*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.86 2001/06/12 16:10:38 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.92 2001/06/19 15:40:45 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
void session_close(Session *s);
void do_exec_pty(Session *s, const char *command);
void do_exec_no_pty(Session *s, const char *command);
+void do_exec(Session *s, const char *command);
void do_login(Session *s, const char *command);
#ifdef LOGIN_NEEDS_UTMPX
void do_pre_login(Session *s);
void do_child(Session *s, const char *command);
void do_motd(void);
int check_quietlogin(Session *s, const char *command);
-void xauthfile_cleanup_proc(void *pw);
void do_authenticated1(Authctxt *authctxt);
void do_authenticated2(Authctxt *authctxt);
extern int startup_pipe;
extern void destroy_sensitive_data(void);
-/* Local Xauthority file. */
-static char *xauthfile;
-
/* original command from peer. */
-char *original_command = NULL;
+const char *original_command = NULL;
/* data */
#define MAX_SESSIONS 10
else
do_authenticated1(authctxt);
- /* remote user's local Xauthority file and agent socket */
- if (xauthfile)
- xauthfile_cleanup_proc(authctxt->pw);
+ /* remove agent socket */
if (auth_get_socket_name())
auth_sock_cleanup_proc(authctxt->pw);
}
-/*
- * Remove local Xauthority file.
- */
-void
-xauthfile_cleanup_proc(void *_pw)
-{
- struct passwd *pw = _pw;
- char *p;
-
- debug("xauthfile_cleanup_proc called");
- if (xauthfile != NULL) {
- temporarily_use_uid(pw);
- unlink(xauthfile);
- p = strrchr(xauthfile, '/');
- if (p != NULL) {
- *p = '\0';
- rmdir(xauthfile);
- }
- xfree(xauthfile);
- xauthfile = NULL;
- restore_uid();
- }
-}
-
/*
* Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
- packet_integrity_check(plen, 4 + dlen, type);
+ do_exec(s, command);
+ xfree(command);
} else {
- command = NULL;
- packet_integrity_check(plen, 0, type);
- }
- if (forced_command != NULL) {
- original_command = command;
- command = forced_command;
- debug("Forced command '%.500s'", forced_command);
+ do_exec(s, NULL);
}
- if (s->ttyfd != -1)
- do_exec_pty(s, command);
- else
- do_exec_no_pty(s, command);
- if (command != NULL)
- xfree(command);
+ packet_done();
session_close(s);
return;
}
#endif
+/*
+ * This is called to fork and execute a command. If another command is
+ * to be forced, execute that instead.
+ */
+void
+do_exec(Session *s, const char *command)
+{
+ if (forced_command) {
+ original_command = command;
+ command = forced_command;
+ forced_command = NULL;
+ debug("Forced command '%.900s'", command);
+ }
+
+ if (s->ttyfd != -1)
+ do_exec_pty(s, command);
+ else
+ do_exec_no_pty(s, command);
+
+ original_command = NULL;
+}
+
+
/* administrative, login(1)-like work */
void
do_login(Session *s, const char *command)
do_pam_environment(&env, &envsize);
#endif /* USE_PAM */
- if (xauthfile)
- child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
int
session_shell_req(Session *s)
{
- /* if forced_command == NULL, the shell is execed */
- char *shell = forced_command;
packet_done();
- if (s->ttyfd == -1)
- do_exec_no_pty(s, shell);
- else
- do_exec_pty(s, shell);
+ do_exec(s, NULL);
return 1;
}
u_int len;
char *command = packet_get_string(&len);
packet_done();
- if (forced_command) {
- original_command = command;
- command = forced_command;
- debug("Forced command '%.500s'", forced_command);
- }
- if (s->ttyfd == -1)
- do_exec_no_pty(s, command);
- else
- do_exec_pty(s, command);
- if (forced_command == NULL)
- xfree(command);
+ do_exec(s, command);
+ xfree(command);
return 1;
}
{
Session *s = session_by_pid(pid);
if (s == NULL) {
- debug("session_close_by_pid: no session for pid %d", s->pid);
+ debug("session_close_by_pid: no session for pid %d", pid);
return;
}
if (s->chanid != -1)
int
session_setup_x11fwd(Session *s)
{
- int fd;
struct stat st;
if (no_x11_forwarding_flag) {
packet_send_debug("No xauth program; cannot forward with spoofing.");
return 0;
}
- if (s->display != NULL || xauthfile != NULL) {
- debug("X11 display already set.");
+ if (options.use_login) {
+ packet_send_debug("X11 forwarding disabled; "
+ "not compatible with UseLogin=yes.");
return 0;
}
- xauthfile = xmalloc(MAXPATHLEN);
- strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
- temporarily_use_uid(s->pw);
- if (mkdtemp(xauthfile) == NULL) {
- error("private X11 dir: mkdtemp %s failed: %s",
- xauthfile, strerror(errno));
- restore_uid();
- xfree(xauthfile);
- xauthfile = NULL;
+ if (s->display != NULL) {
+ debug("X11 display already set.");
return 0;
}
- strlcat(xauthfile, "/cookies", MAXPATHLEN);
- fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd >= 0)
- close(fd);
- restore_uid();
s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
if (s->display == NULL) {
- xauthfile_cleanup_proc(s->pw);
+ debug("x11_create_display_inet failed.");
return 0;
}
- fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
return 1;
}