wrap/replace mmap for portability now that
pre-auth compression has been removed from OpenSSH.
|
|
Remove support for pre-authentication compression. Doing
compression early in the protocol probably seemed reasonable in the 1990s,
but today it's clearly a bad idea in terms of both cryptography (cf. multiple
compression oracle attacks in TLS) and attack surface.
Moreover, to support it across privilege-separation zlib needed
the assistance of a complex shared-memory manager that made the
required attack surface considerably larger.
Prompted by Guido Vranken pointing out a compiler-elided security
check in the shared memory manager found by Stack
(http://css.csail.mit.edu/stack/); ok deraadt@ markus@
NB. pre-auth authentication has been disabled by default in sshd
for >10 years.
Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf
|
|
Avoid a theoretical signed integer overflow should
BN_num_bytes() ever violate its manpage and return a negative value. Improve
order of tests to avoid confusing increasingly pedantic compilers.
Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
unstable optimisation analyser output. ok deraadt@
Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505
|
|
Reported by Glenn Golden
Diagnosis and fix from Ingo Schwarze
|
|
missing bit from previous commit
Upstream-ID: 438d5ed6338b28b46e822eb13eee448aca31df37
|
|
organise the token stuff into a separate section; ok
markus for an earlier version of the diff ok/tweaks djm
Upstream-ID: 81a6daa506a4a5af985fce7cf9e59699156527c8
|
|
mention curve25519-sha256 KEX
Upstream-ID: 33ae1f433ce4795ffa6203761fbdf86e0d7ffbaf
|
|
support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)
Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2
|
|
If ssh receives a PACKET_DISCONNECT during userauth it
will cause ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the
session being authenticated. Check for this and exit if necessary. ok djm@
Upstream-ID: b3afe126c0839d2eae6cddd41ff2ba317eda0903
|
|
correctly return errors from kex_send_ext_info(). Fix from
Sami Farin via https://github.com/openssh/openssh-portable/pull/50
Upstream-ID: c85999af28aaecbf92cfa2283381df81e839b42c
|
|
cast uint64_t for printf
Upstream-ID: 76d23e89419ccbd2320f92792a6d878211666ac1
|
|
disable tests for affirmative negated match after backout of
match change
Upstream-Regress-ID: acebb8e5042f03d66d86a50405c46c4de0badcfd
|
|
Revert two recent changes to negated address matching. The
new behaviour offers unintuitive surprises. We'll find a better way to deal
with single negated matches.
match.c 1.31:
> fix matching for pattern lists that contain a single negated match,
> e.g. "Host !example"
>
> report and patch from Robin Becker. bz#1918 ok dtucker@
addrmatch.c 1.11:
> fix negated address matching where the address list consists of a
> single negated match, e.g. "Match addr !192.20.0.1"
>
> Report and patch from Jakub Jelen. bz#2397 ok dtucker@
Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6
|
|
test all the AuthorizedPrincipalsCommand % expansions
Upstream-Regress-ID: 0a79a84dfaa59f958e46b474c3db780b454d30e3
|