Age | Commit message (Collapse) | Author |
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2013-09-14
Patch-Name: selinux-role.patch
|
|
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
[servconf.h session.c sshd.c sshd_config.5]
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
|
|
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
|
|
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@
|
|
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
|
|
[session.c]
revert rev 1.262; it fails because uid is already set here. ok djm@
|
|
[session.c]
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
|
|
occur after UID switch; patch from John Marshall via des AT des.no;
ok dtucker@
|
|
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
[sshd_config.5]
make AllowTcpForwarding accept "local" and "remote" in addition to its
current "yes"/"no" to allow the server to specify whether just local or
remote TCP forwarding is enabled. ok markus@
|
|
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
|
|
[session.c]
bz#1859: send tty break to pty master instead of (probably already
closed) slave side; "looks good" markus@
|
|
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
|
|
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
|
|
into the platform-specific code Only affects SCO, tested by and ok tim@.
|
|
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
|
|
check into platform.c
|
|
non-LOGIN_CAP case into platform.c.
|
|
platform.c.
|
|
|
|
platform.c
|
|
the LOGIN_CAP case into platform.c.
|
|
|
|
platform.c
|
|
after the user's groups are established and move the selinux calls into it.
|
|
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
|
|
[channels.c session.c]
bz#1750: fix requirement for /dev/null inside ChrootDirectory for
internal-sftp accidentally introduced in r1.253 by removing the code
that opens and dup /dev/null to stderr and modifying the channels code
to read stderr but discard it instead; ok markus@
|
|
[session.c]
include the user name on "subsystem request for ..." log messages;
bz#1571; ok dtucker@
|
|
[session.c]
Missing check for chroot_director == "none" (we already checked against
NULL); bz#1564 from Jan.Pechanec AT Sun.COM
|
|
[session.c]
set stderr to /dev/null for subsystems rather than just closing it.
avoids hangs if a subsystem or shell initialisation writes to stderr.
bz#1750; ok markus@
|
|
set up SELinux execution context before chroot() call. From Russell
Coker via Colin watson; bz#1726 ok dtucker@
|
|
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
Hold authentication debug messages until after successful authentication.
Fixes an info leak of environment variables specified in authorized_keys,
reported by Jacob Appelbaum. ok djm@
|
|
setpcred.
|
|
do not set real uid, since that's needed for the chroot, and will be set
by permanently_set_uid.
|
|
[session.c]
Add explicit stat so we reliably detect nologin with bad perms.
ok djm markus
|
|
[session.c]
Do not allow logins if /etc/nologin exists but is not readable by the user
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
|
|
[session.c]
Warn but do not fail if stat()ing the subsystem binary fails. This helps
with chrootdirectory+forcecommand=sftp-server and restricted shells.
bz #1599, ok djm.
|
|
[session.c]
bz#1606: error when an attempt is made to connect to a server
with ForceCommand=internal-sftp with a shell session (i.e. not a
subsystem session). Avoids stuck client when attempting to ssh to such a
service. ok dtucker@
|
|
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
|
|
[session.c]
bz#1596: fflush(NULL) before exec() to ensure that everying (motd
in particular) has made it out before the streams go away.
|
|
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
|
|
header-order changes to reduce diff vs OpenBSD.
|
|
[session.c]
use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
ok djm@ markus@
|
|
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
|
|
[channels.c channels.h session.c]
make Channel->path an allocated string, saving a few bytes here and
there and fixing bz#1380 in the process; ok markus@
|
|
[session.c ssh.1]
typo fixed (overriden -> overridden)
ok espie, jmc
|
|
[session.c]
Convert an unchecked strdup to xstrdup. OK deraadt@
|
|
[session.c]
allow ForceCommand internal-sftp with arguments. based on patch from
michael.barabanov AT gmail.com; ok markus@
|
|
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
|
|
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
|
|
[session.c]
suppress the warning message from chdir(homedir) failures
when chrooted (bz#1461); ok dtucker
|