*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.14 2000/05/25 03:10:18 deraadt Exp $");
#include "xmalloc.h"
#include "ssh.h"
struct Session {
int used;
int self;
+ int extended;
struct passwd *pw;
pid_t pid;
/* tty */
int screen;
char *auth_proto;
char *auth_data;
+ int single_connection;
/* proto 2 */
int chanid;
};
Session *session_new(void);
void session_set_fds(Session *s, int fdin, int fdout, int fderr);
void session_pty_cleanup(Session *s);
+void session_proctitle(Session *s);
void do_exec_pty(Session *s, const char *command, struct passwd * pw);
void do_exec_no_pty(Session *s, const char *command, struct passwd * pw);
/* import */
extern ServerOptions options;
+#ifdef HAVE___PROGNAME
extern char *__progname;
+#else /* HAVE___PROGNAME */
+static const char *__progname = "sshd";
+#endif /* HAVE___PROGNAME */
+
extern int log_stderr;
extern int debug_flag;
/* data */
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
+#ifdef WITH_AIXAUTHENTICATE
+/* AIX's lastlogin message, set in auth1.c */
+char *aixloginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
/* Flags set in auth-rsa from authorized_keys flags. These are set in auth-rsa.c. */
int no_port_forwarding_flag = 0;
* Function to perform cleanup if we get aborted abnormally (e.g., due to a
* dropped connection).
*/
-void
+void
pty_cleanup_proc(void *session)
{
Session *s=session;
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
* are requested, etc.
*/
-void
+void
do_authenticated(struct passwd * pw)
{
Session *s;
channel_permit_all_opens();
s = session_new();
+ s->pw = pw;
/*
* We stay in this loop until the client requests to execute a shell
tty_parse_modes(s->ttyfd, &n_bytes);
packet_integrity_check(plen, 4 + dlen + 4 * 4 + n_bytes, type);
+ session_proctitle(s);
+
/* Indicate that we now have a pty. */
success = 1;
have_pty = 1;
xauthfile, strerror(errno));
xfree(xauthfile);
xauthfile = NULL;
+ /* XXXX remove listening channels */
break;
}
strlcat(xauthfile, "/cookies", MAXPATHLEN);
break;
}
debug("Received TCP/IP port forwarding request.");
- channel_input_port_forward_request(pw->pw_uid == 0);
+ channel_input_port_forward_request(pw->pw_uid == 0, options.gateway_ports);
success = 1;
break;
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors and such.
*/
-void
+void
do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
{
int pid;
if (s == NULL)
fatal("do_exec_no_pty: no session");
- setproctitle("%s@notty", pw->pw_name);
+ session_proctitle(s);
#ifdef USE_PAM
do_pam_setcred();
close(perr[1]);
if (compat20) {
- session_set_fds(s, pin[1], pout[0], perr[0]);
+ session_set_fds(s, pin[1], pout[0], s->extended ? perr[0] : -1);
} else {
/* Enter the interactive session. */
server_loop(pid, pin[1], pout[0], perr[0]);
* handle the case that fdin and fdout are the same.
*/
if (compat20) {
- session_set_fds(s, inout[1], inout[1], err[1]);
+ session_set_fds(s, inout[1], inout[1], s->extended ? err[1] : -1);
} else {
server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */
* setting up file descriptors, controlling tty, updating wtmp, utmp,
* lastlog, and other such operations.
*/
-void
+void
do_exec_pty(Session *s, const char *command, struct passwd * pw)
{
FILE *f;
last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
buf, sizeof(buf));
}
- setproctitle("%s@%s", pw->pw_name, strrchr(s->tty, '/') + 1);
#ifdef USE_PAM
do_pam_session(pw->pw_name, s->tty);
/* Close the extra descriptor for the pseudo tty. */
close(ttyfd);
-///XXXX ? move to do_child() ??
+/* XXXX ? move to do_child() ??*/
/*
* Get IP address of client. This is needed because we want
* to record where the user logged in from. If the
fclose(f);
}
}
+#if defined(WITH_AIXAUTHENTICATE)
+ /*
+ * AIX handles the lastlog info differently. Display it here.
+ */
+ if (command == NULL && aixloginmsg && *aixloginmsg &&
+ !quiet_login && !options.use_login) {
+ printf("%s\n", aixloginmsg);
+ }
+#endif
/* Do common processing for the child, such as execing the command. */
- do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
+ do_child(command, pw, s->term, s->display, s->auth_proto,
+ s->auth_data, s->tty);
/* NOTREACHED */
}
if (pid < 0)
* Sets the value of the given variable in the environment. If the variable
* already exists, its value is overriden.
*/
-void
+void
child_set_env(char ***envp, unsigned int *envsizep, const char *name,
const char *value)
{
* Otherwise, it must consist of empty lines, comments (line starts with '#')
* and assignments of the form name=value. No other forms are allowed.
*/
-void
+void
read_environment_file(char ***env, unsigned int *envsize,
const char *filename)
{
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
continue;
}
- /* Replace the equals sign by nul, and advance value to the value string. */
+ /*
+ * Replace the equals sign by nul, and advance value to
+ * the value string.
+ */
*value = '\0';
value++;
child_set_env(env, envsize, cp, value);
* environment, closing extra file descriptors, setting the user and group
* ids, and executing the command or shell.
*/
-void
+void
do_child(const char *command, struct passwd * pw, const char *term,
const char *display, const char *auth_proto,
const char *auth_data, const char *ttyname)
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
- snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
+ snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
+ pw->pw_dir);
read_environment_file(&env, &envsize, buf);
}
if (debug_flag) {
else {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
- if (debug_flag)
- fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
- XAUTH_PATH, display, auth_proto, auth_data);
-
+ char *screen = strchr(display, ':');
+ if (debug_flag) {
+ fprintf(stderr,
+ "Running %.100s add %.100s %.100s %.100s\n",
+ XAUTH_PATH, display, auth_proto, auth_data);
+ if (screen != NULL)
+ fprintf(stderr,
+ "Adding %.*s/unix%s %s %s\n",
+ screen-display, display,
+ screen, auth_proto, auth_data);
+ }
f = popen(XAUTH_PATH " -q -", "w");
if (f) {
- fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
+ fprintf(f, "add %s %s %s\n", display,
+ auth_proto, auth_data);
+ if (screen != NULL)
+ fprintf(f, "add %.*s/unix%s %s %s\n",
+ screen-display, display,
+ screen, auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
+ fprintf(stderr, "Could not run %s -q -\n",
+ XAUTH_PATH);
}
}
#endif /* XAUTH_PATH */
struct stat mailstat;
mailbox = getenv("MAIL");
if (mailbox != NULL) {
- if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
+ if (stat(mailbox, &mailstat) != 0 ||
+ mailstat.st_size == 0)
printf("No mail.\n");
else if (mailstat.st_mtime < mailstat.st_atime)
printf("You have mail.\n");
Session *s = &sessions[i];
if (! s->used) {
s->pid = 0;
+ s->extended = 0;
s->chanid = -1;
s->ptyfd = -1;
s->ttyfd = -1;
s->auth_data = NULL;
s->auth_proto = NULL;
s->used = 1;
+ s->pw = NULL;
debug("session_new: session %d", i);
return s;
}
error("no more sessions");
return 0;
}
- debug("session_open: session %d: link with channel %d", s->self, chanid);
- s->chanid = chanid;
s->pw = auth_get_user();
if (s->pw == NULL)
- fatal("no user for session %i channel %d",
- s->self, s->chanid);
+ fatal("no user for session %i", s->self);
+ debug("session_open: session %d: link with channel %d", s->self, chanid);
+ s->chanid = chanid;
return 1;
}
s->row = packet_get_int();
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
+ packet_done();
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
return 1;
}
session_pty_req(Session *s)
{
unsigned int len;
+ char *term_modes; /* encoded terminal modes */
if (s->ttyfd != -1)
- return -1;
+ return 0;
s->term = packet_get_string(&len);
s->col = packet_get_int();
s->row = packet_get_int();
s->xpixel = packet_get_int();
s->ypixel = packet_get_int();
+ term_modes = packet_get_string(&len);
+ packet_done();
if (strcmp(s->term, "") == 0) {
xfree(s->term);
s->ptyfd = -1;
s->ttyfd = -1;
error("session_pty_req: session %d alloc failed", s->self);
- return -1;
+ xfree(term_modes);
+ return 0;
}
debug("session_pty_req: session %d alloc %s", s->self, s->tty);
/*
/* Get window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
+ session_proctitle(s);
+
