| version 1.95, 2001/06/25 08:25:39 |
version 1.96, 2001/06/26 16:15:24 |
|
|
| struct Session { |
struct Session { |
| int used; |
int used; |
| int self; |
int self; |
| struct passwd *pw; |
struct passwd *pw; |
| |
Authctxt *authctxt; |
| pid_t pid; |
pid_t pid; |
| /* tty */ |
/* tty */ |
| char *term; |
char *term; |
|
|
| /* remove agent socket */ |
/* remove agent socket */ |
| if (auth_get_socket_name()) |
if (auth_get_socket_name()) |
| auth_sock_cleanup_proc(authctxt->pw); |
auth_sock_cleanup_proc(authctxt->pw); |
| |
#ifdef KRB4 |
| |
if (options.kerberos_ticket_cleanup) |
| |
krb4_cleanup_proc(authctxt); |
| |
#endif |
| |
#ifdef KRB5 |
| |
if (options.kerberos_ticket_cleanup) |
| |
krb5_cleanup_proc(authctxt); |
| |
#endif |
| } |
} |
| |
|
| /* |
/* |
|
|
| u_int proto_len, data_len, dlen; |
u_int proto_len, data_len, dlen; |
| |
|
| s = session_new(); |
s = session_new(); |
| |
s->authctxt = authctxt; |
| s->pw = authctxt->pw; |
s->pw = authctxt->pw; |
| |
|
| /* |
/* |
|
|
| if (packet_set_maxsize(packet_get_int()) > 0) |
if (packet_set_maxsize(packet_get_int()) > 0) |
| success = 1; |
success = 1; |
| break; |
break; |
| |
|
| |
#if defined(AFS) || defined(KRB5) |
| |
case SSH_CMSG_HAVE_KERBEROS_TGT: |
| |
if (!options.kerberos_tgt_passing) { |
| |
verbose("Kerberos TGT passing disabled."); |
| |
} else { |
| |
char *kdata = packet_get_string(&dlen); |
| |
packet_integrity_check(plen, 4 + dlen, type); |
| |
|
| |
/* XXX - 0x41, see creds_to_radix version */ |
| |
if (kdata[0] != 0x41) { |
| |
#ifdef KRB5 |
| |
krb5_data tgt; |
| |
tgt.data = kdata; |
| |
tgt.length = dlen; |
| |
|
| |
if (auth_krb5_tgt(s->authctxt, &tgt)) |
| |
success = 1; |
| |
else |
| |
verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); |
| |
#endif /* KRB5 */ |
| |
} else { |
| |
#ifdef AFS |
| |
if (auth_krb4_tgt(s->authctxt, kdata)) |
| |
success = 1; |
| |
else |
| |
verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); |
| |
#endif /* AFS */ |
| |
} |
| |
xfree(kdata); |
| |
} |
| |
break; |
| |
#endif /* AFS || KRB5 */ |
| |
|
| |
#ifdef AFS |
| |
case SSH_CMSG_HAVE_AFS_TOKEN: |
| |
if (!options.afs_token_passing || !k_hasafs()) { |
| |
verbose("AFS token passing disabled."); |
| |
} else { |
| |
/* Accept AFS token. */ |
| |
char *token = packet_get_string(&dlen); |
| |
packet_integrity_check(plen, 4 + dlen, type); |
| |
|
| |
if (auth_afs_token(s->authctxt, token)) |
| |
success = 1; |
| |
else |
| |
verbose("AFS token refused for %.100s", |
| |
s->authctxt->user); |
| |
xfree(token); |
| |
} |
| |
break; |
| |
#endif /* AFS */ |
| |
|
| case SSH_CMSG_EXEC_SHELL: |
case SSH_CMSG_EXEC_SHELL: |
| case SSH_CMSG_EXEC_CMD: |
case SSH_CMSG_EXEC_CMD: |
|
|
| check_quietlogin(Session *s, const char *command) |
check_quietlogin(Session *s, const char *command) |
| { |
{ |
| char buf[256]; |
char buf[256]; |
| struct passwd * pw = s->pw; |
struct passwd *pw = s->pw; |
| struct stat st; |
struct stat st; |
| |
|
| /* Return 1 if .hushlogin exists or a command given. */ |
/* Return 1 if .hushlogin exists or a command given. */ |
|
|
| do_child(Session *s, const char *command) |
do_child(Session *s, const char *command) |
| { |
{ |
| const char *shell, *hostname = NULL, *cp = NULL; |
const char *shell, *hostname = NULL, *cp = NULL; |
| struct passwd * pw = s->pw; |
struct passwd *pw = s->pw; |
| char buf[256]; |
char buf[256]; |
| char cmd[1024]; |
char cmd[1024]; |
| FILE *f = NULL; |
FILE *f = NULL; |
|
|
| /* Try to get AFS tokens for the local cell. */ |
/* Try to get AFS tokens for the local cell. */ |
| if (k_hasafs()) { |
if (k_hasafs()) { |
| char cell[64]; |
char cell[64]; |
| |
|
| if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) |
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) |
| krb_afslog(cell, 0); |
krb_afslog(cell, 0); |
| |
|
| krb_afslog(0, 0); |
krb_afslog(0, 0); |
| } |
} |
| #endif /* AFS */ |
#endif /* AFS */ |
|
|
| if (original_command) |
if (original_command) |
| child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
| original_command); |
original_command); |
| |
|
| #ifdef KRB4 |
#ifdef KRB4 |
| { |
if (s->authctxt->krb4_ticket_file) |
| extern char *ticket; |
child_set_env(&env, &envsize, "KRBTKFILE", |
| |
s->authctxt->krb4_ticket_file); |
| if (ticket) |
#endif |
| child_set_env(&env, &envsize, "KRBTKFILE", ticket); |
#ifdef KRB5 |
| } |
if (s->authctxt->krb5_ticket_file) |
| #endif /* KRB4 */ |
child_set_env(&env, &envsize, "KRB5CCNAME", |
| |
s->authctxt->krb5_ticket_file); |
| |
#endif |
| if (auth_get_socket_name() != NULL) |
if (auth_get_socket_name() != NULL) |
| child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
| auth_get_socket_name()); |
auth_get_socket_name()); |
![[BACK]](/icons/back.gif){kind=icon}
Return to session.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh