summaryrefslogtreecommitdiff
path: root/session.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* Adapt portable to legacy buffer API removalDamien Miller2018-07-101-1/+1
|
* upstream: sshd: switch loginmsg to sshbuf API; ok djm@markus@openbsd.org2018-07-101-9/+13
| | | | OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
* upstream: ttymodes: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-101-4/+2
| | | | OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
* Fix other callers of read_environment_file.Darren Tucker2018-07-051-2/+4
| | | | | | read_environment_file recently gained an extra argument Some platform specific code also calls it so add the argument to those too. Fixes build on Solaris and AIX.
* upstream: allow sshd_config PermitUserEnvironment to accept adjm@openbsd.org2018-07-031-4/+15
| | | | | | | | pattern-list of whitelisted environment variable names in addition to yes|no. bz#1800, feedback and ok markus@ OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
* upstream: add a SetEnv directive for sshd_config to allow andjm@openbsd.org2018-06-091-2/+13
| | | | | | | | | | | administrator to explicitly specify environment variables set in sessions started by sshd. These override the default environment and any variables set by user configuration (PermitUserEnvironment, etc), but not the SSH_* variables set by sshd itself. ok markus@ OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0
* upstream: reorder child environment preparation so that variablesdjm@openbsd.org2018-06-091-46/+48
| | | | | | | read from ~/.ssh/environment (if enabled) do not override SSH_* variables set by the server. OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-071-5/+6
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: permitlisten option for authorized_keys; ok markus@djm@openbsd.org2018-06-071-18/+34
| | | | OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
* upstream: Add a PermitListen directive to control which server-sidedjm@openbsd.org2018-06-071-9/+18
| | | | | | | | | | | | addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
* upstream: make UID available as a %-expansion everywhere that thedjm@openbsd.org2018-06-011-3/+5
| | | | | | | | username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-28/+57
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* Remove UNICOS support.Darren Tucker2018-02-151-23/+0
| | | | | | | The code required to support it is quite invasive to the mainline code that is synced with upstream and is an ongoing maintenance burden. Both the hardware and software are literal museum pieces these days and we could not find anyone still running OpenSSH on one.
* Whitespace sync with upstream.Darren Tucker2018-02-131-1/+0
|
* Whitespace sync with upstream.Darren Tucker2018-02-131-4/+4
|
* upstream commitdjm@openbsd.org2017-10-231-1/+4
| | | | | | | | | | | | | | | Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
* upstream commitdjm@openbsd.org2017-09-121-115/+108
| | | | | | | | | | | | | | | | | | | | | | refactor channels.c Move static state to a "struct ssh_channels" that is allocated at runtime and tracked as a member of struct ssh. Explicitly pass "struct ssh" to all channels functions. Replace use of the legacy packet APIs in channels.c. Rework sshd_config PermitOpen handling: previously the configuration parser would call directly into the channels layer. After the refactor this is not possible, as the channels structures are allocated at connection time and aren't available when the configuration is parsed. The server config parser now tracks PermitOpen itself and explicitly configures the channels code later. ok markus@ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
* upstream commitdjm@openbsd.org2017-08-231-60/+1
| | | | | | | | | | Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
* Expose list of completed auth methods to PAMDamien Miller2017-07-281-6/+20
| | | | bz#2408; ok dtucker@
* upstream commitdjm@openbsd.org2017-06-241-1/+53
| | | | | | | | | | | refactor authentication logging optionally record successful auth methods and public credentials used in a file accessible to user sessions feedback and ok markus@ Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
* upstream commitdjm@openbsd.org2017-06-241-9/+1
| | | | | | | | no need to call log_init to reinitialise logged PID in child sessions, since we haven't called openlog() in log_init() since 1999; ok markus@ Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
* upstream commitderaadt@openbsd.org2017-06-011-5/+5
| | | | | | | | | Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
* upstream commitmarkus@openbsd.org2017-06-011-1/+2
| | | | | | clear session keys from memory; ok djm@ Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
* upstream commitdjm@openbsd.org2016-11-301-2/+2
| | | | | | | | | | | | Add a sshd_config DisableForwaring option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. This, like the 'restrict' authorized_keys flag, is intended to be a simple and future-proof way of restricting an account. Suggested as a complement to 'restrict' by Jann Horn; ok markus@ Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
* upstream commitotto@openbsd.org2016-08-291-10/+4
| | | | | | | fix previous, a condition was modified incorrectly; ok markus@ deraadt@ Upstream-ID: c443e339768e7ed396dff3bb55f693e7d3641453
* upstream commitdjm@openbsd.org2016-08-231-110/+61
| | | | | | | remove UseLogin option and support for having /bin/login manage login sessions; ok deraadt markus dtucker Upstream-ID: bea7213fbf158efab7e602d9d844fba4837d2712
* upstream commitmarkus@openbsd.org2016-08-141-201/+11
| | | | | | remove ssh1 server code; ok djm@ Upstream-ID: c24c0c32c49b91740d5a94ae914fb1898ea5f534
* get_remote_name_or_ip inside LOGIN_NEEDS_UTMPXDarren Tucker2016-06-201-1/+2
| | | | | | Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX. Fixes build on AIX.
