diff options
author | des <des@FreeBSD.org> | 2006-09-30 13:29:51 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2006-09-30 13:29:51 +0000 |
commit | 2f35ce4773442329d7798ccfecd8db9dcdce89bf (patch) | |
tree | bba6f2fe7855d7b0095f9dc7720dc27bea4d1fdf /crypto/openssh/session.c | |
parent | 03ef9d989bf2619956d8c703362439e9be9257ca (diff) | |
download | FreeBSD-src-2f35ce4773442329d7798ccfecd8db9dcdce89bf.zip FreeBSD-src-2f35ce4773442329d7798ccfecd8db9dcdce89bf.tar.gz |
Vendor import of OpenSSH 4.4p1.
Diffstat (limited to 'crypto/openssh/session.c')
-rw-r--r-- | crypto/openssh/session.c | 102 |
1 files changed, 72 insertions, 30 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 2bf9044..15c5ca9 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1,3 +1,4 @@ +/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -33,12 +34,35 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $"); +#include <sys/types.h> +#include <sys/param.h> +#ifdef HAVE_SYS_STAT_H +# include <sys/stat.h> +#endif +#include <sys/socket.h> +#include <sys/un.h> +#include <sys/wait.h> + +#include <arpa/inet.h> + +#include <errno.h> +#include <grp.h> +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#include <pwd.h> +#include <signal.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "xmalloc.h" #include "ssh.h" #include "ssh1.h" #include "ssh2.h" -#include "xmalloc.h" #include "sshpty.h" #include "packet.h" #include "buffer.h" @@ -46,7 +70,12 @@ RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $"); #include "uidswap.h" #include "compat.h" #include "channels.h" -#include "bufaux.h" +#include "key.h" +#include "cipher.h" +#ifdef GSSAPI +#include "ssh-gss.h" +#endif +#include "hostfile.h" #include "auth.h" #include "auth-options.h" #include "pathnames.h" @@ -63,10 +92,6 @@ RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $"); #include <kafs.h> #endif -#ifdef GSSAPI -#include "ssh-gss.h" -#endif - /* func */ Session *session_new(void); @@ -175,7 +200,7 @@ auth_input_request_forwarding(struct passwd * pw) sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); - if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) packet_disconnect("bind: %.100s", strerror(errno)); /* Restore the privileged uid. */ @@ -322,7 +347,11 @@ do_authenticated1(Authctxt *authctxt) break; } debug("Received TCP/IP port forwarding request."); - channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); + if (channel_input_port_forward_request(s->pw->pw_uid == 0, + options.gateway_ports) < 0) { + debug("Port forwarding failed."); + break; + } success = 1; break; @@ -632,7 +661,7 @@ do_pre_login(Session *s) fromlen = sizeof(from); if (packet_connection_is_on_socket()) { if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -651,10 +680,14 @@ do_pre_login(Session *s) void do_exec(Session *s, const char *command) { - if (forced_command) { + if (options.adm_forced_command) { + original_command = command; + command = options.adm_forced_command; + debug("Forced command (config) '%.900s'", command); + } else if (forced_command) { original_command = command; command = forced_command; - debug("Forced command '%.900s'", command); + debug("Forced command (key option) '%.900s'", command); } #ifdef SSH_AUDIT_EVENTS @@ -826,7 +859,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, if (envsize >= 1000) fatal("child_set_env: too many env vars"); envsize += 50; - env = (*envp) = xrealloc(env, envsize * sizeof(char *)); + env = (*envp) = xrealloc(env, envsize, sizeof(char *)); *envsizep = envsize; } /* Need to set the NULL pointer at end of array beyond the new slot. */ @@ -967,12 +1000,15 @@ do_setup_env(Session *s, const char *shell) { char buf[256]; u_int i, envsize; - char **env, *laddr, *path = NULL; + char **env, *laddr; struct passwd *pw = s->pw; +#ifndef HAVE_LOGIN_CAP + char *path = NULL; +#endif /* Initialize the environment. */ envsize = 100; - env = xmalloc(envsize * sizeof(char *)); + env = xcalloc(envsize, sizeof(char *)); env[0] = NULL; #ifdef HAVE_CYGWIN @@ -1340,6 +1376,10 @@ do_setusercontext(struct passwd *pw) #endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); + +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif } static void @@ -1559,7 +1599,7 @@ do_child(Session *s, const char *command) do_rc_files(s, shell); /* restore SIGPIPE for child */ - signal(SIGPIPE, SIG_DFL); + signal(SIGPIPE, SIG_DFL); if (options.use_login) { launch_login(pw, hostname); @@ -1823,7 +1863,7 @@ session_subsystem_req(Session *s) struct stat st; u_int len; int success = 0; - char *cmd, *subsys = packet_get_string(&len); + char *prog, *cmd, *subsys = packet_get_string(&len); u_int i; packet_check_eom(); @@ -1831,9 +1871,10 @@ session_subsystem_req(Session *s) for (i = 0; i < options.num_subsystems; i++) { if (strcmp(subsys, options.subsystem_name[i]) == 0) { - cmd = options.subsystem_command[i]; - if (stat(cmd, &st) < 0) { - error("subsystem: cannot stat %s: %s", cmd, + prog = options.subsystem_command[i]; + cmd = options.subsystem_args[i]; + if (stat(prog, &st) < 0) { + error("subsystem: cannot stat %s: %s", prog, strerror(errno)); break; } @@ -1930,8 +1971,8 @@ session_env_req(Session *s) for (i = 0; i < options.num_accept_env; i++) { if (match_pattern(name, options.accept_env[i])) { debug2("Setting env %d: %s=%s", s->num_env, name, val); - s->env = xrealloc(s->env, sizeof(*s->env) * - (s->num_env + 1)); + s->env = xrealloc(s->env, s->num_env + 1, + sizeof(*s->env)); s->env[s->num_env].name = name; s->env[s->num_env].val = val; s->num_env++; @@ -2176,11 +2217,10 @@ session_exit_message(Session *s, int status) /* disconnect channel */ debug("session_exit_message: release channel %d", s->chanid); - s->pid = 0; /* * Adjust cleanup callback attachment to send close messages when - * the channel gets EOF. The session will be then be closed + * the channel gets EOF. The session will be then be closed * by session_close_by_channel when the childs close their fds. */ channel_register_cleanup(c->self, session_close_by_channel, 1); @@ -2216,12 +2256,13 @@ session_close(Session *s) if (s->auth_proto) xfree(s->auth_proto); s->used = 0; - for (i = 0; i < s->num_env; i++) { - xfree(s->env[i].name); - xfree(s->env[i].val); - } - if (s->env != NULL) + if (s->env != NULL) { + for (i = 0; i < s->num_env; i++) { + xfree(s->env[i].name); + xfree(s->env[i].val); + } xfree(s->env); + } session_proctitle(s); } @@ -2238,6 +2279,7 @@ session_close_by_pid(pid_t pid, int status) session_exit_message(s, status); if (s->ttyfd != -1) session_pty_cleanup(s); + s->pid = 0; } /* @@ -2436,7 +2478,7 @@ do_cleanup(Authctxt *authctxt) return; called = 1; - if (authctxt == NULL) + if (authctxt == NULL || !authctxt->authenticated) return; #ifdef KRB5 if (options.kerberos_ticket_cleanup && |