version 1.95, 2001/06/25 08:25:39 |
version 1.96, 2001/06/26 16:15:24 |
|
|
struct Session { |
struct Session { |
int used; |
int used; |
int self; |
int self; |
struct passwd *pw; |
struct passwd *pw; |
|
Authctxt *authctxt; |
pid_t pid; |
pid_t pid; |
/* tty */ |
/* tty */ |
char *term; |
char *term; |
|
|
/* remove agent socket */ |
/* remove agent socket */ |
if (auth_get_socket_name()) |
if (auth_get_socket_name()) |
auth_sock_cleanup_proc(authctxt->pw); |
auth_sock_cleanup_proc(authctxt->pw); |
|
#ifdef KRB4 |
|
if (options.kerberos_ticket_cleanup) |
|
krb4_cleanup_proc(authctxt); |
|
#endif |
|
#ifdef KRB5 |
|
if (options.kerberos_ticket_cleanup) |
|
krb5_cleanup_proc(authctxt); |
|
#endif |
} |
} |
|
|
/* |
/* |
|
|
u_int proto_len, data_len, dlen; |
u_int proto_len, data_len, dlen; |
|
|
s = session_new(); |
s = session_new(); |
|
s->authctxt = authctxt; |
s->pw = authctxt->pw; |
s->pw = authctxt->pw; |
|
|
/* |
/* |
|
|
if (packet_set_maxsize(packet_get_int()) > 0) |
if (packet_set_maxsize(packet_get_int()) > 0) |
success = 1; |
success = 1; |
break; |
break; |
|
|
|
#if defined(AFS) || defined(KRB5) |
|
case SSH_CMSG_HAVE_KERBEROS_TGT: |
|
if (!options.kerberos_tgt_passing) { |
|
verbose("Kerberos TGT passing disabled."); |
|
} else { |
|
char *kdata = packet_get_string(&dlen); |
|
packet_integrity_check(plen, 4 + dlen, type); |
|
|
|
/* XXX - 0x41, see creds_to_radix version */ |
|
if (kdata[0] != 0x41) { |
|
#ifdef KRB5 |
|
krb5_data tgt; |
|
tgt.data = kdata; |
|
tgt.length = dlen; |
|
|
|
if (auth_krb5_tgt(s->authctxt, &tgt)) |
|
success = 1; |
|
else |
|
verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); |
|
#endif /* KRB5 */ |
|
} else { |
|
#ifdef AFS |
|
if (auth_krb4_tgt(s->authctxt, kdata)) |
|
success = 1; |
|
else |
|
verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); |
|
#endif /* AFS */ |
|
} |
|
xfree(kdata); |
|
} |
|
break; |
|
#endif /* AFS || KRB5 */ |
|
|
|
#ifdef AFS |
|
case SSH_CMSG_HAVE_AFS_TOKEN: |
|
if (!options.afs_token_passing || !k_hasafs()) { |
|
verbose("AFS token passing disabled."); |
|
} else { |
|
/* Accept AFS token. */ |
|
char *token = packet_get_string(&dlen); |
|
packet_integrity_check(plen, 4 + dlen, type); |
|
|
|
if (auth_afs_token(s->authctxt, token)) |
|
success = 1; |
|
else |
|
verbose("AFS token refused for %.100s", |
|
s->authctxt->user); |
|
xfree(token); |
|
} |
|
break; |
|
#endif /* AFS */ |
|
|
case SSH_CMSG_EXEC_SHELL: |
case SSH_CMSG_EXEC_SHELL: |
case SSH_CMSG_EXEC_CMD: |
case SSH_CMSG_EXEC_CMD: |
|
|
check_quietlogin(Session *s, const char *command) |
check_quietlogin(Session *s, const char *command) |
{ |
{ |
char buf[256]; |
char buf[256]; |
struct passwd * pw = s->pw; |
struct passwd *pw = s->pw; |
struct stat st; |
struct stat st; |
|
|
/* Return 1 if .hushlogin exists or a command given. */ |
/* Return 1 if .hushlogin exists or a command given. */ |
|
|
do_child(Session *s, const char *command) |
do_child(Session *s, const char *command) |
{ |
{ |
const char *shell, *hostname = NULL, *cp = NULL; |
const char *shell, *hostname = NULL, *cp = NULL; |
struct passwd * pw = s->pw; |
struct passwd *pw = s->pw; |
char buf[256]; |
char buf[256]; |
char cmd[1024]; |
char cmd[1024]; |
FILE *f = NULL; |
FILE *f = NULL; |
|
|
/* Try to get AFS tokens for the local cell. */ |
/* Try to get AFS tokens for the local cell. */ |
if (k_hasafs()) { |
if (k_hasafs()) { |
char cell[64]; |
char cell[64]; |
|
|
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) |
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) |
krb_afslog(cell, 0); |
krb_afslog(cell, 0); |
|
|
krb_afslog(0, 0); |
krb_afslog(0, 0); |
} |
} |
#endif /* AFS */ |
#endif /* AFS */ |
|
|
if (original_command) |
if (original_command) |
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
original_command); |
original_command); |
|
|
#ifdef KRB4 |
#ifdef KRB4 |
{ |
if (s->authctxt->krb4_ticket_file) |
extern char *ticket; |
child_set_env(&env, &envsize, "KRBTKFILE", |
|
s->authctxt->krb4_ticket_file); |
if (ticket) |
#endif |
child_set_env(&env, &envsize, "KRBTKFILE", ticket); |
#ifdef KRB5 |
} |
if (s->authctxt->krb5_ticket_file) |
#endif /* KRB4 */ |
child_set_env(&env, &envsize, "KRB5CCNAME", |
|
s->authctxt->krb5_ticket_file); |
|
#endif |
if (auth_get_socket_name() != NULL) |
if (auth_get_socket_name() != NULL) |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
auth_get_socket_name()); |
auth_get_socket_name()); |