summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'session.c')
-rw-r--r--session.c114
1 files changed, 56 insertions, 58 deletions
diff --git a/session.c b/session.c
index cff14cd5a..15bdb1bee 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -80,6 +80,7 @@
80#include "hostfile.h" 80#include "hostfile.h"
81#include "auth.h" 81#include "auth.h"
82#include "auth-options.h" 82#include "auth-options.h"
83#include "authfd.h"
83#include "pathnames.h" 84#include "pathnames.h"
84#include "log.h" 85#include "log.h"
85#include "servconf.h" 86#include "servconf.h"
@@ -200,7 +201,7 @@ auth_input_request_forwarding(struct passwd * pw)
200 packet_send_debug("Agent forwarding disabled: " 201 packet_send_debug("Agent forwarding disabled: "
201 "mkdtemp() failed: %.100s", strerror(errno)); 202 "mkdtemp() failed: %.100s", strerror(errno));
202 restore_uid(); 203 restore_uid();
203 xfree(auth_sock_dir); 204 free(auth_sock_dir);
204 auth_sock_dir = NULL; 205 auth_sock_dir = NULL;
205 goto authsock_err; 206 goto authsock_err;
206 } 207 }
@@ -245,11 +246,10 @@ auth_input_request_forwarding(struct passwd * pw)
245 return 1; 246 return 1;
246 247
247 authsock_err: 248 authsock_err:
248 if (auth_sock_name != NULL) 249 free(auth_sock_name);
249 xfree(auth_sock_name);
250 if (auth_sock_dir != NULL) { 250 if (auth_sock_dir != NULL) {
251 rmdir(auth_sock_dir); 251 rmdir(auth_sock_dir);
252 xfree(auth_sock_dir); 252 free(auth_sock_dir);
253 } 253 }
254 if (sock != -1) 254 if (sock != -1)
255 close(sock); 255 close(sock);
@@ -365,8 +365,8 @@ do_authenticated1(Authctxt *authctxt)
365 packet_check_eom(); 365 packet_check_eom();
366 success = session_setup_x11fwd(s); 366 success = session_setup_x11fwd(s);
367 if (!success) { 367 if (!success) {
368 xfree(s->auth_proto); 368 free(s->auth_proto);
369 xfree(s->auth_data); 369 free(s->auth_data);
370 s->auth_proto = NULL; 370 s->auth_proto = NULL;
371 s->auth_data = NULL; 371 s->auth_data = NULL;
372 } 372 }
@@ -413,7 +413,7 @@ do_authenticated1(Authctxt *authctxt)
413 if (do_exec(s, command) != 0) 413 if (do_exec(s, command) != 0)
414 packet_disconnect( 414 packet_disconnect(
415 "command execution failed"); 415 "command execution failed");
416 xfree(command); 416 free(command);
417 } else { 417 } else {
418 if (do_exec(s, NULL) != 0) 418 if (do_exec(s, NULL) != 0)
419 packet_disconnect( 419 packet_disconnect(
@@ -978,7 +978,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
978 break; 978 break;
979 if (env[i]) { 979 if (env[i]) {
980 /* Reuse the slot. */ 980 /* Reuse the slot. */
981 xfree(env[i]); 981 free(env[i]);
982 } else { 982 } else {
983 /* New variable. Expand if necessary. */ 983 /* New variable. Expand if necessary. */
984 envsize = *envsizep; 984 envsize = *envsizep;
@@ -1094,8 +1094,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
1094 umask((mode_t)mask); 1094 umask((mode_t)mask);
1095 1095
1096 for (i = 0; tmpenv[i] != NULL; i++) 1096 for (i = 0; tmpenv[i] != NULL; i++)
1097 xfree(tmpenv[i]); 1097 free(tmpenv[i]);
1098 xfree(tmpenv); 1098 free(tmpenv);
1099} 1099}
1100#endif /* HAVE_ETC_DEFAULT_LOGIN */ 1100#endif /* HAVE_ETC_DEFAULT_LOGIN */
1101 1101
@@ -1111,7 +1111,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
1111 for(i = 0; source[i] != NULL; i++) { 1111 for(i = 0; source[i] != NULL; i++) {
1112 var_name = xstrdup(source[i]); 1112 var_name = xstrdup(source[i]);
1113 if ((var_val = strstr(var_name, "=")) == NULL) { 1113 if ((var_val = strstr(var_name, "=")) == NULL) {
1114 xfree(var_name); 1114 free(var_name);
1115 continue; 1115 continue;
1116 } 1116 }
1117 *var_val++ = '\0'; 1117 *var_val++ = '\0';
@@ -1119,7 +1119,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
1119 debug3("Copy environment: %s=%s", var_name, var_val); 1119 debug3("Copy environment: %s=%s", var_name, var_val);
1120 child_set_env(env, envsize, var_name, var_val); 1120 child_set_env(env, envsize, var_name, var_val);
1121 1121
1122 xfree(var_name); 1122 free(var_name);
1123 } 1123 }
1124} 1124}
1125 1125
@@ -1223,8 +1223,8 @@ do_setup_env(Session *s, const char *shell)
1223 child_set_env(&env, &envsize, str, str + i + 1); 1223 child_set_env(&env, &envsize, str, str + i + 1);
1224 } 1224 }
1225 custom_environment = ce->next; 1225 custom_environment = ce->next;
1226 xfree(ce->s); 1226 free(ce->s);
1227 xfree(ce); 1227 free(ce);
1228 } 1228 }
1229 } 1229 }
1230 1230
@@ -1236,7 +1236,7 @@ do_setup_env(Session *s, const char *shell)
1236 laddr = get_local_ipaddr(packet_get_connection_in()); 1236 laddr = get_local_ipaddr(packet_get_connection_in());
1237 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1237 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1238 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); 1238 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
1239 xfree(laddr); 1239 free(laddr);
1240 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 1240 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1241 1241
1242 if (s->ttyfd != -1) 1242 if (s->ttyfd != -1)
@@ -1412,7 +1412,7 @@ do_nologin(struct passwd *pw)
1412#endif 1412#endif
1413 if (stat(nl, &sb) == -1) { 1413 if (stat(nl, &sb) == -1) {
1414 if (nl != def_nl) 1414 if (nl != def_nl)
1415 xfree(nl); 1415 free(nl);
1416 return; 1416 return;
1417 } 1417 }
1418 1418
@@ -1522,6 +1522,9 @@ do_setusercontext(struct passwd *pw, const char *role)
1522 safely_chroot(chroot_path, pw->pw_uid); 1522 safely_chroot(chroot_path, pw->pw_uid);
1523 free(tmp); 1523 free(tmp);
1524 free(chroot_path); 1524 free(chroot_path);
1525 /* Make sure we don't attempt to chroot again */
1526 free(options.chroot_directory);
1527 options.chroot_directory = NULL;
1525 } 1528 }
1526 1529
1527#ifdef HAVE_LOGIN_CAP 1530#ifdef HAVE_LOGIN_CAP
@@ -1538,6 +1541,9 @@ do_setusercontext(struct passwd *pw, const char *role)
1538 /* Permanently switch to the desired uid. */ 1541 /* Permanently switch to the desired uid. */
1539 permanently_set_uid(pw); 1542 permanently_set_uid(pw);
1540#endif 1543#endif
1544 } else if (options.chroot_directory != NULL &&
1545 strcasecmp(options.chroot_directory, "none") != 0) {
1546 fatal("server lacks privileges to chroot to ChrootDirectory");
1541 } 1547 }
1542 1548
1543 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1549 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
@@ -1593,6 +1599,13 @@ launch_login(struct passwd *pw, const char *hostname)
1593static void 1599static void
1594child_close_fds(void) 1600child_close_fds(void)
1595{ 1601{
1602 extern AuthenticationConnection *auth_conn;
1603
1604 if (auth_conn) {
1605 ssh_close_authentication_connection(auth_conn);
1606 auth_conn = NULL;
1607 }
1608
1596 if (packet_get_connection_in() == packet_get_connection_out()) 1609 if (packet_get_connection_in() == packet_get_connection_out())
1597 close(packet_get_connection_in()); 1610 close(packet_get_connection_in());
1598 else { 1611 else {
@@ -2057,7 +2070,7 @@ session_pty_req(Session *s)
2057 s->ypixel = packet_get_int(); 2070 s->ypixel = packet_get_int();
2058 2071
2059 if (strcmp(s->term, "") == 0) { 2072 if (strcmp(s->term, "") == 0) {
2060 xfree(s->term); 2073 free(s->term);
2061 s->term = NULL; 2074 s->term = NULL;
2062 } 2075 }
2063 2076
@@ -2065,8 +2078,7 @@ session_pty_req(Session *s)
2065 debug("Allocating pty."); 2078 debug("Allocating pty.");
2066 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, 2079 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
2067 sizeof(s->tty)))) { 2080 sizeof(s->tty)))) {
2068 if (s->term) 2081 free(s->term);
2069 xfree(s->term);
2070 s->term = NULL; 2082 s->term = NULL;
2071 s->ptyfd = -1; 2083 s->ptyfd = -1;
2072 s->ttyfd = -1; 2084 s->ttyfd = -1;
@@ -2127,7 +2139,7 @@ session_subsystem_req(Session *s)
2127 logit("subsystem request for %.100s failed, subsystem not found", 2139 logit("subsystem request for %.100s failed, subsystem not found",
2128 subsys); 2140 subsys);
2129 2141
2130 xfree(subsys); 2142 free(subsys);
2131 return success; 2143 return success;
2132} 2144}
2133 2145
@@ -2149,8 +2161,8 @@ session_x11_req(Session *s)
2149 2161
2150 success = session_setup_x11fwd(s); 2162 success = session_setup_x11fwd(s);
2151 if (!success) { 2163 if (!success) {
2152 xfree(s->auth_proto); 2164 free(s->auth_proto);
2153 xfree(s->auth_data); 2165 free(s->auth_data);
2154 s->auth_proto = NULL; 2166 s->auth_proto = NULL;
2155 s->auth_data = NULL; 2167 s->auth_data = NULL;
2156 } 2168 }
@@ -2172,7 +2184,7 @@ session_exec_req(Session *s)
2172 char *command = packet_get_string(&len); 2184 char *command = packet_get_string(&len);
2173 packet_check_eom(); 2185 packet_check_eom();
2174 success = do_exec(s, command) == 0; 2186 success = do_exec(s, command) == 0;
2175 xfree(command); 2187 free(command);
2176 return success; 2188 return success;
2177} 2189}
2178 2190
@@ -2218,8 +2230,8 @@ session_env_req(Session *s)
2218 debug2("Ignoring env request %s: disallowed name", name); 2230 debug2("Ignoring env request %s: disallowed name", name);
2219 2231
2220 fail: 2232 fail:
2221 xfree(name); 2233 free(name);
2222 xfree(val); 2234 free(val);
2223 return (0); 2235 return (0);
2224} 2236}
2225 2237
@@ -2405,24 +2417,16 @@ session_close_single_x11(int id, void *arg)
2405 if (s->x11_chanids[i] != id) 2417 if (s->x11_chanids[i] != id)
2406 session_close_x11(s->x11_chanids[i]); 2418 session_close_x11(s->x11_chanids[i]);
2407 } 2419 }
2408 xfree(s->x11_chanids); 2420 free(s->x11_chanids);
2409 s->x11_chanids = NULL; 2421 s->x11_chanids = NULL;
2410 if (s->display) { 2422 free(s->display);
2411 xfree(s->display); 2423 s->display = NULL;
2412 s->display = NULL; 2424 free(s->auth_proto);
2413 } 2425 s->auth_proto = NULL;
2414 if (s->auth_proto) { 2426 free(s->auth_data);
2415 xfree(s->auth_proto); 2427 s->auth_data = NULL;
2416 s->auth_proto = NULL; 2428 free(s->auth_display);
2417 } 2429 s->auth_display = NULL;
2418 if (s->auth_data) {
2419 xfree(s->auth_data);
2420 s->auth_data = NULL;
2421 }
2422 if (s->auth_display) {
2423 xfree(s->auth_display);
2424 s->auth_display = NULL;
2425 }
2426} 2430}
2427 2431
2428static void 2432static void
@@ -2484,24 +2488,18 @@ session_close(Session *s)
2484 debug("session_close: session %d pid %ld", s->self, (long)s->pid); 2488 debug("session_close: session %d pid %ld", s->self, (long)s->pid);
2485 if (s->ttyfd != -1) 2489 if (s->ttyfd != -1)
2486 session_pty_cleanup(s); 2490 session_pty_cleanup(s);
2487 if (s->term) 2491 free(s->term);
2488 xfree(s->term); 2492 free(s->display);
2489 if (s->display) 2493 free(s->x11_chanids);
2490 xfree(s->display); 2494 free(s->auth_display);
2491 if (s->x11_chanids) 2495 free(s->auth_data);
2492 xfree(s->x11_chanids); 2496 free(s->auth_proto);
2493 if (s->auth_display)
2494 xfree(s->auth_display);
2495 if (s->auth_data)
2496 xfree(s->auth_data);
2497 if (s->auth_proto)
2498 xfree(s->auth_proto);
2499 if (s->env != NULL) { 2497 if (s->env != NULL) {
2500 for (i = 0; i < s->num_env; i++) { 2498 for (i = 0; i < s->num_env; i++) {
2501 xfree(s->env[i].name); 2499 free(s->env[i].name);
2502 xfree(s->env[i].val); 2500 free(s->env[i].val);
2503 } 2501 }
2504 xfree(s->env); 2502 free(s->env);
2505 } 2503 }
2506 session_proctitle(s); 2504 session_proctitle(s);
2507 session_unused(s->self); 2505 session_unused(s->self);
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-01 11:59:11 +0000