Commit Graph

12358 Commits

Author SHA1 Message Date
Darren Tucker
204e0bf051
Make ssh-copy-id(1) consistent with OpenSSH.
This makes the ssh-copy-id man page more consistent with the rest of the
OpenSSH man pages:
- new sentence, new line
- no sentences >80
- N.B. -> NB
- zap unused .Pp
- zap trailing whitespace

Report from Debian via mindrot bz#3331, diff from jmc at openbsd.org.

SSH-Copy-ID-Upstream: d8974cfb6242316460ed22a1ccc662800a50c5d3
2023-05-25 18:24:55 +10:00
Philip Hands
9de79df66d
if -s & -p specified, mention 'sftp -P' on success
This was inspired by this:
 https://github.com/openssh/openssh-portable/pull/321
but I thought that it was better to not do the sed patching.

BTW the reason one can get away with using $SSH_OPTS throughout, despite
the lowercase -p in there, even if sftp is in use, is that the sftp call
is using the already-established ssh master connection, so the port was
passed to the earlier ssh.

SSH-Copy-ID-Upstream: 1c124d9bfafdbe28a00b683367ebf5750ce12eb2
2023-05-25 18:24:53 +10:00
Philip Hands
801cda54c0
drop whitespace
SSH-Copy-ID-Upstream: e604fae1cdee35c18055d35dcec530cf12ef00ad
2023-05-25 18:24:50 +10:00
Philip Hands
288482f536
make -x also apply to the target script
SSH-Copy-ID-Upstream: 3c4214704f427bd0654adf9b0fc079253db21cf4
2023-05-25 18:24:47 +10:00
Philip Hands
b79e7b88ed
add -t option to specify the target path
Allow the default target path (.ssh/authorized_files) to be over-riden

This was inspired by this MR from Panagiotis Cheilaris <philaris@cs.ntua.gr>

 https://gitlab.com/phil_hands/ssh-copy-id/-/merge_requests/8

SSH-Copy-ID-Upstream: a942a0e076874adb6d8b2f0fb76d6c7918190fcd
2023-05-25 18:24:45 +10:00
Carlos Rodríguez Gili
914f4ad138
Fix test error for /bin/sh on Solaris 10 and older
On Solaris 10 and older targets /bin/sh is not POSIX-compliant.
Test -z `...` fails with error 'sh: test: argument expected'.
Using quotes around backticks fixes this and doesn't break
POSIX compatibility.

SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065
2023-05-25 18:24:42 +10:00
Jakub Jelen
bd382dca31
Remove outdated comment
The commit b068122 removed the code dropping the trailing colon, but the comment stayed leaving the code confusing for future readers

SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6
2023-05-25 18:24:39 +10:00
Darren Tucker
bdcaf79390
Special case OpenWrt instead of Dropbear.
OpenWrt overrides the location of authorized_keys for root.  Currently we
assume that all Dropbear installations behave this way, which is not the
case.  Check for OpenWrt and root user before using that location instead
of assuming that for all Dropbear servers.  Prompted by Github PR#250.

SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d
2023-05-25 18:24:37 +10:00
Philip Hands
cf84498f67
ssh-copy-id: add -x option (for debugging)
This option causes the ssh-copy-id to run with set -x

SSH-Copy-ID-Upstream: a0ee367ea8c0a29c8b4515245e408d2d349e7844
2023-05-25 18:24:32 +10:00
Philip Hands
b4a1efdcb8
update copyright notices
SSH-Copy-ID-Upstream: c284ed33b361814ea48ff68cbd01ca525b2bf117
2023-05-25 18:24:25 +10:00
djm@openbsd.org
fcd78e31cd
upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand
appears previously in configuration. Reported by John Meyers in bz3574 ok
dtucker@

OpenBSD-Commit-ID: 1c92e4517284386703936e1d3abaa36cfacf1951
2023-05-25 09:42:00 +10:00
dtucker@openbsd.org
5ec5504f1d
upstream: Remove unused prototypes for ssh1 RSA functions.
From lengyijun via github PR#396.

