version 1.108.2.4, 2002/05/17 00:03:24 |
version 1.108.2.5, 2002/06/22 07:23:17 |
|
|
login_cap_t *lc; |
login_cap_t *lc; |
#endif |
#endif |
|
|
|
/* Name and directory of socket for authentication agent forwarding. */ |
|
static char *auth_sock_name = NULL; |
|
static char *auth_sock_dir = NULL; |
|
|
|
/* removes the agent forwarding socket */ |
|
|
|
static void |
|
auth_sock_cleanup_proc(void *_pw) |
|
{ |
|
struct passwd *pw = _pw; |
|
|
|
if (auth_sock_name != NULL) { |
|
temporarily_use_uid(pw); |
|
unlink(auth_sock_name); |
|
rmdir(auth_sock_dir); |
|
auth_sock_name = NULL; |
|
restore_uid(); |
|
} |
|
} |
|
|
|
static int |
|
auth_input_request_forwarding(struct passwd * pw) |
|
{ |
|
Channel *nc; |
|
int sock; |
|
struct sockaddr_un sunaddr; |
|
|
|
if (auth_sock_name != NULL) { |
|
error("authentication forwarding requested twice."); |
|
return 0; |
|
} |
|
|
|
/* Temporarily drop privileged uid for mkdir/bind. */ |
|
temporarily_use_uid(pw); |
|
|
|
/* Allocate a buffer for the socket name, and format the name. */ |
|
auth_sock_name = xmalloc(MAXPATHLEN); |
|
auth_sock_dir = xmalloc(MAXPATHLEN); |
|
strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); |
|
|
|
/* Create private directory for socket */ |
|
if (mkdtemp(auth_sock_dir) == NULL) { |
|
packet_send_debug("Agent forwarding disabled: " |
|
"mkdtemp() failed: %.100s", strerror(errno)); |
|
restore_uid(); |
|
xfree(auth_sock_name); |
|
xfree(auth_sock_dir); |
|
auth_sock_name = NULL; |
|
auth_sock_dir = NULL; |
|
return 0; |
|
} |
|
snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld", |
|
auth_sock_dir, (long) getpid()); |
|
|
|
/* delete agent socket on fatal() */ |
|
fatal_add_cleanup(auth_sock_cleanup_proc, pw); |
|
|
|
/* Create the socket. */ |
|
sock = socket(AF_UNIX, SOCK_STREAM, 0); |
|
if (sock < 0) |
|
packet_disconnect("socket: %.100s", strerror(errno)); |
|
|
|
/* Bind it to the name. */ |
|
memset(&sunaddr, 0, sizeof(sunaddr)); |
|
sunaddr.sun_family = AF_UNIX; |
|
strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); |
|
|
|
if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) |
|
packet_disconnect("bind: %.100s", strerror(errno)); |
|
|
|
/* Restore the privileged uid. */ |
|
restore_uid(); |
|
|
|
/* Start listening on the socket. */ |
|
if (listen(sock, 5) < 0) |
|
packet_disconnect("listen: %.100s", strerror(errno)); |
|
|
|
/* Allocate a channel for the authentication agent socket. */ |
|
nc = channel_new("auth socket", |
|
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, |
|
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, |
|
0, xstrdup("auth socket"), 1); |
|
strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); |
|
return 1; |
|
} |
|
|
|
|
void |
void |
do_authenticated(Authctxt *authctxt) |
do_authenticated(Authctxt *authctxt) |
{ |
{ |
|
|
do_authenticated1(authctxt); |
do_authenticated1(authctxt); |
|
|
/* remove agent socket */ |
/* remove agent socket */ |
if (auth_get_socket_name()) |
if (auth_sock_name != NULL) |
auth_sock_cleanup_proc(authctxt->pw); |
auth_sock_cleanup_proc(authctxt->pw); |
#ifdef KRB4 |
#ifdef KRB4 |
if (options.kerberos_ticket_cleanup) |
if (options.kerberos_ticket_cleanup) |
|
|
compression_level); |
compression_level); |
break; |
break; |
} |
} |
|
if (!options.compression) { |
|
debug2("compression disabled"); |
|
break; |
|
} |
/* Enable compression after we have responded with SUCCESS. */ |
/* Enable compression after we have responded with SUCCESS. */ |
enable_compression_after_reply = 1; |
enable_compression_after_reply = 1; |
success = 1; |
success = 1; |
|
|
void |
void |
do_exec_no_pty(Session *s, const char *command) |
do_exec_no_pty(Session *s, const char *command) |
{ |
{ |
int pid; |
pid_t pid; |
|
|
#ifdef USE_PIPES |
#ifdef USE_PIPES |
int pin[2], pout[2], perr[2]; |
