summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--session.c29
2 files changed, 24 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 72d5a21e1..0ece9c09d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -61,6 +61,12 @@
61 [clientloop.c] 61 [clientloop.c]
62 fix incorrect exit status when multiplexing and channel ID 0 is recycled 62 fix incorrect exit status when multiplexing and channel ID 0 is recycled
63 bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker 63 bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
64 - djm@cvs.openbsd.org 2009/11/19 23:39:50
65 [session.c]
66 bz#1606: error when an attempt is made to connect to a server
67 with ForceCommand=internal-sftp with a shell session (i.e. not a
68 subsystem session). Avoids stuck client when attempting to ssh to such a
69 service. ok dtucker@
64 70
6520091226 7120091226
66 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 72 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
diff --git a/session.c b/session.c
index 78192314a..cc205386f 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.247 2009/10/06 04:46:40 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.248 2009/11/19 23:39:50 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -142,9 +142,10 @@ static int sessions_first_unused = -1;
142static int sessions_nalloc = 0; 142static int sessions_nalloc = 0;
143static Session *sessions = NULL; 143static Session *sessions = NULL;
144 144
145#define SUBSYSTEM_NONE 0 145#define SUBSYSTEM_NONE 0
146#define SUBSYSTEM_EXT 1 146#define SUBSYSTEM_EXT 1
147#define SUBSYSTEM_INT_SFTP 2 147#define SUBSYSTEM_INT_SFTP 2
148#define SUBSYSTEM_INT_SFTP_ERROR 3
148 149
149#ifdef HAVE_LOGIN_CAP 150#ifdef HAVE_LOGIN_CAP
150login_cap_t *lc; 151login_cap_t *lc;
@@ -785,17 +786,19 @@ do_exec(Session *s, const char *command)
785 if (options.adm_forced_command) { 786 if (options.adm_forced_command) {
786 original_command = command; 787 original_command = command;
787 command = options.adm_forced_command; 788 command = options.adm_forced_command;
788 if (IS_INTERNAL_SFTP(command)) 789 if (IS_INTERNAL_SFTP(command)) {
789 s->is_subsystem = SUBSYSTEM_INT_SFTP; 790 s->is_subsystem = s->is_subsystem ?
790 else if (s->is_subsystem) 791 SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
792 } else if (s->is_subsystem)
791 s->is_subsystem = SUBSYSTEM_EXT; 793 s->is_subsystem = SUBSYSTEM_EXT;
792 debug("Forced command (config) '%.900s'", command); 794 debug("Forced command (config) '%.900s'", command);
793 } else if (forced_command) { 795 } else if (forced_command) {
794 original_command = command; 796 original_command = command;
795 command = forced_command; 797 command = forced_command;
796 if (IS_INTERNAL_SFTP(command)) 798 if (IS_INTERNAL_SFTP(command)) {
797 s->is_subsystem = SUBSYSTEM_INT_SFTP; 799 s->is_subsystem = s->is_subsystem ?
798 else if (s->is_subsystem) 800 SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
801 } else if (s->is_subsystem)
799 s->is_subsystem = SUBSYSTEM_EXT; 802 s->is_subsystem = SUBSYSTEM_EXT;
800 debug("Forced command (key option) '%.900s'", command); 803 debug("Forced command (key option) '%.900s'", command);
801 } 804 }
@@ -1783,7 +1786,11 @@ do_child(Session *s, const char *command)
1783 /* restore SIGPIPE for child */ 1786 /* restore SIGPIPE for child */
1784 signal(SIGPIPE, SIG_DFL); 1787 signal(SIGPIPE, SIG_DFL);
1785 1788
1786 if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { 1789 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
1790 printf("This service allows sftp connections only.\n");
1791 fflush(NULL);
1792 exit(1);
1793 } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
1787 extern int optind, optreset; 1794 extern int optind, optreset;
1788 int i; 1795 int i;
1789 char *p, *args; 1796 char *p, *args;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-29 19:36:46 +0000