freebsd-nq/crypto/openssh/session.c
Andrey A. Chernov 098de0c172 1) Proberly conditionalize PAM "last login" printout.
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.

Reviewed by:	des (1)
2002-04-23 12:36:11 +00:00

1986 lines
49 KiB
C

/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
* SSH2 support by Markus Friedl.
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
RCSID("$FreeBSD$");
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "sshpty.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
#include "bufaux.h"
#include "auth.h"
#include "auth-options.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
#include "sshlogin.h"
#include "serverloop.h"
#include "canohost.h"
#include "session.h"
#ifdef __FreeBSD__
#define _PATH_CHPASS "/usr/bin/passwd"
#endif /* __FreeBSD__ */
#if defined(HAVE_LOGIN_CAP) || defined(USE_PAM)
#include <libgen.h>
#endif
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
/* types */
#define TTYSZ 64
typedef struct Session Session;
struct Session {
int used;
int self;
struct passwd *pw;
Authctxt *authctxt;
pid_t pid;
/* tty */
char *term;
int ptyfd, ttyfd, ptymaster;
int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* X11 */
int display_number;
char *display;
int screen;
char *auth_display;
char *auth_proto;
char *auth_data;
int single_connection;
/* proto 2 */
int chanid;
int is_subsystem;
};
/* func */
Session *session_new(void);
void session_set_fds(Session *, int, int, int);
static void session_pty_cleanup(void *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
void do_exec_pty(Session *, const char *);
void do_exec_no_pty(Session *, const char *);
void do_exec(Session *, const char *);
void do_login(Session *, const char *);
void do_child(Session *, const char *);
void do_motd(void);
int check_quietlogin(Session *, const char *);
static void do_authenticated1(Authctxt *);
static void do_authenticated2(Authctxt *);
static void session_close(Session *);
static int session_pty_req(Session *);
/* import */
extern ServerOptions options;
extern char *__progname;
extern int log_stderr;
extern int debug_flag;
extern u_int utmp_len;
extern int startup_pipe;
extern void destroy_sensitive_data(void);
/* original command from peer. */
const char *original_command = NULL;
/* data */
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
#ifdef HAVE_LOGIN_CAP
static login_cap_t *lc;
#endif
void
do_authenticated(Authctxt *authctxt)
{
/*
* Cancel the alarm we set to limit the time taken for
* authentication.
*/
alarm(0);
if (startup_pipe != -1) {
close(startup_pipe);
startup_pipe = -1;
}
#ifdef HAVE_LOGIN_CAP
if ((lc = login_getpwclass(authctxt->pw)) == NULL) {
error("unable to get login class");
return;
}
#ifdef BSD_AUTH
if (auth_approval(NULL, lc, authctxt->pw->pw_name, "ssh") <= 0) {
packet_disconnect("Approval failure for %s",
authctxt->pw->pw_name);
}
#endif
#endif
/* setup the channel layer */
if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
channel_permit_all_opens();
if (compat20)
do_authenticated2(authctxt);
else
do_authenticated1(authctxt);
/* remove agent socket */
if (auth_get_socket_name())
auth_sock_cleanup_proc(authctxt->pw);
#ifdef KRB4
if (options.kerberos_ticket_cleanup)
krb4_cleanup_proc(authctxt);
#endif
#ifdef KRB5
if (options.kerberos_ticket_cleanup)
krb5_cleanup_proc(authctxt);
#endif
}
/*
* Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
* are requested, etc.
*/
static void
do_authenticated1(Authctxt *authctxt)
{
Session *s;
char *command;
int success, type, screen_flag;
int compression_level = 0, enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen;
s = session_new();
s->authctxt = authctxt;
s->pw = authctxt->pw;
/*
* We stay in this loop until the client requests to execute a shell
* or a command.
*/
for (;;) {
success = 0;
/* Get a packet from the client. */
type = packet_read();
/* Process the packet. */
switch (type) {
case SSH_CMSG_REQUEST_COMPRESSION:
compression_level = packet_get_int();
packet_check_eom();
if (compression_level < 1 || compression_level > 9) {
packet_send_debug("Received illegal compression level %d.",
compression_level);
break;
}
/* Enable compression after we have responded with SUCCESS. */
enable_compression_after_reply = 1;
success = 1;
break;
case SSH_CMSG_REQUEST_PTY:
success = session_pty_req(s);
break;
case SSH_CMSG_X11_REQUEST_FORWARDING:
s->auth_proto = packet_get_string(&proto_len);
s->auth_data = packet_get_string(&data_len);
screen_flag = packet_get_protocol_flags() &
SSH_PROTOFLAG_SCREEN_NUMBER;
debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag);
if (packet_remaining() == 4) {
if (!screen_flag)
debug2("Buggy client: "
"X11 screen flag missing");
s->screen = packet_get_int();
} else {
s->screen = 0;
}
packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
xfree(s->auth_proto);
xfree(s->auth_data);
s->auth_proto = NULL;
s->auth_data = NULL;
}
break;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
if (no_agent_forwarding_flag || compat13) {
debug("Authentication agent forwarding not permitted for this authentication.");
break;
}
debug("Received authentication agent forwarding request.");
success = auth_input_request_forwarding(s->pw);
break;
case SSH_CMSG_PORT_FORWARD_REQUEST:
if (no_port_forwarding_flag) {
debug("Port forwarding not permitted for this authentication.");
break;
}
if (!options.allow_tcp_forwarding) {
debug("Port forwarding not permitted.");
break;
}
debug("Received TCP/IP port forwarding request.");
channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);
success = 1;
break;
case SSH_CMSG_MAX_PACKET_SIZE:
if (packet_set_maxsize(packet_get_int()) > 0)
success = 1;
break;
#if defined(AFS) || defined(KRB5)
case SSH_CMSG_HAVE_KERBEROS_TGT:
if (!options.kerberos_tgt_passing) {
verbose("Kerberos TGT passing disabled.");
} else {
char *kdata = packet_get_string(&dlen);
packet_check_eom();
/* XXX - 0x41, see creds_to_radix version */
if (kdata[0] != 0x41) {
#ifdef KRB5
krb5_data tgt;
tgt.data = kdata;
tgt.length = dlen;
if (auth_krb5_tgt(s->authctxt, &tgt))
success = 1;
else
verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);
#endif /* KRB5 */
} else {
#ifdef AFS
if (auth_krb4_tgt(s->authctxt, kdata))
success = 1;
else
verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);
#endif /* AFS */
}
xfree(kdata);
}
break;
#endif /* AFS || KRB5 */
#ifdef AFS
case SSH_CMSG_HAVE_AFS_TOKEN:
if (!options.afs_token_passing || !k_hasafs()) {
verbose("AFS token passing disabled.");
} else {
/* Accept AFS token. */
char *token = packet_get_string(&dlen);
packet_check_eom();
if (auth_afs_token(s->authctxt, token))
success = 1;
else
verbose("AFS token refused for %.100s",
s->authctxt->user);
xfree(token);
}
break;
#endif /* AFS */
case SSH_CMSG_EXEC_SHELL:
case SSH_CMSG_EXEC_CMD:
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
do_exec(s, command);
xfree(command);
} else {
do_exec(s, NULL);
}
packet_check_eom();
session_close(s);
return;
default:
/*
* Any unknown messages in this phase are ignored,
* and a failure message is returned.
*/
log("Unknown packet type received after authentication: %d", type);
}
packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
/* Enable compression now that we have replied if appropriate. */
if (enable_compression_after_reply) {
enable_compression_after_reply = 0;
packet_start_compression(compression_level);
}
}
}
/*
* This is called to fork and execute a command when we have no tty. This
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors and such.
*/
void
do_exec_no_pty(Session *s, const char *command)
{
int pid;
#ifdef USE_PIPES
int pin[2], pout[2], perr[2];
/* Allocate pipes for communicating with the program. */
if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
packet_disconnect("Could not create pipes: %.100s",
strerror(errno));
#else /* USE_PIPES */
int inout[2], err[2];
/* Uses socket pairs to communicate with the program. */
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
packet_disconnect("Could not create socket pairs: %.100s",
strerror(errno));
#endif /* USE_PIPES */
if (s == NULL)
fatal("do_exec_no_pty: no session");
session_proctitle(s);
#ifdef USE_PAM
do_pam_setcred();
#endif /* USE_PAM */
/* Fork the child. */
if ((pid = fork()) == 0) {
/* Child. Reinitialize the log since the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
if (setsid() < 0)
error("setsid failed: %.100s", strerror(errno));
#ifdef USE_PIPES
/*
* Redirect stdin. We close the parent side of the socket
* pair, and make the child side the standard input.
*/
close(pin[1]);
if (dup2(pin[0], 0) < 0)
perror("dup2 stdin");
close(pin[0]);
/* Redirect stdout. */
close(pout[0]);
if (dup2(pout[1], 1) < 0)
perror("dup2 stdout");
close(pout[1]);
/* Redirect stderr. */
close(perr[0]);
if (dup2(perr[1], 2) < 0)
perror("dup2 stderr");
close(perr[1]);
#else /* USE_PIPES */
/*
* Redirect stdin, stdout, and stderr. Stdin and stdout will
* use the same socket, as some programs (particularly rdist)
* seem to depend on it.
*/
close(inout[1]);
close(err[1]);
if (dup2(inout[0], 0) < 0) /* stdin */
perror("dup2 stdin");
if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
perror("dup2 stdout");
if (dup2(err[0], 2) < 0) /* stderr */
perror("dup2 stderr");
#endif /* USE_PIPES */
/* Do processing for the child (exec command etc). */
do_child(s, command);
/* NOTREACHED */
}
if (pid < 0)
packet_disconnect("fork failed: %.100s", strerror(errno));
s->pid = pid;
/* Set interactive/non-interactive mode. */
packet_set_interactive(s->display != NULL);
#ifdef USE_PIPES
/* We are the parent. Close the child sides of the pipes. */
close(pin[0]);
close(pout[1]);
close(perr[1]);
if (compat20) {
session_set_fds(s, pin[1], pout[0], s->is_subsystem ? -1 : perr[0]);
} else {
/* Enter the interactive session. */
server_loop(pid, pin[1], pout[0], perr[0]);
/* server_loop has closed pin[1], pout[0], and perr[0]. */
}
#else /* USE_PIPES */
/* We are the parent. Close the child sides of the socket pairs. */
close(inout[0]);
close(err[0]);
/*
* Enter the interactive session. Note: server_loop must be able to
* handle the case that fdin and fdout are the same.
*/
if (compat20) {
session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]);
} else {
server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */
}
#endif /* USE_PIPES */
}
/*
* This is called to fork and execute a command when we have a tty. This
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors, controlling tty, updating wtmp, utmp,
* lastlog, and other such operations.
