summaryrefslogtreecommitdiff
path: root/session.c
diff options
context:
space:
mode:
Diffstat (limited to 'session.c')
-rw-r--r--session.c70
1 files changed, 60 insertions, 10 deletions
diff --git a/session.c b/session.c
index ee4008acf..b32c9e2ca 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.180 2004/07/28 09:40:29 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -245,6 +245,10 @@ do_authenticated1(Authctxt *authctxt)
245 u_int proto_len, data_len, dlen, compression_level = 0; 245 u_int proto_len, data_len, dlen, compression_level = 0;
246 246
247 s = session_new(); 247 s = session_new();
248 if (s == NULL) {
249 error("no more sessions");
250 return;
251 }
248 s->authctxt = authctxt; 252 s->authctxt = authctxt;
249 s->pw = authctxt->pw; 253 s->pw = authctxt->pw;
250 254
@@ -661,11 +665,15 @@ do_exec(Session *s, const char *command)
661 debug("Forced command '%.900s'", command); 665 debug("Forced command '%.900s'", command);
662 } 666 }
663 667
664#ifdef GSSAPI 668#ifdef SSH_AUDIT_EVENTS
665 if (options.gss_authentication) { 669 if (command != NULL)
666 temporarily_use_uid(s->pw); 670 PRIVSEP(audit_run_command(command));
667 ssh_gssapi_storecreds(); 671 else if (s->ttyfd == -1) {
668 restore_uid(); 672 char *shell = s->pw->pw_shell;
673
674 if (shell[0] == '\0') /* empty shell means /bin/sh */
675 shell =_PATH_BSHELL;
676 PRIVSEP(audit_run_command(shell));
669 } 677 }
670#endif 678#endif
671 679
@@ -979,7 +987,13 @@ do_setup_env(Session *s, const char *shell)
979 * The Windows environment contains some setting which are 987 * The Windows environment contains some setting which are
980 * important for a running system. They must not be dropped. 988 * important for a running system. They must not be dropped.
981 */ 989 */
982 copy_environment(environ, &env, &envsize); 990 {
991 char **p;
992
993 p = fetch_windows_environment();
994 copy_environment(p, &env, &envsize);
995 free_windows_environment(p);
996 }
983#endif 997#endif
984 998
985#ifdef GSSAPI 999#ifdef GSSAPI
@@ -1080,14 +1094,24 @@ do_setup_env(Session *s, const char *shell)
1080 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); 1094 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
1081#endif /* _UNICOS */ 1095#endif /* _UNICOS */
1082 1096
1097 /*
1098 * Since we clear KRB5CCNAME at startup, if it's set now then it
1099 * must have been set by a native authentication method (eg AIX or
1100 * SIA), so copy it to the child.
1101 */
1102 {
1103 char *cp;
1104
1105 if ((cp = getenv("KRB5CCNAME")) != NULL)
1106 child_set_env(&env, &envsize, "KRB5CCNAME", cp);
1107 }
1108
1083#ifdef _AIX 1109#ifdef _AIX
1084 { 1110 {
1085 char *cp; 1111 char *cp;
1086 1112
1087 if ((cp = getenv("AUTHSTATE")) != NULL) 1113 if ((cp = getenv("AUTHSTATE")) != NULL)
1088 child_set_env(&env, &envsize, "AUTHSTATE", cp); 1114 child_set_env(&env, &envsize, "AUTHSTATE", cp);
1089 if ((cp = getenv("KRB5CCNAME")) != NULL)
1090 child_set_env(&env, &envsize, "KRB5CCNAME", cp);
1091 read_environment_file(&env, &envsize, "/etc/environment"); 1115 read_environment_file(&env, &envsize, "/etc/environment");
1092 } 1116 }
1093#endif 1117#endif
@@ -1247,6 +1271,13 @@ do_setusercontext(struct passwd *pw)
1247# ifdef __bsdi__ 1271# ifdef __bsdi__
1248 setpgid(0, 0); 1272 setpgid(0, 0);
1249# endif 1273# endif
1274#ifdef GSSAPI
1275 if (options.gss_authentication) {
1276 temporarily_use_uid(pw);
1277 ssh_gssapi_storecreds();
1278 restore_uid();
1279 }
1280#endif
1250# ifdef USE_PAM 1281# ifdef USE_PAM
1251 if (options.use_pam) { 1282 if (options.use_pam) {
1252 do_pam_session(); 1283 do_pam_session();
@@ -1277,6 +1308,13 @@ do_setusercontext(struct passwd *pw)
1277 exit(1); 1308 exit(1);
1278 } 1309 }
1279 endgrent(); 1310 endgrent();
1311#ifdef GSSAPI
1312 if (options.gss_authentication) {
1313 temporarily_use_uid(pw);
1314 ssh_gssapi_storecreds();
1315 restore_uid();
1316 }
1317#endif
1280# ifdef USE_PAM 1318# ifdef USE_PAM
1281 /* 1319 /*
1282 * PAM credentials may take the form of supplementary groups. 1320 * PAM credentials may take the form of supplementary groups.
@@ -1314,7 +1352,12 @@ do_pwchange(Session *s)
1314 if (s->ttyfd != -1) { 1352 if (s->ttyfd != -1) {
1315 fprintf(stderr, 1353 fprintf(stderr,
1316 "You must change your password now and login again!\n"); 1354 "You must change your password now and login again!\n");
1355#ifdef PASSWD_NEEDS_USERNAME
1356 execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
1357 (char *)NULL);
1358#else
1317 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); 1359 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
1360#endif
1318 perror("passwd"); 1361 perror("passwd");
1319 } else { 1362 } else {
1320 fprintf(stderr, 1363 fprintf(stderr,
@@ -1428,11 +1471,18 @@ do_child(Session *s, const char *command)
1428 * generated messages, so if this in an interactive 1471 * generated messages, so if this in an interactive
1429 * login then display them too. 1472 * login then display them too.
1430 */ 1473 */
1431 if (command == NULL) 1474 if (!check_quietlogin(s, command))
1432 display_loginmsg(); 1475 display_loginmsg();
1433#endif /* HAVE_OSF_SIA */ 1476#endif /* HAVE_OSF_SIA */
1434 } 1477 }
1435 1478
1479#ifdef USE_PAM
1480 if (options.use_pam && !is_pam_session_open()) {
1481 display_loginmsg();
1482 exit(254);
1483 }
1484#endif
1485
1436 /* 1486 /*
1437 * Get the shell from the password data. An empty shell field is 1487 * Get the shell from the password data. An empty shell field is
1438 * legal, and means /bin/sh. 1488 * legal, and means /bin/sh.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 03:00:23 +0000