]> andersk Git - openssh.git/blobdiff - session.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- (tim) [defines.h] Fix regression in long password support on OpenServer 6.
[openssh.git] / session.c
diff --git a/session.c b/session.c
index 899c3a16b47435ece14a452224857948154a7bc4..2b0580b45a62496ae1011c98c0a6847c25aef94f 100644 (file)
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.205 2006/07/06 10:47:05 djm Exp $ */
+/* $OpenBSD: session.c,v 1.224 2007/09/11 15:47:17 gilles Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -36,23 +36,33 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#include <sys/param.h>
 #ifdef HAVE_SYS_STAT_H
 # include <sys/stat.h>
 #endif
-#include <sys/wait.h>
+#include <sys/socket.h>
 #include <sys/un.h>
+#include <sys/wait.h>
+
+#include <arpa/inet.h>
 
+#include <errno.h>
 #include <grp.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
 #endif
+#include <pwd.h>
 #include <signal.h>
-#include <arpa/inet.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
+#include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
 #include "ssh2.h"
-#include "xmalloc.h"
 #include "sshpty.h"
 #include "packet.h"
 #include "buffer.h"
@@ -60,7 +70,12 @@
 #include "uidswap.h"
 #include "compat.h"
 #include "channels.h"
-#include "bufaux.h"
+#include "key.h"
+#include "cipher.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "hostfile.h"
 #include "auth.h"
 #include "auth-options.h"
 #include "pathnames.h"
@@ -77,10 +92,6 @@
 #include <kafs.h>
 #endif
 
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#endif
-
 /* func */
 
 Session *session_new(void);
@@ -336,7 +347,11 @@ do_authenticated1(Authctxt *authctxt)
                                break;
                        }
                        debug("Received TCP/IP port forwarding request.");
-                       channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);
+                       if (channel_input_port_forward_request(s->pw->pw_uid == 0,
+                           options.gateway_ports) < 0) {
+                               debug("Port forwarding failed.");
+                               break;
+                       }
                        success = 1;
                        break;
 
@@ -665,10 +680,14 @@ do_pre_login(Session *s)
 void
 do_exec(Session *s, const char *command)
 {
-       if (forced_command) {
+       if (options.adm_forced_command) {
+               original_command = command;
+               command = options.adm_forced_command;
+               debug("Forced command (config) '%.900s'", command);
+       } else if (forced_command) {
                original_command = command;
                command = forced_command;
-               debug("Forced command '%.900s'", command);
+               debug("Forced command (key option) '%.900s'", command);
        }
 
 #ifdef SSH_AUDIT_EVENTS
@@ -878,8 +897,9 @@ read_environment_file(char ***env, u_int *envsize,
                        ;
                if (!*cp || *cp == '#' || *cp == '\n')
                        continue;
-               if (strchr(cp, '\n'))
-                       *strchr(cp, '\n') = '\0';
+
+               cp[strcspn(cp, "\n")] = '\0';
+
                value = strchr(cp, '=');
                if (value == NULL) {
                        fprintf(stderr, "Bad line %u in %.100s\n", lineno,
@@ -981,8 +1001,11 @@ do_setup_env(Session *s, const char *shell)
 {
        char buf[256];
        u_int i, envsize;
-       char **env, *laddr, *path = NULL;
+       char **env, *laddr;
        struct passwd *pw = s->pw;
+#ifndef HAVE_LOGIN_CAP
+       char *path = NULL;
+#endif
 
        /* Initialize the environment. */
        envsize = 100;
@@ -1288,7 +1311,7 @@ do_setusercontext(struct passwd *pw)
 # ifdef USE_PAM
                if (options.use_pam) {
                        do_pam_session();
-                       do_pam_setcred(0);
+                       do_pam_setcred(use_privsep);
                }
 # endif /* USE_PAM */
                if (setusercontext(lc, pw, pw->pw_uid,
@@ -1330,7 +1353,7 @@ do_setusercontext(struct passwd *pw)
                 */
                if (options.use_pam) {
                        do_pam_session();
-                       do_pam_setcred(0);
+                       do_pam_setcred(use_privsep);
                }
 # endif /* USE_PAM */
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
@@ -1339,11 +1362,11 @@ do_setusercontext(struct passwd *pw)
 # ifdef _AIX
                aix_usrinfo(pw);
 # endif /* _AIX */
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
                if (set_id(pw->pw_name) != 0) {
                        exit(1);
                }
-#endif /* HAVE_LIBIAF  && !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);
 #endif
@@ -1577,7 +1600,7 @@ do_child(Session *s, const char *command)
                do_rc_files(s, shell);
 
        /* restore SIGPIPE for child */
-       signal(SIGPIPE,  SIG_DFL);
+       signal(SIGPIPE, SIG_DFL);
 
        if (options.use_login) {
                launch_login(pw, hostname);
@@ -2005,7 +2028,7 @@ session_input_channel_req(Channel *c, const char *rtype)
                } else if (strcmp(rtype, "exec") == 0) {
                        success = session_exec_req(s);
                } else if (strcmp(rtype, "pty-req") == 0) {
-                       success =  session_pty_req(s);
+                       success = session_pty_req(s);
                } else if (strcmp(rtype, "x11-req") == 0) {
                        success = session_x11_req(s);
                } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
@@ -2130,7 +2153,7 @@ session_close_single_x11(int id, void *arg)
 
        debug3("session_close_single_x11: channel %d", id);
        channel_cancel_cleanup(id);
-       if ((s  = session_by_x11_channel(id)) == NULL)
+       if ((s = session_by_x11_channel(id)) == NULL)
                fatal("session_close_single_x11: no x11 channel %d", id);
        for (i = 0; s->x11_chanids[i] != -1; i++) {
                debug("session_close_single_x11: session %d: "
@@ -2234,12 +2257,13 @@ session_close(Session *s)
        if (s->auth_proto)
                xfree(s->auth_proto);
        s->used = 0;
-       for (i = 0; i < s->num_env; i++) {
-               xfree(s->env[i].name);
-               xfree(s->env[i].val);
-       }
-       if (s->env != NULL)
+       if (s->env != NULL) {
+               for (i = 0; i < s->num_env; i++) {
+                       xfree(s->env[i].name);
+                       xfree(s->env[i].val);
+               }
                xfree(s->env);
+       }
        session_proctitle(s);
 }
 
@@ -2457,6 +2481,17 @@ do_cleanup(Authctxt *authctxt)
 
        if (authctxt == NULL)
                return;
+
+#ifdef USE_PAM
+       if (options.use_pam) {
+               sshpam_cleanup();
+               sshpam_thread_cleanup();
+       }
+#endif
+
+       if (!authctxt->authenticated)
+               return;
+
 #ifdef KRB5
        if (options.kerberos_ticket_cleanup &&
            authctxt->krb5_ctx)
@@ -2468,13 +2503,6 @@ do_cleanup(Authctxt *authctxt)
                ssh_gssapi_cleanup_creds();
 #endif
 
-#ifdef USE_PAM
-       if (options.use_pam) {
-               sshpam_cleanup();
-               sshpam_thread_cleanup();
-       }
-#endif
-
        /* remove agent socket */
        auth_sock_cleanup_proc(authctxt->pw);
 
git-cvsimport mirror of OpenSSH
This page took 0.042434 seconds and 4 git commands to generate.