===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- src/usr.bin/ssh/session.c	2000/04/27 15:23:02	1.6
+++ src/usr.bin/ssh/session.c	2000/04/28 08:10:20	1.7
@@ -8,7 +8,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.6 2000/04/27 15:23:02 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.7 2000/04/28 08:10:20 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -34,6 +34,7 @@
 struct Session {
 	int	used;
 	int	self;
+	int	extended;
 	struct	passwd *pw;
 	pid_t	pid;
 	/* tty */
@@ -46,6 +47,7 @@
 	int	screen;
 	char	*auth_proto;
 	char	*auth_data;
+	int	single_connection;
 	/* proto 2 */
 	int	chanid;
 };
@@ -165,6 +167,7 @@
 		channel_permit_all_opens();
 
 	s = session_new();
+	s->pw = pw;
 
 	/*
 	 * We stay in this loop until the client requests to execute a shell
@@ -274,6 +277,7 @@
 				    xauthfile, strerror(errno));
 				xfree(xauthfile);
 				xauthfile = NULL;
+				/* XXXX remove listening channels */
 				break;
 			}
 			strlcat(xauthfile, "/cookies", MAXPATHLEN);
@@ -453,7 +457,7 @@
 	close(perr[1]);
 
 	if (compat20) {
-		session_set_fds(s, pin[1], pout[0], perr[0]);
+		session_set_fds(s, pin[1], pout[0], s->extended ? perr[0] : -1);
 	} else {
 		/* Enter the interactive session. */
 		server_loop(pid, pin[1], pout[0], perr[0]);
@@ -469,7 +473,7 @@
 	 * handle the case that fdin and fdout are the same.
 	 */
 	if (compat20) {
-		session_set_fds(s, inout[1], inout[1], err[1]);
+		session_set_fds(s, inout[1], inout[1], s->extended ? err[1] : -1);
 	} else {
 		server_loop(pid, inout[1], inout[1], err[1]);
 		/* server_loop has closed inout[1] and err[1]. */
@@ -1046,6 +1050,7 @@
 		Session *s = &sessions[i];
 		if (! s->used) {
 			s->pid = 0;
+			s->extended = 0;
 			s->chanid = -1;
 			s->ptyfd = -1;
 			s->ttyfd = -1;
@@ -1056,6 +1061,7 @@
 			s->auth_data = NULL;
 			s->auth_proto = NULL;
 			s->used = 1;
+			s->pw = NULL;
 			debug("session_new: session %d", i);
 			return s;
 		}
@@ -1087,12 +1093,11 @@
 		error("no more sessions");
 		return 0;
 	}
-	debug("session_open: session %d: link with channel %d", s->self, chanid);
-	s->chanid = chanid;
 	s->pw = auth_get_user();
 	if (s->pw == NULL)
-		fatal("no user for session %i channel %d",
-		    s->self, s->chanid);
+		fatal("no user for session %i", s->self);
+	debug("session_open: session %d: link with channel %d", s->self, chanid);
+	s->chanid = chanid;
 	return 1;
 }
 
@@ -1184,6 +1189,69 @@
 	return 1;
 }
 
+int
+session_subsystem_req(Session *s)
+{
+	unsigned int len;
+	int success = 0;
+	char *subsys = packet_get_string(&len);
+
+	packet_done();
+	log("subsystem request for %s", subsys);
+
+	xfree(subsys);
+	return success;
+}
+
+int
+session_x11_req(Session *s)
+{
+	if (!options.x11_forwarding) {
+		debug("X11 forwarding disabled in server configuration file.");
+		return 0;
+	}
+	if (xauthfile != NULL) {
+		debug("X11 fwd already started.");
+		return 0;
+	}
+
+	debug("Received request for X11 forwarding with auth spoofing.");
+	if (s->display != NULL)
+		packet_disconnect("Protocol error: X11 display already set.");
+
+	s->single_connection = packet_get_char();
+	s->auth_proto = packet_get_string(NULL);
+	s->auth_data = packet_get_string(NULL);
+	s->screen = packet_get_int();
+	packet_done();
+
+	s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
+	if (s->display == NULL) {
+		xfree(s->auth_proto);
+		xfree(s->auth_data);
+		return 0;
+	}
+	xauthfile = xmalloc(MAXPATHLEN);
+	strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
+	temporarily_use_uid(s->pw->pw_uid);
+	if (mkdtemp(xauthfile) == NULL) {
+		restore_uid();
+		error("private X11 dir: mkdtemp %s failed: %s",
+		    xauthfile, strerror(errno));
+		xfree(xauthfile);
+		xauthfile = NULL;
+		xfree(s->auth_proto);
+		xfree(s->auth_data);
+		/* XXXX remove listening channels */
+		return 0;
+	}
+	strlcat(xauthfile, "/cookies", MAXPATHLEN);
+	open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
+	restore_uid();
+	fatal_add_cleanup(xauthfile_cleanup_proc, s);
+	return 1;
+}
+
 void
 session_input_channel_req(int id, void *arg)
 {
@@ -1214,6 +1282,7 @@
 	if (c->type == SSH_CHANNEL_LARVAL) {
 		if (strcmp(rtype, "shell") == 0) {
 			packet_done();
+			s->extended = 1;
 			if (s->ttyfd == -1)
 				do_exec_no_pty(s, NULL, s->pw);
 			else
@@ -1222,6 +1291,7 @@
 		} else if (strcmp(rtype, "exec") == 0) {
 			char *command = packet_get_string(&len);
 			packet_done();
+			s->extended = 1;
 			if (s->ttyfd == -1)
 				do_exec_no_pty(s, command, s->pw);
 			else
@@ -1230,6 +1300,10 @@
 			success = 1;
 		} else if (strcmp(rtype, "pty-req") == 0) {
 			success =  session_pty_req(s);
+		} else if (strcmp(rtype, "x11-req") == 0) {
+			success = session_x11_req(s);
+		} else if (strcmp(rtype, "subsystem") == 0) {
+			success = session_subsystem_req(s);
 		}
 	}
 	if (strcmp(rtype, "window-change") == 0) {
@@ -1403,4 +1477,6 @@
 	 */
 	alarm(0);
 	server_loop2();
+	if (xauthfile)
+		xauthfile_cleanup_proc(NULL);
 }