]> andersk Git - openssh.git/blame - sshd.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
*** empty log message ***
[openssh.git] / sshd.c
CommitLineData
8efc0c15 1/*
5260325f 2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Created: Fri Mar 17 17:09:28 1995 ylo
6 * This program is the ssh daemon. It listens for connections from clients, and
7 * performs authentication, executes use commands or shell, and forwards
8 * information to/from the application to the user client over an encrypted
9 * connection. This can also handle forwarding of X11, TCP/IP, and authentication
10 * agent connections.
11 */
8efc0c15 12
13#include "includes.h"
14RCSID("$Id$");
15
16#include "xmalloc.h"
17#include "rsa.h"
18#include "ssh.h"
19#include "pty.h"
20#include "packet.h"
21#include "buffer.h"
22#include "cipher.h"
23#include "mpaux.h"
24#include "servconf.h"
25#include "uidswap.h"
26#include "compat.h"
27
28#ifdef LIBWRAP
29#include <tcpd.h>
30#include <syslog.h>
31int allow_severity = LOG_INFO;
32int deny_severity = LOG_WARNING;
33#endif /* LIBWRAP */
34
35#ifndef O_NOCTTY
36#define O_NOCTTY 0
37#endif
38
8efc0c15 39/* Local Xauthority file. */
6a17f9c2 40static char *xauthfile = NULL;
8efc0c15 41
42/* Server configuration options. */
43ServerOptions options;
44
45/* Name of the server configuration file. */
46char *config_file_name = SERVER_CONFIG_FILE;
47
5260325f 48/*
49 * Debug mode flag. This can be set on the command line. If debug
50 * mode is enabled, extra debugging output will be sent to the system
51 * log, the daemon will not go to background, and will exit after processing
52 * the first connection.
53 */
8efc0c15 54int debug_flag = 0;
55
56/* Flag indicating that the daemon is being started from inetd. */
57int inetd_flag = 0;
58
6a17f9c2 59/* debug goes to stderr unless inetd_flag is set */
60int log_stderr = 0;
61
8efc0c15 62/* argv[0] without path. */
63char *av0;
64
65/* Saved arguments to main(). */
66char **saved_argv;
67
68/* This is set to the socket that the server is listening; this is used in
69 the SIGHUP signal handler. */
70int listen_sock;
71
5260325f 72/* the client's version string, passed by sshd2 in compat mode.
73 if != NULL, sshd will skip the version-number exchange */
74char *client_version_string = NULL;
75
76/* Flags set in auth-rsa from authorized_keys flags. These are set in auth-rsa.c. */
8efc0c15 77int no_port_forwarding_flag = 0;
78int no_agent_forwarding_flag = 0;
79int no_x11_forwarding_flag = 0;
80int no_pty_flag = 0;
5260325f 81
82/* RSA authentication "command=" option. */
83char *forced_command = NULL;
84
85/* RSA authentication "environment=" options. */
86struct envstring *custom_environment = NULL;
8efc0c15 87
88/* Session id for the current session. */
89unsigned char session_id[16];
90
91/* Any really sensitive data in the application is contained in this structure.
92 The idea is that this structure could be locked into memory so that the
93 pages do not get written into swap. However, there are some problems.
94 The private key contains BIGNUMs, and we do not (in principle) have
95 access to the internals of them, and locking just the structure is not
96 very useful. Currently, memory locking is not implemented. */
5260325f 97struct {
98 RSA *private_key; /* Private part of server key. */
99 RSA *host_key; /* Private part of host key. */
8efc0c15 100} sensitive_data;
101
102/* Flag indicating whether the current session key has been used. This flag
103 is set whenever the key is used, and cleared when the key is regenerated. */
104int key_used = 0;
105
106/* This is set to true when SIGHUP is received. */
107int received_sighup = 0;
108
109/* Public side of the server key. This value is regenerated regularly with
110 the private key. */
111RSA *public_key;
112
113/* Prototypes for various functions defined later in this file. */
e7c0f9d5 114void do_connection();
115void do_authentication(char *user);
5260325f 116void do_authloop(struct passwd * pw);
e7c0f9d5 117void do_fake_authloop(char *user);
5260325f 118void do_authenticated(struct passwd * pw);
119void do_exec_pty(const char *command, int ptyfd, int ttyfd,
120 const char *ttyname, struct passwd * pw, const char *term,
121 const char *display, const char *auth_proto,
122 const char *auth_data);
123void do_exec_no_pty(const char *command, struct passwd * pw,
124 const char *display, const char *auth_proto,
125 const char *auth_data);
126void do_child(const char *command, struct passwd * pw, const char *term,
8efc0c15 127 const char *display, const char *auth_proto,
128 const char *auth_data, const char *ttyname);
e7c0f9d5 129
5aecb327 130#ifdef HAVE_LIBPAM
8efc0c15 131static int pamconv(int num_msg, const struct pam_message **msg,
5260325f 132 struct pam_response **resp, void *appdata_ptr);
c75a1a66 133void do_pam_account_and_session(char *username, char *remote_user,
5260325f 134 const char *remote_host);
d813bc69 135void pam_cleanup_proc(void *context);
8efc0c15 136
137static struct pam_conv conv = {
5260325f 138 pamconv,
139 NULL
8efc0c15 140};
d813bc69 141struct pam_handle_t *pamh = NULL;
142const char *pampasswd = NULL;
e1a9c08d 143char *pamconv_msg = NULL;
8efc0c15 144
145static int pamconv(int num_msg, const struct pam_message **msg,
8de3263e 146 struct pam_response **resp, void *appdata_ptr)
8efc0c15 147{
5260325f 148 struct pam_response *reply;
149 int count;
150 size_t msg_len;
151 char *p;
152
153 /* PAM will free this later */
154 reply = malloc(num_msg * sizeof(*reply));
155 if (reply == NULL)
156 return PAM_CONV_ERR;
157
158 for(count = 0; count < num_msg; count++) {
159 switch (msg[count]->msg_style) {
160 case PAM_PROMPT_ECHO_OFF:
161 if (pampasswd == NULL) {
162 free(reply);
163 return PAM_CONV_ERR;
164 }
165 reply[count].resp_retcode = PAM_SUCCESS;
166 reply[count].resp = xstrdup(pampasswd);
167 break;
168
169 case PAM_TEXT_INFO:
170 reply[count].resp_retcode = PAM_SUCCESS;
171 reply[count].resp = xstrdup("");
172
173 if (msg[count]->msg == NULL)
174 break;
175
176 debug("Adding PAM message: %s", msg[count]->msg);
177
178 msg_len = strlen(msg[count]->msg);
179 if (pamconv_msg) {
180 size_t n = strlen(pamconv_msg);
181 pamconv_msg = xrealloc(pamconv_msg, n + msg_len + 2);
182 p = pamconv_msg + n;
183 } else {
184 pamconv_msg = p = xmalloc(msg_len + 2);
185 }
186 memcpy(p, msg[count]->msg, msg_len);
187 p[msg_len] = '\n';
188 p[msg_len + 1] = '\0';
189 break;
190
191 case PAM_PROMPT_ECHO_ON:
192 case PAM_ERROR_MSG:
193 default:
194 free(reply);
195 return PAM_CONV_ERR;
196 }
e1a9c08d 197 }
5260325f 198
199 *resp = reply;
200
201 return PAM_SUCCESS;
8efc0c15 202}
203
204void pam_cleanup_proc(void *context)
205{
5260325f 206 int pam_retval;
207
208 if (pamh != NULL)
209 {
210 pam_retval = pam_close_session((pam_handle_t *)pamh, 0);
211 if (pam_retval != PAM_SUCCESS) {
212 log("Cannot close PAM session: %.200s",
213 PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
214 }
215
216 pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
217 if (pam_retval != PAM_SUCCESS) {
218 log("Cannot release PAM authentication: %.200s",
219 PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
220 }
221 }
d813bc69 222}
223
c75a1a66 224void do_pam_account_and_session(char *username, char *remote_user,
5260325f 225 const char *remote_host)
d813bc69 226{
5260325f 227 int pam_retval;
228
229 if (remote_host != NULL) {
230 debug("PAM setting rhost to \"%.200s\"", remote_host);
231 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host);
232 if (pam_retval != PAM_SUCCESS) {
233 log("PAM set rhost failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
234 do_fake_authloop(username);
235 }
236 }
237
238 if (remote_user != NULL) {
239 debug("PAM setting ruser to \"%.200s\"", remote_user);
240 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user);
241 if (pam_retval != PAM_SUCCESS) {
242 log("PAM set ruser failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
243 do_fake_authloop(username);
244 }
245 }
246
247 pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
248 if (pam_retval != PAM_SUCCESS) {
249 log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
250 do_fake_authloop(username);
251 }
252
253 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
254 if (pam_retval != PAM_SUCCESS) {
255 log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
256 do_fake_authloop(username);
257 }
8efc0c15 258}
5aecb327 259#endif /* HAVE_LIBPAM */
8efc0c15 260
5260325f 261/*
262 * Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
263 * the effect is to reread the configuration file (and to regenerate
264 * the server key).
265 */
266void
267sighup_handler(int sig)
8efc0c15 268{
5260325f 269 received_sighup = 1;
270 signal(SIGHUP, sighup_handler);
8efc0c15 271}
272
5260325f 273/*
274 * Called from the main program after receiving SIGHUP.
275 * Restarts the server.
276 */
277void
278sighup_restart()
8efc0c15 279{
5260325f 280 log("Received SIGHUP; restarting.");
281 close(listen_sock);
282 execv(saved_argv[0], saved_argv);
283 log("RESTART FAILED: av0='%s', error: %s.", av0, strerror(errno));
284 exit(1);
8efc0c15 285}
286
5260325f 287/*
288 * Generic signal handler for terminating signals in the master daemon.
289 * These close the listen socket; not closing it seems to cause "Address
290 * already in use" problems on some machines, which is inconvenient.
291 */
292void
293sigterm_handler(int sig)
8efc0c15 294{
5260325f 295 log("Received signal %d; terminating.", sig);
296 close(listen_sock);
297 exit(255);
8efc0c15 298}
299
5260325f 300/*
301 * SIGCHLD handler. This is called whenever a child dies. This will then
302 * reap any zombies left by exited c.
303 */
304void
305main_sigchld_handler(int sig)
8efc0c15 306{
5260325f 307 int save_errno = errno;
308 int status;
5ad13cd7 309
5260325f 310 while (waitpid(-1, &status, WNOHANG) > 0)
311 ;
5ad13cd7 312
5260325f 313 signal(SIGCHLD, main_sigchld_handler);
314 errno = save_errno;
8efc0c15 315}
316
5260325f 317/*
318 * Signal handler for the alarm after the login grace period has expired.
319 */
320void
321grace_alarm_handler(int sig)
8efc0c15 322{
5260325f 323 /* Close the connection. */
324 packet_close();
8efc0c15 325
5260325f 326 /* Log error and exit. */
327 fatal("Timeout before authentication for %s.", get_remote_ipaddr());
328}
8efc0c15 329
5260325f 330/*
331 * convert ssh auth msg type into description
332 */
333char *
334get_authname(int type)
8efc0c15 335{
5260325f 336 switch (type) {
337 case SSH_CMSG_AUTH_PASSWORD:
338 return "password";
339 case SSH_CMSG_AUTH_RSA:
340 return "rsa";
341 case SSH_CMSG_AUTH_RHOSTS_RSA:
342 return "rhosts-rsa";
343 case SSH_CMSG_AUTH_RHOSTS:
344 return "rhosts";
345#ifdef KRB4
346 case SSH_CMSG_AUTH_KERBEROS:
347 return "kerberos";
348#endif
349#ifdef SKEY
350 case SSH_CMSG_AUTH_TIS_RESPONSE:
351 return "s/key";
352#endif
353 }
354 fatal("get_authname: unknown auth %d: internal error", type);
355 return NULL;
8efc0c15 356}
357
5260325f 358/*
359 * Signal handler for the key regeneration alarm. Note that this
360 * alarm only occurs in the daemon waiting for connections, and it does not
361 * do anything with the private key or random state before forking.
