summaryrefslogtreecommitdiffstats
path: root/misc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* upstream: handle EINTR in waitfd() and timeout_connect() helpers;djm@openbsd.org2020-06-261-8/+13
| | | | | | bz#3071; ok dtucker@ OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee
* upstream: Make dollar_expand variadic and pass a real va_list todtucker@openbsd.org2020-05-291-3/+12
| | | | | | vdollar_percent_expand. Fixes build error on arm64 spotted by otto@. OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
* upstream: Pass a NULL instead of zeroed out va_list fromdtucker@openbsd.org2020-05-291-4/+2
| | | | | | | | dollar_expand. The original intent was in case there's some platform where va_list is not a pointer equivalent, but on i386 this chokes on the memset. This unbreaks that build, but will require further consideration. OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7
* upstream: Allow some keywords to expand shell-style ${ENV}dtucker@openbsd.org2020-05-291-31/+134
| | | | | | | | | | environment variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@ OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
* upstream: Fix multiplier in convtime when handling seconds afterdtucker@openbsd.org2020-05-291-2/+3
| | | | | | other units. bz#3171, spotted by ronf at timeheart.net, ok djm@. OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be
* upstream: add fmt_timeframe() (from bgpd) to format a timedjm@openbsd.org2020-05-271-20/+51
| | | | | | | | interval in a human- friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@ OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
* See if SA_RESTART signals will interrupt select().Darren Tucker2020-05-011-0/+2
| | | | | | | | | | | On some platforms (at least older HP-UXes such as 11.11, possibly others) setting SA_RESTART on signal handers will cause it to not interrupt select(), at least for calls that do not specify a timeout. Try to detect this and if found, don't use SA_RESTART. POSIX says "If SA_RESTART has been set for the interrupting signal, it is implementation-dependent whether select() restarts or returns with [EINTR]" so this behaviour is within spec.
* upstream: We've standardized on memset over bzero, replace a coupledtucker@openbsd.org2020-05-011-2/+2
| | | | | | that had slipped in. ok deraadt markus djm. OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6
* upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986,djm@openbsd.org2020-01-281-1/+2
| | | | | | based on patch by veegish AT cyberstorm.mu OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425
* upstream: add xextendf() to extend a string with a formatdjm@openbsd.org2020-01-251-1/+28
| | | | | | (reallocating as necessary). ok aja@ as part of a larger diff OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-1/+18
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* upstream: Wait for FD to be readable or writeable during a nonblockingdtucker@openbsd.org2019-11-221-6/+16
| | | | | | | | | | connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (eg multiplexers like sslh) but is also slightly quicker for other connections since, unlike ssh1, ssh2 doesn't specify that the client should parse the server banner before sending its own. Patch from mnissler@chromium.org, ok djm@ OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d
* Wrap poll.h includes in HAVE_POLL_H.Darren Tucker2019-10-281-0/+2
|
* upstream: move authorized_keys option parsing helpsers to misc.cdjm@openbsd.org2019-09-031-1/+73
| | | | | | and make them public; ok markus@ OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
* upstream: move skip_space() to misc.c and make it public; okdjm@openbsd.org2019-09-031-1/+11
| | | | | | markus@ OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
* upstream: switch percent_expand() to use sshbuf instead of a limiteddjm@openbsd.org2019-08-161-15/+24
| | | | | | fixed buffer; ok markus@ OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-9/+9
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* upstream: Some asprintf() calls were checked < 0, rather than thederaadt@openbsd.org2019-06-281-2/+2
| | | | | | precise == -1. ok millert nicm tb, etc OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
* upstream: Remove support for obsolete host/port syntax.dtucker@openbsd.org2019-01-241-2/+2
| | | | | | | | | | | host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at redhat.com, ok markus@ OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
* upstream: move client/server SSH-* banners to buffers underdjm@openbsd.org2018-12-271-1/+76
| | | | | | | | | | | | | ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@ OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
* upstream: Fix calculation of initial bandwidth limits. Account fordtucker@openbsd.org2018-12-271-5/+4
| | | | | | | | | | written bytes before the initial timer check so that the first buffer written is accounted. Set the threshold after which the timer is checked such that the limit starts being computed as soon as possible, ie after the second buffer is written. This prevents an initial burst of traffic and provides a more accurate bandwidth limit. bz#2927, ok djm. OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
* upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org2018-11-161-1/+8
| | | | OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
* upstream: Support using service names for port numbers.naddy@openbsd.org2018-10-071-4/+8
| | | | | | | | | | | * Try to resolve a port specification with getservbyname(3) if a numeric conversion fails. * Make the "Port" option in ssh_config handle its argument as a port rather than a plain integer. ok dtucker@ deraadt@ OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
* upstream: Allow ssh_config IdentityAgent directive to acceptdjm@openbsd.org2018-10-031-1/+20
| | | | | | environment variable names as well as explicit paths. ok dtucker@ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
* upstream: Remove uid checks from low port binds. Now that sshdtucker@openbsd.org2018-07-311-10/+1
| | | | | | | | | cannot be setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@ OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
* upstream: Remove support for running ssh(1) setuid and fatal ifdtucker@openbsd.org2018-07-191-2/+1
| | | | | | | | attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
* upstream: add a SetEnv directive to ssh_config that allows settingdjm@openbsd.org2018-06-091-6/+26
| | | | | | | | | | | environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@ OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-061-26/+1
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org2018-03-141-1/+54
| | | | | | simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
* upstream: revert recent strdelim() change, it causes problems withdjm@openbsd.org2018-03-121-19/+8
| | | | | | | | | | | some configs. revision 1.124 date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-1/+2
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* upstream: Allow escaped quotes \" and \' in ssh_config anddjm@openbsd.org2018-03-021-8/+19
| | | | | | sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
* upstream commitmarkus@openbsd.org2018-01-231-153/+1
| | | | | | | move subprocess() so scp/sftp do not need uidswap.o; ok djm@ OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
* upstream commitdjm@openbsd.org2017-12-121-4/+4
| | | | | | | fix ordering in previous to ensure errno isn't clobbered before logging. OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
* upstream commitdjm@openbsd.org2017-12-121-9/+10
| | | | | | | for some reason unix_listener() logged most errors twice with each message containing only some of the useful information; merge these OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
* upstream commitdtucker@openbsd.org2017-12-071-1/+15
| | | | | | | | Replace atoi and strtol conversions for integer arguments to config keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@ OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
* upstream commitdtucker@openbsd.org@openbsd.org2017-11-281-39/+48
| | | | | | | | | | Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@ OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
* provide hooks and fallbacks for rdomain supportDamien Miller2017-10-251-0/+13
|
* upstream commitdjm@openbsd.org2017-10-251-2/+18
| | | | | | | | | | add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@ Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
* upstream commitdjm@openbsd.org2017-10-251-1/+39
| | | | | | | | | Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
* upstream commitmillert@openbsd.org2017-10-251-4/+4
| | | | | | | Kill dead store and some spaces vs. tabs indent in parse_user_host_path(). Noticed by markus@ Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
* upstream commitdjm@openbsd.org2017-10-231-3/+9
| | | | | | | | | | | | | | | Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
* upstream commitmillert@openbsd.org2017-10-231-5/+292
| | | | | | | | | | Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
* misc.c needs functions from platform.c nowDamien Miller2017-08-231-0/+1
|
* upstream commitdjm@openbsd.org2017-08-231-3/+4
| | | | | | | add a "quiet" flag to exited_cleanly() that supresses errors about exit status (failure due to signal is still reported) Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
* upstream commitdjm@openbsd.org2017-08-231-1/+467
| | | | | | | | | | Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
* upstream commitdjm@openbsd.org2017-07-241-1/+2
| | | | | | | Allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default; ok dtucker@ Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
* upstream commitderaadt@openbsd.org2017-06-011-2/+2
| | | | | | | | | Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
* upstream commitdtucker@openbsd.org2017-03-141-3/+3
| | | | | | | Fix convtime() overflow test on boundary condition, spotted by & ok djm. Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
* upstream commitdtucker@openbsd.org2017-03-141-6/+11
| | | | | | | Check for integer overflow when parsing times in convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13