diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 136 |
1 files changed, 123 insertions, 13 deletions
| @@ -33,7 +33,7 @@ | |||
| 33 | */ | 33 | */ |
| 34 | 34 | ||
| 35 | #include "includes.h" | 35 | #include "includes.h" |
| 36 | RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $"); |
| 37 | 37 | ||
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
| @@ -56,6 +56,7 @@ RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); | |||
| 56 | #include "serverloop.h" | 56 | #include "serverloop.h" |
| 57 | #include "canohost.h" | 57 | #include "canohost.h" |
| 58 | #include "session.h" | 58 | #include "session.h" |
| 59 | #include "kex.h" | ||
| 59 | #include "monitor_wrap.h" | 60 | #include "monitor_wrap.h" |
| 60 | 61 | ||
| 61 | #if defined(KRB5) && defined(USE_AFS) | 62 | #if defined(KRB5) && defined(USE_AFS) |
| @@ -196,11 +197,11 @@ auth_input_request_forwarding(struct passwd * pw) | |||
| 196 | static void | 197 | static void |
| 197 | display_loginmsg(void) | 198 | display_loginmsg(void) |
| 198 | { | 199 | { |
| 199 | if (buffer_len(&loginmsg) > 0) { | 200 | if (buffer_len(&loginmsg) > 0) { |
| 200 | buffer_append(&loginmsg, "\0", 1); | 201 | buffer_append(&loginmsg, "\0", 1); |
| 201 | printf("%s", (char *)buffer_ptr(&loginmsg)); | 202 | printf("%s", (char *)buffer_ptr(&loginmsg)); |
| 202 | buffer_clear(&loginmsg); | 203 | buffer_clear(&loginmsg); |
| 203 | } | 204 | } |
| 204 | } | 205 | } |
| 205 | 206 | ||
| 206 | void | 207 | void |
| @@ -272,7 +273,7 @@ do_authenticated1(Authctxt *authctxt) | |||
| 272 | compression_level); | 273 | compression_level); |
| 273 | break; | 274 | break; |
| 274 | } | 275 | } |
| 275 | if (!options.compression) { | 276 | if (options.compression == COMP_NONE) { |
| 276 | debug2("compression disabled"); | 277 | debug2("compression disabled"); |
| 277 | break; | 278 | break; |
| 278 | } | 279 | } |
| @@ -946,7 +947,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) | |||
| 946 | } | 947 | } |
| 947 | #endif /* HAVE_ETC_DEFAULT_LOGIN */ | 948 | #endif /* HAVE_ETC_DEFAULT_LOGIN */ |
| 948 | 949 | ||
| 949 | void copy_environment(char **source, char ***env, u_int *envsize) | 950 | void |
| 951 | copy_environment(char **source, char ***env, u_int *envsize) | ||
| 950 | { | 952 | { |
| 951 | char *var_name, *var_val; | 953 | char *var_name, *var_val; |
| 952 | int i; | 954 | int i; |
| @@ -1332,6 +1334,11 @@ do_setusercontext(struct passwd *pw) | |||
| 1332 | # ifdef _AIX | 1334 | # ifdef _AIX |
| 1333 | aix_usrinfo(pw); | 1335 | aix_usrinfo(pw); |
| 1334 | # endif /* _AIX */ | 1336 | # endif /* _AIX */ |
| 1337 | #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) | ||
| 1338 | if (set_id(pw->pw_name) != 0) { | ||
| 1339 | exit(1); | ||
| 1340 | } | ||
| 1341 | #endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ | ||
| 1335 | /* Permanently switch to the desired uid. */ | 1342 | /* Permanently switch to the desired uid. */ |
| 1336 | permanently_set_uid(pw); | 1343 | permanently_set_uid(pw); |
| 1337 | #endif | 1344 | #endif |
| @@ -1477,7 +1484,8 @@ do_child(Session *s, const char *command) | |||
| 1477 | } | 1484 | } |
| 1478 | 1485 | ||
| 1479 | #ifdef USE_PAM | 1486 | #ifdef USE_PAM |
| 1480 | if (options.use_pam && !is_pam_session_open()) { | 1487 | if (options.use_pam && !options.use_login && !is_pam_session_open()) { |
| 1488 | debug3("PAM session not opened, exiting"); | ||
| 1481 | display_loginmsg(); | 1489 | display_loginmsg(); |
| 1482 | exit(254); | 1490 | exit(254); |
| 1483 | } | 1491 | } |
| @@ -1528,7 +1536,7 @@ do_child(Session *s, const char *command) | |||
| 1528 | */ | 1536 | */ |
| 1529 | 1537 | ||
| 1530 | if (options.kerberos_get_afs_token && k_hasafs() && | 1538 | if (options.kerberos_get_afs_token && k_hasafs() && |
| 1531 | (s->authctxt->krb5_ctx != NULL)) { | 1539 | (s->authctxt->krb5_ctx != NULL)) { |
| 1532 | char cell[64]; | 1540 | char cell[64]; |
| 1533 | 1541 | ||
| 1534 | debug("Getting AFS token"); | 1542 | debug("Getting AFS token"); |
| @@ -1632,6 +1640,7 @@ session_new(void) | |||
| 1632 | s->ttyfd = -1; | 1640 | s->ttyfd = -1; |
| 1633 | s->used = 1; | 1641 | s->used = 1; |
| 1634 | s->self = i; | 1642 | s->self = i; |
| 1643 | s->x11_chanids = NULL; | ||
| 1635 | debug("session_new: session %d", i); | 1644 | debug("session_new: session %d", i); |
| 1636 | return s; | 1645 | return s; |
| 1637 | } | 1646 | } |
| @@ -1705,6 +1714,29 @@ session_by_channel(int id) | |||
| 1705 | } | 1714 | } |
| 1706 | 1715 | ||
| 1707 | static Session * | 1716 | static Session * |
| 1717 | session_by_x11_channel(int id) | ||
| 1718 | { | ||
| 1719 | int i, j; | ||
| 1720 | |||
| 1721 | for (i = 0; i < MAX_SESSIONS; i++) { | ||
| 1722 | Session *s = &sessions[i]; | ||
| 1723 | |||
| 1724 | if (s->x11_chanids == NULL || !s->used) | ||
| 1725 | continue; | ||
| 1726 | for (j = 0; s->x11_chanids[j] != -1; j++) { | ||
| 1727 | if (s->x11_chanids[j] == id) { | ||
| 1728 | debug("session_by_x11_channel: session %d " | ||
| 1729 | "channel %d", s->self, id); | ||
| 1730 | return s; | ||
| 1731 | } | ||
| 1732 | } | ||
| 1733 | } | ||
| 1734 | debug("session_by_x11_channel: unknown channel %d", id); | ||
| 1735 | session_dump(); | ||
| 1736 | return NULL; | ||
| 1737 | } | ||
| 1738 | |||
| 1739 | static Session * | ||
| 1708 | session_by_pid(pid_t pid) | 1740 | session_by_pid(pid_t pid) |
| 1709 | { | 1741 | { |
| 1710 | int i; | 1742 | int i; |
| @@ -1799,7 +1831,7 @@ session_subsystem_req(Session *s) | |||
| 1799 | u_int len; | 1831 | u_int len; |
| 1800 | int success = 0; | 1832 | int success = 0; |
| 1801 | char *cmd, *subsys = packet_get_string(&len); | 1833 | char *cmd, *subsys = packet_get_string(&len); |
| 1802 | int i; | 1834 | u_int i; |
| 1803 | 1835 | ||
| 1804 | packet_check_eom(); | 1836 | packet_check_eom(); |
| 1805 | logit("subsystem request for %.100s", subsys); | 1837 | logit("subsystem request for %.100s", subsys); |
| @@ -1833,6 +1865,11 @@ session_x11_req(Session *s) | |||
| 1833 | { | 1865 | { |
| 1834 | int success; | 1866 | int success; |
| 1835 | 1867 | ||
| 1868 | if (s->auth_proto != NULL || s->auth_data != NULL) { | ||
| 1869 | error("session_x11_req: session %d: " | ||
| 1870 | "x11 fowarding already active", s->self); | ||
| 1871 | return 0; | ||
| 1872 | } | ||
| 1836 | s->single_connection = packet_get_char(); | 1873 | s->single_connection = packet_get_char(); |
