1 files changed, 157 insertions, 126 deletions
diff --git a/session.c b/session.c
index ec4a23ac5..4497f5c0b 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -58,10 +58,8 @@ RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
 #include "session.h"
 #include "monitor_wrap.h"
-#ifdef HAVE_CYGWIN
+#ifdef GSSAPI
-#include <windows.h>
+#include "ssh-gss.h"
-#include <sys/cygwin.h>
-#define is_winnt       (GetVersion() < 0x80000000)
 #endif
 /* func */
@@ -95,6 +93,7 @@ extern int debug_flag;
 extern u_int utmp_len;
 extern int startup_pipe;
 extern void destroy_sensitive_data(void);
+extern Buffer loginmsg;
 /* original command from peer. */
 const char *original_command = NULL;
@@ -103,10 +102,6 @@ const char *original_command = NULL;
 #define MAX_SESSIONS 10
 Session sessions[MAX_SESSIONS];
-#ifdef WITH_AIXAUTHENTICATE
-char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
 #ifdef HAVE_LOGIN_CAP
 login_cap_t *lc;
 #endif
@@ -192,7 +187,7 @@ auth_input_request_forwarding(struct passwd * pw)
        nc = channel_new("auth socket",
            SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
            CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-            0, xstrdup("auth socket"), 1);
+            0, "auth socket", 1);
        strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
        return 1;
 }
@@ -225,10 +220,6 @@ do_authenticated(Authctxt *authctxt)
        /* remove agent socket */
        if (auth_sock_name != NULL)
                auth_sock_cleanup_proc(authctxt->pw);
-#ifdef KRB4
-        if (options.kerberos_ticket_cleanup)
-                krb4_cleanup_proc(authctxt);
-#endif
 #ifdef KRB5
        if (options.kerberos_ticket_cleanup)
                krb5_cleanup_proc(authctxt);
@@ -341,58 +332,6 @@ do_authenticated1(Authctxt *authctxt)
                                success = 1;
                        break;
-#if defined(AFS) || defined(KRB5)
-                case SSH_CMSG_HAVE_KERBEROS_TGT:
-                        if (!options.kerberos_tgt_passing) {
-                                verbose("Kerberos TGT passing disabled.");
-                        } else {
-                                char *kdata = packet_get_string(&dlen);
-                                packet_check_eom();
-                                /* XXX - 0x41, see creds_to_radix version */
-                                if (kdata[0] != 0x41) {
-#ifdef KRB5
-                                        krb5_data tgt;
-                                        tgt.data = kdata;
-                                        tgt.length = dlen;
-                                        if (auth_krb5_tgt(s->authctxt, &tgt))
-                                                success = 1;
-                                        else
-                                                verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);
-#endif /* KRB5 */
-                                } else {
-#ifdef AFS
-                                        if (auth_krb4_tgt(s->authctxt, kdata))
-                                                success = 1;
-                                        else
-                                                verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);
-#endif /* AFS */
-                                }
-                                xfree(kdata);
-                        }
-                        break;
-#endif /* AFS || KRB5 */
-#ifdef AFS
-                case SSH_CMSG_HAVE_AFS_TOKEN:
-                        if (!options.afs_token_passing || !k_hasafs()) {
-                                verbose("AFS token passing disabled.");
-                        } else {
-                                /* Accept AFS token. */
-                                char *token = packet_get_string(&dlen);
-                                packet_check_eom();
-                                if (auth_afs_token(s->authctxt, token))
-                                        success = 1;
-                                else
-                                        verbose("AFS token refused for %.100s",
-                                            s->authctxt->user);
-                                xfree(token);
-                        }
-                        break;
-#endif /* AFS */
                case SSH_CMSG_EXEC_SHELL:
                case SSH_CMSG_EXEC_CMD:
                        if (type == SSH_CMSG_EXEC_CMD) {
@@ -412,7 +351,7 @@ do_authenticated1(Authctxt *authctxt)
                         * Any unknown messages in this phase are ignored,
                         * and a failure message is returned.
                         */
-                        log("Unknown packet type received after authentication: %d", type);
+                        logit("Unknown packet type received after authentication: %d", type);
                }
                packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
                packet_send();
@@ -456,11 +395,12 @@ do_exec_no_pty(Session *s, const char *command)
        session_proctitle(s);
 #if defined(USE_PAM)
-        do_pam_session(s->pw->pw_name, NULL);
+        if (options.use_pam) {
-        do_pam_setcred(1);
+                do_pam_setcred(1);
-        if (is_pam_password_change_required())
+                if (is_pam_password_change_required())
-                packet_disconnect("Password change required but no "
+                        packet_disconnect("Password change required but no "
-                    "TTY available");
+                            "TTY available");
+        }
 #endif /* USE_PAM */
        /* Fork the child. */
@@ -583,8 +523,10 @@ do_exec_pty(Session *s, const char *command)
        ttyfd = s->ttyfd;
 #if defined(USE_PAM)
-        do_pam_session(s->pw->pw_name, s->tty);
+        if (options.use_pam) {
-        do_pam_setcred(1);
+                do_pam_set_tty(s->tty);
+                do_pam_setcred(1);
+        }
 #endif
        /* Fork the child. */
@@ -690,7 +632,7 @@ do_pre_login(Session *s)
        }
        record_utmp_only(pid, s->tty, s->pw->pw_name,
-            get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
+            get_remote_name_or_ip(utmp_len, options.use_dns),
            (struct sockaddr *)&from, fromlen);
 }
 #endif
@@ -708,6 +650,14 @@ do_exec(Session *s, const char *command)
                debug("Forced command '%.900s'", command);
        }
+#ifdef GSSAPI
+        if (options.gss_authentication) {
+                temporarily_use_uid(s->pw);
+                ssh_gssapi_storecreds();
+                restore_uid();
+        }
+#endif
        if (s->ttyfd != -1)
                do_exec_pty(s, command);
        else
@@ -745,7 +695,7 @@ do_login(Session *s, const char *command)
        if (!use_privsep)
                record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
                    get_remote_name_or_ip(utmp_len,
-                    options.verify_reverse_mapping),
+                    options.use_dns),
                    (struct sockaddr *)&from, fromlen);
 #ifdef USE_PAM
@@ -753,9 +703,10 @@ do_login(Session *s, const char *command)
         * If password change is needed, do it now.