*/
void
do_exec_pty(Session *s, const char *command)
{
int fdout, ptyfd, ttyfd, ptymaster;
pid_t pid;
if (s == NULL)
fatal("do_exec_pty: no session");
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
#ifdef USE_PAM
do_pam_session(s->pw->pw_name, basename(s->tty));
do_pam_setcred();
#endif /* USE_PAM */
/* Fork the child. */
if ((pid = fork()) == 0) {
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/* Close the master side of the pseudo tty. */
close(ptyfd);
/* Make the pseudo tty our controlling tty. */
pty_make_controlling_tty(&ttyfd, s->tty);
/* Redirect stdin/stdout/stderr from the pseudo tty. */
if (dup2(ttyfd, 0) < 0)
error("dup2 stdin: %s", strerror(errno));
if (dup2(ttyfd, 1) < 0)
error("dup2 stdout: %s", strerror(errno));
if (dup2(ttyfd, 2) < 0)
error("dup2 stderr: %s", strerror(errno));
/* Close the extra descriptor for the pseudo tty. */
close(ttyfd);
/* record login, etc. similar to login(1) */
if (!(options.use_login && command == NULL))
do_login(s, command);
/* Do common processing for the child, such as execing the command. */
do_child(s, command);
/* NOTREACHED */
}
if (pid < 0)
packet_disconnect("fork failed: %.100s", strerror(errno));
s->pid = pid;
/* Parent. Close the slave side of the pseudo tty. */
close(ttyfd);
/*
* Create another descriptor of the pty master side for use as the
* standard input. We could use the original descriptor, but this
* simplifies code in server_loop. The descriptor is bidirectional.
*/
fdout = dup(ptyfd);
if (fdout < 0)
packet_disconnect("dup #1 failed: %.100s", strerror(errno));
/* we keep a reference to the pty master */
ptymaster = dup(ptyfd);
if (ptymaster < 0)
packet_disconnect("dup #2 failed: %.100s", strerror(errno));
s->ptymaster = ptymaster;
/* Enter interactive session. */
packet_set_interactive(1);
if (compat20) {
session_set_fds(s, ptyfd, fdout, -1);
} else {
server_loop(pid, ptyfd, fdout, -1);
/* server_loop _has_ closed ptyfd and fdout. */
}
}
/*
* This is called to fork and execute a command. If another command is
* to be forced, execute that instead.
*/
void
do_exec(Session *s, const char *command)
{
if (forced_command) {
original_command = command;
command = forced_command;
debug("Forced command '%.900s'", command);
}
if (s->ttyfd != -1)
do_exec_pty(s, command);
else
do_exec_no_pty(s, command);
original_command = NULL;
}
/* administrative, login(1)-like work */
void
do_login(Session *s, const char *command)
{
FILE *f;
#ifndef USE_PAM
char *time_string;
char *newcommand = NULL;
#endif
char buf[256];
#ifndef USE_PAM
char hostname[MAXHOSTNAMELEN];
socklen_t fromlen;
struct sockaddr_storage from;
time_t last_login_time;
#endif
struct passwd * pw = s->pw;
#ifndef USE_PAM
pid_t pid = getpid();
#endif
#ifdef __FreeBSD__
#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
struct timeval tv;
time_t warntime = DEFAULT_WARN;
#endif /* __FreeBSD__ */
#ifndef USE_PAM
/*
* Let PAM handle utmp / wtmp.
*/
/*
* Get IP address of client. If the connection is not a socket, let
* the address be 0.0.0.0.
*/
memset(&from, 0, sizeof(from));
if (packet_connection_is_on_socket()) {
fromlen = sizeof(from);
if (getpeername(packet_get_connection_in(),
(struct sockaddr *) & from, &fromlen) < 0) {
debug("getpeername: %.100s", strerror(errno));
fatal_cleanup();
}
}
#endif
#ifndef USE_PAM
/* Get the time and hostname when the user last logged in. */
if (options.print_lastlog) {
hostname[0] = '\0';
last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
hostname, sizeof(hostname));
}
/* Record that there was a login on that tty from the remote host. */
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
(struct sockaddr *)&from);
#endif
#ifdef USE_PAM
/*
* If password change is needed, do it now.
* This needs to occur before the ~/.hushlogin check.
*/
if (pam_password_change_required()) {
print_pam_messages();
do_pam_chauthtok();
}
#endif
#ifdef __FreeBSD__
if (pw->pw_change || pw->pw_expire)
(void)gettimeofday(&tv, NULL);
#ifdef HAVE_LOGIN_CAP
warntime = login_getcaptime(lc, "warnpassword",
DEFAULT_WARN, DEFAULT_WARN);
#endif /* HAVE_LOGIN_CAP */
#ifndef USE_PAM
/*
* If the password change time is set and has passed, give the
* user a password expiry notice and chance to change it.
