version 1.278.2.1, 2016/03/10 11:54:22 |
version 1.279, 2015/10/24 22:52:22 |
|
|
#include <sys/socket.h> |
#include <sys/socket.h> |
#include <sys/queue.h> |
#include <sys/queue.h> |
|
|
#include <ctype.h> |
|
#include <errno.h> |
#include <errno.h> |
#include <fcntl.h> |
#include <fcntl.h> |
#include <grp.h> |
#include <grp.h> |
|
|
login_cap_t *lc; |
login_cap_t *lc; |
|
|
static int is_child = 0; |
static int is_child = 0; |
|
static int in_chroot = 0; |
|
|
/* Name and directory of socket for authentication agent forwarding. */ |
/* Name and directory of socket for authentication agent forwarding. */ |
static char *auth_sock_name = NULL; |
static char *auth_sock_name = NULL; |
|
|
do_cleanup(authctxt); |
do_cleanup(authctxt); |
} |
} |
|
|
/* Check untrusted xauth strings for metacharacters */ |
|
static int |
|
xauth_valid_string(const char *s) |
|
{ |
|
size_t i; |
|
|
|
for (i = 0; s[i] != '\0'; i++) { |
|
if (!isalnum((u_char)s[i]) && |
|
s[i] != '.' && s[i] != ':' && s[i] != '/' && |
|
s[i] != '-' && s[i] != '_') |
|
return 0; |
|
} |
|
return 1; |
|
} |
|
|
|
/* |
/* |
* Prepares for an interactive session. This is called after the user has |
* Prepares for an interactive session. This is called after the user has |
* been successfully authenticated. During this message exchange, pseudo |
* been successfully authenticated. During this message exchange, pseudo |
|
|
s->screen = 0; |
s->screen = 0; |
} |
} |
packet_check_eom(); |
packet_check_eom(); |
if (xauth_valid_string(s->auth_proto) && |
success = session_setup_x11fwd(s); |
xauth_valid_string(s->auth_data)) |
|
success = session_setup_x11fwd(s); |
|
else { |
|
success = 0; |
|
error("Invalid X11 forwarding data"); |
|
} |
|
if (!success) { |
if (!success) { |
free(s->auth_proto); |
free(s->auth_proto); |
free(s->auth_data); |
free(s->auth_data); |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
if (options.chroot_directory != NULL && |
if (!in_chroot && options.chroot_directory != NULL && |
strcasecmp(options.chroot_directory, "none") != 0) { |
strcasecmp(options.chroot_directory, "none") != 0) { |
tmp = tilde_expand_filename(options.chroot_directory, |
tmp = tilde_expand_filename(options.chroot_directory, |
pw->pw_uid); |
pw->pw_uid); |
|
|
/* Make sure we don't attempt to chroot again */ |
/* Make sure we don't attempt to chroot again */ |
free(options.chroot_directory); |
free(options.chroot_directory); |
options.chroot_directory = NULL; |
options.chroot_directory = NULL; |
|
in_chroot = 1; |
} |
} |
|
|
/* Set UID */ |
/* Set UID */ |
|
|
if (chdir(pw->pw_dir) < 0) { |
if (chdir(pw->pw_dir) < 0) { |
/* Suppress missing homedir warning for chroot case */ |
/* Suppress missing homedir warning for chroot case */ |
r = login_getcapbool(lc, "requirehome", 0); |
r = login_getcapbool(lc, "requirehome", 0); |
if (r || options.chroot_directory == NULL || |
if (r || !in_chroot) { |
strcasecmp(options.chroot_directory, "none") == 0) |
|
fprintf(stderr, "Could not chdir to home " |
fprintf(stderr, "Could not chdir to home " |
"directory %s: %s\n", pw->pw_dir, |
"directory %s: %s\n", pw->pw_dir, |
strerror(errno)); |
strerror(errno)); |
|
} |
if (r) |
if (r) |
exit(1); |
exit(1); |
} |
} |
|
|
s->screen = packet_get_int(); |
s->screen = packet_get_int(); |
packet_check_eom(); |
packet_check_eom(); |
|
|
if (xauth_valid_string(s->auth_proto) && |
success = session_setup_x11fwd(s); |
xauth_valid_string(s->auth_data)) |
|
success = session_setup_x11fwd(s); |
|
else { |
|
success = 0; |
|
error("Invalid X11 forwarding data"); |
|
} |
|
if (!success) { |
if (!success) { |
free(s->auth_proto); |
free(s->auth_proto); |
free(s->auth_data); |
free(s->auth_data); |