*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.43 2000/11/06 23:04:56 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
#include <sys/resource.h>
-#endif
+#endif
+#ifdef WITH_IRIX_AUDIT
+#include <sat.h>
+#endif /* WITH_IRIX_AUDIT */
#if defined(HAVE_USERSEC_H)
#include <usersec.h>
/* import */
extern ServerOptions options;
-#ifdef HAVE___PROGNAME
extern char *__progname;
-#else /* HAVE___PROGNAME */
-static const char *__progname = "sshd";
-#endif /* HAVE___PROGNAME */
-
extern int log_stderr;
extern int debug_flag;
-extern unsigned int utmp_len;
+extern u_int utmp_len;
extern int startup_pipe;
char *command;
int n_bytes;
int plen;
- unsigned int proto_len, data_len, dlen;
+ u_int proto_len, data_len, dlen;
/*
* Cancel the alarm we set to limit the time taken for
case SSH_CMSG_EXEC_SHELL:
case SSH_CMSG_EXEC_CMD:
- /* Set interactive/non-interactive mode. */
- packet_set_interactive(have_pty || s->display != NULL,
- options.keepalives);
-
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
if (s == NULL)
fatal("do_exec_no_pty: no session");
- signal(SIGPIPE, SIG_DFL);
-
session_proctitle(s);
#ifdef USE_PAM
/* Child. Reinitialize the log since the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ signal(SIGPIPE, SIG_DFL);
+
/*
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
if (pid < 0)
packet_disconnect("fork failed: %.100s", strerror(errno));
s->pid = pid;
+ /* Set interactive/non-interactive mode. */
+ packet_set_interactive(s->display != NULL);
#ifdef USE_PIPES
/* We are the parent. Close the child sides of the pipes. */
close(pin[0]);
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ signal(SIGPIPE, SIG_DFL);
+
/* Close the master side of the pseudo tty. */
close(ptyfd);
s->ptymaster = ptymaster;
/* Enter interactive session. */
+ packet_set_interactive(1);
if (compat20) {
session_set_fds(s, ptyfd, fdout, -1);
} else {
* already exists, its value is overriden.
*/
void
-child_set_env(char ***envp, unsigned int *envsizep, const char *name,
+child_set_env(char ***envp, u_int *envsizep, const char *name,
const char *value)
{
- unsigned int i, namelen;
+ u_int i, namelen;
char **env;
/*
* and assignments of the form name=value. No other forms are allowed.
*/
void
-read_environment_file(char ***env, unsigned int *envsize,
+read_environment_file(char ***env, u_int *envsize,
const char *filename)
{
FILE *f;
char buf[256];
char cmd[1024];
FILE *f = NULL;
- unsigned int envsize, i;
+ u_int envsize, i;
char **env;
extern char **environ;
struct stat st;
strerror(errno));
}
# endif /* WITH_IRIX_JOBS */
-
# ifdef WITH_IRIX_ARRAY
/* initialize array session */
if (jid == 0) {
fatal("Failed to initialize project %d for %s: %.100s",
(int)projid, pw->pw_name, strerror(errno));
# endif /* WITH_IRIX_PROJECT */
+#ifdef WITH_IRIX_AUDIT
+ if (sysconf(_SC_AUDIT)) {
+ debug("Setting sat id to %d", (int) pw->pw_uid);
+ if (satsetid(pw->pw_uid))
+ debug("error setting satid: %.100s", strerror(errno));
+ }
+#endif /* WITH_IRIX_AUDIT */
+
/* Permanently switch to the desired uid. */
permanently_set_uid(pw->pw_uid);
# endif /* HAVE_LOGIN_CAP */
if (!options.use_login) {
if (stat(SSH_USER_RC, &st) >= 0) {
if (debug_flag)
- fprintf(stderr, "Running "_PATH_BSHELL" %s\n", SSH_USER_RC);
+ fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
if (f) {
fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
} else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
if (debug_flag)
- fprintf(stderr, "Running "_PATH_BSHELL" %s\n", SSH_SYSTEM_RC);
+ fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
if (f) {
int
session_pty_req(Session *s)
{
- unsigned int len;
+ u_int len;
char *term_modes; /* encoded terminal modes */
if (no_pty_flag)
int
session_subsystem_req(Session *s)
{
- unsigned int len;
+ u_int len;
int success = 0;
char *subsys = packet_get_string(&len);
int i;
int
session_exec_req(Session *s)
{
- unsigned int len;
+ u_int len;
char *command = packet_get_string(&len);
packet_done();
if (forced_command) {
{
static int called = 0;
packet_done();
+ if (no_agent_forwarding_flag) {
+ debug("session_auth_agent_req: no_agent_forwarding_flag");
+ return 0;
+ }
if (called) {
return 0;
} else {
void
session_input_channel_req(int id, void *arg)
{
- unsigned int len;
+ u_int len;
int reply;
int success = 0;
char *rtype;
* interested in data we write.
* Note that we must not call 'chan_read_failed', since there could
* be some more data waiting in the pipe.
- * djm - This is no longer true as we have allowed one pass through
- * the select loop before killing the connection
*/
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
- if (c->istate != CHAN_INPUT_CLOSED)
- chan_read_failed(c);
s->chanid = -1;
}
}
void
-do_authenticated2(void)
+do_authenticated2(Authctxt *authctxt)
{
-#ifdef HAVE_LOGIN_CAP
- struct passwd *pw;
-#endif
/*
* Cancel the alarm we set to limit the time taken for
startup_pipe = -1;
}
#if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
- pw = auth_get_user();
- if ((lc = login_getclass(pw->pw_class)) == NULL) {
+ if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) {
error("unable to get login class");
return;
}