362 * Thus there should be no concurrency control/asynchronous execution
363 * problems.
364 */
365void
366key_regeneration_alarm(int sig)
367{
368 int save_errno = errno;
369
370 /* Check if we should generate a new key. */
371 if (key_used) {
372 /* This should really be done in the background. */
373 log("Generating new %d bit RSA key.", options.server_key_bits);
374
375 if (sensitive_data.private_key != NULL)
376 RSA_free(sensitive_data.private_key);
377 sensitive_data.private_key = RSA_new();
378
379 if (public_key != NULL)
380 RSA_free(public_key);
381 public_key = RSA_new();
382
383 rsa_generate_key(sensitive_data.private_key, public_key,
384 options.server_key_bits);
385 arc4random_stir();
386 key_used = 0;
387 log("RSA key generation complete.");
388 }
389 /* Reschedule the alarm. */
390 signal(SIGALRM, key_regeneration_alarm);
391 alarm(options.key_regeneration_time);
392 errno = save_errno;
393}
8efc0c15 394
5260325f 395/*
396 * Main program for the daemon.
397 */
8efc0c15 398int
399main(int ac, char **av)
400{
5260325f 401 extern char *optarg;
402 extern int optind;
403 int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
404 int remote_major, remote_minor;
405 int silentrsa = 0;
406 struct sockaddr_in sin;
407 char buf[100]; /* Must not be larger than remote_version. */
408 char remote_version[100]; /* Must be at least as big as buf. */
409 const char *remote_ip;
410 int remote_port;
411 char *comment;
412 FILE *f;
413 struct linger linger;
414
415 /* Save argv[0]. */
416 saved_argv = av;
417 if (strchr(av[0], '/'))
418 av0 = strrchr(av[0], '/') + 1;
419 else
420 av0 = av[0];
421
422 /* Initialize configuration options to their default values. */
423 initialize_server_options(&options);
424
425 /* Parse command-line arguments. */
426 while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:diqQ")) != EOF) {
427 switch (opt) {
428 case 'f':
429 config_file_name = optarg;
430 break;
431 case 'd':
432 debug_flag = 1;
433 options.log_level = SYSLOG_LEVEL_DEBUG;
434 break;
435 case 'i':
436 inetd_flag = 1;
437 break;
438 case 'Q':
439 silentrsa = 1;
440 break;
441 case 'q':
442 options.log_level = SYSLOG_LEVEL_QUIET;
443 break;
444 case 'b':
445 options.server_key_bits = atoi(optarg);
446 break;
447 case 'p':
448 options.port = atoi(optarg);
449 break;
450 case 'g':
451 options.login_grace_time = atoi(optarg);
452 break;
453 case 'k':
454 options.key_regeneration_time = atoi(optarg);
455 break;
456 case 'h':
457 options.host_key_file = optarg;
458 break;
459 case 'V':
460 client_version_string = optarg;
461 /* only makes sense with inetd_flag, i.e. no listen() */
462 inetd_flag = 1;
463 break;
464 case '?':
465 default:
466 fprintf(stderr, "sshd version %s\n", SSH_VERSION);
467 fprintf(stderr, "Usage: %s [options]\n", av0);
468 fprintf(stderr, "Options:\n");
469 fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR);
470 fprintf(stderr, " -d Debugging mode\n");
471 fprintf(stderr, " -i Started from inetd\n");
472 fprintf(stderr, " -q Quiet (no logging)\n");
473 fprintf(stderr, " -p port Listen on the specified port (default: 22)\n");
474 fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n");
475 fprintf(stderr, " -g seconds Grace period for authentication (default: 300)\n");
476 fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
477 fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
478 HOST_KEY_FILE);
479 exit(1);
480 }
481 }
482
483 /* check if RSA support exists */
484 if (rsa_alive() == 0) {
485 if (silentrsa == 0)
486 printf("sshd: no RSA support in libssl and libcrypto -- exiting. See ssl(8)\n");
487 log("no RSA support in libssl and libcrypto -- exiting. See ssl(8)");
488 exit(1);
489 }
490 /* Read server configuration options from the configuration file. */
491 read_server_config(&options, config_file_name);
492
493 /* Fill in default values for those options not explicitly set. */
494 fill_default_server_options(&options);
495
496 /* Check certain values for sanity. */
497 if (options.server_key_bits < 512 ||
498 options.server_key_bits > 32768) {
499 fprintf(stderr, "Bad server key size.\n");
500 exit(1);
501 }
502 if (options.port < 1 || options.port > 65535) {
503 fprintf(stderr, "Bad port number.\n");
504 exit(1);
505 }
506 /* Check that there are no remaining arguments. */
507 if (optind < ac) {
508 fprintf(stderr, "Extra argument %s.\n", av[optind]);
509 exit(1);
8efc0c15 510 }
5260325f 511 /* Force logging to stderr while loading the private host key
512 unless started from inetd */
513 log_init(av0, options.log_level, options.log_facility, !inetd_flag);
514
515 debug("sshd version %.100s", SSH_VERSION);
516
517 sensitive_data.host_key = RSA_new();
518 errno = 0;
519 /* Load the host key. It must have empty passphrase. */
520 if (!load_private_key(options.host_key_file, "",
521 sensitive_data.host_key, &comment)) {
522 error("Could not load host key: %.200s: %.100s",
523 options.host_key_file, strerror(errno));
524 exit(1);
525 }
526 xfree(comment);
527
528 /* Initialize the log (it is reinitialized below in case we
529 forked). */
530 if (debug_flag && !inetd_flag)
531 log_stderr = 1;
532 log_init(av0, options.log_level, options.log_facility, log_stderr);
533
534 /* If not in debugging mode, and not started from inetd,
535 disconnect from the controlling terminal, and fork. The
536 original process exits. */
537 if (!debug_flag && !inetd_flag) {
8efc0c15 538#ifdef TIOCNOTTY
5260325f 539 int fd;
8efc0c15 540#endif /* TIOCNOTTY */
5260325f 541 if (daemon(0, 0) < 0)
542 fatal("daemon() failed: %.200s", strerror(errno));
543
544 /* Disconnect from the controlling tty. */
8efc0c15 545#ifdef TIOCNOTTY
5260325f 546 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
547 if (fd >= 0) {
548 (void) ioctl(fd, TIOCNOTTY, NULL);
549 close(fd);
550 }
8efc0c15 551#endif /* TIOCNOTTY */
8efc0c15 552 }
5260325f 553 /* Reinitialize the log (because of the fork above). */
554 log_init(av0, options.log_level, options.log_facility, log_stderr);
555
556 /* Check that server and host key lengths differ sufficiently.
557 This is necessary to make double encryption work with rsaref.
558 Oh, I hate software patents. I dont know if this can go? Niels */
559 if (options.server_key_bits >
560 BN_num_bits(sensitive_data.host_key->n) - SSH_KEY_BITS_RESERVED &&
561 options.server_key_bits <
562 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
563 options.server_key_bits =
564 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED;
565 debug("Forcing server key to %d bits to make it differ from host key.",
566 options.server_key_bits);
8efc0c15 567 }
5260325f 568 /* Do not display messages to stdout in RSA code. */
569 rsa_set_verbose(0);
570
571 /* Initialize the random number generator. */
572 arc4random_stir();
573
574 /* Chdir to the root directory so that the current disk can be
575 unmounted if desired. */
576 chdir("/");
577
578 /* Close connection cleanly after attack. */
579 cipher_attack_detected = packet_disconnect;
580
581 /* Start listening for a socket, unless started from inetd. */
582 if (inetd_flag) {
583 int s1, s2;
584 s1 = dup(0); /* Make sure descriptors 0, 1, and 2 are in use. */
585 s2 = dup(s1);
586 sock_in = dup(0);
587 sock_out = dup(1);
588 /* We intentionally do not close the descriptors 0, 1, and 2
589 as our code for setting the descriptors won\'t work
590 if ttyfd happens to be one of those. */
591 debug("inetd sockets after dupping: %d, %d", sock_in, sock_out);
592
593 public_key = RSA_new();
594 sensitive_data.private_key = RSA_new();
595
596 log("Generating %d bit RSA key.", options.server_key_bits);
597 rsa_generate_key(sensitive_data.private_key, public_key,
598 options.server_key_bits);
599 arc4random_stir();
600 log("RSA key generation complete.");
601 } else {
602 /* Create socket for listening. */
603 listen_sock = socket(AF_INET, SOCK_STREAM, 0);
604 if (listen_sock < 0)
605 fatal("socket: %.100s", strerror(errno));
606
607 /* Set socket options. We try to make the port reusable
608 and have it close as fast as possible without waiting
609 in unnecessary wait states on close. */
610 setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, (void *) &on,
611 sizeof(on));
612 linger.l_onoff = 1;
613 linger.l_linger = 5;
614 setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, (void *) &linger,
615 sizeof(linger));
616
617 /* Initialize the socket address. */
618 memset(&sin, 0, sizeof(sin));
619 sin.sin_family = AF_INET;
620 sin.sin_addr = options.listen_addr;
621 sin.sin_port = htons(options.port);
622
623 /* Bind the socket to the desired port. */
624 if (bind(listen_sock, (struct sockaddr *) & sin, sizeof(sin)) < 0) {
625 error("bind: %.100s", strerror(errno));
626 shutdown(listen_sock, SHUT_RDWR);
627 close(listen_sock);
628 fatal("Bind to port %d failed.", options.port);
629 }
630 if (!debug_flag) {
631 /* Record our pid in /etc/sshd_pid to make it
632 easier to kill the correct sshd. We don\'t
633 want to do this before the bind above because
634 the bind will fail if there already is a
635 daemon, and this will overwrite any old pid in
636 the file. */
637 f = fopen(SSH_DAEMON_PID_FILE, "w");
638 if (f) {
639 fprintf(f, "%u\n", (unsigned int) getpid());
640 fclose(f);
641 }
8efc0c15 642 }
8efc0c15 643
5260325f 644 log("Server listening on port %d.", options.port);
645 if (listen(listen_sock, 5) < 0)
646 fatal("listen: %.100s", strerror(errno));
647
648 public_key = RSA_new();
649 sensitive_data.private_key = RSA_new();
650
651 log("Generating %d bit RSA key.", options.server_key_bits);
652 rsa_generate_key(sensitive_data.private_key, public_key,
653 options.server_key_bits);
654 arc4random_stir();
655 log("RSA key generation complete.");
656
657 /* Schedule server key regeneration alarm. */
658 signal(SIGALRM, key_regeneration_alarm);
659 alarm(options.key_regeneration_time);
660
661 /* Arrange to restart on SIGHUP. The handler needs listen_sock. */
662 signal(SIGHUP, sighup_handler);
663 signal(SIGTERM, sigterm_handler);
664 signal(SIGQUIT, sigterm_handler);
665
666 /* Arrange SIGCHLD to be caught. */
667 signal(SIGCHLD, main_sigchld_handler);
668
669 /* Stay listening for connections until the system crashes
670 or the daemon is killed with a signal. */
671 for (;;) {
672 if (received_sighup)
673 sighup_restart();
674 /* Wait in accept until there is a connection. */
675 aux = sizeof(sin);
676 newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux);
677 if (received_sighup)
678 sighup_restart();
679 if (newsock < 0) {
680 if (errno == EINTR)
681 continue;
682 error("accept: %.100s", strerror(errno));
683 continue;
684 }
685 /* Got connection. Fork a child to handle it,
686 unless we are in debugging mode. */
687 if (debug_flag) {
688 /* In debugging mode. Close the listening
689 socket, and start processing the
690 connection without forking. */
691 debug("Server will not fork when running in debugging mode.");
692 close(listen_sock);
693 sock_in = newsock;
694 sock_out = newsock;
695 pid = getpid();
696 break;
697 } else {
698 /* Normal production daemon. Fork, and
699 have the child process the connection.
700 The parent continues listening. */
701 if ((pid = fork()) == 0) {
702 /* Child. Close the listening
703 socket, and start using the
704 accepted socket. Reinitialize
705 logging (since our pid has
706 changed). We break out of the
707 loop to handle the connection. */
708 close(listen_sock);
709 sock_in = newsock;
710 sock_out = newsock;
711 log_init(av0, options.log_level, options.log_facility, log_stderr);
712 break;
713 }
714 }
715
716 /* Parent. Stay in the loop. */
717 if (pid < 0)
718 error("fork: %.100s", strerror(errno));
719 else
720 debug("Forked child %d.", pid);
721
722 /* Mark that the key has been used (it was "given" to the child). */
723 key_used = 1;
724
725 arc4random_stir();
726
727 /* Close the new socket (the child is now taking care of it). */
728 close(newsock);
729 }
730 }
8efc0c15 731
5260325f 732 /* This is the child processing a new connection. */
733
734 /* Disable the key regeneration alarm. We will not regenerate the
735 key since we are no longer in a position to give it to anyone.
736 We will not restart on SIGHUP since it no longer makes sense. */
737 alarm(0);
738 signal(SIGALRM, SIG_DFL);
739 signal(SIGHUP, SIG_DFL);
740 signal(SIGTERM, SIG_DFL);
741 signal(SIGQUIT, SIG_DFL);
742 signal(SIGCHLD, SIG_DFL);
743
744 /* Set socket options for the connection. We want the socket to
745 close as fast as possible without waiting for anything. If the
746 connection is not a socket, these will do nothing. */
747 /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
748 sizeof(on)); */
749 linger.l_onoff = 1;
750 linger.l_linger = 5;
751 setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
752
753 /* Register our connection. This turns encryption off because we
754 do not have a key. */
755 packet_set_connection(sock_in, sock_out);
756
757 remote_port = get_remote_port();
758 remote_ip = get_remote_ipaddr();
759
760 /* Check whether logins are denied from this host. */
761#ifdef LIBWRAP
762 {
763 struct request_info req;
8efc0c15 764
5260325f 765 request_init(&req, RQ_DAEMON, av0, RQ_FILE, sock_in, NULL);
766 fromhost(&req);
8efc0c15 767
5260325f 768 if (!hosts_access(&req)) {
769 close(sock_in);
770 close(sock_out);
771 refuse(&req);
772 }
773 verbose("Connection from %.500s port %d", eval_client(&req), remote_port);
8efc0c15 774 }
8efc0c15 775#else
5260325f 776 /* Log the connection. */
777 verbose("Connection from %.500s port %d", remote_ip, remote_port);
8efc0c15 778#endif /* LIBWRAP */
779
5260325f 780 /* We don\'t want to listen forever unless the other side
781 successfully authenticates itself. So we set up an alarm which
782 is cleared after successful authentication. A limit of zero
783 indicates no limit. Note that we don\'t set the alarm in
784 debugging mode; it is just annoying to have the server exit
785 just when you are about to discover the bug. */
786 signal(SIGALRM, grace_alarm_handler);
787 if (!debug_flag)
788 alarm(options.login_grace_time);
789
790 if (client_version_string != NULL) {
791 /* we are exec'ed by sshd2, so skip exchange of protocol version */
792 strlcpy(buf, client_version_string, sizeof(buf));
793 } else {
794 /* Send our protocol version identification. */
795 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
796 PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
797 if (write(sock_out, buf, strlen(buf)) != strlen(buf))
798 fatal("Could not write ident string to %s.", get_remote_ipaddr());
799
800 /* Read other side\'s version identification. */
801 for (i = 0; i < sizeof(buf) - 1; i++) {
802 if (read(sock_in, &buf[i], 1) != 1)
803 fatal("Did not receive ident string from %s.", get_remote_ipaddr());
804 if (buf[i] == '\r') {
805 buf[i] = '\n';
806 buf[i + 1] = 0;
807 break;
808 }
809 if (buf[i] == '\n') {
810 /* buf[i] == '\n' */
811 buf[i + 1] = 0;
812 break;
813 }
814 }
815 buf[sizeof(buf) - 1] = 0;
8efc0c15 816 }
5260325f 817
818 /* Check that the versions match. In future this might accept
819 several versions and set appropriate flags to handle them. */
820 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
821 remote_version) != 3) {
822 const char *s = "Protocol mismatch.\n";
823 (void) write(sock_out, s, strlen(s));
824 close(sock_in);
825 close(sock_out);
826 fatal("Bad protocol version identification '%.100s' from %s",
827 buf, get_remote_ipaddr());
828 }
829 debug("Client protocol version %d.%d; client software version %.100s",
830 remote_major, remote_minor, remote_version);
831 if (remote_major != PROTOCOL_MAJOR) {
832 const char *s = "Protocol major versions differ.\n";
833 (void) write(sock_out, s, strlen(s));
834 close(sock_in);
835 close(sock_out);
836 fatal("Protocol major versions differ for %s: %d vs. %d",
837 get_remote_ipaddr(),
838 PROTOCOL_MAJOR, remote_major);
8efc0c15 839 }
5260325f 840 /* Check that the client has sufficiently high software version. */
841 if (remote_major == 1 && remote_minor < 3)
842 packet_disconnect("Your ssh version is too old and is no longer supported. Please install a newer version.");
843
844 if (remote_major == 1 && remote_minor == 3) {
845 enable_compat13();
846 if (strcmp(remote_version, "OpenSSH-1.1") != 0) {
847 debug("Agent forwarding disabled, remote version is not compatible.");
848 no_agent_forwarding_flag = 1;
849 }
850 }
851 /* Check that the connection comes from a privileged port. Rhosts-
852 and Rhosts-RSA-Authentication only make sense from priviledged
853 programs. Of course, if the intruder has root access on his
854 local machine, he can connect from any port. So do not use
855 these authentication methods from machines that you do not trust. */
856 if (remote_port >= IPPORT_RESERVED ||
857 remote_port < IPPORT_RESERVED / 2) {
858 options.rhosts_authentication = 0;
859 options.rhosts_rsa_authentication = 0;
860 }
861 packet_set_nonblocking();
862
863 /* Handle the connection. */
864 do_connection();
8efc0c15 865
866#ifdef KRB4
5260325f 867 /* Cleanup user's ticket cache file. */
868 if (options.kerberos_ticket_cleanup)
869 (void) dest_tkt();
8efc0c15 870#endif /* KRB4 */
871
5260325f 872 /* Cleanup user's local Xauthority file. */
873 if (xauthfile)
874 unlink(xauthfile);
8efc0c15 875
5260325f 876 /* The connection has been terminated. */
877 verbose("Closing connection to %.100s", remote_ip);
8efc0c15 878
5aecb327 879#ifdef HAVE_LIBPAM
5260325f 880 {
881 int retval;
8efc0c15 882
5260325f 883 if (pamh != NULL) {
884 debug("Closing PAM session.");
885 retval = pam_close_session((pam_handle_t *)pamh, 0);
8efc0c15 886
5260325f 887 debug("Terminating PAM library.");
888 if (pam_end((pam_handle_t *)pamh, retval) != PAM_SUCCESS)
889 log("Cannot release PAM authentication.");
890
891 fatal_remove_cleanup(&pam_cleanup_proc, NULL);
892 }
893 }
894#endif /* HAVE_LIBPAM */
8efc0c15 895
5260325f 896 packet_close();
897 exit(0);
898}
8efc0c15 899
5260325f 900/*
901 * Process an incoming connection. Protocol version identifiers have already
902 * been exchanged. This sends server key and performs the key exchange.
903 * Server and host keys will no longer be needed after this functions.
904 */
e7c0f9d5 905void
906do_connection()
8efc0c15 907{
5260325f 908 int i, len;
909 BIGNUM *session_key_int;
910 unsigned char session_key[SSH_SESSION_KEY_LENGTH];
911 unsigned char check_bytes[8];
912 char *user;
913 unsigned int cipher_type, auth_mask, protocol_flags;
914 int plen, slen;
915 u_int32_t rand = 0;
916
917 /* Generate check bytes that the client must send back in the user
918 packet in order for it to be accepted; this is used to defy ip
919 spoofing attacks. Note that this only works against somebody
920 doing IP spoofing from a remote machine; any machine on the
921 local network can still see outgoing packets and catch the
922 random cookie. This only affects rhosts authentication, and
923 this is one of the reasons why it is inherently insecure. */
924 for (i = 0; i < 8; i++) {
925 if (i % 4 == 0)
926 rand = arc4random();
927 check_bytes[i] = rand & 0xff;
928 rand >>= 8;
929 }
930
931 /* Send our public key. We include in the packet 64 bits of
932 random data that must be matched in the reply in order to
933 prevent IP spoofing. */
934 packet_start(SSH_SMSG_PUBLIC_KEY);
935 for (i = 0; i < 8; i++)
936 packet_put_char(check_bytes[i]);
937
938 /* Store our public server RSA key. */
939 packet_put_int(BN_num_bits(public_key->n));
940 packet_put_bignum(public_key->e);
941 packet_put_bignum(public_key->n);
942
943 /* Store our public host RSA key. */
944 packet_put_int(BN_num_bits(sensitive_data.host_key->n));
945 packet_put_bignum(sensitive_data.host_key->e);
946 packet_put_bignum(sensitive_data.host_key->n);
947
948 /* Put protocol flags. */
949 packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
950
951 /* Declare which ciphers we support. */
952 packet_put_int(cipher_mask());
953
954 /* Declare supported authentication types. */
955 auth_mask = 0;
956 if (options.rhosts_authentication)
957 auth_mask |= 1 << SSH_AUTH_RHOSTS;
958 if (options.rhosts_rsa_authentication)
959 auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
960 if (options.rsa_authentication)
961 auth_mask |= 1 << SSH_AUTH_RSA;
8efc0c15 962#ifdef KRB4
5260325f 963 if (options.kerberos_authentication)
964 auth_mask |= 1 << SSH_AUTH_KERBEROS;
8efc0c15 965#endif
966#ifdef AFS
5260325f 967 if (options.kerberos_tgt_passing)
968 auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
969 if (options.afs_token_passing)
970 auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
8efc0c15 971#endif
5260325f 972#ifdef SKEY
973 if (options.skey_authentication == 1)
974 auth_mask |= 1 << SSH_AUTH_TIS;
975#endif
976 if (options.password_authentication)
977 auth_mask |= 1 << SSH_AUTH_PASSWORD;
978 packet_put_int(auth_mask);
979
980 /* Send the packet and wait for it to be sent. */
981 packet_send();
982 packet_write_wait();
983
984 debug("Sent %d bit public key and %d bit host key.",
985 BN_num_bits(public_key->n), BN_num_bits(sensitive_data.host_key->n));
986
987 /* Read clients reply (cipher type and session key). */
988 packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
989
990 /* Get cipher type. */
991 cipher_type = packet_get_char();
992
993 /* Get check bytes from the packet. These must match those we
994 sent earlier with the public key packet. */
995 for (i = 0; i < 8; i++)
996 if (check_bytes[i] != packet_get_char())
997 packet_disconnect("IP Spoofing check bytes do not match.");
998
999 debug("Encryption type: %.200s", cipher_name(cipher_type));
1000
1001 /* Get the encrypted integer. */
1002 session_key_int = BN_new();
1003 packet_get_bignum(session_key_int, &slen);
1004
1005 /* Get protocol flags. */
1006 protocol_flags = packet_get_int();
1007 packet_set_protocol_flags(protocol_flags);
1008
1009 packet_integrity_check(plen, 1 + 8 + slen + 4, SSH_CMSG_SESSION_KEY);
1010
1011 /* Decrypt it using our private server key and private host key
1012 (key with larger modulus first). */
1013 if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) {
1014 /* Private key has bigger modulus. */
1015 if (BN_num_bits(sensitive_data.private_key->n) <
1016 BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
1017 fatal("do_connection: %s: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
1018 get_remote_ipaddr(),
1019 BN_num_bits(sensitive_data.private_key->n),
1020 BN_num_bits(sensitive_data.host_key->n),
1021 SSH_KEY_BITS_RESERVED);
1022 }
1023 rsa_private_decrypt(session_key_int, session_key_int,
1024 sensitive_data.private_key);
1025 rsa_private_decrypt(session_key_int, session_key_int,
1026 sensitive_data.host_key);
1027 } else {
1028 /* Host key has bigger modulus (or they are equal). */
1029 if (BN_num_bits(sensitive_data.host_key->n) <
1030 BN_num_bits(sensitive_data.private_key->n) + SSH_KEY_BITS_RESERVED) {
1031 fatal("do_connection: %s: host_key %d < private_key %d + SSH_KEY_BITS_RESERVED %d",
1032 get_remote_ipaddr(),
1033 BN_num_bits(sensitive_data.host_key->n),
1034 BN_num_bits(sensitive_data.private_key->n),
1035 SSH_KEY_BITS_RESERVED);
1036 }
1037 rsa_private_decrypt(session_key_int, session_key_int,
1038 sensitive_data.host_key);
1039 rsa_private_decrypt(session_key_int, session_key_int,
1040 sensitive_data.private_key);
1041 }
1042
1043 /* Compute session id for this session. */
1044 compute_session_id(session_id, check_bytes,
1045 sensitive_data.host_key->n,
1046 sensitive_data.private_key->n);
1047
1048 /* Extract session key from the decrypted integer. The key is in
1049 the least significant 256 bits of the integer; the first byte
1050 of the key is in the highest bits. */
1051 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1052 len = BN_num_bytes(session_key_int);
1053 if (len < 0 || len > sizeof(session_key))
1054 fatal("do_connection: bad len from %s: session_key_int %d > sizeof(session_key) %d",
1055 get_remote_ipaddr(),
1056 len, sizeof(session_key));
1057 memset(session_key, 0, sizeof(session_key));
1058 BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
1059
1060 /* Xor the first 16 bytes of the session key with the session id. */
1061 for (i = 0; i < 16; i++)
1062 session_key[i] ^= session_id[i];
1063
1064 /* Destroy the decrypted integer. It is no longer needed. */
1065 BN_clear_free(session_key_int);
1066
1067 /* Set the session key. From this on all communications will be encrypted. */
1068 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
1069
1070 /* Destroy our copy of the session key. It is no longer needed. */
1071 memset(session_key, 0, sizeof(session_key));
1072
1073 debug("Received session key; encryption turned on.");
1074
1075 /* Send an acknowledgement packet. Note that this packet is sent encrypted. */
1076 packet_start(SSH_SMSG_SUCCESS);
1077 packet_send();
1078 packet_write_wait();
1079
1080 /* Get the name of the user that we wish to log in as. */
1081 packet_read_expect(&plen, SSH_CMSG_USER);
1082
1083 /* Get the user name. */
1084 {
1085 int ulen;
1086 user = packet_get_string(&ulen);
1087 packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
1088 }
1089
1090 /* Destroy the private and public keys. They will no longer be needed. */
1091 RSA_free(public_key);
1092 RSA_free(sensitive_data.private_key);
1093 RSA_free(sensitive_data.host_key);
8efc0c15 1094
5260325f 1095 setproctitle("%s", user);
1096 /* Do the authentication. */
1097 do_authentication(user);
1098}
8efc0c15 1099
5260325f 1100/*
1101 * Check if the user is allowed to log in via ssh. If user is listed in
1102 * DenyUsers or user's primary group is listed in DenyGroups, false will
1103 * be returned. If AllowUsers isn't empty and user isn't listed there, or
1104 * if AllowGroups isn't empty and user isn't listed there, false will be
1105 * returned. Otherwise true is returned.
1106 * XXX This function should also check if user has a valid shell
1107 */
8efc0c15 1108static int
5260325f 1109allowed_user(struct passwd * pw)
8efc0c15 1110{
5260325f 1111 struct group *grp;
1112 int i;
1113
1114 /* Shouldn't be called if pw is NULL, but better safe than sorry... */
1115 if (!pw)
1116 return 0;
1117
1118 /* XXX Should check for valid login shell */
1119
1120 /* Return false if user is listed in DenyUsers */
1121 if (options.num_deny_users > 0) {
1122 if (!pw->pw_name)
1123 return 0;
1124 for (i = 0; i < options.num_deny_users; i++)
1125 if (match_pattern(pw->pw_name, options.deny_users[i]))
1126 return 0;
1127 }
1128 /* Return false if AllowUsers isn't empty and user isn't listed
1129 there */
1130 if (options.num_allow_users > 0) {
1131 if (!pw->pw_name)
1132 return 0;
1133 for (i = 0; i < options.num_allow_users; i++)
1134 if (match_pattern(pw->pw_name, options.allow_users[i]))
1135 break;
1136 /* i < options.num_allow_users iff we break for loop */
1137 if (i >= options.num_allow_users)
1138 return 0;
1139 }
1140 /* Get the primary group name if we need it. Return false if it fails */
1141 if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
1142 grp = getgrgid(pw->pw_gid);
1143 if (!grp)
1144 return 0;
1145
1146 /* Return false if user's group is listed in DenyGroups */
1147 if (options.num_deny_groups > 0) {
1148 if (!grp->gr_name)
1149 return 0;
1150 for (i = 0; i < options.num_deny_groups; i++)
1151 if (match_pattern(grp->gr_name, options.deny_groups[i]))
1152 return 0;
1153 }
1154 /* Return false if AllowGroups isn't empty and user's
1155 group isn't listed there */
1156 if (options.num_allow_groups > 0) {
1157 if (!grp->gr_name)
1158 return 0;
1159 for (i = 0; i < options.num_allow_groups; i++)
1160 if (match_pattern(grp->gr_name, options.allow_groups[i]))
1161 break;
1162 /* i < options.num_allow_groups iff we break for
1163 loop */
1164 if (i >= options.num_allow_groups)
1165 return 0;
1166 }
1167 }
1168 /* We found no reason not to let this user try to log on... */
1169 return 1;
8efc0c15 1170}
1171
5260325f 1172/*
1173 * Performs authentication of an incoming connection. Session key has already
1174 * been exchanged and encryption is enabled. User is the user name to log
1175 * in as (received from the client).
1176 */
8efc0c15 1177void
e7c0f9d5 1178do_authentication(char *user)
8efc0c15 1179{
5260325f 1180 struct passwd *pw, pwcopy;
e7c0f9d5 1181
8efc0c15 1182#ifdef AFS
5260325f 1183 /* If machine has AFS, set process authentication group. */
1184 if (k_hasafs()) {
1185 k_setpag();
1186 k_unlog();
1187 }
8efc0c15 1188#endif /* AFS */
5260325f 1189
1190 /* Verify that the user is a valid user. */
1191 pw = getpwnam(user);
1192 if (!pw || !allowed_user(pw))
1193 do_fake_authloop(user);
1194
1195 /* Take a copy of the returned structure. */
1196 memset(&pwcopy, 0, sizeof(pwcopy));
1197 pwcopy.pw_name = xstrdup(pw->pw_name);
1198 pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
1199 pwcopy.pw_uid = pw->pw_uid;
1200 pwcopy.pw_gid = pw->pw_gid;
1201 pwcopy.pw_dir = xstrdup(pw->pw_dir);
1202 pwcopy.pw_shell = xstrdup(pw->pw_shell);
1203 pw = &pwcopy;
8efc0c15 1204
5aecb327 1205#ifdef HAVE_LIBPAM
5260325f 1206 {
1207 int pam_retval;
1208
1209 debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
e7c0f9d5 1210
5260325f 1211 pam_retval = pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh);
1212 if (pam_retval != PAM_SUCCESS)
1213 fatal("PAM initialisation failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
e7c0f9d5 1214
5260325f 1215 fatal_add_cleanup(&pam_cleanup_proc, NULL);
1216 }
5aecb327 1217#endif
0183ea1c 1218
5260325f 1219 /* If we are not running as root, the user must have the same uid
1220 as the server. */
1221 if (getuid() != 0 && pw->pw_uid != getuid())
1222 packet_disconnect("Cannot change user when server not running as root.");
8efc0c15 1223
5260325f 1224 debug("Attempting authentication for %.100s.", user);
8efc0c15 1225
5260325f 1226 /* If the user has no password, accept authentication immediately. */
1227 if (options.password_authentication &&
8efc0c15 1228#ifdef KRB4
5260325f 1229 (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
8efc0c15 1230#endif /* KRB4 */
5260325f 1231 auth_password(pw, "")) {
1232 /* Authentication with empty password succeeded. */
1233 log("Login for user %s from %.100s, accepted without authentication.",
1234 pw->pw_name, get_remote_ipaddr());
1235 } else {
1236 /* Loop until the user has been authenticated or the
1237 connection is closed, do_authloop() returns only if
1238 authentication is successfull */
1239 do_authloop(pw);
1240 }
1241
1242 /* Check if the user is logging in as root and root logins are disallowed. */
1243 if (pw->pw_uid == 0 && !options.permit_root_login) {
1244 if (forced_command)
1245 log("Root login accepted for forced command.");
1246 else
1247 packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
1248 get_canonical_hostname());
1249 }
1250 /* The user has been authenticated and accepted. */
1251 packet_start(SSH_SMSG_SUCCESS);
1252 packet_send();
1253 packet_write_wait();
1254
1255 /* Perform session preparation. */
1256 do_authenticated(pw);
e7c0f9d5 1257}
8efc0c15 1258
5260325f 1259#define AUTH_FAIL_MAX 6
1260#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
1261#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
e7c0f9d5 1262
5260325f 1263/*
1264 * read packets and try to authenticate local user *pw.