*/
if (pw->pw_change != 0) {
if (tv.tv_sec >= pw->pw_change) {
(void)printf(
"Sorry -- your password has expired.\n");
log("%s Password expired - forcing change",
pw->pw_name);
if (newcommand != NULL)
xfree(newcommand);
newcommand = xstrdup(_PATH_CHPASS);
} else if (pw->pw_change - tv.tv_sec < warntime &&
!check_quietlogin(s, command))
(void)printf(
"Warning: your password expires on %s",
ctime(&pw->pw_change));
}
#endif
#ifdef HAVE_LOGIN_CAP
warntime = login_getcaptime(lc, "warnexpire",
DEFAULT_WARN, DEFAULT_WARN);
#endif /* HAVE_LOGIN_CAP */
#ifndef USE_PAM
if (pw->pw_expire) {
if (tv.tv_sec >= pw->pw_expire) {
(void)printf(
"Sorry -- your account has expired.\n");
log(
"LOGIN %.200s REFUSED (EXPIRED) FROM %.200s ON TTY %.200s",
pw->pw_name, get_remote_name_or_ip(utmp_len,
options.verify_reverse_mapping), s->tty);
exit(254);
} else if (pw->pw_expire - tv.tv_sec < warntime &&
!check_quietlogin(s, command))
(void)printf(
"Warning: your account expires on %s",
ctime(&pw->pw_expire));
}
#endif /* !USE_PAM */
#endif /* __FreeBSD__ */
#ifdef HAVE_LOGIN_CAP
if (!auth_ttyok(lc, basename(s->tty))) {
(void)printf("Permission denied.\n");
log(
"LOGIN %.200s REFUSED (TTY) FROM %.200s ON TTY %.200s",
pw->pw_name, get_remote_name_or_ip(utmp_len,
options.verify_reverse_mapping), s->tty);
exit(254);
}
#endif /* HAVE_LOGIN_CAP */
#ifdef USE_PAM
if (command == NULL && options.print_lastlog &&
!check_quietlogin(s, command) &&
!options.use_login && !pam_password_change_required())
print_pam_messages();
#else /* !USE_PAM */
/*
* If the user has logged in before, display the time of last
* login. However, don't display anything extra if a command
* has been specified (so that ssh can be used to execute
* commands on a remote machine without users knowing they
* are going to another machine). Login(1) will do this for
* us as well, so check if login(1) is used
*/
if (command == NULL && options.print_lastlog &&
last_login_time != 0 && !check_quietlogin(s, command) &&
!options.use_login) {
time_string = ctime(&last_login_time);
if (strchr(time_string, '\n'))
*strchr(time_string, '\n') = 0;
if (strcmp(hostname, "") == 0)
printf("Last login: %s\r\n", time_string);
else
printf("Last login: %s from %s\r\n", time_string, hostname);
}
#endif /* !USE_PAM */
if (command == NULL && !check_quietlogin(s, command) &&
!options.use_login) {
#ifdef HAVE_LOGIN_CAP
const char *fname = login_getcapstr(lc, "copyright", NULL, NULL);
if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
while (fgets(buf, sizeof(buf), f) != NULL)
fputs(buf, stdout);
fclose(f);
} else
#endif /* HAVE_LOGIN_CAP */
(void)printf("%s\n\t%s %s\n",
"Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
"The Regents of the University of California. ",
"All rights reserved.");
(void)printf("\n");
/*
* Print /etc/motd unless a command was specified or printing
* it was disabled in server options or login(1) will be
* used. Note that some machines appear to print it in
* /etc/profile or similar.
*/
do_motd();
}
}
/*
* Display the message of the day.
*/
void
do_motd(void)
{
FILE *f;
char buf[256];
if (options.print_motd) {
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
#else
f = fopen("/etc/motd", "r");
#endif
if (f) {
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
fclose(f);
}
}
}
/*
* Check for quiet login, either .hushlogin or command given.
*/
int
check_quietlogin(Session *s, const char *command)
{
char buf[256];
struct passwd *pw = s->pw;
struct stat st;
/* Return 1 if .hushlogin exists or a command given. */
if (command != NULL)
return 1;
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
return 1;
#else
if (stat(buf, &st) >= 0)
return 1;
#endif
return 0;
}
/*
* Sets the value of the given variable in the environment. If the variable
* already exists, its value is overriden.
*/
static void
child_set_env(char ***envp, u_int *envsizep, const char *name,
const char *value)
{
u_int i, namelen;
char **env;
/*
* Find the slot where the value should be stored. If the variable
* already exists, we reuse the slot; otherwise we append a new slot
* at the end of the array, expanding if necessary.
*/
env = *envp;
namelen = strlen(name);
for (i = 0; env[i]; i++)
if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=')
break;
if (env[i]) {
/* Reuse the slot. */
xfree(env[i]);
} else {
/* New variable. Expand if necessary. */
if (i >= (*envsizep) - 1) {
(*envsizep) += 50;
env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
}
/* Need to set the NULL pointer at end of array beyond the new slot. */
env[i + 1] = NULL;
}
/* Allocate space and format the variable in the appropriate slot. */
env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
}
/*
* Reads environment variables from the given file and adds/overrides them
* into the environment. If the file does not exist, this does nothing.
* Otherwise, it must consist of empty lines, comments (line starts with '#')
* and assignments of the form name=value. No other forms are allowed.
*/
static void
read_environment_file(char ***env, u_int *envsize,
const char *filename)
{
FILE *f;
char buf[4096];
char *cp, *value;
f = fopen(filename, "r");
if (!f)
return;
while (fgets(buf, sizeof(buf), f)) {
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '#' || *cp == '\n')
continue;
if (strchr(cp, '\n'))
*strchr(cp, '\n') = '\0';
value = strchr(cp, '=');
if (value == NULL) {
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
continue;
}
/*
* Replace the equals sign by nul, and advance value to
* the value string.
