version 1.138, 2019/01/19 21:41:18 |
version 1.139, 2019/06/28 13:35:04 |
|
|
char *shell = xstrdup((pw->pw_shell[0] == '\0') ? |
char *shell = xstrdup((pw->pw_shell[0] == '\0') ? |
_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ |
_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ |
|
|
if (stat(shell, &st) != 0) { |
if (stat(shell, &st) == -1) { |
logit("User %.100s not allowed because shell %.100s " |
logit("User %.100s not allowed because shell %.100s " |
"does not exist", pw->pw_name, shell); |
"does not exist", pw->pw_name, shell); |
free(shell); |
free(shell); |
|
|
return NULL; |
return NULL; |
} |
} |
|
|
if (fstat(fd, &st) < 0) { |
if (fstat(fd, &st) == -1) { |
close(fd); |
close(fd); |
return NULL; |
return NULL; |
} |
} |
|
|
fromlen = sizeof(from); |
fromlen = sizeof(from); |
memset(&from, 0, sizeof(from)); |
memset(&from, 0, sizeof(from)); |
if (getpeername(ssh_packet_get_connection_in(ssh), |
if (getpeername(ssh_packet_get_connection_in(ssh), |
(struct sockaddr *)&from, &fromlen) < 0) { |
(struct sockaddr *)&from, &fromlen) == -1) { |
debug("getpeername failed: %.100s", strerror(errno)); |
debug("getpeername failed: %.100s", strerror(errno)); |
return strdup(ntop); |
return strdup(ntop); |
} |
} |
|
|
return 0; |
return 0; |
} |
} |
temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
if (stat(av[0], &st) < 0) { |
if (stat(av[0], &st) == -1) { |
error("Could not stat %s \"%s\": %s", tag, |
error("Could not stat %s \"%s\": %s", tag, |
av[0], strerror(errno)); |
av[0], strerror(errno)); |
restore_uid(); |
restore_uid(); |
|
|
return 0; |
return 0; |
} |
} |
/* Prepare to keep the child's stdout if requested */ |
/* Prepare to keep the child's stdout if requested */ |
if (pipe(p) != 0) { |
if (pipe(p) == -1) { |
error("%s: pipe: %s", tag, strerror(errno)); |
error("%s: pipe: %s", tag, strerror(errno)); |
restore_uid(); |
restore_uid(); |
return 0; |
return 0; |
|
|
closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
|
|
/* Don't use permanently_set_uid() here to avoid fatal() */ |
/* Don't use permanently_set_uid() here to avoid fatal() */ |
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { |
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { |
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, |
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, |
strerror(errno)); |
strerror(errno)); |
_exit(1); |
_exit(1); |
} |
} |
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { |
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) { |
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, |
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, |
strerror(errno)); |
strerror(errno)); |
_exit(1); |
_exit(1); |