diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 55 |
1 files changed, 26 insertions, 29 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.270 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -49,6 +49,7 @@ | |||
49 | #include <errno.h> | 49 | #include <errno.h> |
50 | #include <fcntl.h> | 50 | #include <fcntl.h> |
51 | #include <grp.h> | 51 | #include <grp.h> |
52 | #include <netdb.h> | ||
52 | #ifdef HAVE_PATHS_H | 53 | #ifdef HAVE_PATHS_H |
53 | #include <paths.h> | 54 | #include <paths.h> |
54 | #endif | 55 | #endif |
@@ -83,11 +84,11 @@ | |||
83 | #include "authfd.h" | 84 | #include "authfd.h" |
84 | #include "pathnames.h" | 85 | #include "pathnames.h" |
85 | #include "log.h" | 86 | #include "log.h" |
87 | #include "misc.h" | ||
86 | #include "servconf.h" | 88 | #include "servconf.h" |
87 | #include "sshlogin.h" | 89 | #include "sshlogin.h" |
88 | #include "serverloop.h" | 90 | #include "serverloop.h" |
89 | #include "canohost.h" | 91 | #include "canohost.h" |
90 | #include "misc.h" | ||
91 | #include "session.h" | 92 | #include "session.h" |
92 | #include "kex.h" | 93 | #include "kex.h" |
93 | #include "monitor_wrap.h" | 94 | #include "monitor_wrap.h" |
@@ -183,7 +184,6 @@ auth_input_request_forwarding(struct passwd * pw) | |||
183 | { | 184 | { |
184 | Channel *nc; | 185 | Channel *nc; |
185 | int sock = -1; | 186 | int sock = -1; |
186 | struct sockaddr_un sunaddr; | ||
187 | 187 | ||
188 | if (auth_sock_name != NULL) { | 188 | if (auth_sock_name != NULL) { |
189 | error("authentication forwarding requested twice."); | 189 | error("authentication forwarding requested twice."); |
@@ -209,33 +209,15 @@ auth_input_request_forwarding(struct passwd * pw) | |||
209 | xasprintf(&auth_sock_name, "%s/agent.%ld", | 209 | xasprintf(&auth_sock_name, "%s/agent.%ld", |
210 | auth_sock_dir, (long) getpid()); | 210 | auth_sock_dir, (long) getpid()); |
211 | 211 | ||
212 | /* Create the socket. */ | 212 | /* Start a Unix listener on auth_sock_name. */ |
213 | sock = socket(AF_UNIX, SOCK_STREAM, 0); | 213 | sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0); |
214 | if (sock < 0) { | ||
215 | error("socket: %.100s", strerror(errno)); | ||
216 | restore_uid(); | ||
217 | goto authsock_err; | ||
218 | } | ||
219 | |||
220 | /* Bind it to the name. */ | ||
221 | memset(&sunaddr, 0, sizeof(sunaddr)); | ||
222 | sunaddr.sun_family = AF_UNIX; | ||
223 | strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); | ||
224 | |||
225 | if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { | ||
226 | error("bind: %.100s", strerror(errno)); | ||
227 | restore_uid(); | ||
228 | goto authsock_err; | ||
229 | } | ||
230 | 214 | ||
231 | /* Restore the privileged uid. */ | 215 | /* Restore the privileged uid. */ |
232 | restore_uid(); | 216 | restore_uid(); |
233 | 217 | ||
234 | /* Start listening on the socket. */ | 218 | /* Check for socket/bind/listen failure. */ |
235 | if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { | 219 | if (sock < 0) |
236 | error("listen: %.100s", strerror(errno)); | ||
237 | goto authsock_err; | 220 | goto authsock_err; |
238 | } | ||
239 | 221 | ||
240 | /* Allocate a channel for the authentication agent socket. */ | 222 | /* Allocate a channel for the authentication agent socket. */ |
241 | nc = channel_new("auth socket", | 223 | nc = channel_new("auth socket", |
@@ -274,6 +256,7 @@ do_authenticated(Authctxt *authctxt) | |||
274 | setproctitle("%s", authctxt->pw->pw_name); | 256 | setproctitle("%s", authctxt->pw->pw_name); |
275 | 257 | ||
276 | /* setup the channel layer */ | 258 | /* setup the channel layer */ |
259 | /* XXX - streamlocal? */ | ||
277 | if (no_port_forwarding_flag || | 260 | if (no_port_forwarding_flag || |
278 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) | 261 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