         * This needs to occur before the ~/.hushlogin check.
         */
-        if (is_pam_password_change_required()) {
+        if (options.use_pam && is_pam_password_change_required()) {
                print_pam_messages();
                do_pam_chauthtok();
+                /* XXX - signal [net] parent to enable forwardings */
        }
 #endif
@@ -763,13 +714,16 @@ do_login(Session *s, const char *command)
                return;
 #ifdef USE_PAM
-        if (!is_pam_password_change_required())
+        if (options.use_pam && !is_pam_password_change_required())
                print_pam_messages();
 #endif /* USE_PAM */
-#ifdef WITH_AIXAUTHENTICATE
-        if (aixloginmsg && *aixloginmsg)
+        /* display post-login message */
-                printf("%s\n", aixloginmsg);
+        if (buffer_len(&loginmsg) > 0) {
-#endif /* WITH_AIXAUTHENTICATE */
+                buffer_append(&loginmsg, "\0", 1);
+                printf("%s\n", (char *)buffer_ptr(&loginmsg));
+        }
+        buffer_free(&loginmsg);
 #ifndef NO_SSH_LASTLOG
        if (options.print_lastlog && s->last_login_time != 0) {
@@ -840,13 +794,22 @@ check_quietlogin(Session *s, const char *command)
 * Sets the value of the given variable in the environment.  If the variable
 * already exists, its value is overriden.
 */
-static void
+void
 child_set_env(char ***envp, u_int *envsizep, const char *name,
        const char *value)
 {
-        char **env;
-        u_int envsize;
        u_int i, namelen;
+        char **env;
+        /*
+         * If we're passed an uninitialized list, allocate a single null
+         * entry before continuing.
+         */
+        if (*envp == NULL && *envsizep == 0) {
+                *envp = xmalloc(sizeof(char *));
+                *envp[0] = NULL;
+                *envsizep = 1;
+        }
        /*
         * Find the slot where the value should be stored.  If the variable
@@ -863,13 +826,12 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
                xfree(env[i]);
        } else {
                /* New variable.  Expand if necessary. */
-                envsize = *envsizep;
+                if (i >= (*envsizep) - 1) {
-                if (i >= envsize - 1) {
+                        if (*envsizep >= 1000)
-                        if (envsize >= 1000)
+                                fatal("child_set_env: too many env vars,"
-                                fatal("child_set_env: too many env vars");
+                                    " skipping: %.100s", name);
-                        envsize += 50;
+                        (*envsizep) += 50;
-                        env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+                        env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
-                        *envsizep = envsize;
                }
                /* Need to set the NULL pointer at end of array beyond the new slot. */
                env[i + 1] = NULL;
@@ -925,6 +887,59 @@ read_environment_file(char ***env, u_int *envsize,
        fclose(f);
 }
+#ifdef HAVE_ETC_DEFAULT_LOGIN
+/*
+ * Return named variable from specified environment, or NULL if not present.
+ */
+static char *
+child_get_env(char **env, const char *name)
+{
+        int i;
+        size_t len;
+        len = strlen(name);
+        for (i=0; env[i] != NULL; i++)
+                if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
+                        return(env[i] + len + 1);
+        return NULL;
+}
+/*
+ * Read /etc/default/login.
+ * We pick up the PATH (or SUPATH for root) and UMASK.
+ */
+static void
+read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
+{
+        char **tmpenv = NULL, *var;
+        u_int i;
+        size_t tmpenvsize = 0;
+        mode_t mask;
+        /*
+         * We don't want to copy the whole file to the child's environment,
+         * so we use a temporary environment and copy the variables we're
+         * interested in.
+         */
+        read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
+        if (uid == 0)
+                var = child_get_env(tmpenv, "SUPATH");
+        else
+                var = child_get_env(tmpenv, "PATH");
+        if (var != NULL)
+                child_set_env(env, envsize, "PATH", var);
+        
+        if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
+                if (sscanf(var, "%5lo", &mask) == 1)
+                        umask(mask);
+        
+        for (i = 0; tmpenv[i] != NULL; i++)
+                xfree(tmpenv[i]);
+        xfree(tmpenv);
+}
+#endif /* HAVE_ETC_DEFAULT_LOGIN */
 void copy_environment(char **source, char ***env, u_int *envsize)
 {
        char *var_name, *var_val;
@@ -953,7 +968,7 @@ do_setup_env(Session *s, const char *shell)
 {
        char buf[256];
        u_int i, envsize;
-        char **env, *laddr;
+        char **env, *laddr, *path = NULL;
        struct passwd *pw = s->pw;
        /* Initialize the environment. */
@@ -969,6 +984,13 @@ do_setup_env(Session *s, const char *shell)
        copy_environment(environ, &env, &envsize);
 #endif
+#ifdef GSSAPI
+        /* Allow any GSSAPI methods that we've used to alter 
+         * the childs environment as they see fit
+         */
+        ssh_gssapi_do_child(&env, &envsize);
+#endif
        if (!options.use_login) {
                /* Set basic environment. */
                child_set_env(&env, &envsize, "USER", pw->pw_name);
@@ -990,12 +1012,15 @@ do_setup_env(Session *s, const char *shell)
                 * needed for loading shared libraries. So the path better
                 * remains intact here.
                 */
-#  ifdef SUPERUSER_PATH
+#  ifdef HAVE_ETC_DEFAULT_LOGIN
-                child_set_env(&env, &envsize, "PATH", 
+                read_etc_default_login(&env, &envsize, pw->pw_uid);
-                    s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
+                path = child_get_env(env, "PATH");
-#  else 
+#  endif /* HAVE_ETC_DEFAULT_LOGIN */
-                child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+                if (path == NULL || *path == '\0') {
-#  endif /* SUPERUSER_PATH */
+                        child_set_env(&env, &envsize, "PATH", 
+                            s->pw->pw_uid == 0 ?
+                                SUPERUSER_PATH : _PATH_STDPATH);
+                }
 # endif /* HAVE_CYGWIN */
 #endif /* HAVE_LOGIN_CAP */
@@ -1064,11 +1089,6 @@ do_setup_env(Session *s, const char *shell)
                read_environment_file(&env, &envsize, "/etc/environment");
        }
 #endif
-#ifdef KRB4
-        if (s->authctxt->krb4_ticket_file)
-                child_set_env(&env, &envsize, "KRBTKFILE",
-                    s->authctxt->krb4_ticket_file);
-#endif
 #ifdef KRB5
        if (s->authctxt->krb5_ticket_file)
                child_set_env(&env, &envsize, "KRB5CCNAME",
@@ -1079,10 +1099,9 @@ do_setup_env(Session *s, const char *shell)
         * Pull in any environment variables that may have
         * been set by PAM.
         */
-        {
+        if (options.use_pam) {
-                char **p;
+                char **p = fetch_pam_environment();
-                p = fetch_pam_environment();
                copy_environment(p, &env, &envsize);
                free_pam_environment(p);
        }
@@ -1194,7 +1213,7 @@ do_nologin(struct passwd *pw)
 #endif
        if (f) {
                /* /etc/nologin exists.  Print its contents and exit. */
-                log("User %.100s not allowed because %s exists",
+                logit("User %.100s not allowed because %s exists",
                    pw->pw_name, _PATH_NOLOGIN);
                while (fgets(buf, sizeof(buf), f))
                        fputs(buf, stderr);
@@ -1214,7 +1233,8 @@ do_setusercontext(struct passwd *pw)
        {
 #ifdef HAVE_SETPCRED
-                setpcred(pw->pw_name);
+                if (setpcred(pw->pw_name, (char **)NULL) == -1)
+                        fatal("Failed to set process credentials");
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 # ifdef __bsdi__
@@ -1250,7 +1270,10 @@ do_setusercontext(struct passwd *pw)
                 * These will have been wiped by the above initgroups() call.
                 * Reestablish them here.
                 */
-                do_pam_setcred(0);
+                if (options.use_pam) {
+                        do_pam_session();
+                        do_pam_setcred(0);
+                }
 # endif /* USE_PAM */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
                irix_setusercontext(pw);
@@ -1351,7 +1374,7 @@ do_child(Session *s, const char *command)
        /* we have to stash the hostname before we close our socket. */
        if (options.use_login)
                hostname = get_remote_name_or_ip(utmp_len,
-                    options.verify_reverse_mapping);
+                    options.use_dns);
        /*
         * Close the connection descriptors; note that this is the child, and
         * the server will still have the socket open, and it is important
@@ -1393,18 +1416,6 @@ do_child(Session *s, const char *command)
         */
        environ = env;
-#ifdef AFS
-        /* Try to get AFS tokens for the local cell. */
-        if (k_hasafs()) {
-                char cell[64];
-                if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
-                        krb_afslog(cell, 0);
-                krb_afslog(0, 0);
-        }
-#endif /* AFS */
        /* Change current directory to the user\'s home directory. */
        if (chdir(pw->pw_dir) < 0) {
                fprintf(stderr, "Could not chdir to home directory %s: %s\n",
@@ -1674,7 +1685,7 @@ session_subsystem_req(Session *s)
        int i;
        packet_check_eom();
-        log("subsystem request for %.100s", subsys);
+        logit("subsystem request for %.100s", subsys);
        for (i = 0; i < options.num_subsystems; i++) {
                if (strcmp(subsys, options.subsystem_name[i]) == 0) {
@@ -1693,7 +1704,7 @@ session_subsystem_req(Session *s)
        }
        if (!success)
-                log("subsystem request for %.100s failed, subsystem not found",
+                logit("subsystem request for %.100s failed, subsystem not found",
                    subsys);
        xfree(subsys);
@@ -1741,6 +1752,20 @@ session_exec_req(Session *s)
 }
 static int
+session_break_req(Session *s)
+{
+        u_int break_length;
+        break_length = packet_get_int();        /* ignored */
+        packet_check_eom();
+        if (s->ttyfd == -1 ||
+            tcsendbreak(s->ttyfd, 0) < 0)
+                return 0;
+        return 1;
+}
+static int
 session_auth_agent_req(Session *s)
 {
        static int called = 0;
@@ -1764,7 +1789,7 @@ session_input_channel_req(Channel *c, const char *rtype)
        Session *s;
        if ((s = session_by_channel(c->self)) == NULL) {
-                log("session_input_channel_req: no session %d req %.100s",
+                logit("session_input_channel_req: no session %d req %.100s",
                    c->self, rtype);
                return 0;
        }
@@ -1787,6 +1812,8 @@ session_input_channel_req(Channel *c, const char *rtype)
                        success = session_auth_agent_req(s);
                } else if (strcmp(rtype, "subsystem") == 0) {
                        success = session_subsystem_req(s);
+                } else if (strcmp(rtype, "break") == 0) {
+                        success = session_break_req(s);
                }
        }
        if (strcmp(rtype, "window-change") == 0) {
@@ -2123,4 +2150,8 @@ static void
 do_authenticated2(Authctxt *authctxt)
 {
        server_loop2(authctxt);
+#if defined(GSSAPI)
+        if (options.gss_cleanup_creds)
+                ssh_gssapi_cleanup_creds(NULL);
+#endif
 }

diff --git a/session.c b/session.c index ec4a23ac5..4497f5c0b 100644 --- a/session.c +++ b/session.c
@@ -33,7 +33,7 @@
33	*/	33	*/
34		34
35	#include "includes.h"	35	#include "includes.h"
36	RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");	36	RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $");
37		37
38	#include "ssh.h"	38	#include "ssh.h"
39	#include "ssh1.h"	39	#include "ssh1.h"
@@ -58,10 +58,8 @@ RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
58	#include "session.h"	58	#include "session.h"
59	#include "monitor_wrap.h"	59	#include "monitor_wrap.h"
60		60
61	#ifdef HAVE_CYGWIN	61	#ifdef GSSAPI
62	#include <windows.h>	62	#include "ssh-gss.h"
63	#include <sys/cygwin.h>
64	#define is_winnt (GetVersion() < 0x80000000)
65	#endif	63	#endif
66		64
67	/* func */	65	/* func */
@@ -95,6 +93,7 @@ extern int debug_flag;
95	extern u_int utmp_len;	93	extern u_int utmp_len;
96	extern int startup_pipe;	94	extern int startup_pipe;
97	extern void destroy_sensitive_data(void);	95	extern void destroy_sensitive_data(void);
		96	extern Buffer loginmsg;
98		97
99	/* original command from peer. */	98	/* original command from peer. */
100	const char *original_command = NULL;	99	const char *original_command = NULL;
@@ -103,10 +102,6 @@ const char *original_command = NULL;
103	#define MAX_SESSIONS 10	102	#define MAX_SESSIONS 10
104	Session sessions[MAX_SESSIONS];	103	Session sessions[MAX_SESSIONS];
105		104
106	#ifdef WITH_AIXAUTHENTICATE
107	char *aixloginmsg;
108	#endif /* WITH_AIXAUTHENTICATE */
109
110	#ifdef HAVE_LOGIN_CAP	105	#ifdef HAVE_LOGIN_CAP
111	login_cap_t *lc;	106	login_cap_t *lc;
112	#endif	107	#endif
@@ -192,7 +187,7 @@ auth_input_request_forwarding(struct passwd * pw)
192	nc = channel_new("auth socket",	187	nc = channel_new("auth socket",
193	SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,	188	SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
194	CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,	189	CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
195	0, xstrdup("auth socket"), 1);	190	0, "auth socket", 1);
196	strlcpy(nc->path, auth_sock_name, sizeof(nc->path));	191	strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
197	return 1;	192	return 1;
198	}	193	}
@@ -225,10 +220,6 @@ do_authenticated(Authctxt *authctxt)
225	/* remove agent socket */	220	/* remove agent socket */
226	if (auth_sock_name != NULL)	221	if (auth_sock_name != NULL)
227	auth_sock_cleanup_proc(authctxt->pw);	222	auth_sock_cleanup_proc(authctxt->pw);
228	#ifdef KRB4
229	if (options.kerberos_ticket_cleanup)
230	krb4_cleanup_proc(authctxt);
231	#endif
232	#ifdef KRB5	223	#ifdef KRB5
233	if (options.kerberos_ticket_cleanup)	224	if (options.kerberos_ticket_cleanup)
234	krb5_cleanup_proc(authctxt);	225	krb5_cleanup_proc(authctxt);
@@ -341,58 +332,6 @@ do_authenticated1(Authctxt *authctxt)
341	success = 1;	332	success = 1;
342	break;	333	break;
343		334
344	#if defined(AFS) \|\| defined(KRB5)
345	case SSH_CMSG_HAVE_KERBEROS_TGT:
346	if (!options.kerberos_tgt_passing) {
347	verbose("Kerberos TGT passing disabled.");
348	} else {
349	char *kdata = packet_get_string(&dlen);
350	packet_check_eom();
351
352	/* XXX - 0x41, see creds_to_radix version */
353	if (kdata[0] != 0x41) {
354	#ifdef KRB5
355	krb5_data tgt;
356	tgt.data = kdata;
357	tgt.length = dlen;
358
359	if (auth_krb5_tgt(s->authctxt, &tgt))
360	success = 1;
361	else
362	verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);
363	#endif /* KRB5 */
364	} else {
365	#ifdef AFS
366	if (auth_krb4_tgt(s->authctxt, kdata))
367	success = 1;
368	else
369	verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);
370	#endif /* AFS */
371	}
372	xfree(kdata);
373	}
374	break;
375	#endif /* AFS \|\| KRB5 */
376
377	#ifdef AFS
378	case SSH_CMSG_HAVE_AFS_TOKEN:
379	if (!options.afs_token_passing \|\| !k_hasafs()) {
380	verbose("AFS token passing disabled.");
381	} else {
382	/* Accept AFS token. */
383	char *token = packet_get_string(&dlen);
384	packet_check_eom();
385
386	if (auth_afs_token(s->authctxt, token))
387	success = 1;
388	else
389	verbose("AFS token refused for %.100s",
390	s->authctxt->user);
391	xfree(token);
392	}
393	break;
394	#endif /* AFS */
395
396	case SSH_CMSG_EXEC_SHELL:	335	case SSH_CMSG_EXEC_SHELL:
397	case SSH_CMSG_EXEC_CMD:	336	case SSH_CMSG_EXEC_CMD:
398	if (type == SSH_CMSG_EXEC_CMD) {	337	if (type == SSH_CMSG_EXEC_CMD) {
@@ -412,7 +351,7 @@ do_authenticated1(Authctxt *authctxt)
412	* Any unknown messages in this phase are ignored,	351	* Any unknown messages in this phase are ignored,
413	* and a failure message is returned.	352	* and a failure message is returned.
