version 1.266, 2013/07/19 07:37:48 |
version 1.267, 2013/10/14 21:20:52 |
|
|
do_exec(Session *s, const char *command) |
do_exec(Session *s, const char *command) |
{ |
{ |
int ret; |
int ret; |
|
const char *forced = NULL; |
|
char session_type[1024], *tty = NULL; |
|
|
if (options.adm_forced_command) { |
if (options.adm_forced_command) { |
original_command = command; |
original_command = command; |
command = options.adm_forced_command; |
command = options.adm_forced_command; |
if (IS_INTERNAL_SFTP(command)) { |
forced = "(config)"; |
s->is_subsystem = s->is_subsystem ? |
|
SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; |
|
} else if (s->is_subsystem) |
|
s->is_subsystem = SUBSYSTEM_EXT; |
|
debug("Forced command (config) '%.900s'", command); |
|
} else if (forced_command) { |
} else if (forced_command) { |
original_command = command; |
original_command = command; |
command = forced_command; |
command = forced_command; |
|
forced = "(key-option)"; |
|
} |
|
if (forced != NULL) { |
if (IS_INTERNAL_SFTP(command)) { |
if (IS_INTERNAL_SFTP(command)) { |
s->is_subsystem = s->is_subsystem ? |
s->is_subsystem = s->is_subsystem ? |
SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; |
SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; |
} else if (s->is_subsystem) |
} else if (s->is_subsystem) |
s->is_subsystem = SUBSYSTEM_EXT; |
s->is_subsystem = SUBSYSTEM_EXT; |
debug("Forced command (key option) '%.900s'", command); |
snprintf(session_type, sizeof(session_type), |
|
"forced-command %s '%.900s'", forced, command); |
|
} else if (s->is_subsystem) { |
|
snprintf(session_type, sizeof(session_type), |
|
"subsystem '%.900s'", s->subsys); |
|
} else if (command == NULL) { |
|
snprintf(session_type, sizeof(session_type), "shell"); |
|
} else { |
|
/* NB. we don't log unforced commands to preserve privacy */ |
|
snprintf(session_type, sizeof(session_type), "command"); |
} |
} |
|
|
|
if (s->ttyfd != -1) { |
|
tty = s->tty; |
|
if (strncmp(tty, "/dev/", 5) == 0) |
|
tty += 5; |
|
} |
|
|
|
verbose("Starting session: %s%s%s for %s from %.200s port %d", |
|
session_type, |
|
tty == NULL ? "" : " on ", |
|
tty == NULL ? "" : tty, |
|
s->pw->pw_name, |
|
get_remote_ipaddr(), |
|
get_remote_port()); |
|
|
#ifdef GSSAPI |
#ifdef GSSAPI |
if (options.gss_authentication) { |
if (options.gss_authentication) { |
temporarily_use_uid(s->pw); |
temporarily_use_uid(s->pw); |
|
|
struct stat st; |
struct stat st; |
u_int len; |
u_int len; |
int success = 0; |
int success = 0; |
char *prog, *cmd, *subsys = packet_get_string(&len); |
char *prog, *cmd; |
u_int i; |
u_int i; |
|
|
|
s->subsys = packet_get_string(&len); |
packet_check_eom(); |
packet_check_eom(); |
logit("subsystem request for %.100s by user %s", subsys, |
debug2("subsystem request for %.100s by user %s", s->subsys, |
s->pw->pw_name); |
s->pw->pw_name); |
|
|
for (i = 0; i < options.num_subsystems; i++) { |
for (i = 0; i < options.num_subsystems; i++) { |
if (strcmp(subsys, options.subsystem_name[i]) == 0) { |
if (strcmp(s->subsys, options.subsystem_name[i]) == 0) { |
prog = options.subsystem_command[i]; |
prog = options.subsystem_command[i]; |
cmd = options.subsystem_args[i]; |
cmd = options.subsystem_args[i]; |
if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { |
if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { |
|
|
} |
} |
|
|
if (!success) |
if (!success) |
logit("subsystem request for %.100s failed, subsystem not found", |
logit("subsystem request for %.100s by user %s failed, " |
subsys); |
"subsystem not found", s->subsys, s->pw->pw_name); |
|
|
free(subsys); |
|
return success; |
return success; |
} |
} |
|
|
|
|
free(s->auth_display); |
free(s->auth_display); |
free(s->auth_data); |
free(s->auth_data); |
free(s->auth_proto); |
free(s->auth_proto); |
|
free(s->subsys); |
if (s->env != NULL) { |
if (s->env != NULL) { |
for (i = 0; i < s->num_env; i++) { |
for (i = 0; i < s->num_env; i++) { |
free(s->env[i].name); |
free(s->env[i].name); |