path: root/misc.h
AgeCommit message (Collapse)Author
2020-05-29upstream: Make dollar_expand variadic and pass a real va_list
vdollar_percent_expand. Fixes build error on arm64 spotted by otto@. OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
2020-05-29upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@ OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
2020-05-27upstream: add fmt_timeframe() (from bgpd) to format a
interval in a human- friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@ OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
2020-01-25upstream: add xextendf() to extend a string with a
(reallocating as necessary). ok aja@ as part of a larger diff OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
2020-01-23upstream: Replace all calls to signal(2) with a wrapper
sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2019-11-13upstream: dd API for performing one-shot notifications via tty
SSH_ASKPASS OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3
2019-09-03upstream: move authorized_keys option parsing helpsers to
and make them public; ok markus@ OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
2019-09-03upstream: move skip_space() to misc.c and make it public;
markus@ OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
2019-01-24upstream: Remove support for obsolete host/port
host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at, ok markus@ OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
2018-12-27upstream: move client/server SSH-* banners to buffers
ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
2018-12-27upstream: Fix calculation of initial bandwidth limits. Account
written bytes before the initial timer check so that the first buffer written is accounted. Set the threshold after which the timer is checked such that the limit starts being computed as soon as possible, ie after the second buffer is written. This prevents an initial burst of traffic and provides a more accurate bandwidth limit. bz#2927, ok djm. OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
2018-11-16upstream: use path_absolute() for pathname checks; from Manoj
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-10-03upstream: Allow ssh_config IdentityAgent directive to
environment variable names as well as explicit paths. ok dtucker@ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
2018-07-31upstream: Remove uid checks from low port binds. Now that
cannot be setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@ OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
2018-06-09upstream: add a SetEnv directive to ssh_config that allows
environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
2018-06-07upstream: switch config file parsing to getline(3) as this
static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
2018-03-14upstream: add valid-before="[time]" authorized_keys option.
simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
move subprocess() so scp/sftp do not need uidswap.o; ok djm@ OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
Replace atoi and strtol conversions for integer arguments to config keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@ OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at "I like" markus@ OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@ Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
add a "quiet" flag to exited_cleanly() that supresses errors about exit status (failure due to signal is still reported) Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
On startup, check to see if sshd is already daemonized and if so, skip the call to daemon() and do not rewrite the PidFile. This means that when sshd re-execs itself on SIGHUP the process ID will no longer change. Should address bz#2641. ok djm@ markus@. Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
Factor out "can bind to low ports" check into its own function. This will make it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@. Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
Pull in <sys/time.h> for struct timeval ok deraadt@ Upstream-ID: ae34525485a173bccd61ac8eefeb91c57e3b7df6
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@ Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
don't record duplicate LocalForward and RemoteForward entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation where the same forwards are added on the second pass through the configuration file. bz#2562; ok dtucker@ Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
Improve precision of progressmeter for sftp and scp by storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@ Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
2014-07-18 - 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: OK djm@ markus@
2014-05-15 - 2014/05/02 03:27:54Damien Miller
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] [misc.h poly1305.h ssh-pkcs11.c defines.h] revert __bounded change; it causes way more problems for portable than it solves; pointed out by dtucker@
2014-04-20 - 2014/04/20 02:30:25Damien Miller
[misc.c misc.h umac.c] use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on strict-alignment architectures; reported by and ok stsp@
2014-04-20 - 2014/03/26 04:55:35Damien Miller
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c [misc.h poly1305.h ssh-pkcs11.c] use __bounded(...) attribute recently added to sys/cdefs.h instead of longform __attribute__(__bounded(...)); for brevity and a warning free compilation with llvm/clang
2013-10-15 - 2013/10/14 23:28:23Damien Miller
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
2013-06-02 - 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2011-05-05 - 2011/03/29 18:54:17Damien Miller
[misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
2010-12-01 - 2010/11/21 01:01:13Damien Miller
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
2010-11-20 - 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT; ok markus@ deraadt@
2010-10-07 - 2010/09/24 13:33:00Damien Miller
[misc.c misc.h openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH
2010-09-24 - 2010/09/22 22:58:51Damien Miller
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
2010-07-16 - 2010/07/13 23:13:16Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
2010-07-16 - 2010/07/13 11:52:06Damien Miller
[auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
2010-01-10 - 2010/01/09 23:04:13Darren Tucker
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh ok deraadt@ markus@ stevesk@ reyk@
2010-01-08 - 2009/12/25 19:40:21Darren Tucker
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c] validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@
2010-01-08 - 2009/10/28 16:38:18Darren Tucker
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
2009-11-18 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() toDamien Miller
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() report and fix from jan.kratochvil AT