Age | Commit message (Collapse) | Author |
|
Minix seems to have a platform-wide limit on the number of
select(2) syscalls that can be concurrently issued. This test
seems to exceed this limit.
Refer to:
https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114
https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31
|
|
|
|
leading slashes. Fixes test failure when user's home dir is / which is
possible in some portable configurations.
OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63
|
|
In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to
the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net.
|
|
|
|
|
|
by dtucker's minix3 vm :) ok dtucker@
OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361
|
|
|
|
spotted by Corinna Vinschen; feedback & ok dtucker@
|
|
|
|
PubkeyAuthentication; spotted by HARUYAMA Seigo
OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981
|
|
When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour
in the STREAMS code before activating the workaround. ok djm@
|
|
This tests the flags used to build the cygwin release binaries.
|
|
On some (most? all?) SysV based systems with STREAMS based ptys,
sshd could acquire a controlling terminal during pty setup when
it pushed the "ptem" module, due to what is probably a bug in
the STREAMS driver that's old enough to vote. Because it was the
privileged sshd's controlling terminal, it was not available for
the user's session, which ended up without one. This is known to
affect at least Solaris <=10, derivatives such as OpenIndiana and
several other SysV systems. See bz#245 for the backstory.
In the we past worked around that by not calling setsid in the
privileged sshd child, which meant it was not a session or process
group leader. This solved controlling terminal problem because sshd
was not eligble to acquire one, but had other side effects such as
not cleaning up helper subprocesses in the SIGALRM handler since it
was not PG leader. Recent cleanups in the signal handler uncovered
this, resulting in the LoginGraceTime timer not cleaning up privsep
unprivileged processes.
This change moves the workaround into the STREAMS pty allocation code,
by allocating a sacrificial pty to act as sshd's controlling terminal
before allocating user ptys, so those are still available for users'
sessions.
On the down side:
- this will waste a pty per ssh connection on affected platforms.
On the up side:
- it makes the process group behaviour consistent between platforms.
- it puts the workaround nearest the code that actually causes the
problem and competely out of the mainline code.
- the workaround is only activated if you use the STREAMS code. If,
say, Solaris 11 has the bug but also a working openpty() it doesn't
matter that we defined SSHD_ACQUIRES_CTTY.
- the workaround is only activated when the fist pty is allocated,
ie in the post-auth privsep monitor. This means there's no risk
of fd leaks to the unprivileged processes, and there's no effect on
sessions that do not allocate a pty.
Based on analysis and work by djm@, ok djm@
|
|
ok djm@
|
|
HEAD is not guaranteed to work on previous stable branches, and at the
moment is broken due to libfido API changes.
|
|
might not set it. Found by the Valgrind tests on github, ok deraadt@
OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d
|
|
Looks like test_hpdelim.c was imported twice into the same file.
Spotted by kevin.brott at gmail com and chris at cataclysmal org.
|
|
|
|
|
|
OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3
|
|
OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018
|
|
scp in RCP mode.
> revision 1.106
> date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl;
> openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
> protocol for copying. Let's get back to testing the SFTP protocol.
This will be put back once the OpenSSH release is done.
OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768
|
|
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports. These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2
in the other cases. ok djm@
OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102
|
|
|
|
|
|
of manually hashing data outselves. Saves a fair bit of code and makes life
easier for some -portable platforms.
OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0
|
|
OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa
|
|
default list of public keys so that they will be tried last. From github
PR#295 from "ProBackup-nl", ok djm@
OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0
|
|
from Mike Frysinger
|
|
principals; from Fabian Stelzer
OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40
|
|
before trying to benchmark them. Increase the data file size to get more
signal.
OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6
|
|
principals in allowed_signers files; from Fabian Stelzer
OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098
|
|
const char *array => static const char * const array from Mike Frysinger
OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
|
|
in error messages. Spotted by and ok tb@
OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7
|
|
SIGALRM handler. It's no longer needed since the child will get terminated by
the SIGTERM to the process group that cleans up any auth helpers, it
simplifies the signal handler and removes the risk of a race when updating
the PID. Based on analysis by HerrSpace in github PR#289, ok djm@
OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663
|
|
without the apostrophe.
OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7
|
|
Some allocators (such as Scudo) use gettid while tracing allocations [1].
Allow gettid in preauth to prevent sshd from crashing with Scudo.
[1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46
|
|
a fd directly into the transport input buffer.
Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.
Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)
feedback dtucker@ ok markus@
OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632
|
|
buffer rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok
markus@
OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572
|
|
|
|
to a sshbuf; ok markus@
OpenBSD-Commit-ID: 2d8f249040a4279f3bc23c018947384de8d4a45b
|
|
stderr_buf and setting quit_pending; no functional change but saves a bunch
of boilerplate
OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d
|
|
indirection; spotted by dtucker@
OpenBSD-Commit-ID: 5f65f5f69db2b7d80a0a81b08f390a63f8845965
|
|
pfd[].revents is not cleared. There are subtle errors in various programs.
In this particular case, the program should error out. ok djm millert
OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c
|
|
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion).
Spotted by John in bz3383
|
|
The Cygwin-specific pattern match code has a bug. It checks
the size_t value returned by mbstowcs for being < 0. The right
thing to do is to check against (size_t) -1. Fix that.
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
|
|
Dash (as used by the github runners) has some differences in its trap
builtin:
- it doesn't have -p (which is fine, that's not in posix).
- it doesn't work in a subshell (which turns out to be in compliance
with posix, which means bash isn't).
- it doesn't work in a pipeline, ie "trap|cat" produces no output.
|
|
|
|
When using Valgrind, we need to wait for all invoked programs to
complete before checking their valgrind logs. Some tests, notably
agent-restrict, set an EXIT trap handler to clean up things like
ssh-agent, but those do not get invoked until test-exec.sh exits.
This causes the Valgrind wait to deadlock, so if present invoke
the EXIT handler before checking the Valgrind logs.
|