*/
*value = '\0';
value++;
child_set_env(env, envsize, cp, value);
}
fclose(f);
}
#ifdef USE_PAM
/*
* Sets any environment variables which have been specified by PAM
*/
static void
do_pam_environment(char ***env, u_int *envsize)
{
char *equals, var_name[512], var_val[512];
char **pam_env;
int i;
if ((pam_env = fetch_pam_environment()) == NULL)
return;
for(i = 0; pam_env[i] != NULL; i++) {
if ((equals = strstr(pam_env[i], "=")) == NULL)
continue;
if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
strncpy(var_name, pam_env[i], equals - pam_env[i]);
strcpy(var_val, equals + 1);
child_set_env(env, envsize, var_name, var_val);
}
}
}
#endif /* USE_PAM */
static char **
do_setup_env(char **env, Session *s, const char *shell)
{
char buf[256];
u_int i, envsize;
struct passwd *pw = s->pw;
if (env == NULL) {
/* Initialize the environment. */
envsize = 100;
env = xmalloc(envsize * sizeof(char *));
env[0] = NULL;
} else {
for (envsize = 0; env[envsize] != NULL; ++envsize)
;
envsize = (envsize < 100) ? 100 : envsize + 50;
env = xrealloc(env, envsize * sizeof(char *));
}
if (!options.use_login) {
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
#ifndef HAVE_LOGIN_CAP
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
child_set_env(&env, &envsize, "MAIL", buf);
#endif /* !HAVE_LOGIN_CAP */
/* Normal systems set SHELL by default. */
child_set_env(&env, &envsize, "SHELL", shell);
}
if (getenv("TZ"))
#ifdef HAVE_LOGIN_CAP
if (options.use_login)
#endif /* HAVE_LOGIN_CAP */
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
/* Set custom environment options from RSA authentication. */
if (!options.use_login) {
while (custom_environment) {
struct envstring *ce = custom_environment;
char *s = ce->s;
for (i = 0; s[i] != '=' && s[i]; i++)
;
if (s[i] == '=') {
s[i] = 0;
child_set_env(&env, &envsize, s, s + i + 1);
}
custom_environment = ce->next;
xfree(ce->s);
xfree(ce);
}
}
snprintf(buf, sizeof buf, "%.50s %d %d",
get_remote_ipaddr(), get_remote_port(), get_local_port());
child_set_env(&env, &envsize, "SSH_CLIENT", buf);
if (s->ttyfd != -1)
child_set_env(&env, &envsize, "SSH_TTY", s->tty);
if (s->term)
#ifdef HAVE_LOGIN_CAP
if (options.use_login)
#endif /* HAVE_LOGIN_CAP */
child_set_env(&env, &envsize, "TERM", s->term);
if (s->display)
child_set_env(&env, &envsize, "DISPLAY", s->display);
if (original_command)
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);
#ifdef KRB4
if (s->authctxt->krb4_ticket_file)
child_set_env(&env, &envsize, "KRBTKFILE",
s->authctxt->krb4_ticket_file);
#endif
#ifdef KRB5
if (s->authctxt->krb5_ticket_file)
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ticket_file);
#endif
#ifdef USE_PAM
/* Pull in any environment variables that may have been set by PAM. */
do_pam_environment(&env, &envsize);
#endif /* USE_PAM */
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
pw->pw_dir);
read_environment_file(&env, &envsize, buf);
}
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
for (i = 0; env[i]; i++)
fprintf(stderr, " %.200s\n", env[i]);
}
return env;
}
/*
* Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
* first in this order).
*/
static void
do_rc_files(Session *s, const char *shell)
{
FILE *f = NULL;
char cmd[1024];
int do_xauth;
struct stat st;
do_xauth =
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
/* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
fprintf(stderr, "Running %s\n", cmd);
f = popen(cmd, "w");
if (f) {
if (do_xauth)
fprintf(f, "%s %s\n", s->auth_proto,
s->auth_data);
pclose(f);
} else
fprintf(stderr, "Could not run %s\n",
_PATH_SSH_USER_RC);
} else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
if (debug_flag)
fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
_PATH_SSH_SYSTEM_RC);
f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
if (f) {
if (do_xauth)
fprintf(f, "%s %s\n", s->auth_proto,
s->auth_data);
pclose(f);
} else
fprintf(stderr, "Could not run %s\n",
_PATH_SSH_SYSTEM_RC);
} else if (do_xauth && options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
if (debug_flag) {
fprintf(stderr,
"Running %.100s add "
"%.100s %.100s %.100s\n",
options.xauth_location, s->auth_display,
s->auth_proto, s->auth_data);
}
snprintf(cmd, sizeof cmd, "%s -q -",
options.xauth_location);
f = popen(cmd, "w");
if (f) {
fprintf(f, "add %s %s %s\n",
s->auth_display, s->auth_proto,
s->auth_data);
pclose(f);
} else {
fprintf(stderr, "Could not run %s\n",
cmd);
}
}
}
static void
do_nologin(struct passwd *pw)
{
FILE *f = NULL;
char buf[1024];
#ifdef HAVE_LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
_PATH_NOLOGIN), "r");
#else
if (pw->pw_uid)
f = fopen(_PATH_NOLOGIN, "r");
#endif
if (f) {
/* /etc/nologin exists. Print its contents and exit. */
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
fclose(f);
exit(254);
}
}
/* Set login name, uid, gid, and groups. */
static char **
do_setusercontext(Session *s)
{
char **env = NULL;
struct passwd *pw = s->pw;
#ifdef HAVE_LOGIN_CAP
char buf[256];
char **tmpenv;
u_int envsize;
extern char **environ;
/* Initialize the environment. */
envsize = 100;
env = xmalloc(envsize * sizeof(char *));
env[0] = NULL;
child_set_env(&env, &envsize, "PATH",
(pw->pw_uid == 0) ?
_PATH_STDPATH : _PATH_DEFPATH);
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
child_set_env(&env, &envsize, "MAIL", buf);
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
if (s->term)
child_set_env(&env, &envsize, "TERM", s->term);
/* Save parent environment */
tmpenv = environ;
/* Switch to env */
environ = env;
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETALL) < 0)
fatal("setusercontext failed: %s", strerror(errno));
/* NOTE: Modified environment now passed to env! */
env = environ;
/* Restore parent environment */
environ = tmpenv;
#else /* !HAVE_LOGIN_CAP */
if (getuid() == 0 || geteuid() == 0) {
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
if (setgid(pw->pw_gid) < 0) {
perror("setgid");
exit(1);
}
/* Initialize the group list. */
if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
perror("initgroups");
exit(1);
}
endgrent();
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
}
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
#endif /* HAVE_LOGIN_CAP */
return env;
}
/*
* Performs common processing for the child, such as setting up the
* environment, closing extra file descriptors, setting the user and group
* ids, and executing the command or shell.
