upstream: Add server support for signalling sessions via the SSH

channel/ session protocol. Signalling is only supported to sesssions that are
not subsystems and were not started with a forced command.

Long requested in bz#1424

Based on a patch from markus@ and reworked by dtucker@;
ok markus@ dtucker@

OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3

1 files changed, 75 insertions, 1 deletions

diff --git a/session.c b/session.c
index f2cf52006..63adc68c5 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.305 2018/07/25 13:56:23 deraadt Exp $ */
+/* $OpenBSD: session.c,v 1.306 2018/10/02 12:40:07 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -705,7 +705,9 @@ do_exec(struct ssh *ssh, Session *s, const char *command)
                 command = auth_opts->force_command;
                 forced = "(key-option)";
         }
+        s->forced = 0;
         if (forced != NULL) {
+                s->forced = 1;
                 if (IS_INTERNAL_SFTP(command)) {
                         s->is_subsystem = s->is_subsystem ?
                             SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
@@ -2101,6 +2103,76 @@ session_env_req(struct ssh *ssh, Session *s)
         return (0);
 }
 
+/*
+ * Conversion of signals from ssh channel request names.
+ * Subset of signals from RFC 4254 section 6.10C, with SIGINFO as
+ * local extension.
+ */
+static int
+name2sig(char *name)
+{
+#define SSH_SIG(x) if (strcmp(name, #x) == 0) return SIG ## x
+        SSH_SIG(HUP);
+        SSH_SIG(INT);
+        SSH_SIG(KILL);
+        SSH_SIG(QUIT);
+        SSH_SIG(TERM);
+        SSH_SIG(USR1);
+        SSH_SIG(USR2);
+#undef  SSH_SIG
+        if (strcmp(name, "INFO@openssh.com") == 0)
+                return SIGINFO;
+        return -1;
+}
+
+static int
+session_signal_req(struct ssh *ssh, Session *s)
+{
+        char *signame = NULL;
+        int r, sig, success = 0;
+
+        if ((r = sshpkt_get_cstring(ssh, &signame, NULL)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0) {
+                error("%s: parse packet: %s", __func__, ssh_err(r));
+                goto out;
+        }
+        if ((sig = name2sig(signame)) == -1) {
+                error("%s: unsupported signal \"%s\"", __func__, signame);
+                goto out;
+        }
+        if (s->pid <= 0) {
+                error("%s: no pid for session %d", __func__, s->self);
+                goto out;
+        }
+        if (s->forced || s->is_subsystem) {
+                error("%s: refusing to send signal %s to %s session", __func__,
+                    signame, s->forced ? "forced-command" : "subsystem");
+                goto out;
+        }
+        if (!use_privsep || mm_is_monitor()) {
+                error("%s: session signalling requires privilege separation",
+                    __func__);
+                goto out;
+        }
+
+        debug("%s: signal %s, killpg(%ld, %d)", __func__, signame,
+            (long)s->pid, sig);
+        temporarily_use_uid(s->pw);
+        r = killpg(s->pid, sig);
+        restore_uid();
+        if (r != 0) {
+                error("%s: killpg(%ld, %d): %s", __func__, (long)s->pid,
+                    sig, strerror(errno));
+                goto out;
+        }
+
+        /* success */
+        success = 1;
+ out:
+        free(signame);
+        return success;
+}
+
 static int
 session_auth_agent_req(struct ssh *ssh, Session *s)
 {
@@ -2157,6 +2229,8 @@ session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype)
                 success = session_window_change_req(ssh, s);
         } else if (strcmp(rtype, "break") == 0) {
                 success = session_break_req(ssh, s);
+        } else if (strcmp(rtype, "signal") == 0) {
+                success = session_signal_req(ssh, s);
         }
 
         return success;