summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-03-03upstream: unit tests for new authorized_keys options APIdjm@openbsd.org
OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
2018-03-03upstream: fix testing of pty option, include positive test anddjm@openbsd.org
testing of restrict keyword OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
2018-03-03upstream: better testing for port-forwarding and restrict flags indjm@openbsd.org
authorized_keys OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
2018-03-03upstream: switch over to the new authorized_keys options API anddjm@openbsd.org
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03upstream: Introduce a new API for handling authorized_keys options.djm@openbsd.org
This API parses options to a dedicated structure rather than the old API's approach of setting global state. It also includes support for merging options, e.g. from authorized_keys, authorized_principals and/or certificates. feedback and ok markus@ OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
2018-03-03upstream: warn when the agent returns a signature type that wasdjm@openbsd.org
different to what was requested. This might happen when an old/non-OpenSSH agent is asked to make a rsa-sha2-256/512 signature but only supports ssh-rsa. bz#2799 feedback and ok markus@ OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
2018-03-03upstream: apply a lick of paint; tweaks/ok dtuckerjmc@openbsd.org
OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
2018-03-02upstream: Allow escaped quotes \" and \' in ssh_config anddjm@openbsd.org
sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
2018-03-02upstream: refactor sshkey_read() to make it a little more, err,djm@openbsd.org
readable. ok markus OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
2018-03-02upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report bymarkus@openbsd.org
jmc@ OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
2018-03-02upstream: Remove unneeded (local) include. ok markus@dtucker@openbsd.org
OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
2018-03-02upstream: Add $OpenBSD$ markers to xmss files to help keep synceddtucker@openbsd.org
with portable. ok djm@. OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
2018-03-02upstream: Add newline at end of file to prevent compiler warnings.dtucker@openbsd.org
OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
2018-02-28Add WITH_XMSS, move to prevent conflicts.Darren Tucker
Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after includes.h so it's less likely to conflict and will pick up WITH_XMSS if added to config.h.
2018-02-28Conditionally compile XMSS code.Darren Tucker
The XMSS code is currently experimental and, unlike the rest of OpenSSH cannot currently be compiled with a c89 compiler.
2018-02-27Check dlopen has RTLD_NOW before enabling pkcs11.Darren Tucker
2018-02-27Check for attributes on prototype args.Darren Tucker
Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) do not accept __attribute__ on function pointer prototype args. Check for this and hide them if they're not accepted.
2018-02-27Check if HAVE_DECL_BZERO correctly.Darren Tucker
2018-02-26Wrap <stdint.h> in #ifdef HAVE_STDINT_H.Darren Tucker
2018-02-26Replace $(CURDIR) with $(PWD).Darren Tucker
The former doesn't work on Solaris or BSDs.
2018-02-26Comment out hexdump().Darren Tucker
Nothing currently uses them but they cause conflicts on at least FreeBSD, possibly others. ok djm@
2018-02-26typo: missing ;Darren Tucker
2018-02-26Hook up flock() compat code.Darren Tucker
Also a couple of minor changes: fail if we can't lock instead of silently succeeding, and apply a couple of minor style fixes.
2018-02-26Import flock() compat from NetBSD.Darren Tucker
From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
2018-02-26Fix breakage when REGRESSTMP not set.Darren Tucker
BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR instead. Pointed out by djm@.
2018-02-26XMSS-related files get includes.hDamien Miller
2018-02-26object files end with .o - not .cDamien Miller
2018-02-26avoid inclusion of deprecated selinux/flask.hDamien Miller
Use string_to_security_class() instead.
2018-02-26updatedependDamien Miller
2018-02-26upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
2018-02-26upstream: some cleanup for BindInterface and ssh-keyscan;jmc@openbsd.org
OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
2018-02-26Invert sense of getpgrp test.Darren Tucker
AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not declared. Instead, test if the zero-arg version we want to use works.
2018-02-26Add no-op getsid implmentation.Darren Tucker
2018-02-26bsd-statvfs: include sys/vfs.h, check for f_flags.Darren Tucker
2018-02-26Handle calloc(0,x) where different from malloc.Darren Tucker
Configure assumes that if malloc(0) returns null then calloc(0,n) also does. On some old platforms (SunOS4) malloc behaves as expected (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this at configure time and activate the replacement function if found, plus handle this case in rpl_calloc.
2018-02-26Add prototype for readv if needed.Darren Tucker
2018-02-26Check for raise and supply if needed.Darren Tucker
2018-02-26Check for bzero and supply if needed.Darren Tucker
Since explicit_bzero uses it via an indirect it needs to be a function not just a macro.
2018-02-23upstream: Add ssh-keyscan -D option to make it print its results indjm@openbsd.org
SSHFP format bz#2821, ok dtucker@ OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
2018-02-23upstream: Add missing braces.dtucker@openbsd.org
Caught by the tinderbox's -Werror=misleading-indentation, ok djm@ OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca
2018-02-23Check for ifaddrs.h for BindInterface.Darren Tucker
BindInterface required getifaddr and friends so disable if not available (eg Solaris 10). We should be able to add support for some systems with a bit more work but this gets the building again.
2018-02-23space before tab in previousDamien Miller
2018-02-23upstream: Replace fatal with exit in the case that we do not havedtucker@openbsd.org
$SUDO set. Prevents test failures when neither sudo nor doas are configured. OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
2018-02-23Use portable syntax for REGRESSTMP.Darren Tucker
2018-02-23upstream: unbreak interop test after SSHv1 purge; patch from Colindjm@openbsd.org
Watson via bz#2823 OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a
2018-02-23upstream: Skip sftp-chroot test when SUDO not set instead ofdtucker@openbsd.org
fatal(). OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88
2018-02-23upstream: Replace fatal with exit in the case that we do not havedtucker@openbsd.org
$SUDO set. Prevents test failures when neither sudo nor doas are configured. OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
2018-02-23upstream: some helpers to check verbose/quiet modedjm@openbsd.org
OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de
2018-02-23upstream: Add BindInterface ssh_config directive and -Bdjm@openbsd.org
command-line argument to ssh(1) that directs it to bind its outgoing connection to the address of the specified network interface. BindInterface prefers to use addresses that aren't loopback or link- local, but will fall back to those if no other addresses of the required family are available on that interface. Based on patch by Mike Manning in bz#2820, ok dtucker@ OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
2018-02-23upstream: emphasise that the hostkey rotation may send key typesdjm@openbsd.org
that the client may not support, and that the client should simply disregard such keys (this is what ssh does already). OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf