version 1.289, 2017/06/24 05:24:11 |
version 1.290, 2017/06/24 06:34:38 |
|
|
#endif |
#endif |
#include "monitor_wrap.h" |
#include "monitor_wrap.h" |
#include "sftp.h" |
#include "sftp.h" |
|
#include "atomicio.h" |
|
|
#ifdef KRB5 |
#ifdef KRB5 |
#include <kafs.h> |
#include <kafs.h> |
|
|
static int is_child = 0; |
static int is_child = 0; |
static int in_chroot = 0; |
static int in_chroot = 0; |
|
|
|
/* File containing userauth info, if ExposeAuthInfo set */ |
|
static char *auth_info_file = NULL; |
|
|
/* Name and directory of socket for authentication agent forwarding. */ |
/* Name and directory of socket for authentication agent forwarding. */ |
static char *auth_sock_name = NULL; |
static char *auth_sock_name = NULL; |
static char *auth_sock_dir = NULL; |
static char *auth_sock_dir = NULL; |
|
|
} |
} |
} |
} |
|
|
|
static void |
|
prepare_auth_info_file(struct passwd *pw, struct sshbuf *info) |
|
{ |
|
int fd = -1, success = 0; |
|
|
|
if (!options.expose_userauth_info || info == NULL) |
|
return; |
|
|
|
temporarily_use_uid(pw); |
|
auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX"); |
|
if ((fd = mkstemp(auth_info_file)) == -1) { |
|
error("%s: mkstemp: %s", __func__, strerror(errno)); |
|
goto out; |
|
} |
|
if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info), |
|
sshbuf_len(info)) != sshbuf_len(info)) { |
|
error("%s: write: %s", __func__, strerror(errno)); |
|
goto out; |
|
} |
|
if (close(fd) != 0) { |
|
error("%s: close: %s", __func__, strerror(errno)); |
|
goto out; |
|
} |
|
success = 1; |
|
out: |
|
if (!success) { |
|
if (fd != -1) |
|
close(fd); |
|
free(auth_info_file); |
|
auth_info_file = NULL; |
|
} |
|
restore_uid(); |
|
} |
|
|
void |
void |
do_authenticated(Authctxt *authctxt) |
do_authenticated(Authctxt *authctxt) |
{ |
{ |
|
|
|
|
auth_debug_send(); |
auth_debug_send(); |
|
|
|
prepare_auth_info_file(authctxt->pw, authctxt->session_info); |
|
|
do_authenticated2(authctxt); |
do_authenticated2(authctxt); |
|
|
do_cleanup(authctxt); |
do_cleanup(authctxt); |
} |
} |
|
|
|
|
free(laddr); |
free(laddr); |
child_set_env(&env, &envsize, "SSH_CONNECTION", buf); |
child_set_env(&env, &envsize, "SSH_CONNECTION", buf); |
|
|
|
if (auth_info_file != NULL) |
|
child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file); |
if (s->ttyfd != -1) |
if (s->ttyfd != -1) |
child_set_env(&env, &envsize, "SSH_TTY", s->tty); |
child_set_env(&env, &envsize, "SSH_TTY", s->tty); |
if (s->term) |
if (s->term) |
|
|
|
|
/* remove agent socket */ |
/* remove agent socket */ |
auth_sock_cleanup_proc(authctxt->pw); |
auth_sock_cleanup_proc(authctxt->pw); |
|
|
|
/* remove userauth info */ |
|
if (auth_info_file != NULL) { |
|
temporarily_use_uid(authctxt->pw); |
|
unlink(auth_info_file); |
|
restore_uid(); |
|
free(auth_info_file); |
|
auth_info_file = NULL; |
|
} |
|
|
/* |
/* |
* Cleanup ptys/utmp only if privsep is disabled, |
* Cleanup ptys/utmp only if privsep is disabled, |