diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 30 |
1 files changed, 12 insertions, 18 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.245 2009/01/22 09:46:01 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.246 2009/04/17 19:23:06 stevesk Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -571,8 +571,7 @@ do_exec_no_pty(Session *s, const char *command) | |||
| 571 | signal(WJSIGNAL, cray_job_termination_handler); | 571 | signal(WJSIGNAL, cray_job_termination_handler); |
| 572 | #endif /* _UNICOS */ | 572 | #endif /* _UNICOS */ |
| 573 | #ifdef HAVE_CYGWIN | 573 | #ifdef HAVE_CYGWIN |
| 574 | if (is_winnt) | 574 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); |
| 575 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); | ||
| 576 | #endif | 575 | #endif |
| 577 | 576 | ||
| 578 | s->pid = pid; | 577 | s->pid = pid; |
| @@ -716,8 +715,8 @@ do_exec_pty(Session *s, const char *command) | |||
| 716 | * Do common processing for the child, such as execing | 715 | * Do common processing for the child, such as execing |
| 717 | * the command. | 716 | * the command. |
| 718 | */ | 717 | */ |
| 719 | do_child(s, command); | 718 | do_child(s, command); |
| 720 | /* NOTREACHED */ | 719 | /* NOTREACHED */ |
| 721 | default: | 720 | default: |
| 722 | break; | 721 | break; |
| 723 | } | 722 | } |
| @@ -726,8 +725,7 @@ do_exec_pty(Session *s, const char *command) | |||
| 726 | signal(WJSIGNAL, cray_job_termination_handler); | 725 | signal(WJSIGNAL, cray_job_termination_handler); |
| 727 | #endif /* _UNICOS */ | 726 | #endif /* _UNICOS */ |
| 728 | #ifdef HAVE_CYGWIN | 727 | #ifdef HAVE_CYGWIN |
| 729 | if (is_winnt) | 728 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); |
| 730 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); | ||
| 731 | #endif | 729 | #endif |
| 732 | 730 | ||
| 733 | s->pid = pid; | 731 | s->pid = pid; |
| @@ -847,7 +845,7 @@ do_login(Session *s, const char *command) | |||
| 847 | fromlen = sizeof(from); | 845 | fromlen = sizeof(from); |
| 848 | if (packet_connection_is_on_socket()) { | 846 | if (packet_connection_is_on_socket()) { |
| 849 | if (getpeername(packet_get_connection_in(), | 847 | if (getpeername(packet_get_connection_in(), |
| 850 | (struct sockaddr *) & from, &fromlen) < 0) { | 848 | (struct sockaddr *)&from, &fromlen) < 0) { |
| 851 | debug("getpeername: %.100s", strerror(errno)); | 849 | debug("getpeername: %.100s", strerror(errno)); |
| 852 | cleanup_exit(255); | 850 | cleanup_exit(255); |
| 853 | } | 851 | } |
| @@ -1116,7 +1114,7 @@ do_setup_env(Session *s, const char *shell) | |||
| 1116 | u_int i, envsize; | 1114 | u_int i, envsize; |
| 1117 | char **env, *laddr; | 1115 | char **env, *laddr; |
| 1118 | struct passwd *pw = s->pw; | 1116 | struct passwd *pw = s->pw; |
| 1119 | #ifndef HAVE_LOGIN_CAP | 1117 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) |
| 1120 | char *path = NULL; | 1118 | char *path = NULL; |
| 1121 | #endif | 1119 | #endif |
| 1122 | 1120 | ||
| @@ -1468,11 +1466,6 @@ do_setusercontext(struct passwd *pw) | |||
| 1468 | if (getuid() == 0 || geteuid() == 0) | 1466 | if (getuid() == 0 || geteuid() == 0) |
| 1469 | #endif /* HAVE_CYGWIN */ | 1467 | #endif /* HAVE_CYGWIN */ |
| 1470 | { | 1468 | { |
| 1471 | |||
| 1472 | #ifdef HAVE_SETPCRED | ||
| 1473 | if (setpcred(pw->pw_name, (char **)NULL) == -1) | ||
| 1474 | fatal("Failed to set process credentials"); | ||
| 1475 | #endif /* HAVE_SETPCRED */ | ||
| 1476 | #ifdef HAVE_LOGIN_CAP | 1469 | #ifdef HAVE_LOGIN_CAP |
| 1477 | # ifdef __bsdi__ | 1470 | # ifdef __bsdi__ |
| 1478 | setpgid(0, 0); | 1471 | setpgid(0, 0); |
| @@ -1540,6 +1533,10 @@ do_setusercontext(struct passwd *pw) | |||
| 1540 | free(chroot_path); | 1533 | free(chroot_path); |
| 1541 | } | 1534 | } |
| 1542 | 1535 | ||
| 1536 | #ifdef HAVE_SETPCRED | ||
| 1537 | if (setpcred(pw->pw_name, (char **)NULL) == -1) | ||
| 1538 | fatal("Failed to set process credentials"); | ||
| 1539 | #endif /* HAVE_SETPCRED */ | ||
| 1543 | #ifdef HAVE_LOGIN_CAP | 1540 | #ifdef HAVE_LOGIN_CAP |
| 1544 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { | 1541 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { |
| 1545 | perror("unable to set user context (setuser)"); | 1542 | perror("unable to set user context (setuser)"); |
| @@ -1551,9 +1548,6 @@ do_setusercontext(struct passwd *pw) | |||
| 1551 | #endif | 1548 | #endif |
| 1552 | } | 1549 | } |
| 1553 | 1550 | ||
| 1554 | #ifdef HAVE_CYGWIN | ||
| 1555 | if (is_winnt) | ||
| 1556 | #endif | ||
| 1557 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1551 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
| 1558 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | 1552 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
| 1559 | 1553 | ||
| @@ -1794,7 +1788,7 @@ do_child(Session *s, const char *command) | |||
| 1794 | int i; | 1788 | int i; |
| 1795 | char *p, *args; | 1789 | char *p, *args; |
| 1796 | 1790 | ||
| 1797 | setproctitle("%s@internal-sftp-server", s->pw->pw_name); | 1791 | setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME); |
| 1798 | args = xstrdup(command ? command : "sftp-server"); | 1792 | args = xstrdup(command ? command : "sftp-server"); |
| 1799 | for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " "))) | 1793 | for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " "))) |
| 1800 | if (i < ARGV_MAX - 1) | 1794 | if (i < ARGV_MAX - 1) |