* ignore PAM environment vars when UseLogin=yesDamien Miller2016-04-131-1/+1
| | | | | | | | | If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
* upstream commitdjm@openbsd.org2016-03-151-3/+31
| | | | | | | sanitise characters destined for xauth reported by github.com/tintinweb feedback and ok deraadt and markus Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
* upstream commitdjm@openbsd.org2016-03-081-10/+32
| | | | | | | | | | refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c feedback and ok markus@ Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
* upstream commitdjm@openbsd.org2016-02-171-6/+12
| | | | | | | | | | add a "Close session" log entry (at loglevel=verbose) to correspond to the existing "Starting session" one. Also include the session id number to make multiplexed sessions more apparent. feedback and ok dtucker@ Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c
* upstream commitdjm@openbsd.org2015-10-251-19/+15
| | | | | | | | | skip "Could not chdir to home directory" message when chrooted patch from Christian Hesse in bz#2485 ok dtucker@ Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
* upstream commitderaadt@openbsd.org2015-04-291-4/+4
| | | | | rename xrealloc() to xreallocarray() since it follows that form. ok djm
* upstream commitderaadt@openbsd.org2015-01-161-2/+3
| | | | | | | | | | Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* upstream commitdjm@openbsd.org2015-01-151-5/+5
| | | | | move authfd.c and its tentacles to the new buffer/key API; ok markus@
* upstream commitdjm@openbsd.org2014-12-221-2/+2
| | | | | | | | | make internal handling of filename arguments of "none" more consistent with ssh. "none" arguments are now replaced with NULL when the configuration is finalised. Simplifies checking later on (just need to test not-NULL rather than that + strcmp) and cleans up some inconsistencies. ok markus@
* - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller2014-07-181-26/+8
| | | | | | | | | | | | | | | | [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
* - djm@cvs.openbsd.org 2014/07/03 22:40:43Damien Miller2014-07-041-2/+3
| | | | | | | [servconf.c servconf.h session.c sshd.8 sshd_config.5] Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option; bz#2160; ok markus@
* - djm@cvs.openbsd.org 2014/07/03 03:34:09Damien Miller2014-07-031-2/+3
| | | | | | [gss-serv.c session.c ssh-keygen.c] standardise on NI_MAXHOST for gethostname() string lengths; about 1/2 the cases were using it already. Fixes bz#2239 en passant
* - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWareTim Rice2014-06-181-1/+14
|
* - djm@cvs.openbsd.org 2014/03/03 22:22:30Damien Miller2014-04-201-1/+1
| | | | | | | [session.c] ignore enviornment variables with embedded '=' or '\0' characters; spotted by Jann Horn; ok deraadt@ Id sync only - portable already has this.
* - djm@cvs.openbsd.org 2014/03/03 22:22:30Damien Miller2014-03-041-2/+7
| | | | | | [session.c] ignore enviornment variables with embedded '=' or '\0' characters; spotted by Jann Horn; ok deraadt@
* - tedu@cvs.openbsd.org 2014/01/31 16:39:19Damien Miller2014-02-041-2/+2
| | | | | | | | | | [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker
* - (tim) [session.c] Improve error reporting on set_id().Tim Rice2014-01-221-1/+1
|
* - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introducedTim Rice2014-01-201-0/+5
| | | | with sftp chroot support. Move set_id call after chroot.
* - dtucker@cvs.openbsd.org 2014/01/18 09:36:26Darren Tucker2014-01-191-2/+2
| | | | | | | [session.c] explicitly define USE_PIPES to 1 to prevent redefinition warnings in portable on platforms that use pipes for everything. From redhat @ redhat.
* - djm@cvs.openbsd.org 2013/10/29 09:48:02Damien Miller2013-10-301-2/+2
| | | | | | | [servconf.c servconf.h session.c sshd_config sshd_config.5] shd_config PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@
* - djm@cvs.openbsd.org 2013/10/14 21:20:52Damien Miller2013-10-151-14/+38
| | | | | | [session.c session.h] Add logging of session starts in a useful format; ok markus@ feedback and ok dtucker@
View Lorry Controller Status