summaryrefslogtreecommitdiff
path: root/session.c
Commit message (Collapse)AuthorAgeFilesLines
* don't free string returned by login_getcapstr(3)Damien Miller2021-02-181-4/+1
| | | | | | | | | | OpenBSD and NetBSD require the caller to free strings returned bu the login_* functions, but FreeBSD requires that callers don't. Fortunately in this case, we can harmlessly leak as the process is about to exec the shell/command. From https://reviews.freebsd.org/D28617 via Ed Maste; ok dtucker@
* upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in pathdjm@openbsd.org2020-12-141-3/+3
| | | | OpenBSD-Commit-ID: 5c1048468813107baa872f5ee33ba51623630e01
* upstream: check result of strchr() against NULL rather thandjm@openbsd.org2020-11-281-2/+2
| | | | | | searched-for characters; from zhongjubin@huawei.com OpenBSD-Commit-ID: e6f57de1d4a4d25f8db2d44e8d58d847e247a4fe
* session.c: use "denylist" terminologyDuncan Eastoe2020-10-291-10/+10
| | | | | Follow upstream (6d755706a0059eb9e2d63517f288b75cbc3b4701) language improvements in this portable-specific code.
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-71/+60
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* Adjust portable code to match changes in 939d787d,Darren Tucker2020-07-151-2/+2
|
* upstream: correct recently broken commentsderaadt@openbsd.org2020-07-151-2/+2
| | | | OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1
* upstream: some language improvements; ok markusdjm@openbsd.org2020-07-151-10/+10
| | | | OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8
* upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - ifdjm@openbsd.org2020-07-031-2/+2
| | | | | | | sshd is in chroot mode, the likely absence of a password database will cause tilde_expand_filename() to fatal; ok dtucker@ OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1
* upstream: when redirecting sshd's log output to a file, undo thisdjm@openbsd.org2020-07-031-1/+4
| | | | | | redirection after the session child process is forked(); ok dtucker@ OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865
* upstream: Expand path to ~/.ssh/rc rather than relying on itdtucker@openbsd.org2020-06-261-8/+12
| | | | | | | | being relative to the current directory, so that it'll still be found if the shell startup changes its directory. Since the path is potentially longer, make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@ OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf
* upstream: spelling errors in comments; no code change fromdjm@openbsd.org2020-03-141-3/+3
| | | | OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924
* upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org2020-01-231-2/+2
| | | | | | | | sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
* Wrap copy_environment_blacklist() in #ifdefDamien Miller2020-01-211-0/+2
| | | | | It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler warnings otherwise.
* Fix missing prototype warning for copy_environmentRuben Kerkhof2020-01-211-1/+3
| | | | | | This function is only used in this file, and only on Cygwin, so make it static and hide it behind HAVE_CYGWIN. Prevents missing prototype warning.
* upstream: stdarg.h required more broadly; ok djmderaadt@openbsd.org2019-11-151-2/+2
| | | | OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513
* upstream: When system calls indicate an error they return -1, notderaadt@openbsd.org2019-07-051-24/+24
| | | | | | | | some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
* session: Do not use removed APIDamien Miller2019-04-041-1/+1
| | | | from Jakub Jelen
* upstream: perform removal of agent-forwarding directory in forwarddjm@openbsd.org2019-02-221-1/+3
| | | | | | | | | | | | | | setup error path with user's privileged. This is a no-op as this code always runs with user privilege now that we no longer support running sshd with privilege separation disabled, but as long as the privsep skeleton is there we should follow the rules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bz#2969 with patch from Erik Sjölund OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
* upstream: syslog when connection is dropped for attempting to run adjm@openbsd.org2019-02-101-3/+6
| | | | | | command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
* don't set $MAIL if UsePam=yesDamien Miller2019-02-081-2/+5
| | | | | PAM typically specifies the user environment if it's enabled, so don't second guess. bz#2937; ok dtucker@
* upstream: Adapt code in the non-USE_PIPES codepath to the new packetdtucker@openbsd.org2019-02-081-2/+2
| | | | | | | API. This code is not normally reachable since USE_PIPES is always defined. bz#2961, patch from adrian.fita at gmail com. OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a
* last bits of old packet API / active_state globalDamien Miller2019-01-201-32/+0
|
* upstream: convert session.c to new packet APIdjm@openbsd.org2019-01-201-64/+87
| | | | | | with & ok markus@ OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e
* upstream: convert auth.c to new packet APIdjm@openbsd.org2019-01-201-2/+2
| | | | | | with & ok markus@ OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
* upstream: begin landing remaining refactoring of packet parsingdjm@openbsd.org2019-01-201-1/+4
| | | | | | | | | | | | | API, started almost exactly six years ago. This change stops including the old packet_* API by default and makes each file that requires the old API include it explicitly. We will commit file-by-file refactoring to remove the old API in consistent steps. with & ok markus@ OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
* upstream: tun_fwd_ifnames variable should bdjm@openbsd.org2019-01-171-2/+2
| | | | | | | | | =?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
* expose $SSH_CONNECTION in the PAM environmentDamien Miller2018-12-141-4/+7
| | | | | This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741
* upstream: use path_absolute() for pathname checks; from Manoj Ampalamdjm@openbsd.org2018-11-161-2/+2
| | | | OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
* upstream: include a little more information about the status anddjm@openbsd.org2018-10-041-4/+5
| | | | | | | disposition of channel's extended (stderr) fd; makes debugging some things a bit easier. No behaviour change. OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
* only support SIGINFO on systems with SIGINFODamien Miller2018-10-021-0/+2
|
* upstream: Add server support for signalling sessions via the SSHdjm@openbsd.org2018-10-021-1/+75
| | | | | | | | | | | | channel/ session protocol. Signalling is only supported to sesssions that are not subsystems and were not started with a forced command. Long requested in bz#1424 Based on a patch from markus@ and reworked by dtucker@; ok markus@ dtucker@ OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
* upstream: fix indent; Clemens Goessnitzerderaadt@openbsd.org2018-07-261-2/+2
| | | | OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83
* upstream: remove legacy key emulation layer; ok djm@markus@openbsd.org2018-07-121-2/+2
| | | | OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
* Adapt portable to legacy buffer API removalDamien Miller2018-07-101-1/+1
|
* upstream: sshd: switch loginmsg to sshbuf API; ok djm@markus@openbsd.org2018-07-101-9/+13
| | | | OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
* upstream: ttymodes: switch to sshbuf API; ok djm@markus@openbsd.org2018-07-101-4/+2
| | | | OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
* Fix other callers of read_environment_file.Darren Tucker2018-07-051-2/+4
| | | | | | read_environment_file recently gained an extra argument Some platform specific code also calls it so add the argument to those too. Fixes build on Solaris and AIX.
* upstream: allow sshd_config PermitUserEnvironment to accept adjm@openbsd.org2018-07-031-4/+15
| | | | | | | | pattern-list of whitelisted environment variable names in addition to yes|no. bz#1800, feedback and ok markus@ OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
* upstream: add a SetEnv directive for sshd_config to allow andjm@openbsd.org2018-06-091-2/+13
| | | | | | | | | | | administrator to explicitly specify environment variables set in sessions started by sshd. These override the default environment and any variables set by user configuration (PermitUserEnvironment, etc), but not the SSH_* variables set by sshd itself. ok markus@ OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0
* upstream: reorder child environment preparation so that variablesdjm@openbsd.org2018-06-091-46/+48
| | | | | | | read from ~/.ssh/environment (if enabled) do not override SSH_* variables set by the server. OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
* upstream: switch config file parsing to getline(3) as this avoidsmarkus@openbsd.org2018-06-071-5/+6
| | | | | | static limits noted by gerhard@; ok dtucker@, djm@ OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
* upstream: permitlisten option for authorized_keys; ok markus@djm@openbsd.org2018-06-071-18/+34
| | | | OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
* upstream: Add a PermitListen directive to control which server-sidedjm@openbsd.org2018-06-071-9/+18
| | | | | | | | | | | | addresses may be listened on when the client requests remote forwarding (ssh -R). This is the converse of the existing PermitOpen directive and this includes some refactoring to share much of its implementation. feedback and ok markus@ OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
* upstream: make UID available as a %-expansion everywhere that thedjm@openbsd.org2018-06-011-3/+5
| | | | | | | | username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
* upstream: switch over to the new authorized_keys options API anddjm@openbsd.org2018-03-031-28/+57
| | | | | | | | | | | remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
* Remove UNICOS support.Darren Tucker2018-02-151-23/+0
| | | | | | | The code required to support it is quite invasive to the mainline code that is synced with upstream and is an ongoing maintenance burden. Both the hardware and software are literal museum pieces these days and we could not find anyone still running OpenSSH on one.
* Whitespace sync with upstream.Darren Tucker2018-02-131-1/+0
|
* Whitespace sync with upstream.Darren Tucker2018-02-131-4/+4
|
* upstream commitdjm@openbsd.org2017-10-231-1/+4
| | | | | | | | | | | | | | | Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
View Lorry Controller Status