*/
void
do_child(Session *s, const char *command)
{
extern char **environ;
char **env = NULL;
char *argv[10];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
u_int i;
int ttyfd = s->ttyfd;
#ifdef HAVE_LOGIN_CAP
int lc_requirehome, lc_nocheckmail;
#endif
/* remove hostkey from the child's memory */
destroy_sensitive_data();
/* login(1) is only called if we execute the login shell */
if (options.use_login && command != NULL)
options.use_login = 0;
/*
* Login(1) does this as well, and it needs uid 0 for the "-h"
* switch, so we let login(1) to this for us.
*/
if (!options.use_login) {
do_nologin(pw);
env = do_setusercontext(s);
}
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
#endif
env = do_setup_env(env, s, shell);
/* we have to stash the hostname before we close our socket. */
if (options.use_login)
hostname = get_remote_name_or_ip(utmp_len,
options.verify_reverse_mapping);
/*
* Close the connection descriptors; note that this is the child, and
* the server will still have the socket open, and it is important
* that we do not shutdown it. Note that the descriptors cannot be
* closed before building the environment, as we call
* get_remote_ipaddr there.
*/
if (packet_get_connection_in() == packet_get_connection_out())
close(packet_get_connection_in());
else {
close(packet_get_connection_in());
close(packet_get_connection_out());
}
/*
* Close all descriptors related to channels. They will still remain
* open in the parent.
*/
/* XXX better use close-on-exec? -markus */
channel_close_all();
/*
* Close any extra file descriptors. Note that there may still be
* descriptors left by system functions. They will be closed later.
*/
endpwent();
#ifdef HAVE_LOGIN_CAP
lc_requirehome = login_getcapbool(lc, "requirehome", 0);
lc_nocheckmail = login_getcapbool(lc, "nocheckmail", 0);
login_close(lc);
#endif
/*
* Close any extra open file descriptors so that we don\'t have them
* hanging around in clients. Note that we want to do this after
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
for (i = 3; i < getdtablesize(); i++)
close(i);
/*
* Must take new environment into use so that .ssh/rc,
* /etc/ssh/sshrc and xauth are run in the proper environment.
*/
environ = env;
#ifdef AFS
/* Try to get AFS tokens for the local cell. */
if (k_hasafs()) {
char cell[64];
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
krb_afslog(cell, 0);
krb_afslog(0, 0);
}
#endif /* AFS */
/* Change current directory to the user\'s home directory. */
if (chdir(pw->pw_dir) < 0) {
fprintf(stderr, "Could not chdir to home directory %s: %s\n",
pw->pw_dir, strerror(errno));
#ifdef HAVE_LOGIN_CAP
if (lc_requirehome)
exit(1);
#endif
}
if (!options.use_login)
do_rc_files(s, shell);
/* restore SIGPIPE for child */
signal(SIGPIPE, SIG_DFL);
if (options.use_login) {
/* Launch login(1). */
execl("/usr/bin/login", "login", "-h", hostname,
"-p", "-f", "--", pw->pw_name, (char *)NULL);
/* Login couldn't be executed, die. */
perror("login");
exit(1);
}
/* Get the last component of the shell name. */
if ((shell0 = strrchr(shell, '/')) != NULL)
shell0++;
else
shell0 = shell;
/*
* If we have no command, execute the shell. In this case, the shell
* name to be passed in argv[0] is preceded by '-' to indicate that
* this is a login shell.
*/
if (!command) {
char argv0[256];
/* Start the shell. Set initial character to '-'. */
argv0[0] = '-';
if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
>= sizeof(argv0) - 1) {
errno = EINVAL;
perror(shell);
exit(1);
}
/*
* Check for mail if we have a tty and it was enabled
* in server options.
*/
if (ttyfd != -1 && options.check_mail
#ifdef HAVE_LOGIN_CAP
&& !lc_nocheckmail
#endif
) {
char *mailbox;
struct stat mailstat;
mailbox = getenv("MAIL");
if (mailbox != NULL) {
if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
;
else if (mailstat.st_mtime < mailstat.st_atime)
printf("You have mail.\n");
else
printf("You have new mail.\n");
}
}
/* Execute the shell. */
argv[0] = argv0;
argv[1] = NULL;
execve(shell, argv, env);
/* Executing the shell failed. */
perror(shell);
exit(1);
}
/*
* Execute the command using the user's shell. This uses the -c
* option to execute the command.
