diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 43 |
1 files changed, 25 insertions, 18 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.319 2020/03/13 03:17:07 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.324 2020/07/07 02:47:21 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -843,12 +843,12 @@ check_quietlogin(Session *s, const char *command) | |||
843 | * into the environment. If the file does not exist, this does nothing. | 843 | * into the environment. If the file does not exist, this does nothing. |
844 | * Otherwise, it must consist of empty lines, comments (line starts with '#') | 844 | * Otherwise, it must consist of empty lines, comments (line starts with '#') |
845 | * and assignments of the form name=value. No other forms are allowed. | 845 | * and assignments of the form name=value. No other forms are allowed. |
846 | * If whitelist is not NULL, then it is interpreted as a pattern list and | 846 | * If allowlist is not NULL, then it is interpreted as a pattern list and |
847 | * only variable names that match it will be accepted. | 847 | * only variable names that match it will be accepted. |
848 | */ | 848 | */ |
849 | static void | 849 | static void |
850 | read_environment_file(char ***env, u_int *envsize, | 850 | read_environment_file(char ***env, u_int *envsize, |
851 | const char *filename, const char *whitelist) | 851 | const char *filename, const char *allowlist) |
852 | { | 852 | { |
853 | FILE *f; | 853 | FILE *f; |
854 | char *line = NULL, *cp, *value; | 854 | char *line = NULL, *cp, *value; |
@@ -881,8 +881,8 @@ read_environment_file(char ***env, u_int *envsize, | |||
881 | */ | 881 | */ |
882 | *value = '\0'; | 882 | *value = '\0'; |
883 | value++; | 883 | value++; |
884 | if (whitelist != NULL && | 884 | if (allowlist != NULL && |
885 | match_pattern_list(cp, whitelist, 0) != 1) | 885 | match_pattern_list(cp, allowlist, 0) != 1) |
886 | continue; | 886 | continue; |
887 | child_set_env(env, envsize, cp, value); | 887 | child_set_env(env, envsize, cp, value); |
888 | } | 888 | } |
@@ -924,7 +924,7 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) | |||
924 | * interested in. | 924 | * interested in. |
925 | */ | 925 | */ |
926 | read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", | 926 | read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login", |
927 | options.permit_user_env_whitelist); | 927 | options.permit_user_env_allowlist); |
928 | 928 | ||
929 | if (tmpenv == NULL) | 929 | if (tmpenv == NULL) |
930 | return; | 930 | return; |
@@ -1091,7 +1091,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) | |||
1091 | if ((cp = getenv("AUTHSTATE")) != NULL) | 1091 | if ((cp = getenv("AUTHSTATE")) != NULL) |
1092 | child_set_env(&env, &envsize, "AUTHSTATE", cp); | 1092 | child_set_env(&env, &envsize, "AUTHSTATE", cp); |
1093 | read_environment_file(&env, &envsize, "/etc/environment", | 1093 | read_environment_file(&env, &envsize, "/etc/environment", |
1094 | options.permit_user_env_whitelist); | 1094 | options.permit_user_env_allowlist); |
1095 | } | 1095 | } |
1096 | #endif | 1096 | #endif |
1097 | #ifdef KRB5 | 1097 | #ifdef KRB5 |
@@ -1111,10 +1111,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) | |||
1111 | cp = strchr(ocp, '='); | 1111 | cp = strchr(ocp, '='); |
1112 | if (*cp == '=') { | 1112 | if (*cp == '=') { |
1113 | *cp = '\0'; | 1113 | *cp = '\0'; |
1114 | /* Apply PermitUserEnvironment whitelist */ | 1114 | /* Apply PermitUserEnvironment allowlist */ |
1115 | if (options.permit_user_env_whitelist == NULL || | 1115 | if (options.permit_user_env_allowlist == NULL || |
1116 | match_pattern_list(ocp, | 1116 | match_pattern_list(ocp, |
1117 | options.permit_user_env_whitelist, 0) == 1) | 1117 | options.permit_user_env_allowlist, 0) == 1) |
1118 | child_set_env(&env, &envsize, | 1118 | child_set_env(&env, &envsize, |
1119 | ocp, cp + 1); | 1119 | ocp, cp + 1); |
1120 | } | 1120 | } |
@@ -1127,7 +1127,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) | |||
1127 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", | 1127 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
