summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/session.c
AgeCommit message (Collapse)Author
2009-11-20Warn but do not fail if stat()ing the subsystem binary fails. This helpsDarren Tucker
with chrootdirectory+forcecommand=sftp-server and restricted shells. bz #1599, ok djm.
2009-11-19bz#1606: error when an attempt is made to connect to a serverDamien Miller
with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@
2009-10-06bz#1596: fflush(NULL) before exec() to ensure that everying (motdDamien Miller
in particular) has made it out before the streams go away.
2009-04-17use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;Kevin Steves
ok djm@ markus@
2009-01-22make Channel->path an allocated string, saving a few bytes here andDamien Miller
there and fixing bz#1380 in the process; ok markus@
2008-11-09typo fixed (overriden -> overridden)Tobias Stoeckmann
ok espie, jmc
2008-10-02Convert an unchecked strdup to xstrdup. OK deraadt@Todd C. Miller
2008-08-21allow ForceCommand internal-sftp with arguments. based on patch fromDamien Miller
michael.barabanov AT gmail.com; ok markus@
2008-06-16Rename the isatty argument to is_tty so we don't shadow isatty(3).Darren Tucker
ok markus@
2008-06-15don't call isatty() on a pty master, instead pass a flag down toDamien Miller
channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus
2008-06-14suppress the warning message from chdir(homedir) failuresDamien Miller
when chrooted (bz#1461); ok dtucker
2008-05-09re-add the USE_PIPES code and enable it.Markus Friedl
without pipes shutdown-read from the sshd does not trigger a SIGPIPE when the forked program does a write. ok djm@
2008-05-08Make the maximum number of sessions run-time controllable viaDamien Miller
a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@
2008-05-08Implement a channel success/failure status confirmation callbackDamien Miller
mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
2008-05-07Enable the AllowAgentForwarding option in sshd_config (global and matchPierre-Yves Ritschard
context), to specify if agents should be permitted on the server. As the man page states: ``Note that disabling Agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.'' ok djm@, ok and a mild frown markus@
2008-04-18remove unneccessary parenthesesDamien Miller
2008-03-26add no-user-rc authorized_keys option to disable execution of ~/.ssh/rcDamien Miller
2008-03-25last patch had backwards test; spotted by termim AT gmail.comDamien Miller
2008-03-25ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;Damien Miller
from dtucker@ ok deraadt@ djm@
2008-02-22closefrom() call was too early, delay it until just before we executeDamien Miller
the user's rc files (if any).
2008-02-20correct boolean encoding for coredump; der Mouse via dugsongMarkus Friedl
2008-02-13rekey arc4random and OpenSSL RNG in postauth childDamien Miller
closefrom fds > 2 before shell/command execution ok markus@
2008-02-10delay ~ expansion for ChrootDirectory so it expands to the logged-in user'sDamien Miller
home, rather than the user who starts sshd (probably root)
2008-02-08add sshd_config ChrootDirectory option to chroot(2) users to a directory andDamien Miller
tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2008-02-04link sftp-server into sshd; feedback and ok djm@Markus Friedl
2007-09-11use strcspn to properly overwrite '\n' in fgets returned bufferGilles Chehade
ok pyr@, ray@, millert@, moritz@, chl@
2007-08-23missed include bits from last commitDamien Miller
2007-08-23unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@Damien Miller
2007-01-21spacesKevin Steves
2006-10-09xmalloc -> xcalloc that was missed previously, from portableDamien Miller
2006-08-29normalise some inconsistent (but harmless) NULL pointer checksDamien Miller
spotted by the Stanford SATURN tool, via Isil Dillig; ok markus@ deraadt@
2006-08-18delay authentication related cleanups until we're authenticated andMarkus Friedl
all alarms have been cancelled; ok deraadt
2006-08-04spacesKevin Steves
2006-08-03almost entirely get rid of the culture of ".h files that include .h files"Theo de Raadt
ok djm, sort of ok stevesk makes the pain stop in one easy step
2006-08-01move #include <stdio.h> out of includes.hKevin Steves
2006-07-26move #include <stdlib.h> out of includes.hKevin Steves
2006-07-26move #include <sys/param.h> out of includes.hKevin Steves
2006-07-22move #include <string.h> out of includes.hKevin Steves
2006-07-20missed some needed #include <unistd.h> when KERBEROS5=no; issue fromKevin Steves
massimo@cedoc.mo.it
2006-07-19Add ForceCommand keyword to sshd_config, equivalent to the "command="Darren Tucker
key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@
2006-07-11move #include <errno.h> out of includes.h; ok markus@Kevin Steves
2006-07-11add ExitOnForwardFailure: terminate the connection if ssh(1)Markus Friedl
cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc
2006-07-08missed these from last commit:Kevin Steves
move #include <sys/socket.h> out of includes.h
2006-07-06move #include <pwd.h> out of includes.h; ok markus@Kevin Steves
2006-07-06support arguments to Subsystem commands; ok markus@Damien Miller
2006-07-02move #include <grp.h> out of includes.hKevin Steves
2006-04-20Switch from using pipes to socketpairs for communication betweenDamien Miller
sftp/scp and ssh, and between sshd and its subprocesses. This saves a file descriptor per session and apparently makes userland ppp over ssh work; ok markus@ deraadt@
2006-03-25Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatDamien Miller
Theo nuked - our scripts to sync -portable need them in the files
2006-03-25change OpenSSH's xrealloc() function from being xrealloc(p, new_size) toDamien Miller
xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
2006-03-20annoying spacing fixes getting in the way of real diffsTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-16 21:49:21 +0000