| version 1.221.4.1, 2008/03/31 01:12:07 |
version 1.222, 2007/08/23 02:49:43 |
|
|
| #define MAX_SESSIONS 10 |
#define MAX_SESSIONS 10 |
| Session sessions[MAX_SESSIONS]; |
Session sessions[MAX_SESSIONS]; |
| |
|
| #ifdef HAVE_LOGIN_CAP |
|
| login_cap_t *lc; |
login_cap_t *lc; |
| #endif |
|
| |
|
| static int is_child = 0; |
static int is_child = 0; |
| |
|
|
|
| char buf[256]; |
char buf[256]; |
| |
|
| if (options.print_motd) { |
if (options.print_motd) { |
| #ifdef HAVE_LOGIN_CAP |
|
| f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", |
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", |
| "/etc/motd"), "r"); |
"/etc/motd"), "r"); |
| #else |
|
| f = fopen("/etc/motd", "r"); |
|
| #endif |
|
| if (f) { |
if (f) { |
| while (fgets(buf, sizeof(buf), f)) |
while (fgets(buf, sizeof(buf), f)) |
| fputs(buf, stdout); |
fputs(buf, stdout); |
|
|
| if (command != NULL) |
if (command != NULL) |
| return 1; |
return 1; |
| snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); |
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); |
| #ifdef HAVE_LOGIN_CAP |
|
| if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) |
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) |
| return 1; |
return 1; |
| #else |
|
| if (stat(buf, &st) >= 0) |
|
| return 1; |
|
| #endif |
|
| return 0; |
return 0; |
| } |
} |
| |
|
|
|
| child_set_env(&env, &envsize, "USER", pw->pw_name); |
child_set_env(&env, &envsize, "USER", pw->pw_name); |
| child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
| child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
| #ifdef HAVE_LOGIN_CAP |
|
| if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
| child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
| else |
else |
| child_set_env(&env, &envsize, "PATH", getenv("PATH")); |
child_set_env(&env, &envsize, "PATH", getenv("PATH")); |
| #else |
|
| child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
|
| #endif |
|
| |
|
| snprintf(buf, sizeof buf, "%.200s/%.50s", |
snprintf(buf, sizeof buf, "%.200s/%.50s", |
| _PATH_MAILDIR, pw->pw_name); |
_PATH_MAILDIR, pw->pw_name); |
|
|
| do_xauth = |
do_xauth = |
| s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
| |
|
| /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
/* ignore _PATH_SSH_USER_RC for subsystems */ |
| if (!s->is_subsystem && options.adm_forced_command == NULL && |
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { |
| (stat(_PATH_SSH_USER_RC, &st) >= 0)) { |
|
| snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
| shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
| if (debug_flag) |
if (debug_flag) |
|
|
| FILE *f = NULL; |
FILE *f = NULL; |
| char buf[1024]; |
char buf[1024]; |
| |
|
| #ifdef HAVE_LOGIN_CAP |
|
| if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) |
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) |
| f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, |
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, |
| _PATH_NOLOGIN), "r"); |
_PATH_NOLOGIN), "r"); |
| #else |
|
| if (pw->pw_uid) |
|
| f = fopen(_PATH_NOLOGIN, "r"); |
|
| #endif |
|
| if (f) { |
if (f) { |
| /* /etc/nologin exists. Print its contents and exit. */ |
/* /etc/nologin exists. Print its contents and exit. */ |
| logit("User %.100s not allowed because %s exists", |
logit("User %.100s not allowed because %s exists", |
|
|
| do_setusercontext(struct passwd *pw) |
do_setusercontext(struct passwd *pw) |
| { |
{ |
| if (getuid() == 0 || geteuid() == 0) { |
if (getuid() == 0 || geteuid() == 0) { |
| #ifdef HAVE_LOGIN_CAP |
|
| if (setusercontext(lc, pw, pw->pw_uid, |
if (setusercontext(lc, pw, pw->pw_uid, |
| (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |
| perror("unable to set user context"); |
perror("unable to set user context"); |
| exit(1); |
exit(1); |
| } |
} |
| #else |
|
| if (setlogin(pw->pw_name) < 0) |
|
| error("setlogin failed: %s", strerror(errno)); |
|
| if (setgid(pw->pw_gid) < 0) { |
|
| perror("setgid"); |
|
| exit(1); |
|
| } |
|
| /* Initialize the group list. */ |
|
| if (initgroups(pw->pw_name, pw->pw_gid) < 0) { |
|
| perror("initgroups"); |
|
| exit(1); |
|
| } |
|
| endgrent(); |
|
| |
|
| /* Permanently switch to the desired uid. */ |
|
| permanently_set_uid(pw); |
|
| #endif |
|
| } |
} |
| if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
| fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
|
|
| */ |
*/ |
| env = do_setup_env(s, shell); |
env = do_setup_env(s, shell); |
| |
|
| #ifdef HAVE_LOGIN_CAP |
|
| shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); |
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); |
| #endif |
|
| |
|
| /* we have to stash the hostname before we close our socket. */ |
/* we have to stash the hostname before we close our socket. */ |
| if (options.use_login) |
if (options.use_login) |
|
|
| if (chdir(pw->pw_dir) < 0) { |
if (chdir(pw->pw_dir) < 0) { |
| fprintf(stderr, "Could not chdir to home directory %s: %s\n", |
fprintf(stderr, "Could not chdir to home directory %s: %s\n", |
| pw->pw_dir, strerror(errno)); |
pw->pw_dir, strerror(errno)); |
| #ifdef HAVE_LOGIN_CAP |
|
| if (login_getcapbool(lc, "requirehome", 0)) |
if (login_getcapbool(lc, "requirehome", 0)) |
| exit(1); |
exit(1); |
| #endif |
|
| } |
} |
| |
|
| if (!options.use_login) |
if (!options.use_login) |
![[BACK]](/icons/back.gif){kind=icon}
Return to session.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh