Commit Graph

12012 Commits

Author SHA1 Message Date
Darren Tucker
85e1a69243
Add cygwin-release test target.
This also moves the cygwin package install from the workflow file to
setup_ci.sh so that we can install different sets of Cygwin packages
for different test configs.
2022-08-26 19:22:25 +10:00
djm@openbsd.org
92382dbe8b
upstream: whitespace
OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8
2022-08-26 18:17:57 +10:00
djm@openbsd.org
70a5de0a50
upstream: whitespace
OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538
2022-08-26 18:14:02 +10:00
Damien Miller
3a683a19fd
initial list of allowed signers 2022-08-26 14:23:55 +10:00
Darren Tucker
6851f4b8c3 Install Cygwin packages based on OS not config. 2022-08-19 17:22:18 +10:00
djm@openbsd.org
f964809068 upstream: attemp FIDO key signing without PIN and use the error
code returned to fall back only if necessary. Avoids PIN prompts for FIDO
tokens that don't require them; part of GHPR#302

OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e
2022-08-19 16:34:06 +10:00
djm@openbsd.org
5453333b5d upstream: remove incorrect check that can break enrolling a
resident key (introduced in r1.40)

OpenBSD-Commit-ID: 4cab364d518470e29e624af3d3f9ffa9c92b6f01
2022-08-19 16:34:06 +10:00
dtucker@openbsd.org
ff89b1bed8 upstream: Strictly enforce the maximum allowed SSH2 banner size in
ssh-keyscan and prevent a one-byte buffer overflow.  Patch from Qualys, ok
djm@

OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4
2022-08-19 16:34:06 +10:00
Darren Tucker
1b470b9036 Fix cygwin conditional steps. 2022-08-19 15:19:19 +10:00
Darren Tucker
fd6ee741ab Add a bit more debug output. 2022-08-19 15:12:57 +10:00
Darren Tucker
a9305c4c73 Add Cygwin (on windows-2019) test target.
In addition to installing the requisite Cygwin packages, we also need to
explicitly invoke "sh" for steps that run other scripts since the runner
environment doesn't understand #! paths.
2022-08-19 15:08:57 +10:00
djm@openbsd.org
5062ad4881 upstream: double free() in error path; from Eusgor via GHPR333
OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4
2022-08-19 13:13:53 +10:00
Darren Tucker
5a5c580b48 Check for perms to run agent-getpeereid test.
Ubuntu 22.04 defaults to private home dirs which prevents "nobody"
running ssh-add during the agent-getpeereid test.  Check for this and
add the necessary permissions.
2022-08-18 21:36:39 +10:00
Damien Miller
cd06a76b7c on Cygwin, prefer WinHello FIDO device
If no FIDO device was explictly specified, then prefer the
windows://hello FIDO device. An exception to this is when
probing resident FIDO keys, in which case hardware FIDO
devices are preferred.
2022-08-17 16:04:16 +10:00
djm@openbsd.org
47f72f534a upstream: add an extra flag to sk_probe() to indicate whether we're
probing for a FIDO resident key or not. Unused here, but will make like
easier for portable

OpenBSD-Commit-ID: 432c8ff70e270378df9dbceb9bdeaa5b43b5a832
2022-08-17 16:03:01 +10:00
jmc@openbsd.org
edb0bcb3c7 upstream: use .Cm for "sign"; from josiah frentsos
OpenBSD-Commit-ID: 7f80a53d54857ac6ae49ea6ad93c5bd12231d1e4
2022-08-17 16:03:01 +10:00
Corinna Vinschen
cccb011e13 Revert "check_sk_options: add temporary WinHello workaround"
Cygwin now comes with libfido2 1.11.0, so this workaround
isn't required anymore.

This reverts commit 242c044ab1.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-12 15:34:47 +10:00
Corinna Vinschen
9468cd7cf9 fido_dev_is_winhello: return 0, not "false"
"false" is not used anywhere in OpenSSH, so return 0 like
everywhere else.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-12 15:34:01 +10:00
djm@openbsd.org
730a806094 upstream: sftp-server: support home-directory request
Add support to the sftp-server for the home-directory extension defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
existing expand-path@openssh.com, but uses a more official protocol name,
and so is a bit more likely to be implemented by non-OpenSSH clients.

From Mike Frysinger, ok dtucker@

OpenBSD-Commit-ID: bfc580d05cc0c817831ae7ecbac4a481c23566ab
2022-08-12 15:22:37 +10:00
Darren Tucker
5e820bf79c Replace deprecated ubuntu-18.04 runners with 22.04 2022-08-12 14:56:55 +10:00
Darren Tucker
87b0d9c1b7 Add a timegm implementation from Heimdal via Samba.
Fixes build on (at least Solaris 10).
2022-08-11 22:51:10 +10:00
Darren Tucker
d0c4fa5859 Rerun tests if any .github config file changes. 2022-08-11 14:23:58 +10:00
Darren Tucker
113fe6c77a Skip hostbased during Valgrind tests.
Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip
it during the Valgrind based tests.

See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this
(ironically there the problematic binary was ssh(1) back when it could
still be setuid).
2022-08-11 13:50:05 +10:00
djm@openbsd.org
b98a42afb6 upstream: add some tests for parse_absolute_time(), including cases
where it is forced to the UTC timezone. bz3468 ok dtucker

OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759
2022-08-11 12:01:50 +10:00
djm@openbsd.org
ec1ddb72a1 upstream: allow certificate validity intervals, sshsig verification
times and authorized_keys expiry-time options to accept dates in the UTC time
zone in addition to the default of interpreting them in the system time zone.
YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
suffixed with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow.

bz3468 ok dtucker

OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13
2022-08-11 12:00:49 +10:00
Darren Tucker
4df246ec75 Fix conditional for running hostbased tests. 2022-08-11 10:24:56 +10:00
Damien Miller
2580916e48 fix SANDBOX_SECCOMP_FILTER_DEBUG 2022-08-11 08:58:28 +10:00
Darren Tucker
fdbd5bf507 Test hostbased auth on github runners. 2022-08-10 17:37:58 +10:00
Darren Tucker
7e2f51940b Rename our getentropy to prevent possible loops.
Since arc4random seeds from getentropy, and we use OpenSSL for that
if enabled, there's the possibility that if we build on a system that
does not have getentropy then run on a system that does have it, then
OpenSSL could end up calling our getentropy and getting stuck in a loop.
Pointed out by deraadt@, ok djm@
2022-08-10 17:36:44 +10:00
Darren Tucker
7a01f61be8 Actually put HAVE_STDINT_H around the stdint.h. 2022-08-08 12:17:04 +10:00
Darren Tucker
73541f29f0 Give unused param a name.
Fixes builds on platforms that do have fido2 but don't have
fido_dev_is_winhello.
2022-08-08 10:32:27 +10:00
djm@openbsd.org
2a108c0ea9 upstream: don't prompt for FIDO passphrase before attempting to enroll
the credential, just let the enroll operating fail and we'll attempt to get a
PIN anyway. Might avoid some unneccessary PIN prompts.

Part of GHPR#302 from Corinna Vinschen; ok dtucker@

OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2
2022-08-05 15:03:40 +10:00
Corinna Vinschen
2886975c0a sk_sign: set FIDO2 uv attribute explicitely for WinHello
WinHello via libfido2 performs user verification by default.
However, if we stick to that, there's no way to differentiate
between keys created with or without "-O  verify-required".
Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check
if user verification has been requested.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-05 14:44:03 +10:00
Corinna Vinschen
242c044ab1 check_sk_options: add temporary WinHello workaround
Up to libfido 1.10.0, WinHello advertises "clientPin" rather
than "uv" capability.  This is fixed in 1.11.0.  For the time
being, workaround it here.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-05 14:42:10 +10:00
Corinna Vinschen
78774c08cc compat code for fido_dev_is_winhello()
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2022-08-05 14:39:05 +10:00
Darren Tucker
3d3a932a01 Factor out getrnd() and rename to getentropy().
Factor out the arc4random seeding into its own file and change the
interface to match getentropy.  Use native getentropy if available.
This will make it easier to resync OpenBSD changes to arc4random.
Prompted by bz#3467, ok djm@.
2022-08-05 13:12:27 +10:00
Darren Tucker
9385d277b7 Include CHANNEL and FIDO2 libs in configure output 2022-08-04 22:02:04 +10:00
djm@openbsd.org
141535b904 upstream: avoid double-free in error path introduced in r1.70; report
and fix based on GHPR#332 by v-rzh ok dtucker@

OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f
2022-08-01 21:11:33 +10:00
Darren Tucker
dba7099ffc Remove deprecated MacOS 10.15 runners. 2022-07-27 18:40:12 +10:00
Darren Tucker
722a56439a Move stale-configure check as early as possible.
We added a check in Makefile to catch the case where configure needs to
be rebuilt, however this did not happen until a build was attempted in
which case all of the work done by configure was wasted.  Move this check
 to the start of configure to catch it as early as possible.  ok djm@
2022-07-27 18:31:14 +10:00
Darren Tucker
099d6b5628 Move libcrypto into CHANNELLIBS.
This will result in sftp, sftp-server and scp no longer being linked
against libcrypto.  ok djm@
2022-07-27 16:22:39 +10:00
Darren Tucker
1bdf86725b Remove seed_rng calls from scp, sftp, sftp-server.
These binaries don't use OpenSSL's random functions.  The next step
will be to stop linking them against libcrypto.  ok djm@
2022-07-27 16:22:30 +10:00
Darren Tucker
d73f77b8cb Group libcrypto and PRNGD checks together.
They're related more than the libcrypt or libiaf checks which are
currently between them.  ok djm@
2022-07-27 16:22:12 +10:00
Darren Tucker
f117e372b3 Do not link scp, sftp and sftp-server w/ zlib.
Some of our binaries (eg sftp, sftp-server, scp) do not interact with
the channels code and thus do use libraries such as zlib and libcrypto
although they are linked with them.  This adds a CHANNELLIBS and starts
by moving zlib into it, which means the aformentioned binaries are no
longer linked against zlib.  ok djm@
2022-07-27 16:22:03 +10:00
Darren Tucker
800c2483e6 Remove workarounds for OpenSSL missing AES-CTR.
We have some compatibility hacks that were added to support OpenSSL
versions that do not support AES CTR mode.  Since that time, however,
the minimum OpenSSL version that we support has moved to 1.0.1 which
*does* have CTR, so this is no longer needed.  ok djm@
2022-07-25 21:49:04 +10:00
Darren Tucker
b7c56b65c1 Remove workarounds for OpenSSL missing AES-GCM.
We have some compatibility hacks that were added to support OpenSSL
versions that do not support AES GCM mode.  Since that time, however,
the minimum OpenSSL version that we support has moved to 1.0.1 which
*does* have GCM, so this is no longer needed.  ok djm@
2022-07-25 21:43:00 +10:00
dtucker@openbsd.org
5a4a9f7a96 upstream: Restore missing "!" in TEST_SSH_ELAPSED_TIMES test.
OpenBSD-Regress-ID: 38783f9676ec348c5a792caecee9a16e354b37b0
2022-07-25 17:33:44 +10:00
dtucker@openbsd.org
0ff886be13 upstream: Test TEST_SSH_ELAPSED_TIMES for empty string not
executable.  No-op on most platforms but should prevent warnings in -portable
on systems that don't have 'date %s'.

OpenBSD-Regress-ID: e39d79867b8065e33d0c5926fa1a31f85659d2a4
2022-07-25 11:05:27 +10:00
Darren Tucker
f69319ad8a Convert "have_prog" function into "which".
"which" and its behaviour is not standardized, so convert the existing
have_prog function into "which" so we can rely on it being available
and what its semantics are.  Add a have_prog wrapper that maintains the
existing behaviour.
2022-07-23 14:40:49 +10:00
Darren Tucker
ea7ecc2c3a Skip scp3 test if there's no scp on remote path.
scp -3 ends up using the scp that's in the remote path and will fail if
one is not available.  Based on a patch from rapier at psc.edu.
2022-07-23 14:36:38 +10:00