diff options
| author | des <des@FreeBSD.org> | 2014-01-31 13:12:02 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2014-01-31 13:12:02 +0000 |
| commit | 7573e91b127f1c198210fd345d3ca198b598cfc6 (patch) | |
| tree | d32fb61cec38c52314210c3459fd436685dacdba /crypto/openssh/session.c | |
| parent | c692973c992c321bb10e631f572fab1500ae5b0e (diff) | |
| parent | 45d0197dd79eceffb5bbc29f75199eb09af5a5f9 (diff) | |
| download | FreeBSD-src-7573e91b127f1c198210fd345d3ca198b598cfc6.zip FreeBSD-src-7573e91b127f1c198210fd345d3ca198b598cfc6.tar.gz | |
Upgrade to OpenSSH 6.5p1.
Diffstat (limited to 'crypto/openssh/session.c')
| -rw-r--r-- | crypto/openssh/session.c | 61 |
1 files changed, 45 insertions, 16 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 6d25b87..e4c58fb 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */ +/* $OpenBSD: session.c,v 1.269 2014/01/18 09:36:26 dtucker Exp $ */ /* $FreeBSD$ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -446,7 +446,7 @@ do_authenticated1(Authctxt *authctxt) } } -#define USE_PIPES +#define USE_PIPES 1 /* * This is called to fork and execute a command when we have no tty. This * will call do_child from the child, and server_loop from the parent after @@ -799,27 +799,50 @@ int do_exec(Session *s, const char *command) { int ret; + const char *forced = NULL; + char session_type[1024], *tty = NULL; if (options.adm_forced_command) { original_command = command; command = options.adm_forced_command; - if (IS_INTERNAL_SFTP(command)) { - s->is_subsystem = s->is_subsystem ? - SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; - } else if (s->is_subsystem) - s->is_subsystem = SUBSYSTEM_EXT; - debug("Forced command (config) '%.900s'", command); + forced = "(config)"; } else if (forced_command) { original_command = command; command = forced_command; + forced = "(key-option)"; + } + if (forced != NULL) { if (IS_INTERNAL_SFTP(command)) { s->is_subsystem = s->is_subsystem ? SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; } else if (s->is_subsystem) s->is_subsystem = SUBSYSTEM_EXT; - debug("Forced command (key option) '%.900s'", command); + snprintf(session_type, sizeof(session_type), + "forced-command %s '%.900s'", forced, command); + } else if (s->is_subsystem) { + snprintf(session_type, sizeof(session_type), + "subsystem '%.900s'", s->subsys); + } else if (command == NULL) { + snprintf(session_type, sizeof(session_type), "shell"); + } else { + /* NB. we don't log unforced commands to preserve privacy */ + snprintf(session_type, sizeof(session_type), "command"); + } + + if (s->ttyfd != -1) { + tty = s->tty; + if (strncmp(tty, "/dev/", 5) == 0) + tty += 5; } + verbose("Starting session: %s%s%s for %s from %.200s port %d", + session_type, + tty == NULL ? "" : " on ", + tty == NULL ? "" : tty, + s->pw->pw_name, + get_remote_ipaddr(), + get_remote_port()); + #ifdef SSH_AUDIT_EVENTS if (command != NULL) PRIVSEP(audit_run_command(command)); @@ -1545,6 +1568,11 @@ do_setusercontext(struct passwd *pw) */ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else +# ifdef USE_LIBIAF + if (set_id(pw->pw_name) != 0) { + fatal("set_id(%s) Failed", pw->pw_name); + } +# endif /* USE_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif @@ -2055,7 +2083,7 @@ session_pty_req(Session *s) u_int len; int n_bytes; - if (no_pty_flag) { + if (no_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this authentication."); return 0; } @@ -2116,15 +2144,16 @@ session_subsystem_req(Session *s) struct stat st; u_int len; int success = 0; - char *prog, *cmd, *subsys = packet_get_string(&len); + char *prog, *cmd; u_int i; + s->subsys = packet_get_string(&len); packet_check_eom(); - logit("subsystem request for %.100s by user %s", subsys, + debug2("subsystem request for %.100s by user %s", s->subsys, s->pw->pw_name); for (i = 0; i < options.num_subsystems; i++) { - if (strcmp(subsys, options.subsystem_name[i]) == 0) { + if (strcmp(s->subsys, options.subsystem_name[i]) == 0) { prog = options.subsystem_command[i]; cmd = options.subsystem_args[i]; if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { @@ -2143,10 +2172,9 @@ session_subsystem_req(Session *s) } if (!success) - logit("subsystem request for %.100s failed, subsystem not found", - subsys); + logit("subsystem request for %.100s by user %s failed, " + "subsystem not found", s->subsys, s->pw->pw_name); - free(subsys); return success; } @@ -2501,6 +2529,7 @@ session_close(Session *s) free(s->auth_display); free(s->auth_data); free(s->auth_proto); + free(s->subsys); if (s->env != NULL) { for (i = 0; i < s->num_env; i++) { free(s->env[i].name); |
