diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 393 |
1 files changed, 74 insertions, 319 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.286 2016/11/30 03:00:05 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -66,7 +66,6 @@ | |||
66 | #include "openbsd-compat/sys-queue.h" | 66 | #include "openbsd-compat/sys-queue.h" |
67 | #include "xmalloc.h" | 67 | #include "xmalloc.h" |
68 | #include "ssh.h" | 68 | #include "ssh.h" |
69 | #include "ssh1.h" | ||
70 | #include "ssh2.h" | 69 | #include "ssh2.h" |
71 | #include "sshpty.h" | 70 | #include "sshpty.h" |
72 | #include "packet.h" | 71 | #include "packet.h" |
@@ -128,7 +127,6 @@ void do_child(Session *, const char *); | |||
128 | void do_motd(void); | 127 | void do_motd(void); |
129 | int check_quietlogin(Session *, const char *); | 128 | int check_quietlogin(Session *, const char *); |
130 | 129 | ||
131 | static void do_authenticated1(Authctxt *); | ||
132 | static void do_authenticated2(Authctxt *); | 130 | static void do_authenticated2(Authctxt *); |
133 | 131 | ||
134 | static int session_pty_req(Session *); | 132 | static int session_pty_req(Session *); |
@@ -259,7 +257,7 @@ do_authenticated(Authctxt *authctxt) | |||
259 | 257 | ||
260 | /* setup the channel layer */ | 258 | /* setup the channel layer */ |
261 | /* XXX - streamlocal? */ | 259 | /* XXX - streamlocal? */ |
262 | if (no_port_forwarding_flag || | 260 | if (no_port_forwarding_flag || options.disable_forwarding || |
263 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) | 261 | (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
264 | channel_disable_adm_local_opens(); | 262 | channel_disable_adm_local_opens(); |
265 | else | 263 | else |
@@ -267,11 +265,7 @@ do_authenticated(Authctxt *authctxt) | |||
267 | 265 | ||
268 | auth_debug_send(); | 266 | auth_debug_send(); |
269 | 267 | ||
270 | if (compat20) | 268 | do_authenticated2(authctxt); |
271 | do_authenticated2(authctxt); | ||
272 | else | ||
273 | do_authenticated1(authctxt); | ||
274 | |||
275 | do_cleanup(authctxt); | 269 | do_cleanup(authctxt); |
276 | } | 270 | } |
277 | 271 | ||
@@ -290,164 +284,6 @@ xauth_valid_string(const char *s) | |||
290 | return 1; | 284 | return 1; |
291 | } | 285 | } |
292 | 286 | ||
293 | /* | ||
294 | * Prepares for an interactive session. This is called after the user has | ||
295 | * been successfully authenticated. During this message exchange, pseudo | ||
296 | * terminals are allocated, X11, TCP/IP, and authentication agent forwardings | ||
297 | * are requested, etc. | ||
298 | */ | ||
299 | static void | ||
300 | do_authenticated1(Authctxt *authctxt) | ||
301 | { | ||
302 | Session *s; | ||
303 | char *command; | ||
304 | int success, type, screen_flag; | ||
305 | int enable_compression_after_reply = 0; | ||
306 | u_int proto_len, data_len, dlen, compression_level = 0; | ||
307 | |||
308 | s = session_new(); | ||
309 | if (s == NULL) { | ||
310 | error("no more sessions"); | ||
311 | return; | ||
312 | } | ||
313 | s->authctxt = authctxt; | ||
314 | s->pw = authctxt->pw; | ||
315 | |||
316 | /* | ||
317 | * We stay in this loop until the client requests to execute a shell | ||
318 | * or a command. | ||
319 | */ | ||
320 | for (;;) { | ||
321 | success = 0; | ||
322 | |||
