summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/misc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* highly polished whitespace, mostly fixing spaces-for-tab and baddjm2021-04-031-2/+2
| | | | indentation on continuation lines. Prompted by GHPR#185
* Fix two problems in string->argv conversion: 1) multiple backslashesdjm2021-04-031-7/+4
| | | | | | | | | were not being dequoted correctly and 2) quoted space in the middle of a string was being incorrectly split. A unit test for these cases has already been committed prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@
* Do not try to reset signal handler for signal 0 in subprocess.dtucker2021-02-281-2/+2
| | | | Prevents spurious debug message. ok djm@
* factor out opt_array_append; ok djm@markus2021-02-151-1/+27
|
* Change types in convtime() unit test to int to match change its new type.dtucker2021-01-151-3/+3
| | | | | Add tests for boundary conditions and fix convtime to work up to INT_MAX. ok djm@
* In waitfd(), when poll returns early we are subtracting the elapsed timedtucker2021-01-151-2/+2
| | | | | | from the timeout each loop, so we only want to measure the elapsed time the poll() in that loop, not since the start of the function. Spotted by chris.xj.zhu at gmail.com, ok djm@
* Change convtime() from returning long to returning int. On platformsdtucker2021-01-111-5/+5
| | | | | | where sizeof(int) != sizeof(long), convtime could accept values >MAX_INT which subsequently truncate when stored in an int during config parsing. bz#3250, ok djm@
* move subprocess() from auth.c to misc.cdjm2020-12-221-1/+170
| | | | | | | | | | make privilege dropping optional but allow it via callbacks (to avoid need to link uidswap.c everywhere) add some other flags (keep environment, disable strict path safety check) that make this more useful for client-side use. feedback & ok markus@
* Set the specified TOS/DSCP for interactive use prior to TCP connect.djm2020-11-271-1/+44
| | | | | | | | | The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@
* use the new variant log macros instead of prepending __func__ anddjm2020-10-181-54/+43
| | | | appending ssh_err(r) manually; ok markus@
* There are lots of place where we want to redirect stdin, stdoutdjm2020-10-031-1/+22
| | | | | | and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
* handle EINTR in waitfd() and timeout_connect() helpers;djm2020-06-261-8/+13
| | | | bz#3071; ok dtucker@
* Make dollar_expand variadic and pass a real va_list to vdollar_percent_expand.dtucker2020-05-291-3/+12
| | | | Fixes build error on arm64 spotted by otto@.
* Pass a NULL instead of zeroed out va_list from dollar_expand. The originaldtucker2020-05-291-4/+2
| | | | | | intent was in case there's some platform where va_list is not a pointer equivalent, but on i386 this chokes on the memset. This unbreaks that build, but will require further consideration.
* Allow some keywords to expand shell-style ${ENV} environmentdtucker2020-05-291-31/+134
| | | | | | | | variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@
* Fix multiplier in convtime when handling seconds after other units.dtucker2020-05-291-2/+3
| | | | bz#3171, spotted by ronf at timeheart.net, ok djm@.
* add fmt_timeframe() (from bgpd) to format a time interval in a human-djm2020-05-261-20/+51
| | | | | | friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@
* We've standardized on memset over bzero, replace a couple that had slippeddtucker2020-04-251-2/+2
| | | | in. ok deraadt markus djm.
* make IPTOS_DSCP_LE available via IPQoS directive; bz2986, based ondjm2020-01-281-1/+2
| | | | patch by veegish AT cyberstorm.mu
* add xextendf() to extend a string with a format (reallocating asdjm2020-01-241-1/+28
| | | | necessary). ok aja@ as part of a larger diff
* Replace all calls to signal(2) with a wrapper around sigaction(2).dtucker2020-01-231-1/+18
| | | | | | This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
* Wait for FD to be readable or writeable during a nonblocking connect,dtucker2019-11-221-6/+16
| | | | | | | | not just readable. Prevents a timeout when the server doesn't immediately send a banner (eg multiplexers like sslh) but is also slightly quicker for other connections since, unlike ssh1, ssh2 doesn't specify that the client should parse the server banner before sending its own. Patch from mnissler@chromium.org, ok djm@
* move authorized_keys option parsing helpsers to misc.c and makedjm2019-09-031-1/+73
| | | | them public; ok markus@
* move skip_space() to misc.c and make it public; ok markus@djm2019-09-031-1/+11
|
* switch percent_expand() to use sshbuf instead of a limited fixed buffer;djm2019-08-161-15/+24
| | | | ok markus@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-9/+9
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-2/+2
| | | | ok millert nicm tb, etc
* Remove support for obsolete host/port syntax.dtucker2019-01-231-2/+2
| | | | | | | | | host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at redhat.com, ok markus@
* move client/server SSH-* banners to buffers under ssh->kex and factordjm2018-12-271-1/+76
| | | | | | | | | | | out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
* Fix calculation of initial bandwidth limits.dtucker2018-12-071-5/+4
| | | | | | | | Account for written bytes before the initial timer check so that the first buffer written is accounted. Set the threshold after which the timer is checked such that the limit starts being computed as soon as possible, ie after the second buffer is written. This prevents an initial burst of traffic and provides a more accurate bandwidth limit. bz#2927, ok djm.
* use path_absolute() for pathname checks; from Manoj Ampalamdjm2018-11-161-1/+8
|
* Support using service names for port numbers.naddy2018-10-051-4/+8
| | | | | | | | | * Try to resolve a port specification with getservbyname(3) if a numeric conversion fails. * Make the "Port" option in ssh_config handle its argument as a port rather than a plain integer. ok dtucker@ deraadt@
* Allow ssh_config IdentityAgent directive to accept environment variabledjm2018-10-031-1/+20
| | | | names as well as explicit paths. ok dtucker@
* Remove uid checks from low port binds. Now that ssh cannot bedtucker2018-07-271-10/+1
| | | | | | | setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@
* Remove support for running ssh(1) setuid and fatal if attempted.dtucker2018-07-181-2/+1
| | | | | Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
* add a SetEnv directive to ssh_config that allows setting environmentdjm2018-06-091-6/+26
| | | | | | | | variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@
* switch config file parsing to getline(3) as this avoids static limitsmarkus2018-06-061-26/+1
| | | | noted by gerhard@; ok dtucker@, djm@
* add valid-before="[time]" authorized_keys option. A simple way ofdjm2018-03-121-1/+54
| | | | giving a key an expiry date. ok markus@
* revert recent strdelim() change, it causes problems with some configs.djm2018-03-071-19/+8
| | | | | | | revision 1.124 date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@
* switch over to the new authorized_keys options API and remove thedjm2018-03-031-1/+2
| | | | | | | | | legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
* Allow escaped quotes \" and \' in ssh_config and sshd_config quotesdjm2018-03-021-8/+19
| | | | option strings. bz#1596 ok markus@
* move subprocess() so scp/sftp do not need uidswap.o; ok djm@markus2018-01-081-153/+1
|
* fix ordering in previous to ensure errno isn't clobbered beforedjm2017-12-081-4/+4
| | | | logging.
* for some reason unix_listener() logged most errors twice with eachdjm2017-12-081-9/+10
| | | | message containing only some of the useful information; merge these
* Replace atoi and strtol conversions for integer arguments to configdtucker2017-12-051-1/+15
| | | | | keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@
* Add monotime_ts and monotime_tv that return monotonic timespec anddtucker2017-11-251-13/+26
| | | | | | | timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
* add sshd_config RDomain keyword to place sshd and the subsequentdjm2017-10-251-2/+18
| | | | | | | user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@
* Add optional rdomain qualifier to sshd_config's ListenAddress optiondjm2017-10-251-1/+39
| | | | | | to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4
* Kill dead store and some spaces vs. tabs indent in parse_user_host_path().millert2017-10-241-4/+4
| | | | Noticed by markus@
* Expose devices allocated for tun/tap forwarding.djm2017-10-231-2/+8
| | | | | | | | | | | At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.