*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.112 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: session.c,v 1.124 2002/02/06 14:37:22 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
int display_number;
char *display;
int screen;
- char *auth_display[2];
+ char *auth_display;
char *auth_proto;
char *auth_data;
int single_connection;
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
if (loginsuccess(authctxt->user,
- get_canonical_hostname(options.reverse_mapping_check),
+ get_canonical_hostname(options.verify_reverse_mapping),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */
{
Session *s;
char *command;
- int success, type, plen, screen_flag;
+ int success, type, screen_flag;
int compression_level = 0, enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen;
success = 0;
/* Get a packet from the client. */
- type = packet_read(&plen);
+ type = packet_read();
/* Process the packet. */
switch (type) {
case SSH_CMSG_REQUEST_COMPRESSION:
- packet_integrity_check(plen, 4, type);
compression_level = packet_get_int();
+ packet_check_eom();
if (compression_level < 1 || compression_level > 9) {
packet_send_debug("Received illegal compression level %d.",
compression_level);
} else {
s->screen = 0;
}
- packet_done();
+ packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
xfree(s->auth_proto);
verbose("Kerberos TGT passing disabled.");
} else {
char *kdata = packet_get_string(&dlen);
- packet_integrity_check(plen, 4 + dlen, type);
+ packet_check_eom();
/* XXX - 0x41, see creds_to_radix version */
if (kdata[0] != 0x41) {
} else {
/* Accept AFS token. */
char *token = packet_get_string(&dlen);
- packet_integrity_check(plen, 4 + dlen, type);
+ packet_check_eom();
if (auth_afs_token(s->authctxt, token))
success = 1;
} else {
do_exec(s, NULL);
}
- packet_done();
+ packet_check_eom();
session_close(s);
return;
}
record_utmp_only(pid, s->tty, s->pw->pw_name,
- get_remote_name_or_ip(utmp_len, options.reverse_mapping_check),
+ get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
(struct sockaddr *)&from);
}
#endif
/* Record that there was a login on that tty from the remote host. */
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
- get_remote_name_or_ip(utmp_len, options.reverse_mapping_check),
+ get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
(struct sockaddr *)&from);
#ifdef USE_PAM
fclose(f);
}
-#ifdef USE_PAM
-/*
- * Sets any environment variables which have been specified by PAM
- */
-void do_pam_environment(char ***env, u_int *envsize)
+void copy_environment(char **source, char ***env, u_int *envsize)
{
- char *equals, var_name[512], var_val[512];
- char **pam_env;
+ char *var_name, *var_val;
int i;
- if ((pam_env = fetch_pam_environment()) == NULL)
+ if (source == NULL)
return;
- for(i = 0; pam_env[i] != NULL; i++) {
- if ((equals = strstr(pam_env[i], "=")) == NULL)
+ for(i = 0; source[i] != NULL; i++) {
+ var_name = xstrdup(source[i]);
+ if ((var_val = strstr(var_name, "=")) == NULL) {
+ xfree(var_name);
continue;
-
- if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
- memset(var_name, '\0', sizeof(var_name));
- memset(var_val, '\0', sizeof(var_val));
-
- strncpy(var_name, pam_env[i], equals - pam_env[i]);
- strcpy(var_val, equals + 1);
-
- debug3("PAM environment: %s=%s", var_name, var_val);
-
- child_set_env(env, envsize, var_name, var_val);
}
- }
-}
-#endif /* USE_PAM */
-
-#ifdef HAVE_CYGWIN
-void copy_environment(char ***env, u_int *envsize)
-{
- char *equals, var_name[512], var_val[512];
- int i;
-
- for(i = 0; environ[i] != NULL; i++) {
- if ((equals = strstr(environ[i], "=")) == NULL)
- continue;
-
- if (strlen(environ[i]) < (sizeof(var_name) - 1)) {
- memset(var_name, '\0', sizeof(var_name));
- memset(var_val, '\0', sizeof(var_val));
+ *var_val++ = '\0';
- strncpy(var_name, environ[i], equals - environ[i]);
- strcpy(var_val, equals + 1);
-
- debug3("Copy environment: %s=%s", var_name, var_val);
-
- child_set_env(env, envsize, var_name, var_val);
- }
+ debug3("Copy environment: %s=%s", var_name, var_val);
+ child_set_env(env, envsize, var_name, var_val);
+
+ xfree(var_name);
}
}
-#endif
#if defined(HAVE_GETUSERATTR)
/*
* The Windows environment contains some setting which are
* important for a running system. They must not be dropped.
*/
- copy_environment(&env, &envsize);
+ copy_environment(environ, &env, &envsize);
#endif
if (!options.use_login) {
#endif
#ifdef USE_PAM
/* Pull in any environment variables that may have been set by PAM. */
- do_pam_environment(&env, &envsize);
+ copy_environment(fetch_pam_environment(), &env, &envsize);
#endif /* USE_PAM */
if (auth_get_socket_name() != NULL)
/* we have to stash the hostname before we close our socket. */
if (options.use_login)
hostname = get_remote_name_or_ip(utmp_len,
- options.reverse_mapping_check);
+ options.verify_reverse_mapping);
/*
* Close the connection descriptors; note that this is the child, and
* the server will still have the socket open, and it is important
fprintf(stderr,
"Running %.100s add "
"%.100s %.100s %.100s\n",
- options.xauth_location, s->auth_display[0],
+ options.xauth_location, s->auth_display,
s->auth_proto, s->auth_data);
- if (s->auth_display[1])
- fprintf(stderr,
- "add %.100s %.100s %.100s\n",
- s->auth_display[1],
- s->auth_proto, s->auth_data);
}
snprintf(cmd, sizeof cmd, "%s -q -",
options.xauth_location);
f = popen(cmd, "w");
if (f) {
fprintf(f, "add %s %s %s\n",
- s->auth_display[0], s->auth_proto,
+ s->auth_display, s->auth_proto,
s->auth_data);
- if (s->auth_display[1])
- fprintf(f, "add %s %s %s\n",
- s->auth_display[1], s->auth_proto,
- s->auth_data);
pclose(f);
} else {
fprintf(stderr, "Could not run %s\n",
s->row = packet_get_int();
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
- packet_done();
+ packet_check_eom();
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
return 1;
}
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
- packet_done();
+ packet_check_eom();
session_proctitle(s);
return 1;
}
char *cmd, *subsys = packet_get_string(&len);
int i;
- packet_done();
- log("subsystem request for %s", subsys);
+ packet_check_eom();
+ log("subsystem request for %.100s", subsys);
for (i = 0; i < options.num_subsystems; i++) {
if (strcmp(subsys, options.subsystem_name[i]) == 0) {
s->is_subsystem = 1;
do_exec(s, cmd);
success = 1;
+ break;
}
}
if (!success)
- log("subsystem request for %s failed, subsystem not found",
+ log("subsystem request for %.100s failed, subsystem not found",
subsys);
xfree(subsys);
s->auth_proto = packet_get_string(NULL);
s->auth_data = packet_get_string(NULL);
s->screen = packet_get_int();
- packet_done();
+ packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
static int
session_shell_req(Session *s)
{
- packet_done();
+ packet_check_eom();
do_exec(s, NULL);
return 1;
}
{
u_int len;
char *command = packet_get_string(&len);
- packet_done();
+ packet_check_eom();
do_exec(s, command);
xfree(command);
return 1;
session_auth_agent_req(Session *s)
{
static int called = 0;
- packet_done();
+ packet_check_eom();
if (no_agent_forwarding_flag) {
debug("session_auth_agent_req: no_agent_forwarding_flag");
return 0;
}
}
-void
-session_input_channel_req(int id, void *arg)
+int
+session_input_channel_req(Channel *c, const char *rtype)
{
- u_int len;
- int reply;
int success = 0;
- char *rtype;
Session *s;
- Channel *c;
-
- rtype = packet_get_string(&len);
- reply = packet_get_char();
- s = session_by_channel(id);
- if (s == NULL)
- fatal("session_input_channel_req: channel %d: no session", id);
- c = channel_lookup(id);
- if (c == NULL)
- fatal("session_input_channel_req: channel %d: bad channel", id);
-
- debug("session_input_channel_req: session %d channel %d request %s reply %d",
- s->self, id, rtype, reply);
+ if ((s = session_by_channel(c->self)) == NULL) {
+ log("session_input_channel_req: no session %d req %.100s",
+ c->self, rtype);
+ return 0;
+ }
+ debug("session_input_channel_req: session %d req %s", s->self, rtype);
/*
* a session is in LARVAL state until a shell, a command
if (strcmp(rtype, "window-change") == 0) {
success = session_window_change_req(s);
}
-
- if (reply) {
- packet_start(success ?
- SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
- packet_put_int(c->remote_id);
- packet_send();
- }
- xfree(rtype);
+ return success;
}
void
session_exit_message(Session *s, int status)
{
Channel *c;
- if (s == NULL)
- fatal("session_close: no session");
- c = channel_lookup(s->chanid);
- if (c == NULL)
+
+ if ((c = channel_lookup(s->chanid)) == NULL)
fatal("session_exit_message: session %d: no channel %d",
s->self, s->chanid);
debug("session_exit_message: session %d channel %d pid %d",
s->self, s->chanid, s->pid);
if (WIFEXITED(status)) {
- channel_request_start(s->chanid,
- "exit-status", 0);
+ channel_request_start(s->chanid, "exit-status", 0);
packet_put_int(WEXITSTATUS(status));
packet_send();
} else if (WIFSIGNALED(status)) {
- channel_request_start(s->chanid,
- "exit-signal", 0);
+ channel_request_start(s->chanid, "exit-signal", 0);
packet_put_int(WTERMSIG(status));
#ifdef WCOREDUMP
packet_put_char(WCOREDUMP(status));
xfree(s->term);
if (s->display)
xfree(s->display);
- if (s->auth_display[0])
- xfree(s->auth_display[0]);
- if (s->auth_display[1])
- xfree(s->auth_display[1]);
+ if (s->auth_display)
+ xfree(s->auth_display);
if (s->auth_data)
xfree(s->auth_data);
if (s->auth_proto)
return 0;
}
s->display_number = x11_create_display_inet(options.x11_display_offset,
- options.gateway_ports);
+ options.x11_use_localhost, s->single_connection);
if (s->display_number == -1) {
debug("x11_create_display_inet failed.");
return 0;
* authorization entry is added with xauth(1). This will be
* different than the DISPLAY string for localhost displays.
*/
- s->auth_display[1] = NULL;
- if (!options.gateway_ports) {
- struct utsname uts;
-
+ if (options.x11_use_localhost) {
snprintf(display, sizeof display, "localhost:%d.%d",
s->display_number, s->screen);
- snprintf(auth_display, sizeof auth_display, "%.400s/unix:%d.%d",
- hostname, s->display_number, s->screen);
+ snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
+ s->display_number, s->screen);
s->display = xstrdup(display);
- s->auth_display[0] = xstrdup(auth_display);
- /*
- * Xlib may use gethostbyname() or uname() hostname to
- * look up authorization data for FamilyLocal; see:
- * xc/lib/xtrans/Xtrans.c:TRANS(GetHostname)
- * We just add authorization entries with both
- * hostname and nodename if they are different.
- */
- if (uname(&uts) == -1)
- fatal("uname: %.100s", strerror(errno));
- if (strcmp(hostname, uts.nodename) != 0) {
- snprintf(auth_display, sizeof auth_display,
- "%.400s/unix:%d.%d", uts.nodename,
- s->display_number, s->screen);
- s->auth_display[1] = xstrdup(auth_display);
- }
+ s->auth_display = xstrdup(auth_display);
} else {
#ifdef IPADDR_IN_DISPLAY
struct hostent *he;
s->display_number, s->screen);
#endif
s->display = xstrdup(display);
- s->auth_display[0] = xstrdup(display);
+ s->auth_display = xstrdup(display);
}
return 1;