Bugzilla – Attachment 2218 Details for
Bug 2070
OpenSSH daemon PermitTTY option
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Permit TTY patch. Apply with -p1.
openssh-6.1-permit-tty.patch (text/plain), 6.34 KB, created by
Teran McKinney
on 2013-02-15 09:57:53 AEDT
(
hide
)
Description:
Permit TTY patch. Apply with -p1.
Filename:
MIME Type:
Creator:
Teran McKinney
Created:
2013-02-15 09:57:53 AEDT
Size:
6.34 KB
patch
obsolete
>diff -rupN openssh-6.1p1/servconf.c openssh-6.1p1-permittty/servconf.c >--- openssh-6.1p1/servconf.c 2012-07-31 02:22:38.000000000 +0000 >+++ openssh-6.1p1-permittty/servconf.c 2013-02-12 01:49:18.907753826 +0000 >@@ -85,6 +85,7 @@ initialize_server_options(ServerOptions > options->x11_forwarding = -1; > options->x11_display_offset = -1; > options->x11_use_localhost = -1; >+ options->permit_tty = -1; > options->xauth_location = NULL; > options->strict_modes = -1; > options->tcp_keep_alive = -1; >@@ -201,6 +202,8 @@ fill_default_server_options(ServerOption > options->x11_use_localhost = 1; > if (options->xauth_location == NULL) > options->xauth_location = _PATH_XAUTH; >+ if (options->permit_tty == -1) >+ options->permit_tty = 1; > if (options->strict_modes == -1) > options->strict_modes = 1; > if (options->tcp_keep_alive == -1) >@@ -314,7 +317,7 @@ typedef enum { > sListenAddress, sAddressFamily, > sPrintMotd, sPrintLastLog, sIgnoreRhosts, > sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, >- sStrictModes, sEmptyPasswd, sTCPKeepAlive, >+ sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, > sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, > sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, > sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, >@@ -443,6 +446,7 @@ static struct { > { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, > { "acceptenv", sAcceptEnv, SSHCFG_ALL }, > { "permittunnel", sPermitTunnel, SSHCFG_ALL }, >+ { "permittty", sPermitTTY, SSHCFG_ALL }, > { "match", sMatch, SSHCFG_ALL }, > { "permitopen", sPermitOpen, SSHCFG_ALL }, > { "forcecommand", sForceCommand, SSHCFG_ALL }, >@@ -1075,6 +1079,10 @@ process_server_config_line(ServerOptions > charptr = &options->xauth_location; > goto parse_filename; > >+ case sPermitTTY: >+ intptr = &options->permit_tty; >+ goto parse_flag; >+ > case sStrictModes: > intptr = &options->strict_modes; > goto parse_flag; >@@ -1657,6 +1665,7 @@ copy_set_server_options(ServerOptions *d > M_CP_INTOPT(x11_display_offset); > M_CP_INTOPT(x11_forwarding); > M_CP_INTOPT(x11_use_localhost); >+ M_CP_INTOPT(permit_tty); > M_CP_INTOPT(max_sessions); > M_CP_INTOPT(max_authtries); > M_CP_INTOPT(ip_qos_interactive); >@@ -1883,6 +1892,7 @@ dump_config(ServerOptions *o) > dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); > dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); > dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); >+ dump_cfg_fmtint(sPermitTTY, o->permit_tty); > dump_cfg_fmtint(sStrictModes, o->strict_modes); > dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); > dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd); >diff -rupN openssh-6.1p1/servconf.h openssh-6.1p1-permittty/servconf.h >--- openssh-6.1p1/servconf.h 2012-07-31 02:21:34.000000000 +0000 >+++ openssh-6.1p1-permittty/servconf.h 2013-02-12 01:35:53.204826498 +0000 >@@ -74,6 +74,7 @@ typedef struct { > * searching at */ > int x11_use_localhost; /* If true, use localhost for fake X11 server. */ > char *xauth_location; /* Location of xauth program */ >+ int permit_tty; /* If false, deny pty allocation */ > int strict_modes; /* If true, require string home dir modes. */ > int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ > int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ >diff -rupN openssh-6.1p1/session.c openssh-6.1p1-permittty/session.c >--- openssh-6.1p1/session.c 2012-04-22 01:08:10.000000000 +0000 >+++ openssh-6.1p1-permittty/session.c 2013-02-12 01:35:53.204826498 +0000 >@@ -2018,7 +2018,7 @@ session_pty_req(Session *s) > u_int len; > int n_bytes; > >- if (no_pty_flag) { >+ if (no_pty_flag || !options.permit_tty) { > debug("Allocating a pty not permitted for this authentication."); > return 0; > } >diff -rupN openssh-6.1p1/sshd_config openssh-6.1p1-permittty/sshd_config >--- openssh-6.1p1/sshd_config 2012-07-31 02:21:34.000000000 +0000 >+++ openssh-6.1p1-permittty/sshd_config 2013-02-12 01:35:53.208826448 +0000 >@@ -95,6 +95,7 @@ AuthorizedKeysFile .ssh/authorized_keys > #X11Forwarding no > #X11DisplayOffset 10 > #X11UseLocalhost yes >+#PermitTTY yes > #PrintMotd yes > #PrintLastLog yes > #TCPKeepAlive yes >@@ -121,4 +122,5 @@ Subsystem sftp /usr/libexec/sftp-server > #Match User anoncvs > # X11Forwarding no > # AllowTcpForwarding no >+# PermitTTY no > # ForceCommand cvs server >diff -rupN openssh-6.1p1/sshd_config.0 openssh-6.1p1-permittty/sshd_config.0 >--- openssh-6.1p1/sshd_config.0 2012-08-29 00:53:04.000000000 +0000 >+++ openssh-6.1p1-permittty/sshd_config.0 2013-02-12 01:47:46.937903605 +0000 >@@ -408,9 +408,9 @@ DESCRIPTION > HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, > KerberosAuthentication, MaxAuthTries, MaxSessions, > PasswordAuthentication, PermitEmptyPasswords, PermitOpen, >- PermitRootLogin, PermitTunnel, PubkeyAuthentication, >+ PermitRootLogin, PermitTunnel, PermitTTY, PubkeyAuthentication, > RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, >- X11Forwarding and X11UseLocalHost. >+ X11Forwarding, and X11UseLocalHost. > > MaxAuthTries > Specifies the maximum number of authentication attempts permitted >@@ -481,6 +481,10 @@ DESCRIPTION > ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits > both ``point-to-point'' and ``ethernet''. The default is ``no''. > >+ PermitTTY >+ Specifies whether pty(7) allocation is permitted. The default is >+ ``yes''. >+ > PermitUserEnvironment > Specifies whether ~/.ssh/environment and environment= options in > ~/.ssh/authorized_keys are processed by sshd(8). The default is >diff -rupN openssh-6.1p1/sshd_config.5 openssh-6.1p1-permittty/sshd_config.5 >--- openssh-6.1p1/sshd_config.5 2012-07-02 08:53:38.000000000 +0000 >+++ openssh-6.1p1-permittty/sshd_config.5 2013-02-12 01:35:53.208826448 +0000 >@@ -731,11 +731,12 @@ Available keywords are > .Cm PermitOpen , > .Cm PermitRootLogin , > .Cm PermitTunnel , >+.Cm PermitTTY , > .Cm PubkeyAuthentication , > .Cm RhostsRSAAuthentication , > .Cm RSAAuthentication , > .Cm X11DisplayOffset , >-.Cm X11Forwarding >+.Cm X11Forwarding , > and > .Cm X11UseLocalHost . > .It Cm MaxAuthTries >@@ -858,6 +859,12 @@ and > .Dq ethernet . > The default is > .Dq no . >+.It Cm PermitTTY >+Specifies whether >+.Xr pty 7 >+allocation is permitted. >+The default is >+.Dq yes . > .It Cm PermitUserEnvironment > Specifies whether > .Pa ~/.ssh/environment
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2218">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2070
: 2218