Commit Graph

422 Commits

Author SHA1 Message Date
Damien Miller 85b45e0918 - markus@cvs.openbsd.org 2013/07/19 07:37:48
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
     [servconf.h session.c sshd.c sshd_config.5]
     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
     ok djm@
2013-07-20 13:21:52 +10:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller a56086b990 - djm@cvs.openbsd.org 2013/04/19 01:03:01
[session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
2013-04-23 15:24:18 +10:00
Damien Miller f1a02aea35 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
[session.c]
     revert rev 1.262; it fails because uid is already set here.  ok djm@
2013-04-23 15:22:13 +10:00
Damien Miller 998cc56b65 - djm@cvs.openbsd.org 2013/03/06 23:35:23
[session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
2013-04-23 15:16:43 +10:00
Damien Miller 5852840190 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
occur after UID switch; patch from John Marshall via des AT des.no;
   ok dtucker@
2013-03-15 11:22:37 +11:00
Damien Miller aa5b3f8314 - djm@cvs.openbsd.org 2012/12/02 20:46:11
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
     [sshd_config.5]
     make AllowTcpForwarding accept "local" and "remote" in addition to its
     current "yes"/"no" to allow the server to specify whether just local or
     remote TCP forwarding is enabled. ok markus@
2012-12-03 09:50:54 +11:00
Damien Miller 29cd188887 - guenther@cvs.openbsd.org 2012/03/15 03:10:27
[session.c]
     root should always be excluded from the test for /etc/nologin instead
     of having it always enforced even when marked as ignorenologin.  This
     regressed when the logic was incompletely flipped around in rev 1.251
     ok halex@ millert@
2012-04-22 11:08:10 +10:00
Darren Tucker 9c5d553d58 - djm@cvs.openbsd.org 2011/10/24 02:13:13
[session.c]
     bz#1859: send tty break to pty master instead of (probably already
     closed) slave side; "looks good" markus@
2011-11-04 10:55:24 +11:00
Damien Miller 14684a1f84 - (djm) [session.c] call setexeccon() before executing passwd for pw
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2011-05-20 11:23:07 +10:00
Damien Miller f80c3deaaf - djm@cvs.openbsd.org 2010/11/25 04:10:09
[session.c]
     replace close() loop for fds 3->64 with closefrom();
     ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
Darren Tucker d995712383 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
into the platform-specific code  Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
Damien Miller 0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Darren Tucker b12fe272a0 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
check into platform.c
2010-11-05 14:47:01 +11:00
Darren Tucker cc12418e18 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
Darren Tucker 0b2ee6452c - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
platform.c.
2010-11-05 13:29:25 +11:00
Darren Tucker 676b912e78 - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. 2010-11-05 13:11:04 +11:00
Darren Tucker 7a8afe3186 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
platform.c
2010-11-05 13:07:24 +11:00
Darren Tucker 728d8371a1 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
the LOGIN_CAP case into platform.c.
2010-11-05 13:00:05 +11:00
Darren Tucker 44a97be0cc - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2010-11-05 12:45:18 +11:00
Darren Tucker 4db380701d - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
platform.c
2010-11-05 12:41:13 +11:00
Darren Tucker 920612e45a - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
after the user's groups are established and move the selinux calls into it.
2010-11-05 12:36:15 +11:00
Darren Tucker 97528353c2 - (dtucker) [configure.ac platform.{c,h} session.c
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
   ok djm@
2010-11-05 12:03:05 +11:00
Damien Miller 8853ca5fc4 - djm@cvs.openbsd.org 2010/06/25 07:20:04
[channels.c session.c]
     bz#1750: fix requirement for /dev/null inside ChrootDirectory for
     internal-sftp accidentally introduced in r1.253 by removing the code
     that opens and dup /dev/null to stderr and modifying the channels code
     to read stderr but discard it instead; ok markus@
2010-06-26 10:00:14 +10:00
Damien Miller 1b2b61e6f8 - djm@cvs.openbsd.org 2010/06/22 04:59:12
[session.c]
     include the user name on "subsystem request for ..." log messages;
     bz#1571; ok dtucker@
2010-06-26 09:47:43 +10:00
Damien Miller 7aa46ec393 - djm@cvs.openbsd.org 2010/06/18 03:16:03
[session.c]
     Missing check for chroot_director == "none" (we already checked against
     NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2010-06-26 09:37:57 +10:00
Damien Miller 22a29880bb - djm@cvs.openbsd.org 2010/04/23 22:42:05
[session.c]
     set stderr to /dev/null for subsystems rather than just closing it.
     avoids hangs if a subsystem or shell initialisation writes to stderr.
     bz#1750; ok markus@
2010-05-10 11:53:54 +10:00
Damien Miller 8b90642fcf - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@
2010-03-26 11:04:09 +11:00
Darren Tucker cd70e1b813 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@
2010-03-07 23:05:17 +11:00
Darren Tucker ac0c4c9c1d - (dtucker) [session.c] Also initialize creds to NULL for handing to
setpcred.
2010-03-07 13:32:16 +11:00
Darren Tucker c738e6c646 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.
2010-03-07 13:21:12 +11:00
Darren Tucker 09aa4c000e - dtucker@cvs.openbsd.org 2010/01/12 08:33:17
[session.c]
     Add explicit stat so we reliably detect nologin with bad perms.
     ok djm markus
2010-01-12 19:51:48 +11:00
Darren Tucker 1b0c2455da - dtucker@cvs.openbsd.org 2010/01/12 01:31:05
[session.c]
     Do not allow logins if /etc/nologin exists but is not readable by the user
     logging in.  Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
2010-01-12 19:45:26 +11:00
Darren Tucker c3dc404113 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41
[session.c]
     Warn but do not fail if stat()ing the subsystem binary fails.  This helps
     with chrootdirectory+forcecommand=sftp-server and restricted shells.
     bz #1599, ok djm.
2010-01-08 17:09:50 +11:00
Darren Tucker d6b06a9f39 - djm@cvs.openbsd.org 2009/11/19 23:39:50
[session.c]
     bz#1606: error when an attempt is made to connect to a server
     with ForceCommand=internal-sftp with a shell session (i.e. not a
     subsystem session). Avoids stuck client when attempting to ssh to such a
     service. ok dtucker@
2010-01-08 17:09:11 +11:00
Darren Tucker 4d6656b103 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
is enabled set the security context to "sftpd_t" before running the
   internal sftp server   Based on a patch from jchadima at redhat.
2009-10-24 15:04:12 +11:00
Darren Tucker 695ed397a5 - djm@cvs.openbsd.org 2009/10/06 04:46:40
[session.c]
     bz#1596: fflush(NULL) before exec() to ensure that everying (motd
     in particular) has made it out before the streams go away.
2009-10-07 09:02:18 +11:00
Darren Tucker 82edf23fff - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
the setpcred call on AIX to immediately before the permanently_set_uid().
   Ensures that we still have privileges when we call chroot and
   pam_open_sesson.  Based on a patch from David Leonard.
2009-08-20 16:20:50 +10:00
Darren Tucker 43e7a358ff - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
header-order changes to reduce diff vs OpenBSD.
2009-06-21 19:50:08 +10:00
Darren Tucker ac46a915e8 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06
[session.c]
     use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
     ok djm@ markus@
2009-06-21 17:55:23 +10:00
Darren Tucker 9d86e5d570 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
   openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
   version of Cygwin.  Patch from vinschen at redhat com.
2009-03-08 11:40:27 +11:00
Damien Miller a1c1b6c86d - djm@cvs.openbsd.org 2009/01/22 09:46:01
[channels.c channels.h session.c]
     make Channel->path an allocated string, saving a few bytes here and
     there and fixing bz#1380 in the process; ok markus@
2009-01-28 16:29:49 +11:00
Darren Tucker 63917bd0da - tobias@cvs.openbsd.org 2008/11/09 12:34:47
[session.c ssh.1]
     typo fixed (overriden -> overridden)
     ok espie, jmc
2008-11-11 16:33:48 +11:00
Damien Miller d58f56000c - millert@cvs.openbsd.org 2008/10/02 14:39:35
[session.c]
     Convert an unchecked strdup to xstrdup.  OK deraadt@
2008-11-03 19:20:49 +11:00
Damien Miller ad793d59a9 - djm@cvs.openbsd.org 2008/08/21 04:09:57
[session.c]
     allow ForceCommand internal-sftp with arguments. based on patch from
     michael.barabanov AT gmail.com; ok markus@
2008-11-03 19:17:57 +11:00
Darren Tucker ed3cdc0a7c - dtucker@cvs.openbsd.org 2008/06/16 13:22:53
[session.c channels.c]
     Rename the isatty argument to is_tty so we don't shadow
     isatty(3).  ok markus@
2008-06-16 23:29:18 +10:00
Damien Miller d310d51bad - djm@cvs.openbsd.org 2008/06/15 20:06:26
[channels.c channels.h session.c]
     don't call isatty() on a pty master, instead pass a flag down to
     channel_set_fds() indicating that te fds refer to a tty. Fixes a
     hang on exit on Solaris (bz#1463) in portable but is actually
     a generic bug; ok dtucker deraadt markus
2008-06-16 07:59:23 +10:00
Damien Miller 6051c94a0a - djm@cvs.openbsd.org 2008/06/14 18:33:43
[session.c]
     suppress the warning message from chdir(homedir) failures
     when chrooted (bz#1461); ok dtucker
2008-06-16 07:53:16 +10:00
Damien Miller 2ff1ca56eb - markus@cvs.openbsd.org 2008/05/09 16:16:06
[session.c]
     re-add the USE_PIPES code and enable it.
     without pipes shutdown-read from the sshd does not trigger
     a SIGPIPE when the forked program does a write.
     ok djm@
     (Id sync only, USE_PIPES never left portable OpenSSH)
2008-05-19 16:04:56 +10:00