Commit Graph

6418 Commits

Author SHA1 Message Date
Darren Tucker
f279474f1b - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
[moduli.5]
     "Diffie-Hellman" is the usual spelling for the cryptographic protocol
     first published by Whitfield Diffie and Martin Hellman in 1976.
     ok jmc@
2011-08-07 23:10:11 +10:00
Darren Tucker
578451ddda - (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2008/06/26 06:59:39
     [moduli.5]
     tweak previous;
2011-08-07 23:09:20 +10:00
Damien Miller
765f8c4eff - djm@cvs.openbsd.org 2011/08/02 23:15:03
[ssh.c]
     typo in comment
2011-08-06 06:18:16 +10:00
Damien Miller
c471860d25 - djm@cvs.openbsd.org 2011/08/02 23:13:01
[version.h]
     crank now, release later
2011-08-06 06:17:48 +10:00
Damien Miller
20bd4535c0 - djm@cvs.openbsd.org 2011/08/02 01:22:11
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     Add new SHA256 and SHA512 based HMAC modes from
     http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
     Patch from mdb AT juniper.net; feedback and ok markus@
2011-08-06 06:17:30 +10:00
Damien Miller
adb467fb69 - markus@cvs.openbsd.org 2011/08/01 19:18:15
[gss-serv.c]
     prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
     report Adam Zabrock; ok djm@, deraadt@
2011-08-06 06:16:46 +10:00
Damien Miller
35e48198a8 - djm@cvs.openbsd.org 2011/07/29 14:42:45
[sandbox-systrace.c]
     fail open(2) with EPERM rather than SIGKILLing the whole process. libc
     will call open() to do strerror() when NLS is enabled;
     feedback and ok markus@
2011-08-06 06:16:23 +10:00
Damien Miller
6ea5e44871 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
[authfd.c]
     bzero the agent address.  the kernel was for a while very cranky about
     these things.  evne though that's fixed, always good to initialize
     memory.  ok deraadt djm
2011-08-06 06:16:00 +10:00
Damien Miller
7741ce8bd2 - djm@cvs.openbsd.org 2011/06/23 23:35:42
[monitor.c]
     ignore EINTR errors from poll()
2011-08-06 06:15:15 +10:00
Damien Miller
cd5e52ee78 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
   markus@
2011-06-27 07:18:18 +10:00
Damien Miller
dcbd41e7af - djm@cvs.openbsd.org 2011/06/23 09:34:13
[sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
     [sandbox-null.c]
     rename sandbox.h => ssh-sandbox.h to make things easier for portable
2011-06-23 19:45:51 +10:00
Damien Miller
80b62e3738 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
setrlimit(2)
2011-06-23 19:03:18 +10:00
Damien Miller
6d7b4377dd - djm@cvs.openbsd.org 2011/06/22 22:08:42
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
     hook up a channel confirm callback to warn the user then requested X11
     forwarding was refused by the server; ok markus@
2011-06-23 08:31:57 +10:00
Damien Miller
69ff1df952 - djm@cvs.openbsd.org 2011/06/22 21:57:01
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).

     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.

     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.

     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.

     feedback dtucker@; ok markus@
2011-06-23 08:30:03 +10:00
Damien Miller
82c558761d - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/06/22 21:47:28
     [servconf.c]
     reuse the multistate option arrays to pretty-print options for "sshd -T"
2011-06-23 08:20:30 +10:00
Damien Miller
4ac99c366c - djm@cvs.openbsd.org 2011/06/17 21:57:25
[clientloop.c]
     setproctitle for a mux master that has been gracefully stopped;
     bz#1911 from Bert.Wesarg AT googlemail.com
2011-06-20 14:43:31 +10:00
Damien Miller
33322127ec - djm@cvs.openbsd.org 2011/06/17 21:47:35
[servconf.c]
     factor out multi-choice option parsing into a parse_multistate label
     and some support structures; ok dtucker@
2011-06-20 14:43:11 +10:00
Damien Miller
f145a5be1c - djm@cvs.openbsd.org 2011/06/17 21:46:16
[sftp-server.c]
     the protocol version should be unsigned; bz#1913 reported by mb AT
     smartftp.com
2011-06-20 14:42:51 +10:00
Damien Miller
8f0bf237d4 - djm@cvs.openbsd.org 2011/06/17 21:44:31
[log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
     make the pre-auth privsep slave log via a socketpair shared with the
     monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
2011-06-20 14:42:23 +10:00
Damien Miller
e7ac2bd42a - markus@cvs.openbsd.org 2011/06/14 22:49:18
[authfile.c]
     make sure key_parse_public/private_rsa1() no longer consumes its input
     buffer.  fixes ssh-add for passphrase-protected ssh1-keys;
     noted by naddy@; ok djm@
2011-06-20 14:23:25 +10:00
Damien Miller
6029e076b2 - djm@cvs.openbsd.org 2011/06/04 00:10:26
[ssh_config.5]
     explain IdentifyFile's semantics a little better, prompted by bz#1898
     ok dtucker jmc
2011-06-20 14:22:49 +10:00
Tim Rice
bc481570d1 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. 2011-06-02 22:26:19 -07:00
Darren Tucker
bf4d05a37c - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
[regress/dynamic-forward.sh]
     Retry establishing the port forwarding after a small delay, should make
     the tests less flaky when the previous test is slow to shut down and free
     up the port.
2011-06-03 14:19:02 +10:00
Darren Tucker
75e035c34e - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
[regress/dynamic-forward.sh]
     work around startup and teardown races; caught by deraadt
2011-06-03 14:18:17 +10:00
Darren Tucker
260c8fbc4d - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
[regress/dynamic-forward.sh]
     back out revs 1.6 and 1.5 since it's not reliable
2011-06-03 14:17:27 +10:00
Darren Tucker
3e78a516a0 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
[ssh-agent.c]
     Check current parent process ID against saved one to determine if the parent
     has exited, rather than attempting to send a zero signal, since the latter
     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
     Gillmor, ok djm@
2011-06-03 14:14:16 +10:00
Damien Miller
c09182f613 - (djm) [configure.ac] enable setproctitle emulation for OS X 2011-06-03 12:11:38 +10:00
Damien Miller
ea2c1a4dc6 - djm@cvs.openbsd.org 2011/06/03 00:54:38
[ssh.c]
    bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
    AT googlemail.com; ok dtucker@
    NB. includes additional portability code to enable setproctitle emulation
    on platforms that don't support it.
2011-06-03 12:10:22 +10:00
Darren Tucker
c3c7227ccc add missing changelog entry 2011-06-03 11:20:06 +10:00
Darren Tucker
dd9e0385ab Remove the !HAVE_SOCKETPAIR case. We use socketpair unconditionally in other
places and the survey data we have does not show any systems that use it.
"nuke it" djm@
2011-06-03 11:17:52 +10:00
Tim Rice
90f42b0705 - (tim) [configure.ac defines.h] Run test program to detect system mail
directory. Add --with-maildir option to override. Fixed OpenServer 6
   getting it wrong. Fixed many systems having MAIL=/var/mail//username
   ok dtucker
2011-06-02 18:17:49 -07:00
Darren Tucker
c412c1567b - (dtucker) [README version.h contrib/caldera/openssh.spec
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
   bumps from the 5.8p2 branch into HEAD.  ok djm.
2011-06-03 10:35:23 +10:00
Damien Miller
8cb3587336 - djm@cvs.openbsd.org 2011/05/23 03:31:31
[regress/cfgmatch.sh]
     include testing of multiple/overridden AuthorizedKeysFiles
     refactor to simply daemon start/stop and get rid of racy constructs
2011-05-29 21:59:10 +10:00
Damien Miller
295ee63ab2 - djm@cvs.openbsd.org 2011/05/24 07:15:47
[readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
     Remove undocumented legacy options UserKnownHostsFile2 and
     GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
     accept multiple paths per line and making their defaults include
     known_hosts2; ok markus
2011-05-29 21:42:31 +10:00
Damien Miller
04bb56ef10 - djm@cvs.openbsd.org 2011/05/23 07:24:57
[authfile.c]
     read in key comments for v.2 keys (though note that these are not
     passed over the agent protocol); bz#439, based on patch from binder
     AT arago.de; ok markus@
2011-05-29 21:42:08 +10:00
Damien Miller
b9132fc427 - jmc@cvs.openbsd.org 2011/05/23 07:10:21
[sshd.8 sshd_config.5]
     tweak previous; ok djm
2011-05-29 21:41:40 +10:00
Damien Miller
201f425d29 - djm@cvs.openbsd.org 2011/05/23 03:52:55
[sshconnect.c]
     remove extra newline
2011-05-29 21:41:03 +10:00
Damien Miller
1dd66e5f74 - djm@cvs.openbsd.org 2011/05/23 03:33:38
[auth.c]
     make secure_filename() spam debug logs less
2011-05-29 21:40:42 +10:00
Damien Miller
d8478b6a9b OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/23 03:30:07
     [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
     allow AuthorizedKeysFile to specify multiple files, separated by spaces.
     Bring back authorized_keys2 as a default search path (to avoid breaking
     existing users of this file), but override this in sshd_config so it will
     be no longer used on fresh installs. Maybe in 2015 we can remove it
     entierly :)

     feedback and ok markus@ dtucker@
2011-05-29 21:39:36 +10:00
Damien Miller
acacced70b - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
[dynamic-forward.sh]
     fix dumb error in dynamic-forward test
2011-05-20 19:08:40 +10:00
Damien Miller
7b9451f382 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
[dynamic-forward.sh]
     Prevent races in dynamic forwarding test; ok djm
2011-05-20 19:08:11 +10:00
Damien Miller
3045b45a03 - djm@cvs.openbsd.org 2011/05/20 02:43:36
[cert-hostkey.sh]
     another attempt to generate a v00 ECDSA key that broke the test
     ID sync only - portable already had this somehow
2011-05-20 19:07:45 +10:00
Damien Miller
f67188fe13 - djm@cvs.openbsd.org 2011/05/17 07:13:31
[regress/cert-userkey.sh]
     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
     and fix the regress test that was trying to generate them :)
2011-05-20 19:06:48 +10:00
Damien Miller
f2e407e2dd - djm@cvs.openbsd.org 2011/05/20 03:25:45
[monitor.c monitor_wrap.c servconf.c servconf.h]
     use a macro to define which string options to copy between configs
     for Match. This avoids problems caused by forgetting to keep three
     code locations in perfect sync and ordering

     "this is at once beautiful and horrible" + ok dtucker@
2011-05-20 19:04:14 +10:00
Damien Miller
c2411909c7 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
[servconf.c]
     Add comment documenting what should be after the preauth check.  ok djm
2011-05-20 19:03:49 +10:00
Damien Miller
5d74e58e62 - djm@cvs.openbsd.org 2011/05/20 00:55:02
[servconf.c]
     the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
     and AuthorizedPrincipalsFile were not being correctly applied in
     Match blocks, despite being overridable there; ok dtucker@
2011-05-20 19:03:31 +10:00
Damien Miller
8f639fe722 - djm@cvs.openbsd.org 2011/05/17 07:13:31
[key.c]
     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
     and fix the regress test that was trying to generate them :)
2011-05-20 19:03:08 +10:00
Damien Miller
814ace0875 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/15 08:09:01
     [authfd.c monitor.c serverloop.c]
     use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 19:02:47 +10:00
Damien Miller
ec2eaa3daf - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 2011-05-20 18:57:14 +10:00
Damien Miller
989bb7f0c5 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
options, we should corresponding -W-option when trying to determine
   whether it is accepted.  Also includes a warning fix on the program
   fragment uses (bad main() return type).
   bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 18:56:30 +10:00