323 | /* Get a packet from the client. */ | ||
324 | type = packet_read(); | ||
325 | |||
326 | /* Process the packet. */ | ||
327 | switch (type) { | ||
328 | case SSH_CMSG_REQUEST_COMPRESSION: | ||
329 | compression_level = packet_get_int(); | ||
330 | packet_check_eom(); | ||
331 | if (compression_level < 1 || compression_level > 9) { | ||
332 | packet_send_debug("Received invalid compression level %d.", | ||
333 | compression_level); | ||
334 | break; | ||
335 | } | ||
336 | if (options.compression == COMP_NONE) { | ||
337 | debug2("compression disabled"); | ||
338 | break; | ||
339 | } | ||
340 | /* Enable compression after we have responded with SUCCESS. */ | ||
341 | enable_compression_after_reply = 1; | ||
342 | success = 1; | ||
343 | break; | ||
344 | |||
345 | case SSH_CMSG_REQUEST_PTY: | ||
346 | success = session_pty_req(s); | ||
347 | break; | ||
348 | |||
349 | case SSH_CMSG_X11_REQUEST_FORWARDING: | ||
350 | s->auth_proto = packet_get_string(&proto_len); | ||
351 | s->auth_data = packet_get_string(&data_len); | ||
352 | |||
353 | screen_flag = packet_get_protocol_flags() & | ||
354 | SSH_PROTOFLAG_SCREEN_NUMBER; | ||
355 | debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag); | ||
356 | |||
357 | if (packet_remaining() == 4) { | ||
358 | if (!screen_flag) | ||
359 | debug2("Buggy client: " | ||
360 | "X11 screen flag missing"); | ||
361 | s->screen = packet_get_int(); | ||
362 | } else { | ||
363 | s->screen = 0; | ||
364 | } | ||
365 | packet_check_eom(); | ||
366 | if (xauth_valid_string(s->auth_proto) && | ||
367 | xauth_valid_string(s->auth_data)) | ||
368 | success = session_setup_x11fwd(s); | ||
369 | else { | ||
370 | success = 0; | ||
371 | error("Invalid X11 forwarding data"); | ||
372 | } | ||
373 | if (!success) { | ||
374 | free(s->auth_proto); | ||
375 | free(s->auth_data); | ||
376 | s->auth_proto = NULL; | ||
377 | s->auth_data = NULL; | ||
378 | } | ||
379 | break; | ||
380 | |||
381 | case SSH_CMSG_AGENT_REQUEST_FORWARDING: | ||
382 | if (!options.allow_agent_forwarding || | ||
383 | no_agent_forwarding_flag || compat13) { | ||
384 | debug("Authentication agent forwarding not permitted for this authentication."); | ||
385 | break; | ||
386 | } | ||
387 | debug("Received authentication agent forwarding request."); | ||
388 | success = auth_input_request_forwarding(s->pw); | ||
389 | break; | ||
390 | |||
391 | case SSH_CMSG_PORT_FORWARD_REQUEST: | ||
392 | if (no_port_forwarding_flag) { | ||
393 | debug("Port forwarding not permitted for this authentication."); | ||
394 | break; | ||
395 | } | ||
396 | if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) { | ||
397 | debug("Port forwarding not permitted."); | ||
398 | break; | ||
399 | } | ||
400 | debug("Received TCP/IP port forwarding request."); | ||
401 | if (channel_input_port_forward_request(s->pw->pw_uid == 0, | ||
402 | &options.fwd_opts) < 0) { | ||
403 | debug("Port forwarding failed."); | ||
404 | break; | ||
405 | } | ||
406 | success = 1; | ||
407 | break; | ||
408 | |||
409 | case SSH_CMSG_MAX_PACKET_SIZE: | ||
410 | if (packet_set_maxsize(packet_get_int()) > 0) | ||
411 | success = 1; | ||
412 | break; | ||
413 | |||
414 | case SSH_CMSG_EXEC_SHELL: | ||
415 | case SSH_CMSG_EXEC_CMD: | ||
416 | if (type == SSH_CMSG_EXEC_CMD) { | ||
