Commit Graph

6289 Commits

Author SHA1 Message Date
Damien Miller
1ab6a51f9b - djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@
2010-06-26 10:02:24 +10:00
Damien Miller
383ffe6c5f - djm@cvs.openbsd.org 2010/06/25 23:10:30
[ssh.c]
     log the hostname and address that we connected to at LogLevel=verbose
     after authentication is successful to mitigate "phishing" attacks by
     servers with trusted keys that accept authentication silently and
     automatically before presenting fake password/passphrase prompts;
     "nice!" markus@
2010-06-26 10:02:03 +10:00
Damien Miller
bda3ecafca - djm@cvs.openbsd.org 2010/06/25 08:46:17
[auth1.c auth2-none.c]
     skip the initial check for access with an empty password when
     PermitEmptyPasswords=no; bz#1638; ok markus@
2010-06-26 10:01:33 +10:00
Damien Miller
8853ca5fc4 - djm@cvs.openbsd.org 2010/06/25 07:20:04
[channels.c session.c]
     bz#1750: fix requirement for /dev/null inside ChrootDirectory for
     internal-sftp accidentally introduced in r1.253 by removing the code
     that opens and dup /dev/null to stderr and modifying the channels code
     to read stderr but discard it instead; ok markus@
2010-06-26 10:00:14 +10:00
Damien Miller
232cfb1b1d - djm@cvs.openbsd.org 2010/06/25 07:14:46
[channels.c mux.c readconf.c readconf.h ssh.h]
     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
     forwards per direction; ok markus@ stevesk@
2010-06-26 09:50:30 +10:00
Damien Miller
d834d35834 - djm@cvs.openbsd.org 2010/06/23 02:59:02
[ssh-keygen.c]
     fix printing of extensions in v01 certificates that I broke in r1.190
2010-06-26 09:48:02 +10:00
Damien Miller
1b2b61e6f8 - djm@cvs.openbsd.org 2010/06/22 04:59:12
[session.c]
     include the user name on "subsystem request for ..." log messages;
     bz#1571; ok dtucker@
2010-06-26 09:47:43 +10:00
Damien Miller
0e76c5e502 - djm@cvs.openbsd.org 2010/06/22 04:54:30
[ssh-keyscan.c]
     replace verbose and overflow-prone Linebuf code with read_keyfile_line()
     based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
2010-06-26 09:39:59 +10:00
Damien Miller
48147d6801 - djm@cvs.openbsd.org 2010/06/22 04:49:47
[auth.c]
     queue auth debug messages for bad ownership or permissions on the user's
     keyfiles. These messages will be sent after the user has successfully
     authenticated (where our client will display them with LogLevel=debug).
2010-06-26 09:39:25 +10:00
Damien Miller
ba3420acd2 - djm@cvs.openbsd.org 2010/06/22 04:32:06
[ssh-keygen.c]
     standardise error messages when attempting to open private key
     files to include "progname: filename: error reason"
     bz#1783; ok dtucker@
2010-06-26 09:39:07 +10:00
Damien Miller
ab6de35140 - djm@cvs.openbsd.org 2010/06/22 04:22:59
[servconf.c sshd_config.5]
     expose some more sshd_config options inside Match blocks:
       AuthorizedKeysFile AuthorizedPrincipalsFile
       HostbasedUsesNameFromPacketOnly PermitTunnel
     bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
2010-06-26 09:38:45 +10:00
Damien Miller
495663165f - djm@cvs.openbsd.org 2010/06/18 04:43:08
[sftp-client.c]
     fix memory leak in do_realpath() error path; bz#1771, patch from
     anicka AT suse.cz
2010-06-26 09:38:23 +10:00
Damien Miller
7aa46ec393 - djm@cvs.openbsd.org 2010/06/18 03:16:03
[session.c]
     Missing check for chroot_director == "none" (we already checked against
     NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2010-06-26 09:37:57 +10:00
Damien Miller
99ac4e9546 - djm@cvs.openbsd.org 2010/06/18 00:58:39
[sftp.c]
     unbreak ls in working directories that contains globbing characters in
     their pathnames. bz#1655 reported by vgiffin AT apple.com
2010-06-26 09:36:58 +10:00
Damien Miller
c094d1e481 - djm@cvs.openbsd.org 2010/06/17 07:07:30
[mux.c]
     Correct sizing of object to be allocated by calloc(), replacing
     sizeof(state) with sizeof(*state). This worked by accident since
     the struct contained a single int at present, but could have broken
     in the future. patch from hyc AT symas.com
2010-06-26 09:36:34 +10:00
Damien Miller
4fe686d35f - markus@cvs.openbsd.org 2010/06/08 21:32:19
[ssh-pkcs11.c]
     check length of value returned  C_GetAttributValue for != 0
     from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
2010-06-26 09:36:10 +10:00
Damien Miller
2e77446a13 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/05/21 05:00:36
     [misc.c]
     colon() returns char*, so s/return (0)/return NULL/
2010-06-26 09:30:47 +10:00
Damien Miller
d82a260fdf - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
bz#1579; ok dtucker
2010-06-22 15:02:39 +10:00
Damien Miller
ea909791c5 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
rather than assuming that $CWD == $HOME. bz#1500, patch from
   timothy AT gelter.com
2010-06-18 11:09:24 +10:00
Tim Rice
b9ae4ec556 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
minires-devel package, and to add the reference to the libedit-devel
   package since CYgwin now provides libedit. Patch from Corinna Vinschen.
2010-06-17 11:11:44 -07:00
Damien Miller
d0e4a8e2e0 - djm@cvs.openbsd.org 2010/05/20 23:46:02
[PROTOCOL.certkeys auth-options.c ssh-keygen.c]
     Move the permit-* options to the non-critical "extensions" field for v01
     certificates. The logic is that if another implementation fails to
     implement them then the connection just loses features rather than fails
     outright.