| 1837 | s->auth_proto = packet_get_string(NULL); | 1874 | s->auth_proto = packet_get_string(NULL); |
| 1838 | s->auth_data = packet_get_string(NULL); | 1875 | s->auth_data = packet_get_string(NULL); |
| @@ -2058,9 +2095,66 @@ sig2name(int sig) | |||
| 2058 | } | 2095 | } |
| 2059 | 2096 | ||
| 2060 | static void | 2097 | static void |
| 2098 | session_close_x11(int id) | ||
| 2099 | { | ||
| 2100 | Channel *c; | ||
| 2101 | |||
| 2102 | if ((c = channel_lookup(id)) == NULL) { | ||
| 2103 | debug("session_close_x11: x11 channel %d missing", id); | ||
| 2104 | } else { | ||
| 2105 | /* Detach X11 listener */ | ||
| 2106 | debug("session_close_x11: detach x11 channel %d", id); | ||
| 2107 | channel_cancel_cleanup(id); | ||
| 2108 | if (c->ostate != CHAN_OUTPUT_CLOSED) | ||
| 2109 | chan_mark_dead(c); | ||
| 2110 | } | ||
| 2111 | } | ||
| 2112 | |||
| 2113 | static void | ||
| 2114 | session_close_single_x11(int id, void *arg) | ||
| 2115 | { | ||
| 2116 | Session *s; | ||
| 2117 | u_int i; | ||
| 2118 | |||
| 2119 | debug3("session_close_single_x11: channel %d", id); | ||
| 2120 | channel_cancel_cleanup(id); | ||
| 2121 | if ((s = session_by_x11_channel(id)) == NULL) | ||
| 2122 | fatal("session_close_single_x11: no x11 channel %d", id); | ||
| 2123 | for (i = 0; s->x11_chanids[i] != -1; i++) { | ||
| 2124 | debug("session_close_single_x11: session %d: " | ||
| 2125 | "closing channel %d", s->self, s->x11_chanids[i]); | ||
| 2126 | /* | ||
| 2127 | * The channel "id" is already closing, but make sure we | ||
| 2128 | * close all of its siblings. | ||
| 2129 | */ | ||
| 2130 | if (s->x11_chanids[i] != id) | ||
| 2131 | session_close_x11(s->x11_chanids[i]); | ||
| 2132 | } | ||
| 2133 | xfree(s->x11_chanids); | ||
| 2134 | s->x11_chanids = NULL; | ||
| 2135 | if (s->display) { | ||
| 2136 | xfree(s->display); | ||
| 2137 | s->display = NULL; | ||
| 2138 | } | ||
| 2139 | if (s->auth_proto) { | ||
| 2140 | xfree(s->auth_proto); | ||
| 2141 | s->auth_proto = NULL; | ||
| 2142 | } | ||
| 2143 | if (s->auth_data) { | ||
| 2144 | xfree(s->auth_data); | ||
| 2145 | s->auth_data = NULL; | ||
| 2146 | } | ||
| 2147 | if (s->auth_display) { | ||
| 2148 | xfree(s->auth_display); | ||
| 2149 | s->auth_display = NULL; | ||
| 2150 | } | ||
| 2151 | } | ||
| 2152 | |||
| 2153 | static void | ||
| 2061 | session_exit_message(Session *s, int status) | 2154 | session_exit_message(Session *s, int status) |
| 2062 | { | 2155 | { |
| 2063 | Channel *c; | 2156 | Channel *c; |
| 2157 | u_int i; | ||
| 2064 | 2158 | ||
| 2065 | if ((c = channel_lookup(s->chanid)) == NULL) | 2159 | if ((c = channel_lookup(s->chanid)) == NULL) |
| 2066 | fatal("session_exit_message: session %d: no channel %d", | 2160 | fatal("session_exit_message: session %d: no channel %d", |
| @@ -2100,12 +2194,20 @@ session_exit_message(Session *s, int status) | |||
| 2100 | if (c->ostate != CHAN_OUTPUT_CLOSED) | 2194 | if (c->ostate != CHAN_OUTPUT_CLOSED) |
| 2101 | chan_write_failed(c); | 2195 | chan_write_failed(c); |
| 2102 | s->chanid = -1; | 2196 | s->chanid = -1; |
| 2197 | |||
| 2198 | /* Close any X11 listeners associated with this session */ | ||
| 2199 | if (s->x11_chanids != NULL) { | ||