1265 * return if authentication is successfull
1266 */
e7c0f9d5 1267void
5260325f 1268do_authloop(struct passwd * pw)
e7c0f9d5 1269{
5260325f 1270 int attempt = 0;
1271 unsigned int bits;
1272 BIGNUM *client_host_key_e, *client_host_key_n;
1273 BIGNUM *n;
1274 char *client_user = NULL, *password = NULL;
1275 char user[1024];
1276 int plen, dlen, nlen, ulen, elen;
1277 int type = 0;
1278 void (*authlog) (const char *fmt,...) = verbose;
c75a1a66 1279#ifdef HAVE_LIBPAM
5260325f 1280 int pam_retval;
c75a1a66 1281#endif /* HAVE_LIBPAM */
e7c0f9d5 1282
5260325f 1283 /* Indicate that authentication is needed. */
1284 packet_start(SSH_SMSG_FAILURE);
1285 packet_send();
1286 packet_write_wait();
e7c0f9d5 1287
5260325f 1288 for (attempt = 1;; attempt++) {
1289 int authenticated = 0;
1290 strlcpy(user, "", sizeof user);
e7c0f9d5 1291
5260325f 1292 /* Get a packet from the client. */
1293 type = packet_read(&plen);
1294
1295 /* Process the packet. */
1296 switch (type) {
e7c0f9d5 1297#ifdef AFS
5260325f 1298 case SSH_CMSG_HAVE_KERBEROS_TGT:
1299 if (!options.kerberos_tgt_passing) {
1300 /* packet_get_all(); */
1301 verbose("Kerberos tgt passing disabled.");
1302 break;
1303 } else {
1304 /* Accept Kerberos tgt. */
1305 char *tgt = packet_get_string(&dlen);
1306 packet_integrity_check(plen, 4 + dlen, type);
1307 if (!auth_kerberos_tgt(pw, tgt))
1308 verbose("Kerberos tgt REFUSED for %s", pw->pw_name);
1309 xfree(tgt);
1310 }
1311 continue;
1312
1313 case SSH_CMSG_HAVE_AFS_TOKEN:
1314 if (!options.afs_token_passing || !k_hasafs()) {
1315 /* packet_get_all(); */
1316 verbose("AFS token passing disabled.");
1317 break;
1318 } else {
1319 /* Accept AFS token. */
1320 char *token_string = packet_get_string(&dlen);
1321 packet_integrity_check(plen, 4 + dlen, type);
1322 if (!auth_afs_token(pw, token_string))
1323 verbose("AFS token REFUSED for %s", pw->pw_name);
1324 xfree(token_string);
1325 }
1326 continue;
8efc0c15 1327#endif /* AFS */
e7c0f9d5 1328#ifdef KRB4
5260325f 1329 case SSH_CMSG_AUTH_KERBEROS:
1330 if (!options.kerberos_authentication) {
1331 /* packet_get_all(); */
1332 verbose("Kerberos authentication disabled.");
1333 break;
1334 } else {
1335 /* Try Kerberos v4 authentication. */
1336 KTEXT_ST auth;
1337 char *tkt_user = NULL;
1338 char *kdata = packet_get_string((unsigned int *) &auth.length);
1339 packet_integrity_check(plen, 4 + auth.length, type);
1340
1341 if (auth.length < MAX_KTXT_LEN)
1342 memcpy(auth.dat, kdata, auth.length);
1343 xfree(kdata);
1344
1345 authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user);
1346
1347 if (authenticated) {
1348 snprintf(user, sizeof user, " tktuser %s", tkt_user);
1349 xfree(tkt_user);
1350 }
1351 }
1352 break;
e7c0f9d5 1353#endif /* KRB4 */
5260325f 1354
1355 case SSH_CMSG_AUTH_RHOSTS:
1356 if (!options.rhosts_authentication) {
1357 verbose("Rhosts authentication disabled.");
1358 break;
1359 }
1360 /* Get client user name. Note that we just have
1361 to trust the client; this is one reason why
1362 rhosts authentication is insecure. (Another is
1363 IP-spoofing on a local network.) */
1364 client_user = packet_get_string(&ulen);
1365 packet_integrity_check(plen, 4 + ulen, type);
1366
1367 /* Try to authenticate using /etc/hosts.equiv and
1368 .rhosts. */
1369 authenticated = auth_rhosts(pw, client_user);
1370
1371 snprintf(user, sizeof user, " ruser %s", client_user);
5aecb327 1372#ifndef HAVE_LIBPAM
5260325f 1373 xfree(client_user);
5aecb327 1374#endif /* HAVE_LIBPAM */
5260325f 1375 break;
1376
1377 case SSH_CMSG_AUTH_RHOSTS_RSA:
1378 if (!options.rhosts_rsa_authentication) {
1379 verbose("Rhosts with RSA authentication disabled.");
1380 break;
1381 }
1382 /* Get client user name. Note that we just have
1383 to trust the client; root on the client machine
1384 can claim to be any user. */
1385 client_user = packet_get_string(&ulen);
1386
1387 /* Get the client host key. */
1388 client_host_key_e = BN_new();
1389 client_host_key_n = BN_new();
1390 bits = packet_get_int();
1391 packet_get_bignum(client_host_key_e, &elen);
1392 packet_get_bignum(client_host_key_n, &nlen);
1393
1394 if (bits != BN_num_bits(client_host_key_n))
1395 error("Warning: keysize mismatch for client_host_key: "
1396 "actual %d, announced %d", BN_num_bits(client_host_key_n), bits);
1397 packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
1398
1399 authenticated = auth_rhosts_rsa(pw, client_user,
1400 client_host_key_e, client_host_key_n);
1401 BN_clear_free(client_host_key_e);
1402 BN_clear_free(client_host_key_n);
1403
1404 snprintf(user, sizeof user, " ruser %s", client_user);
5aecb327 1405#ifndef HAVE_LIBPAM
5260325f 1406 xfree(client_user);
5aecb327 1407#endif /* HAVE_LIBPAM */
5260325f 1408 break;
1409
1410 case SSH_CMSG_AUTH_RSA:
1411 if (!options.rsa_authentication) {
1412 verbose("RSA authentication disabled.");
1413 break;
1414 }
1415 /* RSA authentication requested. */
1416 n = BN_new();
1417 packet_get_bignum(n, &nlen);
1418 packet_integrity_check(plen, nlen, type);
1419 authenticated = auth_rsa(pw, n);
1420 BN_clear_free(n);
1421 break;
1422
1423 case SSH_CMSG_AUTH_PASSWORD:
1424 if (!options.password_authentication) {
1425 verbose("Password authentication disabled.");
1426 break;
1427 }
1428 /* Read user password. It is in plain text, but
1429 was transmitted over the encrypted channel so
1430 it is not visible to an outside observer. */
1431 password = packet_get_string(&dlen);
1432 packet_integrity_check(plen, 4 + dlen, type);
1433
5aecb327 1434#ifdef HAVE_LIBPAM
5260325f 1435 /* Do PAM auth with password */
1436 pampasswd = password;
1437 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1438 if (pam_retval == PAM_SUCCESS) {
1439 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
1440 authenticated = 1;
1441 break;
1442 }
1443
1444 log("PAM Password authentication for \"%.100s\" failed: %s",
1445 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
1446 break;
5aecb327 1447#else /* HAVE_LIBPAM */
5260325f 1448 /* Try authentication with the password. */
1449 authenticated = auth_password(pw, password);
1450
1451 memset(password, 0, strlen(password));
1452 xfree(password);
1453 break;
e7c0f9d5 1454#endif /* HAVE_LIBPAM */
5260325f 1455
1456#ifdef SKEY
1457 case SSH_CMSG_AUTH_TIS:
1458 debug("rcvd SSH_CMSG_AUTH_TIS");
1459 if (options.skey_authentication == 1) {
1460 char *skeyinfo = skey_keyinfo(pw->pw_name);
1461 if (skeyinfo == NULL) {
1462 debug("generating fake skeyinfo for %.100s.", pw->pw_name);
1463 skeyinfo = skey_fake_keyinfo(pw->pw_name);
1464 }
1465 if (skeyinfo != NULL) {
1466 /* we send our s/key- in
1467 tis-challenge messages */
1468 debug("sending challenge '%s'", skeyinfo);
1469 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
1470 packet_put_string(skeyinfo, strlen(skeyinfo));
1471 packet_send();
1472 packet_write_wait();
1473 continue;
1474 }
1475 }
1476 break;
1477 case SSH_CMSG_AUTH_TIS_RESPONSE:
1478 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
1479 if (options.skey_authentication == 1) {
1480 char *response = packet_get_string(&dlen);
1481 debug("skey response == '%s'", response);
1482 packet_integrity_check(plen, 4 + dlen, type);
1483 authenticated = (skey_haskey(pw->pw_name) == 0 &&
1484 skey_passcheck(pw->pw_name, response) != -1);
1485 xfree(response);
1486 }
1487 break;
1488#else
1489 case SSH_CMSG_AUTH_TIS:
1490 /* TIS Authentication is unsupported */
1491 log("TIS authentication unsupported.");
1492 break;
1493#endif
1494
1495 default:
1496 /* Any unknown messages will be ignored (and
1497 failure returned) during authentication. */
1498 log("Unknown message during authentication: type %d", type);
1499 break;
1500 }
1501
1502 /* Raise logging level */
1503 if (authenticated ||
1504 attempt == AUTH_FAIL_LOG ||
1505 type == SSH_CMSG_AUTH_PASSWORD)
1506 authlog = log;
1507
1508 authlog("%s %s for %.200s from %.200s port %d%s",
1509 authenticated ? "Accepted" : "Failed",
1510 get_authname(type),
1511 pw->pw_uid == 0 ? "ROOT" : pw->pw_name,
1512 get_remote_ipaddr(),
1513 get_remote_port(),
1514 user);
8efc0c15 1515
5aecb327 1516#ifdef HAVE_LIBPAM
5260325f 1517 do_pam_account_and_session(pw->pw_name, client_user,
1518 get_canonical_hostname());
d813bc69 1519
5260325f 1520 /* Clean up */
1521 if (client_user != NULL)
1522 xfree(client_user);
d813bc69 1523
5260325f 1524 if (password != NULL) {
1525 memset(password, 0, strlen(password));
1526 xfree(password);
1527 }
5aecb327 1528#endif /* HAVE_LIBPAM */
5260325f 1529
1530 if (authenticated)
1531 return;
1532
1533 if (attempt > AUTH_FAIL_MAX)
1534 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1535
1536 /* Send a message indicating that the authentication attempt failed. */
1537 packet_start(SSH_SMSG_FAILURE);
1538 packet_send();
1539 packet_write_wait();
1540 }
8efc0c15 1541}
1542
5260325f 1543/*
1544 * The user does not exist or access is denied,
1545 * but fake indication that authentication is needed.
1546 */
e7c0f9d5 1547void
1548do_fake_authloop(char *user)
0183ea1c 1549{
5260325f 1550 int attempt = 0;
1551
1552 log("Faking authloop for illegal user %.200s from %.200s port %d",
1553 user,
1554 get_remote_ipaddr(),
1555 get_remote_port());
1556
1557 /* Indicate that authentication is needed. */
1558 packet_start(SSH_SMSG_FAILURE);
1559 packet_send();
1560 packet_write_wait();
1561
1562 /* Keep reading packets, and always respond with a failure. This
1563 is to avoid disclosing whether such a user really exists. */
1564 for (attempt = 1;; attempt++) {
1565 /* Read a packet. This will not return if the client
1566 disconnects. */
1567 int plen;
1568 int type = packet_read(&plen);
e7c0f9d5 1569#ifdef SKEY
5260325f 1570 int dlen;
1571 char *password, *skeyinfo;
1572 if (options.password_authentication &&
1573 options.skey_authentication == 1 &&
1574 type == SSH_CMSG_AUTH_PASSWORD &&
1575 (password = packet_get_string(&dlen)) != NULL &&
1576 dlen == 5 &&
1577 strncasecmp(password, "s/key", 5) == 0 &&
1578 (skeyinfo = skey_fake_keyinfo(user)) != NULL) {
1579 /* Send a fake s/key challenge. */
1580 packet_send_debug(skeyinfo);
1581 }
e7c0f9d5 1582#endif
5260325f 1583 if (attempt > AUTH_FAIL_MAX)
1584 packet_disconnect(AUTH_FAIL_MSG, user);
1585
1586 /* Send failure. This should be indistinguishable from a
1587 failed authentication. */
1588 packet_start(SSH_SMSG_FAILURE);
1589 packet_send();
1590 packet_write_wait();
1591 }
1592 /* NOTREACHED */
1593 abort();
0183ea1c 1594}
1595
e7c0f9d5 1596
5260325f 1597/*
1598 * Remove local Xauthority file.
1599 */
6a17f9c2 1600static void
1601xauthfile_cleanup_proc(void *ignore)
1602{
5260325f 1603 debug("xauthfile_cleanup_proc called");
6a17f9c2 1604
5260325f 1605 if (xauthfile != NULL) {
1606 unlink(xauthfile);
1607 xfree(xauthfile);
1608 xauthfile = NULL;
1609 }
6a17f9c2 1610}
1611
5260325f 1612/*
1613 * Prepares for an interactive session. This is called after the user has
1614 * been successfully authenticated. During this message exchange, pseudo
1615 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
1616 * are requested, etc.
1617 */
1618void
1619do_authenticated(struct passwd * pw)
8efc0c15 1620{
5260325f 1621 int type;
1622 int compression_level = 0, enable_compression_after_reply = 0;
1623 int have_pty = 0, ptyfd = -1, ttyfd = -1, xauthfd = -1;
1624 int row, col, xpixel, ypixel, screen;
1625 char ttyname[64];
1626 char *command, *term = NULL, *display = NULL, *proto = NULL,
1627 *data = NULL;
1628 struct group *grp;
1629 gid_t tty_gid;
1630 mode_t tty_mode;
1631 int n_bytes;
1632
1633 /* Cancel the alarm we set to limit the time taken for
1634 authentication. */
1635 alarm(0);
1636
1637 /* Inform the channel mechanism that we are the server side and
1638 that the client may request to connect to any port at all.
1639 (The user could do it anyway, and we wouldn\'t know what is
1640 permitted except by the client telling us, so we can equally
1641 well trust the client not to request anything bogus.) */
1642 channel_permit_all_opens();
1643
1644 /* We stay in this loop until the client requests to execute a
1645 shell or a command. */
1646 while (1) {
1647 int plen, dlen;
1648
1649 /* Get a packet from the client. */
1650 type = packet_read(&plen);
1651
1652 /* Process the packet. */
1653 switch (type) {
1654 case SSH_CMSG_REQUEST_COMPRESSION:
1655 packet_integrity_check(plen, 4, type);
1656 compression_level = packet_get_int();
1657 if (compression_level < 1 || compression_level > 9) {
1658 packet_send_debug("Received illegal compression level %d.",
1659 compression_level);
1660 goto fail;
1661 }
1662 /* Enable compression after we have responded with SUCCESS. */
1663 enable_compression_after_reply = 1;
1664 break;
1665
1666 case SSH_CMSG_REQUEST_PTY:
1667 if (no_pty_flag) {
1668 debug("Allocating a pty not permitted for this authentication.");
1669 goto fail;
1670 }
1671 if (have_pty)
1672 packet_disconnect("Protocol error: you already have a pty.");
1673
1674 debug("Allocating pty.");
1675
1676 /* Allocate a pty and open it. */
1677 if (!pty_allocate(&ptyfd, &ttyfd, ttyname)) {
1678 error("Failed to allocate pty.");
1679 goto fail;
1680 }
1681 /* Determine the group to make the owner of the tty. */
1682 grp = getgrnam("tty");
1683 if (grp) {
1684 tty_gid = grp->gr_gid;
1685 tty_mode = S_IRUSR | S_IWUSR | S_IWGRP;
1686 } else {
1687 tty_gid = pw->pw_gid;
1688 tty_mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
1689 }
1690
1691 /* Change ownership of the tty. */
1692 if (chown(ttyname, pw->pw_uid, tty_gid) < 0)
1693 fatal("chown(%.100s, %d, %d) failed: %.100s",
1694 ttyname, pw->pw_uid, tty_gid, strerror(errno));
1695 if (chmod(ttyname, tty_mode) < 0)
1696 fatal("chmod(%.100s, 0%o) failed: %.100s",
1697 ttyname, tty_mode, strerror(errno));
1698
1699 /* Get TERM from the packet. Note that the value may be of arbitrary length. */
1700 term = packet_get_string(&dlen);
1701 packet_integrity_check(dlen, strlen(term), type);
1702 /* packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type); */
1703 /* Remaining bytes */
1704 n_bytes = plen - (4 + dlen + 4 * 4);
1705
1706 if (strcmp(term, "") == 0)
1707 term = NULL;
1708
1709 /* Get window size from the packet. */
1710 row = packet_get_int();
1711 col = packet_get_int();
1712 xpixel = packet_get_int();
1713 ypixel = packet_get_int();
1714 pty_change_window_size(ptyfd, row, col, xpixel, ypixel);
1715
1716 /* Get tty modes from the packet. */
1717 tty_parse_modes(ttyfd, &n_bytes);
1718 packet_integrity_check(plen, 4 + dlen + 4 * 4 + n_bytes, type);
1719
1720 /* Indicate that we now have a pty. */
1721 have_pty = 1;
1722 break;
1723
1724 case SSH_CMSG_X11_REQUEST_FORWARDING:
1725 if (!options.x11_forwarding) {
1726 packet_send_debug("X11 forwarding disabled in server configuration file.");
1727 goto fail;
1728 }
8efc0c15 1729#ifdef XAUTH_PATH
5260325f 1730 if (no_x11_forwarding_flag) {
1731 packet_send_debug("X11 forwarding not permitted for this authentication.");
1732 goto fail;
1733 }
1734 debug("Received request for X11 forwarding with auth spoofing.");
1735 if (display)
1736 packet_disconnect("Protocol error: X11 display already set.");
1737 {
1738 int proto_len, data_len;
1739 proto = packet_get_string(&proto_len);
1740 data = packet_get_string(&data_len);
1741 packet_integrity_check(plen, 4 + proto_len + 4 + data_len + 4, type);
1742 }
1743 if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER)
1744 screen = packet_get_int();
1745 else
1746 screen = 0;
1747 display = x11_create_display_inet(screen);
1748 if (!display)
1749 goto fail;
1750
1751 /* Setup to always have a local .Xauthority. */
1752 xauthfile = xmalloc(MAXPATHLEN);
1753 snprintf(xauthfile, MAXPATHLEN, "/tmp/XauthXXXXXX");
1754
1755 if ((xauthfd = mkstemp(xauthfile)) != -1) {
1756 fchown(xauthfd, pw->pw_uid, pw->pw_gid);
1757 close(xauthfd);
1758 fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
1759 } else {
1760 xfree(xauthfile);
1761 xauthfile = NULL;
1762 }
1763 break;
8efc0c15 1764#else /* XAUTH_PATH */
5260325f 1765 packet_send_debug("No xauth program; cannot forward with spoofing.");
1766 goto fail;
8efc0c15 1767#endif /* XAUTH_PATH */
1768
5260325f 1769 case SSH_CMSG_AGENT_REQUEST_FORWARDING:
1770 if (no_agent_forwarding_flag) {
1771 debug("Authentication agent forwarding not permitted for this authentication.");
1772 goto fail;
1773 }
1774 debug("Received authentication agent forwarding request.");
1775 auth_input_request_forwarding(pw);
1776 break;
1777
1778 case SSH_CMSG_PORT_FORWARD_REQUEST:
1779 if (no_port_forwarding_flag) {
1780 debug("Port forwarding not permitted for this authentication.");
1781 goto fail;
1782 }
1783 debug("Received TCP/IP port forwarding request.");
1784 channel_input_port_forward_request(pw->pw_uid == 0);
1785 break;
1786
1787 case SSH_CMSG_MAX_PACKET_SIZE:
1788 if (packet_set_maxsize(packet_get_int()) < 0)
1789 goto fail;
1790 break;
1791
1792 case SSH_CMSG_EXEC_SHELL:
1793 /* Set interactive/non-interactive mode. */
1794 packet_set_interactive(have_pty || display != NULL,
1795 options.keepalives);
1796
1797 if (forced_command != NULL)
1798 goto do_forced_command;
1799 debug("Forking shell.");
1800 packet_integrity_check(plen, 0, type);
1801 if (have_pty)
1802 do_exec_pty(NULL, ptyfd, ttyfd, ttyname, pw, term, display, proto, data);
1803 else
1804 do_exec_no_pty(NULL, pw, display, proto, data);
1805 return;
1806
1807 case SSH_CMSG_EXEC_CMD:
1808 /* Set interactive/non-interactive mode. */
1809 packet_set_interactive(have_pty || display != NULL,
1810 options.keepalives);
1811
1812 if (forced_command != NULL)
1813 goto do_forced_command;
1814 /* Get command from the packet. */
1815 {
1816 int dlen;
1817 command = packet_get_string(&dlen);
1818 debug("Executing command '%.500s'", command);
1819 packet_integrity_check(plen, 4 + dlen, type);
1820 }
1821 if (have_pty)
1822 do_exec_pty(command, ptyfd, ttyfd, ttyname, pw, term, display, proto, data);
1823 else
1824 do_exec_no_pty(command, pw, display, proto, data);
1825 xfree(command);
1826 return;
1827
1828 default:
1829 /* Any unknown messages in this phase are ignored,
1830 and a failure message is returned. */
1831 log("Unknown packet type received after authentication: %d", type);
1832 goto fail;
1833 }
8efc0c15 1834
5260325f 1835 /* The request was successfully processed. */
1836 packet_start(SSH_SMSG_SUCCESS);
1837 packet_send();
1838 packet_write_wait();
8efc0c15 1839
5260325f 1840 /* Enable compression now that we have replied if appropriate. */
1841 if (enable_compression_after_reply) {
1842 enable_compression_after_reply = 0;
1843 packet_start_compression(compression_level);
1844 }
1845 continue;
8efc0c15 1846
5260325f 1847fail:
1848 /* The request failed. */
1849 packet_start(SSH_SMSG_FAILURE);
1850 packet_send();
1851 packet_write_wait();
1852 continue;
8efc0c15 1853
5260325f 1854do_forced_command:
1855 /* There is a forced command specified for this login.
1856 Execute it. */
1857 debug("Executing forced command: %.900s", forced_command);
1858 if (have_pty)
1859 do_exec_pty(forced_command, ptyfd, ttyfd, ttyname, pw, term, display, proto, data);
1860 else
1861 do_exec_no_pty(forced_command, pw, display, proto, data);
1862 return;
1863 }
1864}
8efc0c15 1865
5260325f 1866/*
1867 * This is called to fork and execute a command when we have no tty. This
1868 * will call do_child from the child, and server_loop from the parent after
1869 * setting up file descriptors and such.
1870 */
1871void
1872do_exec_no_pty(const char *command, struct passwd * pw,
1873 const char *display, const char *auth_proto,
1874 const char *auth_data)
1875{
1876 int pid;
8efc0c15 1877
1878#ifdef USE_PIPES
5260325f 1879 int pin[2], pout[2], perr[2];
1880 /* Allocate pipes for communicating with the program. */
1881 if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
1882 packet_disconnect("Could not create pipes: %.100s",
1883 strerror(errno));
8efc0c15 1884#else /* USE_PIPES */
5260325f 1885 int inout[2], err[2];
1886 /* Uses socket pairs to communicate with the program. */
1887 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
1888 socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
1889 packet_disconnect("Could not create socket pairs: %.100s",
1890 strerror(errno));
8efc0c15 1891#endif /* USE_PIPES */
8efc0c15 1892
5260325f 1893 setproctitle("%s@notty", pw->pw_name);
8efc0c15 1894
5260325f 1895 /* Fork the child. */
1896 if ((pid = fork()) == 0) {
1897 /* Child. Reinitialize the log since the pid has changed. */
1898 log_init(av0, options.log_level, options.log_facility, log_stderr);
1899
1900 /* Create a new session and process group since the 4.4BSD
1901 setlogin() affects the entire process group. */
1902 if (setsid() < 0)
1903 error("setsid failed: %.100s", strerror(errno));
8efc0c15 1904
1905#ifdef USE_PIPES
5260325f 1906 /* Redirect stdin. We close the parent side of the socket
1907 pair, and make the child side the standard input. */
1908 close(pin[1]);
1909 if (dup2(pin[0], 0) < 0)
1910 perror("dup2 stdin");
1911 close(pin[0]);
1912
1913 /* Redirect stdout. */
1914 close(pout[0]);
1915 if (dup2(pout[1], 1) < 0)
1916 perror("dup2 stdout");
1917 close(pout[1]);
1918
1919 /* Redirect stderr. */
1920 close(perr[0]);
1921 if (dup2(perr[1], 2) < 0)
1922 perror("dup2 stderr");
1923 close(perr[1]);
8efc0c15 1924#else /* USE_PIPES */
5260325f 1925 /* Redirect stdin, stdout, and stderr. Stdin and stdout
1926 will use the same socket, as some programs
1927 (particularly rdist) seem to depend on it. */
1928 close(inout[1]);
1929 close(err[1]);
1930 if (dup2(inout[0], 0) < 0) /* stdin */
1931 perror("dup2 stdin");
1932 if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
1933 perror("dup2 stdout");
1934 if (dup2(err[0], 2) < 0) /* stderr */
1935 perror("dup2 stderr");
8efc0c15 1936#endif /* USE_PIPES */
1937
5260325f 1938 /* Do processing for the child (exec command etc). */
1939 do_child(command, pw, NULL, display, auth_proto, auth_data, NULL);
1940 /* NOTREACHED */
1941 }
1942 if (pid < 0)
1943 packet_disconnect("fork failed: %.100s", strerror(errno));
8efc0c15 1944#ifdef USE_PIPES
5260325f 1945 /* We are the parent. Close the child sides of the pipes. */
1946 close(pin[0]);
1947 close(pout[1]);
1948 close(perr[1]);
1949
1950 /* Enter the interactive session. */
1951 server_loop(pid, pin[1], pout[0], perr[0]);
1952 /* server_loop has closed pin[1], pout[1], and perr[1]. */
8efc0c15 1953#else /* USE_PIPES */
5260325f 1954 /* We are the parent. Close the child sides of the socket pairs. */
1955 close(inout[0]);
1956 close(err[0]);
1957
1958 /* Enter the interactive session. Note: server_loop must be able
1959 to handle the case that fdin and fdout are the same. */
1960 server_loop(pid, inout[1], inout[1], err[1]);
1961 /* server_loop has closed inout[1] and err[1]. */
8efc0c15 1962#endif /* USE_PIPES */
1963}
1964
5260325f 1965struct pty_cleanup_context {
1966 const char *ttyname;
1967 int pid;
8efc0c15 1968};
1969
5260325f 1970/*
1971 * Function to perform cleanup if we get aborted abnormally (e.g., due to a
1972 * dropped connection).
