version 1.221.2.1, 2008/03/31 01:07:59 |
version 1.222, 2007/08/23 02:49:43 |
|
|
#define MAX_SESSIONS 10 |
#define MAX_SESSIONS 10 |
Session sessions[MAX_SESSIONS]; |
Session sessions[MAX_SESSIONS]; |
|
|
#ifdef HAVE_LOGIN_CAP |
|
login_cap_t *lc; |
login_cap_t *lc; |
#endif |
|
|
|
static int is_child = 0; |
static int is_child = 0; |
|
|
|
|
char buf[256]; |
char buf[256]; |
|
|
if (options.print_motd) { |
if (options.print_motd) { |
#ifdef HAVE_LOGIN_CAP |
|
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", |
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", |
"/etc/motd"), "r"); |
"/etc/motd"), "r"); |
#else |
|
f = fopen("/etc/motd", "r"); |
|
#endif |
|
if (f) { |
if (f) { |
while (fgets(buf, sizeof(buf), f)) |
while (fgets(buf, sizeof(buf), f)) |
fputs(buf, stdout); |
fputs(buf, stdout); |
|
|
if (command != NULL) |
if (command != NULL) |
return 1; |
return 1; |
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); |
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); |
#ifdef HAVE_LOGIN_CAP |
|
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) |
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) |
return 1; |
return 1; |
#else |
|
if (stat(buf, &st) >= 0) |
|
return 1; |
|
#endif |
|
return 0; |
return 0; |
} |
} |
|
|
|
|
child_set_env(&env, &envsize, "USER", pw->pw_name); |
child_set_env(&env, &envsize, "USER", pw->pw_name); |
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
#ifdef HAVE_LOGIN_CAP |
|
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
else |
else |
child_set_env(&env, &envsize, "PATH", getenv("PATH")); |
child_set_env(&env, &envsize, "PATH", getenv("PATH")); |
#else |
|
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
|
#endif |
|
|
|
snprintf(buf, sizeof buf, "%.200s/%.50s", |
snprintf(buf, sizeof buf, "%.200s/%.50s", |
_PATH_MAILDIR, pw->pw_name); |
_PATH_MAILDIR, pw->pw_name); |
|
|
do_xauth = |
do_xauth = |
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
|
|
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
/* ignore _PATH_SSH_USER_RC for subsystems */ |
if (!s->is_subsystem && options.adm_forced_command == NULL && |
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { |
(stat(_PATH_SSH_USER_RC, &st) >= 0)) { |
|
snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
if (debug_flag) |
if (debug_flag) |
|
|
FILE *f = NULL; |
FILE *f = NULL; |
char buf[1024]; |
char buf[1024]; |
|
|
#ifdef HAVE_LOGIN_CAP |
|
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) |
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) |
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, |
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, |
_PATH_NOLOGIN), "r"); |
_PATH_NOLOGIN), "r"); |
#else |
|
if (pw->pw_uid) |
|
f = fopen(_PATH_NOLOGIN, "r"); |
|
#endif |
|
if (f) { |
if (f) { |
/* /etc/nologin exists. Print its contents and exit. */ |
/* /etc/nologin exists. Print its contents and exit. */ |
logit("User %.100s not allowed because %s exists", |
logit("User %.100s not allowed because %s exists", |
|
|
do_setusercontext(struct passwd *pw) |
do_setusercontext(struct passwd *pw) |
{ |
{ |
if (getuid() == 0 || geteuid() == 0) { |
if (getuid() == 0 || geteuid() == 0) { |
#ifdef HAVE_LOGIN_CAP |
|
if (setusercontext(lc, pw, pw->pw_uid, |
if (setusercontext(lc, pw, pw->pw_uid, |
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |
perror("unable to set user context"); |
perror("unable to set user context"); |
exit(1); |
exit(1); |
} |
} |
#else |
|
if (setlogin(pw->pw_name) < 0) |
|
error("setlogin failed: %s", strerror(errno)); |
|
if (setgid(pw->pw_gid) < 0) { |
|
perror("setgid"); |
|
exit(1); |
|
} |
|
/* Initialize the group list. */ |
|
if (initgroups(pw->pw_name, pw->pw_gid) < 0) { |
|
perror("initgroups"); |
|
exit(1); |
|
} |
|
endgrent(); |
|
|
|
/* Permanently switch to the desired uid. */ |
|
permanently_set_uid(pw); |
|
#endif |
|
} |
} |
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
|
|
*/ |
*/ |
env = do_setup_env(s, shell); |
env = do_setup_env(s, shell); |
|
|
#ifdef HAVE_LOGIN_CAP |
|
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); |
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); |
#endif |
|
|
|
/* we have to stash the hostname before we close our socket. */ |
/* we have to stash the hostname before we close our socket. */ |
if (options.use_login) |
if (options.use_login) |
|
|
if (chdir(pw->pw_dir) < 0) { |
if (chdir(pw->pw_dir) < 0) { |
fprintf(stderr, "Could not chdir to home directory %s: %s\n", |
fprintf(stderr, "Could not chdir to home directory %s: %s\n", |
pw->pw_dir, strerror(errno)); |
pw->pw_dir, strerror(errno)); |
#ifdef HAVE_LOGIN_CAP |
|
if (login_getcapbool(lc, "requirehome", 0)) |
if (login_getcapbool(lc, "requirehome", 0)) |
exit(1); |
exit(1); |
#endif |
|
} |
} |
|
|
if (!options.use_login) |
if (!options.use_login) |