djm [Mon, 19 May 2008 05:05:07 +0000 (05:05 +0000)]
- djm@cvs.openbsd.org 2008/05/08 12:02:23
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
[ssh.c sshd.c]
Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
djm [Mon, 19 May 2008 04:59:37 +0000 (04:59 +0000)]
- markus@cvs.openbsd.org 2008/05/08 06:59:01
[bufaux.c buffer.h channels.c packet.c packet.h]
avoid extra malloc/copy/free when receiving data over the net;
~10% speedup for localhost-scp; ok djm@
djm [Mon, 19 May 2008 04:57:41 +0000 (04:57 +0000)]
- pyr@cvs.openbsd.org 2008/05/07 05:49:37
[servconf.c servconf.h session.c sshd_config.5]
Enable the AllowAgentForwarding option in sshd_config (global and match
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
djm [Mon, 19 May 2008 04:53:33 +0000 (04:53 +0000)]
- djm@cvs.openbsd.org 2008/04/18 12:32:11
[sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
introduce sftp extension methods statvfs@openssh.com and
fstatvfs@openssh.com that implement statvfs(2)-like operations,
based on a patch from miklos AT szeredi.hu (bz#1399)
also add a "df" command to the sftp client that uses the
statvfs@openssh.com to produce a df(1)-like display of filesystem
space and inode utilisation
ok markus@
djm [Mon, 19 May 2008 04:50:00 +0000 (04:50 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
djm [Mon, 19 May 2008 04:27:42 +0000 (04:27 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/04/04 05:14:38
[sshd_config.5]
ChrootDirectory is supported in Match blocks (in fact, it is most useful
there). Spotted by Minstrel AT minstrel.org.uk
- markus@cvs.openbsd.org 2008/04/02 15:36:51
[channels.c]
avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@
djm [Thu, 27 Mar 2008 00:26:56 +0000 (00:26 +0000)]
- djm@cvs.openbsd.org 2008/03/24 21:46:54
[regress/sftp-badcmds.sh]
disable no-replace rename test now that we prefer a POSIX rename; spotted
by dkrause@
djm [Thu, 27 Mar 2008 00:02:02 +0000 (00:02 +0000)]
- djm@cvs.openbsd.org 2008/03/25 11:58:02
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
djm [Thu, 27 Mar 2008 00:01:15 +0000 (00:01 +0000)]
- deraadt@cvs.openbsd.org 2008/03/24 16:11:07
[monitor_fdpass.c]
msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
djm [Wed, 26 Mar 2008 23:59:57 +0000 (23:59 +0000)]
- djm@cvs.openbsd.org 2008/03/23 12:54:01
[sftp-client.c]
prefer POSIX-style file renaming over filexfer rename behaviour if the
server supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an
existing file. Users who depended on this should adjust their sftp(1)
usage.
ok deraadt@ markus@
djm [Wed, 26 Mar 2008 23:54:44 +0000 (23:54 +0000)]
- deraadt@cvs.openbsd.org 2008/03/15 16:19:02
[monitor_fdpass.c]
Repair the simple cases for msg_controllen where it should just be
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
djm [Wed, 26 Mar 2008 23:53:23 +0000 (23:53 +0000)]
- deraadt@cvs.openbsd.org 2008/03/13 01:49:53
[monitor_fdpass.c]
Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
an extensive discussion with otto, kettenis, millert, and hshoexer
djm [Wed, 26 Mar 2008 23:50:21 +0000 (23:50 +0000)]
- jmc@cvs.openbsd.org 2008/02/11 07:58:28
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
dtucker [Wed, 26 Mar 2008 20:27:20 +0000 (20:27 +0000)]
- (dtucker) Cache selinux status earlier so we know if it's enabled after a
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
djm [Fri, 14 Mar 2008 22:25:54 +0000 (22:25 +0000)]
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
empty; report and patch from Peter Stuge
- (djm) [regress/test-exec.sh] Silence noise from detection of putty
commands; report from Peter Stuge
tim [Fri, 14 Mar 2008 17:39:17 +0000 (17:39 +0000)]
- (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
vinschen at redhat.com. Add () to put echo commands in subshell for lls test
I mistakenly left out of last commit.
djm [Wed, 12 Mar 2008 13:17:00 +0000 (13:17 +0000)]
- djm@cvs.openbsd.org 2007/12/21 04:13:53
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
basic (crypto, kex and transfer) interop regression tests against putty
To run these, install putty and run "make interop-tests" from the build
directory - the tests aren't run by default yet.
djm [Wed, 12 Mar 2008 12:59:43 +0000 (12:59 +0000)]
- djm@cvs.openbsd.org 2007/12/12 05:04:03
[regress/sftp-cmds.sh]
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
NB. sftp code change already committed.
djm [Wed, 12 Mar 2008 12:58:55 +0000 (12:58 +0000)]
- jmc@cvs.openbsd.org 2007/11/25 15:35:09
[regress/agent-getpeereid.sh regress/agent.sh]
more existant -> existent, from Martynas Venckus;
pfctl changes: ok henning
ssh changes: ok deraadt
dtucker [Tue, 11 Mar 2008 11:58:25 +0000 (11:58 +0000)]
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
dtucker [Sun, 9 Mar 2008 11:50:50 +0000 (11:50 +0000)]
- (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
platforms where gcc understands the option but it's not supported (and
thus generates a warning).
dtucker [Sun, 9 Mar 2008 06:10:09 +0000 (06:10 +0000)]
- (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
equivalent of LLONG_MAX for the compat regression tests, which makes them
run on AIX and HP-UX. Patch from David Leonard.
dtucker [Sun, 9 Mar 2008 05:36:55 +0000 (05:36 +0000)]
- (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
dtucker [Sun, 9 Mar 2008 00:34:23 +0000 (00:34 +0000)]
- (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
always work for all platforms and versions, so test what we can and
add a configure flag to turn it of if needed. ok djm@
djm [Fri, 7 Mar 2008 07:35:26 +0000 (07:35 +0000)]
- deraadt@cvs.openbsd.org 2008/03/02 18:19:35
[monitor_fdpass.c]
use a union to ensure alignment of the cmsg (pay attention: various other
parts of the tree need this treatment too); ok djm
djm [Fri, 7 Mar 2008 07:33:53 +0000 (07:33 +0000)]
- djm@cvs.openbsd.org 2008/02/27 20:21:15
[sftp-server.c]
add an extension method "posix-rename@openssh.com" to perform POSIX atomic
rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
ok dtucker@ markus@
djm [Fri, 7 Mar 2008 07:33:30 +0000 (07:33 +0000)]
- dtucker@cvs.openbsd.org 2008/02/22 20:44:02
[clientloop.c packet.c packet.h serverloop.c]
Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
keepalive timer (bz #1307). ok markus@
djm [Fri, 7 Mar 2008 07:33:12 +0000 (07:33 +0000)]
- djm@cvs.openbsd.org 2008/02/22 05:58:56
[session.c]
closefrom() call was too early, delay it until just before we execute
the user's rc files (if any).
djm [Fri, 7 Mar 2008 07:31:47 +0000 (07:31 +0000)]
- mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
[sshd.c]
When started in configuration test mode (-t) do not check that sshd is
being started with an absolute path.
ok djm
djm [Fri, 7 Mar 2008 07:27:58 +0000 (07:27 +0000)]
- jmc@cvs.openbsd.org 2008/02/11 07:58:28
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
dtucker [Fri, 29 Feb 2008 02:57:47 +0000 (02:57 +0000)]
- (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
configure (and there's not much point, as openssh won't work without it)
so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
built in. Remove HAVE_SELECT so we can build on platforms without poll.
dtucker [Thu, 28 Feb 2008 12:16:04 +0000 (12:16 +0000)]
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
dtucker [Thu, 28 Feb 2008 08:13:52 +0000 (08:13 +0000)]
- (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
dtucker [Mon, 25 Feb 2008 10:05:04 +0000 (10:05 +0000)]
- (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
dtucker [Mon, 25 Feb 2008 09:21:20 +0000 (09:21 +0000)]
- (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
since it now conflicts with the helper function in misc.c. From
vinschen AT redhat.com.
dtucker [Mon, 25 Feb 2008 09:18:31 +0000 (09:18 +0000)]
20080224
- (tim) [contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
tim [Sat, 23 Feb 2008 22:47:37 +0000 (22:47 +0000)]
[contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
djm [Sun, 10 Feb 2008 11:48:55 +0000 (11:48 +0000)]
- djm@cvs.openbsd.org 2008/02/10 10:54:29
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
djm [Sun, 10 Feb 2008 11:44:20 +0000 (11:44 +0000)]
- djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in chroot
required). ok markus@
djm [Sun, 10 Feb 2008 11:40:12 +0000 (11:40 +0000)]
- djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
djm [Sun, 10 Feb 2008 11:27:47 +0000 (11:27 +0000)]
- dtucker@cvs.openbsd.org 2008/01/23 01:56:54
[clientloop.c packet.c serverloop.c]
Revert the change for bz #1307 as it causes connection aborts if an IGNORE
packet arrives while we're waiting in packet_read_expect (and possibly
elsewhere).
djm [Sun, 10 Feb 2008 11:27:24 +0000 (11:27 +0000)]
- djm@cvs.openbsd.org 2008/01/21 19:20:17
[sftp-client.c]
when a remote write error occurs during an upload, ensure that ACKs for
all issued requests are properly drained. patch from t8m AT centrum.cz
djm [Sun, 10 Feb 2008 11:26:51 +0000 (11:26 +0000)]
- djm@cvs.openbsd.org 2008/01/21 17:24:30
[sftp-server.c]
Remove the fixed 100 handle limit in sftp-server and allocate as many
as we have available file descriptors. Patch from miklos AT szeredi.hu;
ok dtucker@ markus@
djm [Sun, 10 Feb 2008 11:26:24 +0000 (11:26 +0000)]
- djm@cvs.openbsd.org 2008/01/20 00:38:30
[sftp.c]
When uploading, correctly handle the case of an unquoted filename with
glob metacharacters that match a file exactly but not as a glob, e.g. a
file called "[abcd]". report and test cases from duncan2nd AT gmx.de
djm [Sun, 10 Feb 2008 11:25:52 +0000 (11:25 +0000)]
- djm@cvs.openbsd.org 2008/01/19 23:09:49
[readconf.c readconf.h sshconnect2.c]
promote rekeylimit to a int64 so it can hold the maximum useful limit
of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
djm [Sun, 10 Feb 2008 11:25:24 +0000 (11:25 +0000)]
- djm@cvs.openbsd.org 2008/01/19 23:02:40
[channels.c]
When we added support for specified bind addresses for port forwards, we
added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
this for -L port forwards that causes the client to listen on both v4
and v6 addresses when connected to a server with this quirk, despite
having set 0.0.0.0 as a bind_address.
report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
andersk / openssh.git / log
