- djm@cvs.openbsd.org 2009/11/19 23:39:50

[openssh.git] / session.c

diff --git a/session.c b/session.c
index cdbf88ab7965e79d0b00c5342bc1073990408e00..cc205386f3d1b597ac9630529caa0132f477cd02 100644 (file)
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.246 2009/04/17 19:23:06 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.248 2009/11/19 23:39:50 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -142,9 +142,10 @@ static int sessions_first_unused = -1;
 static int sessions_nalloc = 0;
 static Session *sessions = NULL;
 
-#define SUBSYSTEM_NONE         0
-#define SUBSYSTEM_EXT          1
-#define SUBSYSTEM_INT_SFTP     2
+#define SUBSYSTEM_NONE                 0
+#define SUBSYSTEM_EXT                  1
+#define SUBSYSTEM_INT_SFTP             2
+#define SUBSYSTEM_INT_SFTP_ERROR       3
 
 #ifdef HAVE_LOGIN_CAP
 login_cap_t *lc;
@@ -785,17 +786,19 @@ do_exec(Session *s, const char *command)
        if (options.adm_forced_command) {
                original_command = command;
                command = options.adm_forced_command;
-               if (IS_INTERNAL_SFTP(command))
-                       s->is_subsystem = SUBSYSTEM_INT_SFTP;
-               else if (s->is_subsystem)
+               if (IS_INTERNAL_SFTP(command)) {
+                       s->is_subsystem = s->is_subsystem ?
+                           SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
+               } else if (s->is_subsystem)
                        s->is_subsystem = SUBSYSTEM_EXT;
                debug("Forced command (config) '%.900s'", command);
        } else if (forced_command) {
                original_command = command;
                command = forced_command;
-               if (IS_INTERNAL_SFTP(command))
-                       s->is_subsystem = SUBSYSTEM_INT_SFTP;
-               else if (s->is_subsystem)
+               if (IS_INTERNAL_SFTP(command)) {
+                       s->is_subsystem = s->is_subsystem ?
+                           SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
+               } else if (s->is_subsystem)
                        s->is_subsystem = SUBSYSTEM_EXT;
                debug("Forced command (key option) '%.900s'", command);
        }
@@ -1466,11 +1469,6 @@ do_setusercontext(struct passwd *pw)
        if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
        {
-
-#ifdef HAVE_SETPCRED
-               if (setpcred(pw->pw_name, (char **)NULL) == -1)
-                       fatal("Failed to set process credentials");
-#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 # ifdef __bsdi__
                setpgid(0, 0);
@@ -1538,6 +1536,10 @@ do_setusercontext(struct passwd *pw)
                        free(chroot_path);
                }
 
+#ifdef HAVE_SETPCRED
+               if (setpcred(pw->pw_name, (char **)NULL) == -1)
+                       fatal("Failed to set process credentials");
+#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
                if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
                        perror("unable to set user context (setuser)");
@@ -1784,7 +1786,11 @@ do_child(Session *s, const char *command)
        /* restore SIGPIPE for child */
        signal(SIGPIPE, SIG_DFL);
 
-       if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
+       if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
+               printf("This service allows sftp connections only.\n");
+               fflush(NULL);
+               exit(1);
+       } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
                extern int optind, optreset;
                int i;
                char *p, *args;
@@ -1797,9 +1803,14 @@ do_child(Session *s, const char *command)
                argv[i] = NULL;
                optind = optreset = 1;
                __progname = argv[0];
+#ifdef WITH_SELINUX
+               ssh_selinux_change_context("sftpd_t");
+#endif
                exit(sftp_server_main(i, argv, s->pw));
        }
 
+       fflush(NULL);
+
        if (options.use_login) {
                launch_login(pw, hostname);
                /* NEVERREACHED */