diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 116 |
1 files changed, 87 insertions, 29 deletions
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -210,13 +210,6 @@ do_authenticated(Authctxt *authctxt) | |||
210 | close(startup_pipe); | 210 | close(startup_pipe); |
211 | startup_pipe = -1; | 211 | startup_pipe = -1; |
212 | } | 212 | } |
213 | #ifdef WITH_AIXAUTHENTICATE | ||
214 | /* We don't have a pty yet, so just label the line as "ssh" */ | ||
215 | if (loginsuccess(authctxt->user, | ||
216 | get_canonical_hostname(options.verify_reverse_mapping), | ||
217 | "ssh", &aixloginmsg) < 0) | ||
218 | aixloginmsg = NULL; | ||
219 | #endif /* WITH_AIXAUTHENTICATE */ | ||
220 | 213 | ||
221 | /* setup the channel layer */ | 214 | /* setup the channel layer */ |
222 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | 215 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
@@ -470,6 +463,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
470 | 463 | ||
471 | /* Fork the child. */ | 464 | /* Fork the child. */ |
472 | if ((pid = fork()) == 0) { | 465 | if ((pid = fork()) == 0) { |
466 | fatal_remove_all_cleanups(); | ||
467 | |||
473 | /* Child. Reinitialize the log since the pid has changed. */ | 468 | /* Child. Reinitialize the log since the pid has changed. */ |
474 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | 469 | log_init(__progname, options.log_level, options.log_facility, log_stderr); |
475 | 470 | ||
@@ -517,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command) | |||
517 | perror("dup2 stderr"); | 512 | perror("dup2 stderr"); |
518 | #endif /* USE_PIPES */ | 513 | #endif /* USE_PIPES */ |
519 | 514 | ||
515 | #ifdef _UNICOS | ||
516 | cray_init_job(s->pw); /* set up cray jid and tmpdir */ | ||
517 | #endif | ||
518 | |||
520 | /* Do processing for the child (exec command etc). */ | 519 | /* Do processing for the child (exec command etc). */ |
521 | do_child(s, command); | 520 | do_child(s, command); |
522 | /* NOTREACHED */ | 521 | /* NOTREACHED */ |
523 | } | 522 | } |
523 | #ifdef _UNICOS | ||
524 | signal(WJSIGNAL, cray_job_termination_handler); | ||
525 | #endif /* _UNICOS */ | ||
524 | #ifdef HAVE_CYGWIN | 526 | #ifdef HAVE_CYGWIN |
525 | if (is_winnt) | 527 | if (is_winnt) |
526 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); | 528 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); |
@@ -585,6 +587,7 @@ do_exec_pty(Session *s, const char *command) | |||
585 | 587 | ||
586 | /* Fork the child. */ | 588 | /* Fork the child. */ |
587 | if ((pid = fork()) == 0) { | 589 | if ((pid = fork()) == 0) { |
590 | fatal_remove_all_cleanups(); | ||
588 | 591 | ||
589 | /* Child. Reinitialize the log because the pid has changed. */ | 592 | /* Child. Reinitialize the log because the pid has changed. */ |
590 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | 593 | log_init(__progname, options.log_level, options.log_facility, log_stderr); |
@@ -607,8 +610,12 @@ do_exec_pty(Session *s, const char *command) | |||
607 | 610 | ||
608 | /* record login, etc. similar to login(1) */ | 611 | /* record login, etc. similar to login(1) */ |
