summaryrefslogtreecommitdiff
path: root/session.c
AgeCommit message (Collapse)Author
2010-11-05 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.Darren Tucker
2010-11-05 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack intoDarren Tucker
platform.c
2010-11-05 - (dtucker) [platform.c platform.h session.c] Add a platform hook to runDarren Tucker
after the user's groups are established and move the selinux calls into it.
2010-11-05 - (dtucker) [configure.ac platform.{c,h} session.cDarren Tucker
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@
2010-06-26 - djm@cvs.openbsd.org 2010/06/25 07:20:04Damien Miller
[channels.c session.c] bz#1750: fix requirement for /dev/null inside ChrootDirectory for internal-sftp accidentally introduced in r1.253 by removing the code that opens and dup /dev/null to stderr and modifying the channels code to read stderr but discard it instead; ok markus@
2010-06-26 - djm@cvs.openbsd.org 2010/06/22 04:59:12Damien Miller
[session.c] include the user name on "subsystem request for ..." log messages; bz#1571; ok dtucker@
2010-06-26 - djm@cvs.openbsd.org 2010/06/18 03:16:03Damien Miller
[session.c] Missing check for chroot_director == "none" (we already checked against NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2010-05-10 - djm@cvs.openbsd.org 2010/04/23 22:42:05Damien Miller
[session.c] set stderr to /dev/null for subsystems rather than just closing it. avoids hangs if a subsystem or shell initialisation writes to stderr. bz#1750; ok markus@
2010-03-26 - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -Damien Miller
set up SELinux execution context before chroot() call. From Russell Coker via Colin watson; bz#1726 ok dtucker@
2010-03-07 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13Darren Tucker
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
2010-03-07 - (dtucker) [session.c] Also initialize creds to NULL for handing toDarren Tucker
setpcred.
2010-03-07 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot andDarren Tucker
do not set real uid, since that's needed for the chroot, and will be set by permanently_set_uid.
2010-01-12 - dtucker@cvs.openbsd.org 2010/01/12 08:33:17Darren Tucker
[session.c] Add explicit stat so we reliably detect nologin with bad perms. ok djm markus
2010-01-12 - dtucker@cvs.openbsd.org 2010/01/12 01:31:05Darren Tucker
[session.c] Do not allow logins if /etc/nologin exists but is not readable by the user logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
2010-01-08 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41Darren Tucker
[session.c] Warn but do not fail if stat()ing the subsystem binary fails. This helps with chrootdirectory+forcecommand=sftp-server and restricted shells. bz #1599, ok djm.
2010-01-08 - djm@cvs.openbsd.org 2009/11/19 23:39:50Darren Tucker
[session.c] bz#1606: error when an attempt is made to connect to a server with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@
2009-10-24 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinuxDarren Tucker
is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat.
2009-10-07 - djm@cvs.openbsd.org 2009/10/06 04:46:40Darren Tucker
[session.c] bz#1596: fflush(NULL) before exec() to ensure that everying (motd in particular) has made it out before the streams go away.
2009-08-20 - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: moveDarren Tucker
the setpcred call on AIX to immediately before the permanently_set_uid(). Ensures that we still have privileges when we call chroot and pam_open_sesson. Based on a patch from David Leonard.
2009-06-21 - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace andDarren Tucker
header-order changes to reduce diff vs OpenBSD.
2009-06-21 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06Darren Tucker
[session.c] use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; ok djm@ markus@
2009-03-08 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.cDarren Tucker
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 09:46:01Damien Miller
[channels.c channels.h session.c] make Channel->path an allocated string, saving a few bytes here and there and fixing bz#1380 in the process; ok markus@
2008-11-11 - tobias@cvs.openbsd.org 2008/11/09 12:34:47Darren Tucker
[session.c ssh.1] typo fixed (overriden -> overridden) ok espie, jmc
2008-11-03 - millert@cvs.openbsd.org 2008/10/02 14:39:35Damien Miller
[session.c] Convert an unchecked strdup to xstrdup. OK deraadt@
2008-11-03 - djm@cvs.openbsd.org 2008/08/21 04:09:57Damien Miller
[session.c] allow ForceCommand internal-sftp with arguments. based on patch from michael.barabanov AT gmail.com; ok markus@
2008-06-16 - dtucker@cvs.openbsd.org 2008/06/16 13:22:53Darren Tucker
[session.c channels.c] Rename the isatty argument to is_tty so we don't shadow isatty(3). ok markus@
2008-06-16 - djm@cvs.openbsd.org 2008/06/15 20:06:26Damien Miller
[channels.c channels.h session.c] don't call isatty() on a pty master, instead pass a flag down to channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
2008-06-16 - djm@cvs.openbsd.org 2008/06/14 18:33:43Damien Miller
[session.c] suppress the warning message from chdir(homedir) failures when chrooted (bz#1461); ok dtucker
2008-05-19 - markus@cvs.openbsd.org 2008/05/09 16:16:06Damien Miller
[session.c] re-add the USE_PIPES code and enable it. without pipes shutdown-read from the sshd does not trigger a SIGPIPE when the forked program does a write. ok djm@ (Id sync only, USE_PIPES never left portable OpenSSH)
2008-05-19 - djm@cvs.openbsd.org 2008/05/08 12:21:16Damien Miller
[monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] [sshd_config sshd_config.5] Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
2008-05-19 - djm@cvs.openbsd.org 2008/05/08 12:02:23Damien Miller
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] [ssh.c sshd.c] Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
2008-05-19 - pyr@cvs.openbsd.org 2008/05/07 05:49:37Damien Miller
[servconf.c servconf.h session.c sshd_config.5] Enable the AllowAgentForwarding option in sshd_config (global and match context), to specify if agents should be permitted on the server. As the man page states: ``Note that disabling Agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.'' ok djm@, ok and a mild frown markus@
2008-05-19 - djm@cvs.openbsd.org 2008/04/18 22:01:33Damien Miller
[session.c] remove unneccessary parentheses
2008-03-27 - djm@cvs.openbsd.org 2008/03/26 21:28:14Damien Miller
[auth-options.c auth-options.h session.c sshd.8] add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
2008-03-27 - djm@cvs.openbsd.org 2008/03/25 23:01:41Damien Miller
[session.c] last patch had backwards test; spotted by termim AT gmail.com
2008-03-27 - djm@cvs.openbsd.org 2008/03/25 11:58:02Damien Miller
[session.c sshd_config.5] ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; from dtucker@ ok deraadt@ djm@
2008-03-27 - (dtucker) Cache selinux status earlier so we know if it's enabled after aDarren Tucker
chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
2008-03-15 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causingDamien Miller
crashes when used with ChrootDirectory
2008-03-11 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: MoveDarren Tucker
pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
2008-03-07 - djm@cvs.openbsd.org 2008/02/22 05:58:56Damien Miller
[session.c] closefrom() call was too early, delay it until just before we execute the user's rc files (if any).
2008-03-07 - markus@cvs.openbsd.org 2008/02/20 15:25:26Damien Miller
[session.c] correct boolean encoding for coredump; der Mouse via dugsong
2008-03-07 - djm@cvs.openbsd.org 2008/02/13 22:38:17Damien Miller
[servconf.h session.c sshd.c] rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@
2008-02-10 - djm@cvs.openbsd.org 2008/02/10 10:54:29Damien Miller
[servconf.c session.c] delay ~ expansion for ChrootDirectory so it expands to the logged-in user's home, rather than the user who starts sshd (probably root)
2008-02-10 - djm@cvs.openbsd.org 2008/02/08 23:24:07Damien Miller
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2008-02-10 - markus@cvs.openbsd.org 2008/02/04 21:53:00Damien Miller
[session.c sftp-server.c sftp.h] link sftp-server into sshd; feedback and ok djm@
2007-09-17 - gilles@cvs.openbsd.org 2007/09/11 15:47:17Damien Miller
[session.c ssh-keygen.c sshlogin.c] use strcspn to properly overwrite '\n' in fgets returned buffer ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 - djm@cvs.openbsd.org 2007/08/23 02:55:51Damien Miller
[auth-passwd.c auth.c session.c] missed include bits from last commit NB. RCS ID sync only for portable
2007-09-17 - djm@cvs.openbsd.org 2007/08/23 02:49:43Damien Miller
[auth-passwd.c auth.c session.c] unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ NB. RCS ID sync only for portable
2007-08-16 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticatedDarren Tucker
connections too. Based on a patch from Sandro Wefel, with & ok djm@