417 | command = packet_get_string(&dlen); | ||
418 | debug("Exec command '%.500s'", command); | ||
419 | if (do_exec(s, command) != 0) | ||
420 | packet_disconnect( | ||
421 | "command execution failed"); | ||
422 | free(command); | ||
423 | } else { | ||
424 | if (do_exec(s, NULL) != 0) | ||
425 | packet_disconnect( | ||
426 | "shell execution failed"); | ||
427 | } | ||
428 | packet_check_eom(); | ||
429 | session_close(s); | ||
430 | return; | ||
431 | |||
432 | default: | ||
433 | /* | ||
434 | * Any unknown messages in this phase are ignored, | ||
435 | * and a failure message is returned. | ||
436 | */ | ||
437 | logit("Unknown packet type received after authentication: %d", type); | ||
438 | } | ||
439 | packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE); | ||
440 | packet_send(); | ||
441 | packet_write_wait(); | ||
442 | |||
443 | /* Enable compression now that we have replied if appropriate. */ | ||
444 | if (enable_compression_after_reply) { | ||
445 | enable_compression_after_reply = 0; | ||
446 | packet_start_compression(compression_level); | ||
447 | } | ||
448 | } | ||
449 | } | ||
450 | |||
451 | #define USE_PIPES 1 | 287 | #define USE_PIPES 1 |
452 | /* | 288 | /* |
453 | * This is called to fork and execute a command when we have no tty. This | 289 | * This is called to fork and execute a command when we have no tty. This |
@@ -615,14 +451,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
615 | close(pout[1]); | 451 | close(pout[1]); |
616 | close(perr[1]); | 452 | close(perr[1]); |
617 | 453 | ||
618 | if (compat20) { | 454 | session_set_fds(s, pin[1], pout[0], perr[0], |
619 | session_set_fds(s, pin[1], pout[0], perr[0], | 455 | s->is_subsystem, 0); |
620 | s->is_subsystem, 0); | ||
621 | } else { | ||
622 | /* Enter the interactive session. */ | ||
623 | server_loop(pid, pin[1], pout[0], perr[0]); | ||
624 | /* server_loop has closed pin[1], pout[0], and perr[0]. */ | ||
625 | } | ||
626 | #else | 456 | #else |
627 | /* We are the parent. Close the child sides of the socket pairs. */ | 457 | /* We are the parent. Close the child sides of the socket pairs. */ |
628 | close(inout[0]); | 458 | close(inout[0]); |
@@ -632,13 +462,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
632 | * Enter the interactive session. Note: server_loop must be able to | 462 | * Enter the interactive session. Note: server_loop must be able to |
633 | * handle the case that fdin and fdout are the same. | 463 | * handle the case that fdin and fdout are the same. |
634 | */ | 464 | */ |
635 | if (compat20) { | 465 | session_set_fds(s, inout[1], inout[1], err[1], |
636 | session_set_fds(s, inout[1], inout[1], err[1], | 466 | s->is_subsystem, 0); |
637 | s->is_subsystem, 0); | ||
638 | } else { | ||
639 | server_loop(pid, inout[1], inout[1], err[1]); | ||
640 | /* server_loop has closed inout[1] and err[1]. */ | ||
641 | } | ||
642 | #endif | 467 | #endif |
643 | return 0; | 468 | return 0; |
644 | } | 469 | } |
@@ -718,17 +543,11 @@ do_exec_pty(Session *s, const char *command) | |||
718 | close(ttyfd); | 543 | close(ttyfd); |
719 | 544 | ||
720 | /* record login, etc. similar to login(1) */ | 545 | /* record login, etc. similar to login(1) */ |
721 | #ifndef HAVE_OSF_SIA | ||