414	*/	353	*/
415	log("Unknown packet type received after authentication: %d", type);	354	logit("Unknown packet type received after authentication: %d", type);
416	}	355	}
417	packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);	356	packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
418	packet_send();	357	packet_send();
@@ -456,11 +395,12 @@ do_exec_no_pty(Session s, const char command)
456	session_proctitle(s);	395	session_proctitle(s);
457		396
458	#if defined(USE_PAM)	397	#if defined(USE_PAM)
459	do_pam_session(s->pw->pw_name, NULL);	398	if (options.use_pam) {
460	do_pam_setcred(1);	399	do_pam_setcred(1);
461	if (is_pam_password_change_required())	400	if (is_pam_password_change_required())
462	packet_disconnect("Password change required but no "	401	packet_disconnect("Password change required but no "
463	"TTY available");	402	"TTY available");
		403	}
464	#endif /* USE_PAM */	404	#endif /* USE_PAM */
465		405
466	/* Fork the child. */	406	/* Fork the child. */
@@ -583,8 +523,10 @@ do_exec_pty(Session s, const char command)
583	ttyfd = s->ttyfd;	523	ttyfd = s->ttyfd;
584		524
585	#if defined(USE_PAM)	525	#if defined(USE_PAM)
586	do_pam_session(s->pw->pw_name, s->tty);	526	if (options.use_pam) {
587	do_pam_setcred(1);	527	do_pam_set_tty(s->tty);
		528	do_pam_setcred(1);
		529	}
588	#endif	530	#endif
589		531
590	/* Fork the child. */	532	/* Fork the child. */
@@ -690,7 +632,7 @@ do_pre_login(Session *s)
690	}	632	}
691		633
692	record_utmp_only(pid, s->tty, s->pw->pw_name,	634	record_utmp_only(pid, s->tty, s->pw->pw_name,
693	get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),	635	get_remote_name_or_ip(utmp_len, options.use_dns),
694	(struct sockaddr *)&from, fromlen);	636	(struct sockaddr *)&from, fromlen);
695	}	637	}
696	#endif	638	#endif
@@ -708,6 +650,14 @@ do_exec(Session s, const char command)
708	debug("Forced command '%.900s'", command);	650	debug("Forced command '%.900s'", command);
709	}	651	}
710		652
		653	#ifdef GSSAPI
		654	if (options.gss_authentication) {
		655	temporarily_use_uid(s->pw);
		656	ssh_gssapi_storecreds();
		657	restore_uid();
		658	}
		659	#endif
		660
711	if (s->ttyfd != -1)	661	if (s->ttyfd != -1)
712	do_exec_pty(s, command);	662	do_exec_pty(s, command);
713	else	663	else
@@ -745,7 +695,7 @@ do_login(Session s, const char command)
745	if (!use_privsep)	695	if (!use_privsep)
746	record_login(pid, s->tty, pw->pw_name, pw->pw_uid,	696	record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
747	get_remote_name_or_ip(utmp_len,	697	get_remote_name_or_ip(utmp_len,
748	options.verify_reverse_mapping),	698	options.use_dns),
749	(struct sockaddr *)&from, fromlen);	699	(struct sockaddr *)&from, fromlen);
750		700
751	#ifdef USE_PAM	701	#ifdef USE_PAM
@@ -753,9 +703,10 @@ do_login(Session s, const char command)
753	* If password change is needed, do it now.	703	* If password change is needed, do it now.
754	* This needs to occur before the ~/.hushlogin check.	704	* This needs to occur before the ~/.hushlogin check.
