version 1.181.2.2, 2006/02/03 02:53:45 |
version 1.182, 2005/06/17 02:44:33 |
|
|
#include "serverloop.h" |
#include "serverloop.h" |
#include "canohost.h" |
#include "canohost.h" |
#include "session.h" |
#include "session.h" |
#include "kex.h" |
|
#include "monitor_wrap.h" |
#include "monitor_wrap.h" |
|
|
#ifdef KRB5 |
#ifdef KRB5 |
|
|
static void |
static void |
display_loginmsg(void) |
display_loginmsg(void) |
{ |
{ |
if (buffer_len(&loginmsg) > 0) { |
if (buffer_len(&loginmsg) > 0) { |
buffer_append(&loginmsg, "\0", 1); |
buffer_append(&loginmsg, "\0", 1); |
printf("%s", (char *)buffer_ptr(&loginmsg)); |
printf("%s", (char *)buffer_ptr(&loginmsg)); |
buffer_clear(&loginmsg); |
buffer_clear(&loginmsg); |
} |
} |
} |
} |
|
|
void |
void |
|
|
{ |
{ |
setproctitle("%s", authctxt->pw->pw_name); |
setproctitle("%s", authctxt->pw->pw_name); |
|
|
|
/* |
|
* Cancel the alarm we set to limit the time taken for |
|
* authentication. |
|
*/ |
|
alarm(0); |
|
if (startup_pipe != -1) { |
|
close(startup_pipe); |
|
startup_pipe = -1; |
|
} |
/* setup the channel layer */ |
/* setup the channel layer */ |
if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
channel_permit_all_opens(); |
channel_permit_all_opens(); |
|
|
compression_level); |
compression_level); |
break; |
break; |
} |
} |
if (options.compression == COMP_NONE) { |
if (!options.compression) { |
debug2("compression disabled"); |
debug2("compression disabled"); |
break; |
break; |
} |
} |
|
|
endpwent(); |
endpwent(); |
|
|
/* |
/* |
* Close any extra open file descriptors so that we don't have them |
* Close any extra open file descriptors so that we don\'t have them |
* hanging around in clients. Note that we want to do this after |
* hanging around in clients. Note that we want to do this after |
* initgroups, because at least on Solaris 2.3 it leaves file |
* initgroups, because at least on Solaris 2.3 it leaves file |
* descriptors open. |
* descriptors open. |
|
|
*/ |
*/ |
|
|
if (options.kerberos_get_afs_token && k_hasafs() && |
if (options.kerberos_get_afs_token && k_hasafs() && |
(s->authctxt->krb5_ctx != NULL)) { |
(s->authctxt->krb5_ctx != NULL)) { |
char cell[64]; |
char cell[64]; |
|
|
debug("Getting AFS token"); |
debug("Getting AFS token"); |
|
|
} |
} |
#endif |
#endif |
|
|
/* Change current directory to the user's home directory. */ |
/* Change current directory to the user\'s home directory. */ |
if (chdir(pw->pw_dir) < 0) { |
if (chdir(pw->pw_dir) < 0) { |
fprintf(stderr, "Could not chdir to home directory %s: %s\n", |
fprintf(stderr, "Could not chdir to home directory %s: %s\n", |
pw->pw_dir, strerror(errno)); |
pw->pw_dir, strerror(errno)); |
|
|
s->ttyfd = -1; |
s->ttyfd = -1; |
s->used = 1; |
s->used = 1; |
s->self = i; |
s->self = i; |
s->x11_chanids = NULL; |
|
debug("session_new: session %d", i); |
debug("session_new: session %d", i); |
return s; |
return s; |
} |
} |
|
|
} |
} |
|
|
static Session * |
static Session * |
session_by_x11_channel(int id) |
|
{ |
|
int i, j; |
|
|
|
for (i = 0; i < MAX_SESSIONS; i++) { |
|
Session *s = &sessions[i]; |
|
|
|
if (s->x11_chanids == NULL || !s->used) |
|
continue; |
|
for (j = 0; s->x11_chanids[j] != -1; j++) { |
|
if (s->x11_chanids[j] == id) { |
|
debug("session_by_x11_channel: session %d " |
|
"channel %d", s->self, id); |
|
return s; |
|
} |
|
} |
|
} |
|
debug("session_by_x11_channel: unknown channel %d", id); |
|
session_dump(); |
|
return NULL; |
|
} |
|
|
|
static Session * |
|
session_by_pid(pid_t pid) |
session_by_pid(pid_t pid) |
{ |
{ |
int i; |
int i; |
|
|
{ |
{ |
int success; |
int success; |
|
|
if (s->auth_proto != NULL || s->auth_data != NULL) { |
|
error("session_x11_req: session %d: " |
|
"x11 forwarding already active", s->self); |
|
return 0; |
|
} |
|
s->single_connection = packet_get_char(); |
s->single_connection = packet_get_char(); |
s->auth_proto = packet_get_string(NULL); |
s->auth_proto = packet_get_string(NULL); |
s->auth_data = packet_get_string(NULL); |
s->auth_data = packet_get_string(NULL); |
|
|
} |
} |
|
|
static void |
static void |
session_close_x11(int id) |
|
{ |
|
Channel *c; |
|
|
|
if ((c = channel_by_id(id)) == NULL) { |
|
debug("session_close_x11: x11 channel %d missing", id); |
|
} else { |
|
/* Detach X11 listener */ |
|
debug("session_close_x11: detach x11 channel %d", id); |
|
channel_cancel_cleanup(id); |
|
if (c->ostate != CHAN_OUTPUT_CLOSED) |
|
chan_mark_dead(c); |
|
} |
|
} |
|
|
|
static void |
|
session_close_single_x11(int id, void *arg) |
|
{ |
|
Session *s; |
|
u_int i; |
|
|
|
debug3("session_close_single_x11: channel %d", id); |
|
channel_cancel_cleanup(id); |
|
if ((s = session_by_x11_channel(id)) == NULL) |
|
fatal("session_close_single_x11: no x11 channel %d", id); |
|
for (i = 0; s->x11_chanids[i] != -1; i++) { |
|
debug("session_close_single_x11: session %d: " |
|
"closing channel %d", s->self, s->x11_chanids[i]); |
|
/* |
|
* The channel "id" is already closing, but make sure we |
|
* close all of its siblings. |
|
*/ |
|
if (s->x11_chanids[i] != id) |
|
session_close_x11(s->x11_chanids[i]); |
|
} |
|
xfree(s->x11_chanids); |
|
s->x11_chanids = NULL; |
|
if (s->display) { |
|
xfree(s->display); |
|
s->display = NULL; |
|
} |
|
if (s->auth_proto) { |
|
xfree(s->auth_proto); |
|
s->auth_proto = NULL; |
|
} |
|
if (s->auth_data) { |
|
xfree(s->auth_data); |
|
s->auth_data = NULL; |
|
} |
|
if (s->auth_display) { |
|
xfree(s->auth_display); |
|
s->auth_display = NULL; |
|
} |
|
} |
|
|
|
static void |
|
session_exit_message(Session *s, int status) |
session_exit_message(Session *s, int status) |
{ |
{ |
Channel *c; |
Channel *c; |
|
|
|
|
/* disconnect channel */ |
/* disconnect channel */ |
debug("session_exit_message: release channel %d", s->chanid); |
debug("session_exit_message: release channel %d", s->chanid); |
s->pid = 0; |
channel_cancel_cleanup(s->chanid); |
|
|
/* |
/* |
* Adjust cleanup callback attachment to send close messages when |
|
* the channel gets EOF. The session will be then be closed |
|
* by session_close_by_channel when the childs close their fds. |
|
*/ |
|
channel_register_cleanup(c->self, session_close_by_channel, 1); |
|
|
|
/* |
|
* emulate a write failure with 'chan_write_failed', nobody will be |
* emulate a write failure with 'chan_write_failed', nobody will be |
* interested in data we write. |
* interested in data we write. |
* Note that we must not call 'chan_read_failed', since there could |
* Note that we must not call 'chan_read_failed', since there could |
|
|
*/ |
*/ |
if (c->ostate != CHAN_OUTPUT_CLOSED) |
if (c->ostate != CHAN_OUTPUT_CLOSED) |
chan_write_failed(c); |
chan_write_failed(c); |
|
s->chanid = -1; |
} |
} |
|
|
void |
void |
|
|
xfree(s->term); |
xfree(s->term); |
if (s->display) |
if (s->display) |
xfree(s->display); |
xfree(s->display); |
if (s->x11_chanids) |
|
xfree(s->x11_chanids); |
|
if (s->auth_display) |
if (s->auth_display) |
xfree(s->auth_display); |
xfree(s->auth_display); |
if (s->auth_data) |
if (s->auth_data) |
|
|
} |
} |
if (s->chanid != -1) |
if (s->chanid != -1) |
session_exit_message(s, status); |
session_exit_message(s, status); |
if (s->ttyfd != -1) |
session_close(s); |
session_pty_cleanup(s); |
|
} |
} |
|
|
/* |
/* |
|
|
session_close_by_channel(int id, void *arg) |
session_close_by_channel(int id, void *arg) |
{ |
{ |
Session *s = session_by_channel(id); |
Session *s = session_by_channel(id); |
u_int i; |
|
|
|
if (s == NULL) { |
if (s == NULL) { |
debug("session_close_by_channel: no session for id %d", id); |
debug("session_close_by_channel: no session for id %d", id); |
return; |
return; |
|
|
} |
} |
/* detach by removing callback */ |
/* detach by removing callback */ |
channel_cancel_cleanup(s->chanid); |
channel_cancel_cleanup(s->chanid); |
|
|
/* Close any X11 listeners associated with this session */ |
|
if (s->x11_chanids != NULL) { |
|
for (i = 0; s->x11_chanids[i] != -1; i++) { |
|
session_close_x11(s->x11_chanids[i]); |
|
s->x11_chanids[i] = -1; |
|
} |
|
} |
|
|
|
s->chanid = -1; |
s->chanid = -1; |
session_close(s); |
session_close(s); |
} |
} |
|
|
struct stat st; |
struct stat st; |
char display[512], auth_display[512]; |
char display[512], auth_display[512]; |
char hostname[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN]; |
u_int i; |
|
|
|
if (no_x11_forwarding_flag) { |
if (no_x11_forwarding_flag) { |
packet_send_debug("X11 forwarding disabled in user configuration file."); |
packet_send_debug("X11 forwarding disabled in user configuration file."); |
|
|
} |
} |
if (x11_create_display_inet(options.x11_display_offset, |
if (x11_create_display_inet(options.x11_display_offset, |
options.x11_use_localhost, s->single_connection, |
options.x11_use_localhost, s->single_connection, |
&s->display_number, &s->x11_chanids) == -1) { |
&s->display_number) == -1) { |
debug("x11_create_display_inet failed."); |
debug("x11_create_display_inet failed."); |
return 0; |
return 0; |
} |
|
for (i = 0; s->x11_chanids[i] != -1; i++) { |
|
channel_register_cleanup(s->x11_chanids[i], |
|
session_close_single_x11, 0); |
|
} |
} |
|
|
/* Set up a suitable value for the DISPLAY variable. */ |
/* Set up a suitable value for the DISPLAY variable. */ |