722 | if (!(options.use_login && command == NULL)) { | ||
723 | #ifdef _UNICOS | 546 | #ifdef _UNICOS |
724 | cray_init_job(s->pw); /* set up cray jid and tmpdir */ | 547 | cray_init_job(s->pw); /* set up cray jid and tmpdir */ |
725 | #endif /* _UNICOS */ | 548 | #endif /* _UNICOS */ |
726 | do_login(s, command); | 549 | #ifndef HAVE_OSF_SIA |
727 | } | 550 | do_login(s, command); |
728 | # ifdef LOGIN_NEEDS_UTMPX | ||
729 | else | ||
730 | do_pre_login(s); | ||
731 | # endif | ||
732 | #endif | 551 | #endif |
733 | /* | 552 | /* |
734 | * Do common processing for the child, such as execing | 553 | * Do common processing for the child, such as execing |
@@ -756,12 +575,7 @@ do_exec_pty(Session *s, const char *command) | |||
756 | s->ptymaster = ptymaster; | 575 | s->ptymaster = ptymaster; |
757 | packet_set_interactive(1, | 576 | packet_set_interactive(1, |
758 | options.ip_qos_interactive, options.ip_qos_bulk); | 577 | options.ip_qos_interactive, options.ip_qos_bulk); |
759 | if (compat20) { | 578 | session_set_fds(s, ptyfd, fdout, -1, 1, 1); |
760 | session_set_fds(s, ptyfd, fdout, -1, 1, 1); | ||
761 | } else { | ||
762 | server_loop(pid, ptyfd, fdout, -1); | ||
763 | /* server_loop _has_ closed ptyfd and fdout. */ | ||
764 | } | ||
765 | return 0; | 579 | return 0; |
766 | } | 580 | } |
767 | 581 | ||
@@ -1199,69 +1013,63 @@ do_setup_env(Session *s, const char *shell) | |||
1199 | ssh_gssapi_do_child(&env, &envsize); | 1013 | ssh_gssapi_do_child(&env, &envsize); |
1200 | #endif | 1014 | #endif |
1201 | 1015 | ||
1202 | if (!options.use_login) { | 1016 | /* Set basic environment. */ |
1203 | /* Set basic environment. */ | 1017 | for (i = 0; i < s->num_env; i++) |
1204 | for (i = 0; i < s->num_env; i++) | 1018 | child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); |
1205 | child_set_env(&env, &envsize, s->env[i].name, | ||
1206 | s->env[i].val); | ||
1207 | 1019 | ||
1208 | child_set_env(&env, &envsize, "USER", pw->pw_name); | 1020 | child_set_env(&env, &envsize, "USER", pw->pw_name); |
1209 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); | 1021 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
1210 | #ifdef _AIX | 1022 | #ifdef _AIX |
1211 | child_set_env(&env, &envsize, "LOGIN", pw->pw_name); | 1023 | child_set_env(&env, &envsize, "LOGIN", pw->pw_name); |
1212 | #endif | 1024 | #endif |
1213 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); | 1025 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
1214 | #ifdef HAVE_LOGIN_CAP | 1026 | #ifdef HAVE_LOGIN_CAP |
1215 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) | 1027 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
1216 | child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); | 1028 | child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
1217 | else | 1029 | else |
1218 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); | 1030 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); |
1219 | #else /* HAVE_LOGIN_CAP */ | 1031 | #else /* HAVE_LOGIN_CAP */ |
1220 | # ifndef HAVE_CYGWIN | 1032 | # ifndef HAVE_CYGWIN |
1221 | /* | 1033 | /* |
1222 | * There's no standard path on Windows. The path contains | 1034 | * There's no standard path on Windows. The path contains |