1973 */
1974void
1975pty_cleanup_proc(void *context)
8efc0c15 1976{
5260325f 1977 struct pty_cleanup_context *cu = context;
8efc0c15 1978
5260325f 1979 debug("pty_cleanup_proc called");
8efc0c15 1980
5260325f 1981 /* Record that the user has logged out. */
1982 record_logout(cu->pid, cu->ttyname);
8efc0c15 1983
5260325f 1984 /* Release the pseudo-tty. */
1985 pty_release(cu->ttyname);
8efc0c15 1986}
1987
5260325f 1988/*
1989 * This is called to fork and execute a command when we have a tty. This
1990 * will call do_child from the child, and server_loop from the parent after
1991 * setting up file descriptors, controlling tty, updating wtmp, utmp,
1992 * lastlog, and other such operations.
1993 */
1994void
1995do_exec_pty(const char *command, int ptyfd, int ttyfd,
1996 const char *ttyname, struct passwd * pw, const char *term,
1997 const char *display, const char *auth_proto,
1998 const char *auth_data)
8efc0c15 1999{
5260325f 2000 int pid, fdout;
2001 const char *hostname;
2002 time_t last_login_time;
2003 char buf[100], *time_string;
2004 FILE *f;
2005 char line[256];
2006 struct stat st;
2007 int quiet_login;
2008 struct sockaddr_in from;
2009 int fromlen;
2010 struct pty_cleanup_context cleanup_context;
2011
2012 /* Get remote host name. */
2013 hostname = get_canonical_hostname();
2014
2015 /* Get the time when the user last logged in. Buf will be set to
2016 contain the hostname the last login was from. */
2017 if (!options.use_login) {
2018 last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
2019 buf, sizeof(buf));
8efc0c15 2020 }
5260325f 2021 setproctitle("%s@%s", pw->pw_name, strrchr(ttyname, '/') + 1);
2022
2023 /* Fork the child. */
2024 if ((pid = fork()) == 0) {
2025 pid = getpid();
2026
2027 /* Child. Reinitialize the log because the pid has
2028 changed. */
2029 log_init(av0, options.log_level, options.log_facility, log_stderr);
2030
2031 /* Close the master side of the pseudo tty. */
2032 close(ptyfd);
2033
2034 /* Make the pseudo tty our controlling tty. */
2035 pty_make_controlling_tty(&ttyfd, ttyname);
2036
2037 /* Redirect stdin from the pseudo tty. */
2038 if (dup2(ttyfd, fileno(stdin)) < 0)
2039 error("dup2 stdin failed: %.100s", strerror(errno));
2040
2041 /* Redirect stdout to the pseudo tty. */
2042 if (dup2(ttyfd, fileno(stdout)) < 0)
2043 error("dup2 stdin failed: %.100s", strerror(errno));
2044
2045 /* Redirect stderr to the pseudo tty. */
2046 if (dup2(ttyfd, fileno(stderr)) < 0)
2047 error("dup2 stdin failed: %.100s", strerror(errno));
2048
2049 /* Close the extra descriptor for the pseudo tty. */
2050 close(ttyfd);
2051
2052 /* Get IP address of client. This is needed because we
2053 want to record where the user logged in from. If the
2054 connection is not a socket, let the ip address be 0.0.0.0. */
2055 memset(&from, 0, sizeof(from));
2056 if (packet_get_connection_in() == packet_get_connection_out()) {
2057 fromlen = sizeof(from);
2058 if (getpeername(packet_get_connection_in(),
2059 (struct sockaddr *) & from, &fromlen) < 0) {
2060 debug("getpeername: %.100s", strerror(errno));
2061 fatal_cleanup();
2062 }
2063 }
2064 /* Record that there was a login on that terminal. */
2065 record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
2066 &from);
8efc0c15 2067
5260325f 2068 /* Check if .hushlogin exists. */
2069 snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
2070 quiet_login = stat(line, &st) >= 0;
e1a9c08d 2071
2072#ifdef HAVE_LIBPAM
5260325f 2073 /* output the results of the pamconv() */
2074 if (!quiet_login && pamconv_msg != NULL)
2075 fprintf(stderr, pamconv_msg);
e1a9c08d 2076#endif
8efc0c15 2077
5260325f 2078 /* If the user has logged in before, display the time of
2079 last login. However, don't display anything extra if a
2080 command has been specified (so that ssh can be used to
2081 execute commands on a remote machine without users
2082 knowing they are going to another machine). Login(1)
2083 will do this for us as well, so check if login(1) is used */
2084 if (command == NULL && last_login_time != 0 && !quiet_login &&
2085 !options.use_login) {
2086 /* Convert the date to a string. */
2087 time_string = ctime(&last_login_time);
2088 /* Remove the trailing newline. */
2089 if (strchr(time_string, '\n'))
2090 *strchr(time_string, '\n') = 0;
2091 /* Display the last login time. Host if displayed
2092 if known. */
2093 if (strcmp(buf, "") == 0)
2094 printf("Last login: %s\r\n", time_string);
2095 else
2096 printf("Last login: %s from %s\r\n", time_string, buf);
2097 }
2098 /* Print /etc/motd unless a command was specified or
2099 printing it was disabled in server options or login(1)
2100 will be used. Note that some machines appear to print
2101 it in /etc/profile or similar. */
2102 if (command == NULL && options.print_motd && !quiet_login &&
2103 !options.use_login) {
2104 /* Print /etc/motd if it exists. */
2105 f = fopen("/etc/motd", "r");
2106 if (f) {
2107 while (fgets(line, sizeof(line), f))
2108 fputs(line, stdout);
2109 fclose(f);
2110 }
2111 }
2112 /* Do common processing for the child, such as execing the command. */
2113 do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
2114 /* NOTREACHED */
8efc0c15 2115 }
5260325f 2116 if (pid < 0)
2117 packet_disconnect("fork failed: %.100s", strerror(errno));
2118 /* Parent. Close the slave side of the pseudo tty. */
2119 close(ttyfd);
2120
2121 /* Create another descriptor of the pty master side for use as the
2122 standard input. We could use the original descriptor, but this
2123 simplifies code in server_loop. The descriptor is bidirectional. */
2124 fdout = dup(ptyfd);
2125 if (fdout < 0)
2126 packet_disconnect("dup failed: %.100s", strerror(errno));
2127
2128 /* Add a cleanup function to clear the utmp entry and record logout
2129 time in case we call fatal() (e.g., the connection gets closed). */
2130 cleanup_context.pid = pid;
2131 cleanup_context.ttyname = ttyname;
2132 fatal_add_cleanup(pty_cleanup_proc, (void *) &cleanup_context);
2133
2134 /* Enter interactive session. */
2135 server_loop(pid, ptyfd, fdout, -1);
2136 /* server_loop has not closed ptyfd and fdout. */
2137
2138 /* Cancel the cleanup function. */
2139 fatal_remove_cleanup(pty_cleanup_proc, (void *) &cleanup_context);
2140
2141 /* Record that the user has logged out. */
2142 record_logout(pid, ttyname);
2143
2144 /* Release the pseudo-tty. */
2145 pty_release(ttyname);
2146
2147 /* Close the server side of the socket pairs. We must do this
2148 after the pty cleanup, so that another process doesn't get this
2149 pty while we're still cleaning up. */
2150 close(ptyfd);
2151 close(fdout);
8efc0c15 2152}
2153
5260325f 2154/*
2155 * Sets the value of the given variable in the environment. If the variable
2156 * already exists, its value is overriden.
2157 */
2158void
2159child_set_env(char ***envp, unsigned int *envsizep, const char *name,
2160 const char *value)
8efc0c15 2161{
5260325f 2162 unsigned int i, namelen;
2163 char **env;
2164
2165 /* Find the slot where the value should be stored. If the
2166 variable already exists, we reuse the slot; otherwise we append
2167 a new slot at the end of the array, expanding if necessary. */
2168 env = *envp;
2169 namelen = strlen(name);
2170 for (i = 0; env[i]; i++)
2171 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=')
2172 break;
2173 if (env[i]) {
2174 /* Name already exists. Reuse the slot. */
2175 xfree(env[i]);
2176 } else {
2177 /* New variable. Expand the array if necessary. */
2178 if (i >= (*envsizep) - 1) {
2179 (*envsizep) += 50;
2180 env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
2181 }
2182 /* Need to set the NULL pointer at end of array beyond the new slot. */
2183 env[i + 1] = NULL;
8efc0c15 2184 }
2185
5260325f 2186 /* Allocate space and format the variable in the appropriate slot. */
2187 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
2188 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
8efc0c15 2189}
2190
5260325f 2191/*
2192 * Reads environment variables from the given file and adds/overrides them
2193 * into the environment. If the file does not exist, this does nothing.
2194 * Otherwise, it must consist of empty lines, comments (line starts with '#')
2195 * and assignments of the form name=value. No other forms are allowed.
2196 */
2197void
2198read_environment_file(char ***env, unsigned int *envsize,
2199 const char *filename)
8efc0c15 2200{
5260325f 2201 FILE *f;
2202 char buf[4096];
2203 char *cp, *value;
2204
2205 /* Open the environment file. */
2206 f = fopen(filename, "r");
2207 if (!f)
2208 return;
2209
2210 /* Process each line. */
2211 while (fgets(buf, sizeof(buf), f)) {
2212 /* Skip leading whitespace. */
2213 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++);
2214
2215 /* Ignore empty and comment lines. */
2216 if (!*cp || *cp == '#' || *cp == '\n')
2217 continue;
2218
2219 /* Remove newline. */
2220 if (strchr(cp, '\n'))
2221 *strchr(cp, '\n') = '\0';
2222
2223 /* Find the equals sign. Its lack indicates badly
2224 formatted line. */
2225 value = strchr(cp, '=');
2226 if (value == NULL) {
2227 fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
2228 continue;
2229 }
2230 /* Replace the equals sign by nul, and advance value to
2231 the value string. */
2232 *value = '\0';
2233 value++;
8efc0c15 2234
5260325f 2235 /* Set the value in environment. */
2236 child_set_env(env, envsize, cp, value);
2237 }
8efc0c15 2238
5260325f 2239 fclose(f);
8efc0c15 2240}
2241
5260325f 2242/*
2243 * Performs common processing for the child, such as setting up the
2244 * environment, closing extra file descriptors, setting the user and group
2245 * ids, and executing the command or shell.