755	*/	705	*/
756	if (is_pam_password_change_required()) {	706	if (options.use_pam && is_pam_password_change_required()) {
757	print_pam_messages();	707	print_pam_messages();
758	do_pam_chauthtok();	708	do_pam_chauthtok();
		709	/* XXX - signal [net] parent to enable forwardings */
759	}	710	}
760	#endif	711	#endif
761		712
@@ -763,13 +714,16 @@ do_login(Session s, const char command)
763	return;	714	return;
764		715
765	#ifdef USE_PAM	716	#ifdef USE_PAM
766	if (!is_pam_password_change_required())	717	if (options.use_pam && !is_pam_password_change_required())
767	print_pam_messages();	718	print_pam_messages();
768	#endif /* USE_PAM */	719	#endif /* USE_PAM */
769	#ifdef WITH_AIXAUTHENTICATE	720
770	if (aixloginmsg && *aixloginmsg)	721	/* display post-login message */
771	printf("%s\n", aixloginmsg);	722	if (buffer_len(&loginmsg) > 0) {
772	#endif /* WITH_AIXAUTHENTICATE */	723	buffer_append(&loginmsg, "\0", 1);
		724	printf("%s\n", (char *)buffer_ptr(&loginmsg));
		725	}
		726	buffer_free(&loginmsg);
773		727
774	#ifndef NO_SSH_LASTLOG	728	#ifndef NO_SSH_LASTLOG
775	if (options.print_lastlog && s->last_login_time != 0) {	729	if (options.print_lastlog && s->last_login_time != 0) {
@@ -840,13 +794,22 @@ check_quietlogin(Session s, const char command)
840	* Sets the value of the given variable in the environment. If the variable	794	* Sets the value of the given variable in the environment. If the variable
841	* already exists, its value is overriden.	795	* already exists, its value is overriden.
842	*/	796	*/
843	static void	797	void
844	child_set_env(char **envp, u_int envsizep, const char *name,	798	child_set_env(char **envp, u_int envsizep, const char *name,
845	const char *value)	799	const char *value)
846	{	800	{
847	char **env;
848	u_int envsize;
849	u_int i, namelen;	801	u_int i, namelen;
		802	char **env;
		803
		804	/*
		805	* If we're passed an uninitialized list, allocate a single null
		806	* entry before continuing.
		807	*/
		808	if (envp == NULL && envsizep == 0) {
		809	envp = xmalloc(sizeof(char ));
		810	*envp[0] = NULL;
		811	*envsizep = 1;
		812	}
850		813
851	/*	814	/*
852	* Find the slot where the value should be stored. If the variable	815	* Find the slot where the value should be stored. If the variable
@@ -863,13 +826,12 @@ child_set_env(char **envp, u_int envsizep, const char *name,
863	xfree(env[i]);	826	xfree(env[i]);
864	} else {	827	} else {
865	/* New variable. Expand if necessary. */	828	/* New variable. Expand if necessary. */
866	envsize = *envsizep;	829	if (i >= (*envsizep) - 1) {
867	if (i >= envsize - 1) {	830	if (*envsizep >= 1000)
868	if (envsize >= 1000)	831	fatal("child_set_env: too many env vars,"
869	fatal("child_set_env: too many env vars");	832	" skipping: %.100s", name);
870	envsize += 50;	833	(*envsizep) += 50;
871	env = (envp) = xrealloc(env, envsize sizeof(char *));	834	env = (envp) = xrealloc(env, (envsizep) * sizeof(char *));
872	*envsizep = envsize;
873	}	835	}
874	/* Need to set the NULL pointer at end of array beyond the new slot. */	836	/* Need to set the NULL pointer at end of array beyond the new slot. */
875	env[i + 1] = NULL;	837	env[i + 1] = NULL;
@@ -925,6 +887,59 @@ read_environment_file(char **env, u_int envsize,
925	fclose(f);	887	fclose(f);
926	}	888	}
927		889
		890	#ifdef HAVE_ETC_DEFAULT_LOGIN
		891	/*
		892	* Return named variable from specified environment, or NULL if not present.
		893	*/
		894	static char *
		895	child_get_env(char *env, const char name)
		896	{
		897	int i;
		898	size_t len;
		899
		900	len = strlen(name);
		901	for (i=0; env[i] != NULL; i++)
		902	if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
		903	return(env[i] + len + 1);
		904	return NULL;
		905	}
		906
		907	/*
		908	* Read /etc/default/login.
		909	* We pick up the PATH (or SUPATH for root) and UMASK.
		910	*/
		911	static void
		912	read_etc_default_login(char **env, u_int envsize, uid_t uid)
		913	{
		914	char *tmpenv = NULL, var;
		915	u_int i;
		916	size_t tmpenvsize = 0;
		917	mode_t mask;
		918
		919	/*
		920	* We don't want to copy the whole file to the child's environment,
		921	* so we use a temporary environment and copy the variables we're
		922	* interested in.
