mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-26 20:02:13 +00:00
upstream commit
remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
This commit is contained in:
parent
ffe6549c2f
commit
83b581862a
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor.c,v 1.162 2016/08/13 17:47:41 markus Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.163 2016/08/19 03:18:06 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
@ -1395,9 +1395,6 @@ mm_record_login(Session *s, struct passwd *pw)
|
||||
socklen_t fromlen;
|
||||
struct sockaddr_storage from;
|
||||
|
||||
if (options.use_login)
|
||||
return;
|
||||
|
||||
/*
|
||||
* Get IP address of client. If the connection is not a socket, let
|
||||
* the address be 0.0.0.0.
|
||||
|
14
servconf.c
14
servconf.c
@ -1,5 +1,5 @@
|
||||
|
||||
/* $OpenBSD: servconf.c,v 1.293 2016/08/15 12:27:56 naddy Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.294 2016/08/19 03:18:06 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -120,7 +120,6 @@ initialize_server_options(ServerOptions *options)
|
||||
options->challenge_response_authentication = -1;
|
||||
options->permit_empty_passwd = -1;
|
||||
options->permit_user_env = -1;
|
||||
options->use_login = -1;
|
||||
options->compression = -1;
|
||||
options->rekey_limit = -1;
|
||||
options->rekey_interval = -1;
|
||||
@ -281,8 +280,6 @@ fill_default_server_options(ServerOptions *options)
|
||||
options->permit_empty_passwd = 0;
|
||||
if (options->permit_user_env == -1)
|
||||
options->permit_user_env = 0;
|
||||
if (options->use_login == -1)
|
||||
options->use_login = 0;
|
||||
if (options->compression == -1)
|
||||
options->compression = COMP_DELAYED;
|
||||
if (options->rekey_limit == -1)
|
||||
@ -397,7 +394,7 @@ typedef enum {
|
||||
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
|
||||
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
|
||||
sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
|
||||
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
|
||||
sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
|
||||
sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
|
||||
sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
|
||||
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
|
||||
@ -508,7 +505,7 @@ static struct {
|
||||
{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
|
||||
{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
|
||||
{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
|
||||
{ "uselogin", sUseLogin, SSHCFG_GLOBAL },
|
||||
{ "uselogin", sDeprecated, SSHCFG_GLOBAL },
|
||||
{ "compression", sCompression, SSHCFG_GLOBAL },
|
||||
{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
|
||||
{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
|
||||
@ -1283,10 +1280,6 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
intptr = &options->permit_user_env;
|
||||
goto parse_flag;
|
||||
|
||||
case sUseLogin:
|
||||
intptr = &options->use_login;
|
||||
goto parse_flag;
|
||||
|
||||
case sCompression:
|
||||
intptr = &options->compression;
|
||||
multistate_ptr = multistate_compression;
|
||||
@ -2261,7 +2254,6 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
|
||||
dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
|
||||
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
|
||||
dump_cfg_fmtint(sUseLogin, o->use_login);
|
||||
dump_cfg_fmtint(sCompression, o->compression);
|
||||
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
|
||||
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: servconf.h,v 1.121 2016/08/15 12:27:56 naddy Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.122 2016/08/19 03:18:06 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -121,7 +121,6 @@ typedef struct {
|
||||
int permit_empty_passwd; /* If false, do not permit empty
|
||||
* passwords. */
|
||||
int permit_user_env; /* If true, read ~/.ssh/environment */
|
||||
int use_login; /* If true, login(1) is used */
|
||||
int compression; /* If true, compression is allowed */
|
||||
int allow_tcp_forwarding; /* One of FORWARD_* */
|
||||
int allow_streamlocal_forwarding; /* One of FORWARD_* */
|
||||
|
169
session.c
169
session.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: session.c,v 1.283 2016/08/13 17:47:41 markus Exp $ */
|
||||
/* $OpenBSD: session.c,v 1.284 2016/08/19 03:18:06 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -544,7 +544,7 @@ do_exec_pty(Session *s, const char *command)
|
||||
|
||||
/* record login, etc. similar to login(1) */
|
||||
#ifndef HAVE_OSF_SIA
|
||||
if (!(options.use_login && command == NULL)) {
|
||||
if (command != NULL) {
|
||||
#ifdef _UNICOS
|
||||
cray_init_job(s->pw); /* set up cray jid and tmpdir */
|
||||
#endif /* _UNICOS */
|
||||
@ -1019,69 +1019,63 @@ do_setup_env(Session *s, const char *shell)
|
||||
ssh_gssapi_do_child(&env, &envsize);
|
||||
#endif
|
||||
|
||||
if (!options.use_login) {
|
||||
/* Set basic environment. */
|
||||
for (i = 0; i < s->num_env; i++)
|
||||
child_set_env(&env, &envsize, s->env[i].name,
|
||||
s->env[i].val);
|
||||
/* Set basic environment. */
|
||||
for (i = 0; i < s->num_env; i++)
|
||||
child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
|
||||
|
||||
child_set_env(&env, &envsize, "USER", pw->pw_name);
|
||||
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
|
||||
child_set_env(&env, &envsize, "USER", pw->pw_name);
|
||||
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
|
||||
#ifdef _AIX
|
||||
child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
|
||||
child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
|
||||
#endif
|
||||
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
|
||||
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
|
||||
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
|
||||
else
|
||||
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
|
||||
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
|
||||
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
|
||||
else
|
||||
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
|
||||
#else /* HAVE_LOGIN_CAP */
|
||||
# ifndef HAVE_CYGWIN
|
||||
/*
|
||||
* There's no standard path on Windows. The path contains
|
||||
* important components pointing to the system directories,
|
||||
* needed for loading shared libraries. So the path better
|
||||
* remains intact here.