OpenBSD-Commit-ID: 379a5afa8b7a0f3cba0c8a9bcceb4e5e33a5c1ef
2023-05-10 20:40:48 +10:00
Darren Tucker
fbf362b389
main(void) to prevent unused variable warning. 2023-05-09 19:26:56 +10:00
Darren Tucker
baf854c8bb
Remove warning pragma since clang doesn't like it. 2023-05-09 19:25:45 +10:00
Darren Tucker
5fbb7a1349
Suppress warning for snprintf truncation test. 2023-05-09 17:13:33 +10:00
Darren Tucker
47742c513e
Update OpenSSL compat test for 3.x. 2023-05-09 17:12:50 +10:00
Darren Tucker
86ad25d455
Add macos13 PAM test target. 2023-05-08 20:23:08 +10:00
Darren Tucker
77cca2c4b1
Skip agent-peereid test on macos13.
sudo -S nobody doesn't work on the github runners (probably a
permission issue) so skip that test.
2023-05-08 20:14:46 +10:00
Darren Tucker
b356b8e916
Include config.guess in debug output. 2023-05-08 20:14:28 +10:00
Darren Tucker
b7afd8a4ec
Handle OpenSSL >=3 ABI compatibility.
Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only
major must match instead of major and minor in earlier versions).
bz#3548, ok djm@
2023-05-08 20:12:59 +10:00
dtucker@openbsd.org
0e9e2663eb
upstream: Import regenerated moduli.
OpenBSD-Commit-ID: 3d5f811cfcaed8cc4a97e1db49ac61bdf118113c
2023-05-01 19:13:18 +10:00
Darren Tucker
d9687f4968
Add macos-13 test target.
Also flatten OS list for clarity.
2023-05-01 18:04:35 +10:00
djm@openbsd.org
aacfd67674
upstream: adjust ftruncate() logic to handle servers that reorder
requests.

sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.

Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@

prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778

OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b
2023-05-01 08:56:04 +10:00
djm@openbsd.org
c8eb394175
upstream: Check for ProxyJump=none in CanonicalizeHostname logic.
Previously ssh would incorrectly refuse to canonicalise the hostname
if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes

bz3567; ok dtucker

OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd
2023-04-26 14:38:21 +10:00
jsg@openbsd.org
ac383f3a5c
upstream: remove duplicate signal.h include
OpenBSD-Commit-ID: 30c0a34d74d91ddd0e6992525da70d3293392f70
2023-04-17 09:21:14 +10:00
jsg@openbsd.org
740dafa20f
upstream: fix double words ok dtucker@
OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489
2023-04-17 09:21:13 +10:00
Darren Tucker
6452f89577
Test against LibreSSL 3.7.2. 2023-04-11 16:49:19 +10:00
Damien Miller
2138f6be59
remove unused upper-case const strings in fmtfp
no float format that uses upper-case is supported nor are hex floats.
ok dtucker
2023-04-06 14:33:10 +10:00
djm@openbsd.org
484c5e6168
upstream: simplify sshsig_find_principals() similar to what happened to
sshsig_check_allowed_keys() in r1.31, removing some dead code

OpenBSD-Commit-ID: a493e628d4d6c08f878c276d998f4313ba61702d
2023-04-06 13:57:28 +10:00
djm@openbsd.org
3a7b110fbc
upstream: remove redundant ssh!=NULL check; we'd already
dereferenced it

OpenBSD-Commit-ID: 852bf12591ec5a9fb12dcbde9b1fd3945ad0df3c
2023-04-06 13:27:17 +10:00
djm@openbsd.org
2519110659
upstream: match_user() shouldn't be called with user==NULL unless
host and ipaddr are also NULL