		923	*/
		924	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
		925
		926	if (uid == 0)
		927	var = child_get_env(tmpenv, "SUPATH");
		928	else
		929	var = child_get_env(tmpenv, "PATH");
		930	if (var != NULL)
		931	child_set_env(env, envsize, "PATH", var);
		932
		933	if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
		934	if (sscanf(var, "%5lo", &mask) == 1)
		935	umask(mask);
		936
		937	for (i = 0; tmpenv[i] != NULL; i++)
		938	xfree(tmpenv[i]);
		939	xfree(tmpenv);
		940	}
		941	#endif /* HAVE_ETC_DEFAULT_LOGIN */
		942
928	void copy_environment(char source, char env, u_int envsize)	943	void copy_environment(char source, char env, u_int envsize)
929	{	944	{
930	char var_name, var_val;	945	char var_name, var_val;
@@ -953,7 +968,7 @@ do_setup_env(Session s, const char shell)
953	{	968	{
954	char buf[256];	969	char buf[256];
955	u_int i, envsize;	970	u_int i, envsize;
956	char *env, laddr;	971	char *env, laddr, *path = NULL;
957	struct passwd *pw = s->pw;	972	struct passwd *pw = s->pw;
958		973
959	/* Initialize the environment. */	974	/* Initialize the environment. */
@@ -969,6 +984,13 @@ do_setup_env(Session s, const char shell)
969	copy_environment(environ, &env, &envsize);	984	copy_environment(environ, &env, &envsize);
970	#endif	985	#endif
971		986
		987	#ifdef GSSAPI
		988	/* Allow any GSSAPI methods that we've used to alter
		989	* the childs environment as they see fit
		990	*/
		991	ssh_gssapi_do_child(&env, &envsize);
		992	#endif
		993
972	if (!options.use_login) {	994	if (!options.use_login) {
973	/* Set basic environment. */	995	/* Set basic environment. */
974	child_set_env(&env, &envsize, "USER", pw->pw_name);	996	child_set_env(&env, &envsize, "USER", pw->pw_name);
@@ -990,12 +1012,15 @@ do_setup_env(Session s, const char shell)
990	* needed for loading shared libraries. So the path better	1012	* needed for loading shared libraries. So the path better
991	* remains intact here.	1013	* remains intact here.
992	*/	1014	*/
993	# ifdef SUPERUSER_PATH	1015	# ifdef HAVE_ETC_DEFAULT_LOGIN
994	child_set_env(&env, &envsize, "PATH",	1016	read_etc_default_login(&env, &envsize, pw->pw_uid);
995	s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);	1017	path = child_get_env(env, "PATH");
996	# else	1018	# endif /* HAVE_ETC_DEFAULT_LOGIN */
997	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);	1019	if (path == NULL \|\| *path == '\0') {
998	# endif /* SUPERUSER_PATH */	1020	child_set_env(&env, &envsize, "PATH",
		1021	s->pw->pw_uid == 0 ?
		1022	SUPERUSER_PATH : _PATH_STDPATH);
		1023	}
999	# endif /* HAVE_CYGWIN */	1024	# endif /* HAVE_CYGWIN */
1000	#endif /* HAVE_LOGIN_CAP */	1025	#endif /* HAVE_LOGIN_CAP */
1001		1026
@@ -1064,11 +1089,6 @@ do_setup_env(Session s, const char shell)
1064	read_environment_file(&env, &envsize, "/etc/environment");	1089	read_environment_file(&env, &envsize, "/etc/environment");
1065	}	1090	}
1066	#endif	1091	#endif
1067	#ifdef KRB4
1068	if (s->authctxt->krb4_ticket_file)
1069	child_set_env(&env, &envsize, "KRBTKFILE",
1070	s->authctxt->krb4_ticket_file);
1071	#endif
1072	#ifdef KRB5	1092	#ifdef KRB5
1073	if (s->authctxt->krb5_ticket_file)	1093	if (s->authctxt->krb5_ticket_file)
1074	child_set_env(&env, &envsize, "KRB5CCNAME",	1094	child_set_env(&env, &envsize, "KRB5CCNAME",
@@ -1079,10 +1099,9 @@ do_setup_env(Session s, const char shell)
1079	* Pull in any environment variables that may have	1099	* Pull in any environment variables that may have
1080	* been set by PAM.	1100	* been set by PAM.
1081	*/	1101	*/
1082	{	1102	if (options.use_pam) {
1083	char **p;	1103	char **p = fetch_pam_environment();
1084		1104
1085	p = fetch_pam_environment();
1086	copy_environment(p, &env, &envsize);	1105	copy_environment(p, &env, &envsize);
1087	free_pam_environment(p);	1106	free_pam_environment(p);
1088	}	1107	}
@@ -1194,7 +1213,7 @@ do_nologin(struct passwd *pw)
1194	#endif	1213	#endif
1195	if (f) {	1214	if (f) {
1196	/* /etc/nologin exists. Print its contents and exit. */	1215	/* /etc/nologin exists. Print its contents and exit. */
1197	log("User %.100s not allowed because %s exists",	1216	logit("User %.100s not allowed because %s exists",
1198	pw->pw_name, _PATH_NOLOGIN);	1217	pw->pw_name, _PATH_NOLOGIN);
1199	while (fgets(buf, sizeof(buf), f))	1218	while (fgets(buf, sizeof(buf), f))
1200	fputs(buf, stderr);	1219	fputs(buf, stderr);
@@ -1214,7 +1233,8 @@ do_setusercontext(struct passwd *pw)
1214	{	1233	{
1215		1234
1216	#ifdef HAVE_SETPCRED	1235	#ifdef HAVE_SETPCRED
1217	setpcred(pw->pw_name);	1236	if (setpcred(pw->pw_name, (char **)NULL) == -1)
		1237	fatal("Failed to set process credentials");
1218	#endif /* HAVE_SETPCRED */	1238	#endif /* HAVE_SETPCRED */
1219	#ifdef HAVE_LOGIN_CAP	1239	#ifdef HAVE_LOGIN_CAP
1220	# ifdef __bsdi__	1240	# ifdef __bsdi__
@@ -1250,7 +1270,10 @@ do_setusercontext(struct passwd *pw)
1250	* These will have been wiped by the above initgroups() call.	1270	* These will have been wiped by the above initgroups() call.