609 | #ifndef HAVE_OSF_SIA | 612 | #ifndef HAVE_OSF_SIA |
610 | if (!(options.use_login && command == NULL)) | 613 | if (!(options.use_login && command == NULL)) { |
614 | #ifdef _UNICOS | ||
615 | cray_init_job(s->pw); /* set up cray jid and tmpdir */ | ||
616 | #endif /* _UNICOS */ | ||
611 | do_login(s, command); | 617 | do_login(s, command); |
618 | } | ||
612 | # ifdef LOGIN_NEEDS_UTMPX | 619 | # ifdef LOGIN_NEEDS_UTMPX |
613 | else | 620 | else |
614 | do_pre_login(s); | 621 | do_pre_login(s); |
@@ -619,6 +626,9 @@ do_exec_pty(Session *s, const char *command) | |||
619 | do_child(s, command); | 626 | do_child(s, command); |
620 | /* NOTREACHED */ | 627 | /* NOTREACHED */ |
621 | } | 628 | } |
629 | #ifdef _UNICOS | ||
630 | signal(WJSIGNAL, cray_job_termination_handler); | ||
631 | #endif /* _UNICOS */ | ||
622 | #ifdef HAVE_CYGWIN | 632 | #ifdef HAVE_CYGWIN |
623 | if (is_winnt) | 633 | if (is_winnt) |
624 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); | 634 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); |
@@ -668,8 +678,8 @@ do_pre_login(Session *s) | |||
668 | * the address be 0.0.0.0. | 678 | * the address be 0.0.0.0. |
669 | */ | 679 | */ |
670 | memset(&from, 0, sizeof(from)); | 680 | memset(&from, 0, sizeof(from)); |
681 | fromlen = sizeof(from); | ||
671 | if (packet_connection_is_on_socket()) { | 682 | if (packet_connection_is_on_socket()) { |
672 | fromlen = sizeof(from); | ||
673 | if (getpeername(packet_get_connection_in(), | 683 | if (getpeername(packet_get_connection_in(), |
674 | (struct sockaddr *) & from, &fromlen) < 0) { | 684 | (struct sockaddr *) & from, &fromlen) < 0) { |
675 | debug("getpeername: %.100s", strerror(errno)); | 685 | debug("getpeername: %.100s", strerror(errno)); |
@@ -734,7 +744,7 @@ do_login(Session *s, const char *command) | |||
734 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, | 744 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, |
735 | get_remote_name_or_ip(utmp_len, | 745 | get_remote_name_or_ip(utmp_len, |
736 | options.verify_reverse_mapping), | 746 | options.verify_reverse_mapping), |
737 | (struct sockaddr *)&from); | 747 | (struct sockaddr *)&from, fromlen); |
738 | 748 | ||
739 | #ifdef USE_PAM | 749 | #ifdef USE_PAM |
740 | /* | 750 | /* |
@@ -759,6 +769,7 @@ do_login(Session *s, const char *command) | |||
759 | printf("%s\n", aixloginmsg); | 769 | printf("%s\n", aixloginmsg); |
760 | #endif /* WITH_AIXAUTHENTICATE */ | 770 | #endif /* WITH_AIXAUTHENTICATE */ |
761 | 771 | ||
772 | #ifndef NO_SSH_LASTLOG | ||
762 | if (options.print_lastlog && s->last_login_time != 0) { | 773 | if (options.print_lastlog && s->last_login_time != 0) { |
763 | time_string = ctime(&s->last_login_time); | 774 | time_string = ctime(&s->last_login_time); |
764 | if (strchr(time_string, '\n')) | 775 | if (strchr(time_string, '\n')) |
@@ -769,6 +780,7 @@ do_login(Session *s, const char *command) | |||
769 | printf("Last login: %s from %s\r\n", time_string, | 780 | printf("Last login: %s from %s\r\n", time_string, |
770 | s->hostname); | 781 | s->hostname); |
771 | } | 782 | } |
783 | #endif /* NO_SSH_LASTLOG */ | ||
772 | 784 | ||
773 | do_motd(); | 785 | do_motd(); |
774 | } | 786 | } |
@@ -959,8 +971,10 @@ do_setup_env(Session *s, const char *shell) | |||
959 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); | 971 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
960 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); | 972 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
961 | #ifdef HAVE_LOGIN_CAP | 973 | #ifdef HAVE_LOGIN_CAP |
962 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); | 974 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
963 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); | 975 | child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
976 | else | ||
977 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); | ||
964 | #else /* HAVE_LOGIN_CAP */ | 978 | #else /* HAVE_LOGIN_CAP */ |
965 | # ifndef HAVE_CYGWIN | 979 | # ifndef HAVE_CYGWIN |
966 | /* | 980 | /* |
@@ -992,13 +1006,13 @@ do_setup_env(Session *s, const char *shell) | |||
992 | if (!options.use_login) { | 1006 | if (!options.use_login) { |
993 | while (custom_environment) { | 1007 | while (custom_environment) { |
994 | struct envstring *ce = custom_environment; | 1008 | struct envstring *ce = custom_environment; |
995 | char *s = ce->s; | 1009 | char *str = ce->s; |
996 | 1010 | ||
997 | for (i = 0; s[i] != '=' && s[i]; i++) | 1011 | for (i = 0; str[i] != '=' && str[i]; i++) |
998 | ; | 1012 | ; |
999 | if (s[i] == '=') { | 1013 | if (str[i] == '=') { |
1000 | s[i] = 0; | 1014 | str[i] = 0; |
1001 | child_set_env(&env, &envsize, s, s + i + 1); | 1015 | child_set_env(&env, &envsize, str, str + i + 1); |
1002 | } | 1016 | } |
1003 | custom_environment = ce->next; | 1017 | custom_environment = ce->next; |
1004 | xfree(ce->s); | 1018 | xfree(ce->s); |
@@ -1006,10 +1020,16 @@ do_setup_env(Session *s, const char *shell) | |||
1006 | } | 1020 | } |
1007 | } | 1021 | } |
1008 | 1022 | ||
1023 | /* SSH_CLIENT deprecated */ | ||
1009 | snprintf(buf, sizeof buf, "%.50s %d %d", | 1024 | snprintf(buf, sizeof buf, "%.50s %d %d", |
1010 | get_remote_ipaddr(), get_remote_port(), get_local_port()); | 1025 | get_remote_ipaddr(), get_remote_port(), get_local_port()); |
1011 | child_set_env(&env, &envsize, "SSH_CLIENT", buf); | 1026 | child_set_env(&env, &envsize, "SSH_CLIENT", buf); |
1012 | 1027 | ||
1028 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", | ||
1029 | get_remote_ipaddr(), get_remote_port(), | ||
1030 | get_local_ipaddr(packet_get_connection_in()), get_local_port()); | ||
1031 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); | ||
1032 | |||
1013 | if (s->ttyfd != -1) | 1033 | if (s->ttyfd != -1) |
1014 | child_set_env(&env, &envsize, "SSH_TTY", s->tty); | 1034 | child_set_env(&env, &envsize, "SSH_TTY", s->tty); |
1015 | if (s->term) | 1035 | if (s->term) |
@@ -1020,6 +1040,11 @@ do_setup_env(Session *s, const char *shell) | |||
1020 | child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", | 1040 | child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
1021 | original_command); | 1041 | original_command); |
1022 | 1042 | ||
1043 | #ifdef _UNICOS | ||
1044 | if (cray_tmpdir[0] != '\0') | ||
1045 | child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); | ||
1046 | #endif /* _UNICOS */ | ||
1047 | |||
1023 | #ifdef _AIX | 1048 | #ifdef _AIX |
1024 | { | 1049 | { |
1025 | char *cp; | 1050 | char *cp; |
@@ -1042,8 +1067,17 @@ do_setup_env(Session *s, const char *shell) | |||
1042 | s->authctxt->krb5_ticket_file); | 1067 | s->authctxt->krb5_ticket_file); |
1043 | #endif | 1068 | #endif |
1044 | #ifdef USE_PAM | 1069 | #ifdef USE_PAM |
1045 | /* Pull in any environment variables that may have been set by PAM. */ | 1070 | /* |
1046 | copy_environment(fetch_pam_environment(), &env, &envsize); | 1071 | * Pull in any environment variables that may have |
1072 | * been set by PAM. | ||
1073 | */ | ||
1074 | { | ||
1075 | char **p; | ||
1076 | |||
1077 | p = fetch_pam_environment(); | ||
1078 | copy_environment(p, &env, &envsize); | ||
1079 | free_pam_environment(p); | ||
1080 | } | ||
1047 | #endif /* USE_PAM */ | 1081 | #endif /* USE_PAM */ |
1048 | 1082 | ||
1049 | if (auth_sock_name != NULL) | 1083 | if (auth_sock_name != NULL) |
@@ -1051,9 +1085,9 @@ do_setup_env(Session *s, const char *shell) | |||
1051 | auth_sock_name); | 1085 | auth_sock_name); |
1052 | 1086 | ||
1053 | /* read $HOME/.ssh/environment. */ | 1087 | /* read $HOME/.ssh/environment. */ |
1054 | if (!options.use_login) { | 1088 | if (options.permit_user_env && !options.use_login) { |
1055 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", | 1089 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
1056 | pw->pw_dir); | 1090 | strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); |
1057 | read_environment_file(&env, &envsize, buf); | 1091 | read_environment_file(&env, &envsize, buf); |
1058 | } | 1092 | } |
1059 | if (debug_flag) { | 1093 | if (debug_flag) { |
@@ -1148,6 +1182,8 @@ do_nologin(struct passwd *pw) | |||
1148 | #endif | 1182 | #endif |
1149 | if (f) { | 1183 | if (f) { |
1150 | /* /etc/nologin exists. Print its contents and exit. */ | 1184 | /* /etc/nologin exists. Print its contents and exit. */ |
1185 | log("User %.100s not allowed because %s exists", | ||
1186 | pw->pw_name, _PATH_NOLOGIN); | ||
1151 | while (fgets(buf, sizeof(buf), f)) | 1187 | while (fgets(buf, sizeof(buf), f)) |
1152 | fputs(buf, stderr); | 1188 | fputs(buf, stderr); |
1153 | fclose(f); | 1189 | fclose(f); |
@@ -1159,8 +1195,6 @@ do_nologin(struct passwd *pw) | |||
1159 | void | 1195 | void |
1160 | do_setusercontext(struct passwd *pw) | 1196 | do_setusercontext(struct passwd *pw) |
1161 | { | 1197 | { |
1162 | char tty='\0'; | ||
1163 | |||
1164 | #ifdef HAVE_CYGWIN | 1198 | #ifdef HAVE_CYGWIN |
1165 | if (is_winnt) { | 1199 | if (is_winnt) { |
1166 | #else /* HAVE_CYGWIN */ | 1200 | #else /* HAVE_CYGWIN */ |
@@ -1170,9 +1204,9 @@ do_setusercontext(struct passwd *pw) | |||
1170 | setpcred(pw->pw_name); | 1204 | setpcred(pw->pw_name); |
1171 | #endif /* HAVE_SETPCRED */ | 1205 | #endif /* HAVE_SETPCRED */ |
1172 | #ifdef HAVE_LOGIN_CAP | 1206 | #ifdef HAVE_LOGIN_CAP |
1173 | #ifdef __bsdi__ | 1207 | # ifdef __bsdi__ |
1174 | setpgid(0, 0); | 1208 | setpgid(0, 0); |
1175 | #endif | 1209 | # endif |
1176 | if (setusercontext(lc, pw, pw->pw_uid, | 1210 | if (setusercontext(lc, pw, pw->pw_uid, |
