summaryrefslogtreecommitdiff
path: root/usr.bin
AgeCommit message (Collapse)Author
2021-12-28Fix printing of -- marker when using -A as noted by gnezdo@Otto Moerbeek
ok millert@
2021-12-28In io_write_buf() adjust the calculation of the multiplex message sizeClaudio Jeker
so that the loop works even for buffers bigger than 0xffffff. The code does not produce such big buffers but better make the code correct. Reported by Blago Dachev (blago (at) dachev (dot) com) OK benno@
2021-12-26split method list search functionality from authmethod_lookup() intoDamien Miller
a separate authmethod_byname(), for cases where we don't need to check whether a method is enabled, etc. use this to fix the "none" authentication method regression reported by Nam Nguyen via bugs@ ok deraadt@
2021-12-26Check error returns for HMAC_* to appease coverity.Theo Buehler
CID 345114
2021-12-26One more leak similar to previous.Theo Buehler
2021-12-26Plug leaksTheo Buehler
CID 345111
2021-12-26Plug memleakTheo Buehler
CID 345119
2021-12-26Attempt to opportunistically use the host name for SNI in s_client.Joel Sing
ok beck@ inoguchi@ tb@
2021-12-26Fix unexpanded LOCALBASE and X11BASEKlemens Nanni
Hardcode them like the script does; nothing does SUBST_* here as is practise in ports land. OK gnezdo
2021-12-25Don't accept an empty string as selector valueAlexandre Ratchov
"looks good" edd@
2021-12-25Move example about USB devices from -F description to hot plugging sectionAlexandre Ratchov
ok kn
2021-12-25Add section to explain how to handle device hot pluggingAlexandre Ratchov
mostly from kn@, tweaks from me
2021-12-24uniq(1): skip() each input line only onceScott Soule Cheloha
In uniq(1), skip() is very expensive. We should only do it once per input line. Doing it more than once is redundant, anyway. Thread: https://marc.info/?l=openbsd-tech&m=163950278018535&w=2 ok millert@
2021-12-23fix indent to make it clear a line isn't part of previous ifJonathan Gray
ok deraadt@ millert@
2021-12-23Roll the syscalls that have an off_t argument to remove the explicit padding.Philip Guenther
Switch libc and ld.so to the generic stubs for these calls. WARNING: reboot to updated kernel before installing libc or ld.so! Time for a story... When gcc (back in 1.x days) first implemented long long, it didn't (always) pass 64bit arguments in 'aligned' registers/stack slots, with the result that argument offsets didn't match structure offsets. This affected the nine system calls that pass off_t arguments: ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate To avoid having to do custom ASM wrappers for those, BSD put an explicit pad argument in so that the off_t argument would always start on a even slot and thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use __syscall() and pass an extra '0' argument. The ABIs for different CPUs eventually settled how things should be passed on each and gcc 2.x followed them. The only arch now where it helps is landisk, which needs to skip the last argument register if it would be the first half of a 64bit argument. So: add new syscalls without the pad argument and on landisk do that skipping directly in the syscall handler in the kernel. Keep compat support for the existing syscalls long enough for the transition. ok deraadt@
2021-12-22sort -H and -h in SYNOPSIS/usage();Jason McIntyre
tweak the -H text; ok djm
2021-12-21Support underscore style with capture-pane -e, GitHub issue 2928.Nicholas Marriott
2021-12-21ARM's Morello CHERI architecture does not support pointers in packedNicholas Marriott
structures, so remove the packed attribute on struct grid_line and reorder the members to eliminate unnecessary padding. From Jessica Clarke in GitHub issue 3012.
2021-12-21state up front that patch(1) operates on text files,Ingo Schwarze
fixing an omission pointed out by chrisz@; OK jmc@ deraadt@ chrisz@
2021-12-20Do not crash on a zero size character.Nicholas Marriott
2021-12-19document host-bound publickey authenticationDamien Miller
2021-12-19document agent protocol extensionsDamien Miller
2021-12-19PubkeyAuthentication=yes|no|unbound|host-boundDamien Miller
Allow control over which pubkey methods are used. Added out of concern that some hardware devices may have difficulty signing the longer pubkey authentication challenges. This provides a way for them to disable the extension. It's also handy for testing. feedback / ok markus@
2021-12-19document destination-constrained keysDamien Miller
feedback / ok markus@
2021-12-19Use hostkey parsed from hostbound userauth requestDamien Miller
Require host-bound userauth requests for forwarded SSH connections. The hostkey parsed from the host-bound userauth request is now checked against the most recently bound session ID / hostkey on the agent socket and the signature refused if they do not match. ok markus@
2021-12-19agent support for parsing hostkey-bound signaturesDamien Miller
Allow parse_userauth_request() to work with blobs from publickey-hostbound-v00@openssh.com userauth attempts. Extract hostkey from these blobs. ok markus@
2021-12-19EXT_INFO negotiation of hostbound pubkey authDamien Miller
the EXT_INFO packet gets a new publickey-hostbound@openssh.com to advertise the hostbound public key method. Client side support to parse this feature flag and set the kex->flags indicator if the expected version is offered (currently "0"). ok markus@
2021-12-19client side of host-bound pubkey authenticationDamien Miller
Add kex->flags member to enable the publickey-hostbound-v00@openssh.com authentication method. Use the new hostbound method in client if the kex->flags flag was set, and include the inital KEX hostkey in the userauth request. Note: nothing in kex.c actually sets the new flag yet ok markus@
2021-12-19sshd side of hostbound public key authDamien Miller