| 2200 | for (i = 0; s->x11_chanids[i] != -1; i++) { | ||
| 2201 | session_close_x11(s->x11_chanids[i]); | ||
| 2202 | s->x11_chanids[i] = -1; | ||
| 2203 | } | ||
| 2204 | } | ||
| 2103 | } | 2205 | } |
| 2104 | 2206 | ||
| 2105 | void | 2207 | void |
| 2106 | session_close(Session *s) | 2208 | session_close(Session *s) |
| 2107 | { | 2209 | { |
| 2108 | int i; | 2210 | u_int i; |
| 2109 | 2211 | ||
| 2110 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); | 2212 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); |
| 2111 | if (s->ttyfd != -1) | 2213 | if (s->ttyfd != -1) |
| @@ -2114,6 +2216,8 @@ session_close(Session *s) | |||
| 2114 | xfree(s->term); | 2216 | xfree(s->term); |
| 2115 | if (s->display) | 2217 | if (s->display) |
| 2116 | xfree(s->display); | 2218 | xfree(s->display); |
| 2219 | if (s->x11_chanids) | ||
| 2220 | xfree(s->x11_chanids); | ||
| 2117 | if (s->auth_display) | 2221 | if (s->auth_display) |
| 2118 | xfree(s->auth_display); | 2222 | xfree(s->auth_display); |
| 2119 | if (s->auth_data) | 2223 | if (s->auth_data) |
| @@ -2152,6 +2256,7 @@ void | |||
| 2152 | session_close_by_channel(int id, void *arg) | 2256 | session_close_by_channel(int id, void *arg) |
| 2153 | { | 2257 | { |
| 2154 | Session *s = session_by_channel(id); | 2258 | Session *s = session_by_channel(id); |
| 2259 | |||
| 2155 | if (s == NULL) { | 2260 | if (s == NULL) { |
| 2156 | debug("session_close_by_channel: no session for id %d", id); | 2261 | debug("session_close_by_channel: no session for id %d", id); |
| 2157 | return; | 2262 | return; |
| @@ -2232,6 +2337,7 @@ session_setup_x11fwd(Session *s) | |||
| 2232 | struct stat st; | 2337 | struct stat st; |
| 2233 | char display[512], auth_display[512]; | 2338 | char display[512], auth_display[512]; |
| 2234 | char hostname[MAXHOSTNAMELEN]; | 2339 | char hostname[MAXHOSTNAMELEN]; |
| 2340 | u_int i; | ||
| 2235 | 2341 | ||
| 2236 | if (no_x11_forwarding_flag) { | 2342 | if (no_x11_forwarding_flag) { |
| 2237 | packet_send_debug("X11 forwarding disabled in user configuration file."); | 2343 | packet_send_debug("X11 forwarding disabled in user configuration file."); |
| @@ -2257,10 +2363,14 @@ session_setup_x11fwd(Session *s) | |||
| 2257 | } | 2363 | } |
| 2258 | if (x11_create_display_inet(options.x11_display_offset, | 2364 | if (x11_create_display_inet(options.x11_display_offset, |
| 2259 | options.x11_use_localhost, s->single_connection, | 2365 | options.x11_use_localhost, s->single_connection, |
| 2260 | &s->display_number) == -1) { | 2366 | &s->display_number, &s->x11_chanids) == -1) { |
| 2261 | debug("x11_create_display_inet failed."); | 2367 | debug("x11_create_display_inet failed."); |
| 2262 | return 0; | 2368 | return 0; |
| 2263 | } | 2369 | } |
| 2370 | for (i = 0; s->x11_chanids[i] != -1; i++) { | ||
| 2371 | channel_register_cleanup(s->x11_chanids[i], | ||
| 2372 | session_close_single_x11); | ||
| 2373 | } | ||
| 2264 | 2374 | ||
| 2265 | /* Set up a suitable value for the DISPLAY variable. */ | 2375 | /* Set up a suitable value for the DISPLAY variable. */ |
| 2266 | if (gethostname(hostname, sizeof(hostname)) < 0) | 2376 | if (gethostname(hostname, sizeof(hostname)) < 0) |