Commit Graph

200 Commits

Author SHA1 Message Date
djm@openbsd.org
dc3c0be820 upstream: Fix two problems in string->argv conversion: 1) multiple
backslashes were not being dequoted correctly and 2) quoted space in the
middle of a string was being incorrectly split.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A unit test for these cases has already been committed

prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@

OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4
2021-04-03 16:24:40 +11:00
dtucker@openbsd.org
e774bac359 upstream: Do not try to reset signal handler for signal 0 in
subprocess. Prevents spurious debug message.  ok djm@

OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46
2021-02-28 13:01:20 +11:00
markus@openbsd.org
b696858a7f upstream: factor out opt_array_append; ok djm@
OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a
2021-02-17 15:03:41 +11:00
dtucker@openbsd.org
02da325f10 upstream: Change types in convtime() unit test to int to match
change its new type. Add tests for boundary conditions and fix convtime to
work up to INT_MAX. ok djm@

OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de
2021-01-18 18:43:43 +11:00
dtucker@openbsd.org
5339ab369c upstream: In waitfd(), when poll returns early we are subtracting
the elapsed time from the timeout each loop, so we only want to measure the
elapsed time the poll() in that loop, not since the start of the function.
Spotted by chris.xj.zhu at gmail.com, ok djm@

OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a
2021-01-18 18:43:43 +11:00
dtucker@openbsd.org
6d30673fed upstream: Change convtime() from returning long to returning int.
On platforms where sizeof(int) != sizeof(long), convtime could accept values
>MAX_INT which subsequently truncate when stored in an int during config
parsing.  bz#3250, ok djm@

OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
2021-01-11 15:04:12 +11:00
djm@openbsd.org
a34e14a5a0 upstream: move subprocess() from auth.c to misc.c
make privilege dropping optional but allow it via callbacks (to avoid
need to link uidswap.c everywhere)

add some other flags (keep environment, disable strict path safety check)
that make this more useful for client-side use.

feedback & ok markus@

OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
2020-12-22 15:43:59 +11:00
djm@openbsd.org
33313ebc1c upstream: Set the specified TOS/DSCP for interactive use prior to
TCP connect. The connection phase of the SSH session is time-sensitive (due
to server side login grace periods) and is frequently interactive (e.g.
entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.

ok dtucker@

OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
2020-11-27 13:21:16 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
2020-10-18 23:46:29 +11:00
djm@openbsd.org
396d32f3a1 upstream: There are lots of place where we want to redirect stdin,
stdout and/or stderr to /dev/null. Factor all these out to a single
stdfd_devnull() function that allows selection of which of these to redirect.
ok markus@

OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
2020-10-03 19:34:24 +10:00
djm@openbsd.org
3d06ff4bbd upstream: handle EINTR in waitfd() and timeout_connect() helpers;
bz#3071; ok dtucker@

OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
2020-06-26 15:25:24 +10:00
dtucker@openbsd.org
712ac1efb6 upstream: Make dollar_expand variadic and pass a real va_list to
vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.

OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
2020-05-29 21:53:37 +10:00
dtucker@openbsd.org
f85b118d21 upstream: Pass a NULL instead of zeroed out va_list from
dollar_expand.  The original intent was in case there's some platform where
va_list is not a pointer equivalent, but on i386 this chokes on the memset.
This unbreaks that build, but will require further consideration.

OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7
2020-05-29 20:10:21 +10:00
dtucker@openbsd.org
4a1b46e6d0 upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side.  The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths.  This
would for example allow forwarding of Unix domain socket paths that change at
runtime.  bz#3140, ok djm@

OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
2020-05-29 15:46:47 +10:00
dtucker@openbsd.org
1001dd148e upstream: Fix multiplier in convtime when handling seconds after
other units. bz#3171, spotted by ronf at timeheart.net, ok djm@.

OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be
2020-05-29 13:28:46 +10:00
djm@openbsd.org
756c6f66ae upstream: add fmt_timeframe() (from bgpd) to format a time
interval in a human- friendly format. Switch copyright for this file from BSD
to MIT to make it easier to add Henning's copyright for this function. ok
markus@

OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
2020-05-27 10:13:58 +10:00
Darren Tucker
6c6072ba8b See if SA_RESTART signals will interrupt select().
On some platforms (at least older HP-UXes such as 11.11, possibly others)
setting SA_RESTART on signal handers will cause it to not interrupt
select(), at least for calls that do not specify a timeout.  Try to
detect this and if found, don't use SA_RESTART.

