diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 106 |
1 files changed, 70 insertions, 36 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.246 2009/04/17 19:23:06 stevesk Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.252 2010/03/07 11:57:13 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -142,9 +142,10 @@ static int sessions_first_unused = -1; | |||
| 142 | static int sessions_nalloc = 0; | 142 | static int sessions_nalloc = 0; |
| 143 | static Session *sessions = NULL; | 143 | static Session *sessions = NULL; |
| 144 | 144 | ||
| 145 | #define SUBSYSTEM_NONE 0 | 145 | #define SUBSYSTEM_NONE 0 |
| 146 | #define SUBSYSTEM_EXT 1 | 146 | #define SUBSYSTEM_EXT 1 |
| 147 | #define SUBSYSTEM_INT_SFTP 2 | 147 | #define SUBSYSTEM_INT_SFTP 2 |
| 148 | #define SUBSYSTEM_INT_SFTP_ERROR 3 | ||
| 148 | 149 | ||
| 149 | #ifdef HAVE_LOGIN_CAP | 150 | #ifdef HAVE_LOGIN_CAP |
| 150 | login_cap_t *lc; | 151 | login_cap_t *lc; |
| @@ -270,6 +271,8 @@ do_authenticated(Authctxt *authctxt) | |||
| 270 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | 271 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
| 271 | channel_permit_all_opens(); | 272 | channel_permit_all_opens(); |
| 272 | 273 | ||
| 274 | auth_debug_send(); | ||
| 275 | |||
| 273 | if (compat20) | 276 | if (compat20) |
| 274 | do_authenticated2(authctxt); | 277 | do_authenticated2(authctxt); |
| 275 | else | 278 | else |
| @@ -785,17 +788,19 @@ do_exec(Session *s, const char *command) | |||
| 785 | if (options.adm_forced_command) { | 788 | if (options.adm_forced_command) { |
| 786 | original_command = command; | 789 | original_command = command; |
| 787 | command = options.adm_forced_command; | 790 | command = options.adm_forced_command; |
| 788 | if (IS_INTERNAL_SFTP(command)) | 791 | if (IS_INTERNAL_SFTP(command)) { |
| 789 | s->is_subsystem = SUBSYSTEM_INT_SFTP; | 792 | s->is_subsystem = s->is_subsystem ? |
| 790 | else if (s->is_subsystem) | 793 | SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; |
| 794 | } else if (s->is_subsystem) | ||
| 791 | s->is_subsystem = SUBSYSTEM_EXT; | 795 | s->is_subsystem = SUBSYSTEM_EXT; |
| 792 | debug("Forced command (config) '%.900s'", command); | 796 | debug("Forced command (config) '%.900s'", command); |
| 793 | } else if (forced_command) { | 797 | } else if (forced_command) { |
| 794 | original_command = command; | 798 | original_command = command; |
| 795 | command = forced_command; | 799 | command = forced_command; |
| 796 | if (IS_INTERNAL_SFTP(command)) | 800 | if (IS_INTERNAL_SFTP(command)) { |
| 797 | s->is_subsystem = SUBSYSTEM_INT_SFTP; | 801 | s->is_subsystem = s->is_subsystem ? |
| 798 | else if (s->is_subsystem) | 802 | SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; |
| 803 | } else if (s->is_subsystem) | ||
| 799 | s->is_subsystem = SUBSYSTEM_EXT; | 804 | s->is_subsystem = SUBSYSTEM_EXT; |
| 800 | debug("Forced command (key option) '%.900s'", command); | 805 | debug("Forced command (key option) '%.900s'", command); |
| 801 | } | 806 | } |
| @@ -1374,26 +1379,32 @@ static void | |||
| 1374 | do_nologin(struct passwd *pw) | 1379 | do_nologin(struct passwd *pw) |
| 1375 | { | 1380 | { |