1223 | * important components pointing to the system directories, | 1035 | * important components pointing to the system directories, |
1224 | * needed for loading shared libraries. So the path better | 1036 | * needed for loading shared libraries. So the path better |
1225 | * remains intact here. | 1037 | * remains intact here. |
1226 | */ | 1038 | */ |
1227 | # ifdef HAVE_ETC_DEFAULT_LOGIN | 1039 | # ifdef HAVE_ETC_DEFAULT_LOGIN |
1228 | read_etc_default_login(&env, &envsize, pw->pw_uid); | 1040 | read_etc_default_login(&env, &envsize, pw->pw_uid); |
1229 | path = child_get_env(env, "PATH"); | 1041 | path = child_get_env(env, "PATH"); |
1230 | # endif /* HAVE_ETC_DEFAULT_LOGIN */ | 1042 | # endif /* HAVE_ETC_DEFAULT_LOGIN */ |
1231 | if (path == NULL || *path == '\0') { | 1043 | if (path == NULL || *path == '\0') { |
1232 | child_set_env(&env, &envsize, "PATH", | 1044 | child_set_env(&env, &envsize, "PATH", |
1233 | s->pw->pw_uid == 0 ? | 1045 | s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); |
1234 | SUPERUSER_PATH : _PATH_STDPATH); | 1046 | } |
1235 | } | ||
1236 | # endif /* HAVE_CYGWIN */ | 1047 | # endif /* HAVE_CYGWIN */ |
1237 | #endif /* HAVE_LOGIN_CAP */ | 1048 | #endif /* HAVE_LOGIN_CAP */ |
1238 | 1049 | ||
1239 | snprintf(buf, sizeof buf, "%.200s/%.50s", | 1050 | snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); |
1240 | _PATH_MAILDIR, pw->pw_name); | 1051 | child_set_env(&env, &envsize, "MAIL", buf); |
1241 | child_set_env(&env, &envsize, "MAIL", buf); | 1052 | |
1053 | /* Normal systems set SHELL by default. */ | ||
1054 | child_set_env(&env, &envsize, "SHELL", shell); | ||
1242 | 1055 | ||
1243 | /* Normal systems set SHELL by default. */ | ||
1244 | child_set_env(&env, &envsize, "SHELL", shell); | ||
1245 | } | ||
1246 | if (getenv("TZ")) | 1056 | if (getenv("TZ")) |
1247 | child_set_env(&env, &envsize, "TZ", getenv("TZ")); | 1057 | child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
1248 | 1058 | ||
1249 | /* Set custom environment options from RSA authentication. */ | 1059 | /* Set custom environment options from RSA authentication. */ |
1250 | if (!options.use_login) { | 1060 | while (custom_environment) { |
1251 | while (custom_environment) { | 1061 | struct envstring *ce = custom_environment; |
1252 | struct envstring *ce = custom_environment; | 1062 | char *str = ce->s; |
1253 | char *str = ce->s; | 1063 | |
1254 | 1064 | for (i = 0; str[i] != '=' && str[i]; i++) | |
1255 | for (i = 0; str[i] != '=' && str[i]; i++) | 1065 | ; |
1256 | ; | 1066 | if (str[i] == '=') { |
1257 | if (str[i] == '=') { | 1067 | str[i] = 0; |
1258 | str[i] = 0; | 1068 | child_set_env(&env, &envsize, str, str + i + 1); |
1259 | child_set_env(&env, &envsize, str, str + i + 1); | ||
1260 | } | ||
1261 | custom_environment = ce->next; | ||
1262 | free(ce->s); | ||
1263 | free(ce); | ||
1264 | } | 1069 | } |
1070 | custom_environment = ce->next; | ||
1071 | free(ce->s); | ||
1072 | free(ce); | ||
1265 | } | 1073 | } |
1266 | 1074 | ||
1267 | /* SSH_CLIENT deprecated */ | 1075 | /* SSH_CLIENT deprecated */ |
@@ -1323,7 +1131,7 @@ do_setup_env(Session *s, const char *shell) | |||
1323 | * Pull in any environment variables that may have | 1131 | * Pull in any environment variables that may have |
1324 | * been set by PAM. | 1132 | * been set by PAM. |
1325 | */ | 1133 | */ |
1326 | if (options.use_pam && !options.use_login) { | 1134 | if (options.use_pam) { |
1327 | char **p; | 1135 | char **p; |
1328 | 1136 | ||
1329 | p = fetch_pam_child_environment(); | 1137 | p = fetch_pam_child_environment(); |
@@ -1341,7 +1149,7 @@ do_setup_env(Session *s, const char *shell) | |||
1341 | auth_sock_name); | 1149 | auth_sock_name); |
1342 | 1150 | ||
1343 | /* read $HOME/.ssh/environment. */ | 1151 | /* read $HOME/.ssh/environment. */ |
1344 | if (options.permit_user_env && !options.use_login) { | 1152 | if (options.permit_user_env) { |
1345 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", | 1153 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
1346 | strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); | 1154 | strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); |
1347 | read_environment_file(&env, &envsize, buf); | 1155 | read_environment_file(&env, &envsize, buf); |
@@ -1623,27 +1431,6 @@ do_pwchange(Session *s) | |||
1623 | } | 1431 | } |
1624 | 1432 | ||
1625 | static void | 1433 | static void |
1626 | launch_login(struct passwd *pw, const char *hostname) | ||
1627 | { | ||
1628 | /* Launch login(1). */ | ||
1629 | |||
1630 | execl(LOGIN_PROGRAM, "login", "-h", hostname, | ||
1631 | #ifdef xxxLOGIN_NEEDS_TERM | ||
1632 | (s->term ? s->term : "unknown"), | ||
1633 | #endif /* LOGIN_NEEDS_TERM */ | ||
1634 | #ifdef LOGIN_NO_ENDOPT | ||
1635 | "-p", "-f", pw->pw_name, (char *)NULL); | ||
1636 | #else | ||
1637 | "-p", "-f", "--", pw->pw_name, (char *)NULL); | ||
1638 | #endif | ||
1639 | |||
1640 | /* Login couldn't be executed, die. */ | ||
1641 | |||
1642 | perror("login"); | ||
1643 | exit(1); | ||
1644 | } | ||
1645 | |||
1646 | static void | ||
1647 | child_close_fds(void) | 1434 | child_close_fds(void) |
1648 | { | 1435 | { |
1649 | extern int auth_sock; | 1436 | extern int auth_sock; |
@@ -1690,11 +1477,10 @@ child_close_fds(void) | |||
1690 | void | 1477 | void |
1691 | do_child(Session *s, const char *command) | 1478 | do_child(Session *s, const char *command) |
1692 | { | 1479 | { |
1693 | struct ssh *ssh = active_state; /* XXX */ | ||
1694 | extern char **environ; | 1480 | extern char **environ; |
1695 | char **env; | 1481 | char **env; |
1696 | char *argv[ARGV_MAX]; | 1482 | char *argv[ARGV_MAX]; |
1697 | const char *shell, *shell0, *hostname = NULL; | 1483 | const char *shell, *shell0; |
1698 | struct passwd *pw = s->pw; | 1484 | struct passwd *pw = s->pw; |
1699 | int r = 0; | 1485 | int r = 0; |
1700 | 1486 | ||
@@ -1709,10 +1495,6 @@ do_child(Session *s, const char *command) | |||
1709 | exit(1); | 1495 | exit(1); |
1710 | } | 1496 | } |
1711 | 1497 | ||
1712 | /* login(1) is only called if we execute the login shell */ | ||
1713 | if (options.use_login && command != NULL) | ||
1714 | options.use_login = 0; | ||
1715 | |||
1716 | #ifdef _UNICOS | 1498 | #ifdef _UNICOS |
1717 | cray_setup(pw->pw_uid, pw->pw_name, command); | 1499 | cray_setup(pw->pw_uid, pw->pw_name, command); |
1718 | #endif /* _UNICOS */ | 1500 | #endif /* _UNICOS */ |
@@ -1721,28 +1503,26 @@ do_child(Session *s, const char *command) | |||
1721 | * Login(1) does this as well, and it needs uid 0 for the "-h" | 1503 | * Login(1) does this as well, and it needs uid 0 for the "-h" |
