Commit Graph

521 Commits

Author SHA1 Message Date
Darren Tucker
f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
a56086b990 - djm@cvs.openbsd.org 2013/04/19 01:03:01
[session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
2013-04-23 15:24:18 +10:00
Damien Miller
f1a02aea35 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
[session.c]
     revert rev 1.262; it fails because uid is already set here.  ok djm@
2013-04-23 15:22:13 +10:00
Damien Miller
998cc56b65 - djm@cvs.openbsd.org 2013/03/06 23:35:23
[session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
2013-04-23 15:16:43 +10:00
Damien Miller
5852840190 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
occur after UID switch; patch from John Marshall via des AT des.no;
   ok dtucker@
2013-03-15 11:22:37 +11:00
Damien Miller
aa5b3f8314 - djm@cvs.openbsd.org 2012/12/02 20:46:11
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
     [sshd_config.5]
     make AllowTcpForwarding accept "local" and "remote" in addition to its
     current "yes"/"no" to allow the server to specify whether just local or
     remote TCP forwarding is enabled. ok markus@
2012-12-03 09:50:54 +11:00
Damien Miller
29cd188887 - guenther@cvs.openbsd.org 2012/03/15 03:10:27
[session.c]
     root should always be excluded from the test for /etc/nologin instead
     of having it always enforced even when marked as ignorenologin.  This
     regressed when the logic was incompletely flipped around in rev 1.251
     ok halex@ millert@
2012-04-22 11:08:10 +10:00
Darren Tucker
9c5d553d58 - djm@cvs.openbsd.org 2011/10/24 02:13:13
[session.c]
     bz#1859: send tty break to pty master instead of (probably already
     closed) slave side; "looks good" markus@
2011-11-04 10:55:24 +11:00
Damien Miller
14684a1f84 - (djm) [session.c] call setexeccon() before executing passwd for pw
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2011-05-20 11:23:07 +10:00
Damien Miller
f80c3deaaf - djm@cvs.openbsd.org 2010/11/25 04:10:09
[session.c]
     replace close() loop for fds 3->64 with closefrom();
     ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
Darren Tucker
d995712383 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
into the platform-specific code  Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
Damien Miller
0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Darren Tucker
b12fe272a0 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
check into platform.c
2010-11-05 14:47:01 +11:00
Darren Tucker
cc12418e18 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
Darren Tucker
0b2ee6452c - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
platform.c.
2010-11-05 13:29:25 +11:00
Darren Tucker
676b912e78 - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. 2010-11-05 13:11:04 +11:00
Darren Tucker
7a8afe3186 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
platform.c
2010-11-05 13:07:24 +11:00
Darren Tucker
728d8371a1 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
the LOGIN_CAP case into platform.c.
2010-11-05 13:00:05 +11:00
Darren Tucker
44a97be0cc - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2010-11-05 12:45:18 +11:00
Darren Tucker
4db380701d - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
platform.c
2010-11-05 12:41:13 +11:00
Darren Tucker
920612e45a - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
after the user's groups are established and move the selinux calls into it.
2010-11-05 12:36:15 +11:00
Darren Tucker
97528353c2 - (dtucker) [configure.ac platform.{c,h} session.c
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
   ok djm@
2010-11-05 12:03:05 +11:00
Damien Miller
8853ca5fc4 - djm@cvs.openbsd.org 2010/06/25 07:20:04
[channels.c session.c]
     bz#1750: fix requirement for /dev/null inside ChrootDirectory for
     internal-sftp accidentally introduced in r1.253 by removing the code
     that opens and dup /dev/null to stderr and modifying the channels code
     to read stderr but discard it instead; ok markus@
2010-06-26 10:00:14 +10:00
Damien Miller
1b2b61e6f8 - djm@cvs.openbsd.org 2010/06/22 04:59:12
[session.c]
     include the user name on "subsystem request for ..." log messages;
     bz#1571; ok dtucker@
2010-06-26 09:47:43 +10:00
Damien Miller
7aa46ec393 - djm@cvs.openbsd.org 2010/06/18 03:16:03
[session.c]
     Missing check for chroot_director == "none" (we already checked against
     NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2010-06-26 09:37:57 +10:00
Damien Miller
22a29880bb - djm@cvs.openbsd.org 2010/04/23 22:42:05
[session.c]
     set stderr to /dev/null for subsystems rather than just closing it.
     avoids hangs if a subsystem or shell initialisation writes to stderr.
     bz#1750; ok markus@
2010-05-10 11:53:54 +10:00
Damien Miller
8b90642fcf - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@
2010-03-26 11:04:09 +11:00
Darren Tucker
cd70e1b813 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@
2010-03-07 23:05:17 +11:00
Darren Tucker
ac0c4c9c1d - (dtucker) [session.c] Also initialize creds to NULL for handing to
setpcred.
2010-03-07 13:32:16 +11:00
Darren Tucker
c738e6c646 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.
2010-03-07 13:21:12 +11:00
Darren Tucker
09aa4c000e - dtucker@cvs.openbsd.org 2010/01/12 08:33:17
[session.c]
     Add explicit stat so we reliably detect nologin with bad perms.
     ok djm markus
2010-01-12 19:51:48 +11:00
Darren Tucker
1b0c2455da - dtucker@cvs.openbsd.org 2010/01/12 01:31:05
[session.c]
     Do not allow logins if /etc/nologin exists but is not readable by the user
     logging in.  Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
2010-01-12 19:45:26 +11:00
Darren Tucker
c3dc404113 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41
[session.c]
     Warn but do not fail if stat()ing the subsystem binary fails.  This helps
     with chrootdirectory+forcecommand=sftp-server and restricted shells.
     bz #1599, ok djm.
2010-01-08 17:09:50 +11:00
Darren Tucker
d6b06a9f39 - djm@cvs.openbsd.org 2009/11/19 23:39:50
[session.c]
     bz#1606: error when an attempt is made to connect to a server
     with ForceCommand=internal-sftp with a shell session (i.e. not a
     subsystem session). Avoids stuck client when attempting to ssh to such a
     service. ok dtucker@
2010-01-08 17:09:11 +11:00
Darren Tucker
4d6656b103 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
is enabled set the security context to "sftpd_t" before running the
   internal sftp server   Based on a patch from jchadima at redhat.
2009-10-24 15:04:12 +11:00
Darren Tucker
695ed397a5 - djm@cvs.openbsd.org 2009/10/06 04:46:40
[session.c]
     bz#1596: fflush(NULL) before exec() to ensure that everying (motd
     in particular) has made it out before the streams go away.
2009-10-07 09:02:18 +11:00
Darren Tucker
82edf23fff - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
the setpcred call on AIX to immediately before the permanently_set_uid().
   Ensures that we still have privileges when we call chroot and
   pam_open_sesson.  Based on a patch from David Leonard.
2009-08-20 16:20:50 +10:00
Darren Tucker
43e7a358ff - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
header-order changes to reduce diff vs OpenBSD.
2009-06-21 19:50:08 +10:00
Darren Tucker
ac46a915e8 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06
[session.c]
     use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
     ok djm@ markus@
2009-06-21 17:55:23 +10:00
Darren Tucker
9d86e5d570 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
   openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
   version of Cygwin.  Patch from vinschen at redhat com.
2009-03-08 11:40:27 +11:00
Damien Miller
a1c1b6c86d - djm@cvs.openbsd.org 2009/01/22 09:46:01
[channels.c channels.h session.c]
     make Channel->path an allocated string, saving a few bytes here and
     there and fixing bz#1380 in the process; ok markus@
2009-01-28 16:29:49 +11:00
Darren Tucker
63917bd0da - tobias@cvs.openbsd.org 2008/11/09 12:34:47
[session.c ssh.1]
     typo fixed (overriden -> overridden)
     ok espie, jmc
2008-11-11 16:33:48 +11:00
Damien Miller
d58f56000c - millert@cvs.openbsd.org 2008/10/02 14:39:35
[session.c]
     Convert an unchecked strdup to xstrdup.  OK deraadt@
2008-11-03 19:20:49 +11:00
Damien Miller
ad793d59a9 - djm@cvs.openbsd.org 2008/08/21 04:09:57
[session.c]
     allow ForceCommand internal-sftp with arguments. based on patch from
     michael.barabanov AT gmail.com; ok markus@
2008-11-03 19:17:57 +11:00
Darren Tucker
ed3cdc0a7c - dtucker@cvs.openbsd.org 2008/06/16 13:22:53
[session.c channels.c]
     Rename the isatty argument to is_tty so we don't shadow
     isatty(3).  ok markus@
2008-06-16 23:29:18 +10:00
Damien Miller
d310d51bad - djm@cvs.openbsd.org 2008/06/15 20:06:26
[channels.c channels.h session.c]
     don't call isatty() on a pty master, instead pass a flag down to
     channel_set_fds() indicating that te fds refer to a tty. Fixes a
     hang on exit on Solaris (bz#1463) in portable but is actually
     a generic bug; ok dtucker deraadt markus
2008-06-16 07:59:23 +10:00
Damien Miller
6051c94a0a - djm@cvs.openbsd.org 2008/06/14 18:33:43
[session.c]
     suppress the warning message from chdir(homedir) failures
     when chrooted (bz#1461); ok dtucker
2008-06-16 07:53:16 +10:00
Damien Miller
2ff1ca56eb - markus@cvs.openbsd.org 2008/05/09 16:16:06
[session.c]
     re-add the USE_PIPES code and enable it.
     without pipes shutdown-read from the sshd does not trigger
     a SIGPIPE when the forked program does a write.
     ok djm@
     (Id sync only, USE_PIPES never left portable OpenSSH)
2008-05-19 16:04:56 +10:00
Damien Miller
7207f64a23 - djm@cvs.openbsd.org 2008/05/08 12:21:16
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
     [sshd_config sshd_config.5]
     Make the maximum number of sessions run-time controllable via
     a sshd_config MaxSessions knob. This is useful for disabling
     login/shell/subsystem access while leaving port-forwarding working
     (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
     simply increasing the number of allows multiplexed sessions.
     Because some bozos are sure to configure MaxSessions in excess of the
     number of available file descriptors in sshd (which, at peak, might be
     as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
     on error paths, and make it fail gracefully on out-of-fd conditions -
     sending channel errors instead of than exiting with fatal().
     bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
     ok markus@
2008-05-19 15:34:50 +10:00
Damien Miller
b84886ba3e - djm@cvs.openbsd.org 2008/05/08 12:02:23
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
     [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
     [ssh.c sshd.c]
     Implement a channel success/failure status confirmation callback
     mechanism. Each channel maintains a queue of callbacks, which will
     be drained in order (RFC4253 guarantees confirm messages are not
     reordered within an channel).
     Also includes a abandonment callback to clean up if a channel is
     closed without sending confirmation messages. This probably
     shouldn't happen in compliant implementations, but it could be
     abused to leak memory.
     ok markus@ (as part of a larger diff)
2008-05-19 15:05:07 +10:00
Damien Miller
4f755cdc05 - pyr@cvs.openbsd.org 2008/05/07 05:49:37
[servconf.c servconf.h session.c sshd_config.5]
     Enable the AllowAgentForwarding option in sshd_config (global and match
     context), to specify if agents should be permitted on the server.
     As the man page states:
     ``Note that disabling Agent forwarding does not improve security
     unless users are also denied shell access, as they can always install
     their own forwarders.''
     ok djm@, ok and a mild frown markus@
2008-05-19 14:57:41 +10:00
Damien Miller
ff0dd88999 - djm@cvs.openbsd.org 2008/04/18 22:01:33
[session.c]
     remove unneccessary parentheses
2008-05-19 14:55:02 +10:00
Damien Miller
95e80955f2 - djm@cvs.openbsd.org 2008/03/26 21:28:14
[auth-options.c auth-options.h session.c sshd.8]
     add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
2008-03-27 11:03:05 +11:00
Damien Miller
55360e1ceb - djm@cvs.openbsd.org 2008/03/25 23:01:41
[session.c]
     last patch had backwards test; spotted by termim AT gmail.com
2008-03-27 11:02:27 +11:00
Damien Miller
a1b48ccf2d - djm@cvs.openbsd.org 2008/03/25 11:58:02
[session.c sshd_config.5]
     ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
     from dtucker@ ok deraadt@ djm@
2008-03-27 11:02:02 +11:00
Darren Tucker
b8eb586412 - (dtucker) Cache selinux status earlier so we know if it's enabled after a
chroot.  Allows ChrootDirectory to work with selinux support compiled in
   but not enabled.  Using it with selinux enabled will require some selinux
   support inside the chroot.  "looks sane" djm@
2008-03-27 07:27:20 +11:00
Damien Miller
a193900674 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
crashes when used with ChrootDirectory
2008-03-15 17:27:58 +11:00
Darren Tucker
52358d6df3 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
pam_open_session and pam_close_session into the privsep monitor, which
   will ensure that pam_session_close is called as root.  Patch from Tomas
   Mraz.
