diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2016-08-19 03:18:08 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2016-08-19 03:18:08 +0000 |
commit | a9bd86c3de2e360f70a4259a4fcf1fa491305c89 (patch) | |
tree | 1487c8ca39c266eee7b752435ea6f62160616b73 | |
parent | 669f8418f97bb23649409d3af4a97e7fad2b1b5a (diff) |
remove UseLogin option and support for having /bin/login manage
login sessions; ok deraadt markus dtucker
-rw-r--r-- | usr.bin/ssh/monitor.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/servconf.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/servconf.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/session.c | 109 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.8 | 7 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/sshd_config.5 | 26 |
7 files changed, 45 insertions, 123 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index e4a97b214c6..f253d0a7c27 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.162 2016/08/13 17:47:41 markus Exp $ */ +/* $OpenBSD: monitor.c,v 1.163 2016/08/19 03:18:06 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1121,9 +1121,6 @@ mm_record_login(Session *s, struct passwd *pw) socklen_t fromlen; struct sockaddr_storage from; - if (options.use_login) - return; - /* * Get IP address of client. If the connection is not a socket, let * the address be 0.0.0.0. diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index bfefae28aac..469f4d2d3df 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.293 2016/08/15 12:27:56 naddy Exp $ */ +/* $OpenBSD: servconf.c,v 1.294 2016/08/19 03:18:06 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -110,7 +110,6 @@ initialize_server_options(ServerOptions *options) options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; - options->use_login = -1; options->compression = -1; options->rekey_limit = -1; options->rekey_interval = -1; @@ -264,8 +263,6 @@ fill_default_server_options(ServerOptions *options) options->permit_empty_passwd = 0; if (options->permit_user_env == -1) options->permit_user_env = 0; - if (options->use_login == -1) - options->use_login = 0; if (options->compression == -1) options->compression = COMP_DELAYED; if (options->rekey_limit == -1) @@ -367,7 +364,7 @@ typedef enum { sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, - sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sAllowTcpForwarding, sCompression, sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes, @@ -462,7 +459,7 @@ static struct { { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, - { "uselogin", sUseLogin, SSHCFG_GLOBAL }, + { "uselogin", sDeprecated, SSHCFG_GLOBAL }, { "compression", sCompression, SSHCFG_GLOBAL }, { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, @@ -1231,10 +1228,6 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->permit_user_env; goto parse_flag; - case sUseLogin: - intptr = &options->use_login; - goto parse_flag; - case sCompression: intptr = &options->compression; multistate_ptr = multistate_compression; @@ -2202,7 +2195,6 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); - dump_cfg_fmtint(sUseLogin, o->use_login); dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sUseDNS, o->use_dns); diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 3f595e4361d..74230a1b07e 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.121 2016/08/15 12:27:56 naddy Exp $ */ +/* $OpenBSD: servconf.h,v 1.122 2016/08/19 03:18:06 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -121,7 +121,6 @@ typedef struct { int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int permit_user_env; /* If true, read ~/.ssh/environment */ - int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; /* One of FORWARD_* */ int allow_streamlocal_forwarding; /* One of FORWARD_* */ diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 268d1171de5..d6250783c9d 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.283 2016/08/13 17:47:41 markus Exp $ */ +/* $OpenBSD: session.c,v 1.284 2016/08/19 03:18:06 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -505,7 +505,7 @@ do_exec_pty(Session *s, const char *command) close(ttyfd); /* record login, etc. similar to login(1) */ - if (!(options.use_login && command == NULL)) + if (command != NULL) do_login(s, command); /* @@ -804,46 +804,41 @@ do_setup_env(Session *s, const char *shell) ssh_gssapi_do_child(&env, &envsize); #endif - if (!options.use_login) { - /* Set basic environment. */ - for (i = 0; i < s->num_env; i++) - child_set_env(&env, &envsize, s->env[i].name, - s->env[i].val); + /* Set basic environment. */ + for (i = 0; i < s->num_env; i++) + child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); - child_set_env(&env, &envsize, "USER", pw->pw_name); - child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); - child_set_env(&env, &envsize, "HOME", pw->pw_dir); - if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) - child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); - else - child_set_env(&env, &envsize, "PATH", getenv("PATH")); + child_set_env(&env, &envsize, "USER", pw->pw_name); + child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); + child_set_env(&env, &envsize, "HOME", pw->pw_dir); + if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) + child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); + else + child_set_env(&env, &envsize, "PATH", getenv("PATH")); - snprintf(buf, sizeof buf, "%.200s/%.50s", - _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); + snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + + /* Normal systems set SHELL by default. */ + child_set_env(&env, &envsize, "SHELL", shell); - /* Normal systems set SHELL by default. */ - child_set_env(&env, &envsize, "SHELL", shell); - } if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); /* Set