This is identical to the standard "publickey" method, but it also includes the initial server hostkey in the message signed by the client. feedback / ok markus@
2021-12-19prepare for multiple names for authmethodsDamien Miller
allow authentication methods to have one additional name beyond their primary name. allow lookup by this synonym Use primary name for authentication decisions, e.g. for PermitRootLogin=publickey Pass actual invoked name to the authmethods, so they can tell whether they were requested via the their primary name or synonym. ok markus@
2021-12-19ssh-agent side of destination constraintsDamien Miller
Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com constraints and to apply them to keys. Check constraints against the hostkeys recorded for a SocketEntry when attempting a signature, adding, listing or deleting keys. Note that the "delete all keys" request will remove constrained keys regardless of location. feedback Jann Horn & markus@ ok markus@
2021-12-19ssh-add side of destination constraintsDamien Miller
Have ssh-add accept a list of "destination constraints" that allow restricting where keys may be used in conjunction with a ssh-agent/ssh that supports session ID/hostkey binding. Constraints are specified as either "[user@]host-pattern" or "host-pattern>[user@]host-pattern". The first form permits a key to be used to authenticate as the specified user to the specified host. The second form permits a key that has previously been permitted for use at a host to be available via a forwarded agent to an additional host. For example, constraining a key with "user1@host_a" and "host_a>host_b". Would permit authentication as "user1" at "host_a", and allow the key to be available on an agent forwarded to "host_a" only for authentication to "host_b". The key would not be visible on agent forwarded to other hosts or usable for authentication there. Internally, destination constraints use host keys to identify hosts. The host patterns are used to obtain lists of host keys for that destination that are communicated to the agent. The user/hostkeys are encoded using a new restrict-destination-v00@openssh.com key constraint. host keys are looked up in the default client user/system known_hosts files. It is possible to override this set on the command-line. feedback Jann Horn & markus@ ok markus@
2021-12-19ssh-agent side of bindingDamien Miller
record session ID/hostkey/forwarding status for each active socket. Attempt to parse data-to-be-signed at signature request time and extract session ID from the blob if it is a pubkey userauth request. ok markus@
2021-12-19ssh client side of bindingDamien Miller
send session ID, hostkey, signature and a flag indicating whether the agent connection is being forwarded to ssh agent each time a connection is opened via a new "session-bind@openssh.com" agent extension. ok markus@
2021-12-19Record session ID, host key and sig at intital KEXDamien Miller
These will be used later for agent session ID / hostkey binding ok markus@
2021-12-18tighten the decription of -F; from richard ulmerJason McIntyre
ok ratchov
2021-12-15grep: Add missing unistd.h and limits.h includesTheo Buehler
Both binary.c and file.c currently pull in unistd.h via zlib's zconf.h. binary.c uses SEEK_SET and file.c a bunch of things like close(), isatty(), lseek(). In addition file.c needs limits.h for PATH_MAX. ok deraadt
2021-12-15restrict filesystem access with unveil(2).Ricardo Mestre
this one opens the default table file "/usr/share/misc/usb_hid_usages" through hid_start(3) from libusbhid, then `dev' (will be the fd used on the ioctls) and finally `conf' which is the file with the actions to be monitored. `conf' needs to be unveil(2)ed with read perms since usbhidaction(1) can run as daemon and this file will be re-read if a SIGHUP is catched. looks good deraadt@
2021-12-15restrict all filesystem access with unveil(2).Ricardo Mestre
hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens `dev', after that it's just performing ioctls on the fd left opened by the latter so all fs access can be disabled.
2021-12-13tee(1): increase I/O buffer size from 8KB to 64KBScott Soule Cheloha
64KB strikes a good balance between space and time on today's machines. Buffers smaller than 64KB waste more time in userspace traveling to and from the kernel. Buffers larger than 64KB do I/O a bit faster, but the performance improvements rapidly diminish at a steep memory cost. Discussed with millert@ and deraadt@. Positive feedback from Geoff Steckel. Thread: https://marc.info/?l=openbsd-tech&m=163737586414354&w=2 ok millert@ deraadt@
2021-12-13including sys/cdefs.h manually started as a result of netbsd trying toTheo de Raadt
macro-build a replacement for sccsid, and was done without any concern for namespace damage. Unfortunately this practice started infecting other code as others were unaware they didn't need the file. ok millert guenther
2021-12-13acct(4) ac_tty shouldn't need NODEV from sys/param.h (which is kernel API),Theo de Raadt
-1 is sufficient to indicate the process had no controlling tty, removing one more sys/param.h include in our userland ok millert
2021-12-13Make pane-border-format a pane option, GitHub issue 2999.Nicholas Marriott
2021-12-12Convert req.c to compile with opaque EVP_MD_CTX.Theo Buehler
ok inoguchi
2021-12-12Convert passwd.c to opaque EVP_MD_CTX and add a bit of error checking.Theo Buehler
tweak/ok inoguchi
2021-12-12Make speed.c compile with opaque EVP_CIPHER, EVP_MD and HMAC_CTX.Theo Buehler
ok inoguchi
2021-12-12A few more simplifications using get0_pubkey instead of get_pubkey + free.Theo Buehler
2021-12-12Simplify x509.c slightly by using X509_get0_pubkey() instead ofTheo Buehler
X509_get_pubkey() ok inoguchi
2021-12-12Make x509.c compile with opaque EVP_PKEY.Theo Buehler
ok inoguchi
2021-12-12Use correct spelling of NULLTheo Buehler
ok inoguchi