1251	* Reestablish them here.	1271	* Reestablish them here.
1252	*/	1272	*/
1253	do_pam_setcred(0);	1273	if (options.use_pam) {
		1274	do_pam_session();
		1275	do_pam_setcred(0);
		1276	}
1254	# endif /* USE_PAM */	1277	# endif /* USE_PAM */
1255	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)	1278	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)
1256	irix_setusercontext(pw);	1279	irix_setusercontext(pw);
@@ -1351,7 +1374,7 @@ do_child(Session s, const char command)
1351	/* we have to stash the hostname before we close our socket. */	1374	/* we have to stash the hostname before we close our socket. */
1352	if (options.use_login)	1375	if (options.use_login)
1353	hostname = get_remote_name_or_ip(utmp_len,	1376	hostname = get_remote_name_or_ip(utmp_len,
1354	options.verify_reverse_mapping);	1377	options.use_dns);
1355	/*	1378	/*
1356	* Close the connection descriptors; note that this is the child, and	1379	* Close the connection descriptors; note that this is the child, and
1357	* the server will still have the socket open, and it is important	1380	* the server will still have the socket open, and it is important
@@ -1393,18 +1416,6 @@ do_child(Session s, const char command)
1393	*/	1416	*/
1394	environ = env;	1417	environ = env;
1395		1418
1396	#ifdef AFS
1397	/* Try to get AFS tokens for the local cell. */
1398	if (k_hasafs()) {
1399	char cell[64];
1400
1401	if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
1402	krb_afslog(cell, 0);
1403
1404	krb_afslog(0, 0);
1405	}
1406	#endif /* AFS */
1407
1408	/* Change current directory to the user\'s home directory. */	1419	/* Change current directory to the user\'s home directory. */
1409	if (chdir(pw->pw_dir) < 0) {	1420	if (chdir(pw->pw_dir) < 0) {
1410	fprintf(stderr, "Could not chdir to home directory %s: %s\n",	1421	fprintf(stderr, "Could not chdir to home directory %s: %s\n",
@@ -1674,7 +1685,7 @@ session_subsystem_req(Session *s)
1674	int i;	1685	int i;
1675		1686
1676	packet_check_eom();	1687	packet_check_eom();
1677	log("subsystem request for %.100s", subsys);	1688	logit("subsystem request for %.100s", subsys);
1678		1689
1679	for (i = 0; i < options.num_subsystems; i++) {	1690	for (i = 0; i < options.num_subsystems; i++) {
1680	if (strcmp(subsys, options.subsystem_name[i]) == 0) {	1691	if (strcmp(subsys, options.subsystem_name[i]) == 0) {
@@ -1693,7 +1704,7 @@ session_subsystem_req(Session *s)
1693	}	1704	}
1694		1705
1695	if (!success)	1706	if (!success)
1696	log("subsystem request for %.100s failed, subsystem not found",	1707	logit("subsystem request for %.100s failed, subsystem not found",
1697	subsys);	1708	subsys);
1698		1709
1699	xfree(subsys);	1710	xfree(subsys);
@@ -1741,6 +1752,20 @@ session_exec_req(Session *s)
1741	}	1752	}
1742		1753
1743	static int	1754	static int
		1755	session_break_req(Session *s)
		1756	{
		1757	u_int break_length;
		1758
		1759	break_length = packet_get_int(); /* ignored */
		1760	packet_check_eom();
		1761
		1762	if (s->ttyfd == -1 \|\|
		1763	tcsendbreak(s->ttyfd, 0) < 0)
		1764	return 0;
		1765	return 1;
		1766	}
		1767
		1768	static int
1744	session_auth_agent_req(Session *s)	1769	session_auth_agent_req(Session *s)
1745	{	1770	{
1746	static int called = 0;	1771	static int called = 0;
@@ -1764,7 +1789,7 @@ session_input_channel_req(Channel c, const char rtype)
1764	Session *s;	1789	Session *s;
1765		1790
1766	if ((s = session_by_channel(c->self)) == NULL) {	1791	if ((s = session_by_channel(c->self)) == NULL) {
1767	log("session_input_channel_req: no session %d req %.100s",	1792	logit("session_input_channel_req: no session %d req %.100s",
1768	c->self, rtype);	1793	c->self, rtype);
1769	return 0;	1794	return 0;
1770	}	1795	}
@@ -1787,6 +1812,8 @@ session_input_channel_req(Channel c, const char rtype)
1787	success = session_auth_agent_req(s);	1812	success = session_auth_agent_req(s);
1788	} else if (strcmp(rtype, "subsystem") == 0) {	1813	} else if (strcmp(rtype, "subsystem") == 0) {
1789	success = session_subsystem_req(s);	1814	success = session_subsystem_req(s);
		1815	} else if (strcmp(rtype, "break") == 0) {
		1816	success = session_break_req(s);
1790	}	1817	}
1791	}	1818	}
1792	if (strcmp(rtype, "window-change") == 0) {	1819	if (strcmp(rtype, "window-change") == 0) {
@@ -2123,4 +2150,8 @@ static void
2123	do_authenticated2(Authctxt *authctxt)	2150	do_authenticated2(Authctxt *authctxt)
2124	{	2151	{
2125	server_loop2(authctxt);	2152	server_loop2(authctxt);
		2153	#if defined(GSSAPI)
		2154	if (options.gss_cleanup_creds)
		2155	ssh_gssapi_cleanup_creds(NULL);
		2156	#endif
2126	}	2157	}