     ok markus@
2010-05-21 14:58:32 +10:00
Damien Miller
84399555f0 - djm@cvs.openbsd.org 2010/05/20 11:25:26
[auth2-pubkey.c]
     fix logspam when key options (from="..." especially) deny non-matching
     keys; reported by henning@ also bz#1765; ok markus@ dtucker@
2010-05-21 14:58:12 +10:00
Damien Miller
388f6fc485 - markus@cvs.openbsd.org 2010/05/16 12:55:51
[PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
     mux support for remote forwarding with dynamic port allocation,
     use with
        LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
     feedback and ok djm@
2010-05-21 14:57:35 +10:00
Damien Miller
d530f5f471 - djm@cvs.openbsd.org 2010/05/14 23:29:23
[channels.c channels.h mux.c ssh.c]
     Pause the mux channel while waiting for reply from aynch callbacks.
     Prevents misordering of replies if new requests arrive while waiting.

     Extend channel open confirm callback to allow signalling failure
     conditions as well as success. Use this to 1) fix a memory leak, 2)
     start using the above pause mechanism and 3) delay sending a success/
     failure message on mux slave session open until we receive a reply from
     the server.

     motivated by and with feedback from markus@
2010-05-21 14:57:10 +10:00
Damien Miller
c6afb5f2c0 - djm@cvs.openbsd.org 2010/05/14 00:47:22
[ssh-add.c]
     check that the certificate matches the corresponding private key before
     grafting it on
2010-05-21 14:56:47 +10:00
Damien Miller
3b903827eb - djm@cvs.openbsd.org 2010/05/11 02:58:04
[auth-rsa.c]
     don't accept certificates marked as "cert-authority" here; ok markus@
2010-05-21 14:56:25 +10:00
Damien Miller
3bcce80b54 - djm@cvs.openbsd.org 2010/05/07 11:31:26
[regress/Makefile regress/cert-userkey.sh]
     regress tests for AuthorizedPrincipalsFile and "principals=" key option.
     feedback and ok markus@
2010-05-21 14:48:16 +10:00
Damien Miller
4b1ec8381b - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
   already. ok dtucker@
2010-05-12 17:49:59 +10:00
Darren Tucker
5b6d0d0eba - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
circular dependency problem on old or odd platforms.  From Tom Lane, ok
   djm@.
2010-05-12 16:51:38 +10:00
Damien Miller
81d3fc535b - jmc@cvs.openbsd.org 2010/05/07 12:49:17
[sshd_config.5]
     tweak previous;
2010-05-10 11:58:45 +10:00
Damien Miller
30da3447d2 - djm@cvs.openbsd.org 2010/05/07 11:30:30
[auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
     [key.c servconf.c servconf.h sshd.8 sshd_config.5]
     add some optional indirection to matching of principal names listed
     in certificates. Currently, a certificate must include the a user's name
     to be accepted for authentication. This change adds the ability to
     specify a list of certificate principal names that are acceptable.

     When authenticating using a CA trusted through ~/.ssh/authorized_keys,
     this adds a new principals="name1[,name2,...]" key option.

     For CAs listed through sshd_config's TrustedCAKeys option, a new config
     option "AuthorizedPrincipalsFile" specifies a per-user file containing
     the list of acceptable names.

     If either option is absent, the current behaviour of requiring the
     username to appear in principals continues to apply.

