summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-09-08Fuzzer harnesses for sig verify and pubkey parsingDamien Miller
These are some basic clang libfuzzer harnesses for signature verification and public key parsing. Some assembly (metaphorical) required.
2017-09-08Give configure ability to set CFLAGS/LDFLAGS laterDamien Miller
Some CFLAGS/LDFLAGS may disrupt the configure script's operation, in particular santization and fuzzer options that break assumptions about memory and file descriptor dispositions. This adds two flags to configure --with-cflags-after and --with-ldflags-after that allow specifying additional compiler and linker options that are added to the resultant Makefiles but not used in the configure run itself. E.g. env CC=clang-3.9 ./configure \ --with-cflags-after=-fsantize=address \ --with-ldflags-after="-g -fsanitize=address"
2017-09-04upstream commitdjm@openbsd.org
Expand ssh_config's StrictModes option with two new settings: StrictModes=accept-new will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. StrictModes=off is the same as StrictModes=no Motivation: StrictModes=no combines two behaviours for host key processing: automatically learning new hostkeys and continuing to connect to hosts with invalid/changed hostkeys. The latter behaviour is quite dangerous since it removes most of the protections the SSH protocol is supposed to provide. Quite a few users want to automatically learn hostkeys however, so this makes that feature available with less danger. At some point in the future, StrictModes=no will change to be a synonym for accept-new, with its current behaviour remaining available via StrictModes=off. bz#2400, suggested by Michael Samuel; ok markus Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
2017-09-04upstream commitjmc@openbsd.org
remove blank line; Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
2017-09-04upstream commitdjm@openbsd.org
identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
2017-09-04upstream commitdjm@openbsd.org
document available AuthenticationMethods; bz#2453 ok dtucker@ Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
2017-09-04upstream commitdjm@openbsd.org
pass packet state down to some of the channels function (more to come...); ok markus@ Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
2017-09-04upstream commitjmc@openbsd.org
sort options; Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
2017-09-04upstream commitdlg@openbsd.org
add a -q option to ssh-add to make it quiet on success. if you want to silence ssh-add without this you generally redirect the output to /dev/null, but that can hide error output which you should see. ok djm@ Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
2017-09-04upstream commitdtucker@openbsd.org
Increase the buffer sizes for user prompts to ensure that they won't be truncated by snprintf. Based on patch from cjwatson at debian.org via bz#2768, ok djm@ Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
2017-08-28Switch Capsicum header to sys/capsicum.h.Darren Tucker
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to avoid future conflicts with POSIX capabilities (the last release that didn't have it was 9.3) so switch to that. Patch from des at des.no.
2017-08-27Add missing includes for bsd-err.c.Darren Tucker
Patch from cjwatson at debian.org via bz#2767.
2017-08-25Split platform_sys_dir_uid into its own fileDamien Miller
platform.o is too heavy for libssh.a use; it calls into the server on many platforms. Move just the function needed by misc.c into its own file.
