Commit Graph

102 Commits

Author SHA1 Message Date
djm@openbsd.org
2ab864010e upstream: SFTP protocol extension to allow the server to expand
~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
these paths, like scp in rcp mode does.

prompted by and much discussion deraadt@
ok markus@

OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
2021-08-10 12:47:46 +10:00
djm@openbsd.org
aae4b4d358 upstream: Allow argv_split() to optionally terminate tokenisation
when it encounters an unquoted comment.

Add some additional utility function for working with argument
vectors, since we'll be switching to using them to parse
ssh/sshd_config shortly.

ok markus@ as part of a larger diff; tested in snaps

OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
2021-06-08 17:12:51 +10:00
djm@openbsd.org
f64f8c00d1 upstream: allow ssh_config SetEnv to override $TERM, which is otherwise
handled specially by the protocol. Useful in ~/.ssh/config to set TERM to
something generic (e.g. "xterm" instead of "xterm-256color") for destinations
that lack terminfo entries. feedback and ok dtucker@

OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
2021-06-04 15:04:52 +10:00
djm@openbsd.org
31d8d231eb upstream: highly polished whitespace, mostly fixing spaces-for-tab
and bad indentation on continuation lines. Prompted by GHPR#185

OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
2021-04-03 17:23:02 +11:00
djm@openbsd.org
7fe141b96b upstream: needs FILE*; from Mike Frysinger
OpenBSD-Commit-ID: dddb3aa9cb5792eeeaa37a1af67b5a3f25ded41d
2021-03-03 19:43:59 +11:00
markus@openbsd.org
b696858a7f upstream: factor out opt_array_append; ok djm@
OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a
2021-02-17 15:03:41 +11:00
dtucker@openbsd.org
6d30673fed upstream: Change convtime() from returning long to returning int.
On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing.  bz#3250, ok djm@

OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
2021-01-11 15:04:12 +11:00
djm@openbsd.org
a34e14a5a0 upstream: move subprocess() from auth.c to misc.c
make privilege dropping optional but allow it via callbacks (to avoid
need to link uidswap.c everywhere)

add some other flags (keep environment, disable strict path safety check)
that make this more useful for client-side use.

feedback & ok markus@

OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
2020-12-22 15:43:59 +11:00
djm@openbsd.org
33313ebc1c upstream: Set the specified TOS/DSCP for interactive use prior to
TCP connect. The connection phase of the SSH session is time-sensitive (due
to server side login grace periods) and is frequently interactive (e.g.
entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.

ok dtucker@

OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
2020-11-27 13:21:16 +11:00
djm@openbsd.org
d5a0cd4fc4 upstream: when requesting a security key touch on stderr, inform the
user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
2020-11-09 09:39:22 +11:00
djm@openbsd.org
396d32f3a1 upstream: There are lots of place where we want to redirect stdin,
stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@

OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
2020-10-03 19:34:24 +10:00
dtucker@openbsd.org
712ac1efb6 upstream: Make dollar_expand variadic and pass a real va_list to
vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.

OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
2020-05-29 21:53:37 +10:00
dtucker@openbsd.org
4a1b46e6d0 upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side.  The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths.  This
would for example allow forwarding of Unix domain socket paths that change at
runtime.  bz#3140, ok djm@

OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
2020-05-29 15:46:47 +10:00
djm@openbsd.org
756c6f66ae upstream: add fmt_timeframe() (from bgpd) to format a time
interval in a human- friendly format. Switch copyright for this file from BSD
to MIT to make it easier to add Henning's copyright for this function. ok
markus@

OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
2020-05-27 10:13:58 +10:00
djm@openbsd.org
8075fccbd4 upstream: add xextendf() to extend a string with a format
(reallocating as necessary). ok aja@ as part of a larger diff

OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
2020-01-25 11:27:29 +11:00
dtucker@openbsd.org
3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
djm@openbsd.org
5d1c1590d7 upstream: dd API for performing one-shot notifications via tty or
SSH_ASKPASS

OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3
2019-11-13 10:15:46 +11:00
djm@openbsd.org
5485f8d50a upstream: move authorized_keys option parsing helpsers to misc.c
and make them public; ok markus@

OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03 18:39:31 +10:00
djm@openbsd.org
c72d78ccbe upstream: move skip_space() to misc.c and make it public; ok
markus@

OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
2019-09-03 18:39:31 +10:00
dtucker@openbsd.org
d05ea25567 upstream: Remove support for obsolete host/port syntax.
host/port was added in 2001 as an alternative to host:port syntax for
the benefit of IPv6 users.  These days there are establised standards
for this like [::1]:22 and the slash syntax is easily mistaken for CIDR
notation, which OpenSSH now supports for some things.  Remove the slash
notation from ListenAddress and PermitOpen.  bz#2335, patch from jjelen
at redhat.com, ok markus@

OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
2019-01-24 12:30:30 +11:00
djm@openbsd.org
0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
dtucker@openbsd.org
434b587afe upstream: Fix calculation of initial bandwidth limits. Account for
written bytes before the initial timer check so that the first buffer written
is accounted.  Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written.  This prevents an initial burst of traffic and provides a
more accurate bandwidth limit.  bz#2927, ok djm.

OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
2018-12-27 14:30:17 +11:00
djm@openbsd.org
2a35862e66 upstream: use path_absolute() for pathname checks; from Manoj Ampalam
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-11-16 14:37:33 +11:00
djm@openbsd.org
5eff5b858e upstream: Allow ssh_config IdentityAgent directive to accept
environment variable names as well as explicit paths. ok dtucker@

OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
2018-10-03 16:39:58 +10:00
dtucker@openbsd.org
73ddb25bae upstream: Remove uid checks from low port binds. Now that ssh
cannot be setuid and sshd always has privsep on, we can remove the uid checks
for low port binds and just let the system do the check. We leave a sanity
check for the !privsep case so long as the code is stil there.  with & ok
djm@

OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
2018-07-31 12:18:49 +10:00
djm@openbsd.org
7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
markus@openbsd.org
7f90635216 upstream: switch config file parsing to getline(3) as this avoids
static limits noted by gerhard@; ok dtucker@, djm@

OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
2018-06-07 04:34:05 +10:00
djm@openbsd.org
bf0fbf2b11 upstream: add valid-before="[time]" authorized_keys option. A
simple way of giving a key an expiry date. ok markus@

OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-14 18:55:32 +11:00
markus@openbsd.org
25cf9105b8 upstream commit
move subprocess() so scp/sftp do not need uidswap.o; ok
djm@

OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
2018-01-23 16:32:57 +11:00
dtucker@openbsd.org
609d96b3d5 upstream commit
Replace atoi and strtol conversions for integer arguments
to config keywords with a checking wrapper around strtonum.  This will
prevent and flag invalid and negative arguments to these keywords.  ok djm@

OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
2017-12-07 11:49:00 +11:00
dtucker@openbsd.org@openbsd.org
5db6fbf143 upstream commit
Add monotime_ts and monotime_tv that return monotonic
timespec and timeval respectively.  Replace calls to gettimeofday() in packet
timing with monotime_tv so that the callers will work over a clock step.
Should prevent integer overflow during clock steps reported by wangle6 at
huawei.com. "I like" markus@

OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
2017-11-28 12:01:49 +11:00
djm@openbsd.org
35eb33fb95 upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2017-10-25 12:26:13 +11:00
djm@openbsd.org
acf559e1cf upstream commit
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.

ListenAddress 0.0.0.0 rdomain 4

Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25 12:26:06 +11:00
djm@openbsd.org
b7548b12a6 upstream commit
Expose devices allocated for tun/tap forwarding.

At the client, the device may be obtained from a new %T expansion
for LocalCommand.

