summaryrefslogtreecommitdiff
path: root/misc.c
AgeCommit message (Collapse)Author
2016-12-23Allow harmless group-writabilityColin Watson
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be group-writable, provided that the group in question contains only the file's owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding about the contents of gr->gr_mem). Given that per-user groups and umask 002 are the default setup in Debian (for good reasons - this makes operating in setgid directories with other groups much easier), we need to permit this by default. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 Last-Update: 2013-09-14 Patch-Name: user-group-modes.patch
2016-11-30upstream commitdtucker@openbsd.org
On startup, check to see if sshd is already daemonized and if so, skip the call to daemon() and do not rewrite the PidFile. This means that when sshd re-execs itself on SIGHUP the process ID will no longer change. Should address bz#2641. ok djm@ markus@. Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
2016-10-24upstream commitdtucker@openbsd.org
Factor out "can bind to low ports" check into its own function. This will make it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@. Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
2016-07-15upstream commitdjm@openbsd.org
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@ Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
2016-04-08upstream commitdjm@openbsd.org
don't record duplicate LocalForward and RemoteForward entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation where the same forwards are added on the second pass through the configuration file. bz#2562; ok dtucker@ Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
2016-04-08upstream commitkrw@openbsd.org
Another use for fcntl() and thus of the superfluous 3rd parameter is when sanitising standard fd's before calling daemon(). Use a tweaked version of the ssh(1) function in all three places found using fcntl() this way. ok jca@ beck@ Upstream-ID: f16811ffa19a1c5f4ef383c5f0fecb843c84e218
2016-03-09Add compat to monotime_double().Darren Tucker
Apply all of the portability changes in monotime() to monotime() double. Fixes build on at least older FreeBSD systems.
2016-03-04upstream commitdtucker@openbsd.org
Improve precision of progressmeter for sftp and scp by storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@ Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
2016-01-27upstream commitdtucker@openbsd.org
Include sys/time.h for gettimeofday. From sortie at maxsi.org. Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b
2015-12-09Don't set IPV6_V6ONLY on OpenBSDDamien Miller
It isn't necessary and runs afoul of pledge(2) restrictions.
2015-12-07upstream committobias@openbsd.org
Properly handle invalid %-format by calling fatal. ok deraadt, djm Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac
2015-10-25upstream commitsthen@openbsd.org
Handle the split of tun(4) "link0" into tap(4) in ssh tun-forwarding. Adapted from portable (using separate devices for this is the normal case in most OS). ok djm@ Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39
2015-10-08upstream commitdjm@openbsd.org
don't try to change tun device flags if they are already what we need; makes it possible to use tun/tap networking as non- root user if device permissions and interface flags are pre-established; based on patch by Ossi Herrala Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
2015-04-29upstream commitderaadt@openbsd.org
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-01-16upstream commitderaadt@openbsd.org
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-10-27upstream commitlteo@openbsd.org
Remove unnecessary include: netinet/in_systm.h is not needed by these programs. NB. skipped for portable ok deraadt@ millert@
2014-08-30 - (djm) [misc.c] Missing newline between functionsDamien Miller
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-05-21 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONICDamien Miller
when it is available. It takes into account time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228 reported by John Haxby
2014-04-20 - djm@cvs.openbsd.org 2014/04/20 02:30:25Damien Miller
[misc.c misc.h umac.c] use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on strict-alignment architectures; reported by and ok stsp@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 23:28:23Damien Miller
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
2013-08-08 - (dtucker) [misc.c] Remove define added for fallback testing that wasDarren Tucker
mistakenly included in the previous commit.
2013-08-08 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(Darren Tucker
CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the CLOCK_MONOTONIC define but don't actually support it. Found and tested by Kevin Brott, ok djm.
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 00:43:50Damien Miller
[misc.c] in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when errno == 0. Avoids confusing error message in some broken resolver cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-06-02 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fallDarren Tucker
back to time(NULL) if we can't find it anywhere.
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-05-16 - tedu@cvs.openbsd.org 2013/04/24 16:01:46Darren Tucker
[misc.c] remove extra parens noticed by nicm
2013-05-16 - tedu@cvs.openbsd.org 2013/04/23 17:49:45Darren Tucker
[misc.c] use xasprintf instead of a series of strlcats and strdup. ok djm
2013-04-23 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] SupportDamien Miller
platforms, such as Android, that lack struct passwd.pw_gecos. Report and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2011-09-22 - djm@cvs.openbsd.org 2011/09/05 05:59:08Damien Miller
[misc.c] fix typo in IPQoS parsing: there is no "AF14" class, but there is an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17Damien Miller
[misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
2011-01-13 - (djm) [misc.c] include time.h for nanosleep() prototypeDamien Miller
2010-12-01 - djm@cvs.openbsd.org 2010/11/21 01:01:13Damien Miller
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
2010-11-20 - djm@cvs.openbsd.org 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-10-07 - matthew@cvs.openbsd.org 2010/09/24 13:33:00Damien Miller
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH
2010-09-24 - djm@cvs.openbsd.org 2010/09/22 22:58:51Damien Miller
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
2010-08-03 - djm@cvs.openbsd.org 2010/07/21 02:10:58Damien Miller
[misc.c] sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 23:13:16Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
2010-07-16 - djm@cvs.openbsd.org 2010/07/13 11:52:06Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
2010-07-16 - djm@cvs.openbsd.org 2010/07/02 04:32:44Damien Miller
[misc.c] unbreak strdelim() skipping past quoted strings, e.g. AllowUsers "blah blah" blah was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com ok dtucker;
2010-06-26 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/05/21 05:00:36 [misc.c] colon() returns char*, so s/return (0)/return NULL/
2010-01-10 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13Darren Tucker
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]Darren Tucker
Remove hacks add for RoutingDomain in preparation for its removal.
2010-01-09 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don'tDarren Tucker
have it.
2010-01-08 - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN moreDarren Tucker
to eliminate an unused variable warning.
2010-01-08 - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket toDarren Tucker
be created.
2010-01-08 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] MakeDarren Tucker
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 - stevesk@cvs.openbsd.org 2009/12/25 19:40:21Darren Tucker
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c] validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@
2010-01-08 - djm@cvs.openbsd.org 2009/11/20 03:24:07Darren Tucker
[misc.c] correct off-by-one in percent_expand(): we would fatal() when trying to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually work. Note that nothing in OpenSSH actually uses close to this limit at present. bz#1607 from Jan.Pechanec AT Sun.COM