| version 1.278.2.1, 2016/03/10 11:54:22 |
version 1.279, 2015/10/24 22:52:22 |
|
|
| #include <sys/socket.h> |
#include <sys/socket.h> |
| #include <sys/queue.h> |
#include <sys/queue.h> |
| |
|
| #include <ctype.h> |
|
| #include <errno.h> |
#include <errno.h> |
| #include <fcntl.h> |
#include <fcntl.h> |
| #include <grp.h> |
#include <grp.h> |
|
|
| login_cap_t *lc; |
login_cap_t *lc; |
| |
|
| static int is_child = 0; |
static int is_child = 0; |
| |
static int in_chroot = 0; |
| |
|
| /* Name and directory of socket for authentication agent forwarding. */ |
/* Name and directory of socket for authentication agent forwarding. */ |
| static char *auth_sock_name = NULL; |
static char *auth_sock_name = NULL; |
|
|
| do_cleanup(authctxt); |
do_cleanup(authctxt); |
| } |
} |
| |
|
| /* Check untrusted xauth strings for metacharacters */ |
|
| static int |
|
| xauth_valid_string(const char *s) |
|
| { |
|
| size_t i; |
|
| |
|
| for (i = 0; s[i] != '\0'; i++) { |
|
| if (!isalnum((u_char)s[i]) && |
|
| s[i] != '.' && s[i] != ':' && s[i] != '/' && |
|
| s[i] != '-' && s[i] != '_') |
|
| return 0; |
|
| } |
|
| return 1; |
|
| } |
|
| |
|
| /* |
/* |
| * Prepares for an interactive session. This is called after the user has |
* Prepares for an interactive session. This is called after the user has |
| * been successfully authenticated. During this message exchange, pseudo |
* been successfully authenticated. During this message exchange, pseudo |
|
|
| s->screen = 0; |
s->screen = 0; |
| } |
} |
| packet_check_eom(); |
packet_check_eom(); |
| if (xauth_valid_string(s->auth_proto) && |
success = session_setup_x11fwd(s); |
| xauth_valid_string(s->auth_data)) |
|
| success = session_setup_x11fwd(s); |
|
| else { |
|
| success = 0; |
|
| error("Invalid X11 forwarding data"); |
|
| } |
|
| if (!success) { |
if (!success) { |
| free(s->auth_proto); |
free(s->auth_proto); |
| free(s->auth_data); |
free(s->auth_data); |
|
|
| exit(1); |
exit(1); |
| } |
} |
| |
|
| if (options.chroot_directory != NULL && |
if (!in_chroot && options.chroot_directory != NULL && |
| strcasecmp(options.chroot_directory, "none") != 0) { |
strcasecmp(options.chroot_directory, "none") != 0) { |
| tmp = tilde_expand_filename(options.chroot_directory, |
tmp = tilde_expand_filename(options.chroot_directory, |
| pw->pw_uid); |
pw->pw_uid); |
|
|
| /* Make sure we don't attempt to chroot again */ |
/* Make sure we don't attempt to chroot again */ |
| free(options.chroot_directory); |
free(options.chroot_directory); |
| options.chroot_directory = NULL; |
options.chroot_directory = NULL; |
| |
in_chroot = 1; |
| } |
} |
| |
|
| /* Set UID */ |
/* Set UID */ |
|
|
| if (chdir(pw->pw_dir) < 0) { |
if (chdir(pw->pw_dir) < 0) { |
| /* Suppress missing homedir warning for chroot case */ |
/* Suppress missing homedir warning for chroot case */ |
| r = login_getcapbool(lc, "requirehome", 0); |
r = login_getcapbool(lc, "requirehome", 0); |
| if (r || options.chroot_directory == NULL || |
if (r || !in_chroot) { |
| strcasecmp(options.chroot_directory, "none") == 0) |
|
| fprintf(stderr, "Could not chdir to home " |
fprintf(stderr, "Could not chdir to home " |
| "directory %s: %s\n", pw->pw_dir, |
"directory %s: %s\n", pw->pw_dir, |
| strerror(errno)); |
strerror(errno)); |
| |
} |
| if (r) |
if (r) |
| exit(1); |
exit(1); |
| } |
} |
|
|
| s->screen = packet_get_int(); |
s->screen = packet_get_int(); |
| packet_check_eom(); |
packet_check_eom(); |
| |
|
| if (xauth_valid_string(s->auth_proto) && |
success = session_setup_x11fwd(s); |
| xauth_valid_string(s->auth_data)) |
|
| success = session_setup_x11fwd(s); |
|
| else { |
|
| success = 0; |
|
| error("Invalid X11 forwarding data"); |
|
| } |
|
| if (!success) { |
if (!success) { |
| free(s->auth_proto); |
free(s->auth_proto); |
| free(s->auth_data); |
free(s->auth_data); |
![[BACK]](/icons/back.gif){kind=icon}
Return to session.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh