Revert previous commit. We still want to call setgroups
in the case where there are zero groups to remove any that we might otherwise
inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
to setgroups is always a static global it's always valid to dereference in
this case. ok deraadt@ djm@
Revert previous commit. We still want to call setgroups in
the case where there are zero groups to remove any that we might otherwise
inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
to setgroups is always a static global it's always valid to dereference in
this case. ok deraadt@ djm@
djm@openbsd.org [Mon, 22 Jun 2015 23:42:16 +0000 (23:42 +0000)]
upstream commit
Don't count successful partial authentication as failures
in monitor; this may have caused the monitor to refuse multiple
authentications that would otherwise have successfully completed; ok markus@
Don't call setgroups if we have zero groups; there's no
guarantee that it won't try to deref the pointer. Based on a patch from mail
at quitesimple.org, ok djm deraadt
If AuthorizedPrincipalsCommand is specified, however
AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
potentially fail due to key_cert_check_authority() failing to locate a
principal that matches the username, even though an authorized principal has
already been matched in the output of the subprocess. Fix this by using the
same logic to determine if pw->pw_name should be passed, as is used to
determine if a authorized principal must be matched earlier on.
Make the arguments to match_principals_command() similar
to match_principals_file(), by changing the last argument a struct
sshkey_cert * and dereferencing key->cert in the caller.
Damien Miller [Wed, 17 Jun 2015 04:36:54 +0000 (14:36 +1000)]
trivial optimisation for seccomp-bpf
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
Add a stronger (4k bit) fallback group that sshd can use
when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok
markus@ (earlier version), djm@
Cap DH-GEX group size at 4kbits for Cisco implementations.
Some of them will choke when asked for preferred sizes >4k instead of
returning the 4k group that they do have. bz#2209, ok djm@
djm@openbsd.org [Fri, 22 May 2015 03:50:02 +0000 (03:50 +0000)]
upstream commit
add knob to relax GSSAPI host credential check for
multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
(kerberos/GSSAPI is not compiled by default on OpenBSD)
djm@openbsd.org [Thu, 21 May 2015 12:01:19 +0000 (12:01 +0000)]
upstream commit
Support "ssh-keygen -lF hostname" to find search known_hosts
and print key hashes. Already advertised by ssh-keygen(1), but not delivered
by code; ok dtucker@
djm@openbsd.org [Thu, 21 May 2015 06:43:30 +0000 (06:43 +0000)]
upstream commit
add AuthorizedPrincipalsCommand that allows getting
authorized_principals from a subprocess rather than a file, which is quite
useful in deployments with large userbases
Use a salted hash of the lock passphrase instead of plain
text and do constant-time comparisons of it. Should prevent leaking any
information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
incrementing delay for each failed unlock attempt up to 10s. ok markus@
(earlier version), djm@
Damien Miller [Tue, 5 May 2015 09:10:58 +0000 (19:10 +1000)]
upstream commit
- tedu@cvs.openbsd.org 2015/01/12 03:20:04
[bcrypt_pbkdf.c]
rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
nor are they the same size.
djm@openbsd.org [Fri, 1 May 2015 07:08:08 +0000 (07:08 +0000)]
upstream commit
a couple of parse targets were missing activep checks,
causing them to be misapplied in match context; bz#2272 diagnosis and
original patch from Sami Hartikainen ok dtucker@
djm@openbsd.org [Fri, 1 May 2015 03:23:51 +0000 (03:23 +0000)]
upstream commit
prevent authorized_keys options picked up on public key
tests without a corresponding private key authentication being applied to
other authentication methods. Reported by halex@, ok markus@
djm@openbsd.org [Fri, 1 May 2015 03:20:54 +0000 (03:20 +0000)]
upstream commit
Don't make parsing of authorized_keys' environment=
option conditional on PermitUserEnv - always parse it, but only use the
result if the option is enabled. This prevents the syntax of authorized_keys
changing depending on which sshd_config options were enabled.
bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
Add a simple regression test for sshd's configuration
parser. Right now, all it does is run the output of sshd -T back through
itself and ensure the output is valid and invariant.
Blacklist DH-GEX for specific PuTTY versions known to
send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
messages. ok djm@
Darren Tucker [Fri, 8 May 2015 01:07:27 +0000 (11:07 +1000)]
Put brackets around mblen() compat constant.
This might help with the reported problem cross compiling for Android
("error: expected identifier or '(' before numeric constant") but
shouldn't hurt in any case.
Document that the TERM environment variable is not
subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
jjelen at redhat, help and ok jmc@
projects / thirdparty / openssh-portable.git / log
