Commit Graph

8925 Commits

Author SHA1 Message Date
Damien Miller
35ff70a04d sync contrib/ssh-copy-id with upstream 2017-10-01 10:01:25 +11:00
Damien Miller
290843b8ed update version in RPM spec files 2017-10-01 09:59:19 +11:00
Damien Miller
4e4e0bb223 update agent draft URL 2017-10-01 09:58:24 +11:00
djm@openbsd.org
e4a798f001 upstream commit
openssh-7.6; ok deraadt@

Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
2017-10-01 09:27:30 +11:00
jmc@openbsd.org
5fa1407e16 upstream commit
tweak EposeAuthinfo; diff from lars nooden

tweaked by sthen; ok djm dtucker

Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
2017-10-01 05:24:18 +11:00
Damien Miller
bba69c246f don't fatal ./configure for LibreSSL 2017-09-28 16:06:21 -07:00
Damien Miller
04dc070e8b abort in configure when only openssl-1.1.x found
We don't support openssl-1.1.x yet (see multiple threads on the
openssh-unix-dev@ mailing list for the reason), but previously
./configure would accept it and the compilation would subsequently
fail. This makes ./configure display an explicit error message and
abort.

ok dtucker@
2017-09-28 14:54:34 -07:00
Darren Tucker
74c1c3660a Check for and handle calloc(p, 0) = NULL.
On some platforms (AIX, maybe others) allocating zero bytes of memory
via the various *alloc functions returns NULL, which is permitted
by the standards.  Autoconf has some macros for detecting this (with
the exception of calloc for some reason) so use these and if necessary
activate shims for them.  ok djm@
2017-09-27 07:44:41 +10:00
markus@openbsd.org
6a9481258a upstream commit
test reverse dynamic forwarding with SOCKS

Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
2017-09-26 16:56:15 +10:00
Damien Miller
1b9f321605 sync missing changes in dynamic-forward.sh 2017-09-26 16:55:55 +10:00
Darren Tucker
44fc334c7a Add minimal strsignal for platforms without it. 2017-09-25 09:48:10 +10:00
djm@openbsd.org
218e6f98df upstream commit
fix inverted test on channel open failure path that
"upgraded" a transient failure into a fatal error; reported by sthen and also
seen by benno@; ok sthen@

Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
2017-09-24 23:46:12 +10:00
djm@openbsd.org
c704f641f7 upstream commit
write the correct buffer when tunnel forwarding; doesn't
matter on OpenBSD (they are the same) but does matter on portable where we
use an output filter to translate os-specific tun/tap headers

Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
2017-09-24 19:51:01 +10:00
djm@openbsd.org
55486f5cef upstream commit
fix tunnel forwarding problem introduced in refactor;
reported by stsp@ ok markus@

Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
2017-09-24 14:08:36 +10:00
markus@openbsd.org
609d7a66ce upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.

The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.

help and ok djm@

Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
2017-09-22 09:14:53 +10:00
dtucker@openbsd.org
36945fa103 upstream commit
Use strsignal in debug message instead of casting for the
benefit of portable where sig_atomic_t might not be int.  "much nicer"
deraadt@

Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
2017-09-22 09:14:53 +10:00
millert@openbsd.org
3e8d185af3 upstream commit
Use explicit_bzero() instead of bzero() before free() to
prevent the compiler from optimizing away the bzero() call.  OK djm@

Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
2017-09-22 09:14:53 +10:00
djm@openbsd.org
5b8da1f538 upstream commit
fix use-after-free in ~^Z escape handler path, introduced
in channels.c refactor; spotted by millert@ "makes sense" deraadt@

Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
2017-09-19 14:26:43 +10:00
dtucker@openbsd.org
a3839d8d2b upstream commit
Prevent type mismatch warning in debug on platforms where
sig_atomic_t != int.  ok djm@

Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
2017-09-19 14:26:43 +10:00
dtucker@openbsd.org
30484e5e5f upstream commit
Add braces missing after channels refactor.  ok markus@

Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
2017-09-19 14:26:43 +10:00
Damien Miller
b79569190b add freezero(3) replacement
ok dtucker@
2017-09-19 14:16:45 +10:00
Damien Miller
161af8f5ec move FORTIFY_SOURCE into hardening options group
It's still on by default, but now it's possible to turn it off using
--without-hardening. This is useful since it's known to cause problems
with some -fsanitize options. ok dtucker@
2017-09-19 10:22:33 +10:00
bluhm@openbsd.org
09eacf856e upstream commit
Print SKIPPED if sudo and doas configuration is missing.
Prevents that running the regression test with wrong environment is reported
as failure.  Keep the fatal there to avoid interfering with other setups for
portable ssh. OK dtucker@

Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
2017-09-18 14:13:02 +10:00
dtucker@openbsd.org
cdede10899 upstream commit
Remove obsolete privsep=no fallback test.

Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
2017-09-18 14:11:42 +10:00
dtucker@openbsd.org
ec218c105d upstream commit
Remove non-privsep test since disabling privsep is now
deprecated.

Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
2017-09-18 14:11:22 +10:00
dtucker@openbsd.org
239c57d5bc upstream commit
Don't call fatal from stop_sshd since it calls cleanup
which calls stop_sshd which will probably fail in the same way.  Instead,
just bail. Differentiate between sshd dying without cleanup and not shutting
down.

Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
2017-09-18 14:11:22 +10:00
djm@openbsd.org
aea59a0d9f upstream commit
Revert commitid: gJtIN6rRTS3CHy9b.

-------------
identify the case where SSHFP records are missing but other DNS RR
types are present and display a more useful error message for this
case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-------------

This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
are missing but the user already has the key in known_hosts

Spotted by dtucker@

Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
2017-09-14 14:33:06 +10:00
Damien Miller
871f1e4374 adapt portable to channels API changes 2017-09-12 18:01:35 +10:00
djm@openbsd.org
4ec0bb9f9a upstream commit
unused variable

Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
2017-09-12 17:57:11 +10:00
djm@openbsd.org
9145a73ce2 upstream commit
fix tun/tap forwarding case in previous

Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
2017-09-12 17:37:03 +10:00
djm@openbsd.org
9f53229c2a upstream commit
Make remote channel ID a u_int

Previously we tracked the remote channel IDs in an int, but this is
strictly incorrect: the wire protocol uses uint32 and there is nothing
in-principle stopping a SSH implementation from sending, say, 0xffff0000.

In practice everyone numbers their channels sequentially, so this has
never been a problem.

ok markus@

Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
2017-09-12 17:37:03 +10:00
djm@openbsd.org
dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org
abd59663df upstream commit
typo in comment

Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
2017-09-12 16:42:20 +10:00
jmc@openbsd.org
149a8cd24c upstream commit
tweak previous;

Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
2017-09-12 16:42:20 +10:00
Damien Miller
ec9d22cc25 Fuzzer harnesses for sig verify and pubkey parsing
These are some basic clang libfuzzer harnesses for signature
verification and public key parsing. Some assembly (metaphorical)
required.
2017-09-08 12:44:13 +10:00
Damien Miller
de35c38289 Give configure ability to set CFLAGS/LDFLAGS later
Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
in particular santization and fuzzer options that break assumptions
about memory and file descriptor dispositions.

This adds two flags to configure --with-cflags-after and
--with-ldflags-after that allow specifying additional compiler and
linker options that are added to the resultant Makefiles but not
used in the configure run itself.

E.g.

env CC=clang-3.9 ./configure \
  --with-cflags-after=-fsantize=address \
  --with-ldflags-after="-g -fsanitize=address"
2017-09-08 12:38:31 +10:00
djm@openbsd.org
22376d27a3 upstream commit
Expand ssh_config's StrictModes option with two new
settings:

StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.

StrictModes=off is the same as StrictModes=no

Motivation:

StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.

Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.

At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.

bz#2400, suggested by Michael Samuel; ok markus

Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
2017-09-04 09:38:57 +10:00
jmc@openbsd.org
ff3c423840 upstream commit
remove blank line;

Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
2017-09-04 09:38:57 +10:00
djm@openbsd.org
b828605d51 upstream commit
identify the case where SSHFP records are missing but
other DNS RR types are present and display a more useful error message for
this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@

Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
2017-09-04 09:38:57 +10:00
djm@openbsd.org
8042bad97e upstream commit
document available AuthenticationMethods; bz#2453 ok
dtucker@

Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
2017-09-04 09:38:57 +10:00
djm@openbsd.org
71e5a536ec upstream commit
pass packet state down to some of the channels function
(more to come...); ok markus@

Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
2017-09-04 09:38:57 +10:00
jmc@openbsd.org
6227fe5b36 upstream commit
sort options;

Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
2017-09-04 09:38:57 +10:00
dlg@openbsd.org
530591a579 upstream commit
add a -q option to ssh-add to make it quiet on success.

if you want to silence ssh-add without this you generally redirect
the output to /dev/null, but that can hide error output which you
should see.

ok djm@

Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
2017-09-04 09:38:57 +10:00
dtucker@openbsd.org
a54eb27dd6 upstream commit
Increase the buffer sizes for user prompts to ensure that
they won't be truncated by snprintf.  Based on patch from cjwatson at
debian.org via bz#2768, ok djm@

Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
2017-09-04 09:38:57 +10:00
Darren Tucker
dd9d9b3381 Switch Capsicum header to sys/capsicum.h.
FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to
avoid future conflicts with POSIX capabilities (the last release that
didn't have it was 9.3) so switch to that.  Patch from des at des.no.
2017-08-28 16:48:27 +10:00
Darren Tucker
f5e917ab10 Add missing includes for bsd-err.c.
Patch from cjwatson at debian.org via bz#2767.
2017-08-27 08:55:40 +10:00
Damien Miller
878e029797 Split platform_sys_dir_uid into its own file
platform.o is too heavy for libssh.a use; it calls into the server on
many platforms. Move just the function needed by misc.c into its own
file.
2017-08-25 13:25:01 +10:00
Damien Miller
07949bfe91 misc.c needs functions from platform.c now 2017-08-23 20:13:18 +10:00
djm@openbsd.org
b074c3c3f8 upstream commit
add a "quiet" flag to exited_cleanly() that supresses
errors about exit status (failure due to signal is still reported)

Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
2017-08-23 19:47:06 +10:00
djm@openbsd.org
de4ae07f12 upstream commit
Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.

feedback & ok dtucker@

Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
2017-08-23 19:47:06 +10:00