- (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be

[openssh.git] / session.c

diff --git a/session.c b/session.c
index a2d8a9c43df3198fbb2fa08dde2e1a0751d1139a..3c759e4725c16a140a2698339480e9d515302e1e 100644 (file)
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.137 2002/06/11 05:46:20 mpech Exp $");
+RCSID("$OpenBSD: session.c,v 1.143 2002/06/30 21:54:16 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -252,8 +252,8 @@ do_authenticated1(Authctxt *authctxt)
        Session *s;
        char *command;
        int success, type, screen_flag;
-       int compression_level = 0, enable_compression_after_reply = 0;
-       u_int proto_len, data_len, dlen;
+       int enable_compression_after_reply = 0;
+       u_int proto_len, data_len, dlen, compression_level = 0;
 
        s = session_new();
        s->authctxt = authctxt;
@@ -279,6 +279,10 @@ do_authenticated1(Authctxt *authctxt)
                                    compression_level);
                                break;
                        }
+                       if (!options.compression) {
+                               debug2("compression disabled");
+                               break;
+                       }
                        /* Enable compression after we have responded with SUCCESS. */
                        enable_compression_after_reply = 1;
                        success = 1;
@@ -845,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
        } else {
                /* New variable.  Expand if necessary. */
                if (i >= (*envsizep) - 1) {
+                       if (*envsizep >= 1000)
+                               fatal("child_set_env: too many env vars,"
+                                   " skipping: %.100s", name);
                        (*envsizep) += 50;
                        env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
                }
@@ -870,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
        FILE *f;
        char buf[4096];
        char *cp, *value;
+       u_int lineno = 0;
 
        f = fopen(filename, "r");
        if (!f)
                return;
 
        while (fgets(buf, sizeof(buf), f)) {
+               if (++lineno > 1000)
+                       fatal("Too many lines in environment file %s", filename);
                for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
                        ;
                if (!*cp || *cp == '#' || *cp == '\n')
@@ -884,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
                        *strchr(cp, '\n') = '\0';
                value = strchr(cp, '=');
                if (value == NULL) {
-                       fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+                       fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+                           filename);
                        continue;
                }
                /*
@@ -981,13 +992,13 @@ do_setup_env(Session *s, const char *shell)
        if (!options.use_login) {
                while (custom_environment) {
                        struct envstring *ce = custom_environment;
-                       char *s = ce->s;
+                       char *str = ce->s;
 
-                       for (i = 0; s[i] != '=' && s[i]; i++)
+                       for (i = 0; str[i] != '=' && str[i]; i++)
                                ;
-                       if (s[i] == '=') {
-                               s[i] = 0;
-                               child_set_env(&env, &envsize, s, s + i + 1);
+                       if (str[i] == '=') {
+                               str[i] = 0;
+                               child_set_env(&env, &envsize, str, str + i + 1);
                        }
                        custom_environment = ce->next;
                        xfree(ce->s);
@@ -1031,8 +1042,17 @@ do_setup_env(Session *s, const char *shell)
                    s->authctxt->krb5_ticket_file);
 #endif
 #ifdef USE_PAM
-       /* Pull in any environment variables that may have been set by PAM. */
-       copy_environment(fetch_pam_environment(), &env, &envsize);
+       /*
+        * Pull in any environment variables that may have
+        * been set by PAM.
+        */
+       {
+               char **p;
+
+               p = fetch_pam_environment();
+               copy_environment(p, &env, &envsize);
+               free_pam_environment(p);
+       }
 #endif /* USE_PAM */
 
        if (auth_sock_name != NULL)
@@ -1153,10 +1173,13 @@ do_setusercontext(struct passwd *pw)
 #else /* HAVE_CYGWIN */
        if (getuid() == 0 || geteuid() == 0) {
 #endif /* HAVE_CYGWIN */
-#ifdef HAVE_GETUSERATTR
-               set_limits_from_userattr(pw->pw_name);
-#endif /* HAVE_GETUSERATTR */
+#ifdef HAVE_SETPCRED
+               setpcred(pw->pw_name);
+#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
+# ifdef __bsdi__
+               setpgid(0, 0);
+# endif
                if (setusercontext(lc, pw, pw->pw_uid,
                    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
                        perror("unable to set user context");
@@ -1192,6 +1215,9 @@ do_setusercontext(struct passwd *pw)
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
                irix_setusercontext(pw);
 #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
+# ifdef _AIX
+               aix_usrinfo(pw);
+# endif /* _AIX */
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);
 #endif
@@ -1254,9 +1280,6 @@ do_child(Session *s, const char *command)
                        do_motd();
 #else /* HAVE_OSF_SIA */
                do_nologin(pw);
-# ifdef _AIX
-               aix_usrinfo(pw, s->tty, s->ttyfd);
-# endif /* _AIX */
                do_setusercontext(pw);
 #endif /* HAVE_OSF_SIA */
        }
@@ -1966,9 +1989,9 @@ session_setup_x11fwd(Session *s)
                debug("X11 display already set.");
                return 0;
        }
-       s->display_number = x11_create_display_inet(options.x11_display_offset,
-           options.x11_use_localhost, s->single_connection);
-       if (s->display_number == -1) {
+       if (x11_create_display_inet(options.x11_display_offset,
+           options.x11_use_localhost, s->single_connection,
+           &s->display_number) == -1) {
                debug("x11_create_display_inet failed.");
                return 0;
        }
@@ -1982,9 +2005,9 @@ session_setup_x11fwd(Session *s)
         * different than the DISPLAY string for localhost displays.
         */
        if (options.x11_use_localhost) {
-               snprintf(display, sizeof display, "localhost:%d.%d",
+               snprintf(display, sizeof display, "localhost:%u.%u",
                    s->display_number, s->screen);
-               snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
+               snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
                    s->display_number, s->screen);
                s->display = xstrdup(display);
                s->auth_display = xstrdup(auth_display);
@@ -2000,10 +2023,10 @@ session_setup_x11fwd(Session *s)
                        return 0;
                }
                memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
-               snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
+               snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
                    s->display_number, s->screen);
 #else
-               snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
+               snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
                    s->display_number, s->screen);
 #endif
                s->display = xstrdup(display);