|
||||
*/
|
||||
/*
|
||||
* There's no standard path on Windows. The path contains
|
||||
* important components pointing to the system directories,
|
||||
* needed for loading shared libraries. So the path better
|
||||
* remains intact here.
|
||||
*/
|
||||
# ifdef HAVE_ETC_DEFAULT_LOGIN
|
||||
read_etc_default_login(&env, &envsize, pw->pw_uid);
|
||||
path = child_get_env(env, "PATH");
|
||||
read_etc_default_login(&env, &envsize, pw->pw_uid);
|
||||
path = child_get_env(env, "PATH");
|
||||
# endif /* HAVE_ETC_DEFAULT_LOGIN */
|
||||
if (path == NULL || *path == '\0') {
|
||||
child_set_env(&env, &envsize, "PATH",
|
||||
s->pw->pw_uid == 0 ?
|
||||
SUPERUSER_PATH : _PATH_STDPATH);
|
||||
}
|
||||
if (path == NULL || *path == '\0') {
|
||||
child_set_env(&env, &envsize, "PATH",
|
||||
s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
|
||||
}
|
||||
# endif /* HAVE_CYGWIN */
|
||||
#endif /* HAVE_LOGIN_CAP */
|
||||
|
||||
snprintf(buf, sizeof buf, "%.200s/%.50s",
|
||||
_PATH_MAILDIR, pw->pw_name);
|
||||
child_set_env(&env, &envsize, "MAIL", buf);
|
||||
snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
|
||||
child_set_env(&env, &envsize, "MAIL", buf);
|
||||
|
||||
/* Normal systems set SHELL by default. */
|
||||
child_set_env(&env, &envsize, "SHELL", shell);
|
||||
|
||||
/* Normal systems set SHELL by default. */
|
||||
child_set_env(&env, &envsize, "SHELL", shell);
|
||||
}
|
||||
if (getenv("TZ"))
|
||||
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
||||
|
||||
/* Set custom environment options from RSA authentication. */
|
||||
if (!options.use_login) {
|
||||
while (custom_environment) {
|
||||
struct envstring *ce = custom_environment;
|
||||
char *str = ce->s;
|
||||
while (custom_environment) {
|
||||
struct envstring *ce = custom_environment;
|
||||
char *str = ce->s;
|
||||
|
||||
for (i = 0; str[i] != '=' && str[i]; i++)
|
||||
;
|
||||
if (str[i] == '=') {
|
||||
str[i] = 0;
|
||||
child_set_env(&env, &envsize, str, str + i + 1);
|
||||
}
|
||||
custom_environment = ce->next;
|
||||
free(ce->s);
|
||||
free(ce);
|
||||
for (i = 0; str[i] != '=' && str[i]; i++)
|
||||
;
|
||||
if (str[i] == '=') {
|
||||
str[i] = 0;
|
||||
child_set_env(&env, &envsize, str, str + i + 1);
|
||||
}
|
||||
custom_environment = ce->next;
|
||||
free(ce->s);
|
||||
free(ce);
|
||||
}
|
||||
|
||||
/* SSH_CLIENT deprecated */
|
||||
@ -1143,7 +1137,7 @@ do_setup_env(Session *s, const char *shell)
|
||||
* Pull in any environment variables that may have
|
||||
* been set by PAM.
