[session.c]
set stderr to /dev/null for subsystems rather than just closing it.
avoids hangs if a subsystem or shell initialisation writes to stderr.
bz#1750; ok markus@
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
Hold authentication debug messages until after successful authentication.
Fixes an info leak of environment variables specified in authorized_keys,
reported by Jacob Appelbaum. ok djm@
[session.c]
Warn but do not fail if stat()ing the subsystem binary fails. This helps
with chrootdirectory+forcecommand=sftp-server and restricted shells.
bz #1599, ok djm.
[session.c]
bz#1606: error when an attempt is made to connect to a server
with ForceCommand=internal-sftp with a shell session (i.e. not a
subsystem session). Avoids stuck client when attempting to ssh to such a
service. ok dtucker@
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
[channels.c channels.h session.c]
make Channel->path an allocated string, saving a few bytes here and
there and fixing bz#1380 in the process; ok markus@
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
[session.c]
re-add the USE_PIPES code and enable it.
without pipes shutdown-read from the sshd does not trigger
a SIGPIPE when the forked program does a write.
ok djm@
(Id sync only, USE_PIPES never left portable OpenSSH)
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
[sshd_config sshd_config.5]
Make the maximum number of sessions run-time controllable via
a sshd_config MaxSessions knob. This is useful for disabling
login/shell/subsystem access while leaving port-forwarding working
(MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
simply increasing the number of allows multiplexed sessions.
Because some bozos are sure to configure MaxSessions in excess of the
number of available file descriptors in sshd (which, at peak, might be
as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
on error paths, and make it fail gracefully on out-of-fd conditions -
sending channel errors instead of than exiting with fatal().
bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
ok markus@
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
[ssh.c sshd.c]
Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
[servconf.c servconf.h session.c sshd_config.5]
Enable the AllowAgentForwarding option in sshd_config (global and match
context), to specify if agents should be permitted on the server.
As the man page states:
``Note that disabling Agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.''
ok djm@, ok and a mild frown markus@
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
[channels.c session.c]
normalise some inconsistent (but harmless) NULL pointer checks
spotted by the Stanford SATURN tool, via Isil Dillig;
ok markus@ deraadt@
Damien Miller
Darren Tucker
Tim Rice