Commit Graph

493 Commits

Author SHA1 Message Date
dtucker@openbsd.org 3bf2a6ac79 upstream: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the handler
preventing races between handlers, and sets SA_RESTART which should reduce
the potential for short read/write operations.

OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23 18:51:25 +11:00
Damien Miller a8bd5fdbdb Wrap copy_environment_blacklist() in #ifdef
It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler
warnings otherwise.
2020-01-21 12:32:16 +11:00
Ruben Kerkhof b3f7009c9f Fix missing prototype warning for copy_environment
This function is only used in this file, and only on Cygwin, so make
it static and hide it behind HAVE_CYGWIN.  Prevents missing prototype
warning.
2020-01-21 10:47:29 +11:00
deraadt@openbsd.org 72687c8e7c upstream: stdarg.h required more broadly; ok djm
OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
2019-11-15 08:50:10 +11:00
deraadt@openbsd.org 4d28fa78ab upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0.  errno is only updated in this case.  Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.

OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
2019-07-05 11:10:39 +10:00
Damien Miller 885bc11469 session: Do not use removed API
from Jakub Jelen
2019-04-04 02:47:40 +11:00
djm@openbsd.org 625b62634c upstream: perform removal of agent-forwarding directory in forward
setup error path with user's privileged. This is a no-op as this code always
runs with user privilege now that we no longer support running sshd with
privilege separation disabled, but as long as the privsep skeleton is there
we should follow the rules.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

bz#2969 with patch from Erik Sjölund

OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
2019-02-22 14:38:38 +11:00
djm@openbsd.org 318e4f8548 upstream: syslog when connection is dropped for attempting to run a
command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@

OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
2019-02-10 22:24:24 +11:00
Damien Miller 2ff2e19653 don't set $MAIL if UsePam=yes
PAM typically specifies the user environment if it's enabled, so don't
second guess. bz#2937; ok dtucker@
2019-02-08 14:53:35 +11:00
dtucker@openbsd.org 8c53d409ba upstream: Adapt code in the non-USE_PIPES codepath to the new packet
API. This code is not normally reachable since USE_PIPES is always defined.
bz#2961, patch from adrian.fita at gmail com.

OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a
2019-02-08 13:10:57 +11:00
Damien Miller 9b655dc9c9 last bits of old packet API / active_state global 2019-01-20 14:55:27 +11:00
djm@openbsd.org a5e2ad88ac upstream: convert session.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e
2019-01-20 09:45:18 +11:00
djm@openbsd.org 3a00a92159 upstream: convert auth.c to new packet API
with & ok markus@

OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
2019-01-20 09:45:17 +11:00
djm@openbsd.org 0fa174ebe1 upstream: begin landing remaining refactoring of packet parsing
API, started almost exactly six years ago.

This change stops including the old packet_* API by default and makes
each file that requires the old API include it explicitly. We will
commit file-by-file refactoring to remove the old API in consistent
steps.

with & ok markus@

OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
2019-01-20 09:02:10 +11:00
djm@openbsd.org f47d72ddad upstream: tun_fwd_ifnames variable should b
=?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
2019-01-17 15:47:24 +11:00
Damien Miller 8a22ffaa13 expose $SSH_CONNECTION in the PAM environment
This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741
2018-12-14 13:23:48 +11:00
djm@openbsd.org 2a35862e66 upstream: use path_absolute() for pathname checks; from Manoj Ampalam
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
2018-11-16 14:37:33 +11:00
djm@openbsd.org f1dd179e12 upstream: include a little more information about the status and
disposition of channel's extended (stderr) fd; makes debugging some things a
bit easier. No behaviour change.

OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
2018-10-04 10:44:49 +10:00
Damien Miller ff3a411cae only support SIGINFO on systems with SIGINFO 2018-10-02 22:49:40 +10:00
djm@openbsd.org cd98925c64 upstream: Add server support for signalling sessions via the SSH
channel/ session protocol. Signalling is only supported to sesssions that are
not subsystems and were not started with a forced command.

Long requested in bz#1424

Based on a patch from markus@ and reworked by dtucker@;
ok markus@ dtucker@

OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
2018-10-02 22:41:01 +10:00
deraadt@openbsd.org 21fd477a85 upstream: fix indent; Clemens Goessnitzer
OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83
2018-07-26 13:54:30 +10:00
markus@openbsd.org 5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Damien Miller 120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
markus@openbsd.org 2808d18ca4 upstream: sshd: switch loginmsg to sshbuf API; ok djm@
OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
2018-07-10 15:21:58 +10:00
markus@openbsd.org 89dd615b8b upstream: ttymodes: switch to sshbuf API; ok djm@
OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
2018-07-10 15:19:12 +10:00
Darren Tucker 3deb56f719 Fix other callers of read_environment_file.
read_environment_file recently gained an extra argument   Some platform
specific code also calls it so add the argument to those too.  Fixes
build on Solaris and AIX.
2018-07-05 13:32:01 +10:00
djm@openbsd.org 95344c2574 upstream: allow sshd_config PermitUserEnvironment to accept a
pattern-list of whitelisted environment variable names in addition to yes|no.

bz#1800, feedback and ok markus@

OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
2018-07-03 21:01:30 +10:00
djm@openbsd.org 28013759f0 upstream: add a SetEnv directive for sshd_config to allow an
administrator to explicitly specify environment variables set in sessions
started by sshd. These override the default environment and any variables set
by user configuration (PermitUserEnvironment, etc), but not the SSH_*
variables set by sshd itself.

ok markus@

OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0
2018-06-09 13:11:00 +10:00
djm@openbsd.org 3b9798bda1 upstream: reorder child environment preparation so that variables
read from ~/.ssh/environment (if enabled) do not override SSH_* variables set
by the server.

OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
2018-06-09 13:11:00 +10:00
markus@openbsd.org 7f90635216 upstream: switch config file parsing to getline(3) as this avoids
static limits noted by gerhard@; ok dtucker@, djm@

OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
2018-06-07 04:34:05 +10:00
djm@openbsd.org 93c06ab6b7 upstream: permitlisten option for authorized_keys; ok markus@
OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
2018-06-07 04:27:20 +10:00
djm@openbsd.org 115063a664 upstream: Add a PermitListen directive to control which server-side
addresses may be listened on when the client requests remote forwarding (ssh
-R).

This is the converse of the existing PermitOpen directive and this
includes some refactoring to share much of its implementation.

feedback and ok markus@

OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
2018-06-07 04:27:20 +10:00
djm@openbsd.org 9c935dd9bf upstream: make UID available as a %-expansion everywhere that the
username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@

OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
2018-06-01 13:35:59 +10:00
djm@openbsd.org 7c85685760 upstream: switch over to the new authorized_keys options API and
remove the legacy one.

Includes a fairly big refactor of auth2-pubkey.c to retain less state
between key file lines.

feedback and ok markus@

OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
2018-03-03 14:37:16 +11:00
Darren Tucker ddc0f38148 Remove UNICOS support.
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
2018-02-15 20:04:02 +11:00
Darren Tucker 3c51143c63 Whitespace sync with upstream. 2018-02-13 09:07:29 +11:00
Darren Tucker 19edfd4af7 Whitespace sync with upstream. 2018-02-13 08:25:46 +11:00
djm@openbsd.org b7548b12a6 upstream commit
Expose devices allocated for tun/tap forwarding.

At the client, the device may be obtained from a new %T expansion
for LocalCommand.

At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.

ok markus

Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2017-10-23 16:14:30 +11:00
djm@openbsd.org dbee4119b5 upstream commit
refactor channels.c

Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.

Explicitly pass "struct ssh" to all channels functions.

Replace use of the legacy packet APIs in channels.c.

Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.

ok markus@

Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
2017-09-12 17:37:02 +10:00
djm@openbsd.org de4ae07f12 upstream commit
Move several subprocess-related functions from various
locations to misc.c. Extend subprocess() to offer a little more control over
stdio disposition.

feedback & ok dtucker@

Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
2017-08-23 19:47:06 +10:00
Damien Miller 94bc1e7ffb Expose list of completed auth methods to PAM
bz#2408; ok dtucker@
2017-07-28 15:04:00 +10:00
djm@openbsd.org 8f57495927 upstream commit
refactor authentication logging

optionally record successful auth methods and public credentials
used in a file accessible to user sessions

feedback and ok markus@

Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
2017-06-24 16:56:11 +10:00
djm@openbsd.org 8904ffce05 upstream commit
no need to call log_init to reinitialise logged PID in
child sessions, since we haven't called openlog() in log_init() since 1999;
ok markus@

Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
2017-06-24 16:48:39 +10:00
deraadt@openbsd.org 9e509d4ec9 upstream commit
Switch to recallocarray() for a few operations.  Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus

Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-06-01 14:55:22 +10:00
markus@openbsd.org 1e0cdf8efb upstream commit
clear session keys from memory; ok djm@

Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
2017-06-01 14:54:46 +10:00
djm@openbsd.org 7844f357cd upstream commit
Add a sshd_config DisableForwaring option that disables
X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
anything else we might implement in the future.

This, like the 'restrict' authorized_keys flag, is intended to be a
simple and future-proof way of restricting an account. Suggested as
a complement to 'restrict' by Jann Horn; ok markus@

Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
2016-11-30 19:44:01 +11:00
otto@openbsd.org fc041c4714 upstream commit
fix previous, a condition was modified incorrectly; ok
markus@ deraadt@

Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453
2016-08-29 11:20:28 +10:00
djm@openbsd.org 83b581862a upstream commit
remove UseLogin option and support for having /bin/login
manage login sessions; ok deraadt markus dtucker

Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
2016-08-23 14:29:07 +10:00
markus@openbsd.org 6cb6dcffe1 upstream commit
remove ssh1 server code; ok djm@

Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
2016-08-14 11:19:14 +10:00
Darren Tucker aa37768f17 get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX
Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
Fixes build on AIX.
2016-06-20 15:55:34 +10:00