| 1376 | FILE *f = NULL; | 1381 | FILE *f = NULL; |
| 1377 | char buf[1024]; | 1382 | char buf[1024], *nl, *def_nl = _PATH_NOLOGIN; |
| 1383 | struct stat sb; | ||
| 1378 | 1384 | ||
| 1379 | #ifdef HAVE_LOGIN_CAP | 1385 | #ifdef HAVE_LOGIN_CAP |
| 1380 | if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) | 1386 | if (login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) |
| 1381 | f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, | 1387 | return; |
| 1382 | _PATH_NOLOGIN), "r"); | 1388 | nl = login_getcapstr(lc, "nologin", def_nl, def_nl); |
| 1383 | #else | 1389 | #else |
| 1384 | if (pw->pw_uid) | 1390 | if (pw->pw_uid == 0) |
| 1385 | f = fopen(_PATH_NOLOGIN, "r"); | 1391 | return; |
| 1392 | nl = def_nl; | ||
| 1386 | #endif | 1393 | #endif |
| 1387 | if (f) { | 1394 | if (stat(nl, &sb) == -1) { |
| 1388 | /* /etc/nologin exists. Print its contents and exit. */ | 1395 | if (nl != def_nl) |
| 1389 | logit("User %.100s not allowed because %s exists", | 1396 | xfree(nl); |
| 1390 | pw->pw_name, _PATH_NOLOGIN); | 1397 | return; |
| 1391 | while (fgets(buf, sizeof(buf), f)) | ||
| 1392 | fputs(buf, stderr); | ||
| 1393 | fclose(f); | ||
| 1394 | fflush(NULL); | ||
| 1395 | exit(254); | ||
| 1396 | } | 1398 | } |
| 1399 | |||
| 1400 | /* /etc/nologin exists. Print its contents if we can and exit. */ | ||
| 1401 | logit("User %.100s not allowed because %s exists", pw->pw_name, nl); | ||
| 1402 | if ((f = fopen(nl, "r")) != NULL) { | ||
| 1403 | while (fgets(buf, sizeof(buf), f)) | ||
| 1404 | fputs(buf, stderr); | ||
| 1405 | fclose(f); | ||
| 1406 | } | ||
| 1407 | exit(254); | ||
| 1397 | } | 1408 | } |
| 1398 | 1409 | ||
| 1399 | /* | 1410 | /* |
| @@ -1521,6 +1532,24 @@ do_setusercontext(struct passwd *pw) | |||
| 1521 | } | 1532 | } |
| 1522 | # endif /* USE_LIBIAF */ | 1533 | # endif /* USE_LIBIAF */ |
| 1523 | #endif | 1534 | #endif |
| 1535 | #ifdef HAVE_SETPCRED | ||
| 1536 | /* | ||
| 1537 | * If we have a chroot directory, we set all creds except real | ||
| 1538 | * uid which we will need for chroot. If we don't have a | ||
| 1539 | * chroot directory, we don't override anything. | ||
| 1540 | */ | ||
| 1541 | { | ||
| 1542 | char **creds = NULL, *chroot_creds[] = | ||
| 1543 | { "REAL_USER=root", NULL }; | ||
| 1544 | |||
| 1545 | if (options.chroot_directory != NULL && | ||
| 1546 | strcasecmp(options.chroot_directory, "none") != 0) | ||
| 1547 | creds = chroot_creds; | ||
| 1548 | |||
| 1549 | if (setpcred(pw->pw_name, creds) == -1) | ||
| 1550 | fatal("Failed to set process credentials"); | ||
| 1551 | } | ||
| 1552 | #endif /* HAVE_SETPCRED */ | ||
| 1524 | 1553 | ||
| 1525 | if (options.chroot_directory != NULL && | 1554 | if (options.chroot_directory != NULL && |
| 1526 | strcasecmp(options.chroot_directory, "none") != 0) { | 1555 | strcasecmp(options.chroot_directory, "none") != 0) { |
| @@ -1533,10 +1562,6 @@ do_setusercontext(struct passwd *pw) | |||
| 1533 | free(chroot_path); | 1562 | free(chroot_path); |
| 1534 | } | 1563 | } |
| 1535 | 1564 | ||
| 1536 | #ifdef HAVE_SETPCRED | ||
| 1537 | if (setpcred(pw->pw_name, (char **)NULL) == -1) | ||