POSIX says "If SA_RESTART has been set for the interrupting signal, it
is implementation-dependent whether select() restarts or returns with
[EINTR]" so this behaviour is within spec.
2020-05-01 15:09:26 +10:00
dtucker@openbsd.org
4d2c87b4d1 upstream: We've standardized on memset over bzero, replace a couple
that had slipped in.  ok deraadt markus djm.

OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
2020-05-01 13:13:28 +10:00
djm@openbsd.org
4594c76276 upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,
based on patch by veegish AT cyberstorm.mu

OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
2020-01-28 12:52:46 +11:00
djm@openbsd.org
8075fccbd4 upstream: add xextendf() to extend a string with a format
(reallocating as necessary). ok aja@ as part of a larger diff

OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
2020-01-25 11:27:29 +11:00
dtucker@openbsd.org
3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
dtucker@openbsd.org
e2c0a21ade upstream: Wait for FD to be readable or writeable during a nonblocking
connect, not just readable.  Prevents a timeout when the server doesn't
immediately send a banner (eg multiplexers like sslh) but is also slightly
quicker for other connections since, unlike ssh1, ssh2 doesn't specify
that the client should parse the server banner before sending its own.
Patch from mnissler@chromium.org, ok djm@

OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
2019-11-22 18:38:14 +11:00
Darren Tucker
6fc7e1c6fe Wrap poll.h includes in HAVE_POLL_H. 2019-10-28 16:27:53 +11:00
djm@openbsd.org
5485f8d50a upstream: move authorized_keys option parsing helpsers to misc.c
and make them public; ok markus@

OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03 18:39:31 +10:00
djm@openbsd.org
c72d78ccbe upstream: move skip_space() to misc.c and make it public; ok
markus@

OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
2019-09-03 18:39:31 +10:00
djm@openbsd.org
e3b6c966b7 upstream: switch percent_expand() to use sshbuf instead of a limited
fixed buffer; ok markus@

OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
2019-08-16 16:14:30 +10:00
deraadt@openbsd.org
4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
deraadt@openbsd.org
5cdbaa78fc upstream: Some asprintf() calls were checked < 0, rather than the
precise == -1. ok millert nicm tb, etc

OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
2019-06-28 11:30:18 +10:00
dtucker@openbsd.org
d05ea25567 upstream: Remove support for obsolete host/port syntax.
host/port was added in 2001 as an alternative to host:port syntax for
the benefit of IPv6 users.  These days there are establised standards
for this like [::1]:22 and the slash syntax is easily mistaken for CIDR
notation, which OpenSSH now supports for some things.  Remove the slash
notation from ListenAddress and PermitOpen.  bz#2335, patch from jjelen
at redhat.com, ok markus@

OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
2019-01-24 12:30:30 +11:00
djm@openbsd.org
0a843d9a0e upstream: move client/server SSH-* banners to buffers under
ssh->kex and factor out the banner exchange. This eliminates some common code
from the client and server.

Also be more strict about handling \r characters - these should only
be accepted immediately before \n (pointed out by Jann Horn).

Inspired by a patch from Markus Schmidt.
(lots of) feedback and ok markus@

OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27 14:38:22 +11:00
dtucker@openbsd.org
434b587afe upstream: Fix calculation of initial bandwidth limits. Account for
written bytes before the initial timer check so that the first buffer written
is accounted.  Set the threshold after which the timer is checked such that
the limit starts being computed as soon as possible, ie after the second
buffer is written.  This prevents an initial burst of traffic and provides a
more accurate bandwidth limit.  bz#2927, ok djm.

OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
2018-12-27 14:30:17 +11:00
djm@openbsd.org
2a35862e66 upstream: use path_absolute() for pathname checks; from Manoj Ampalam
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-11-16 14:37:33 +11:00
naddy@openbsd.org
2581333d56 upstream: Support using service names for port numbers.
* Try to resolve a port specification with getservbyname(3) if a
 numeric conversion fails.
* Make the "Port" option in ssh_config handle its argument as a
 port rather than a plain integer.

ok dtucker@ deraadt@

OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
2018-10-07 14:58:24 +11:00
djm@openbsd.org
5eff5b858e upstream: Allow ssh_config IdentityAgent directive to accept
environment variable names as well as explicit paths. ok dtucker@

OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
2018-10-03 16:39:58 +10:00
dtucker@openbsd.org
73ddb25bae upstream: Remove uid checks from low port binds. Now that ssh
cannot be setuid and sshd always has privsep on, we can remove the uid checks
for low port binds and just let the system do the check. We leave a sanity
check for the !privsep case so long as the code is stil there.  with & ok
djm@

OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
2018-07-31 12:18:49 +10:00
dtucker@openbsd.org
258dc8bb07 upstream: Remove support for running ssh(1) setuid and fatal if
attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
2018-07-19 21:41:42 +10:00
djm@openbsd.org
7082bb58a2 upstream: add a SetEnv directive to ssh_config that allows setting
environment variables for the remote session (subject to the server accepting
them)

refactor SendEnv to remove the arbitrary limit of variable names.

ok markus@

OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-09 13:11:00 +10:00
markus@openbsd.org
7f90635216 upstream: switch config file parsing to getline(3) as this avoids
static limits noted by gerhard@; ok dtucker@, djm@

OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
2018-06-07 04:34:05 +10:00
djm@openbsd.org
bf0fbf2b11 upstream: add valid-before="[time]" authorized_keys option. A
simple way of giving a key an expiry date. ok markus@

OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-14 18:55:32 +11:00
djm@openbsd.org
c7c458e826 upstream: revert recent strdelim() change, it causes problems with
some configs.

revision 1.124
date: 2018/03/02 03:02:11;  author: djm;  state: Exp;  lines: +19 -8;  commitid: nNRsCijZiGG6SUTT;
Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
option strings. bz#1596 ok markus@

OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
2018-03-12 11:48:15 +11:00
djm@openbsd.org
7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
djm@openbsd.org
713d9cb510 upstream: Allow escaped quotes \" and \' in ssh_config and
sshd_config quotes option strings. bz#1596 ok markus@

OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
2018-03-02 14:39:17 +11:00
markus@openbsd.org
25cf9105b8 upstream commit
move subprocess() so scp/sftp do not need uidswap.o; ok
djm@

OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
2018-01-23 16:32:57 +11:00
djm@openbsd.org
fd4eeeec16 upstream commit
fix ordering in previous to ensure errno isn't clobbered
before logging.

OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
2017-12-12 10:32:04 +11:00
djm@openbsd.org
155072fdb0 upstream commit
for some reason unix_listener() logged most errors twice
with each message containing only some of the useful information; merge these

OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
2017-12-12 10:32:04 +11:00
dtucker@openbsd.org
609d96b3d5 upstream commit
Replace atoi and strtol conversions for integer arguments
to config keywords with a checking wrapper around strtonum.  This will
prevent and flag invalid and negative arguments to these keywords.  ok djm@

OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
2017-12-07 11:49:00 +11:00
dtucker@openbsd.org@openbsd.org
5db6fbf143 upstream commit
Add monotime_ts and monotime_tv that return monotonic
timespec and timeval respectively.  Replace calls to gettimeofday() in packet
timing with monotime_tv so that the callers will work over a clock step.
Should prevent integer overflow during clock steps reported by wangle6 at
huawei.com. "I like" markus@

OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
2017-11-28 12:01:49 +11:00
Damien Miller
43c29bb7cf provide hooks and fallbacks for rdomain support 2017-10-25 13:11:38 +11:00
djm@openbsd.org
35eb33fb95 upstream commit
add sshd_config RDomain keyword to place sshd and the
subsequent user session (including the shell and any TCP/IP forwardings) into
the specified rdomain(4)

ok markus@

Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2017-10-25 12:26:13 +11:00
djm@openbsd.org
acf559e1cf upstream commit
Add optional rdomain qualifier to sshd_config's
ListenAddress option to allow listening on a different rdomain(4), e.g.

ListenAddress 0.0.0.0 rdomain 4

Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2017-10-25 12:26:06 +11:00