279 | channel_disable_adm_local_opens(); | 262 | channel_disable_adm_local_opens(); |
@@ -393,7 +376,7 @@ do_authenticated1(Authctxt *authctxt) | |||
393 | } | 376 | } |
394 | debug("Received TCP/IP port forwarding request."); | 377 | debug("Received TCP/IP port forwarding request."); |
395 | if (channel_input_port_forward_request(s->pw->pw_uid == 0, | 378 | if (channel_input_port_forward_request(s->pw->pw_uid == 0, |
396 | options.gateway_ports) < 0) { | 379 | &options.fwd_opts) < 0) { |
397 | debug("Port forwarding failed."); | 380 | debug("Port forwarding failed."); |
398 | break; | 381 | break; |
399 | } | 382 | } |
@@ -1367,7 +1350,8 @@ do_rc_files(Session *s, const char *shell) | |||
1367 | 1350 | ||
1368 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ | 1351 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
1369 | if (!s->is_subsystem && options.adm_forced_command == NULL && | 1352 | if (!s->is_subsystem && options.adm_forced_command == NULL && |
1370 | !no_user_rc && stat(_PATH_SSH_USER_RC, &st) >= 0) { | 1353 | !no_user_rc && options.permit_user_rc && |
1354 | stat(_PATH_SSH_USER_RC, &st) >= 0) { | ||
1371 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", | 1355 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
1372 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); | 1356 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
1373 | if (debug_flag) | 1357 | if (debug_flag) |
@@ -1514,6 +1498,9 @@ void | |||
1514 | do_setusercontext(struct passwd *pw, const char *role) | 1498 | do_setusercontext(struct passwd *pw, const char *role) |
1515 | { | 1499 | { |
1516 | char *chroot_path, *tmp; | 1500 | char *chroot_path, *tmp; |
1501 | #ifdef USE_LIBIAF | ||
1502 | int doing_chroot = 0; | ||
1503 | #endif | ||
1517 | 1504 | ||
1518 | platform_setusercontext(pw); | 1505 | platform_setusercontext(pw); |
1519 | 1506 | ||
@@ -1553,6 +1540,9 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1553 | /* Make sure we don't attempt to chroot again */ | 1540 | /* Make sure we don't attempt to chroot again */ |
1554 | free(options.chroot_directory); | 1541 | free(options.chroot_directory); |
1555 | options.chroot_directory = NULL; | 1542 | options.chroot_directory = NULL; |
1543 | #ifdef USE_LIBIAF | ||
1544 | doing_chroot = 1; | ||
1545 | #endif | ||
1556 | } | 1546 | } |
1557 | 1547 | ||
1558 | #ifdef HAVE_LOGIN_CAP | 1548 | #ifdef HAVE_LOGIN_CAP |
@@ -1567,7 +1557,14 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1567 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); | 1557 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); |
1568 | #else | 1558 | #else |
1569 | # ifdef USE_LIBIAF | 1559 | # ifdef USE_LIBIAF |
1570 | if (set_id(pw->pw_name) != 0) { | 1560 | /* In a chroot environment, the set_id() will always fail; typically |
1561 | * because of the lack of necessary authentication services and runtime | ||
1562 | * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd | ||
1563 | * We skip it in the internal sftp chroot case. | ||
1564 | * We'll lose auditing and ACLs but permanently_set_uid will | ||
1565 | * take care of the rest. | ||
1566 | */ | ||
1567 | if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { | ||
1571 | fatal("set_id(%s) Failed", pw->pw_name); | 1568 | fatal("set_id(%s) Failed", pw->pw_name); |
1572 | } | 1569 | } |
1573 | # endif /* USE_LIBIAF */ | 1570 | # endif /* USE_LIBIAF */ |
@@ -2653,7 +2650,7 @@ session_setup_x11fwd(Session *s) | |||
2653 | { | 2650 | { |
2654 | struct stat st; | 2651 | struct stat st; |
2655 | char display[512], auth_display[512]; | 2652 | char display[512], auth_display[512]; |
2656 | char hostname[MAXHOSTNAMELEN]; | 2653 | char hostname[NI_MAXHOST]; |
2657 | u_int i; | 2654 | u_int i; |
2658 | 2655 | ||
2659 | if (no_x11_forwarding_flag) { | 2656 | if (no_x11_forwarding_flag) { |