Age | Commit message (Collapse) | Author |
|
ok millert@
|
|
so that the loop works even for buffers bigger than 0xffffff. The code
does not produce such big buffers but better make the code correct.
Reported by Blago Dachev (blago (at) dachev (dot) com)
OK benno@
|
|
a separate authmethod_byname(), for cases where we don't need to
check whether a method is enabled, etc.
use this to fix the "none" authentication method regression reported
by Nam Nguyen via bugs@
ok deraadt@
|
|
CID 345114
|
|
|
|
CID 345111
|
|
CID 345119
|
|
ok beck@ inoguchi@ tb@
|
|
Hardcode them like the script does; nothing does SUBST_* here
as is practise in ports land.
OK gnezdo
|
|
"looks good" edd@
|
|
ok kn
|
|
mostly from kn@, tweaks from me
|
|
In uniq(1), skip() is very expensive. We should only do it once per
input line. Doing it more than once is redundant, anyway.
Thread: https://marc.info/?l=openbsd-tech&m=163950278018535&w=2
ok millert@
|
|
ok deraadt@ millert@
|
|
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!
Time for a story...
When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate
To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.
The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.
ok deraadt@
|
|
tweak the -H text;
ok djm
|
|
|
|
structures, so remove the packed attribute on struct grid_line and
reorder the members to eliminate unnecessary padding. From Jessica
Clarke in GitHub issue 3012.
|
|
fixing an omission pointed out by chrisz@;
OK jmc@ deraadt@ chrisz@
|
|
|
|
|
|
|
|
Allow control over which pubkey methods are used. Added out of
concern that some hardware devices may have difficulty signing
the longer pubkey authentication challenges. This provides a
way for them to disable the extension. It's also handy for
testing.
feedback / ok markus@
|
|
feedback / ok markus@
|
|
Require host-bound userauth requests for forwarded SSH connections.
The hostkey parsed from the host-bound userauth request is now checked
against the most recently bound session ID / hostkey on the agent socket
and the signature refused if they do not match.
ok markus@
|
|
Allow parse_userauth_request() to work with blobs from
publickey-hostbound-v00@openssh.com userauth attempts.
Extract hostkey from these blobs.
ok markus@
|
|
the EXT_INFO packet gets a new publickey-hostbound@openssh.com to
advertise the hostbound public key method.
Client side support to parse this feature flag and set the kex->flags
indicator if the expected version is offered (currently "0").
ok markus@
|
|
Add kex->flags member to enable the publickey-hostbound-v00@openssh.com
authentication method.
Use the new hostbound method in client if the kex->flags flag was set,
and include the inital KEX hostkey in the userauth request.
Note: nothing in kex.c actually sets the new flag yet
ok markus@
|
|
This is identical to the standard "publickey" method, but it also includes
the initial server hostkey in the message signed by the client.
feedback / ok markus@
|
|
allow authentication methods to have one additional name beyond their
primary name.
allow lookup by this synonym
Use primary name for authentication decisions, e.g. for
PermitRootLogin=publickey
Pass actual invoked name to the authmethods, so they can tell whether they
were requested via the their primary name or synonym.
ok markus@
|
|
Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com
constraints and to apply them to keys.
Check constraints against the hostkeys recorded for a SocketEntry when
attempting a signature, adding, listing or deleting keys. Note that
the "delete all keys" request will remove constrained keys regardless of
location.
feedback Jann Horn & markus@
ok markus@
|
|
Have ssh-add accept a list of "destination constraints" that allow
restricting where keys may be used in conjunction with a ssh-agent/ssh
that supports session ID/hostkey binding.
Constraints are specified as either "[user@]host-pattern" or
"host-pattern>[user@]host-pattern".
The first form permits a key to be used to authenticate as the
specified user to the specified host.
The second form permits a key that has previously been permitted
for use at a host to be available via a forwarded agent to an
additional host.
For example, constraining a key with "user1@host_a" and
"host_a>host_b". Would permit authentication as "user1" at
"host_a", and allow the key to be available on an agent forwarded
to "host_a" only for authentication to "host_b". The key would not
be visible on agent forwarded to other hosts or usable for
authentication there.
Internally, destination constraints use host keys to identify hosts.
The host patterns are used to obtain lists of host keys for that
destination that are communicated to the agent. The user/hostkeys are
encoded using a new restrict-destination-v00@openssh.com key
constraint.
host keys are looked up in the default client user/system known_hosts
files. It is possible to override this set on the command-line.
feedback Jann Horn & markus@
ok markus@
|
|
record session ID/hostkey/forwarding status for each active socket.
Attempt to parse data-to-be-signed at signature request time and extract
session ID from the blob if it is a pubkey userauth request.
ok markus@
|
|
send session ID, hostkey, signature and a flag indicating whether the
agent connection is being forwarded to ssh agent each time a connection
is opened via a new "session-bind@openssh.com" agent extension.
ok markus@
|
|
These will be used later for agent session ID / hostkey binding
ok markus@
|
|
ok ratchov
|
|
Both binary.c and file.c currently pull in unistd.h via zlib's zconf.h.
binary.c uses SEEK_SET and file.c a bunch of things like close(), isatty(),
lseek(). In addition file.c needs limits.h for PATH_MAX.
ok deraadt
|
|
this one opens the default table file "/usr/share/misc/usb_hid_usages" through
hid_start(3) from libusbhid, then `dev' (will be the fd used on the ioctls)
and finally `conf' which is the file with the actions to be monitored. `conf'
needs to be unveil(2)ed with read perms since usbhidaction(1) can run as daemon
and this file will be re-read if a SIGHUP is catched.
looks good deraadt@
|
|
hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens
`dev', after that it's just performing ioctls on the fd left opened by the
latter so all fs access can be disabled.
|
|
64KB strikes a good balance between space and time on today's
machines. Buffers smaller than 64KB waste more time in userspace
traveling to and from the kernel. Buffers larger than 64KB do I/O a
bit faster, but the performance improvements rapidly diminish at a
steep memory cost.
Discussed with millert@ and deraadt@. Positive feedback from Geoff
Steckel.
Thread: https://marc.info/?l=openbsd-tech&m=163737586414354&w=2
ok millert@ deraadt@
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|
|
-1 is sufficient to indicate the process had no controlling tty, removing
one more sys/param.h include in our userland
ok millert
|
|
|
|
ok inoguchi
|
|
tweak/ok inoguchi
|
|
ok inoguchi
|
|
|
|
X509_get_pubkey()
ok inoguchi
|
|
ok inoguchi
|
|
ok inoguchi
|