Debian release 3.5p1-1.

author: Colin Watson <cjwatson@debian.org> 2003-09-01 02:05:26 +0000
committer: Colin Watson <cjwatson@debian.org> 2003-09-01 02:05:26 +0000
commit: 6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch)
tree: 1bf23174bdb6fc71e2846dda0eca195a418484e7 /session.c
parent: 2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff)
parent: 58657d96514cd6f16d82add8d6f4adbb36765758 (diff)
1 files changed, 87 insertions, 29 deletions
diff --git a/session.c b/session.c
index 747a00afa..9074525a4 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -210,13 +210,6 @@ do_authenticated(Authctxt *authctxt)
                close(startup_pipe);
                startup_pipe = -1;
        }
-#ifdef WITH_AIXAUTHENTICATE
-        /* We don't have a pty yet, so just label the line as "ssh" */
-        if (loginsuccess(authctxt->user,
-            get_canonical_hostname(options.verify_reverse_mapping),
-            "ssh", &aixloginmsg) < 0)
-                aixloginmsg = NULL;
-#endif /* WITH_AIXAUTHENTICATE */
        /* setup the channel layer */
        if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
@@ -470,6 +463,8 @@ do_exec_no_pty(Session *s, const char *command)
        /* Fork the child. */
        if ((pid = fork()) == 0) {
+                fatal_remove_all_cleanups();
                /* Child.  Reinitialize the log since the pid has changed. */
                log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -517,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command)
                        perror("dup2 stderr");
 #endif /* USE_PIPES */
+#ifdef _UNICOS
+                cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif
                /* Do processing for the child (exec command etc). */
                do_child(s, command);
                /* NOTREACHED */
        }
+#ifdef _UNICOS
+        signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _UNICOS */
 #ifdef HAVE_CYGWIN
        if (is_winnt)
                cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -585,6 +587,7 @@ do_exec_pty(Session *s, const char *command)
        /* Fork the child. */
        if ((pid = fork()) == 0) {
+                fatal_remove_all_cleanups();
                /* Child.  Reinitialize the log because the pid has changed. */
                log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -607,8 +610,12 @@ do_exec_pty(Session *s, const char *command)
                /* record login, etc. similar to login(1) */
 #ifndef HAVE_OSF_SIA
-                if (!(options.use_login && command == NULL))
+                if (!(options.use_login && command == NULL)) {
+#ifdef _UNICOS
+                        cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif /* _UNICOS */
                        do_login(s, command);
+                }
 # ifdef LOGIN_NEEDS_UTMPX
                else
                        do_pre_login(s);
@@ -619,6 +626,9 @@ do_exec_pty(Session *s, const char *command)
                do_child(s, command);
                /* NOTREACHED */
        }
+#ifdef _UNICOS
+        signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _UNICOS */
 #ifdef HAVE_CYGWIN
        if (is_winnt)
                cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -668,8 +678,8 @@ do_pre_login(Session *s)
         * the address be 0.0.0.0.
         */
        memset(&from, 0, sizeof(from));
+        fromlen = sizeof(from);
        if (packet_connection_is_on_socket()) {
-                fromlen = sizeof(from);
                if (getpeername(packet_get_connection_in(),
                    (struct sockaddr *) & from, &fromlen) < 0) {
                        debug("getpeername: %.100s", strerror(errno));
@@ -734,7 +744,7 @@ do_login(Session *s, const char *command)
                record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
                    get_remote_name_or_ip(utmp_len,
                    options.verify_reverse_mapping),
-                    (struct sockaddr *)&from);
+                    (struct sockaddr *)&from, fromlen);
 #ifdef USE_PAM
        /*
@@ -759,6 +769,7 @@ do_login(Session *s, const char *command)
                printf("%s\n", aixloginmsg);
 #endif /* WITH_AIXAUTHENTICATE */
+#ifndef NO_SSH_LASTLOG
        if (options.print_lastlog && s->last_login_time != 0) {
                time_string = ctime(&s->last_login_time);
                if (strchr(time_string, '\n'))
@@ -769,6 +780,7 @@ do_login(Session *s, const char *command)
                        printf("Last login: %s from %s\r\n", time_string,
                            s->hostname);
        }
+#endif /* NO_SSH_LASTLOG */
        do_motd();
 }
@@ -959,8 +971,10 @@ do_setup_env(Session *s, const char *shell)
                child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
                child_set_env(&env, &envsize, "HOME", pw->pw_dir);
 #ifdef HAVE_LOGIN_CAP
-                (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
+                if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
-                child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+                        child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+                else
+                        child_set_env(&env, &envsize, "PATH", getenv("PATH"));
 #else /* HAVE_LOGIN_CAP */
 # ifndef HAVE_CYGWIN
                /*
@@ -992,13 +1006,13 @@ do_setup_env(Session *s, const char *shell)
        if (!options.use_login) {
                while (custom_environment) {
                        struct envstring *ce = custom_environment;
-                        char *s = ce->s;
+                        char *str = ce->s;
-                        for (i = 0; s[i] != '=' && s[i]; i++)
+                        for (i = 0; str[i] != '=' && str[i]; i++)
                                ;
-                        if (s[i] == '=') {
+                        if (str[i] == '=') {
-                                s[i] = 0;
+                                str[i] = 0;
-                                child_set_env(&env, &envsize, s, s + i + 1);
+                                child_set_env(&env, &envsize, str, str + i + 1);
                        }
                        custom_environment = ce->next;
                        xfree(ce->s);
@@ -1006,10 +1020,16 @@ do_setup_env(Session *s, const char *shell)
                }
        }
+        /* SSH_CLIENT deprecated */
        snprintf(buf, sizeof buf, "%.50s %d %d",
            get_remote_ipaddr(), get_remote_port(), get_local_port());
        child_set_env(&env, &envsize, "SSH_CLIENT", buf);
+        snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
+            get_remote_ipaddr(), get_remote_port(),
+            get_local_ipaddr(packet_get_connection_in()), get_local_port());
+        child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
        if (s->ttyfd != -1)
                child_set_env(&env, &envsize, "SSH_TTY", s->tty);
        if (s->term)
@@ -1020,6 +1040,11 @@ do_setup_env(Session *s, const char *shell)
                child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
                    original_command);
+#ifdef _UNICOS
+        if (cray_tmpdir[0] != '\0')
+                child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
+#endif /* _UNICOS */
 #ifdef _AIX
        {
                char *cp;
@@ -1042,8 +1067,17 @@ do_setup_env(Session *s, const char *shell)
                    s->authctxt->krb5_ticket_file);
 #endif
 #ifdef USE_PAM
-        /* Pull in any environment variables that may have been set by PAM. */
+        /*
-        copy_environment(fetch_pam_environment(), &env, &envsize);
+         * Pull in any environment variables that may have
+         * been set by PAM.
+         */
+        {
+                char **p;
+                p = fetch_pam_environment();
+                copy_environment(p, &env, &envsize);
+                free_pam_environment(p);
+        }
 #endif /* USE_PAM */
        if (auth_sock_name != NULL)
@@ -1051,9 +1085,9 @@ do_setup_env(Session *s, const char *shell)
                    auth_sock_name);
        /* read $HOME/.ssh/environment. */
-        if (!options.use_login) {
+        if (options.permit_user_env && !options.use_login) {
                snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
-                    pw->pw_dir);
+                    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
                read_environment_file(&env, &envsize, buf);
        }
        if (debug_flag) {
@@ -1148,6 +1182,8 @@ do_nologin(struct passwd *pw)
 #endif
        if (f) {
                /* /etc/nologin exists.  Print its contents and exit. */
+                log("User %.100s not allowed because %s exists",
+                    pw->pw_name, _PATH_NOLOGIN);
                while (fgets(buf, sizeof(buf), f))
                        fputs(buf, stderr);
                fclose(f);
@@ -1159,8 +1195,6 @@ do_nologin(struct passwd *pw)
 void
 do_setusercontext(struct passwd *pw)
 {
-        char tty='\0';
 #ifdef HAVE_CYGWIN
        if (is_winnt) {
 #else /* HAVE_CYGWIN */
@@ -1170,9 +1204,9 @@ do_setusercontext(struct passwd *pw)
                setpcred(pw->pw_name);
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
-#ifdef __bsdi__
+# ifdef __bsdi__
                setpgid(0, 0);
-#endif
+# endif
                if (setusercontext(lc, pw, pw->pw_uid,
                    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
                        perror("unable to set user context");
@@ -1209,8 +1243,7 @@ do_setusercontext(struct passwd *pw)
                irix_setusercontext(pw);
 #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
 # ifdef _AIX
-                /* XXX: Disable tty setting.  Enabled if required later */
+                aix_usrinfo(pw);
-                aix_usrinfo(pw, &tty, -1);
 # endif /* _AIX */
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);
@@ -1263,6 +1296,10 @@ do_child(Session *s, const char *command)
        if (options.use_login && command != NULL)
                options.use_login = 0;
+#ifdef _UNICOS
+        cray_setup(pw->pw_uid, pw->pw_name, command);
+#endif /* _UNICOS */
        /*
         * Login(1) does this as well, and it needs uid 0 for the "-h"
         * switch, so we let login(1) to this for us.
@@ -1798,6 +1835,27 @@ session_pty_cleanup(void *session)
        PRIVSEP(session_pty_cleanup2(session));
 }
+static char *
+sig2name(int sig)
+{
+#define SSH_SIG(x) if (sig == SIG ## x) return #x
+        SSH_SIG(ABRT);
+        SSH_SIG(ALRM);
+        SSH_SIG(FPE);
+        SSH_SIG(HUP);
+        SSH_SIG(ILL);
+        SSH_SIG(INT);
+        SSH_SIG(KILL);
+        SSH_SIG(PIPE);
+        SSH_SIG(QUIT);
+        SSH_SIG(SEGV);
+        SSH_SIG(TERM);
+        SSH_SIG(USR1);
+        SSH_SIG(USR2);
+#undef  SSH_SIG
+        return "SIG@openssh.com";
+}
 static void
 session_exit_message(Session *s, int status)
 {
@@ -1815,7 +1873,7 @@ session_exit_message(Session *s, int status)
                packet_send();
        } else if (WIFSIGNALED(status)) {
                channel_request_start(s->chanid, "exit-signal", 0);
-                packet_put_int(WTERMSIG(status));
+                packet_put_cstring(sig2name(WTERMSIG(status)));
 #ifdef WCOREDUMP
                packet_put_char(WCOREDUMP(status));
 #else /* WCOREDUMP */
author	Colin Watson <cjwatson@debian.org>	2003-09-01 02:05:26 +0000
committer	Colin Watson <cjwatson@debian.org>	2003-09-01 02:05:26 +0000
commit	6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch)
tree	1bf23174bdb6fc71e2846dda0eca195a418484e7 /session.c
parent	2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff)
parent	58657d96514cd6f16d82add8d6f4adbb36765758 (diff)