search for: is_subsystem

..._forced_command; - if (strcmp(INTERNAL_SFTP_NAME, command) == 0) + if (strcmp(INTERNAL_SFTP_NAME, command) == 0 || strncmp(INTERNAL_SFTP_NAME, command, strlen(INTERNAL_SFTP_NAME)) == 0 && isspace(command[strlen(INTERNAL_SFTP_NAME)])) s->is_subsystem = SUBSYSTEM_INT_SFTP; else if (s->is_subsystem) s->is_subsystem = SUBSYSTEM_EXT; @@ -789,7 +789,7 @@ } else if (forced_command) { original_command = command; command = forced_command; - if (strcmp(IN...

...mmand; command = options.adm_forced_command; - if (strcmp(INTERNAL_SFTP_NAME, command) == 0) + if (strncmp(INTERNAL_SFTP_NAME, command, strlen(INTERNAL_SFTP_NAME)) == 0 && isspace(command[strlen(INTERNAL_SFTP_NAME)])) s->is_subsystem = SUBSYSTEM_INT_SFTP; else if (s->is_subsystem) s->is_subsystem = SUBSYSTEM_EXT; @@ -789,7 +789,7 @@ } else if (forced_command) { original_command = command; command = forced_command; - if (strcmp(IN...

...er: No such file or directory subsystem request for sftp failed, subsystem not found Connection closed by 127.0.0.1 Setting "Subsystem sftp internal-sftp" works around the problem, but that option is not allowed inside a Match block. If the stat() call in session_subsystem_req succeeds, is_subsystem is set to SUBSYSTEM_EXT; then do_exec is called, it overrides this and sets is_subsystem = SUBSYSTEM_INT_SFTP. I believe that calling stat() on the external program and then calling the internal sftp handler is not intended behaviour. Regards J?rn Heissler -- Configure bugmail: https://bugzilla...

...error will happened (None Subsystem client connected to the internal-sftp Subsystem server), it looks like this is the root cause about this hang. Based on the root cause, I have generated a temporarily fix for this issue. Just use IS_INTERNAL_SFTP(command) to check whether to set the session->is_subsystem to SUBSYSTEM_INT_SFTP is not sufficient, we also have use if (s->is_subsystem != SUBSYSTEM_NONE) to check if the requirement from the client belong to subsystem or not meanwhile. I will list the detial detail of the fix below and please help us to have a review: ================================...

...> /* Searching for subsystem into the options repository */ 2091,2105c2092,2120 < if (strcmp(subsys, options.subsystem_name[i]) == 0) { < prog = options.subsystem_command[i]; < cmd = options.subsystem_args[i]; < if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { < s->is_subsystem = SUBSYSTEM_INT_SFTP; < debug("subsystem: %s", prog); < } else { < if (stat(prog, &st) < 0) < debug("subsystem: cannot stat %s: %s", < prog, strerror(errno)); < s->is_subsystem = SUBSYSTEM_EXT; < debug("subsyst...

> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote: > > > >> As I understand the "ForceCommand" in the sshd_confing file is meant to > >> ignore any command supplied by the client, but if user's home is shared > >> by server and client machines over network (ex. NFS) then user can > >> still put something else into ~/.ssh/rc file and

...r to struct Authctxt {..} authctxt, int pid, pointer to char term, int ptyfd, int ttyfd, int ptymaster, int row, int col, int xpixel, int ypixel, array[64] of char tty, pointer to char display, int screen, pointer to char auth_proto, pointer to char auth_data, int single_connection, int chanid, int is_subsystem}) returning void previous: function() returning int : "session.c", line 581 cc: acomp failed for session.c *** Error code 2 make: Fatal error: Command failed for target `session.o' To correct a compilation error it is necessary to make the following changes (just define func...

https://bugzilla.mindrot.org/show_bug.cgi?id=1750 Summary: Sftp hangs if stderr is used. Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at

...debug("Forced command '%.900s'", command); } + /* if remote login is set to false in "/etc/security/user", + you should still be able to "sftp" but not "ssh" */ + if (!rlogin) { + if (!s->is_subsystem) + packet_disconnect("Remote login for account %.100s is not allowed.", s->pw->pw_name); + } + #ifdef SSH_AUDIT_EVENTS if (command != NULL) PRIVSEP(audit_run_command(command)); (Source: http://sourceforge.net/project/showfil...

...r to struct Authctxt {..} authctxt, int pid, pointer to char term, int ptyfd, int ttyfd, int ptymaster, int row, int col, int xpixel, int ypixel, array[64] of char tty, pointer to char display, int screen, pointer to char auth_proto, pointer to char auth_data, int single_connection, int chanid, int is_subsystem}) returning void previous: function() returning int : "session.c", line 581 cc: acomp failed for session.c *** Error code 2 make: Fatal error: Command failed for target `session.o' 2.9p1 compiled fine with the same config file. The compilers is Forte 6 update 1up to the the l...

...@ -1111,11 +1113,12 @@ int do_xauth; struct stat st; - do_xauth = + do_xauth = !auth_restricted(RESTRICT_X11, s->pw) && s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + if (!s->is_subsystem && !auth_restricted(RESTRICT_RC, s->pw) && + (stat(_PATH_SSH_USER_RC, &st) >= 0)) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_...

https://bugzilla.mindrot.org/show_bug.cgi?id=1637 Summary: Change the context when starting internal-sftp Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

....nodelay) { + int sock = packet_get_connection_out(), on = 1; + if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + (void *)&on, sizeof(on)) < 0) + error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); + } debug("subsystem: exec() %s", cmd); s->is_subsystem = 1; do_exec(s, cmd); diff -ru openssh-3.0.2p1.orig/sftp.c openssh-3.0.2p1.cfgnodelay/sftp.c --- openssh-3.0.2p1.orig/sftp.c Thu Sep 20 02:57:56 2001 +++ openssh-3.0.2p1.cfgnodelay/sftp.c Sat Jan 26 19:47:36 2002 @@ -119,6 +119,7 @@ addargs(&args, "-oForwardX11 no"); addargs(&...

...static int - -session_subsystem_req(Session *s) +session_subsystem_req(Session *s, const char *realname) { struct stat st; u_int len; @@ -1530,7 +1530,7 @@ } debug("subsystem: exec() %s", cmd); s->is_subsystem = 1; - - do_exec(s, cmd); + do_exec(s, cmd, realname); success = 1; break; } @@ -1566,20 +1566,22 @@ } static int - -session_shell_req(Session *s) +session_shell_req(Session *s, const char...