Damien Miller [Sat, 22 Jan 2022 00:38:21 +0000 (11:38 +1100)]
restore tty force-read hack
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion).
Corinna Vinschen [Thu, 20 Jan 2022 16:22:56 +0000 (03:22 +1100)]
Fix signedness bug in Cygwin code
The Cygwin-specific pattern match code has a bug. It checks
the size_t value returned by mbstowcs for being < 0. The right
thing to do is to check against (size_t) -1. Fix that.
Darren Tucker [Thu, 20 Jan 2022 02:26:27 +0000 (13:26 +1100)]
Improve compatibility of early exit trap handling.
Dash (as used by the github runners) has some differences in its trap
builtin:
- it doesn't have -p (which is fine, that's not in posix).
- it doesn't work in a subshell (which turns out to be in compliance
with posix, which means bash isn't).
- it doesn't work in a pipeline, ie "trap|cat" produces no output.
Darren Tucker [Wed, 19 Jan 2022 04:37:39 +0000 (15:37 +1100)]
Invoke EXIT handler early when using Valgrind.
When using Valgrind, we need to wait for all invoked programs to
complete before checking their valgrind logs. Some tests, notably
agent-restrict, set an EXIT trap handler to clean up things like
ssh-agent, but those do not get invoked until test-exec.sh exits.
This causes the Valgrind wait to deadlock, so if present invoke
the EXIT handler before checking the Valgrind logs.
djm@openbsd.org [Mon, 17 Jan 2022 22:56:04 +0000 (22:56 +0000)]
upstream: when decompressing zlib compressed packets, use
Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually
specified as a valid mode for inflate(). There should be no practical change
in behaviour as the compression side ensures a flush that should make all
data available to the receiver in all cases.
djm@openbsd.org [Fri, 14 Jan 2022 03:31:52 +0000 (03:31 +0000)]
upstream: use status error message to communicate ~user expansion
failures; provides better experience for scp in sftp mode, where ~user paths
are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg &
markus
Damien Miller [Tue, 11 Jan 2022 21:57:49 +0000 (08:57 +1100)]
OS X poll(2) is broken; use compat replacement
Darwin's poll(2) implementation is broken. For character-special
devices like /dev/null, it returns POLLNVAL when polled with
POLLIN.
Apparently this is Apple bug 3710161, which is AFAIK not public,
but a websearch will find other OSS projects rediscovering it
periodically since it was first identified in 2005 (!!)
djm@openbsd.org [Sat, 8 Jan 2022 07:37:32 +0000 (07:37 +0000)]
upstream: use status error message to communicate ~user expansion
failures; provides better experience for scp in sftp mode, where ~user paths
are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg &
markus
djm@openbsd.org [Thu, 6 Jan 2022 21:55:23 +0000 (21:55 +0000)]
upstream: Fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2
for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in initial
KEX. bz3375
Mostly by Dmitry Belyavskiy with some tweaks by me.
Darren Tucker [Wed, 22 Dec 2021 08:33:10 +0000 (19:33 +1100)]
Use SHA.*_HMAC_BLOCK_SIZE if needed.
If the platform has a native SHA2, does not define SHA.*_BLOCK_LENGTH
but does define SHA.*_HMAC_BLOCK_SIZE (eg Solaris) then use the latter.
Should fix --without-openssl build on Solaris.
Allow control over which pubkey methods are used. Added out of
concern that some hardware devices may have difficulty signing
the longer pubkey authentication challenges. This provides a
way for them to disable the extension. It's also handy for
testing.
djm@openbsd.org [Sun, 19 Dec 2021 22:13:55 +0000 (22:13 +0000)]
upstream: Use hostkey parsed from hostbound userauth request
Require host-bound userauth requests for forwarded SSH connections.
The hostkey parsed from the host-bound userauth request is now checked
against the most recently bound session ID / hostkey on the agent socket
and the signature refused if they do not match.
djm@openbsd.org [Sun, 19 Dec 2021 22:11:39 +0000 (22:11 +0000)]
upstream: ssh-agent side of destination constraints
Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com
constraints and to apply them to keys.
Check constraints against the hostkeys recorded for a SocketEntry when
attempting a signature, adding, listing or deleting keys. Note that
the "delete all keys" request will remove constrained keys regardless of
location.
djm@openbsd.org [Sun, 19 Dec 2021 22:11:06 +0000 (22:11 +0000)]
upstream: ssh-add side of destination constraints
Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports session ID/hostkey binding.
Constraints are specified as either "[user@]host-pattern" or
"host-pattern>[user@]host-pattern".
The first form permits a key to be used to authenticate as the
specified user to the specified host.
The second form permits a key that has previously been permitted
for use at a host to be available via a forwarded agent to an
additional host.
For example, constraining a key with "user1@host_a" and
"host_a>host_b". Would permit authentication as "user1" at
"host_a", and allow the key to be available on an agent forwarded
to "host_a" only for authentication to "host_b". The key would not
be visible on agent forwarded to other hosts or usable for
authentication there.
Internally, destination constraints use host keys to identify hosts.
The host patterns are used to obtain lists of host keys for that
destination that are communicated to the agent. The user/hostkeys are
encoded using a new restrict-destination-v00@openssh.com key
constraint.
host keys are looked up in the default client user/system known_hosts
files. It is possible to override this set on the command-line.
djm@openbsd.org [Sun, 19 Dec 2021 22:10:24 +0000 (22:10 +0000)]
upstream: ssh-add side of destination constraints
Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports session ID/hostkey binding.
Constraints are specified as either "[user@]host-pattern" or
"host-pattern>[user@]host-pattern".
The first form permits a key to be used to authenticate as the
specified user to the specified host.
The second form permits a key that has previously been permitted
for use at a host to be available via a forwarded agent to an
additional host.
For example, constraining a key with "user1@host_a" and
"host_a>host_b". Would permit authentication as "user1" at
"host_a", and allow the key to be available on an agent forwarded
to "host_a" only for authentication to "host_b". The key would not
be visible on agent forwarded to other hosts or usable for
authentication there.
Internally, destination constraints use host keys to identify hosts.
The host patterns are used to obtain lists of host keys for that
destination that are communicated to the agent. The user/hostkeys are
encoded using a new restrict-destination-v00@openssh.com key
constraint.
host keys are looked up in the default client user/system known_hosts
files. It is possible to override this set on the command-line.
djm@openbsd.org [Sun, 19 Dec 2021 22:08:48 +0000 (22:08 +0000)]
upstream: ssh client side of binding
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.
projects / thirdparty / openssh-portable.git / log
