Commit Graph

11737 Commits

Author SHA1 Message Date
deraadt@openbsd.org
449bcb8403 upstream: and we go back to testing sftp-scp after the 8.9
release...

OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c
2022-02-24 08:23:13 +11:00
Damien Miller
166456ceda makedepend 2022-02-23 22:31:11 +11:00
djm@openbsd.org
32ebaa0dbc upstream: avoid integer overflow of auth attempts (harmless, caught
by monitor)

OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86
2022-02-23 22:22:20 +11:00
djm@openbsd.org
6e0258c64c upstream: randomise the password used in fakepw
OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947
2022-02-23 22:21:35 +11:00
djm@openbsd.org
bf114d6f0a upstream: use asprintf to construct .rhosts paths
OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b
2022-02-23 22:19:56 +11:00
djm@openbsd.org
c07e154fbd upstream: openssh-8.9
OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e
2022-02-23 22:08:26 +11:00
Darren Tucker
bc16667b4a Extend select+rlimit sanbox test to include poll.
POSIX specifies that poll() shall fail if "nfds argument is greater
than {OPEN_MAX}".  The setrlimit sandbox sets this to effectively zero
so this causes poll() to fail in the preauth privsep process.

This is likely the underlying cause for the previously observed similar
behaviour of select() on plaforms where it is implement in userspace on
top of poll().
2022-02-22 15:39:37 +11:00
Darren Tucker
6520c488de Add Alpine Linux test VM. 2022-02-22 13:08:59 +11:00
Darren Tucker
a4b325a3fc Include sys/param.h if present.
Needed for howmany() on MUSL systems such as Alpine.
2022-02-22 12:27:07 +11:00
Darren Tucker
5a102e9cb2 Only include sys/poll.h if we don't have poll.h.
Prevents warnings on MUSL based systems such as Alpine.
2022-02-22 12:25:52 +11:00
Damien Miller
7c0d4ce911 disable agent-restrict test on minix3
Minix seems to have a platform-wide limit on the number of
select(2) syscalls that can be concurrently issued. This test
seems to exceed this limit.

Refer to:

https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114
https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31
2022-02-22 11:14:51 +11:00
Darren Tucker
81d33d8e3c Skip agent-getpeereid when running as root. 2022-02-21 21:27:20 +11:00
dtucker@openbsd.org
fbd772570a upstream: Aproximate realpath on the expected output by deduping
leading slashes. Fixes test failure when user's home dir is / which is
possible in some portable configurations.

OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63
2022-02-20 15:10:19 +11:00
Darren Tucker
336685d223 Really move DSA to end of list.
In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to
the end of the list instead of DSA.  Spotted by andrew at fyfe.gb.net.
2022-02-20 13:30:52 +11:00
Darren Tucker
63bf4f49ed Add test configs for MUSL C library. 2022-02-18 12:12:21 +11:00
Damien Miller
f7fc6a43f1 minix needs BROKEN_POLL too; chokes on /dev/null 2022-02-17 22:54:19 +11:00
djm@openbsd.org
667fec5d4f upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught
by dtucker's minix3 vm :) ok dtucker@

OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361
2022-02-17 22:17:36 +11:00
Darren Tucker
41417dbda9 Comment hurd test, the VM is currently broken. 2022-02-17 22:05:29 +11:00
Damien Miller
b2aee35a1f find sk-dummy.so when build_dir != src_dir
spotted by Corinna Vinschen; feedback & ok dtucker@
2022-02-17 21:15:16 +11:00
Damien Miller
62a2d4e50b update versions in preparation for 8.9 release 2022-02-16 16:26:17 +11:00
djm@openbsd.org
dd6d3dded7 upstream: document the unbound/host-bound options to
PubkeyAuthentication; spotted by HARUYAMA Seigo

OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981
2022-02-15 16:14:40 +11:00
Darren Tucker
df93529dd7 Test if sshd accidentally acquires controlling tty
When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour
in the STREAMS code before activating the workaround.  ok djm@
2022-02-14 14:19:40 +11:00
Darren Tucker
766176cfdb Add cygwin-release test config.
This tests the flags used to build the cygwin release binaries.
2022-02-12 10:24:56 +11:00
Darren Tucker
b30698662b Move SSHD_ACQUIRES_CTTY workaround into compat.
On some (most? all?) SysV based systems with STREAMS based ptys,
sshd could acquire a controlling terminal during pty setup when
it pushed the "ptem" module, due to what is probably a bug in
the STREAMS driver that's old enough to vote.  Because it was the
privileged sshd's controlling terminal, it was not available for
the user's session, which ended up without one.  This is known to
affect at least Solaris <=10, derivatives such as OpenIndiana and
several other SysV systems.  See bz#245 for the backstory.

In the we past worked around that by not calling setsid in the
privileged sshd child, which meant it was not a session or process
group leader.  This solved controlling terminal problem because sshd
was not eligble to acquire one, but had other side effects such as
not cleaning up helper subprocesses in the SIGALRM handler since it
was not PG leader.  Recent cleanups in the signal handler uncovered
this, resulting in the LoginGraceTime timer not cleaning up privsep
unprivileged processes.

This change moves the workaround into the STREAMS pty allocation code,
by allocating a sacrificial pty to act as sshd's controlling terminal
before allocating user ptys, so those are still available for users'
sessions.

On the down side:
 - this will waste a pty per ssh connection on affected platforms.

On the up side:
 - it makes the process group behaviour consistent between platforms.

 - it puts the workaround nearest the code that actually causes the
   problem and competely out of the mainline code.

 - the workaround is only activated if you use the STREAMS code.  If,
   say, Solaris 11 has the bug but also a working openpty() it doesn't
   matter that we defined SSHD_ACQUIRES_CTTY.

 - the workaround is only activated when the fist pty is allocated,
   ie in the post-auth privsep monitor.  This means there's no risk
   of fd leaks to the unprivileged processes, and there's no effect on
   sessions that do not allocate a pty.

Based on analysis and work by djm@, ok djm@
2022-02-11 21:00:35 +11:00
Darren Tucker
cd00b48cf1 Simplify handling of --with-ssl-dir.
ok djm@
2022-02-11 20:09:32 +11:00
Darren Tucker
ea13fc830f Stop testing OpenBSD HEAD on 6.9 and 7.0.
HEAD is not guaranteed to work on previous stable branches, and at the
moment is broken due to libfido API changes.
2022-02-11 13:42:36 +11:00
dtucker@openbsd.org
50b9e4a451 upstream: Always initialize delim before passing to hpdelim2 which
might not set it. Found by the Valgrind tests on github, ok deraadt@

OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d
2022-02-11 12:17:07 +11:00
Darren Tucker
6ee53064f4 Fix helper include path and remove excess code.
Looks like test_hpdelim.c was imported twice into the same file.
Spotted by kevin.brott at gmail com and chris at cataclysmal org.
2022-02-11 10:05:31 +11:00
Darren Tucker
9fa63a19f6 Put poll.h inside ifdef. 2022-02-10 23:51:02 +11:00
Darren Tucker
3ac00dfeb5 We now support POLLPRI so actually define it. 2022-02-10 22:18:02 +11:00
dtucker@openbsd.org
25bd659cc7 upstream: Add test for empty hostname with port.
OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3
2022-02-10 15:17:28 +11:00
dtucker@openbsd.org
a29af853cf upstream: Add unit tests for hpdelim.
OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018
2022-02-10 15:17:28 +11:00
djm@openbsd.org
9699151b03 upstream: revert for imminent OpenSSH release, which wil ship with
scp in RCP mode.

> revision 1.106
> date: 2021/10/15 14:46:46;  author: deraadt;  state: Exp;  lines: +13 -9;  commitid: w5n9B2RE38tFfggl;
> openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
> protocol for copying.  Let's get back to testing the SFTP protocol.