1722 | * switch, so we let login(1) to this for us. | 1504 | * switch, so we let login(1) to this for us. |
1723 | */ | 1505 | */ |
1724 | if (!options.use_login) { | ||
1725 | #ifdef HAVE_OSF_SIA | 1506 | #ifdef HAVE_OSF_SIA |
1726 | session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); | 1507 | session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); |
1727 | if (!check_quietlogin(s, command)) | 1508 | if (!check_quietlogin(s, command)) |
1728 | do_motd(); | 1509 | do_motd(); |
1729 | #else /* HAVE_OSF_SIA */ | 1510 | #else /* HAVE_OSF_SIA */ |
1730 | /* When PAM is enabled we rely on it to do the nologin check */ | 1511 | /* When PAM is enabled we rely on it to do the nologin check */ |
1731 | if (!options.use_pam) | 1512 | if (!options.use_pam) |
1732 | do_nologin(pw); | 1513 | do_nologin(pw); |
1733 | do_setusercontext(pw, s->authctxt->role); | 1514 | do_setusercontext(pw, s->authctxt->role); |
1734 | /* | 1515 | /* |
1735 | * PAM session modules in do_setusercontext may have | 1516 | * PAM session modules in do_setusercontext may have |
1736 | * generated messages, so if this in an interactive | 1517 | * generated messages, so if this in an interactive |
1737 | * login then display them too. | 1518 | * login then display them too. |
1738 | */ | 1519 | */ |
1739 | if (!check_quietlogin(s, command)) | 1520 | if (!check_quietlogin(s, command)) |
1740 | display_loginmsg(); | 1521 | display_loginmsg(); |
1741 | #endif /* HAVE_OSF_SIA */ | 1522 | #endif /* HAVE_OSF_SIA */ |
1742 | } | ||
1743 | 1523 | ||
1744 | #ifdef USE_PAM | 1524 | #ifdef USE_PAM |
1745 | if (options.use_pam && !options.use_login && !is_pam_session_open()) { | 1525 | if (options.use_pam && !is_pam_session_open()) { |
1746 | debug3("PAM session not opened, exiting"); | 1526 | debug3("PAM session not opened, exiting"); |
1747 | display_loginmsg(); | 1527 | display_loginmsg(); |
1748 | exit(254); | 1528 | exit(254); |
@@ -1765,10 +1545,6 @@ do_child(Session *s, const char *command) | |||
1765 | shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); | 1545 | shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); |
1766 | #endif | 1546 | #endif |
1767 | 1547 | ||
1768 | /* we have to stash the hostname before we close our socket. */ | ||
1769 | if (options.use_login) | ||
1770 | hostname = session_get_remote_name_or_ip(ssh, utmp_len, | ||
1771 | options.use_dns); | ||
1772 | /* | 1548 | /* |
1773 | * Close the connection descriptors; note that this is the child, and | 1549 | * Close the connection descriptors; note that this is the child, and |
1774 | * the server will still have the socket open, and it is important | 1550 | * the server will still have the socket open, and it is important |
@@ -1827,8 +1603,7 @@ do_child(Session *s, const char *command) | |||
1827 | 1603 | ||
1828 | closefrom(STDERR_FILENO + 1); | 1604 | closefrom(STDERR_FILENO + 1); |
1829 | 1605 | ||
1830 | if (!options.use_login) | 1606 | do_rc_files(s, shell); |
1831 | do_rc_files(s, shell); | ||
1832 | 1607 | ||
1833 | /* restore SIGPIPE for child */ | 1608 | /* restore SIGPIPE for child */ |
1834 | signal(SIGPIPE, SIG_DFL); | 1609 | signal(SIGPIPE, SIG_DFL); |
@@ -1858,11 +1633,6 @@ do_child(Session *s, const char *command) | |||
1858 | 1633 | ||