custom environment options from RSA authentication. */ - if (!options.use_login) { - while (custom_environment) { - struct envstring *ce = custom_environment; - char *str = ce->s; - - for (i = 0; str[i] != '=' && str[i]; i++) - ; - if (str[i] == '=') { - str[i] = 0; - child_set_env(&env, &envsize, str, str + i + 1); - } - custom_environment = ce->next; - free(ce->s); - free(ce); + while (custom_environment) { + struct envstring *ce = custom_environment; + char *str = ce->s; + + for (i = 0; str[i] != '=' && str[i]; i++) + ; + if (str[i] == '=') { + str[i] = 0; + child_set_env(&env, &envsize, str, str + i + 1); } + custom_environment = ce->next; + free(ce->s); + free(ce); } /* SSH_CLIENT deprecated */ @@ -878,7 +873,7 @@ do_setup_env(Session *s, const char *shell) auth_sock_name); /* read $HOME/.ssh/environment. */ - if (options.permit_user_env && !options.use_login) { + if (options.permit_user_env) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); @@ -1108,20 +1103,6 @@ do_pwchange(Session *s) } static void -launch_login(struct passwd *pw, const char *hostname) -{ - /* Launch login(1). */ - - execl("/usr/bin/login", "login", "-h", hostname, - "-p", "-f", "--", pw->pw_name, (char *)NULL); - - /* Login couldn't be executed, die. */ - - perror("login"); - exit(1); -} - -static void child_close_fds(void) { extern int auth_sock; @@ -1168,11 +1149,10 @@ child_close_fds(void) void do_child(Session *s, const char *command) { - struct ssh *ssh = active_state; /* XXX */ extern char **environ; char **env; char *argv[ARGV_MAX]; - const char *shell, *shell0, *hostname = NULL; + const char *shell, *shell0; struct passwd *pw = s->pw; int r = 0; @@ -1187,18 +1167,12 @@ do_child(Session *s, const char *command) exit(1); } - /* login(1) is only called if we execute the login shell */ - if (options.use_login && command != NULL) - options.use_login = 0; - /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. */ - if (!options.use_login) { - do_nologin(pw); - do_setusercontext(pw); - } + do_nologin(pw); + do_setusercontext(pw); /* * Get the shell from the password data. An empty shell field is @@ -1214,10 +1188,6 @@ do_child(Session *s, const char *command) shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); - /* we have to stash the hostname before we close our socket. */ - if (options.use_login) - hostname = session_get_remote_name_or_ip(ssh, utmp_len, - options.use_dns); /* * Close the connection descriptors; note that this is the child, and * the server will still have the socket open, and it is important @@ -1274,8 +1244,7 @@ do_child(Session *s, const char *command) closefrom(STDERR_FILENO + 1); - if (!options.use_login) - do_rc_files(s, shell); + do_rc_files(s, shell); /* restore SIGPIPE for child */ signal(SIGPIPE, SIG_DFL); @@ -1302,11 +1271,6 @@ do_child(Session *s, const char *command) fflush(NULL); - if (options.use_login) { - launch_login(pw, hostname); - /* NEVERREACHED */ - } - /* Get the last component of the shell name. */ if ((shell0 = strrchr(shell, '/')) != NULL) shell0++; @@ -2113,11 +2077,6 @@ session_setup_x11fwd(Session *s) packet_send_debug("No xauth program; cannot forward with spoofing."); return 0; } - if (options.use_login) { - packet_send_debug("X11 forwarding disabled; " - "not compatible with UseLogin=yes."); - return 0; - } if (s->display != NULL) { debug("X11 display already set."); return 0; diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 140c94ab209..c8996ce6aa5 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.285 2016/08/15 12:32:04 naddy Exp $ -.Dd $Mdocdate: August 15 2016 $ +.\" $OpenBSD: sshd.8,v 1.286 2016/08/19 03:18:06 djm Exp $ +.Dd $Mdocdate: August 19 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -477,9 +477,6 @@ Environment processing is disabled by default and is controlled via the .Cm PermitUserEnvironment option. -This option is automatically disabled if -.Cm UseLogin -is enabled. .It Cm from="pattern-list" Specifies that in addition to public key authentication, either the canonical name of the remote host or its IP address must be present in the diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 91c2d27ba3d..2a2d149ad02 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.473 2016/08/15 12:27:56 naddy Exp $ */ +/* $OpenBSD: sshd.c,v 1.474 2016/08/19 03:18:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -601,7 +601,7 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { - if (authctxt->pw->pw_uid == 0 || options.use_login) { + if (authctxt->pw->pw_uid == 0) { /* File descriptor passing is broken or root login */ use_privsep = 0; goto skip; diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 9fc633020df..e34b13152ad 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.229 2016/08/15 12:32:04 naddy Exp $ -.Dd $Mdocdate: August 15 2016 $ +.\" $OpenBSD: sshd_config.5,v 1.230 2016/08/19 03:18:07 djm Exp $ +.Dd $Mdocdate: August 19 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1490,25 +1490,6 @@ and .Cm Match .Cm Host directives. -.It Cm UseLogin -Specifies whether -.Xr login 1 -is used for interactive login sessions. -The default is -.Dq no . -Note that -.Xr login 1 -is never used for remote command execution. -Note also, that if this is enabled, -.Cm X11Forwarding -will be disabled because -.Xr login 1 -does not know how to handle -.Xr xauth 1 -cookies. -If -.Cm UsePrivilegeSeparation -is specified, it will be disabled after authentication. .It Cm UsePrivilegeSeparation Specifies whether .Xr sshd 8 @@ -1573,9 +1554,6 @@ setting. .Pp Note that disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders. -X11 forwarding is automatically disabled if -.Cm UseLogin -is enabled. .It Cm X11UseLocalhost Specifies whether .Xr sshd 8 |