+ /* XXX parse and set terminal modes */
+ xfree(term_modes);
+ return 1;
+}
+
+int
+session_subsystem_req(Session *s)
+{
+ unsigned int len;
+ int success = 0;
+ char *subsys = packet_get_string(&len);
+
+ packet_done();
+ log("subsystem request for %s", subsys);
+
+ xfree(subsys);
+ return success;
+}
+
+int
+session_x11_req(Session *s)
+{
+ if (!options.x11_forwarding) {
+ debug("X11 forwarding disabled in server configuration file.");
+ return 0;
+ }
+ if (xauthfile != NULL) {
+ debug("X11 fwd already started.");
+ return 0;
+ }
+
+ debug("Received request for X11 forwarding with auth spoofing.");
+ if (s->display != NULL)
+ packet_disconnect("Protocol error: X11 display already set.");
+
+ s->single_connection = packet_get_char();
+ s->auth_proto = packet_get_string(NULL);
+ s->auth_data = packet_get_string(NULL);
+ s->screen = packet_get_int();
+ packet_done();
+
+ s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
+ if (s->display == NULL) {
+ xfree(s->auth_proto);
+ xfree(s->auth_data);
+ return 0;
+ }
+ xauthfile = xmalloc(MAXPATHLEN);
+ strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
+ temporarily_use_uid(s->pw->pw_uid);
+ if (mkdtemp(xauthfile) == NULL) {
+ restore_uid();
+ error("private X11 dir: mkdtemp %s failed: %s",
+ xauthfile, strerror(errno));
+ xfree(xauthfile);
+ xauthfile = NULL;
+ xfree(s->auth_proto);
+ xfree(s->auth_data);
+ /* XXXX remove listening channels */
+ return 0;
+ }
+ strlcat(xauthfile, "/cookies", MAXPATHLEN);
+ open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
+ restore_uid();
+ fatal_add_cleanup(xauthfile_cleanup_proc, s);
return 1;
}
*/
if (c->type == SSH_CHANNEL_LARVAL) {
if (strcmp(rtype, "shell") == 0) {
+ packet_done();
+ s->extended = 1;
if (s->ttyfd == -1)
do_exec_no_pty(s, NULL, s->pw);
else
success = 1;
} else if (strcmp(rtype, "exec") == 0) {
char *command = packet_get_string(&len);
+ packet_done();
+ s->extended = 1;
if (s->ttyfd == -1)
do_exec_no_pty(s, command, s->pw);
else
xfree(command);
success = 1;
} else if (strcmp(rtype, "pty-req") == 0) {
- if (session_pty_req(s) > 0)
- success = 1;
+ success = session_pty_req(s);
+ } else if (strcmp(rtype, "x11-req") == 0) {
+ success = session_x11_req(s);
+ } else if (strcmp(rtype, "subsystem") == 0) {
+ success = session_subsystem_req(s);
}
}
if (strcmp(rtype, "window-change") == 0) {
channel_request_start(s->chanid,
"exit-signal", 0);
packet_put_int(WTERMSIG(status));
+#ifdef WCOREDUMP
packet_put_char(WCOREDUMP(status));
+#else /* WCOREDUMP */
+ packet_put_char(0);
+#endif /* WCOREDUMP */
packet_put_cstring("");
packet_put_cstring("");
packet_send();
/* disconnect channel */
debug("session_exit_message: release channel %d", s->chanid);
channel_cancel_cleanup(s->chanid);
- if (c->istate == CHAN_INPUT_OPEN)
- chan_read_failed(c);
- chan_write_failed(c);
+ /*
+ * emulate a write failure with 'chan_write_failed', nobody will be
+ * interested in data we write.
+ * Note that we must not call 'chan_read_failed', since there could
+ * be some more data waiting in the pipe.
+ */
+ if (c->ostate != CHAN_OUTPUT_CLOSED)
+ chan_write_failed(c);
s->chanid = -1;
}
{
session_pty_cleanup(s);
session_free(s);
+ session_proctitle(s);
}
void
}
}
+char *
+session_tty_list(void)
+{
+ static char buf[1024];
+ int i;
+ buf[0] = '\0';
+ for(i = 0; i < MAX_SESSIONS; i++) {
+ Session *s = &sessions[i];
+ if (s->used && s->ttyfd != -1) {
+ if (buf[0] != '\0')
+ strlcat(buf, ",", sizeof buf);
+ strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf);
+ }
+ }
+ if (buf[0] == '\0')
+ strlcpy(buf, "notty", sizeof buf);
+ return buf;
+}
+
+void
+session_proctitle(Session *s)
+{
+ if (s->pw == NULL)
+ error("no user for session %d", s->self);
+ else
+ setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
+}
+
void
do_authenticated2(void)
{
* authentication.
*/
alarm(0);
- log("do_authenticated2");
server_loop2();
+ if (xauthfile)
+ xauthfile_cleanup_proc(NULL);
}