1859 | fflush(NULL); | 1634 | fflush(NULL); |
1860 | 1635 | ||
1861 | if (options.use_login) { | ||
1862 | launch_login(pw, hostname); | ||
1863 | /* NEVERREACHED */ | ||
1864 | } | ||
1865 | |||
1866 | /* Get the last component of the shell name. */ | 1636 | /* Get the last component of the shell name. */ |
1867 | if ((shell0 = strrchr(shell, '/')) != NULL) | 1637 | if ((shell0 = strrchr(shell, '/')) != NULL) |
1868 | shell0++; | 1638 | shell0++; |
@@ -2106,14 +1876,8 @@ session_pty_req(Session *s) | |||
2106 | } | 1876 | } |
2107 | 1877 | ||
2108 | s->term = packet_get_string(&len); | 1878 | s->term = packet_get_string(&len); |
2109 | 1879 | s->col = packet_get_int(); | |
2110 | if (compat20) { | 1880 | s->row = packet_get_int(); |
2111 | s->col = packet_get_int(); | ||
2112 | s->row = packet_get_int(); | ||
2113 | } else { | ||
2114 | s->row = packet_get_int(); | ||
2115 | s->col = packet_get_int(); | ||
2116 | } | ||
2117 | s->xpixel = packet_get_int(); | 1881 | s->xpixel = packet_get_int(); |
2118 | s->ypixel = packet_get_int(); | 1882 | s->ypixel = packet_get_int(); |
2119 | 1883 | ||
@@ -2135,9 +1899,7 @@ session_pty_req(Session *s) | |||
2135 | } | 1899 | } |
2136 | debug("session_pty_req: session %d alloc %s", s->self, s->tty); | 1900 | debug("session_pty_req: session %d alloc %s", s->self, s->tty); |
2137 | 1901 | ||
2138 | /* for SSH1 the tty modes length is not given */ | 1902 | n_bytes = packet_remaining(); |
2139 | if (!compat20) | ||
2140 | n_bytes = packet_remaining(); | ||
2141 | tty_parse_modes(s->ttyfd, &n_bytes); | 1903 | tty_parse_modes(s->ttyfd, &n_bytes); |
2142 | 1904 | ||
2143 | if (!use_privsep) | 1905 | if (!use_privsep) |
@@ -2353,8 +2115,6 @@ void | |||
2353 | session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, | 2115 | session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, |
2354 | int is_tty) | 2116 | int is_tty) |
2355 | { | 2117 | { |
2356 | if (!compat20) | ||
2357 | fatal("session_set_fds: called for proto != 2.0"); | ||
2358 | /* | 2118 | /* |
2359 | * now that have a child and a pipe to the child, | 2119 | * now that have a child and a pipe to the child, |
2360 | * we can activate our channel and register the fd's | 2120 | * we can activate our channel and register the fd's |
@@ -2692,11 +2452,6 @@ session_setup_x11fwd(Session *s) | |||
2692 | packet_send_debug("No xauth program; cannot forward with spoofing."); | 2452 | packet_send_debug("No xauth program; cannot forward with spoofing."); |
2693 | return 0; | 2453 | return 0; |
2694 | } | 2454 | } |
2695 | if (options.use_login) { | ||
2696 | packet_send_debug("X11 forwarding disabled; " | ||
2697 | "not compatible with UseLogin=yes."); | ||
2698 | return 0; | ||
2699 | } | ||
2700 | if (s->display != NULL) { | 2455 | if (s->display != NULL) { |
2701 | debug("X11 display already set."); | 2456 | debug("X11 display already set."); |
2702 | return 0; | 2457 | return 0; |
@@ -2794,7 +2549,7 @@ do_cleanup(Authctxt *authctxt) | |||
2794 | #endif | 2549 | #endif |
2795 | 2550 | ||
2796 | #ifdef GSSAPI | 2551 | #ifdef GSSAPI |
2797 | if (compat20 && options.gss_cleanup_creds) | 2552 | if (options.gss_cleanup_creds) |
2798 | ssh_gssapi_cleanup_creds(); | 2553 | ssh_gssapi_cleanup_creds(); |
2799 | #endif | 2554 | #endif |
2800 | 2555 | ||