|
||||
*/
|
||||
if (options.use_pam && !options.use_login) {
|
||||
if (options.use_pam) {
|
||||
char **p;
|
||||
|
||||
p = fetch_pam_child_environment();
|
||||
@ -1161,7 +1155,7 @@ do_setup_env(Session *s, const char *shell)
|
||||
auth_sock_name);
|
||||
|
||||
/* read $HOME/.ssh/environment. */
|
||||
if (options.permit_user_env && !options.use_login) {
|
||||
if (options.permit_user_env) {
|
||||
snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
|
||||
strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
|
||||
read_environment_file(&env, &envsize, buf);
|
||||
@ -1442,27 +1436,6 @@ do_pwchange(Session *s)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static void
|
||||
launch_login(struct passwd *pw, const char *hostname)
|
||||
{
|
||||
/* Launch login(1). */
|
||||
|
||||
execl(LOGIN_PROGRAM, "login", "-h", hostname,
|
||||
#ifdef xxxLOGIN_NEEDS_TERM
|
||||
(s->term ? s->term : "unknown"),
|
||||
#endif /* LOGIN_NEEDS_TERM */
|
||||
#ifdef LOGIN_NO_ENDOPT
|
||||
"-p", "-f", pw->pw_name, (char *)NULL);
|
||||
#else
|
||||
"-p", "-f", "--", pw->pw_name, (char *)NULL);
|
||||
#endif
|
||||
|
||||
/* Login couldn't be executed, die. */
|
||||
|
||||
perror("login");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static void
|
||||
child_close_fds(void)
|
||||
{
|
||||
@ -1510,11 +1483,10 @@ child_close_fds(void)
|
||||
void
|
||||
do_child(Session *s, const char *command)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
extern char **environ;
|
||||
char **env;
|
||||
char *argv[ARGV_MAX];
|
||||
const char *shell, *shell0, *hostname = NULL;
|
||||
const char *shell, *shell0;
|
||||
struct passwd *pw = s->pw;
|
||||
int r = 0;
|
||||
|
||||
@ -1529,10 +1501,6 @@ do_child(Session *s, const char *command)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* login(1) is only called if we execute the login shell */
|
||||
if (options.use_login && command != NULL)
|
||||
options.use_login = 0;
|
||||
|
||||
#ifdef _UNICOS
|
||||
cray_setup(pw->pw_uid, pw->pw_name, command);
|
||||
#endif /* _UNICOS */
|
||||
@ -1541,28 +1509,26 @@ do_child(Session *s, const char *command)
|
||||
* Login(1) does this as well, and it needs uid 0 for the "-h"
|
||||
* switch, so we let login(1) to this for us.
|
||||
*/
|
||||
if (!options.use_login) {
|
||||
#ifdef HAVE_OSF_SIA
|
||||
session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
|
||||
if (!check_quietlogin(s, command))
|
||||
do_motd();
|
||||
session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
|
||||
if (!check_quietlogin(s, command))
|
||||
do_motd();
|
||||
#else /* HAVE_OSF_SIA */
|
||||
/* When PAM is enabled we rely on it to do the nologin check */
|
||||
if (!options.use_pam)
|
||||
do_nologin(pw);
|
||||
do_setusercontext(pw);
|
||||
/*
|
||||
* PAM session modules in do_setusercontext may have
|
||||
* generated messages, so if this in an interactive
|
||||
* login then display them too.
|
||||
*/
|
||||
if (!check_quietlogin(s, command))
|
||||
display_loginmsg();
|
||||
/* When PAM is enabled we rely on it to do the nologin check */
|
||||
if (!options.use_pam)
|
||||
do_nologin(pw);
|
||||
do_setusercontext(pw);
|
||||
/*
|
||||
* PAM session modules in do_setusercontext may have
|
||||
* generated messages, so if this in an interactive
|
||||
* login then display them too.
|
||||
*/
|
||||
if (!check_quietlogin(s, command))
|
||||
display_loginmsg();
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
}
|
||||
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam && !options.use_login && !is_pam_session_open()) {
|
||||
if (options.use_pam && !is_pam_session_open()) {
|
||||
debug3("PAM session not opened, exiting");
|
||||
display_loginmsg();
|
||||
exit(254);
|
||||
@ -1585,10 +1551,6 @@ do_child(Session *s, const char *command)
|
||||
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
|
||||
#endif
|
||||
|
||||
/* we have to stash the hostname before we close our socket. */
|
||||
if (options.use_login)
|
||||
hostname = session_get_remote_name_or_ip(ssh, utmp_len,
|
||||
options.use_dns);
|
||||
/*
|
||||
* Close the connection descriptors; note that this is the child, and
|
||||
* the server will still have the socket open, and it is important
|
||||
@ -1647,8 +1609,7 @@ do_child(Session *s, const char *command)
|
||||
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
|
||||
if (!options.use_login)
|
||||
do_rc_files(s, shell);
|
||||
do_rc_files(s, shell);
|
||||
|
||||
/* restore SIGPIPE for child */
|
||||
signal(SIGPIPE, SIG_DFL);
|
||||
@ -1678,11 +1639,6 @@ do_child(Session *s, const char *command)
|
||||
|
||||
fflush(NULL);
|
||||
|
||||
if (options.use_login) {
|
||||
launch_login(pw, hostname);
|
||||
/* NEVERREACHED */
|
||||
}
|
||||
|
||||
/* Get the last component of the shell name. */
|
||||
if ((shell0 = strrchr(shell, '/')) != NULL)
|
||||
shell0++;
|
||||
@ -2502,11 +2458,6 @@ session_setup_x11fwd(Session *s)
|
||||
packet_send_debug("No xauth program; cannot forward with spoofing.");
|
||||
return 0;
|
||||
}
|
||||
if (options.use_login) {
|
||||
packet_send_debug("X11 forwarding disabled; "
|
||||
"not compatible with UseLogin=yes.");
|
||||
return 0;
|
||||
}
|
||||
if (s->display != NULL) {
|
||||
debug("X11 display already set.");
|
||||
return 0;
|
||||
|
7
sshd.8
7
sshd.8
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.285 2016/08/15 12:32:04 naddy Exp $
|
||||
.Dd $Mdocdate: August 15 2016 $
|
||||
.\" $OpenBSD: sshd.8,v 1.286 2016/08/19 03:18:06 djm Exp $
|
||||
.Dd $Mdocdate: August 19 2016 $
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -504,9 +504,6 @@ Environment processing is disabled by default and is
|
||||
controlled via the
|
||||
.Cm PermitUserEnvironment
|
||||
option.
|
||||
This option is automatically disabled if
|
||||
.Cm UseLogin
|
||||
is enabled.
|
||||
.It Cm from="pattern-list"
|
||||
Specifies that in addition to public key authentication, either the canonical
|
||||
name of the remote host or its IP address must be present in the
|
||||
|
4
sshd.c
4
sshd.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sshd.c,v 1.473 2016/08/15 12:27:56 naddy Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.474 2016/08/19 03:18:07 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -629,7 +629,7 @@ privsep_postauth(Authctxt *authctxt)
|
||||
#ifdef DISABLE_FD_PASSING
|
||||
if (1) {
|
||||
#else
|
||||
if (authctxt->pw->pw_uid == 0 || options.use_login) {
|
||||
if (authctxt->pw->pw_uid == 0) {
|
||||
#endif
|
||||
/* File descriptor passing is broken or root login */
|
||||
use_privsep = 0;
|
||||
|
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.229 2016/08/15 12:32:04 naddy Exp $
|
||||
.Dd $Mdocdate: August 15 2016 $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $
|
||||
.Dd $Mdocdate: August 19 2016 $
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1489,25 +1489,6 @@ and
|
||||
.Cm Match
|
||||
.Cm Host
|
||||
directives.
|
||||
.It Cm UseLogin
|
||||
Specifies whether
|
||||
.Xr login 1
|
||||
is used for interactive login sessions.
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that
|
||||
.Xr login 1
|
||||
is never used for remote command execution.
|
||||
Note also, that if this is enabled,
|
||||
.Cm X11Forwarding
|
||||
will be disabled because
|
||||
.Xr login 1
|
||||
does not know how to handle
|
||||
.Xr xauth 1
|
||||
cookies.
|
||||
If
|
||||
.Cm UsePrivilegeSeparation
|
||||
is specified, it will be disabled after authentication.
|
||||
.It Cm UsePAM
|
||||
Enables the Pluggable Authentication Module interface.
|
||||
If set to
|
||||
@ -1596,9 +1577,6 @@ setting.
|
||||
.Pp
|
||||
Note that disabling X11 forwarding does not prevent users from
|
||||
forwarding X11 traffic, as users can always install their own forwarders.
|
||||
X11 forwarding is automatically disabled if
|
||||
.Cm UseLogin
|
||||
is enabled.
|
||||
.It Cm X11UseLocalhost
|
||||
Specifies whether
|
||||
.Xr sshd 8
|
||||
|
Loading…
Reference in New Issue
Block a user