From: dtucker Date: Fri, 8 Jan 2010 06:09:11 +0000 (+0000) Subject: - djm@cvs.openbsd.org 2009/11/19 23:39:50 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/0cc9aecf7ab0f24dbbe4926224bc884555baa557 - djm@cvs.openbsd.org 2009/11/19 23:39:50 [session.c] bz#1606: error when an attempt is made to connect to a server with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@ --- diff --git a/ChangeLog b/ChangeLog index 72d5a21e..0ece9c09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,12 @@ [clientloop.c] fix incorrect exit status when multiplexing and channel ID 0 is recycled bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker + - djm@cvs.openbsd.org 2009/11/19 23:39:50 + [session.c] + bz#1606: error when an attempt is made to connect to a server + with ForceCommand=internal-sftp with a shell session (i.e. not a + subsystem session). Avoids stuck client when attempting to ssh to such a + service. ok dtucker@ 20091226 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 diff --git a/session.c b/session.c index 78192314..cc205386 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.247 2009/10/06 04:46:40 djm Exp $ */ +/* $OpenBSD: session.c,v 1.248 2009/11/19 23:39:50 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -142,9 +142,10 @@ static int sessions_first_unused = -1; static int sessions_nalloc = 0; static Session *sessions = NULL; -#define SUBSYSTEM_NONE 0 -#define SUBSYSTEM_EXT 1 -#define SUBSYSTEM_INT_SFTP 2 +#define SUBSYSTEM_NONE 0 +#define SUBSYSTEM_EXT 1 +#define SUBSYSTEM_INT_SFTP 2 +#define SUBSYSTEM_INT_SFTP_ERROR 3 #ifdef HAVE_LOGIN_CAP login_cap_t *lc; @@ -785,17 +786,19 @@ do_exec(Session *s, const char *command) if (options.adm_forced_command) { original_command = command; command = options.adm_forced_command; - if (IS_INTERNAL_SFTP(command)) - s->is_subsystem = SUBSYSTEM_INT_SFTP; - else if (s->is_subsystem) + if (IS_INTERNAL_SFTP(command)) { + s->is_subsystem = s->is_subsystem ? + SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; + } else if (s->is_subsystem) s->is_subsystem = SUBSYSTEM_EXT; debug("Forced command (config) '%.900s'", command); } else if (forced_command) { original_command = command; command = forced_command; - if (IS_INTERNAL_SFTP(command)) - s->is_subsystem = SUBSYSTEM_INT_SFTP; - else if (s->is_subsystem) + if (IS_INTERNAL_SFTP(command)) { + s->is_subsystem = s->is_subsystem ? + SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; + } else if (s->is_subsystem) s->is_subsystem = SUBSYSTEM_EXT; debug("Forced command (key option) '%.900s'", command); } @@ -1783,7 +1786,11 @@ do_child(Session *s, const char *command) /* restore SIGPIPE for child */ signal(SIGPIPE, SIG_DFL); - if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { + if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { + printf("This service allows sftp connections only.\n"); + fflush(NULL); + exit(1); + } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { extern int optind, optreset; int i; char *p, *args;