1177 | (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { | 1211 | (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |
1178 | perror("unable to set user context"); | 1212 | perror("unable to set user context"); |
@@ -1209,8 +1243,7 @@ do_setusercontext(struct passwd *pw) | |||
1209 | irix_setusercontext(pw); | 1243 | irix_setusercontext(pw); |
1210 | # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ | 1244 | # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ |
1211 | # ifdef _AIX | 1245 | # ifdef _AIX |
1212 | /* XXX: Disable tty setting. Enabled if required later */ | 1246 | aix_usrinfo(pw); |
1213 | aix_usrinfo(pw, &tty, -1); | ||
1214 | # endif /* _AIX */ | 1247 | # endif /* _AIX */ |
1215 | /* Permanently switch to the desired uid. */ | 1248 | /* Permanently switch to the desired uid. */ |
1216 | permanently_set_uid(pw); | 1249 | permanently_set_uid(pw); |
@@ -1263,6 +1296,10 @@ do_child(Session *s, const char *command) | |||
1263 | if (options.use_login && command != NULL) | 1296 | if (options.use_login && command != NULL) |
1264 | options.use_login = 0; | 1297 | options.use_login = 0; |
1265 | 1298 | ||
1299 | #ifdef _UNICOS | ||
1300 | cray_setup(pw->pw_uid, pw->pw_name, command); | ||
1301 | #endif /* _UNICOS */ | ||
1302 | |||
1266 | /* | 1303 | /* |
1267 | * Login(1) does this as well, and it needs uid 0 for the "-h" | 1304 | * Login(1) does this as well, and it needs uid 0 for the "-h" |
1268 | * switch, so we let login(1) to this for us. | 1305 | * switch, so we let login(1) to this for us. |
@@ -1798,6 +1835,27 @@ session_pty_cleanup(void *session) | |||
1798 | PRIVSEP(session_pty_cleanup2(session)); | 1835 | PRIVSEP(session_pty_cleanup2(session)); |
1799 | } | 1836 | } |
1800 | 1837 | ||
1838 | static char * | ||
1839 | sig2name(int sig) | ||
1840 | { | ||
1841 | #define SSH_SIG(x) if (sig == SIG ## x) return #x | ||
1842 | SSH_SIG(ABRT); | ||
1843 | SSH_SIG(ALRM); | ||
1844 | SSH_SIG(FPE); | ||
1845 | SSH_SIG(HUP); | ||
1846 | SSH_SIG(ILL); | ||
1847 | SSH_SIG(INT); | ||
1848 | SSH_SIG(KILL); | ||
1849 | SSH_SIG(PIPE); | ||
1850 | SSH_SIG(QUIT); | ||
1851 | SSH_SIG(SEGV); | ||
1852 | SSH_SIG(TERM); | ||
1853 | SSH_SIG(USR1); | ||
1854 | SSH_SIG(USR2); | ||
1855 | #undef SSH_SIG | ||
1856 | return "SIG@openssh.com"; | ||
1857 | } | ||
1858 | |||
1801 | static void | 1859 | static void |
1802 | session_exit_message(Session *s, int status) | 1860 | session_exit_message(Session *s, int status) |
1803 | { | 1861 | { |
@@ -1815,7 +1873,7 @@ session_exit_message(Session *s, int status) | |||
1815 | packet_send(); | 1873 | packet_send(); |
1816 | } else if (WIFSIGNALED(status)) { | 1874 | } else if (WIFSIGNALED(status)) { |
1817 | channel_request_start(s->chanid, "exit-signal", 0); | 1875 | channel_request_start(s->chanid, "exit-signal", 0); |
1818 | packet_put_int(WTERMSIG(status)); | 1876 | packet_put_cstring(sig2name(WTERMSIG(status))); |
1819 | #ifdef WCOREDUMP | 1877 | #ifdef WCOREDUMP |
1820 | packet_put_char(WCOREDUMP(status)); | 1878 | packet_put_char(WCOREDUMP(status)); |
1821 | #else /* WCOREDUMP */ | 1879 | #else /* WCOREDUMP */ |