OpenBSD-Commit-ID: fa3518346c21483e9e01a2e4b9436ae501daf8ea
2023-04-06 13:27:16 +10:00
djm@openbsd.org
3b9ceaad7a
upstream: don't care about glob() return value here.
OpenBSD-Commit-ID: 85bb82fea90478a482e9f65a1bec0aa24227fd66
2023-04-06 13:27:16 +10:00
dtucker@openbsd.org
09d8da0849
upstream: Move up null check and simplify process_escapes.
Based on Coverity CID 291863 which points out we check the channel
pointer for NULLness after dereferencing it.  Move this to the start
of the function, and while there simplify initialization of efc a bit.
ok djm@

OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a
2023-04-03 18:35:04 +10:00
Damien Miller
b36b162be5
need va_end() after va_copy(); ok dtucker
spotted by Coverity
2023-04-03 10:01:01 +10:00
dtucker@openbsd.org
f703757234
upstream: Explicitly ignore return from waitpid here too.
OpenBSD-Commit-ID: eef2403df083c61028969fc679ee370373eacacb
2023-03-31 17:01:01 +11:00
dtucker@openbsd.org
6b73aa2903
upstream: Explictly ignore return codes
where we don't check them.

OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740
2023-03-31 16:17:46 +11:00
dtucker@openbsd.org
6f0308a3e7
upstream: Return immediately from get_sock_port
if sock <0 so we don't call getsockname on a negative FD.  From Coverity
CID 291840, ok djm@

OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618
2023-03-31 16:17:22 +11:00
djm@openbsd.org
1c1124dc90
upstream: don't leak arg2 on parse_pubkey_algos error path; ok
dtucker@

OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75
2023-03-31 15:32:37 +11:00
djm@openbsd.org
8ba2d4764b
upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker
OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4
2023-03-31 15:32:37 +11:00
djm@openbsd.org
1883841fc1
upstream: don't print key if printing hostname failed; with/ok
dtucker@

OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3
2023-03-31 15:32:36 +11:00
djm@openbsd.org
c6011129ca
upstream: remove redundant test
OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c
2023-03-31 15:06:20 +11:00
djm@openbsd.org
4fb29eeafb
upstream: don't attempt to decode a ridiculous number of
attributes; harmless because of bounds elsewhere, but better to be explicit

OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2
2023-03-31 15:06:20 +11:00
djm@openbsd.org
fc437c154e
upstream: remove unused variable; prompted by Coverity CID 291879
OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40
2023-03-31 15:06:19 +11:00
dtucker@openbsd.org
0eb8131e4a
upstream: Check fd against >=0 instead of >0 in error path. The
dup could in theory return fd 0 although currently it doesn't in practice.
From Dmitry Belyavskiy vi github PR#238.

OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846
2023-03-31 15:06:19 +11:00
dtucker@openbsd.org
7174ba6f8a
upstream: Ignore return value from muxclient(). It normally loops
without returning, but it if returns on failure we immediately exit.
Coverity CID 405050.

OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295
2023-03-31 15:06:18 +11:00
Damien Miller
a4c1c2513e
don't call connect() on negative socket
Coverity CID 405037
2023-03-31 14:17:22 +11:00
djm@openbsd.org
34ee842cdd
upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file
is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted
by Coverity; with/ok dtucker@

OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650
2023-03-30 14:09:51 +11:00
dtucker@openbsd.org
f108e77a9d
upstream: Remove dead code from inside if block.
The only way the if statement can be true is if both dup()s fail, and
in that case the tmp2 can never be set. Coverity CID 291805, ok djm@

OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8
2023-03-30 14:09:37 +11:00
Darren Tucker
05b8e88ebe
child_set_eng: verify both env pointer and count.
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
2023-03-30 14:08:35 +11:00
dtucker@openbsd.org
28f1b8ef9b
upstream: Ignore return from sshpkt_disconnect
since we set our own return value for the function.  Coverity CID 291797,
ok djm@

OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04
2023-03-29 12:33:32 +11:00