summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
3 daysupstream: Adapt XMSS to new logging infrastructure. With markus@, okHEADmasterdtucker@openbsd.org
djm@. OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
3 daysupstream: fix SEGV on fatal() errors spotted by dtucker@djm@openbsd.org
OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2
4 daysUse fatal_fr not fatal_r when passing r.Darren Tucker
Caught by the PAM -Werror tinderbox build.
4 daysupstream: use the new variant log macros instead of prependingdjm@openbsd.org
__func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
4 daysupstream: variants of the log methods that append a ssherr.h stringdjm@openbsd.org
from a supplied error code; ok markus@ OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf
4 daysupstream: remove a level of macro indirection; ok markus@djm@openbsd.org
OpenBSD-Commit-ID: 0c529d06e902c5d1a6b231e1bec6157f76dc67c9
4 daysupstream: add some variant log.h calls that prepend the callingdjm@openbsd.org
function name; ok markus@ OpenBSD-Commit-ID: 4be1b2e2455b271ddb7457bc195c5367644f4e48
5 daysmissing headerDamien Miller
5 dayssync regress/misc/sk-dummy/fatal.cDamien Miller
5 daysupstream: make the log functions that exit (sshlogdie(),djm@openbsd.org
sshfatal(), etc) have identical signatures. Makes things a bit more consistent... OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9
5 daysupstream: add space between macro arg and punctuation;jmc@openbsd.org
OpenBSD-Commit-ID: bb81e2ed5a77832fe62ab30a915ae67cda57633e
6 dayscheck for and require a C99 capable compilerDamien Miller
recent logging changes use __VA_ARGS__.
6 dayslogging is now macros, remove function pointersDamien Miller
6 daysadapt sk-dummy's fatal implementation to changesDamien Miller
6 daysfix netcat build problemDamien Miller
6 daysupstream: LogVerbose keyword for ssh and sshddjm@openbsd.org
Allows forcing maximum debug logging by file/function/line pattern- lists. ok markus@ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
6 daysupstream: revised log infrastructure for OpenSSHdjm@openbsd.org
log functions receive function, filename and line number of caller. We can use this to selectively enable logging via pattern-lists. ok markus@ OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
6 daysupstream: use do_log2 instead of function pointers to different logdjm@openbsd.org
functions OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
9 daysupstream: make UpdateHostkeys still more conservative: refuse todjm@openbsd.org
proceed if one of the keys offered by the server is already in known_hosts under another name. This avoid collisions between address entries for different host aliases when CheckHostIP=yes Also, do not attempt to fix known_hosts with incomplete host/ip matches when there are no new or deprecated hostkeys. OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3
9 daysupstream: Zap unused family parameter from ssh_connect_direct()kn@openbsd.org
sshconnect.c r1.241 from 2013 made it unused; found while reading code. OK djm OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
10 daysshift contents of long $() into filter_ids()Philip Hands
This was prompted by the fact that posh does not deal with $() that contains comments where the comment includes an odd number of single-quotes. It seems to get befuddled into trying to find the matching quote. Regardless, making a function for filtering the unneeded ids seems much neater than avoiding apostrophes, so that's what I've done. SSH-Copy-ID-Upstream: 3dab3366a584427045c8a690a93282f02c09cf24
10 dayscombine if/elif to avoid duplication of the actionPhilip Hands
SSH-Copy-ID-Upstream: 42aeb1cc53d3f7f6e78edc210fb121fda0834914
10 daysshellcheck tidyagePhilip Hands
SSH-Copy-ID-Upstream: 5b08f840e78ac544288b3983010a1b0585e966fd
10 daystidy up test of $SCRATCH_DIR creationPhilip Hands
SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93
10 daysadd -s flag: to install keys via SFTPPhilip Hands
This is prompted by: https://bugzilla.mindrot.org/show_bug.cgi?id=3201 Thanks go to Matthias Bl├╝mel for the idea, and the helpful patch, from which this patch grew. SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614
11 daysupstream: UpdateHostkeys: check for keys under other namesdjm@openbsd.org
Stop UpdateHostkeys from automatically removing deprecated keys from known_hosts files if the same keys exist under a different name or address to the host that is being connected to. This avoids UpdateHostkeys from making known_hosts inconsistent in some cases. For example, multiple host aliases sharing address-based known_hosts on different lines, or hosts that resolves to multiple addresses. ok markus@ OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
11 daysupstream: UpdateHostkeys: better CheckHostIP handlingdjm@openbsd.org
When preparing to update the known_hosts file, fully check both entries for both the host and the address (if CheckHostIP enabled) and ensure that, at the end of the operation, entries for both are recorded. Make sure this works with HashKnownHosts too, which requires maintaining a list of entry-types seen across the whole file for each key. ok markus@ OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
11 daysupstream: UpdateHostkeys: better detect manual host entriesdjm@openbsd.org
Disable UpdateHostkeys if the known_hosts line has more than two entries in the pattern-list. ssh(1) only writes "host" or "host,ip" lines so anything else was added by a different tool or by a human. ok markus@ OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820
13 daysupstream: don't misdetect comma-separated hostkey names as wildcards;djm@openbsd.org
spotted by naddy@ OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce
2020-10-08fix TEST_MALLOC_OPTIONS varwangxp006
2020-10-08upstream: clarify conditions for UpdateHostkeysdjm@openbsd.org
OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27
2020-10-07upstream: remove GlobalKnownHostsFile for this test afterdjm@openbsd.org
UpdateHostkeys change OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1
2020-10-07upstream: Disable UpdateHostkeys when hostkey checking failsdjm@openbsd.org
If host key checking fails (i.e. a wrong host key is recorded for the server) and the user elects to continue (via StrictHostKeyChecking=no), then disable UpdateHostkeys for the session. reminded by Mark D. Baushke; ok markus@ OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
2020-10-07upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bugdjm@openbsd.org
When all of UpdateHostkeys, HashKnownHosts and ChechHostIP were enabled and new host keys were learned, known_hosts IP entries were not being recorded for new host keys. reported by matthieu@ ok markus@ OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7
2020-10-07upstream: don't UpdateHostkeys when the hostkey is verified by thedjm@openbsd.org
GlobalKnownHostsFile file, support only UserKnownHostsFile matches suggested by Mark D. Baushke; feedback and ok markus@ OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9
2020-10-07upstream: revert kex->flags cert hostkey downgrade back to a plaindjm@openbsd.org
key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
2020-10-07upstream: simply disable UpdateHostkeys when a certificatedjm@openbsd.org
successfully authenticated the host; simpler than the complicated plumbing via kex->flags we have now. ok markus@ OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
2020-10-07upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS isdjm@openbsd.org
enabled; suggested by Mark D. Baushke OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf
2020-10-07upstream: Agent protocol draft is now at rev 4. ok djm@dtucker@openbsd.org
OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837
2020-10-07upstream: when ordering host key algorithms in the client, considerdjm@openbsd.org
the ECDSA key subtype; ok markus@ OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
2020-10-07upstream: Allow full range of UIDs and GIDs for sftp chown anddtucker@openbsd.org
chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206, found by booking00 at sina.cn, ok markus@ OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5
2020-10-03upstream: There are lots of place where we want to redirect stdin,djm@openbsd.org
stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
2020-10-03upstream: enable UpdateHostkeys by default when the configurationdjm@openbsd.org
has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" deraadt@ OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60
2020-10-03upstream: disable UpdateHostkeys when a wildcard hostname patterndjm@openbsd.org
is encountered or when a certificate host key is in use. feedback/ok markus@ OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd
2020-10-03upstream: record when the host key checking code downgrades adjm@openbsd.org
certificate host key to a plain key. This occurs when the user connects to a host with a certificate host key but no corresponding CA key configured in known_hosts; feedback and ok markus@ OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
2020-10-03upstream: prefer ed25519 signature algorithm variants to ECDSA; okdjm@openbsd.org
markus@ OpenBSD-Commit-ID: 82187926fca96d35a5b5afbc091afa84e0966e5b
2020-10-03upstream: want time.h here toodjm@openbsd.org
OpenBSD-Commit-ID: fafee8f1108c64ad8b282f9a1ed5ea830d8c58a7
2020-10-03upstream: split introductory paragraph, and insert ominous words aboutderaadt@openbsd.org
the glob issue, which cannot be fully fixed and really requires completely replacing scp with a completely different subsystem. team effort to find the right words.. OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c
2020-10-03use relative rather than system include hereDamien Miller
2020-10-03add some openbsd-compat licenses we missedDamien Miller