At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.

ok markus

Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23 16:14:30 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
djm@openbsd.org
b074c3c3f8 upstream commit
add a "quiet" flag to exited_cleanly() that supresses
errors about exit status (failure due to signal is still reported)

Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
2017-08-23 19:47:06 +10:00
djm@openbsd.org
de4ae07f12 upstream commit
Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.

feedback & ok dtucker@

Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
2017-08-23 19:47:06 +10:00
dtucker@openbsd.org
7fc4766ac7 upstream commit
On startup, check to see if sshd is already daemonized
and if so, skip the call to daemon() and do not rewrite the PidFile.  This
means that when sshd re-execs itself on SIGHUP the process ID will no longer
change.  Should address bz#2641.  ok djm@ markus@.

Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
2016-11-30 19:44:01 +11:00
dtucker@openbsd.org
1c4ef0b808 upstream commit
Factor out "can bind to low ports" check into its own function.  This will
make it easier for Portable to support platforms with permissions models
other than uid==0 (eg bz#2625).  ok djm@, "doesn't offend me too much"
deraadt@.

Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
2016-10-24 10:42:57 +11:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
guenther@openbsd.org
5bcc1e2769 upstream commit
Pull in <sys/time.h> for struct timeval

ok deraadt@

Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6
2016-08-29 11:20:28 +10:00
djm@openbsd.org
ed877ef653 upstream commit
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".

These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.

This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.

ok markus@

Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
2016-07-15 14:20:10 +10:00
djm@openbsd.org
0ccbd5eca0 upstream commit
don't record duplicate LocalForward and RemoteForward
 entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
 where the same forwards are added on the second pass through the
 configuration file. bz#2562; ok dtucker@

Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
2016-04-08 14:26:06 +10:00
dtucker@openbsd.org
b8d4eafe29 upstream commit
Improve precision of progressmeter for sftp and scp by
 storing sub-second timestamps.  Pointed out by mmcc@, ok deraadt@ markus@

Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
2016-03-04 15:12:19 +11:00
Damien Miller
7acefbbcbe - millert@cvs.openbsd.org 2014/07/15 15:54:14
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     [sshd_config.5 sshlogin.c]
     Add support for Unix domain socket forwarding.  A remote TCP port
     may be forwarded to a local Unix domain socket and vice versa or
     both ends may be a Unix domain socket.  This is a reimplementation
     of the streamlocal patches by William Ahern from:
         http://www.25thandclement.com/~william/projects/streamlocal.html
     OK djm@ markus@
2014-07-18 14:11:24 +10:00
Damien Miller
686c7d9ee6 - djm@cvs.openbsd.org 2014/05/02 03:27:54
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
     [misc.h poly1305.h ssh-pkcs11.c defines.h]
     revert __bounded change; it causes way more problems for portable than
     it solves; pointed out by dtucker@
2014-05-15 14:37:03 +10:00
Damien Miller
8885669139 - djm@cvs.openbsd.org 2014/04/20 02:30:25
[misc.c misc.h umac.c]
     use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
     strict-alignment architectures; reported by and ok stsp@
2014-04-20 13:33:19 +10:00
Damien Miller
4f40209aa4 - djm@cvs.openbsd.org 2014/03/26 04:55:35
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
     [misc.h poly1305.h ssh-pkcs11.c]
     use __bounded(...) attribute recently added to sys/cdefs.h instead of
     longform __attribute__(__bounded(...));

     for brevity and a warning free compilation with llvm/clang
2014-04-20 13:21:22 +10:00
Damien Miller
e9fc72edd6 - djm@cvs.openbsd.org 2013/10/14 23:28:23
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
     refactor client config code a little:
     add multistate option partsing to readconf.c, similar to servconf.c's
     existing code.
     move checking of options that accept "none" as an argument to readconf.c
     add a lowercase() function and use it instead of explicit tolower() in
     loops
     part of a larger diff that was ok markus@
2013-10-15 12:14:12 +11:00
Darren Tucker
b759c9c2ef - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
     channels.c sandbox-systrace.c]
     Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
     keepalives and rekeying will work properly over clock steps.  Suggested by
     markus@, "looks good" djm@.
2013-06-02 07:46:16 +10:00