summaryrefslogtreecommitdiff
path: root/session.c
AgeCommit message (Collapse)Author
2010-03-31* New upstream release (LP: #535029).Colin Watson
- After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561).
2010-03-07 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13Darren Tucker
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
2010-03-07 - (dtucker) [session.c] Also initialize creds to NULL for handing toDarren Tucker
setpcred.
2010-03-07 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot andDarren Tucker
do not set real uid, since that's needed for the chroot, and will be set by permanently_set_uid.
2010-01-24* New upstream release.Colin Watson
* Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
2010-01-12 - dtucker@cvs.openbsd.org 2010/01/12 08:33:17Darren Tucker
[session.c] Add explicit stat so we reliably detect nologin with bad perms. ok djm markus
2010-01-12 - dtucker@cvs.openbsd.org 2010/01/12 01:31:05Darren Tucker
[session.c] Do not allow logins if /etc/nologin exists but is not readable by the user logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
2010-01-08 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41Darren Tucker
[session.c] Warn but do not fail if stat()ing the subsystem binary fails. This helps with chrootdirectory+forcecommand=sftp-server and restricted shells. bz #1599, ok djm.
2010-01-08 - djm@cvs.openbsd.org 2009/11/19 23:39:50Darren Tucker
[session.c] bz#1606: error when an attempt is made to connect to a server with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@
2010-01-02Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:Colin Watson
#556644).
2009-10-24 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinuxDarren Tucker
is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat.
2009-10-07 - djm@cvs.openbsd.org 2009/10/06 04:46:40Darren Tucker
[session.c] bz#1596: fflush(NULL) before exec() to ensure that everying (motd in particular) has made it out before the streams go away.
2009-08-20 - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: moveDarren Tucker
the setpcred call on AIX to immediately before the permanently_set_uid(). Ensures that we still have privileges when we call chroot and pam_open_sesson. Based on a patch from David Leonard.
2009-06-21 - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace andDarren Tucker
header-order changes to reduce diff vs OpenBSD.
2009-06-21 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06Darren Tucker
[session.c] use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; ok djm@ markus@
2009-03-08 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.cDarren Tucker
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 09:46:01Damien Miller
[channels.c channels.h session.c] make Channel->path an allocated string, saving a few bytes here and there and fixing bz#1380 in the process; ok markus@
2008-11-11 - tobias@cvs.openbsd.org 2008/11/09 12:34:47Darren Tucker
[session.c ssh.1] typo fixed (overriden -> overridden) ok espie, jmc
2008-11-03 - millert@cvs.openbsd.org 2008/10/02 14:39:35Damien Miller
[session.c] Convert an unchecked strdup to xstrdup. OK deraadt@
2008-11-03 - djm@cvs.openbsd.org 2008/08/21 04:09:57Damien Miller
[session.c] allow ForceCommand internal-sftp with arguments. based on patch from michael.barabanov AT gmail.com; ok markus@
2008-06-16 - dtucker@cvs.openbsd.org 2008/06/16 13:22:53Darren Tucker
[session.c channels.c] Rename the isatty argument to is_tty so we don't shadow isatty(3). ok markus@
2008-06-16 - djm@cvs.openbsd.org 2008/06/15 20:06:26Damien Miller
[channels.c channels.h session.c] don't call isatty() on a pty master, instead pass a flag down to channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
2008-06-16 - djm@cvs.openbsd.org 2008/06/14 18:33:43Damien Miller
[session.c] suppress the warning message from chdir(homedir) failures when chrooted (bz#1461); ok dtucker
2008-05-19 - markus@cvs.openbsd.org 2008/05/09 16:16:06Damien Miller
[session.c] re-add the USE_PIPES code and enable it. without pipes shutdown-read from the sshd does not trigger a SIGPIPE when the forked program does a write. ok djm@ (Id sync only, USE_PIPES never left portable OpenSSH)
2008-05-19 - djm@cvs.openbsd.org 2008/05/08 12:21:16Damien Miller
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] [sshd_config sshd_config.5] Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
2008-05-19 - djm@cvs.openbsd.org 2008/05/08 12:02:23Damien Miller
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] [ssh.c sshd.c] Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
2008-05-19 - pyr@cvs.openbsd.org 2008/05/07 05:49:37Damien Miller
[servconf.c servconf.h session.c sshd_config.5] Enable the AllowAgentForwarding option in sshd_config (global and match context), to specify if agents should be permitted on the server. As the man page states: ``Note that disabling Agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.'' ok djm@, ok and a mild frown markus@
2008-05-19 - djm@cvs.openbsd.org 2008/04/18 22:01:33Damien Miller
[session.c] remove unneccessary parentheses
2008-03-27 - djm@cvs.openbsd.org 2008/03/26 21:28:14Damien Miller
[auth-options.c auth-options.h session.c sshd.8] add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
2008-03-27 - djm@cvs.openbsd.org 2008/03/25 23:01:41Damien Miller
[session.c] last patch had backwards test; spotted by termim AT gmail.com
2008-03-27 - djm@cvs.openbsd.org 2008/03/25 11:58:02Damien Miller
[session.c sshd_config.5] ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; from dtucker@ ok deraadt@ djm@
2008-03-27 - (dtucker) Cache selinux status earlier so we know if it's enabled after aDarren Tucker
chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
2008-03-15 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causingDamien Miller
crashes when used with ChrootDirectory
2008-03-11 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: MoveDarren Tucker
pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
2008-03-07 - djm@cvs.openbsd.org 2008/02/22 05:58:56Damien Miller
[session.c] closefrom() call was too early, delay it until just before we execute the user's rc files (if any).
2008-03-07 - markus@cvs.openbsd.org 2008/02/20 15:25:26Damien Miller
[session.c] correct boolean encoding for coredump; der Mouse via dugsong
2008-03-07 - djm@cvs.openbsd.org 2008/02/13 22:38:17Damien Miller
[servconf.h session.c sshd.c] rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@
2008-02-10 - djm@cvs.openbsd.org 2008/02/10 10:54:29Damien Miller
[servconf.c session.c] delay ~ expansion for ChrootDirectory so it expands to the logged-in user's home, rather than the user who starts sshd (probably root)
2008-02-10 - djm@cvs.openbsd.org 2008/02/08 23:24:07Damien Miller
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2008-02-10 - markus@cvs.openbsd.org 2008/02/04 21:53:00Damien Miller
[session.c sftp-server.c sftp.h] link sftp-server into sshd; feedback and ok djm@
2007-09-17 - gilles@cvs.openbsd.org 2007/09/11 15:47:17Damien Miller
[session.c ssh-keygen.c sshlogin.c] use strcspn to properly overwrite '\n' in fgets returned buffer ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 - djm@cvs.openbsd.org 2007/08/23 02:55:51Damien Miller
[auth-passwd.c auth.c session.c] missed include bits from last commit NB. RCS ID sync only for portable
2007-09-17 - djm@cvs.openbsd.org 2007/08/23 02:49:43Damien Miller
[auth-passwd.c auth.c session.c] unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ NB. RCS ID sync only for portable
2007-08-16 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticatedDarren Tucker
connections too. Based on a patch from Sandro Wefel, with & ok djm@
2007-08-13 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is alwaysDarren Tucker
called with PAM_ESTABLISH_CRED at least once, which resolves a problem with pam_dhkeys. Patch from David Leonard, ok djm@
2007-03-2620070326Tim Rice
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-02-19 - stevesk@cvs.openbsd.org 2007/01/21 01:41:54Darren Tucker
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] spaces
2006-10-24 - djm@cvs.openbsd.org 2006/10/09 23:36:11Damien Miller
[session.c] xmalloc -> xcalloc that was missed previously, from portable (NB. Id sync only for portable, obviously)
2006-09-01 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
2006-08-30 - djm@cvs.openbsd.org 2006/08/29 10:40:19Damien Miller
[channels.c session.c] normalise some inconsistent (but harmless) NULL pointer checks spotted by the Stanford SATURN tool, via Isil Dillig; ok markus@ deraadt@