Commit Graph

11961 Commits

Author SHA1 Message Date
dtucker@openbsd.org
4403b62f55
upstream: Warn if no host keys for hostbased auth can be loaded.
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
2022-12-09 11:36:35 +11:00
dtucker@openbsd.org
a6183e25e3
upstream: Add server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication.  This also sends those to
the server debug log to aid in debugging.  From bz#3507, ok djm@

OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
2022-12-09 11:36:27 +11:00
cheloha@openbsd.org
b85c3581c1
upstream: remove '?' from getopt(3) loops
userspace: remove vestigial '?' cases from top-level getopt(3) loops

getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument.  We can
handle this case with the "default" failure case with no loss of
legibility.  Hence, remove all the redundant "case '?':" lines.

Prompted by dlg@.  With help from dlg@ and millert@.

Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2

ok naddy@ millert@ dlg@

OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
2022-12-09 11:36:12 +11:00
dtucker@openbsd.org
9a067e8d28
upstream: Fix comment typo.
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
2022-12-09 11:24:14 +11:00
Darren Tucker
ce3c3e78ce
Add SANDBOX_DEBUG to the kitchensink test build. 2022-12-07 18:58:25 +11:00
Damien Miller
bc234605fa
disable SANDBOX_SECCOMP_FILTER_DEBUG
It was mistakenly enabled in 2580916e48

Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
2022-12-07 18:38:25 +11:00
Rose
b087c5cfa0
Update autotools
Regenerate config files using latest autotools
2022-12-06 12:23:08 +11:00
Darren Tucker
d63f549497
Fix typo in comment. Spotted by tim@ 2022-12-06 12:22:36 +11:00
dtucker@openbsd.org
73dcca1211
upstream: Remove duplicate includes.
Patch from AtariDreams via github PR#364.

OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
2022-12-04 22:40:04 +11:00
djm@openbsd.org
3cec155430
upstream: make struct sshbuf private
and remove an unused field; ok dtucker

OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
2022-12-04 22:39:42 +11:00
Darren Tucker
5796bf8ca9
Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
2022-12-02 11:55:08 +11:00
dtucker@openbsd.org
ccf5a13868
upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
2022-12-02 11:51:18 +11:00
dtucker@openbsd.org
7a8b40cf6a
upstream: Log output of ssh-agent and ssh-add
This should  make debugging easier.

OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
2022-12-02 11:51:02 +11:00
dtucker@openbsd.org
4a1805d532
upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
2022-11-30 12:16:14 +11:00
djm@openbsd.org
815c470493
upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@

OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
2022-11-30 12:16:10 +11:00
djm@openbsd.org
f7cebbbf40
upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.

feedback deraadt@ dtucker@; tested in snaps for a while

OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
2022-11-30 12:16:08 +11:00
mbuhl@openbsd.org
d323f7ecf5
upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm

OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
2022-11-30 12:13:55 +11:00
Darren Tucker
62cc33e6ee
Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519.  On those
versions, use -fzero-call-used-regs=used instead.  (We may add exceptions
later if specific versions prove to be OK).  Also move the GCC version
check to match.

Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com).  bz#3475, ok djm@
2022-11-30 11:45:07 +11:00
Darren Tucker
f84b9cffd5
Skip unit tests on slow riscv64 hardware. 2022-11-28 22:39:25 +11:00
Darren Tucker
9f2747e0be
Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs).  This had
a few limitations:
 - multiple tests that ran on the same target (eg multiple build
   configs) were serialized on availability or that runner.
 - it needed manual balancing of VMs over host machines.

To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label.  This requires that
we distinguish between "host" and "target" for those.  Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.

This should improve test throughput.
2022-11-28 22:39:08 +11:00
Darren Tucker
d664ddaec8
Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
2022-11-27 12:19:37 +11:00
Darren Tucker
0fa16e952b
Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
2022-11-27 12:14:00 +11:00
Darren Tucker
e8857043af
Add "libvirt" label to dfly30. 2022-11-27 11:45:43 +11:00
Darren Tucker
9775473d84
Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
2022-11-27 11:20:35 +11:00
Darren Tucker
04fd00ceff
Remove unused self-hosted test targets. 2022-11-27 09:23:04 +11:00
Darren Tucker
c9d9fcad2a
Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
2022-11-27 09:16:15 +11:00
Darren Tucker
15a01cf15f
Add fallback for old platforms w/out MAP_ANON. 2022-11-23 13:24:53 +11:00
Darren Tucker
6b9bbbfe8b
If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
2022-11-23 13:24:50 +11:00
Darren Tucker
8926956f22
Add dfly62 test target. 2022-11-11 11:25:37 +11:00
dtucker@openbsd.org
650de7ecd3
upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@

OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
2022-11-11 11:24:46 +11:00
Darren Tucker
5372db7e79
Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.

ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
2022-11-10 12:44:51 +11:00
Darren Tucker
ca98d3f8c6
Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test.  See bz#3483 for details.
2022-11-09 20:59:20 +11:00
dtucker@openbsd.org
5ec4ebc254
upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.

OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
2022-11-09 20:43:58 +11:00
dtucker@openbsd.org
e6abafe9a6
upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.

OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
2022-11-09 20:43:35 +11:00
djm@openbsd.org
db2027a687
upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change

OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
2022-11-09 20:43:16 +11:00
djm@openbsd.org
1c2be7c200
upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
2022-11-09 20:41:32 +11:00
Darren Tucker
cf1a9852d7
Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use.  bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
2022-11-09 09:23:47 +11:00
Darren Tucker
dffa644801
Fix comment text. From emaste at freebsd.org. 2022-11-09 08:27:47 +11:00
Pierre Ossman
d9df5689c2
Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.

The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
2022-11-08 19:33:47 +11:00
Darren Tucker
419aa8a312
Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
2022-11-08 12:42:52 +11:00
Darren Tucker
a32c07cbb7
Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
2022-11-08 12:01:33 +11:00
Darren Tucker
2b40a7dfcd
Add valrind-5 test here too. 2022-11-08 11:03:31 +11:00
Darren Tucker
2ea03d1f6d
Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
2022-11-08 10:29:32 +11:00
Darren Tucker
4e316ff0f1
Split out rekey test since it runs the longest. 2022-11-08 10:29:32 +11:00
dtucker@openbsd.org
21625a6424
upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@

OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
2022-11-07 22:22:18 +11:00
dtucker@openbsd.org
747691604d
upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable.  ok djm@

OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
2022-11-07 22:22:15 +11:00
dtucker@openbsd.org
1d78d25653
upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@

OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
2022-11-07 22:22:06 +11:00
djm@openbsd.org
a00f59a645
upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.

from Ed Maste

OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
2022-11-07 15:43:13 +11:00
Darren Tucker
f58acaf8c7
Fix merge conflict. 2022-11-07 15:10:59 +11:00
Darren Tucker
162e574102
Branch-specific links for master status badges. 2022-11-07 15:07:33 +11:00