2008-03-11 22:58:25 +11:00
Damien Miller
7cb2b56b1c - djm@cvs.openbsd.org 2008/02/22 05:58:56
[session.c]
     closefrom() call was too early, delay it until just before we execute
     the user's rc files (if any).
2008-03-07 18:33:12 +11:00
Damien Miller
767087b8ec - markus@cvs.openbsd.org 2008/02/20 15:25:26
[session.c]
     correct boolean encoding for coredump; der Mouse via dugsong
2008-03-07 18:32:42 +11:00
Damien Miller
76e95daad1 - djm@cvs.openbsd.org 2008/02/13 22:38:17
[servconf.h session.c sshd.c]
     rekey arc4random and OpenSSL RNG in postauth child
     closefrom fds > 2 before shell/command execution
     ok markus@
2008-03-07 18:31:24 +11:00
Damien Miller
54e3773ccb - djm@cvs.openbsd.org 2008/02/10 10:54:29
[servconf.c session.c]
     delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
     home, rather than the user who starts sshd (probably root)
2008-02-10 22:48:55 +11:00
Damien Miller
d8cb1f184f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in
     chroot required). ok markus@
2008-02-10 22:40:12 +11:00
Damien Miller
dfc24258a7 - markus@cvs.openbsd.org 2008/02/04 21:53:00
[session.c sftp-server.c sftp.h]
     link sftp-server into sshd; feedback and ok djm@
2008-02-10 22:29:40 +11:00
Damien Miller
14b017d6f2 - gilles@cvs.openbsd.org 2007/09/11 15:47:17
[session.c ssh-keygen.c sshlogin.c]
     use strcspn to properly overwrite '\n' in fgets returned buffer
     ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 16:09:15 +10:00
Damien Miller
6ef50134c2 - djm@cvs.openbsd.org 2007/08/23 02:55:51
[auth-passwd.c auth.c session.c]
     missed include bits from last commit
     NB. RCS ID sync only for portable
2007-09-17 11:54:24 +10:00
Damien Miller
6572db28fd - djm@cvs.openbsd.org 2007/08/23 02:49:43
[auth-passwd.c auth.c session.c]
     unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
     NB. RCS ID sync only for portable
2007-09-17 11:52:59 +10:00
Darren Tucker
9142e1c66d - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
connections too.  Based on a patch from Sandro Wefel, with & ok djm@
2007-08-16 23:28:04 +10:00
Darren Tucker
2d9636471b - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
   with pam_dhkeys.  Patch from David Leonard, ok djm@
2007-08-13 23:11:56 +10:00
Tim Rice
99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker
82a3d2bc6f - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
     spaces
2007-02-19 22:10:25 +11:00
Damien Miller
990b1a80b5 - djm@cvs.openbsd.org 2006/10/09 23:36:11
[session.c]
     xmalloc -> xcalloc that was missed previously, from portable
     (NB. Id sync only for portable, obviously)
2006-10-24 03:01:56 +10:00
Damien Miller
ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller
d5fe0baa73 - djm@cvs.openbsd.org 2006/08/29 10:40:19
[channels.c session.c]
     normalise some inconsistent (but harmless) NULL pointer checks
     spotted by the Stanford SATURN tool, via Isil Dillig;
     ok markus@ deraadt@
2006-08-30 11:07:39 +10:00
Damien Miller
3f8123c804 - markus@cvs.openbsd.org 2006/08/18 09:15:20
[auth.h session.c sshd.c]
     delay authentication related cleanups until we're authenticated and
     all alarms have been cancelled; ok deraadt
2006-08-19 00:32:46 +10:00
Damien Miller
9ab00b44c1 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
[monitor.c session.c ssh-agent.c]
     spaces
2006-08-05 12:40:11 +10:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller
8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller
ad5ecbf072 - (djm) [session.c]
fix compile error with -Werror -Wall: 'path' is only used in
   do_setup_env() if HAVE_LOGIN_CAP is not defined
2006-07-24 15:03:06 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
1cdde6f536 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
[auth1.c serverloop.c session.c sshconnect2.c]
     missed some needed #include <unistd.h> when KERBEROS5=no; issue from
     massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
Damien Miller
e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Darren Tucker
3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker
e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Damien Miller
e33b60343b - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
[monitor.c session.c]
     missed these from last commit:
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:34 +10:00
Damien Miller
e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller
9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller
917f9b6b6e - djm@cvs.openbsd.org 2006/07/06 10:47:05
[servconf.c servconf.h session.c sshd_config.5]
     support arguments to Subsystem commands; ok markus@
2006-07-10 20:36:47 +10:00
Damien Miller
efc04e70b8 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
[channels.c includes.h]
     move #include <arpa/inet.h> out of includes.h; old ok djm@
     (portable needed session.c too)
2006-07-10 20:26:27 +10:00
Damien Miller
427a1d57bb - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
     move #include <grp.h> out of includes.h
     (portable needed uidswap.c too)
2006-07-10 20:20:33 +10:00
Darren Tucker
d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
2006-05-04 16:24:34 +10:00
Damien Miller
525a0b090f - djm@cvs.openbsd.org 2006/04/20 21:53:44
[includes.h session.c sftp.c]
     Switch from using pipes to socketpairs for communication between
     sftp/scp and ssh, and between sshd and its subprocesses. This saves
     a file descriptor per session and apparently makes userland ppp over
     ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
     decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
Damien Miller
73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
2006-03-26 14:22:47 +11:00
Damien Miller
9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller
c91e556d8a - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
[kex.c kex.h monitor.c myproposal.h session.c]
     spacing
2006-03-26 13:58:55 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller
1cf76d97f9 - djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
     fix logout recording when privilege separation is disabled, analysis and
     patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
     NB. ID sync only - patch already in portable
2006-03-15 12:01:14 +11:00
Damien Miller
6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller
f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller
9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Tim Rice
83d2f5fedf - (tim) [session.c] Logout records were not updated on systems with
post auth privsep disabled due to bug 1086 changes. Analysis and patch
   by vinschen at redhat.com. OK tim@, dtucker@.
2006-02-07 15:17:44 -08:00
Damien Miller
7bff1a9b5e - djm@cvs.openbsd.org 2005/12/24 02:27:41
[session.c sshd.c]
     eliminate some code duplicated in privsep and non-privsep paths, and
     explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
Darren Tucker
635518705a - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
[ssh_config.5 session.c]
     spelling: fowarding, fowarded
2005-12-20 16:14:15 +11:00
Damien Miller
d47c62a714 - markus@cvs.openbsd.org 2005/12/12 13:46:18
[channels.c channels.h session.c]
     make sure protocol messages for internal channels are ignored.
     allow adjust messages for non-open channels; with and ok djm@
2005-12-13 19:33:57 +11:00
Damien Miller
788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller
39eda6eb6a - djm@cvs.openbsd.org 2005/10/10 10:23:08
[channels.c channels.h clientloop.c serverloop.c session.c]
     fix regression I introduced in 4.2: X11 forwardings initiated after
     a session has exited (e.g. "(sleep 5; xterm) &") would not start.
     bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
2005-11-05 14:52:50 +11:00
Darren Tucker
42308a4374 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
enabled, instead allow PAM to handle it.  Note that on platforms using PAM,
   the pam_nologin module should be added to sshd's session stack in order to
   maintain exising behaviour.  Based on patch and discussion from t8m at
   centrum.cz, ok djm@
2005-10-30 15:31:55 +11:00
Tim Rice
66fd217e8e - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
   Feedback and OK dtucker@
2005-08-31 09:59:49 -07:00
Tim Rice
2291c00ab2 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
   by tim@. Feedback and OK dtucker@
2005-08-26 13:15:19 -07:00
Damien Miller
9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller
0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller
2b9b045d93 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
- djm@cvs.openbsd.org 2005/07/17 06:49:04
     [channels.c channels.h session.c session.h]
     Fix a number of X11 forwarding channel leaks:
     1. Refuse multiple X11 forwarding requests on the same session
     2. Clean up all listeners after a single_connection X11 forward, not just
        the one that made the single connection
     3. Destroy X11 listeners when the session owning them goes away
     testing and ok dtucker@
2005-07-17 17:19:24 +10:00
Damien Miller
46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
2005-07-17 17:02:09 +10:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller
7dff869dd9 tiny KNF nit 2005-05-26 11:34:51 +10:00
Darren Tucker
48554152b9 - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
UseLogin is set as PAM is not used to establish credentials in that
   case.  Found by Michael Selvesteen, ok djm@
2005-04-21 19:50:55 +10:00
Darren Tucker
2b59a6dad6 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
Darren Tucker
c97b01af62 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
   privsep=yes.  Patch from deengert at anl.gov, ok'ed in principle by Sam
   Hartman and similar to Debian's ssh-krb5 package.
2005-02-16 16:47:37 +11:00
Darren Tucker
33370e0287 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
the username to be passed to the passwd command when changing expired
   passwords.  ok djm@
2005-02-09 22:17:28 +11:00
Darren Tucker
2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker
172a5e8cb8 - markus@cvs.openbsd.org 2004/12/23 17:35:48
[session.c]
     check for NULL; from mpech
2005-01-20 10:55:46 +11:00
Darren Tucker
a2a3ed0010 - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ 2004-09-11 23:09:53 +10:00
Darren Tucker
69687f4b65 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way
   /etc/nologin is handled.  ok djm@
2004-09-11 22:17:26 +10:00
Darren Tucker
14c372d49d - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
copy required environment variables on Cygwin.  Patch from vinschen at
   redhat.com, ok djm@
2004-08-30 20:42:08 +10:00
Darren Tucker
5cb30ad2ec - markus@cvs.openbsd.org 2004/07/28 09:40:29
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
     sshconnect1.c]
     more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Darren Tucker
0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
2004-07-17 17:05:14 +10:00
Darren Tucker
fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
0a44d1ecf3 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
Ensures messages from PAM modules are displayed when privsep=no.

Note: I did not want to just move display_loginmsg since that would change
existing behaviour (order of expiry warnings, "Last Login", motd) to less
like the native tools.
2004-07-01 09:48:29 +10:00
Damien Miller
a6b1d169e6 - djm@cvs.openbsd.org 2004/06/30 08:36:59
[session.c]
     unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
2004-06-30 22:41:07 +10:00
Darren Tucker
723e945b55 - djm@cvs.openbsd.org 2004/06/21 17:53:03
[session.c]
     fix fd leak for multiple subsystem connections; with markus@
2004-06-22 12:57:08 +10:00
Darren Tucker
1f8311c836 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
     packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
     improve some code lint did not like; djm millert ok
2004-05-13 16:39:33 +10:00
Darren Tucker
e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
Darren Tucker
46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Damien Miller
9c870f966a - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
file using FILE: method, fixes problems on Mac OSX.
   Patch from simon@sxw.org.uk; ok dtucker@
2004-04-16 22:47:55 +10:00
Darren Tucker
ac7c998a2d - (dtucker) [session.c] Flush stdout after displaying loginmsg. From
f_mohr at yahoo.de.
2004-04-07 08:04:09 +10:00
Darren Tucker
b385059346 - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent
duplicate login messages for mutli-session logins.  ok djm@
2004-03-27 16:44:21 +11:00
Darren Tucker
1825f26d21 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
non-interactive path.  ok djm@
2004-02-24 00:01:27 +11:00
Darren Tucker
1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker
23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker
ef3a4a208c - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
user, since some modules might fail due to lack of privilege.  ok djm@
2004-02-06 15:30:50 +11:00