- Logic to support conpty (currently disabled until validation is complete)
- fdopen() and fchmod() support for file handles
- support for auto updating known_hosts via ssh and ssh-keygen
- Support for dynamic Windows-size changes with PTY
- Changes to support OneCore SDK
- Test cases
read_environment_file recently gained an extra argument Some platform
specific code also calls it so add the argument to those too. Fixes
build on Solaris and AIX.
Current group membership resolution though very effective, is very slow. In a typical domain joined enterprise machine, adding a simple entry like the following in sshd_config
AllowGroups administrators
will incur a long delay in remote session establishment as sshd tried to pull all groups associated with the domain user.
Changes in this PR optimize the general case scenarios where no wild cards are in use. Specifically rules like this are processed promptly:
AllowGroups group1, group2, group3 //with no wild cards
Match Group group1 //single group with no negation and wild cards
Optimization is done by resolve the groupname in rule immediately to SID and checking its membership against user token. Enumerating the entire group membership is done on a lazy on-demand basis.
Beyond the optimization, there are 2 functional changes
- removed domain prefix for builtin groups
- removed domain prefix'ed versions of local groups since we are strictly following the convention that local principals shouldn't have any domain qualification.
pattern-list of whitelisted environment variable names in addition to yes|no.
bz#1800, feedback and ok markus@
OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
administrator to explicitly specify environment variables set in sessions
started by sshd. These override the default environment and any variables set
by user configuration (PermitUserEnvironment, etc), but not the SSH_*
variables set by sshd itself.
ok markus@
OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0
read from ~/.ssh/environment (if enabled) do not override SSH_* variables set
by the server.
OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
addresses may be listened on when the client requests remote forwarding (ssh
-R).
This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.
feedback and ok markus@
OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
Added utility to build session process command line - this accounts for restrictions from various shells. With these changes, scp and sftp-server are expected to be machine wide PATH if a custom shell (other than cmd.exe) is defined. Added comprehensive test cases.
Fixed issue with USERNAME env variable containing domain prefix too.
PowerShell/Win32-OpenSSH#1165PowerShell/Win32-OpenSSH#1165PowerShell/Win32-OpenSSH#1171
username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@
OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
Changes include:
- Removing sid from pwd structure to comply with Unix structure
- Integrating default shell logic within pwd
- pwd placeholder to allow logins using usernames not associated with Windows account (possible via custom LSA authentication)
- Moving all nonPTY logic from shellhost to session.c.
- ssh-shellhost is now exclusively for implementing PTY
- Spawning all session processes from within a shell
- Validation checks in safely_chroot
- Added chroot implementation that simply stores the path in internal state and sets an environment variable
- Spawned processes pickup chroot from environment variable
- Core change in realpath and resolved_path_utf16 now take into account chroot path.
- Unit tests
- Other miscellaneous changes to account for chroot enabled logic in core code
PowerShell/Win32-OpenSSH#190PowerShell/Win32-OpenSSH#292
remove the legacy one.
Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.
feedback and ok markus@
OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
Changes to installation scripts and tests to accomodate new architectural changes
Expose devices allocated for tun/tap forwarding.
At the client, the device may be obtained from a new %T expansion
for LocalCommand.
At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.
ok markus
Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
refactor channels.c
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.
feedback & ok dtucker@
Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
no need to call log_init to reinitialise logged PID in
child sessions, since we haven't called openlog() in log_init() since 1999;
ok markus@
Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
Support the unicode characters as input to the ssh client.
PowerShell/Win32-OpenSSH#711
Remove the bAnsi related code changes to the ssh-shellhost.c as that code never executes..
Fixed "long pressing key issue for the slow ssh connections"
PowerShell/Win32-OpenSSH#701
fixed warning message in the latestw_all recent commits.
Fixed the issue with ssh failures in the latestw_all recent commits.
Switch to recallocarray() for a few operations. Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus
Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
Many programs access the user's home directory as %HOMEDRIVE%%HOMEPATH%.
Without removing the drive letter from %HOMEPATH%, the result of this
concatenation is something like "C:C:\Users\mgkuhn" and results
in applications not finding the home directory.
After this change, OpenSSH will set %HOMEPATH% without a drive letter,
like Windows does, as documented at
https://support.microsoft.com/en-us/help/101507/how-windows-nt-determines-a-user-s-home-directory
I also added a safety check to test that pw_dir_w is not empty.
RegEnumValueW may return ERROR_MORE_DATA (234).
If lpData is NULL and lpcbData is non-NULL, the function stores the size of the data, in bytes, in the variable pointed to by lpcbData. This enables an application to determine the best way to allocate a buffer for the data.
If the buffer specified by lpData is not large enough to hold the data, the function returns ERROR_MORE_DATA and stores the required buffer size in the variable pointed to by lpcbData. In this case, the contents of lpData are undefined.