This will be put back once the OpenSSH release is done.

OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768
2022-02-10 15:14:24 +11:00
dtucker@openbsd.org
45279abceb upstream: Switch hpdelim interface to accept only ":" as delimiter.
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports.  These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it.  Make hpdelim accept only ":" and use hpdelim2
in the other cases.  ok djm@

OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
2022-02-10 15:14:17 +11:00
pedro martelletto
a1bcbf04a7 fix typos in previous 2022-02-07 21:26:14 +11:00
Damien Miller
56192518e3 compat code for fido_assert_set_clientdata() 2022-02-07 12:53:47 +11:00
djm@openbsd.org
d6b5aa08fd upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead
of manually hashing data outselves. Saves a fair bit of code and makes life
easier for some -portable platforms.

OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0
2022-02-07 12:35:46 +11:00
jsg@openbsd.org
86cc93fd3c upstream: remove please from manual pages ok jmc@ sthen@ millert@
OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa
2022-02-07 12:27:48 +11:00
dtucker@openbsd.org
ad16a84e64 upstream: Since they are deprecated, move DSA to the end of the
default list of public keys so that they will be tried last.  From github
PR#295 from "ProBackup-nl", ok djm@

OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
2022-02-07 12:27:48 +11:00
Damien Miller
253de42753 portable-specific string array constification
from Mike Frysinger
2022-02-02 16:52:07 +11:00
djm@openbsd.org
dfdcc2220c upstream: test 'ssh-keygen -Y find-principals' with wildcard
principals; from Fabian Stelzer

OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40
2022-02-02 16:51:04 +11:00
dtucker@openbsd.org
968e508967 upstream: Enable all supported ciphers and macs in the server
before trying to benchmark them.  Increase the data file size to get more
signal.

OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6
2022-02-02 16:51:04 +11:00
djm@openbsd.org
15b7199a1f upstream: allow 'ssh-keygen -Y find-principals' to match wildcard
principals in allowed_signers files; from Fabian Stelzer

OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098
2022-02-02 10:38:59 +11:00
djm@openbsd.org
541667fe6d upstream: mark const string array contents const too, i.e. static
const char *array => static const char * const array from Mike Frysinger

OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
2022-02-02 10:38:59 +11:00
djm@openbsd.org
8cfa73f8a2 upstream: better match legacy scp behaviour: show un-expanded paths
in error messages. Spotted by and ok tb@

OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7
2022-02-02 10:38:59 +11:00
dtucker@openbsd.org
4e62c13ab4 upstream: Remove explicit kill of privsep preauth child's PID in
SIGALRM handler. It's no longer needed since the child will get terminated by
the SIGTERM to the process group that cleans up any auth helpers, it
simplifies the signal handler and removes the risk of a race when updating
the PID. Based on analysis by HerrSpace in github PR#289, ok djm@

OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663
2022-02-01 19:20:30 +11:00
guenther@openbsd.org
2a7ccd2ec4 upstream: When it's the possessive of 'it', it's spelled "its",
without the apostrophe.

OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7
2022-02-01 19:20:30 +11:00
Alex James
8a0848cdd3 sandbox-seccomp-filter: allow gettid
Some allocators (such as Scudo) use gettid while tracing allocations [1].
Allow gettid in preauth to prevent sshd from crashing with Scudo.

[1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46
2022-01-31 16:45:10 +11:00
djm@openbsd.org
b30d32159d upstream: add a ssh_packet_process_read() function that reads from
a fd directly into the transport input buffer.

Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.

Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)

feedback dtucker@ ok markus@

OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
2022-01-25 12:18:35 +11:00
djm@openbsd.org
a1a8efeaaa upstream: Use sshbuf_read() to read directly into the channel input
buffer rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok
markus@

OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572
2022-01-25 12:13:05 +11:00