Differential D31760

openssh: simplify login class restrictions
ClosedPublic
Actions

Authored by emaste on Aug 31 2021, 7:50 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Jan 4 2025, 4:14 PM

	Unknown Object (File)
	Dec 18 2024, 4:49 PM

	Unknown Object (File)
	Dec 8 2024, 7:51 PM

	Unknown Object (File)
	Nov 24 2024, 2:25 PM

	Unknown Object (File)
	Nov 21 2024, 7:32 AM

	Unknown Object (File)
	Nov 21 2024, 7:31 AM

	Unknown Object (File)
	Nov 21 2024, 7:30 AM

	Unknown Object (File)
	Nov 21 2024, 7:30 AM

Subscribers

Details

Reviewers

des
bdrewery
kevans
allanjude

Commits

rG719cb45e82be: openssh: simplify login class restrictions
rG2198a308aded: openssh: simplify login class restrictions
rG27ceebbc2402: openssh: simplify login class restrictions

Summary

Login class-based restrictions were introduced in 5b400a39b8add453bd7e777b9306ef91f8f1403c, which was adapted for Capsicum but needed a bunch of rework (fc3c19a9fceeea48a9259ac3833a125804342c0e, bd393de91cc39fc04033caa53ada48aa34df9607, e8c56fba2926cfdaf7759edf3d53af8823db9dbc). During an attempt to upstream the work a much simpler approach was suggested; adopt it now in the in-tree OpenSSH to reduce conflicts with future updates.

Submitted by: Yuchiro Naito
Obtained from: https://github.com/openssh/openssh-portable/pull/262

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

emaste requested review of this revision.Aug 31 2021, 7:50 PM

emaste created this revision.

emaste added a reviewer: des.

emaste added a reviewer: bdrewery.

emaste added inline comments.Aug 31 2021, 7:56 PM

crypto/openssh/auth2.c
317	From R10:5b400a39b8add
336–338	this should not be deleted
crypto/openssh/monitor.c
716	this was introduced in fc3c19a9fceeea48a9259ac3833a125804342c0e
crypto/openssh/monitor_wrap.c
250	from R10:fc3c19a9fceeea48a9259ac3833a125804342c0e
crypto/openssh/sshbuf-getput-basic.c
467	from R10:fc3c19a9fceeea48a9259ac3833a125804342c0e

restore accidentally deleted portion

emaste added a subscriber: allanjude.Aug 31 2021, 8:03 PM

emaste added a subscriber: imp.Aug 31 2021, 8:08 PM

This looks exceedingly reasonable to me.

This revision is now accepted and ready to land.Sep 1 2021, 2:27 AM

Reviewed By: allanjude

crypto/openssh/auth.c
652	I know we didn't change these lines, but it might be worth tagging these endif's to avoid confusion

Closed by commit rG27ceebbc2402: openssh: simplify login class restrictions (authored by emaste). · Explain WhySep 1 2021, 7:54 PM

This revision was automatically updated to reflect the committed changes.

emaste added a commit: rG27ceebbc2402: openssh: simplify login class restrictions.

emaste added inline comments.Sep 1 2021, 7:55 PM

crypto/openssh/auth.c
652	Indeed, but I am trying to reduce diffs against upstream and if we're going to make this change it should happen there.

emaste added a commit: rG2198a308aded: openssh: simplify login class restrictions.Sep 15 2021, 1:44 AM

emaste added a commit: rG719cb45e82be: openssh: simplify login class restrictions.Sep 15 2021, 2:03 AM

Revision Contents
Changeset List

Path

Size

crypto/

openssh/

18 lines

19 lines

6 lines

2 lines

3 lines

61 lines

4 lines

77 lines

ssh_namespace.h

3 lines

sshbuf-getput-basic.c

100 lines

15 lines

Diff 94511

crypto/openssh/auth.c

Loading...

crypto/openssh/auth2.c

Loading...

crypto/openssh/config.h

Loading...

crypto/openssh/configure.ac

Loading...

crypto/openssh/monitor.h

Loading...

crypto/openssh/monitor.c

Loading...

crypto/openssh/monitor_wrap.h

Loading...

crypto/openssh/monitor_wrap.c

Loading...

crypto/openssh/ssh_namespace.h

Loading...

crypto/openssh/sshbuf-getput-basic.c

Loading...

crypto/openssh/sshbuf.h

Loading...