diff options
| author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
| commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
| tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /sandbox-darwin.c | |
| parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
| parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'sandbox-darwin.c')
| -rw-r--r-- | sandbox-darwin.c | 54 |
1 files changed, 12 insertions, 42 deletions
diff --git a/sandbox-darwin.c b/sandbox-darwin.c index 49330642b..69901ef14 100644 --- a/sandbox-darwin.c +++ b/sandbox-darwin.c | |||
| @@ -16,12 +16,10 @@ | |||
| 16 | 16 | ||
| 17 | #include "includes.h" | 17 | #include "includes.h" |
| 18 | 18 | ||
| 19 | #include <sys/types.h> | ||
| 20 | |||
| 21 | #include "ssh-sandbox.h" | ||
| 22 | |||
| 23 | #ifdef SANDBOX_DARWIN | 19 | #ifdef SANDBOX_DARWIN |
| 24 | 20 | ||
| 21 | #include <sys/types.h> | ||
| 22 | |||
| 25 | #include <sandbox.h> | 23 | #include <sandbox.h> |
| 26 | 24 | ||
| 27 | #include <errno.h> | 25 | #include <errno.h> |
| @@ -32,6 +30,7 @@ | |||
| 32 | #include <unistd.h> | 30 | #include <unistd.h> |
| 33 | 31 | ||
| 34 | #include "log.h" | 32 | #include "log.h" |
| 33 | #include "sandbox.h" | ||
| 35 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
| 36 | 35 | ||
| 37 | /* Darwin/OS X sandbox */ | 36 | /* Darwin/OS X sandbox */ |
| @@ -40,14 +39,8 @@ struct ssh_sandbox { | |||
| 40 | pid_t child_pid; | 39 | pid_t child_pid; |
| 41 | }; | 40 | }; |
| 42 | 41 | ||
| 43 | static int | 42 | struct ssh_sandbox * |
| 44 | sandbox_darwin_probe(void) | 43 | ssh_sandbox_init(void) |
| 45 | { | ||
| 46 | return 1; | ||
| 47 | } | ||
| 48 | |||
| 49 | static void * | ||
| 50 | sandbox_darwin_init(void) | ||
| 51 | { | 44 | { |
| 52 | struct ssh_sandbox *box; | 45 | struct ssh_sandbox *box; |
| 53 | 46 | ||
| @@ -62,10 +55,9 @@ sandbox_darwin_init(void) | |||
| 62 | return box; | 55 | return box; |
| 63 | } | 56 | } |
| 64 | 57 | ||
| 65 | static void | 58 | void |
| 66 | sandbox_darwin_child(void *vbox) | 59 | ssh_sandbox_child(struct ssh_sandbox *box) |
| 67 | { | 60 | { |
| 68 | struct ssh_sandbox *box = vbox; | ||
| 69 | char *errmsg; | 61 | char *errmsg; |
| 70 | struct rlimit rl_zero; | 62 | struct rlimit rl_zero; |
| 71 | 63 | ||
| @@ -90,39 +82,17 @@ sandbox_darwin_child(void *vbox) | |||
| 90 | __func__, strerror(errno)); | 82 | __func__, strerror(errno)); |
| 91 | } | 83 | } |
| 92 | 84 | ||
| 93 | static void | 85 | void |
| 94 | sandbox_darwin_parent_finish(void *vbox) | 86 | ssh_sandbox_parent_finish(struct ssh_sandbox *box) |
| 95 | { | 87 | { |
| 96 | free(vbox); | 88 | free(box); |
| 97 | debug3("%s: finished", __func__); | 89 | debug3("%s: finished", __func__); |
| 98 | } | 90 | } |
| 99 | 91 | ||
| 100 | static void | 92 | void |
| 101 | sandbox_darwin_parent_preauth(void *box, pid_t child_pid) | 93 | ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) |
| 102 | { | 94 | { |
| 103 | struct ssh_sandbox *box = vbox; | ||
| 104 | |||
| 105 | box->child_pid = child_pid; | 95 | box->child_pid = child_pid; |
| 106 | } | 96 | } |
| 107 | 97 | ||
| 108 | Sandbox ssh_sandbox_darwin = { | ||
| 109 | "darwin", | ||
| 110 | sandbox_darwin_probe, | ||
| 111 | sandbox_darwin_init, | ||
| 112 | sandbox_darwin_child, | ||
| 113 | sandbox_darwin_parent_finish, | ||
| 114 | sandbox_darwin_parent_preauth | ||
| 115 | }; | ||
| 116 | |||
| 117 | #else /* !SANDBOX_DARWIN */ | ||
| 118 | |||
| 119 | Sandbox ssh_sandbox_darwin = { | ||
| 120 | "darwin", | ||
| 121 | NULL, | ||
| 122 | NULL, | ||
| 123 | NULL, | ||
| 124 | NULL, | ||
| 125 | NULL | ||
| 126 | }; | ||
| 127 | |||
| 128 | #endif /* SANDBOX_DARWIN */ | 98 | #endif /* SANDBOX_DARWIN */ |