| version 1.293, 2017/10/23 05:08:00 |
version 1.294, 2018/03/03 03:15:51 |
|
|
| extern int startup_pipe; |
extern int startup_pipe; |
| extern void destroy_sensitive_data(void); |
extern void destroy_sensitive_data(void); |
| extern Buffer loginmsg; |
extern Buffer loginmsg; |
| |
extern struct sshauthopt *auth_opts; |
| char *tun_fwd_ifnames; /* serverloop.c */ |
char *tun_fwd_ifnames; /* serverloop.c */ |
| |
|
| /* original command from peer. */ |
/* original command from peer. */ |
|
|
| restore_uid(); |
restore_uid(); |
| } |
} |
| |
|
| |
static void |
| |
set_permitopen_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) |
| |
{ |
| |
char *tmp, *cp, *host; |
| |
int port; |
| |
size_t i; |
| |
|
| |
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
| |
return; |
| |
channel_clear_permitted_opens(ssh); |
| |
for (i = 0; i < auth_opts->npermitopen; i++) { |
| |
tmp = cp = xstrdup(auth_opts->permitopen[i]); |
| |
/* This shouldn't fail as it has already been checked */ |
| |
if ((host = hpdelim(&cp)) == NULL) |
| |
fatal("%s: internal error: hpdelim", __func__); |
| |
host = cleanhostname(host); |
| |
if (cp == NULL || (port = permitopen_port(cp)) < 0) |
| |
fatal("%s: internal error: permitopen port", |
| |
__func__); |
| |
channel_add_permitted_opens(ssh, host, port); |
| |
free(tmp); |
| |
} |
| |
} |
| |
|
| void |
void |
| do_authenticated(struct ssh *ssh, Authctxt *authctxt) |
do_authenticated(struct ssh *ssh, Authctxt *authctxt) |
| { |
{ |
| setproctitle("%s", authctxt->pw->pw_name); |
setproctitle("%s", authctxt->pw->pw_name); |
| |
|
| |
auth_log_authopts("active", auth_opts, 0); |
| |
|
| /* setup the channel layer */ |
/* setup the channel layer */ |
| /* XXX - streamlocal? */ |
/* XXX - streamlocal? */ |
| if (no_port_forwarding_flag || options.disable_forwarding || |
set_permitopen_from_authopts(ssh, auth_opts); |
| |
if (!auth_opts->permit_port_forwarding_flag || |
| |
options.disable_forwarding || |
| (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
(options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) |
| channel_disable_adm_local_opens(ssh); |
channel_disable_adm_local_opens(ssh); |
| else |
else |
|
|
| original_command = command; |
original_command = command; |
| command = options.adm_forced_command; |
command = options.adm_forced_command; |
| forced = "(config)"; |
forced = "(config)"; |
| } else if (forced_command) { |
} else if (auth_opts->force_command != NULL) { |
| original_command = command; |
original_command = command; |
| command = forced_command; |
command = auth_opts->force_command; |
| forced = "(key-option)"; |
forced = "(key-option)"; |
| } |
} |
| if (forced != NULL) { |
if (forced != NULL) { |
|
|
| do_setup_env(struct ssh *ssh, Session *s, const char *shell) |
do_setup_env(struct ssh *ssh, Session *s, const char *shell) |
| { |
{ |
| char buf[256]; |
char buf[256]; |
| |
size_t n; |
| u_int i, envsize; |
u_int i, envsize; |
| char **env, *laddr; |
char *ocp, *cp, **env, *laddr; |
| struct passwd *pw = s->pw; |
struct passwd *pw = s->pw; |
| |
|
| /* Initialize the environment. */ |
/* Initialize the environment. */ |
|
|
| if (getenv("TZ")) |
if (getenv("TZ")) |
| child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
| |
|
| /* Set custom environment options from RSA authentication. */ |
/* Set custom environment options from pubkey authentication. */ |
| while (custom_environment) { |
if (options.permit_user_env) { |
| struct envstring *ce = custom_environment; |
for (n = 0 ; n < auth_opts->nenv; n++) { |
| char *str = ce->s; |
ocp = xstrdup(auth_opts->env[n]); |
| |
cp = strchr(ocp, '='); |
| for (i = 0; str[i] != '=' && str[i]; i++) |
if (*cp == '=') { |
| ; |
*cp = '\0'; |
| if (str[i] == '=') { |
child_set_env(&env, &envsize, ocp, cp + 1); |
| str[i] = 0; |
} |
| child_set_env(&env, &envsize, str, str + i + 1); |
free(ocp); |
| } |
} |
| custom_environment = ce->next; |
|
| free(ce->s); |
|
| free(ce); |
|
| } |
} |
| |
|
| /* SSH_CLIENT deprecated */ |
/* SSH_CLIENT deprecated */ |
|
|
| * first in this order). |
* first in this order). |
| */ |
*/ |
| static void |
static void |
| do_rc_files(Session *s, const char *shell) |
do_rc_files(struct ssh *ssh, Session *s, const char *shell) |
| { |
{ |
| FILE *f = NULL; |
FILE *f = NULL; |
| char cmd[1024]; |
char cmd[1024]; |
|
|
| |
|
| /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
| if (!s->is_subsystem && options.adm_forced_command == NULL && |
if (!s->is_subsystem && options.adm_forced_command == NULL && |
| !no_user_rc && options.permit_user_rc && |
auth_opts->permit_user_rc && options.permit_user_rc && |
| stat(_PATH_SSH_USER_RC, &st) >= 0) { |
stat(_PATH_SSH_USER_RC, &st) >= 0) { |
| snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
| shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
|
|
| |
|
| closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
| |
|
| do_rc_files(s, shell); |
do_rc_files(ssh, s, shell); |
| |
|
| /* restore SIGPIPE for child */ |
/* restore SIGPIPE for child */ |
| signal(SIGPIPE, SIG_DFL); |
signal(SIGPIPE, SIG_DFL); |
|
|
| u_int len; |
u_int len; |
| int n_bytes; |
int n_bytes; |
| |
|
| if (no_pty_flag || !options.permit_tty) { |
if (!auth_opts->permit_pty_flag || !options.permit_tty) { |
| debug("Allocating a pty not permitted for this authentication."); |
debug("Allocating a pty not permitted for this connection."); |
| return 0; |
return 0; |
| } |
} |
| if (s->ttyfd != -1) { |
if (s->ttyfd != -1) { |
|
|
| session_auth_agent_req(struct ssh *ssh, Session *s) |
session_auth_agent_req(struct ssh *ssh, Session *s) |
| { |
{ |
| static int called = 0; |
static int called = 0; |
| |
|
| packet_check_eom(); |
packet_check_eom(); |
| if (no_agent_forwarding_flag || !options.allow_agent_forwarding) { |
if (!auth_opts->permit_agent_forwarding_flag || |
| debug("session_auth_agent_req: no_agent_forwarding_flag"); |
!options.allow_agent_forwarding) { |
| |
debug("%s: agent forwarding disabled", __func__); |
| return 0; |
return 0; |
| } |
} |
| if (called) { |
if (called) { |
|
|
| char hostname[NI_MAXHOST]; |
char hostname[NI_MAXHOST]; |
| u_int i; |
u_int i; |
| |
|
| if (no_x11_forwarding_flag) { |
if (!auth_opts->permit_x11_forwarding_flag) { |
| packet_send_debug("X11 forwarding disabled in user configuration file."); |
packet_send_debug("X11 forwarding disabled by key options."); |
| return 0; |
return 0; |
| } |
} |
| if (!options.x11_forwarding) { |
if (!options.x11_forwarding) { |
|
|
| } |
} |
| if (options.xauth_location == NULL || |
if (options.xauth_location == NULL || |
| (stat(options.xauth_location, &st) == -1)) { |
(stat(options.xauth_location, &st) == -1)) { |
| packet_send_debug("No xauth program; cannot forward with spoofing."); |
packet_send_debug("No xauth program; cannot forward X11."); |
| return 0; |
return 0; |
| } |
} |
| if (s->display != NULL) { |
if (s->display != NULL) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to session.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh