tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,823 Commits 7 Branches 18 Tags 96 MiB
Commit Graph

75 Commits

Author SHA1 Message Date
Damien Miller 57ed647ee0 polish whitespace for portable files 2021-04-03 17:47:37 +11:00
Damien Miller c17e4638e5 explicitly test set[ug]id() return values 
Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
ok dtucker@
 2019-09-13 13:15:14 +10:00
deraadt@openbsd.org 4d28fa78ab upstream: When system calls indicate an error they return -1, not 
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
 2019-07-05 11:10:39 +10:00
dtucker@openbsd.org 258dc8bb07 upstream: Remove support for running ssh(1) setuid and fatal if 
attempted. Do not link uidwap.c into ssh any more.  Neuters
UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
djm@

OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
 2018-07-19 21:41:42 +10:00
djm@openbsd.org 26f96ca10a upstream: invalidate supplemental group cache used by 
temporarily_use_uid() when the target uid differs; could cause failure to
read authorized_keys under some configurations. patch by Jakub Jelen via
bz2873; ok dtucker, markus

OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1
 2018-06-15 17:07:49 +10:00
Damien Miller 4626cbaf78 Support Illumos/Solaris fine-grained privileges 
Includes a pre-auth privsep sandbox and several pledge()
emulations. bz#2511, patch by Alex Wilson.

ok dtucker@
 2016-01-08 14:29:12 +11:00
dtucker@openbsd.org 7ed01a96a1 upstream commit 
Revert previous commit.  We still want to call setgroups
 in the case where there are zero groups to remove any that we might otherwise
 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
 to setgroups is always a static global it's always valid to dereference in
 this case.  ok deraadt@ djm@

Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
 2015-06-25 09:50:12 +10:00
dtucker@openbsd.org 882f8bf94f upstream commit 
Revert previous commit.  We still want to call setgroups in
 the case where there are zero groups to remove any that we might otherwise
 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
 to setgroups is always a static global it's always valid to dereference in
 this case.  ok deraadt@ djm@

Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
 2015-06-25 09:48:41 +10:00
dtucker@openbsd.org 63b78d003b upstream commit 
Don't call setgroups if we have zero groups; there's no
 guarantee that it won't try to deref the pointer.  Based on a patch from mail
 at quitesimple.org, ok djm deraadt

Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
 2015-06-23 10:34:46 +10:00
Darren Tucker d1680d36e1 xrealloc -> xreallocarray in portable code too. 2015-04-30 09:18:11 +10:00
deraadt@openbsd.org 2ae4f337b2 upstream commit 
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
 2015-01-16 18:24:48 +11:00
Darren Tucker 89c532d843 - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch 
from vinschen at redhat.com
 2014-01-18 20:43:49 +11:00
Damien Miller 0600c7020f - dtucker@cvs.openbsd.org 2013/11/08 11:15:19 
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
     [uidswap.c] Include stdlib.h for free() as per the man page.
 2013-11-21 13:55:43 +11:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
 2013-06-02 08:07:31 +10:00
Darren Tucker f96ff18a92 - (dtucker) [uidswap.c openbsd-compat/Makefile.in 
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
   and gids from uidswap.c to the compat library, which allows it to work with
   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
 2012-11-05 17:04:37 +11:00
Damien Miller 1598d6bc55 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. 
Patch based on one from vgiffin AT apple.com; ok dtucker@
 2009-01-21 16:04:24 +11:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
 2006-08-05 11:02:17 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
 2006-07-24 14:01:23 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
 2006-07-10 20:53:08 +10:00
Damien Miller 427a1d57bb - stevesk@cvs.openbsd.org 2006/07/02 22:45:59 
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
     move #include <grp.h> out of includes.h
     (portable needed uidswap.c too)
 2006-07-10 20:20:33 +10:00
Damien Miller 2e5fe88ebe - markus@cvs.openbsd.org 2006/06/08 14:45:49 
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm
 2006-06-13 13:10:00 +10:00
Damien Miller 6b4069ad56 - markus@cvs.openbsd.org 2006/06/06 10:20:20 
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm
 2006-06-13 13:05:15 +10:00
Damien Miller 2282c6e305 - djm@cvs.openbsd.org 2006/04/22 04:06:51 
[uidswap.c]
     use setres[ug]id() to permanently revoke privileges; ok deraadt@
     (ID Sync only - portable already uses setres[ug]id() whenever possible)
 2006-04-23 12:11:57 +10:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller 36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23 
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
 2006-03-26 14:22:47 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Darren Tucker 2ea9b18918 - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from 
vinschen at redhat.com.
 2005-02-22 17:57:13 +11:00
Darren Tucker 35beaddc7e - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or 
on Cygwin.  Cygwin parts from vinschen at redhat com; ok djm@
 2004-10-19 16:33:33 +10:00
Darren Tucker 2359aa985d - (dtucker) [uidswap.c] Minor KNF. ok djm@ 2004-02-24 13:17:30 +11:00
Damien Miller a811d9a9a1 - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime 
using sysconf() if available Based on patches from
   holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
 2004-02-24 13:05:11 +11:00
Darren Tucker e937be36c3 - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for 
setres[ug]id() present but not implemented (eg some Linux/glibc
   combinations).
 2003-12-17 18:53:26 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Darren Tucker fbe3b36ca9 - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the 
OS does not support permanently dropping privileges.  Patch from
   vinschen at redhat.com.
 2003-09-22 12:54:37 +10:00
Darren Tucker 9f18be63ab - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX. 2003-09-06 16:44:39 +10:00
Darren Tucker 400b8786d6 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@ 2003-06-06 10:46:04 +10:00
Damien Miller 5fe46a45c8 - (djm) Implement paranoid priv dropping checks, based on: 
"SetUID demystified" - Hao Chen, David Wagner and Drew Dean
   Proceedings of USENIX Security Symposium 2002
 2003-06-05 09:53:31 +10:00
Damien Miller 61d3680aca - deraadt@cvs.openbsd.org 2003/05/29 16:58:45 
[sshd.c uidswap.c]
     seteuid and setegid; markus ok
 2003-06-02 19:09:48 +10:00
Ben Lindstrom 18d2b5d399 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de 2002-07-30 19:32:07 +00:00
Ben Lindstrom 1fa330cf35 - stevesk@cvs.openbsd.org 2002/07/15 17:15:31 
[uidswap.c]
     little more debugging; ok markus@
 2002-07-23 21:29:49 +00:00
Ben Lindstrom 837461bf9a - (bal) Build noop setgroups() for cygwin to clean up code (For other 
platforms without the setgroups() requirement, you MUST define
   SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
 2002-06-12 16:57:14 +00:00
Ben Lindstrom 10d9936413 - stevesk@cvs.openbsd.org 2002/05/28 21:24:00 
[uidswap.c]
     use correct function name in fatal()

[See the patch above, I saw it before apply the next patch. <sigh>]
 2002-06-06 20:44:06 +00:00
Ben Lindstrom ca8943e6de - (bal) Corrected debug() in uidswap.c to match upstream. 2002-06-06 20:42:04 +00:00
Ben Lindstrom abff1dd050 - stevesk@cvs.openbsd.org 2002/05/28 17:28:02 
[uidswap.c]
     format spec change/casts and some KNF; ok markus@
 2002-06-06 20:38:49 +00:00
Ben Lindstrom af40bc6a72 - (bal) mispelling in uidswap.c (portable only) 2002-04-03 03:36:54 +00:00
Ben Lindstrom 1e259bb0bf - (bal) CVS ID sync of uidswap.c 2002-04-02 20:53:39 +00:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom 049e0dd6cf - markus@cvs.openbsd.org 2001/08/08 21:34:19 
[uidswap.c]
     undo last change; does not work for sshd
 2001-08-15 23:17:22 +00:00