summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'session.c')
-rw-r--r--session.c80
1 files changed, 9 insertions, 71 deletions
diff --git a/session.c b/session.c
index 71e4fbe7c..fff31b02e 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.256 2010/06/25 07:20:04 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.258 2010/11/25 04:10:09 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -585,7 +585,8 @@ do_exec_no_pty(Session *s, const char *command)
585 585
586 s->pid = pid; 586 s->pid = pid;
587 /* Set interactive/non-interactive mode. */ 587 /* Set interactive/non-interactive mode. */
588 packet_set_interactive(s->display != NULL); 588 packet_set_interactive(s->display != NULL,
589 options.ip_qos_interactive, options.ip_qos_bulk);
589 590
590 /* 591 /*
591 * Clear loginmsg, since it's the child's responsibility to display 592 * Clear loginmsg, since it's the child's responsibility to display
@@ -739,7 +740,8 @@ do_exec_pty(Session *s, const char *command)
739 740
740 /* Enter interactive session. */ 741 /* Enter interactive session. */
741 s->ptymaster = ptymaster; 742 s->ptymaster = ptymaster;
742 packet_set_interactive(1); 743 packet_set_interactive(1,
744 options.ip_qos_interactive, options.ip_qos_bulk);
743 if (compat20) { 745 if (compat20) {
744 session_set_fds(s, ptyfd, fdout, -1, 1, 1); 746 session_set_fds(s, ptyfd, fdout, -1, 1, 1);
745 } else { 747 } else {
@@ -1469,36 +1471,16 @@ do_setusercontext(struct passwd *pw)
1469{ 1471{
1470 char *chroot_path, *tmp; 1472 char *chroot_path, *tmp;
1471 1473
1472#ifdef WITH_SELINUX 1474 platform_setusercontext(pw);
1473 /* Cache selinux status for later use */
1474 (void)ssh_selinux_enabled();
1475#endif
1476 1475
1477#ifndef HAVE_CYGWIN 1476 if (platform_privileged_uidswap()) {
1478 if (getuid() == 0 || geteuid() == 0)
1479#endif /* HAVE_CYGWIN */
1480 {
1481#ifdef HAVE_LOGIN_CAP 1477#ifdef HAVE_LOGIN_CAP
1482# ifdef __bsdi__
1483 setpgid(0, 0);
1484# endif
1485# ifdef USE_PAM
1486 if (options.use_pam) {
1487 do_pam_setcred(use_privsep);
1488 }
1489# endif /* USE_PAM */
1490 if (setusercontext(lc, pw, pw->pw_uid, 1478 if (setusercontext(lc, pw, pw->pw_uid,
1491 (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { 1479 (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
1492 perror("unable to set user context"); 1480 perror("unable to set user context");
1493 exit(1); 1481 exit(1);
1494 } 1482 }
1495#else 1483#else
1496# if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
1497 /* Sets login uid for accounting */
1498 if (getluid() == -1 && setluid(pw->pw_uid) == -1)
1499 error("setluid: %s", strerror(errno));
1500# endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
1501
1502 if (setlogin(pw->pw_name) < 0) 1484 if (setlogin(pw->pw_name) < 0)
1503 error("setlogin failed: %s", strerror(errno)); 1485 error("setlogin failed: %s", strerror(errno));
1504 if (setgid(pw->pw_gid) < 0) { 1486 if (setgid(pw->pw_gid) < 0) {
@@ -1511,50 +1493,9 @@ do_setusercontext(struct passwd *pw)
1511 exit(1); 1493 exit(1);
1512 } 1494 }
1513 endgrent(); 1495 endgrent();
1514# ifdef USE_PAM
1515 /*
1516 * PAM credentials may take the form of supplementary groups.
1517 * These will have been wiped by the above initgroups() call.
1518 * Reestablish them here.
1519 */
1520 if (options.use_pam) {
1521 do_pam_setcred(use_privsep);
1522 }
1523# endif /* USE_PAM */
1524# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
1525 irix_setusercontext(pw);
1526# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
1527# ifdef _AIX
1528 aix_usrinfo(pw);
1529# endif /* _AIX */
1530# ifdef USE_LIBIAF
1531 if (set_id(pw->pw_name) != 0) {
1532 exit(1);
1533 }
1534# endif /* USE_LIBIAF */
1535#endif 1496#endif
1536#ifdef HAVE_SETPCRED
1537 /*
1538 * If we have a chroot directory, we set all creds except real
1539 * uid which we will need for chroot. If we don't have a
1540 * chroot directory, we don't override anything.
1541 */
1542 {
1543 char **creds = NULL, *chroot_creds[] =
1544 { "REAL_USER=root", NULL };
1545
1546 if (options.chroot_directory != NULL &&
1547 strcasecmp(options.chroot_directory, "none") != 0)
1548 creds = chroot_creds;
1549
1550 if (setpcred(pw->pw_name, creds) == -1)
1551 fatal("Failed to set process credentials");
1552 }
1553#endif /* HAVE_SETPCRED */
1554 1497
1555#ifdef WITH_SELINUX 1498 platform_setusercontext_post_groups(pw);
1556 ssh_selinux_setup_exec_context(pw->pw_name);
1557#endif
1558 1499
1559 if (options.chroot_directory != NULL && 1500 if (options.chroot_directory != NULL &&
1560 strcasecmp(options.chroot_directory, "none") != 0) { 1501 strcasecmp(options.chroot_directory, "none") != 0) {
@@ -1628,8 +1569,6 @@ launch_login(struct passwd *pw, const char *hostname)
1628static void 1569static void
1629child_close_fds(void) 1570child_close_fds(void)
1630{ 1571{
1631 int i;
1632
1633 if (packet_get_connection_in() == packet_get_connection_out()) 1572 if (packet_get_connection_in() == packet_get_connection_out())
1634 close(packet_get_connection_in()); 1573 close(packet_get_connection_in());
1635 else { 1574 else {
@@ -1655,8 +1594,7 @@ child_close_fds(void)
1655 * initgroups, because at least on Solaris 2.3 it leaves file 1594 * initgroups, because at least on Solaris 2.3 it leaves file
1656 * descriptors open. 1595 * descriptors open.
1657 */ 1596 */
1658 for (i = 3; i < 64; i++) 1597 closefrom(STDERR_FILENO + 1);
1659 close(i);
1660} 1598}
1661 1599
1662/* 1600/*