version 1.32, 2012/11/04 10:38:43 |
version 1.33, 2012/11/14 02:24:27 |
|
|
goto out; |
goto out; |
} |
} |
|
|
debug3("Running AuthorizedKeysCommand: \"%s\" as \"%s\"", |
debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"", |
options.authorized_keys_command, pw->pw_name); |
options.authorized_keys_command, user_pw->pw_name, pw->pw_name); |
|
|
/* |
/* |
* Don't want to call this in the child, where it can fatal() and |
* Don't want to call this in the child, where it can fatal() and |
|
|
for (i = 0; i < NSIG; i++) |
for (i = 0; i < NSIG; i++) |
signal(i, SIG_DFL); |
signal(i, SIG_DFL); |
|
|
|
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { |
|
error("%s: open %s: %s", __func__, _PATH_DEVNULL, |
|
strerror(errno)); |
|
_exit(1); |
|
} |
|
/* Keep stderr around a while longer to catch errors */ |
|
if (dup2(devnull, STDIN_FILENO) == -1 || |
|
dup2(p[1], STDOUT_FILENO) == -1) { |
|
error("%s: dup2: %s", __func__, strerror(errno)); |
|
_exit(1); |
|
} |
closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
|
|
/* Don't use permanently_set_uid() here to avoid fatal() */ |
/* Don't use permanently_set_uid() here to avoid fatal() */ |
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { |
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { |
error("setresgid %u: %s", (u_int)pw->pw_gid, |
error("setresgid %u: %s", (u_int)pw->pw_gid, |
|
|
strerror(errno)); |
strerror(errno)); |
_exit(1); |
_exit(1); |
} |
} |
|
/* stdin is pointed to /dev/null at this point */ |
close(p[0]); |
if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) { |
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { |
|
error("%s: open %s: %s", __func__, _PATH_DEVNULL, |
|
strerror(errno)); |
|
_exit(1); |
|
} |
|
if (dup2(devnull, STDIN_FILENO) == -1 || |
|
dup2(p[1], STDOUT_FILENO) == -1 || |
|
dup2(devnull, STDERR_FILENO) == -1) { |
|
error("%s: dup2: %s", __func__, strerror(errno)); |
error("%s: dup2: %s", __func__, strerror(errno)); |
_exit(1); |
_exit(1); |
} |
} |
|
|
execl(options.authorized_keys_command, |
execl(options.authorized_keys_command, |
options.authorized_keys_command, pw->pw_name, NULL); |
options.authorized_keys_command, user_pw->pw_name, NULL); |
|
|
error("AuthorizedKeysCommand %s exec failed: %s", |
error("AuthorizedKeysCommand %s exec failed: %s", |
options.authorized_keys_command, strerror(errno)); |
options.authorized_keys_command, strerror(errno)); |