| 1538 | fatal("Failed to set process credentials"); | ||
| 1539 | #endif /* HAVE_SETPCRED */ | ||
| 1540 | #ifdef HAVE_LOGIN_CAP | 1565 | #ifdef HAVE_LOGIN_CAP |
| 1541 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { | 1566 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { |
| 1542 | perror("unable to set user context (setuser)"); | 1567 | perror("unable to set user context (setuser)"); |
| @@ -1783,7 +1808,11 @@ do_child(Session *s, const char *command) | |||
| 1783 | /* restore SIGPIPE for child */ | 1808 | /* restore SIGPIPE for child */ |
| 1784 | signal(SIGPIPE, SIG_DFL); | 1809 | signal(SIGPIPE, SIG_DFL); |
| 1785 | 1810 | ||
| 1786 | if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { | 1811 | if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { |
| 1812 | printf("This service allows sftp connections only.\n"); | ||
| 1813 | fflush(NULL); | ||
| 1814 | exit(1); | ||
| 1815 | } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { | ||
| 1787 | extern int optind, optreset; | 1816 | extern int optind, optreset; |
| 1788 | int i; | 1817 | int i; |
| 1789 | char *p, *args; | 1818 | char *p, *args; |
| @@ -1796,9 +1825,14 @@ do_child(Session *s, const char *command) | |||
| 1796 | argv[i] = NULL; | 1825 | argv[i] = NULL; |
| 1797 | optind = optreset = 1; | 1826 | optind = optreset = 1; |
| 1798 | __progname = argv[0]; | 1827 | __progname = argv[0]; |
| 1828 | #ifdef WITH_SELINUX | ||
| 1829 | ssh_selinux_change_context("sftpd_t"); | ||
| 1830 | #endif | ||
| 1799 | exit(sftp_server_main(i, argv, s->pw)); | 1831 | exit(sftp_server_main(i, argv, s->pw)); |
| 1800 | } | 1832 | } |
| 1801 | 1833 | ||
| 1834 | fflush(NULL); | ||
| 1835 | |||
| 1802 | if (options.use_login) { | 1836 | if (options.use_login) { |
| 1803 | launch_login(pw, hostname); | 1837 | launch_login(pw, hostname); |
| 1804 | /* NEVERREACHED */ | 1838 | /* NEVERREACHED */ |
| @@ -2109,16 +2143,16 @@ session_subsystem_req(Session *s) | |||
| 2109 | if (strcmp(subsys, options.subsystem_name[i]) == 0) { | 2143 | if (strcmp(subsys, options.subsystem_name[i]) == 0) { |
| 2110 | prog = options.subsystem_command[i]; | 2144 | prog = options.subsystem_command[i]; |
| 2111 | cmd = options.subsystem_args[i]; | 2145 | cmd = options.subsystem_args[i]; |
| 2112 | if (!strcmp(INTERNAL_SFTP_NAME, prog)) { | 2146 | if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { |
| 2113 | s->is_subsystem = SUBSYSTEM_INT_SFTP; | 2147 | s->is_subsystem = SUBSYSTEM_INT_SFTP; |
| 2114 | } else if (stat(prog, &st) < 0) { | 2148 | debug("subsystem: %s", prog); |
| 2115 | error("subsystem: cannot stat %s: %s", prog, | ||
| 2116 | strerror(errno)); | ||
| 2117 | break; | ||
| 2118 | } else { | 2149 | } else { |
| 2150 | if (stat(prog, &st) < 0) | ||
| 2151 | debug("subsystem: cannot stat %s: %s", | ||
| 2152 | prog, strerror(errno)); | ||
| 2119 | s->is_subsystem = SUBSYSTEM_EXT; | 2153 | s->is_subsystem = SUBSYSTEM_EXT; |
| 2154 | debug("subsystem: exec() %s", cmd); | ||
| 2120 | } | 2155 | } |
| 2121 | debug("subsystem: exec() %s", cmd); | ||
| 2122 | success = do_exec(s, cmd) == 0; | 2156 | success = do_exec(s, cmd) == 0; |
| 2123 | break; | 2157 | break; |
| 2124 | } | 2158 | } |