*/
argv[0] = (char *) shell0;
argv[1] = "-c";
argv[2] = (char *) command;
argv[3] = NULL;
execve(shell, argv, env);
perror(shell);
exit(1);
}
Session *
session_new(void)
{
int i;
static int did_init = 0;
if (!did_init) {
debug("session_new: init");
for (i = 0; i < MAX_SESSIONS; i++) {
sessions[i].used = 0;
}
did_init = 1;
}
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (! s->used) {
memset(s, 0, sizeof(*s));
s->chanid = -1;
s->ptyfd = -1;
s->ttyfd = -1;
s->used = 1;
s->self = i;
debug("session_new: session %d", i);
return s;
}
}
return NULL;
}
static void
session_dump(void)
{
int i;
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
debug("dump: used %d session %d %p channel %d pid %d",
s->used,
s->self,
s,
s->chanid,
s->pid);
}
}
int
session_open(Authctxt *authctxt, int chanid)
{
Session *s = session_new();
debug("session_open: channel %d", chanid);
if (s == NULL) {
error("no more sessions");
return 0;
}
s->authctxt = authctxt;
s->pw = authctxt->pw;
if (s->pw == NULL)
fatal("no user for session %d", s->self);
debug("session_open: session %d: link with channel %d", s->self, chanid);
s->chanid = chanid;
return 1;
}
static Session *
session_by_channel(int id)
{
int i;
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->chanid == id) {
debug("session_by_channel: session %d channel %d", i, id);
return s;
}
}
debug("session_by_channel: unknown channel %d", id);
session_dump();
return NULL;
}
static Session *
session_by_pid(pid_t pid)
{
int i;
debug("session_by_pid: pid %d", pid);
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->pid == pid)
return s;
}
error("session_by_pid: unknown pid %d", pid);
session_dump();
return NULL;
}
static int
session_window_change_req(Session *s)
{
s->col = packet_get_int();
s->row = packet_get_int();
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
packet_check_eom();
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
return 1;
}
static int
session_pty_req(Session *s)
{
u_int len;
int n_bytes;
if (no_pty_flag) {
debug("Allocating a pty not permitted for this authentication.");
return 0;
}
if (s->ttyfd != -1) {
packet_disconnect("Protocol error: you already have a pty.");
return 0;
}
s->term = packet_get_string(&len);
if (compat20) {
s->col = packet_get_int();
s->row = packet_get_int();
} else {
s->row = packet_get_int();
s->col = packet_get_int();
}
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
if (strcmp(s->term, "") == 0) {
xfree(s->term);
s->term = NULL;
}
/* Allocate a pty and open it. */
debug("Allocating pty.");
if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) {
if (s->term)
xfree(s->term);
s->term = NULL;
s->ptyfd = -1;
s->ttyfd = -1;
error("session_pty_req: session %d alloc failed", s->self);
return 0;
}
debug("session_pty_req: session %d alloc %s", s->self, s->tty);
/* for SSH1 the tty modes length is not given */
if (!compat20)
n_bytes = packet_remaining();
tty_parse_modes(s->ttyfd, &n_bytes);
/*
* Add a cleanup function to clear the utmp entry and record logout
* time in case we call fatal() (e.g., the connection gets closed).
*/
fatal_add_cleanup(session_pty_cleanup, (void *)s);
pty_setowner(s->pw, s->tty);
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
packet_check_eom();
session_proctitle(s);
return 1;
}
static int
session_subsystem_req(Session *s)
{
struct stat st;
u_int len;
int success = 0;
char *cmd, *subsys = packet_get_string(&len);
int i;
packet_check_eom();
log("subsystem request for %.100s", subsys);
for (i = 0; i < options.num_subsystems; i++) {
if (strcmp(subsys, options.subsystem_name[i]) == 0) {
cmd = options.subsystem_command[i];
if (stat(cmd, &st) < 0) {
error("subsystem: cannot stat %s: %s", cmd,
strerror(errno));
break;
}
debug("subsystem: exec() %s", cmd);
s->is_subsystem = 1;
do_exec(s, cmd);
success = 1;
break;
}
}
if (!success)
log("subsystem request for %.100s failed, subsystem not found",
subsys);
xfree(subsys);
return success;
}
static int
session_x11_req(Session *s)
{
int success;
s->single_connection = packet_get_char();
s->auth_proto = packet_get_string(NULL);
s->auth_data = packet_get_string(NULL);
s->screen = packet_get_int();
packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
xfree(s->auth_proto);
xfree(s->auth_data);
s->auth_proto = NULL;
s->auth_data = NULL;
}
return success;
}
static int
session_shell_req(Session *s)
{
packet_check_eom();
do_exec(s, NULL);
return 1;
}
static int
session_exec_req(Session *s)
{
u_int len;
char *command = packet_get_string(&len);
packet_check_eom();
do_exec(s, command);
xfree(command);
return 1;
}
static int
session_auth_agent_req(Session *s)
{
static int called = 0;
packet_check_eom();
if (no_agent_forwarding_flag) {
debug("session_auth_agent_req: no_agent_forwarding_flag");
return 0;
}
if (called) {
return 0;
} else {
called = 1;
return auth_input_request_forwarding(s->pw);
}
}
int
session_input_channel_req(Channel *c, const char *rtype)
{
int success = 0;
Session *s;
if ((s = session_by_channel(c->self)) == NULL) {
log("session_input_channel_req: no session %d req %.100s",
c->self, rtype);
return 0;
}
debug("session_input_channel_req: session %d req %s", s->self, rtype);
/*
* a session is in LARVAL state until a shell, a command
* or a subsystem is executed
*/
if (c->type == SSH_CHANNEL_LARVAL) {
if (strcmp(rtype, "shell") == 0) {
success = session_shell_req(s);
} else if (strcmp(rtype, "exec") == 0) {
success = session_exec_req(s);
} else if (strcmp(rtype, "pty-req") == 0) {
success = session_pty_req(s);
} else if (strcmp(rtype, "x11-req") == 0) {
success = session_x11_req(s);
} else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
success = session_auth_agent_req(s);
} else if (strcmp(rtype, "subsystem") == 0) {
success = session_subsystem_req(s);
}
}
if (strcmp(rtype, "window-change") == 0) {
success = session_window_change_req(s);
}
return success;
}
void
session_set_fds(Session *s, int fdin, int fdout, int fderr)
{
if (!compat20)
fatal("session_set_fds: called for proto != 2.0");
/*
* now that have a child and a pipe to the child,
* we can activate our channel and register the fd's
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
channel_set_fds(s->chanid,
fdout, fdin, fderr,
fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1,
CHAN_SES_WINDOW_DEFAULT);
}
/*
* Function to perform pty cleanup. Also called if we get aborted abnormally
* (e.g., due to a dropped connection).
