summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-04-04session: Do not use removed APIDamien Miller
from Jakub Jelen
2019-04-03upstream: when logging/fataling on error, include a bit more detaildjm@openbsd.org
than just the function name and the error message OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
2019-04-03Remove "struct ssh" from sys_auth_record_login.Darren Tucker
It's not needed, and is not available from the call site in loginrec.c Should only affect AIX, spotted by Kevin Brott.
2019-04-02Adapt custom_failed_login to new prototype.Darren Tucker
Spotted by Kevin Brott.
2019-04-01Add includes.h for compat layer.Darren Tucker
Should fix build on AIX 7.2.
2019-03-31Stop USL compilers for erroring with "integral constant expression expected"Tim Rice
2019-03-31Only use O_NOFOLLOW in fchownat and fchmodat if definedTim Rice
2019-03-29Adjust softhsm2 path on Fedora Linux for regressJakub Jelen
The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so
2019-03-28Only use O_NOFOLLOW in utimensat if defined.Darren Tucker
Fixes build on systems that don't have it (Solaris <=9) Found by Tom G. Christensen.
2019-03-28drop old Cygwin considerationsCorinna Vinschen
- Cygwin supports non-DOS characters in filenames - Cygwin does not support Windows XP anymore Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-27upstream: fix interaction between ClientAliveInterval and RekeyLimitdjm@openbsd.org
that could cause connection to close incorrectly; Report and patch from Jakub Jelen in bz#2757; ok dtucker@ markus@ OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
2019-03-26upstream: Fix authentication failures when "AuthenticationMethodsdjm@openbsd.org
any" in a Match block overrides a more restrictive global default. Spotted by jmc@, ok markus@ OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-26upstream: whitespacedjm@openbsd.org
OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07
2019-03-26upstream: Expand comment to document rationale for default keydtucker@openbsd.org
sizes. "seems worthwhile" deraadt. OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
2019-03-26upstream: Increase the default RSA key size to 3072 bits. Based ondtucker@openbsd.org
the estimates from NIST Special Publication 800-57, 3k bits provides security equivalent to 128 bits which is the smallest symmetric cipher we enable by default. ok markus@ deraadt@ OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
2019-03-26upstream: full stop in the wrong place;jmc@openbsd.org
OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4
2019-03-26upstream: benno helped me clean up the tcp forwarding section;jmc@openbsd.org
OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
2019-03-26upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFLmarkus@openbsd.org
OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c
2019-03-14Fix build when configured --without-openssl.Darren Tucker
ok djm@
2019-03-14On Cygwin run sshd as SYSTEM where possible.Darren Tucker
Seteuid now creates user token using S4U. We don't create a token from scratch anymore, so we don't need the "Create a process token" privilege. The service can run under SYSTEM again... ...unless Cygwin is running on Windows Vista or Windows 7 in the WOW64 32 bit emulation layer. It turns out that WOW64 on these systems didn't implement MsV1_0 S4U Logon so we still need the fallback to NtCreateToken for these systems. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-13Replace alloca with xcalloc.Darren Tucker
The latter checks for memory exhaustion and integer overflow and may be at a less predictable place. Sanity check by vinschen at redhat.com, ok djm@
2019-03-12Use Cygwin-specific matching only for users+groups.Darren Tucker
Patch from vinschen at redhat.com, updated a little by me.
2019-03-08upstream: Move checks for lists of users or groups into their owndtucker@openbsd.org
function. This is a no-op on OpenBSD but will make things easier in -portable, eg on systems where these checks should be case-insensitive. ok djm@ OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e
2019-03-08upstream: Reset last-seen time when sending a keepalive. Preventsdtucker@openbsd.org
sending two keepalives successively and prematurely terminating connection when ClientAliveCount=1. While there, collapse two similar tests into one. ok markus@ OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd
2019-03-08upstream: PKCS#11 support is no longer limited to RSA; ok benno@naddy@openbsd.org
kn@ OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
2019-03-08upstream: in ssh_set_newkeys(), mention the direction that we'redjm@openbsd.org
keying in debug messages. Previously it would be difficult to tell which direction it was talking about OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d
2019-03-01upstream: Fix two race conditions in sshd relating to SIGHUP:djm@openbsd.org
1. Recently-forked child processes will briefly remain listening to listen_socks. If the main server sshd process completes its restart via execv() before these sockets are closed by the child processes then it can fail to listen at the desired addresses/ports and/or fail to restart. 2. When a SIGHUP is received, there may be forked child processes that are awaiting their reexecution state. If the main server sshd process restarts before passing this state, these child processes will yield errors and use a fallback path of reading the current sshd_config from the filesystem rather than use the one that sshd was started with. To fix both of these cases, we reuse the startup_pipes that are shared between the main server sshd and forked children. Previously this was used solely to implement tracking of pre-auth child processes for MaxStartups, but this extends the messaging over these pipes to include a child->parent message that the parent process is safe to restart. This message is sent from the child after it has completed its preliminaries: closing listen_socks and receiving its reexec state. bz#2953, reported by Michal Koutný; ok markus@ dtucker@ OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab
2019-03-01upstream: mention PKCS11Provide=none, reword a little and removedjm@openbsd.org
mention of RSA keys only (since we support ECDSA now and might support others in the future). Inspired by Jakub Jelen via bz#2974 OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5
2019-03-01upstream: let PKCS11Provider=none do what users expectdjm@openbsd.org
print PKCS11Provider instead of obsolete SmartcardDevice in config dump. bz#2974 ok dtucker@ OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846
2019-03-01upstream: dup stdout/in for proxycommand=-, otherwise stdout mightmarkus@openbsd.org
be redirected to /dev/null; ok djm@ OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595
2019-02-24upstream: openssh-7.9 accidentally reused the server's algorithm listsdjm@openbsd.org
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical between the client and server, but the error accidentially disabled the diffie-hellman-group-exchange-sha1 KEX method. This fixes the client code to use the correct method list, but because nobody complained, it also disables the diffie-hellman-group-exchange-sha1 KEX method. Reported by nuxi AT vault24.org via bz#2697; ok dtucker OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
2019-02-22Cygwin: implement case-insensitive Unicode user and group name matchingCorinna Vinschen
The previous revert enabled case-insensitive user names again. This patch implements the case-insensitive user and group name matching. To allow Unicode chars, implement the matcher using wchar_t chars in Cygwin-specific code. Keep the generic code changes as small as possible. Cygwin: implement case-insensitive Unicode user and group name matching Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22Revert unintended parts of previous commit.Darren Tucker
2019-02-22Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"Corinna Vinschen
This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22Add tags to .gitignoreCorinna Vinschen
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22upstream: perform removal of agent-forwarding directory in forwarddjm@openbsd.org
setup error path with user's privileged. This is a no-op as this code always runs with user privilege now that we no longer support running sshd with privilege separation disabled, but as long as the privsep skeleton is there we should follow the rules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bz#2969 with patch from Erik Sjölund OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
2019-02-22upstream: sync the description of ~/.ssh/config with djm's updatedjmc@openbsd.org
description in ssh.1; issue pointed out by andreas kahari ok dtucker djm OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c
2019-02-13upstream: fix regression in r1.302 reported by naddy@ - only the firstdjm@openbsd.org
public key from the agent was being attempted for use. OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
2019-02-11upstream: cleanup GSSAPI authentication context after completion of thedjm@openbsd.org
authmethod. Move function-static GSSAPI state to the client Authctxt structure. Make static a bunch of functions that aren't used outside this file. Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@ OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
2019-02-11upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11benno@openbsd.org
interactive, so it can ask for the smartcards PIN. ok markus@ OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab
2019-02-10upstream: when checking that filenames sent by the server sidedjm@openbsd.org
match what the client requested, be prepared to handle shell-style brace alternations, e.g. "{foo,bar}". "looks good to me" millert@ + in snaps for the last week courtesy deraadt@ OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
2019-02-10upstream: syslog when connection is dropped for attempting to run adjm@openbsd.org
command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
2019-02-08don't set $MAIL if UsePam=yesDamien Miller
PAM typically specifies the user environment if it's enabled, so don't second guess. bz#2937; ok dtucker@
2019-02-08use same close logic for stderr as stdoutDamien Miller
Avoids sending SIGPIPE to child processes after their parent exits if they attempt to write to stderr. Analysis and patch from JD Paul; patch reworked by Jakub Jelen and myself. bz#2071; ok dtucker@
2019-02-08upstream: Adapt code in the non-USE_PIPES codepath to the new packetdtucker@openbsd.org
API. This code is not normally reachable since USE_PIPES is always defined. bz#2961, patch from adrian.fita at gmail com. OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a
2019-02-05upstream: fix NULL-deref crash in PKCS#11 code when attemptingdjm@openbsd.org
login to a token requiring a PIN; reported by benno@ fix mostly by markus@ OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31
2019-02-04upstream: Remove obsolete "Protocol" from commented out examples. Patchdtucker@openbsd.org
from samy.mahmoudi at gmail com. OpenBSD-Commit-ID: 16aede33dae299725a03abdac5dcb4d73f5d0cbf
2019-02-01upstream: Save connection timeout and restore for 2nd anddtucker@openbsd.org
subsequent attempts, preventing them from having no timeout. bz#2918, ok djm@ OpenBSD-Commit-ID: 4977f1d0521d9b6bba0c9a20d3d226cefac48292
2019-02-01upstream: Add authors for public domain sntrup4591761 code;markus@openbsd.org
confirmed by Daniel J. Bernstein OpenBSD-Commit-ID: b4621f22b8b8ef13e063c852af5e54dbbfa413c1
2019-02-01upstream: add -T to usage();jmc@openbsd.org
OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899