First pass at porting hpnssh to the alpha release of 9.3

Author: rapier1

.github/ci-status.md

@@ -4,7 +4,8 @@ master :
 [![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master)
 [![CIFuzz](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml)
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
+[![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
 
-9.1 :
-[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_1)
-[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_1)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_1)
+9.2 :
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_2)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_2)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2)

.github/configs

@@ -221,7 +221,7 @@ case "${TARGET_HOST}" in
 	# test run does not time out.
 	# The agent-restrict test fails due to some quoting issue when run
 	# with sh or ksh so specify bash for now.
-	TEST_TARGET="t-exec TEST_SHELL=bash"
+	TEST_TARGET="t-exec unit TEST_SHELL=bash"
 	SKIP_LTESTS="rekey sftp"
 	;;
     debian-riscv64)

.github/run_test.sh

@@ -21,7 +21,7 @@ if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then
 fi
 
 output_failed_logs() {
-    for i in regress/failed*; do
+    for i in regress/failed*.log; do
         if [ -f "$i" ]; then
             echo -------------------------------------------------------------------------
             echo LOGFILE $i

.github/setup_ci.sh

@@ -7,10 +7,10 @@ PACKAGES=""
 case "`./config.guess`" in
 *cygwin)
 	PACKAGER=setup
-	echo Setting CYGWIN sustem environment variable.
+	echo Setting CYGWIN system environment variable.
 	setx CYGWIN "binmode"
-	chmod -R go-rw /cygdrive/d/a
-	umask 077
+	echo Removing extended ACLs so umask works as expected.
+	setfacl -b . regress
 	PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
 	PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
 	;;

.github/workflows/c-cpp.yml

@@ -96,3 +96,4 @@ jobs:
           regress/valgrind-out/
           regress/asan.log.*
           regress/msan.log.*
+          regress/log/*

.github/workflows/selfhosted.yml

@@ -0,0 +1,120 @@
+name: C/C++ CI self-hosted
+
+on:
+  push:
+    branches: [pre-stage, master]
+    paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ]
+
+jobs:
+  selfhosted:
+    if: github.repository == 'rapier1/openssh-portable-selfhosted'
+    runs-on: ${{ matrix.host }}
+    timeout-minutes: 600
+    env:
+      HOST: ${{ matrix.host }}
+      TARGET_HOST: ${{ matrix.target }}
+      TARGET_CONFIG: ${{ matrix.config }}
+    strategy:
+      fail-fast: false
+      # We use a matrix in two parts: firstly all of the VMs are tested with the
+      # default config.  "target" corresponds to a label associated with the
+      # worker.  The default is an ephemeral VM running under libvirt.
+      matrix:
+        target:
+          - alpine
+          - centos7
+          - debian-i386
+          - dfly30
+          - dfly48
+          - dfly58
+          - dfly60
+          - dfly62
+          - fbsd10
+          - fbsd12
+          - fbsd13
+          - minix3
+          - nbsd3
+          - nbsd4
+          - nbsd8
+          - nbsd9
+          - obsd51
+          - obsd67
+          - obsd69
+          - obsd70
+          - obsdsnap
+          - obsdsnap-i386
+          - openindiana
+          - sol10
+          - sol11
+        config:
+          - default
+        host:
+          - libvirt
+        include:
+          # Then we include extra libvirt test configs.
+          - { target: aix51, config: default, host: libvirt }
+          - { target: centos7, config: pam, host: libvirt }
+          - { target: debian-i386, config: pam, host: libvirt }
+          - { target: dfly30, config: without-openssl, host: libvirt}
+          - { target: dfly48, config: pam ,host: libvirt }
+          - { target: dfly58, config: pam, host: libvirt }
+          - { target: dfly60, config: pam, host: libvirt }
+          - { target: dfly62, config: pam, host: libvirt }
+          - { target: fbsd10, config: pam, host: libvirt }
+          - { target: fbsd12, config: pam, host: libvirt }
+          - { target: fbsd13, config: pam, host: libvirt }
+          - { target: nbsd8,  config: pam, host: libvirt }
+          - { target: nbsd9,  config: pam, host: libvirt }
+          - { target: openindiana, config: pam, host: libvirt }
+          - { target: sol10,  config: pam, host: libvirt }
+          - { target: sol11,  config: pam-krb5, host: libvirt }
+          - { target: sol11,  config: sol64, host: libvirt }
+          # VMs with persistent disks that have their own runner.
+          - { target: win10, config: default, host: win10 }
+          - { target: win10, config: cygwin-release, host: win10 }
+          # Physical hosts, with either native runners or remote via ssh.
+          - { target: ARM, config: default, host: ARM }
+          - { target: ARM64, config: default, host: ARM64 }
+          - { target: ARM64, config: pam, host: ARM64 }
+          - { target: debian-riscv64, config: default, host: debian-riscv64 }
+          - { target: openwrt-mips, config: default, host: openwrt-mips }
+          - { target: openwrt-mipsel, config: default, host: openwrt-mipsel }
+    steps:
+    - name: shutdown VM if running
+      run: vmshutdown
+      working-directory: ${{ runner.temp }}
+    - uses: actions/checkout@main
+    - name: autoreconf
+      run: autoreconf
+    - name: startup VM
+      run: vmstartup
+      working-directory: ${{ runner.temp }}
+    - name: configure
+      run: vmrun ./.github/configure.sh ${{ matrix.config }}
+    - name: save config
+      uses: actions/upload-artifact@main
+      with:
+        name: ${{ matrix.target }}-${{ matrix.config }}-config
+        path: config.h
+    - name: make clean
+      run: vmrun make clean
+    - name: make
+      run: vmrun make
+    - name: make tests
+      run: vmrun ./.github/run_test.sh ${{ matrix.config }}
+      timeout-minutes: 600
+    - name: save logs
+      if: failure()
+      uses: actions/upload-artifact@main
+      with:
+        name: ${{ matrix.target }}-${{ matrix.config }}-logs
+        path: |
+          config.h
+          config.log
+          regress/*.log
+          regress/log/*
+          regress/valgrind-out/
+    - name: shutdown VM
+      if: always()
+      run: vmshutdown
+      working-directory: ${{ runner.temp }}

.github/workflows/upstream.yml

@@ -0,0 +1,53 @@
+name: Upstream self-hosted
+
+on:
+  push:
+    branches: [ master, pre-stage ]
+    paths: [ '**.c', '**.h', '.github/**' ]
+
+jobs:
+  selfhosted:
+    if: github.repository == 'rapier1/openssh-portable-selfhosted'
+    runs-on: 'libvirt'
+    env:
+      HOST: 'libvirt'
+      TARGET_HOST: ${{ matrix.target }}
+      TARGET_CONFIG: ${{ matrix.config }}
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [ obsdsnap, obsdsnap-i386 ]
+        config: [ default, without-openssl, ubsan ]
+    steps:
+    - name: shutdown VM if running
+      run: vmshutdown
+      working-directory: ${{ runner.temp }}
+    - uses: actions/checkout@main
+    - name: startup VM
+      run: vmstartup
+      working-directory: ${{ runner.temp }}
+    - name: update source
+      run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
+    - name: make clean
+      run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj"
+    - name: make
+      run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
+    - name: make install
+      run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
+    - name: make tests`
+      run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac"
+      env:
+        SUDO: sudo
+      timeout-minutes: 300
+    - name: save logs
+      if: failure()
+      uses: actions/upload-artifact@main
+      with:
+        name: ${{ matrix.target }}-${{ matrix.config }}-logs
+        path: |
+          /usr/obj/regress/usr.bin/ssh/obj/*.log
+          /usr/obj/regress/usr.bin/ssh/obj/log/*
+    - name: shutdown VM
+      if: always()
+      run: vmshutdown
+      working-directory: ${{ runner.temp }}

Makefile.in

@@ -518,6 +518,10 @@ regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
 	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
 	$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
 
+regress/timestamp$(EXEEXT): $(srcdir)/regress/timestamp.c $(REGRESSLIBS)
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/timestamp.c \
+	$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
+
 regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS)
 	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \
 	$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -692,6 +696,7 @@ regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
 
 regress-binaries: regress-prep $(LIBCOMPAT) \
 	regress/modpipe$(EXEEXT) \
+	regress/timestamp$(EXEEXT) \
 	regress/setuid-allowed$(EXEEXT) \
 	regress/netcat$(EXEEXT) \
 	regress/check-perm$(EXEEXT) \

auth-pam.c

@@ -351,11 +351,12 @@ import_environments(struct sshbuf *b)
 	/* Import environment from subprocess */
 	if ((r = sshbuf_get_u32(b, &num_env)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (num_env > 1024)
-		fatal("%s: received %u environment variables, expected <= 1024",
-		    __func__, num_env);
+	if (num_env > 1024) {
+		fatal_f("received %u environment variables, expected <= 1024",
+		    num_env);
+	}
 	sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
-	debug3("PAM: num env strings %d", num_env);
+	debug3("PAM: num env strings %u", num_env);
 	for(i = 0; i < num_env; i++) {
 		if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
@@ -365,7 +366,11 @@ import_environments(struct sshbuf *b)
 	/* Import PAM environment from subprocess */
 	if ((r = sshbuf_get_u32(b, &num_env)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	debug("PAM: num PAM env strings %d", num_env);
+	if (num_env > 1024) {
+		fatal_f("received %u PAM env variables, expected <= 1024",
+		    num_env);
+	}
+	debug("PAM: num PAM env strings %u", num_env);
 	for (i = 0; i < num_env; i++) {
 		if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));

auth-shadow.c

@@ -56,23 +56,23 @@ int
 auth_shadow_acctexpired(struct spwd *spw)
 {
 	time_t today;
-	int daysleft;
+	long long daysleft;
 	int r;
 
 	today = time(NULL) / DAY;
 	daysleft = spw->sp_expire - today;
-	debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
-	    (int)spw->sp_expire, daysleft);
+	debug3("%s: today %lld sp_expire %lld days left %lld", __func__,
+	    (long long)today, (long long)spw->sp_expire, daysleft);
 
 	if (spw->sp_expire == -1) {
 		debug3("account expiration disabled");
 	} else if (daysleft < 0) {
 		logit("Account %.100s has expired", spw->sp_namp);
 		return 1;
 	} else if (daysleft <= spw->sp_warn) {
-		debug3("account will expire in %d days", daysleft);
+		debug3("account will expire in %lld days", daysleft);
 		if ((r = sshbuf_putf(loginmsg, 
-		    "Your account will expire in %d day%s.\n", daysleft,
+		    "Your account will expire in %lld day%s.\n", daysleft,
 		    daysleft == 1 ? "" : "s")) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
@@ -98,8 +98,8 @@ auth_shadow_pwexpired(Authctxt *ctxt)
 	}
 
 	today = time(NULL) / DAY;
-	debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
-	    (int)spw->sp_lstchg, (int)spw->sp_max);
+	debug3_f("today %lld sp_lstchg %lld sp_max %lld", (long long)today,
+	    (long long)spw->sp_lstchg, (long long)spw->sp_max);
 
 #if defined(__hpux) && !defined(HAVE_SECUREWARE)
 	if (iscomsec()) {

auth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.159 2022/12/09 00:17:40 dtucker Exp $ */
+/* $OpenBSD: auth.c,v 1.160 2023/03/05 05:34:09 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -74,7 +74,6 @@
 #include "authfile.h"
 #include "monitor_wrap.h"
 #include "ssherr.h"
-#include "compat.h"
 #include "channels.h"
 
 /* import */

auth2-hostbased.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.50 2022/09/17 10:34:29 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -40,7 +40,6 @@
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
-#include "compat.h"
 #include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
@@ -101,12 +100,6 @@ userauth_hostbased(struct ssh *ssh, const char *method)
 		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
-	if (sshkey_type_plain(key->type) == KEY_RSA &&
-	    (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
-		error("Refusing RSA key because peer uses unsafe "
-		    "signature format");
-		goto done;
-	}
 	if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
 		logit_f("signature algorithm %s not in "
 		    "HostbasedAcceptedAlgorithms", pkalg);

auth2-none.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.25 2023/03/05 05:34:09 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -44,7 +44,6 @@
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
-#include "compat.h"
 #include "ssh2.h"
 #include "ssherr.h"
 #ifdef GSSAPI

auth2-pubkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.117 2022/09/17 10:34:29 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.118 2023/02/17 04:22:50 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -153,12 +153,6 @@ userauth_pubkey(struct ssh *ssh, const char *method)
 		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
-	if (sshkey_type_plain(key->type) == KEY_RSA &&
-	    (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
-		logit("Refusing RSA key because client uses unsafe "
-		    "signature scheme");
-		goto done;
-	}
 	if (auth2_key_already_used(authctxt, key)) {
 		logit("refusing previously-used %s key", sshkey_type(key));
 		goto done;