summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-20upstream: convert the remainder of sshconnect2.c to new packetdjm@openbsd.org
API with & ok markus@ OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
2019-01-20upstream: convert the remainder of clientloop.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
2019-01-20upstream: convert auth2.c to new packet APIDamien Miller
OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
2019-01-20upstream: convert servconf.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
2019-01-20upstream: convert channels.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
2019-01-20upstream: convert sshconnect.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f
2019-01-20upstream: convert ssh.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
2019-01-20upstream: convert mux.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
2019-01-20upstream: convert sshconnect2.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
2019-01-20upstream: convert clientloop.c to new packet APIdjm@openbsd.org
with & ok markus@ OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
2019-01-20upstream: allow sshpkt_fatal() to take a varargs format; we'lldjm@openbsd.org
use this to give packet-related fatal error messages more context (esp. the remote endpoint) ok markus@ OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
2019-01-20upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org
API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20upstream: Print an \r in front of the password prompt so parts oftb@openbsd.org
a password that was entered too early are likely clobbered by the prompt. Idea from doas. from and ok djm "i like it" deraadt OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e
2019-01-18Add minimal fchownat and fchmodat implementations.Darren Tucker
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18Add a minimal implementation of utimensat().Darren Tucker
Some systems (eg older OS X) do not have utimensat, so provide minimal implementation in compat layer. Fixes build on at least El Capitan.
2019-01-17upstream: regress bits for banner processing refactor (this test wasdjm@openbsd.org
depending on ssh returning a particular error message for banner parsing failure) reminded by bluhm@ OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575
2019-01-17upstream: tun_fwd_ifnames variable should bdjm@openbsd.org
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
2019-01-17upstream: include time.h for time(3)/nanosleep(2); from Iandjm@openbsd.org
McKellar OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
2019-01-17upstream: many of the global variables in this file can be made static;djm@openbsd.org
patch from Markus Schmidt OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
2019-01-17upstream: Add "-h" flag to sftp chown/chgrp/chmod commands todjm@openbsd.org
request they do not follow symlinks. Requires recently-committed lsetstat@openssh.com extension on the server side. ok markus@ dtucker@ OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
2019-01-17upstream: add support for a "lsetstat@openssh.com" extension. Thisdjm@openbsd.org
replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but with more attribute modifications supported. ok markus@ dtucker@ OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
2019-01-04upstream: eliminate function-static attempt counters fordjm@openbsd.org
passwd/kbdint authmethods by moving them to the client authctxt; Patch from Markus Schmidt, ok markus@ OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
2019-01-04upstream: fix memory leak of ciphercontext when rekeying; bz#2942djm@openbsd.org
Patch from Markus Schmidt; ok markus@ OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
2019-01-03upstream: static on global vars, const on handler tables that containdjm@openbsd.org
function pointers; from Mike Frysinger OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
2018-12-28upstream: Request RSA-SHA2 signatures fordjm@openbsd.org
rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@ OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
2018-12-27upstream: ssh_packet_set_state() now frees ssh->kex implicitly, sodjm@openbsd.org
don't do explicit kex_free() beforehand OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf
2018-12-27upstream: remove unused and problematic sudo clean. ok espietedu@openbsd.org
OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b
2018-12-27upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org
ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27upstream: Fix calculation of initial bandwidth limits. Account fordtucker@openbsd.org
written bytes before the initial timer check so that the first buffer written is accounted. Set the threshold after which the timer is checked such that the limit starts being computed as soon as possible, ie after the second buffer is written. This prevents an initial burst of traffic and provides a more accurate bandwidth limit. bz#2927, ok djm. OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
2018-12-27upstream: only consider the ext-info-c extension during the initialdjm@openbsd.org
KEX. It shouldn't be sent in subsequent ones, but if it is present we should ignore it. This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy these clients. Reported by Jakub Jelen via bz2929; ok dtucker@ OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
2018-12-27upstream: fix option letter pasto in previousdjm@openbsd.org
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
2018-12-27upstream: mention that the ssh-keygen -F (find host indjm@openbsd.org
authorized_keys) and -R (remove host from authorized_keys) options may accept either a bare hostname or a [hostname]:port combo. bz#2935 OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
2018-12-14expose $SSH_CONNECTION in the PAM environmentDamien Miller
This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741
2018-12-13Don't pass loginmsg by address now that it's an sshbuf*Kevin Adler
In 120a1ec74, loginmsg was changed from the legacy Buffer type to struct sshbuf*, but it missed changing calls to sys_auth_allowed_user and sys_auth_record_login which passed loginmsg by address. Now that it's a pointer, just pass it directly. This only affects AIX, unless there are out of tree users.
2018-12-07upstream: no need to allocate channels_pre/channels_post indjm@openbsd.org
channel_init_channels() as we do it anyway in channel_handler_init() that we call at the end of the function. Fix from Markus Schmidt via bz#2938 OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
2018-12-07upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293djm@openbsd.org
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
2018-12-07upstream: don't truncate user or host name in "user@host'sdjm@openbsd.org
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
2018-12-07upstream: tweak previous;jmc@openbsd.org
OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
2018-11-25Include stdio.h for FILE if needed.Darren Tucker
2018-11-25Reverse order of OpenSSL init functions.Darren Tucker
Try the new init function (OPENSSL_init_crypto) before falling back to the old one (OpenSSL_add_all_algorithms).
2018-11-25Improve OpenSSL_add_all_algorithms check.Darren Tucker
OpenSSL_add_all_algorithms() may be a macro so check for that too.
2018-11-23upstream: add a ssh_config "Match final" predicatedjm@openbsd.org
Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 ok markus OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
2018-11-23upstream: Remove now-unneeded ifdef SIGINFO around handler since it isdtucker@openbsd.org
now always used for SIGUSR1 even when SIGINFO is not defined. This will make things simpler in -portable. OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
2018-11-23Move RANDOM_SEED_SIZE outside ifdef.Darren Tucker
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code This fixes the build with configureed --without-openssl.
2018-11-23Resync with OpenBSD by pulling in an ifdef SIGINFO.Darren Tucker
2018-11-23fix configure test for OpenSSL versionDamien Miller
square brackets in case statements may be eaten by autoconf. Report and fix from Filipp Gunbin; tweaked by naddy@
2018-11-23refactor libcrypto initialisationDamien Miller
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-22upstream: Output info on SIGUSR1 as well asdtucker@openbsd.org
SIGINFO to resync with portable. (ID sync only). OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
2018-11-22upstream: Append pid to temp files in /var/run and set a cleanupdtucker@openbsd.org
trap for them. This allows multiple instances of tests to run without colliding. OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
2018-11-22upstream: UsePrivilegeSeparation no is deprecateddtucker@openbsd.org
test "yes" and "sandbox". OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da