| Age | Commit message (Collapse) | Author |
|---|
|
OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0
|
|
OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685
|
|
OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9
|
|
OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94
|
|
Fixes test failure due to segfault seen on arm64 with xonly snap.
ok djm
OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046
|
|
e555d5cad5 effectively increased the default copy buffer size for SFTP
transfers. This caused NetBSD 4.x to hang during the "copy local file to
remote file in place" scp.sh regression test.
This puts back the original 32KB copy buffer size until we can properly
figure out why.
lots of debugging assistance from dtucker@
|
|
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8
|
|
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca
|
|
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65
|
|
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b
|
|
feedback markus / ok markus dtucker
OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2
|
|
timeouts; ok dtucker markus
OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead
|
|
OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f
|
|
OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c
|
|
first argument unless it was one of the special keywords "any" or "none".
Reported by Georges Chaudy in bz3515; ok dtucker@
OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5
|
|
diff are noted on tech
OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a
|
|
reference to legacy flag. Spotted by, feedback and ok jmc@
OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3
|
|
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
|
|
OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0
|
|
control over some SFTP protocol knobs: the copy buffer length and
the number of inflight requests, both of which are used during
upload/download.
Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.
ok dtucker@
OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c
|
|
char (which did not come from stdio read functions) in the presence of
ctype macros, is to always cast to (unsigned char). casting to (int)
for a "macro" which is documented to take int, is weird. And sadly wrong,
because of the sing extension risk.. same diff from florian
OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea
|
|
Prompted by bz#3508: there's no need to cache the value of
sshpam_conninfo so remove the global. While there, add check of
return value from pam_putenv. ok djm@
|
|
|
|
|
|
This ensures that the tests don't fail due to StrictMode checks.
|
|
|
|
|
|
|
|
|
|
ok dtucker
|
|
OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977
|
|
auth_debug_add queues messages about the auth process which is sent to
the client after successful authentication. This also sends those to
the server debug log to aid in debugging. From bz#3507, ok djm@
OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a
|
|
userspace: remove vestigial '?' cases from top-level getopt(3) loops
getopt(3) returns '?' when it encounters a flag not present in the in
the optstring or if a flag is missing its option argument. We can
handle this case with the "default" failure case with no loss of
legibility. Hence, remove all the redundant "case '?':" lines.
Prompted by dlg@. With help from dlg@ and millert@.
Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2
ok naddy@ millert@ dlg@
OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e
|
|
OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03
|
|
|
|
It was mistakenly enabled in 2580916e4872
Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net
|
|
Regenerate config files using latest autotools
|
|
|
|
Patch from AtariDreams via github PR#364.
OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea
|
|
and remove an unused field; ok dtucker
OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3
|
|
...enough that subsequent builds can overwrite ssh-agent if necessary.
|
|
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
|
|
This should make debugging easier.
OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
|
|
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
|
|
feedback, ok & testing in snaps deraadt@
OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
|
|
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
|
|
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm
OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
|
|
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519. On those
versions, use -fzero-call-used-regs=used instead. (We may add exceptions
later if specific versions prove to be OK). Also move the GCC version
check to match.
Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@
|
|
|
|
Previously there was one runner per test target (mostly VMs). This had
a few limitations:
- multiple tests that ran on the same target (eg multiple build
configs) were serialized on availability or that runner.
- it needed manual balancing of VMs over host machines.
To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label. This requires that
we distinguish between "host" and "target" for those. Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.
This should improve test throughput.
|
