- djm@cvs.openbsd.org 2013/10/29 09:48:02

[servconf.c servconf.h session.c sshd_config sshd_config.5] shd_config PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@
author: Damien Miller <djm@mindrot.org> 2013-10-30 22:21:50 +1100
committer: Damien Miller <djm@mindrot.org> 2013-10-30 22:21:50 +1100
commit: 5ff30c6b68adeee767dd29bf2369763c6a13c0b3 (patch)
tree: af34775607e7ca5317884d5c2e8460f2782b0f43
parent: 4a3a9d4bbf8048473f5cc202cd8db7164d5e6b8d (diff)
6 files changed, 33 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 54f7b0042..84283a3e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,11 @@
     [key.c key.h]
     fix potential stack exhaustion caused by nested certificates;
     report by Mateusz Kocielski; ok dtucker@ markus@
+   - djm@cvs.openbsd.org 2013/10/29 09:48:02
+     [servconf.c servconf.h session.c sshd_config sshd_config.5]
+     shd_config PermitTTY to disallow TTY allocation, mirroring the
+     longstanding no-pty authorized_keys option;
+     bz#2070, patch from Teran McKinney; ok markus@
 20131026
 - (djm) OpenBSD CVS Sync
diff --git a/servconf.c b/servconf.c
index 82146723f..0f1bdd09a 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.243 2013/10/24 00:51:48 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.244 2013/10/29 09:48:02 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -92,6 +92,7 @@ initialize_server_options(ServerOptions *options)
        options->x11_forwarding = -1;
        options->x11_display_offset = -1;
        options->x11_use_localhost = -1;
+        options->permit_tty = -1;
        options->xauth_location = NULL;
        options->strict_modes = -1;
        options->tcp_keep_alive = -1;
@@ -212,6 +213,8 @@ fill_default_server_options(ServerOptions *options)
                options->x11_use_localhost = 1;
        if (options->xauth_location == NULL)
                options->xauth_location = _PATH_XAUTH;
+        if (options->permit_tty == -1)
+                options->permit_tty = 1;
        if (options->strict_modes == -1)
                options->strict_modes = 1;
        if (options->tcp_keep_alive == -1)
@@ -329,7 +332,7 @@ typedef enum {
        sListenAddress, sAddressFamily,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
        sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-        sStrictModes, sEmptyPasswd, sTCPKeepAlive,
+        sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
        sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
        sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -462,6 +465,7 @@ static struct {
        { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
        { "acceptenv", sAcceptEnv, SSHCFG_ALL },
        { "permittunnel", sPermitTunnel, SSHCFG_ALL },
+        { "permittty", sPermitTTY, SSHCFG_ALL },
        { "match", sMatch, SSHCFG_ALL },
        { "permitopen", sPermitOpen, SSHCFG_ALL },
        { "forcecommand", sForceCommand, SSHCFG_ALL },
@@ -1132,6 +1136,10 @@ process_server_config_line(ServerOptions *options, char *line,
                charptr = &options->xauth_location;
                goto parse_filename;
+        case sPermitTTY:
+                intptr = &options->permit_tty;
+                goto parse_flag;
        case sStrictModes:
                intptr = &options->strict_modes;
                goto parse_flag;
@@ -1783,6 +1791,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
        M_CP_INTOPT(x11_display_offset);
        M_CP_INTOPT(x11_forwarding);
        M_CP_INTOPT(x11_use_localhost);
+        M_CP_INTOPT(permit_tty);
        M_CP_INTOPT(max_sessions);
        M_CP_INTOPT(max_authtries);
        M_CP_INTOPT(ip_qos_interactive);
@@ -2013,6 +2022,7 @@ dump_config(ServerOptions *o)
        dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
        dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
        dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+        dump_cfg_fmtint(sPermitTTY, o->permit_tty);
        dump_cfg_fmtint(sStrictModes, o->strict_modes);
        dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
        dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
diff --git a/servconf.h b/servconf.h
index 98aad8ba2..2d4b6ecb4 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.109 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.110 2013/10/29 09:48:02 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -82,6 +82,7 @@ typedef struct {
                                         * searching at */
        int     x11_use_localhost;      /* If true, use localhost for fake X11 server. */
        char   *xauth_location; /* Location of xauth program */
+        int     permit_tty;     /* If false, deny pty allocation */
        int     strict_modes;   /* If true, require string home dir modes. */
        int     tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
        int     ip_qos_interactive;     /* IP ToS/DSCP/class for interactive */
diff --git a/session.c b/session.c
index 6e48a2fae..a0a0c2d9c 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.267 2013/10/14 21:20:52 djm Exp $ */
+/* $OpenBSD: session.c,v 1.268 2013/10/29 09:48:02 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -2062,7 +2062,7 @@ session_pty_req(Session *s)
        u_int len;
        int n_bytes;
-        if (no_pty_flag) {
+        if (no_pty_flag || !options.permit_tty) {
                debug("Allocating a pty not permitted for this authentication.");
                return 0;
        }
diff --git a/sshd_config b/sshd_config
index dbda7491e..235459af0 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.91 2013/09/07 13:53:11 sthen Exp $
+#       $OpenBSD: sshd_config,v 1.92 2013/10/29 09:48:02 djm Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -101,6 +101,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
+#PermitTTY yes
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
@@ -127,4 +128,5 @@ Subsystem	sftp	/usr/libexec/sftp-server
 #Match User anoncvs
 #       X11Forwarding no
 #       AllowTcpForwarding no
+#       PermitTTY no
 #       ForceCommand cvs server
diff --git a/sshd_config.5 b/sshd_config.5
index 0536cc3c6..c3e30e614 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.163 2013/10/24 00:51:48 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.164 2013/10/29 09:48:02 djm Exp $
-.Dd $Mdocdate: October 24 2013 $
+.Dd $Mdocdate: October 29 2013 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -813,6 +813,7 @@ Available keywords are
 .Cm PermitEmptyPasswords ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
+.Cm PermitTTY ,
 .Cm PermitTunnel ,
 .Cm PubkeyAuthentication ,
 .Cm RekeyLimit ,
@@ -942,6 +943,12 @@ and
 .Dq ethernet .
 The default is
 .Dq no .
+.It Cm PermitTTY
+Specifies whether
+.Xr pty 7
+allocation is permitted.
+The default is
+.Dq yes .
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment
author	Damien Miller <djm@mindrot.org>	2013-10-30 22:21:50 +1100
committer	Damien Miller <djm@mindrot.org>	2013-10-30 22:21:50 +1100
commit	5ff30c6b68adeee767dd29bf2369763c6a13c0b3 (patch)
tree	af34775607e7ca5317884d5c2e8460f2782b0f43
parent	4a3a9d4bbf8048473f5cc202cd8db7164d5e6b8d (diff)