*/
static void
session_pty_cleanup(void *session)
{
Session *s = session;
if (s == NULL) {
error("session_pty_cleanup: no session");
return;
}
if (s->ttyfd == -1)
return;
debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
/* Record that the user has logged out. */
if (s->pid != 0)
record_logout(s->pid, s->tty);
/* Release the pseudo-tty. */
pty_release(s->tty);
/*
* Close the server side of the socket pairs. We must do this after
* the pty cleanup, so that another process doesn't get this pty
* while we're still cleaning up.
*/
if (close(s->ptymaster) < 0)
error("close(s->ptymaster): %s", strerror(errno));
/* unlink pty from session */
s->ttyfd = -1;
}
static void
session_exit_message(Session *s, int status)
{
Channel *c;
if ((c = channel_lookup(s->chanid)) == NULL)
fatal("session_exit_message: session %d: no channel %d",
s->self, s->chanid);
debug("session_exit_message: session %d channel %d pid %d",
s->self, s->chanid, s->pid);
if (WIFEXITED(status)) {
channel_request_start(s->chanid, "exit-status", 0);
packet_put_int(WEXITSTATUS(status));
packet_send();
} else if (WIFSIGNALED(status)) {
channel_request_start(s->chanid, "exit-signal", 0);
packet_put_int(WTERMSIG(status));
packet_put_char(WCOREDUMP(status));
packet_put_cstring("");
packet_put_cstring("");
packet_send();
} else {
/* Some weird exit cause. Just exit. */
packet_disconnect("wait returned status %04x.", status);
}
/* disconnect channel */
debug("session_exit_message: release channel %d", s->chanid);
channel_cancel_cleanup(s->chanid);
/*
* emulate a write failure with 'chan_write_failed', nobody will be
* interested in data we write.
* Note that we must not call 'chan_read_failed', since there could
* be some more data waiting in the pipe.
*/
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
s->chanid = -1;
}
static void
session_close(Session *s)
{
debug("session_close: session %d pid %d", s->self, s->pid);
if (s->ttyfd != -1) {
fatal_remove_cleanup(session_pty_cleanup, (void *)s);
session_pty_cleanup(s);
}
if (s->term)
xfree(s->term);
if (s->display)
xfree(s->display);
if (s->auth_display)
xfree(s->auth_display);
if (s->auth_data)
xfree(s->auth_data);
if (s->auth_proto)
xfree(s->auth_proto);
s->used = 0;
session_proctitle(s);
}
void
session_close_by_pid(pid_t pid, int status)
{
Session *s = session_by_pid(pid);
if (s == NULL) {
debug("session_close_by_pid: no session for pid %d", pid);
return;
}
if (s->chanid != -1)
session_exit_message(s, status);
session_close(s);
}
/*
* this is called when a channel dies before
* the session 'child' itself dies
*/
void
session_close_by_channel(int id, void *arg)
{
Session *s = session_by_channel(id);
if (s == NULL) {
debug("session_close_by_channel: no session for id %d", id);
return;
}
debug("session_close_by_channel: channel %d child %d", id, s->pid);
if (s->pid != 0) {
debug("session_close_by_channel: channel %d: has child", id);
/*
* delay detach of session, but release pty, since
* the fd's to the child are already closed
*/
if (s->ttyfd != -1) {
fatal_remove_cleanup(session_pty_cleanup, (void *)s);
session_pty_cleanup(s);
}
return;
}
/* detach by removing callback */
channel_cancel_cleanup(s->chanid);
s->chanid = -1;
session_close(s);
}
void
session_destroy_all(void)
{
int i;
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used)
session_close(s);
}
}
static char *
session_tty_list(void)
{
static char buf[1024];
int i;
buf[0] = '\0';
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1) {
if (buf[0] != '\0')
strlcat(buf, ",", sizeof buf);
strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf);
}
}
if (buf[0] == '\0')
strlcpy(buf, "notty", sizeof buf);
return buf;
}
void
session_proctitle(Session *s)
{
if (s->pw == NULL)
error("no user for session %d", s->self);
else
setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
}
int
session_setup_x11fwd(Session *s)
{
struct stat st;
char display[512], auth_display[512];
char hostname[MAXHOSTNAMELEN];
if (no_x11_forwarding_flag) {
packet_send_debug("X11 forwarding disabled in user configuration file.");
return 0;
}
if (!options.x11_forwarding) {
debug("X11 forwarding disabled in server configuration file.");
return 0;
}
if (!options.xauth_location ||
(stat(options.xauth_location, &st) == -1)) {
packet_send_debug("No xauth program; cannot forward with spoofing.");
return 0;
}
if (options.use_login) {
packet_send_debug("X11 forwarding disabled; "
"not compatible with UseLogin=yes.");
return 0;
}
if (s->display != NULL) {
debug("X11 display already set.");
return 0;
}
s->display_number = x11_create_display_inet(options.x11_display_offset,
options.x11_use_localhost, s->single_connection);
if (s->display_number == -1) {
debug("x11_create_display_inet failed.");
return 0;
}
/* Set up a suitable value for the DISPLAY variable. */
if (gethostname(hostname, sizeof(hostname)) < 0)
fatal("gethostname: %.100s", strerror(errno));
/*
* auth_display must be used as the displayname when the
* authorization entry is added with xauth(1). This will be
* different than the DISPLAY string for localhost displays.
*/
if (options.x11_use_localhost) {
snprintf(display, sizeof display, "localhost:%d.%d",
s->display_number, s->screen);
snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
s->display_number, s->screen);
s->display = xstrdup(display);
s->auth_display = xstrdup(auth_display);
} else {
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
s->display_number, s->screen);
s->display = xstrdup(display);
s->auth_display = xstrdup(display);
}
return 1;
}
static void
do_authenticated2(Authctxt *authctxt)
{
server_loop2(authctxt);
}