int pin[2], pout[2], perr[2]; |
|
|
child_set_env(&env, &envsize, "KRB5CCNAME", |
child_set_env(&env, &envsize, "KRB5CCNAME", |
s->authctxt->krb5_ticket_file); |
s->authctxt->krb5_ticket_file); |
#endif |
#endif |
if (auth_get_socket_name() != NULL) |
if (auth_sock_name != NULL) |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
auth_get_socket_name()); |
auth_sock_name); |
|
|
/* read $HOME/.ssh/environment. */ |
/* read $HOME/.ssh/environment. */ |
if (!options.use_login) { |
if (!options.use_login) { |
|
|
/* Add authority data to .Xauthority if appropriate. */ |
/* Add authority data to .Xauthority if appropriate. */ |
if (debug_flag) { |
if (debug_flag) { |
fprintf(stderr, |
fprintf(stderr, |
"Running %.100s add " |
"Running %.500s add " |
"%.100s %.100s %.100s\n", |
"%.100s %.100s %.100s\n", |
options.xauth_location, s->auth_display, |
options.xauth_location, s->auth_display, |
s->auth_proto, s->auth_data); |
s->auth_proto, s->auth_data); |
|
|
int i; |
int i; |
for (i = 0; i < MAX_SESSIONS; i++) { |
for (i = 0; i < MAX_SESSIONS; i++) { |
Session *s = &sessions[i]; |
Session *s = &sessions[i]; |
debug("dump: used %d session %d %p channel %d pid %d", |
debug("dump: used %d session %d %p channel %d pid %ld", |
s->used, |
s->used, |
s->self, |
s->self, |
s, |
s, |
s->chanid, |
s->chanid, |
s->pid); |
(long)s->pid); |
} |
} |
} |
} |
|
|
|
|
session_by_pid(pid_t pid) |
session_by_pid(pid_t pid) |
{ |
{ |
int i; |
int i; |
debug("session_by_pid: pid %d", pid); |
debug("session_by_pid: pid %ld", (long)pid); |
for (i = 0; i < MAX_SESSIONS; i++) { |
for (i = 0; i < MAX_SESSIONS; i++) { |
Session *s = &sessions[i]; |
Session *s = &sessions[i]; |
if (s->used && s->pid == pid) |
if (s->used && s->pid == pid) |
return s; |
return s; |
} |
} |
error("session_by_pid: unknown pid %d", pid); |
error("session_by_pid: unknown pid %ld", (long)pid); |
session_dump(); |
session_dump(); |
return NULL; |
return NULL; |
} |
} |
|
|
if ((c = channel_lookup(s->chanid)) == NULL) |
if ((c = channel_lookup(s->chanid)) == NULL) |
fatal("session_exit_message: session %d: no channel %d", |
fatal("session_exit_message: session %d: no channel %d", |
s->self, s->chanid); |
s->self, s->chanid); |
debug("session_exit_message: session %d channel %d pid %d", |
debug("session_exit_message: session %d channel %d pid %ld", |
s->self, s->chanid, s->pid); |
s->self, s->chanid, (long)s->pid); |
|
|
if (WIFEXITED(status)) { |
if (WIFEXITED(status)) { |
channel_request_start(s->chanid, "exit-status", 0); |
channel_request_start(s->chanid, "exit-status", 0); |
|
|
void |
void |
session_close(Session *s) |
session_close(Session *s) |
{ |
{ |
debug("session_close: session %d pid %d", s->self, s->pid); |
debug("session_close: session %d pid %ld", s->self, (long)s->pid); |
if (s->ttyfd != -1) { |
if (s->ttyfd != -1) { |
fatal_remove_cleanup(session_pty_cleanup, (void *)s); |
fatal_remove_cleanup(session_pty_cleanup, (void *)s); |
session_pty_cleanup(s); |
session_pty_cleanup(s); |
|
|
{ |
{ |
Session *s = session_by_pid(pid); |
Session *s = session_by_pid(pid); |
if (s == NULL) { |
if (s == NULL) { |
debug("session_close_by_pid: no session for pid %d", pid); |
debug("session_close_by_pid: no session for pid %ld", |
|
(long)pid); |
return; |
return; |
} |
} |
if (s->chanid != -1) |
if (s->chanid != -1) |
|
|
debug("session_close_by_channel: no session for id %d", id); |
debug("session_close_by_channel: no session for id %d", id); |
return; |
return; |
} |
} |
debug("session_close_by_channel: channel %d child %d", id, s->pid); |
debug("session_close_by_channel: channel %d child %ld", |
|
id, (long)s->pid); |
if (s->pid != 0) { |
if (s->pid != 0) { |
debug("session_close_by_channel: channel %d: has child", id); |
debug("session_close_by_channel: channel %d: has child", id); |
/* |
/* |