tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,260 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

428 Commits

Author SHA1 Message Date
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
 2014-02-04 11:18:20 +11:00
Tim Rice 617da33c20 - (tim) [session.c] Improve error reporting on set_id(). 2014-01-22 19:16:10 -08:00
Tim Rice 9464ba6fb3 - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced 
with sftp chroot support. Move set_id call after chroot.
 2014-01-20 17:59:28 -08:00
Darren Tucker 293ee3c9f0 - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 
[session.c]
     explicitly define USE_PIPES to 1 to prevent redefinition warnings in
     portable on platforms that use pipes for everything.  From redhat @
     redhat.
 2014-01-19 15:28:01 +11:00
Damien Miller 5ff30c6b68 - djm@cvs.openbsd.org 2013/10/29 09:48:02 
[servconf.c servconf.h session.c sshd_config sshd_config.5]
     shd_config PermitTTY to disallow TTY allocation, mirroring the
     longstanding no-pty authorized_keys option;
     bz#2070, patch from Teran McKinney; ok markus@
 2013-10-30 22:21:50 +11:00
Damien Miller 71df752de2 - djm@cvs.openbsd.org 2013/10/14 21:20:52 
[session.c session.h]
     Add logging of session starts in a useful format; ok markus@ feedback and
     ok dtucker@
 2013-10-15 12:12:02 +11:00
Damien Miller 85b45e0918 - markus@cvs.openbsd.org 2013/07/19 07:37:48 
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
     [servconf.h session.c sshd.c sshd_config.5]
     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
     ok djm@
 2013-07-20 13:21:52 +10:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
 2013-06-02 08:07:31 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13 
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
 2013-06-02 07:31:17 +10:00
Damien Miller a56086b990 - djm@cvs.openbsd.org 2013/04/19 01:03:01 
[session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
 2013-04-23 15:24:18 +10:00
Damien Miller f1a02aea35 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 
[session.c]
     revert rev 1.262; it fails because uid is already set here.  ok djm@
 2013-04-23 15:22:13 +10:00
Damien Miller 998cc56b65 - djm@cvs.openbsd.org 2013/03/06 23:35:23 
[session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
 2013-04-23 15:16:43 +10:00
Damien Miller 5852840190 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 
occur after UID switch; patch from John Marshall via des AT des.no;
   ok dtucker@
 2013-03-15 11:22:37 +11:00
Damien Miller aa5b3f8314 - djm@cvs.openbsd.org 2012/12/02 20:46:11 
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
     [sshd_config.5]
     make AllowTcpForwarding accept "local" and "remote" in addition to its
     current "yes"/"no" to allow the server to specify whether just local or
     remote TCP forwarding is enabled. ok markus@
 2012-12-03 09:50:54 +11:00
Damien Miller 29cd188887 - guenther@cvs.openbsd.org 2012/03/15 03:10:27 
[session.c]
     root should always be excluded from the test for /etc/nologin instead
     of having it always enforced even when marked as ignorenologin.  This
     regressed when the logic was incompletely flipped around in rev 1.251
     ok halex@ millert@
 2012-04-22 11:08:10 +10:00
Darren Tucker 9c5d553d58 - djm@cvs.openbsd.org 2011/10/24 02:13:13 
[session.c]
     bz#1859: send tty break to pty master instead of (probably already
     closed) slave side; "looks good" markus@
 2011-11-04 10:55:24 +11:00
Damien Miller 14684a1f84 - (djm) [session.c] call setexeccon() before executing passwd for pw 
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
 2011-05-20 11:23:07 +10:00
Damien Miller f80c3deaaf - djm@cvs.openbsd.org 2010/11/25 04:10:09 
[session.c]
     replace close() loop for fds 3->64 with closefrom();
     ok markus deraadt dtucker
 2010-12-01 12:02:59 +11:00
Darren Tucker d995712383 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 
into the platform-specific code  Only affects SCO, tested by and ok tim@.
 2010-11-24 10:09:13 +11:00
Damien Miller 0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51 
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
 2010-11-20 15:19:38 +11:00
Darren Tucker b12fe272a0 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 
check into platform.c
 2010-11-05 14:47:01 +11:00
Darren Tucker cc12418e18 - (dtucker) [platform.c session.c] Move PAM credential establishment for the 
non-LOGIN_CAP case into platform.c.
 2010-11-05 13:32:52 +11:00
Darren Tucker 0b2ee6452c - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 
platform.c.
 2010-11-05 13:29:25 +11:00
Darren Tucker 676b912e78 - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. 2010-11-05 13:11:04 +11:00
Darren Tucker 7a8afe3186 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 
platform.c
 2010-11-05 13:07:24 +11:00
Darren Tucker 728d8371a1 - (dtucker) [platform.c session.c] Move the PAM credential establishment for 
the LOGIN_CAP case into platform.c.
 2010-11-05 13:00:05 +11:00
Darren Tucker 44a97be0cc - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2010-11-05 12:45:18 +11:00
Darren Tucker 4db380701d - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 
platform.c
 2010-11-05 12:41:13 +11:00
Darren Tucker 920612e45a - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 
after the user's groups are established and move the selinux calls into it.
 2010-11-05 12:36:15 +11:00
Darren Tucker 97528353c2 - (dtucker) [configure.ac platform.{c,h} session.c 
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
   ok djm@
 2010-11-05 12:03:05 +11:00
Damien Miller 8853ca5fc4 - djm@cvs.openbsd.org 2010/06/25 07:20:04 
[channels.c session.c]
     bz#1750: fix requirement for /dev/null inside ChrootDirectory for
     internal-sftp accidentally introduced in r1.253 by removing the code
     that opens and dup /dev/null to stderr and modifying the channels code
     to read stderr but discard it instead; ok markus@
 2010-06-26 10:00:14 +10:00
Damien Miller 1b2b61e6f8 - djm@cvs.openbsd.org 2010/06/22 04:59:12 
[session.c]
     include the user name on "subsystem request for ..." log messages;
     bz#1571; ok dtucker@
 2010-06-26 09:47:43 +10:00
Damien Miller 7aa46ec393 - djm@cvs.openbsd.org 2010/06/18 03:16:03 
[session.c]
     Missing check for chroot_director == "none" (we already checked against
     NULL); bz#1564 from Jan.Pechanec AT Sun.COM
 2010-06-26 09:37:57 +10:00
Damien Miller 22a29880bb - djm@cvs.openbsd.org 2010/04/23 22:42:05 
[session.c]
     set stderr to /dev/null for subsystems rather than just closing it.
     avoids hangs if a subsystem or shell initialisation writes to stderr.
     bz#1750; ok markus@
 2010-05-10 11:53:54 +10:00
Damien Miller 8b90642fcf - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - 
set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@
 2010-03-26 11:04:09 +11:00
Darren Tucker cd70e1b813 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13 
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@
 2010-03-07 23:05:17 +11:00
Darren Tucker ac0c4c9c1d - (dtucker) [session.c] Also initialize creds to NULL for handing to 
setpcred.
 2010-03-07 13:32:16 +11:00
Darren Tucker c738e6c646 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and 
do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.
 2010-03-07 13:21:12 +11:00
Darren Tucker 09aa4c000e - dtucker@cvs.openbsd.org 2010/01/12 08:33:17 
[session.c]
     Add explicit stat so we reliably detect nologin with bad perms.
     ok djm markus
 2010-01-12 19:51:48 +11:00
Darren Tucker 1b0c2455da - dtucker@cvs.openbsd.org 2010/01/12 01:31:05 
[session.c]
     Do not allow logins if /etc/nologin exists but is not readable by the user
     logging in.  Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
 2010-01-12 19:45:26 +11:00
Darren Tucker c3dc404113 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41 
[session.c]
     Warn but do not fail if stat()ing the subsystem binary fails.  This helps
     with chrootdirectory+forcecommand=sftp-server and restricted shells.
     bz #1599, ok djm.
 2010-01-08 17:09:50 +11:00
Darren Tucker d6b06a9f39 - djm@cvs.openbsd.org 2009/11/19 23:39:50 
[session.c]
     bz#1606: error when an attempt is made to connect to a server
     with ForceCommand=internal-sftp with a shell session (i.e. not a
     subsystem session). Avoids stuck client when attempting to ssh to such a
     service. ok dtucker@
 2010-01-08 17:09:11 +11:00
Darren Tucker 4d6656b103 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux 
is enabled set the security context to "sftpd_t" before running the
   internal sftp server   Based on a patch from jchadima at redhat.
 2009-10-24 15:04:12 +11:00
Darren Tucker 695ed397a5 - djm@cvs.openbsd.org 2009/10/06 04:46:40 
[session.c]
     bz#1596: fflush(NULL) before exec() to ensure that everying (motd
     in particular) has made it out before the streams go away.
 2009-10-07 09:02:18 +11:00
Darren Tucker 82edf23fff - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move 
the setpcred call on AIX to immediately before the permanently_set_uid().
   Ensures that we still have privileges when we call chroot and
   pam_open_sesson.  Based on a patch from David Leonard.
 2009-08-20 16:20:50 +10:00
Darren Tucker 43e7a358ff - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and 
header-order changes to reduce diff vs OpenBSD.
 2009-06-21 19:50:08 +10:00
Darren Tucker ac46a915e8 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06 
[session.c]
     use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
     ok djm@ markus@
 2009-06-21 17:55:23 +10:00
Darren Tucker 9d86e5d570 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c 
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
   openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
   version of Cygwin.  Patch from vinschen at redhat com.
 2009-03-08 11:40:27 +11:00
Damien Miller a1c1b6c86d - djm@cvs.openbsd.org 2009/01/22 09:46:01 
[channels.c channels.h session.c]
     make Channel->path an allocated string, saving a few bytes here and
     there and fixing bz#1380 in the process; ok markus@
 2009-01-28 16:29:49 +11:00
Darren Tucker 63917bd0da - tobias@cvs.openbsd.org 2008/11/09 12:34:47 
[session.c ssh.1]
     typo fixed (overriden -> overridden)
     ok espie, jmc
 2008-11-11 16:33:48 +11:00