2246 */
2247void
2248do_child(const char *command, struct passwd * pw, const char *term,
2249 const char *display, const char *auth_proto,
2250 const char *auth_data, const char *ttyname)
8efc0c15 2251{
5260325f 2252 const char *shell, *cp = NULL;
2253 char buf[256];
2254 FILE *f;
2255 unsigned int envsize, i;
2256 char **env;
2257 extern char **environ;
2258 struct stat st;
2259 char *argv[10];
8efc0c15 2260
e1a9c08d 2261#ifndef HAVE_LIBPAM /* pam_nologin handles this */
5260325f 2262 /* Check /etc/nologin. */
2263 f = fopen("/etc/nologin", "r");
2264 if (f) {
2265 /* /etc/nologin exists. Print its contents and exit. */
2266 while (fgets(buf, sizeof(buf), f))
2267 fputs(buf, stderr);
2268 fclose(f);
2269 if (pw->pw_uid != 0)
2270 exit(254);
2271 }
e35c1dc2 2272#endif /* HAVE_LIBPAM */
2273
2274#ifdef HAVE_SETLOGIN
5260325f 2275 /* Set login name in the kernel. */
2276 if (setlogin(pw->pw_name) < 0)
2277 error("setlogin failed: %s", strerror(errno));
e35c1dc2 2278#endif /* HAVE_SETLOGIN */
8efc0c15 2279
5260325f 2280 /* Set uid, gid, and groups. */
2281 /* Login(1) does this as well, and it needs uid 0 for the "-h"
2282 switch, so we let login(1) to this for us. */
2283 if (!options.use_login) {
2284 if (getuid() == 0 || geteuid() == 0) {
2285 if (setgid(pw->pw_gid) < 0) {
2286 perror("setgid");
2287 exit(1);
2288 }
2289 /* Initialize the group list. */
2290 if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
2291 perror("initgroups");
2292 exit(1);
2293 }
2294 endgrent();
2295
2296 /* Permanently switch to the desired uid. */
2297 permanently_set_uid(pw->pw_uid);
2298 }
2299 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
2300 fatal("Failed to set uids to %d.", (int) pw->pw_uid);
2301 }
2302 /* Get the shell from the password data. An empty shell field is
2303 legal, and means /bin/sh. */
2304 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
8efc0c15 2305
2306#ifdef AFS
5260325f 2307 /* Try to get AFS tokens for the local cell. */
2308 if (k_hasafs()) {
2309 char cell[64];
2310
2311 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
2312 krb_afslog(cell, 0);
2313
2314 krb_afslog(0, 0);
2315 }
8efc0c15 2316#endif /* AFS */
5260325f 2317
2318 /* Initialize the environment. In the first part we allocate
2319 space for all environment variables. */
2320 envsize = 100;
2321 env = xmalloc(envsize * sizeof(char *));
2322 env[0] = NULL;
2323
2324 if (!options.use_login) {
2325 /* Set basic environment. */
2326 child_set_env(&env, &envsize, "USER", pw->pw_name);
2327 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
2328 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
2329 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
2330
2331 snprintf(buf, sizeof buf, "%.200s/%.50s",
2332 _PATH_MAILDIR, pw->pw_name);
2333 child_set_env(&env, &envsize, "MAIL", buf);
2334
2335 /* Normal systems set SHELL by default. */
2336 child_set_env(&env, &envsize, "SHELL", shell);
2337 }
2338 /* Let it inherit timezone if we have one. */
2339 if (getenv("TZ"))
2340 child_set_env(&env, &envsize, "TZ", getenv("TZ"));
2341
2342 /* Set custom environment options from RSA authentication. */
2343 while (custom_environment) {
2344 struct envstring *ce = custom_environment;
2345 char *s = ce->s;
2346 int i;
2347 for (i = 0; s[i] != '=' && s[i]; i++);
2348 if (s[i] == '=') {
2349 s[i] = 0;
2350 child_set_env(&env, &envsize, s, s + i + 1);
2351 }
2352 custom_environment = ce->next;
2353 xfree(ce->s);
2354 xfree(ce);
8efc0c15 2355 }
8efc0c15 2356
5260325f 2357 /* Set SSH_CLIENT. */
2358 snprintf(buf, sizeof buf, "%.50s %d %d",
2359 get_remote_ipaddr(), get_remote_port(), options.port);
2360 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
8efc0c15 2361
5260325f 2362 /* Set SSH_TTY if we have a pty. */
2363 if (ttyname)
2364 child_set_env(&env, &envsize, "SSH_TTY", ttyname);
8efc0c15 2365
5260325f 2366 /* Set TERM if we have a pty. */
2367 if (term)
2368 child_set_env(&env, &envsize, "TERM", term);
8efc0c15 2369
5260325f 2370 /* Set DISPLAY if we have one. */
2371 if (display)
2372 child_set_env(&env, &envsize, "DISPLAY", display);
8efc0c15 2373
2374#ifdef KRB4
5260325f 2375 {
2376 extern char *ticket;
2377
2378 if (ticket)
2379 child_set_env(&env, &envsize, "KRBTKFILE", ticket);
2380 }
8efc0c15 2381#endif /* KRB4 */
2382
bb0dd7f6 2383#ifdef HAVE_LIBPAM
5260325f 2384 /* Pull in any environment variables that may have been set by PAM. */
2385 {
2386 char *equals, var_name[512], var_val[512];
2387 char **pam_env = pam_getenvlist((pam_handle_t *)pamh);
2388 int i;
2389 for(i = 0; pam_env && pam_env[i]; i++) {
2390 equals = strstr(pam_env[i], "=");
2391 if ((strlen(pam_env[i]) < (sizeof(var_name) - 1)) && (equals != NULL))
2392 {
2393 memset(var_name, '\0', sizeof(var_name));
2394 memset(var_val, '\0', sizeof(var_val));
2395 strncpy(var_name, pam_env[i], equals - pam_env[i]);
2396 strcpy(var_val, equals + 1);
2397 child_set_env(&env, &envsize, var_name, var_val);
2398 }
2399 }
2400 }
bb0dd7f6 2401#endif /* HAVE_LIBPAM */
2402
5260325f 2403 /* Set XAUTHORITY to always be a local file. */
2404 if (xauthfile)
2405 child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
2406
2407 /* Set variable for forwarded authentication connection, if we
2408 have one. */
2409 if (auth_get_socket_name() != NULL)
2410 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
2411 auth_get_socket_name());
2412
2413 /* Read $HOME/.ssh/environment. */
2414 if (!options.use_login) {
2415 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
2416 read_environment_file(&env, &envsize, buf);
2417 }
2418 /* If debugging, dump the environment to stderr. */
2419 if (debug_flag) {
2420 fprintf(stderr, "Environment:\n");
2421 for (i = 0; env[i]; i++)
2422 fprintf(stderr, " %.200s\n", env[i]);
2423 }
2424 /* Close the connection descriptors; note that this is the child,
2425 and the server will still have the socket open, and it is
2426 important that we do not shutdown it. Note that the
2427 descriptors cannot be closed before building the environment,
2428 as we call get_remote_ipaddr there. */
2429 if (packet_get_connection_in() == packet_get_connection_out())
2430 close(packet_get_connection_in());
2431 else {
2432 close(packet_get_connection_in());
2433 close(packet_get_connection_out());
2434 }
2435 /* Close all descriptors related to channels. They will still
2436 remain open in the parent. */
2437 channel_close_all();
2438
2439 /* Close any extra file descriptors. Note that there may still be
2440 descriptors left by system functions. They will be closed
2441 later. */
2442 endpwent();
2443 endhostent();
2444
2445 /* Close any extra open file descriptors so that we don\'t have
2446 them hanging around in clients. Note that we want to do this
2447 after initgroups, because at least on Solaris 2.3 it leaves
2448 file descriptors open. */
2449 for (i = 3; i < 64; i++)
2450 close(i);
2451
2452 /* Change current directory to the user\'s home directory. */
2453 if (chdir(pw->pw_dir) < 0)
2454 fprintf(stderr, "Could not chdir to home directory %s: %s\n",
2455 pw->pw_dir, strerror(errno));
2456
2457 /* Must take new environment into use so that .ssh/rc, /etc/sshrc
2458 and xauth are run in the proper environment. */
2459 environ = env;
2460
2461 /* Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found
2462 first in this order). */
2463 if (!options.use_login) {
2464 if (stat(SSH_USER_RC, &st) >= 0) {
2465 if (debug_flag)
2466 fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);
2467
2468 f = popen("/bin/sh " SSH_USER_RC, "w");
2469 if (f) {
2470 if (auth_proto != NULL && auth_data != NULL)
2471 fprintf(f, "%s %s\n", auth_proto, auth_data);
2472 pclose(f);
2473 } else
2474 fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
2475 } else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
2476 if (debug_flag)
2477 fprintf(stderr, "Running /bin/sh %s\n", SSH_SYSTEM_RC);
2478
2479 f = popen("/bin/sh " SSH_SYSTEM_RC, "w");
2480 if (f) {
2481 if (auth_proto != NULL && auth_data != NULL)
2482 fprintf(f, "%s %s\n", auth_proto, auth_data);
2483 pclose(f);
2484 } else
2485 fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
2486 }
8efc0c15 2487#ifdef XAUTH_PATH
5260325f 2488 else {
2489 /* Add authority data to .Xauthority if
2490 appropriate. */
2491 if (auth_proto != NULL && auth_data != NULL) {
2492 if (debug_flag)
2493 fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
2494 XAUTH_PATH, display, auth_proto, auth_data);
2495
2496 f = popen(XAUTH_PATH " -q -", "w");
2497 if (f) {
2498 fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
2499 fclose(f);
2500 } else
2501 fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
2502 }
2503 }
8efc0c15 2504#endif /* XAUTH_PATH */
2505
5260325f 2506 /* Get the last component of the shell name. */
2507 cp = strrchr(shell, '/');
2508 if (cp)
2509 cp++;
2510 else
2511 cp = shell;
2512 }
2513 /* If we have no command, execute the shell. In this case, the
2514 shell name to be passed in argv[0] is preceded by '-' to
2515 indicate that this is a login shell. */
2516 if (!command) {
2517 if (!options.use_login) {
2518 char buf[256];
2519
2520 /* Check for mail if we have a tty and it was
2521 enabled in server options. */
2522 if (ttyname && options.check_mail) {
2523 char *mailbox;
2524 struct stat mailstat;
2525 mailbox = getenv("MAIL");
2526 if (mailbox != NULL) {
2527 if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
2528 printf("No mail.\n");
2529 else if (mailstat.st_mtime < mailstat.st_atime)
2530 printf("You have mail.\n");
2531 else
2532 printf("You have new mail.\n");
2533 }
2534 }
2535 /* Start the shell. Set initial character to '-'. */
2536 buf[0] = '-';
2537 strncpy(buf + 1, cp, sizeof(buf) - 1);
2538 buf[sizeof(buf) - 1] = 0;
2539
2540 /* Execute the shell. */
2541 argv[0] = buf;
2542 argv[1] = NULL;
2543 execve(shell, argv, env);
2544
2545 /* Executing the shell failed. */
2546 perror(shell);
2547 exit(1);
2548
2549 } else {
2550 /* Launch login(1). */
2551
2552 execl(LOGIN_PROGRAM, "login", "-h", get_remote_ipaddr(),
2553 "-p", "-f", "--", pw->pw_name, NULL);
2554
2555 /* Login couldn't be executed, die. */
2556
2557 perror("login");
2558 exit(1);
2559 }
2560 }
2561 /* Execute the command using the user's shell. This uses the -c
2562 option to execute the command. */
2563 argv[0] = (char *) cp;
2564 argv[1] = "-c";
2565 argv[2] = (char *) command;
2566 argv[3] = NULL;
2567 execve(shell, argv, env);
2568 perror(shell);
2569 exit(1);
8efc0c15 2570}
git-cvsimport mirror of OpenSSH
This page took 1.108054 seconds and 5 git commands to generate.