2017-08-23misc.c needs functions from platform.c nowDamien Miller
2017-08-23upstream commitdjm@openbsd.org
add a "quiet" flag to exited_cleanly() that supresses errors about exit status (failure due to signal is still reported) Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
2017-08-23upstream commitdjm@openbsd.org
Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
2017-08-12upstream commitdjm@openbsd.org
make "--" before the hostname terminate command-line option processing completely; previous behaviour would not prevent further options appearing after the hostname (ssh has a supported options after the hostname for >20 years, so that's too late to change). ok deraadt@ Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
2017-08-12upstream commitdjm@openbsd.org
Switch from aes256-cbc to aes256-ctr for encrypting new-style private keys. The latter having the advantage of being supported for no-OpenSSL builds; bz#2754 ok markus@ Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
2017-08-12upstream commitdjm@openbsd.org
refuse to a private keys when its corresponding .pub key does not match. bz#2737 ok dtucker@ Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
2017-08-12upstream commitdjm@openbsd.org
don't print verbose error message when ssh disconnects under sftp; bz#2750; ok dtucker@ Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370
2017-08-12upstream commitdtucker@openbsd.org
Tweak previous keepalive commit: if last_time + keepalive <= now instead of just "<" so client_alive_check will fire if the select happens to return on exact second of the timeout. ok djm@ Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc
2017-08-12upstream commitdtucker@openbsd.org
Keep track of the last time we actually heard from the client and use this to also schedule a client_alive_check(). Prevents activity on a forwarded port from indefinitely preventing the select timeout so that client_alive_check() will eventually (although not optimally) be called. Analysis by willchan at google com via bz#2756, feedback & ok djm@ Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e
2017-07-28Expose list of completed auth methods to PAMDamien Miller
bz#2408; ok dtucker@
2017-07-28fix problems in tunnel forwarding portability codeDamien Miller
This fixes a few problems in the tun forwarding code, mostly to do with host/network byte order confusion. Based on a report and patch by stepe AT centaurus.uberspace.de; bz#2735; ok dtucker@
2017-07-28upstream commitdtucker@openbsd.org
Make WinSCP patterns for SSH_OLD_DHGEX more specific to exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
2017-07-24upstream commitdjm@openbsd.org
g/c unused variable; make a little more portable Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
2017-07-24upstream commitdjm@openbsd.org
Allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default; ok dtucker@ Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
2017-07-21mention libeditDamien Miller
2017-07-21upstream commitmarkus@openbsd.org
fix support for unknown key types; ok djm@ Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
2017-07-21upstream commitdjm@openbsd.org
switch from select() to poll() for the ssh-agent mainloop; ok markus Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
2017-07-21upstream commitdtucker@openbsd.org
Make ""Killed by signal 1" LogLevel verbose so it's not shown at the default level. Prevents it from appearing during ssh -J and equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
2017-07-21upstream commitjmc@openbsd.org
man pages with pseudo synopses which list filenames end up creating very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple; ok schwarze, who also helpfully ran things through a build to check output; Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
2017-07-21upstream commitespie@openbsd.org
zap redundant Makefile variables. okay djm@ Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604
2017-07-21upstream commitjmc@openbsd.org
slightly rework previous, to avoid an article issue; Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
2017-07-21upstream commitdjm@openbsd.org
When generating all hostkeys (ssh-keygen -A), clobber existing keys if they exist but are zero length. zero-length keys could previously be made if ssh-keygen failed part way through generating them, so avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
2017-07-21upstream commitdjm@openbsd.org
actually remove these files Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac
2017-07-21upstream commitdjm@openbsd.org
remove post-SSHv1 removal dead code from rsa.c and merge the remaining bit that it still used into ssh-rsa.c; ok markus Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
2017-07-14make explicit_bzero/memset safe for sz=0Damien Miller
2017-07-11modified: configure.acTim Rice
UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris Analysis by Robbie Zhang
2017-07-07typoDamien Miller
2017-06-30upstream commitdtucker@openbsd.org
Only call close once in confree(). ssh_packet_close will close the FD so only explicitly close non-SSH channels. bz#2734, from bagajjal at microsoft.com, ok djm@ Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
2017-06-29Update link for my patches.Darren Tucker
2017-06-28upstream commitdjm@openbsd.org
Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
2017-06-24upstream commitdjm@openbsd.org
regress test for ExposeAuthInfo Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
2017-06-24upstream commitdjm@openbsd.org
correct env var name Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
2017-06-24upstream commitjmc@openbsd.org
spelling; Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
2017-06-24upstream commitdjm@openbsd.org
don't pass pointer to struct sshcipher between privsep processes, just redo the lookup in each using the already-passed cipher name. bz#2704 based on patch from Brooks Davis; ok markus dtucker Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
2017-06-24upstream commitdjm@openbsd.org
refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@ Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-06-24upstream commitjmc@openbsd.org
word fix; Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5
2017-06-24upstream commitdjm@openbsd.org
switch sshconnect.c from (slightly abused) select() to poll(); ok deraadt@ a while back Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175