summaryrefslogtreecommitdiff
path: root/usr.bin
AgeCommit message (Collapse)Author
2019-12-17Use the message that has already been built rather than the va_list.Nicholas Marriott
2019-12-16Delete tests for P_THREAD that predate the existence ofPhilip Guenther
KERN_PROC_SHOW_THREADS and have been rendered superfluous by it. Similarly, some P_SYSTEM tests can be deleted or pushed to the kernel by using KERN_PROC_ALL instead of KERN_PROC_KTHREAD. ok visa@ mpi@
2019-12-16If /dev/fd/X is a symlink and realpath() expands symlinks, /dev/fd/XNicholas Marriott
ends up pointing to the wrong place before it is passed to the client. The path is only used internally so there is no real need for realpath(), remove it and move the get_path function to file.c where all the callers are.
2019-12-16Need to include message size in the maximum buffer calculation.Nicholas Marriott
2019-12-16Instead of using large buffers in imsgs, add the data or path onto the end.Nicholas Marriott
2019-12-16strdup may return NULL if memory allocation fails. Use the safer xstrduptobhe
which fatals on allocation failures. ok markus@
2019-12-16sort sk-* methods behind their plain key methods cousins for nowDamien Miller
2019-12-15don't treat HostKeyAgent=none as a path either; avoids spuriousDamien Miller
warnings from the cfgparse regress test
2019-12-15do not attempt to find an absolute path for sshd_configDamien Miller
SecurityKeyProvider=internal - unbreaks cfgparse regress test
2019-12-15allow ssh-keyscan to find security key hostkeysDamien Miller
2019-12-15allow security keys to act as host keys as well as user keys.Damien Miller
Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@
2019-12-13actually commit the ssh-sk-helper client code; ok markusDamien Miller
2019-12-13perform security key enrollment via ssh-sk-helper too. This meansDamien Miller
that ssh-keygen no longer needs to link against ssh-sk-helper, and only ssh-sk-helper needs libfido2 and /dev/uhid* access; feedback & ok markus@
2019-12-13allow sshbuf_put_stringb(buf, NULL); ok markus@Damien Miller
2019-12-13use ssh-sk-helper for all security key signing operationsDamien Miller
This extracts and refactors the client interface for ssh-sk-helper from ssh-agent and generalises it for use by the other programs. This means that most OpenSSH tools no longer need to link against libfido2 or directly interact with /dev/uhid* requested by, feedback and ok markus@
2019-12-13Show UTF-8 in choose-buffer mode. From KOIE Hidetaka.Nicholas Marriott
2019-12-13Need to check in the error callback also.Nicholas Marriott
2019-12-13Do not spin waiting for exit, instead check in the write callback.Nicholas Marriott
2019-12-12Do not crash in tree modes if the pane is only 1 in width, reported byNicholas Marriott
KOIE Hidetaka in GitHub issue 2015.
2019-12-12Add function to the right file.Nicholas Marriott
2019-12-12Change source-file to use new file code which allows it to read fromNicholas Marriott
stdin.
2019-12-12Do not check if client is dead if it is NULL.Nicholas Marriott
2019-12-12Rewrite the code for reading and writing files. Now, if the client isNicholas Marriott
not attached, the server process asks it to open the file, similar to how works for stdin, stdout, stderr. This makes special files like /dev/fd/X work (used by some shells). stdin, stdout and stderr and control mode are now just special cases of the same mechanism. This will also make it easier to use for other commands that read files such as source-file.
2019-12-11add a note about the 'extensions' field in the signed objectDamien Miller
2019-12-11Merge existing decls and decls introduced in rev 1.10Jeremie Courreges-Anglas
Also: - sort declarations in the same order as definitions in pch.c - delete an extra pfetch() declaration ok tobias@
2019-12-11Tweak previous to check the wrapped flag and stop if not set.Nicholas Marriott
2019-12-11Allow search across wrapped lines and fix some inconsistencies in how thNicholas Marriott
position is represented, GitHub issue 2014 from Anindya Mukherjee.
2019-12-11Do not set cursor colour to default unless it has been changed, GitHubNicholas Marriott
issue 2013.
2019-12-10some more corrections for documentation problems spotted by Ron FrederickDamien Miller
document certifiate private key format correct flags type for sk-ssh-ed25519@openssh.com keys
2019-12-10loading security keys into ssh-agent used the extension constraintDamien Miller
"sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron Frederick
2019-12-10add security key types to list of keys allowed to act as CAs;Damien Miller
spotted by Ron Frederick
2019-12-10when acting as a CA and using a security key as the CA key, remind theDamien Miller
user to touch they key to authorise the signature.
2019-12-10chop some unnecessary and confusing verbiage from the security keyDamien Miller
protocol description; feedback from Ron Frederick
2019-12-10Make TMUX_CONF a list of files and expand leading $FOO or ~.Nicholas Marriott
2019-12-10In HTML, display straight quotes, not curly quotes, for Qq/Qo/Qc macros.Anthony J. Bentley
This is the intended behavior and already the case in terminal output. Incorrect output noticed by Eldred Habert. ok schwarze@
2019-12-09Reinstate ftp_printf to log sent HTTP headersJeremie Courreges-Anglas
On SMALL builds ftp_printf is just a #define to avoid a size increase. ok millert@
2019-12-09Move RCS Id to the top of the fileJeremie Courreges-Anglas
2019-12-09tweak -z mode verification to save the header and actually output it,Marc Espie
so that signify -zV >saved.tgz keeps the signature for later checks. Uses slightly more memory, but simplifies some processes. okay tedu@
2019-12-09With NOSSL let url_get() print a nice error message for https urlsJeremie Courreges-Anglas
Input from deraadt@
2019-12-08For chunked transfers always restore the SIGINFO handler (not just on error)Jeremie Courreges-Anglas
Overlooked when shuffling the HTTP/1.1 code.
2019-12-08cosmetic changes to conform to style of other existing OpenBSD code.Marc Espie
Okay jasper@
2019-12-08Make sure packet destination address matches interface address,Alexandr Nedvedicky
where such packet is bound to. This check is enforced if and only IP forwarding is disabled. Change discussed with bluhm@, claudio@, deraadt@, markus@, tobhe@ OK bluhm@, claudio@, tobhe@
2019-12-07In -L (loop) mode, reset the login class each time through the loop.Todd C. Miller
Otherwise, it is possible to log in with another user's login class. Fixes CVE-2019-19519. OK deraadt@ markus@
2019-12-06replace links to uvm(9) to uvm_init(9); ok mpiJason McIntyre
2019-12-06fix setting of $SSH_ASKPASS_PROMPT - it shouldn't be set when askingDamien Miller
passphrases, only when confirming the use of a key (i.e. for ssh-agent keys added with "ssh-add -c keyfile")
2019-12-06bring the __func__Damien Miller
2019-12-05Fix #ifndef NOSSL vs SMALL inconsistenciesJeremie Courreges-Anglas
from Hiltjo Posthuma
2019-12-04libc's authentication privsep layer performed insufficient usernameTheo de Raadt
validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys
2019-12-03Style nits in function arguments.Nicholas Marriott
2019-12-03With -R and an implicit ".", don't prepend file paths with "./"Jeremie Courreges-Anglas
Looks nicer and matches the output of GNU grep. ok millert@ deraadt@ visa@ miod@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 22:41:56 +0000