Commit Graph

9865 Commits

Author SHA1 Message Date
Darren Tucker
138c0d52cd Adapt custom_failed_login to new prototype.
Spotted by Kevin Brott.
2019-04-02 18:21:35 +11:00
Darren Tucker
a0ca4009ab Add includes.h for compat layer.
Should fix build on AIX 7.2.
2019-04-01 20:07:23 +11:00
Tim Rice
0099115178 Stop USL compilers for erroring with "integral constant expression expected" 2019-03-31 22:14:22 -07:00
Tim Rice
43f47ebbdd Only use O_NOFOLLOW in fchownat and fchmodat if defined 2019-03-31 19:22:19 -07:00
Jakub Jelen
342d6e5158 Adjust softhsm2 path on Fedora Linux for regress
The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so
2019-03-29 22:37:15 +11:00
Darren Tucker
f5abb05f8c Only use O_NOFOLLOW in utimensat if defined.
Fixes build on systems that don't have it (Solaris <=9)  Found by
Tom G. Christensen.
2019-03-28 09:26:14 +11:00
Corinna Vinschen
786cd4c183 drop old Cygwin considerations
- Cygwin supports non-DOS characters in filenames
- Cygwin does not support Windows XP anymore

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-28 09:23:46 +11:00
djm@openbsd.org
21da87f439 upstream: fix interaction between ClientAliveInterval and RekeyLimit
that could cause connection to close incorrectly; Report and patch from Jakub
Jelen in bz#2757; ok dtucker@ markus@

OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
2019-03-27 20:30:58 +11:00
djm@openbsd.org
4f0019a9af upstream: Fix authentication failures when "AuthenticationMethods
any" in a Match block overrides a more restrictive global default.

Spotted by jmc@, ok markus@

OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
2019-03-26 10:20:41 +11:00
djm@openbsd.org
d6e5def308 upstream: whitespace
OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07
2019-03-26 10:20:41 +11:00
dtucker@openbsd.org
26e0cef07b upstream: Expand comment to document rationale for default key
sizes. "seems worthwhile" deraadt.

OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
2019-03-26 10:20:22 +11:00
dtucker@openbsd.org
f47269ea67 upstream: Increase the default RSA key size to 3072 bits. Based on
the estimates from NIST Special Publication 800-57, 3k bits provides security
equivalent to 128 bits which is the smallest symmetric cipher we enable by
default. ok markus@ deraadt@

OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
2019-03-26 10:20:22 +11:00
jmc@openbsd.org
62949c5b37 upstream: full stop in the wrong place;
OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4
2019-03-26 10:20:22 +11:00
jmc@openbsd.org
1b1332b5bb upstream: benno helped me clean up the tcp forwarding section;
OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
2019-03-26 10:20:22 +11:00
markus@openbsd.org
2aee9a49f6 upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL
OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c
2019-03-26 10:20:22 +11:00
Darren Tucker
9edbd7821e Fix build when configured --without-openssl.
ok djm@
2019-03-14 10:17:28 +11:00
Darren Tucker
825ab32f0d On Cygwin run sshd as SYSTEM where possible.
Seteuid now creates user token using S4U.  We don't create a token
from scratch anymore, so we don't need the "Create a process token"
privilege.  The service can run under SYSTEM again...

...unless Cygwin is running on Windows Vista or Windows 7 in the
WOW64 32 bit emulation layer.  It turns out that WOW64 on these systems
didn't implement MsV1_0 S4U Logon so we still need the fallback
to NtCreateToken for these systems.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-03-14 08:51:17 +11:00
Darren Tucker
a212107bfd Replace alloca with xcalloc.
The latter checks for memory exhaustion and integer overflow and may be
at a less predictable place.  Sanity check by vinschen at redhat.com, ok
djm@
2019-03-13 10:49:16 +11:00
Darren Tucker
daa7505aad Use Cygwin-specific matching only for users+groups.
Patch from vinschen at redhat.com, updated a little by me.
2019-03-12 09:19:19 +11:00
dtucker@openbsd.org
fd10cf027b upstream: Move checks for lists of users or groups into their own
function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should be case-insensitive.  ok
djm@

OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e
2019-03-08 15:10:07 +11:00
dtucker@openbsd.org
ab5fee8eb6 upstream: Reset last-seen time when sending a keepalive. Prevents
sending two keepalives successively and prematurely terminating connection
when ClientAliveCount=1.  While there, collapse two similar tests into one.
ok markus@

OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd
2019-03-08 14:58:30 +11:00
naddy@openbsd.org
c13b74530f upstream: PKCS#11 support is no longer limited to RSA; ok benno@
kn@

OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
2019-03-08 14:58:30 +11:00
djm@openbsd.org
e9552d6043 upstream: in ssh_set_newkeys(), mention the direction that we're
keying in debug messages. Previously it would be difficult to tell which
direction it was talking about

OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d
2019-03-08 14:58:30 +11:00
djm@openbsd.org
76a24b3fa1 upstream: Fix two race conditions in sshd relating to SIGHUP:
1. Recently-forked child processes will briefly remain listening to
  listen_socks. If the main server sshd process completes its restart
  via execv() before these sockets are closed by the child processes
  then it can fail to listen at the desired addresses/ports and/or
  fail to restart.

2. When a SIGHUP is received, there may be forked child processes that
  are awaiting their reexecution state. If the main server sshd
  process restarts before passing this state, these child processes
  will yield errors and use a fallback path of reading the current
  sshd_config from the filesystem rather than use the one that sshd
  was started with.

To fix both of these cases, we reuse the startup_pipes that are shared
between the main server sshd and forked children. Previously this was
used solely to implement tracking of pre-auth child processes for
MaxStartups, but this extends the messaging over these pipes to include
a child->parent message that the parent process is safe to restart. This
message is sent from the child after it has completed its preliminaries:
closing listen_socks and receiving its reexec state.

bz#2953, reported by Michal Koutný; ok markus@ dtucker@

OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab
2019-03-01 13:34:00 +11:00
djm@openbsd.org
de817e9dfa upstream: mention PKCS11Provide=none, reword a little and remove
mention of RSA keys only (since we support ECDSA now and might support others
in the future). Inspired by Jakub Jelen via bz#2974

OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5
2019-03-01 13:21:29 +11:00
djm@openbsd.org
95a8058c1a upstream: let PKCS11Provider=none do what users expect
print PKCS11Provider instead of obsolete SmartcardDevice in config dump.

bz#2974 ok dtucker@

OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846
2019-03-01 13:21:29 +11:00
markus@openbsd.org
8e7bac35aa upstream: dup stdout/in for proxycommand=-, otherwise stdout might
be redirected to /dev/null; ok djm@

OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595
2019-03-01 13:21:29 +11:00
djm@openbsd.org
9b61130fbd upstream: openssh-7.9 accidentally reused the server's algorithm lists
in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
2019-02-24 10:51:46 +11:00
Corinna Vinschen
37638c7520 Cygwin: implement case-insensitive Unicode user and group name matching
The previous revert enabled case-insensitive user names again.  This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code.  Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22 15:22:53 +11:00
Darren Tucker
bed1d43698 Revert unintended parts of previous commit. 2019-02-22 15:21:21 +11:00
Corinna Vinschen
f02afa350a Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"
This reverts commit acc9b29486.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22 15:04:16 +11:00
Corinna Vinschen
4c55b67483 Add tags to .gitignore
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
2019-02-22 15:02:31 +11:00
djm@openbsd.org
625b62634c upstream: perform removal of agent-forwarding directory in forward
setup error path with user's privileged. This is a no-op as this code always
runs with user privilege now that we no longer support running sshd with
privilege separation disabled, but as long as the privsep skeleton is there
we should follow the rules.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

bz#2969 with patch from Erik Sjölund

OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
2019-02-22 14:38:38 +11:00
jmc@openbsd.org
d9ecfaba0b upstream: sync the description of ~/.ssh/config with djm's updated
description in ssh.1; issue pointed out by andreas kahari

ok dtucker djm

OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c
2019-02-22 14:38:38 +11:00
djm@openbsd.org
38e83e4f21 upstream: fix regression in r1.302 reported by naddy@ - only the first
public key from the agent was being attempted for use.

OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
2019-02-13 10:55:44 +11:00
djm@openbsd.org
5c68ea8da7 upstream: cleanup GSSAPI authentication context after completion of the
authmethod. Move function-static GSSAPI state to the client Authctxt
structure. Make static a bunch of functions that aren't used outside this
file.

Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@

OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
2019-02-11 20:48:16 +11:00
benno@openbsd.org
a8c807f195 upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11
interactive, so it can ask for the smartcards PIN. ok markus@

OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab
2019-02-11 20:26:16 +11:00
djm@openbsd.org
3d896c157c upstream: when checking that filenames sent by the server side
match what the client requested, be prepared to handle shell-style brace
alternations, e.g. "{foo,bar}".

"looks good to me" millert@ + in snaps for the last week courtesy
deraadt@

OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
2019-02-10 22:24:24 +11:00
djm@openbsd.org
318e4f8548 upstream: syslog when connection is dropped for attempting to run a
command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@

OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
2019-02-10 22:24:24 +11:00
Damien Miller
2ff2e19653 don't set $MAIL if UsePam=yes
PAM typically specifies the user environment if it's enabled, so don't
second guess. bz#2937; ok dtucker@
2019-02-08 14:53:35 +11:00
Damien Miller
03e92dd27d use same close logic for stderr as stdout
Avoids sending SIGPIPE to child processes after their parent exits
if they attempt to write to stderr.

Analysis and patch from JD Paul; patch reworked by Jakub Jelen and
myself. bz#2071; ok dtucker@
2019-02-08 14:50:36 +11:00
dtucker@openbsd.org
8c53d409ba upstream: Adapt code in the non-USE_PIPES codepath to the new packet
API. This code is not normally reachable since USE_PIPES is always defined.
bz#2961, patch from adrian.fita at gmail com.

OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a
2019-02-08 13:10:57 +11:00
djm@openbsd.org
7a7fdca78d upstream: fix NULL-deref crash in PKCS#11 code when attempting
login to a token requiring a PIN; reported by benno@ fix mostly by markus@

OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31
2019-02-05 11:45:38 +11:00
dtucker@openbsd.org
cac302a4b4 upstream: Remove obsolete "Protocol" from commented out examples. Patch
from samy.mahmoudi at gmail com.

OpenBSD-Commit-ID: 16aede33dae299725a03abdac5dcb4d73f5d0cbf
2019-02-04 15:01:38 +11:00
dtucker@openbsd.org
483b3b6385 upstream: Save connection timeout and restore for 2nd and
subsequent attempts, preventing them from having no timeout.  bz#2918, ok
djm@

OpenBSD-Commit-ID: 4977f1d0521d9b6bba0c9a20d3d226cefac48292
2019-02-01 18:55:11 +11:00
markus@openbsd.org
5f004620fd upstream: Add authors for public domain sntrup4591761 code;
confirmed by Daniel J. Bernstein

OpenBSD-Commit-ID: b4621f22b8b8ef13e063c852af5e54dbbfa413c1
2019-02-01 18:55:11 +11:00
jmc@openbsd.org
2c21b75a7b upstream: add -T to usage();
OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899
2019-02-01 18:55:11 +11:00
dtucker@openbsd.org
19a0f0529d upstream: The test sshd_config in in $OBJ.
OpenBSD-Regress-ID: 1e5d908a286d8e7de3a15a0020c8857f3a7c9172
2019-01-28 19:01:01 +11:00
dtucker@openbsd.org
8fe2544020 upstream: Remove leftover debugging.
OpenBSD-Regress-ID: 3d86c3d4867e46b35af3fd2ac8c96df0ffdcfeb9
2019-01-28 14:41:11 +11:00
dtucker@openbsd.org
e30d32364d upstream: Enable ssh-dss for the agent test. Disable it for the
certificate test.

OpenBSD-Regress-ID: 388c1e03e1def539d350f139b37d69f12334668d
2019-01-28 11:34:22 +11:00