1128 | pw->pw_dir); | 1128 | pw->pw_dir); |
1129 | read_environment_file(&env, &envsize, buf, | 1129 | read_environment_file(&env, &envsize, buf, |
1130 | options.permit_user_env_whitelist); | 1130 | options.permit_user_env_allowlist); |
1131 | } | 1131 | } |
1132 | 1132 | ||
1133 | #ifdef USE_PAM | 1133 | #ifdef USE_PAM |
@@ -1206,19 +1206,21 @@ static void | |||
1206 | do_rc_files(struct ssh *ssh, Session *s, const char *shell) | 1206 | do_rc_files(struct ssh *ssh, Session *s, const char *shell) |
1207 | { | 1207 | { |
1208 | FILE *f = NULL; | 1208 | FILE *f = NULL; |
1209 | char cmd[1024]; | 1209 | char *cmd = NULL, *user_rc = NULL; |
1210 | int do_xauth; | 1210 | int do_xauth; |
1211 | struct stat st; | 1211 | struct stat st; |
1212 | 1212 | ||
1213 | do_xauth = | 1213 | do_xauth = |
1214 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; | 1214 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
1215 | xasprintf(&user_rc, "%s/%s", s->pw->pw_dir, _PATH_SSH_USER_RC); | ||
1215 | 1216 | ||
1216 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ | 1217 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
1217 | if (!s->is_subsystem && options.adm_forced_command == NULL && | 1218 | if (!s->is_subsystem && options.adm_forced_command == NULL && |
1218 | auth_opts->permit_user_rc && options.permit_user_rc && | 1219 | auth_opts->permit_user_rc && options.permit_user_rc && |
1219 | stat(_PATH_SSH_USER_RC, &st) >= 0) { | 1220 | stat(user_rc, &st) >= 0) { |
1220 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", | 1221 | if (xasprintf(&cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, |
1221 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); | 1222 | user_rc) == -1) |
1223 | fatal("%s: xasprintf: %s", __func__, strerror(errno)); | ||
1222 | if (debug_flag) | 1224 | if (debug_flag) |
1223 | fprintf(stderr, "Running %s\n", cmd); | 1225 | fprintf(stderr, "Running %s\n", cmd); |
1224 | f = popen(cmd, "w"); | 1226 | f = popen(cmd, "w"); |
@@ -1229,7 +1231,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell) | |||
1229 | pclose(f); | 1231 | pclose(f); |
1230 | } else | 1232 | } else |
1231 | fprintf(stderr, "Could not run %s\n", | 1233 | fprintf(stderr, "Could not run %s\n", |
1232 | _PATH_SSH_USER_RC); | 1234 | user_rc); |
1233 | } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { | 1235 | } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { |
1234 | if (debug_flag) | 1236 | if (debug_flag) |
1235 | fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, | 1237 | fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, |
@@ -1254,8 +1256,8 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell) | |||
1254 | options.xauth_location, s->auth_display, | 1256 | options.xauth_location, s->auth_display, |
1255 | s->auth_proto, s->auth_data); | 1257 | s->auth_proto, s->auth_data); |
1256 | } | 1258 | } |
1257 | snprintf(cmd, sizeof cmd, "%s -q -", | 1259 | if (xasprintf(&cmd, "%s -q -", options.xauth_location) == -1) |
1258 | options.xauth_location); | 1260 | fatal("%s: xasprintf: %s", __func__, strerror(errno)); |
1259 | f = popen(cmd, "w"); | 1261 | f = popen(cmd, "w"); |
1260 | if (f) { | 1262 | if (f) { |
1261 | fprintf(f, "remove %s\n", | 1263 | fprintf(f, "remove %s\n", |
@@ -1269,6 +1271,8 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell) | |||
1269 | cmd); | 1271 | cmd); |
1270 | } | 1272 | } |
1271 | } | 1273 | } |
1274 | free(cmd); | ||
1275 | free(user_rc); | ||
1272 | } | 1276 | } |
1273 | 1277 | ||
1274 | static void | 1278 | static void |
@@ -1497,6 +1501,9 @@ child_close_fds(struct ssh *ssh) | |||
1497 | */ | 1501 | */ |
1498 | endpwent(); | 1502 | endpwent(); |
1499 | 1503 | ||
1504 | /* Stop directing logs to a high-numbered fd before we close it */ | ||
1505 | log_redirect_stderr_to(NULL); | ||
1506 | |||
1500 | /* | 1507 | /* |
1501 | * Close any extra open file descriptors so that we don't have them | 1508 | * Close any extra open file descriptors so that we don't have them |
1502 | * hanging around in clients. Note that we want to do this after | 1509 | * hanging around in clients. Note that we want to do this after |