     These options are useful for role accounts, disjoint account namespaces
     and "user@realm"-style naming policies in certificates.

     feedback and ok markus@
2010-05-10 11:58:03 +10:00
Damien Miller
099fc1634e - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
[sftp.c]
     restore mput and mget which got lost in the tab-completion changes.
     found by Kenneth Whitaker, ok djm@
2010-05-10 11:56:50 +10:00
Damien Miller
2725c2193b - djm@cvs.openbsd.org 2010/05/01 02:50:50
[PROTOCOL.certkeys]
     typo; jmeltzer@
2010-05-10 11:56:14 +10:00
Damien Miller
79442c07c4 - djm@cvs.openbsd.org 2010/04/26 22:28:24
[sshconnect2.c]
     bz#1502: authctxt.success is declared as an int, but passed by
     reference to function that accepts sig_atomic_t*. Convert it to
     the latter; ok markus@ dtucker@
2010-05-10 11:55:38 +10:00
Damien Miller
bebbb7e8a5 - djm@cvs.openbsd.org 2010/04/23 22:48:31
[ssh-keygen.c]
     refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
     since we would refuse to use them anyway. bz#1516; ok dtucker@
2010-05-10 11:54:38 +10:00
Damien Miller
22a29880bb - djm@cvs.openbsd.org 2010/04/23 22:42:05
[session.c]
     set stderr to /dev/null for subsystems rather than just closing it.
     avoids hangs if a subsystem or shell initialisation writes to stderr.
     bz#1750; ok markus@
2010-05-10 11:53:54 +10:00
Damien Miller
85c50d7858 - djm@cvs.openbsd.org 2010/04/23 22:27:38
[mux.c]
     set "detach_close" flag when registering channel cleanup callbacks.
     This causes the channel to close normally when its fds close and
     hangs when terminating a mux slave using ~. bz#1758; ok markus@
2010-05-10 11:53:02 +10:00
Damien Miller
50af79b118 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/04/23 01:47:41
     [ssh-keygen.c]
     bz#1740: display a more helpful error message when $HOME is
     inaccessible while trying to create .ssh directory. Based on patch
     from jchadima AT redhat.com; ok dtucker@
2010-05-10 11:52:00 +10:00
Darren Tucker
9f8703b573 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
in the openssl install directory (some newer openssl versions do this on at
   least some amd64 platforms).
2010-04-23 11:12:06 +10:00
Darren Tucker
e25a9bd740 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
file.
2010-04-18 13:35:00 +10:00
Damien Miller
53f4bb6599 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/04/16 01:58:45
     [regress/cert-hostkey.sh regress/cert-userkey.sh]
     regression tests for v01 certificate format
     includes interop tests for v00 certs
2010-04-18 08:15:14 +10:00
Damien Miller
c617aa9ff5 - djm@cvs.openbsd.org 2010/04/16 21:14:27
[sshconnect.c]
     oops, %r => remote username, not %u
2010-04-18 08:08:20 +10:00
Damien Miller
1f181425e9 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
[ssh-keygen.1 ssh-keygen.c]
     tweak previous; ok djm
2010-04-18 08:08:03 +10:00
Damien Miller
c4eddee1b7 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2010/04/16 06:45:01
     [ssh_config.5]
     tweak previous; ok djm
2010-04-18 08:07:43 +10:00
Damien Miller
4e270b05dd - djm@cvs.openbsd.org 2010/04/16 01:47:26
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
     following changes:

     move the nonce field to the beginning of the certificate where it can
     better protect against chosen-prefix attacks on the signature hash

     Rename "constraints" field to "critical options"

     Add a new non-critical "extensions" field

     Add a serial number

     The older format is still support for authentication and cert generation
     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

     ok markus@
2010-04-16 15:56:21 +10:00
Damien Miller
031c9100df - markus@cvs.openbsd.org 2010/04/15 20:32:55
[ssh-pkcs11.c]
     retry lookup for private key if there's no matching key with CKA_SIGN
     attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
     ok djm@
2010-04-16 15:54:44 +10:00
Damien Miller
b1b17047e3 - djm@cvs.openbsd.org 2010/04/14 22:27:42
[ssh_config.5 sshconnect.c]
     expand %r => remote username in ssh_config:ProxyCommand;
     ok deraadt markus
2010-04-16 15:54:19 +10:00
Damien Miller
601a23c02c - djm@cvs.openbsd.org 2010/04/10 05:48:16
[mux.c]
     fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
2010-04-16 15:54:01 +10:00
Damien Miller
88680654ad - djm@cvs.openbsd.org 2010/04/10 02:10:56
[sshconnect2.c]
     show the key type that we are offering in debug(), helps distinguish
     between certs and plain keys as the path to the private key is usually
     the same.
2010-04-16 15:53:43 +10:00
Damien Miller
22c97f1539 - djm@cvs.openbsd.org 2010/04/10 02:08:44
[clientloop.c]
     bz#1698: kill channel when pty allocation requests fail. Fixed
     stuck client if the server refuses pty allocation.
     ok dtucker@ "think so" markus@
2010-04-16 15:53:23 +10:00