[BACK]Return to session.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/session.c, Revision 1.273

1.273   ! djm         1: /* $OpenBSD: session.c,v 1.272 2014/07/03 03:34:09 djm Exp $ */
1.1       markus      2: /*
                      3:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      4:  *                    All rights reserved
1.37      deraadt     5:  *
                      6:  * As far as I am concerned, the code I have written for this software
                      7:  * can be used freely for any purpose.  Any derived versions of this
                      8:  * software must be clearly marked as such, and if the derived work is
                      9:  * incompatible with the protocol description in the RFC file, it must be
                     10:  * called by a name other than "ssh" or "Secure Shell".
                     11:  *
1.2       markus     12:  * SSH2 support by Markus Friedl.
1.95      markus     13:  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
1.37      deraadt    14:  *
                     15:  * Redistribution and use in source and binary forms, with or without
                     16:  * modification, are permitted provided that the following conditions
                     17:  * are met:
                     18:  * 1. Redistributions of source code must retain the above copyright
                     19:  *    notice, this list of conditions and the following disclaimer.
                     20:  * 2. Redistributions in binary form must reproduce the above copyright
                     21:  *    notice, this list of conditions and the following disclaimer in the
                     22:  *    documentation and/or other materials provided with the distribution.
                     23:  *
                     24:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
                     25:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
                     26:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
                     27:  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
                     28:  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
                     29:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                     30:  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
                     31:  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
                     32:  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
                     33:  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.2       markus     34:  */
1.1       markus     35:
1.193     stevesk    36: #include <sys/types.h>
                     37: #include <sys/wait.h>
1.194     stevesk    38: #include <sys/un.h>
1.196     stevesk    39: #include <sys/stat.h>
1.207     stevesk    40: #include <sys/socket.h>
1.213     stevesk    41: #include <sys/param.h>
1.236     djm        42: #include <sys/queue.h>
1.192     stevesk    43:
1.209     stevesk    44: #include <errno.h>
1.253     djm        45: #include <fcntl.h>
1.204     stevesk    46: #include <grp.h>
1.223     djm        47: #include <login_cap.h>
1.272     djm        48: #include <netdb.h>
1.192     stevesk    49: #include <paths.h>
1.206     stevesk    50: #include <pwd.h>
1.195     stevesk    51: #include <signal.h>
1.215     stevesk    52: #include <stdio.h>
1.214     stevesk    53: #include <stdlib.h>
1.212     stevesk    54: #include <string.h>
1.211     stevesk    55: #include <unistd.h>
1.1       markus     56:
1.216     deraadt    57: #include "xmalloc.h"
1.51      markus     58: #include "ssh.h"
                     59: #include "ssh1.h"
                     60: #include "ssh2.h"
1.59      djm        61: #include "sshpty.h"
1.1       markus     62: #include "packet.h"
                     63: #include "buffer.h"
1.173     djm        64: #include "match.h"
1.1       markus     65: #include "uidswap.h"
                     66: #include "compat.h"
1.78      markus     67: #include "channels.h"
1.216     deraadt    68: #include "key.h"
                     69: #include "cipher.h"
                     70: #include "kex.h"
                     71: #include "hostfile.h"
1.2       markus     72: #include "auth.h"
1.19      markus     73: #include "auth-options.h"
1.266     markus     74: #include "authfd.h"
1.50      markus     75: #include "pathnames.h"
1.51      markus     76: #include "log.h"
                     77: #include "servconf.h"
1.59      djm        78: #include "sshlogin.h"
1.51      markus     79: #include "serverloop.h"
                     80: #include "canohost.h"
1.226     djm        81: #include "misc.h"
1.55      itojun     82: #include "session.h"
1.216     deraadt    83: #ifdef GSSAPI
                     84: #include "ssh-gss.h"
                     85: #endif
1.130     provos     86: #include "monitor_wrap.h"
1.225     markus     87: #include "sftp.h"
1.171     markus     88:
                     89: #ifdef KRB5
                     90: #include <kafs.h>
1.161     markus     91: #endif
                     92:
1.242     djm        93: #define IS_INTERNAL_SFTP(c) \
                     94:        (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
                     95:         (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
                     96:          c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
                     97:          c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
                     98:
1.1       markus     99: /* func */
                    100:
                    101: Session *session_new(void);
1.256     djm       102: void   session_set_fds(Session *, int, int, int, int, int);
1.165     markus    103: void   session_pty_cleanup(Session *);
1.94      itojun    104: void   session_proctitle(Session *);
                    105: int    session_setup_x11fwd(Session *);
1.237     djm       106: int    do_exec_pty(Session *, const char *);
                    107: int    do_exec_no_pty(Session *, const char *);
                    108: int    do_exec(Session *, const char *);
1.94      itojun    109: void   do_login(Session *, const char *);
                    110: void   do_child(Session *, const char *);
1.73      djm       111: void   do_motd(void);
1.94      itojun    112: int    check_quietlogin(Session *, const char *);
1.1       markus    113:
1.94      itojun    114: static void do_authenticated1(Authctxt *);
                    115: static void do_authenticated2(Authctxt *);
                    116:
                    117: static int session_pty_req(Session *);
1.65      markus    118:
1.1       markus    119: /* import */
                    120: extern ServerOptions options;
                    121: extern char *__progname;
                    122: extern int log_stderr;
                    123: extern int debug_flag;
1.45      markus    124: extern u_int utmp_len;
1.21      markus    125: extern int startup_pipe;
1.74      markus    126: extern void destroy_sensitive_data(void);
1.179     dtucker   127: extern Buffer loginmsg;
1.21      markus    128:
1.34      markus    129: /* original command from peer. */
1.92      markus    130: const char *original_command = NULL;
1.34      markus    131:
1.1       markus    132: /* data */
1.237     djm       133: static int sessions_first_unused = -1;
                    134: static int sessions_nalloc = 0;
                    135: static Session *sessions = NULL;
1.1       markus    136:
1.248     djm       137: #define SUBSYSTEM_NONE                 0
                    138: #define SUBSYSTEM_EXT                  1
                    139: #define SUBSYSTEM_INT_SFTP             2
                    140: #define SUBSYSTEM_INT_SFTP_ERROR       3
1.225     markus    141:
1.129     provos    142: login_cap_t *lc;
1.28      millert   143:
1.165     markus    144: static int is_child = 0;
                    145:
1.136     markus    146: /* Name and directory of socket for authentication agent forwarding. */
                    147: static char *auth_sock_name = NULL;
                    148: static char *auth_sock_dir = NULL;
                    149:
                    150: /* removes the agent forwarding socket */
                    151:
                    152: static void
1.165     markus    153: auth_sock_cleanup_proc(struct passwd *pw)
1.136     markus    154: {
                    155:        if (auth_sock_name != NULL) {
                    156:                temporarily_use_uid(pw);
                    157:                unlink(auth_sock_name);
                    158:                rmdir(auth_sock_dir);
                    159:                auth_sock_name = NULL;
                    160:                restore_uid();
                    161:        }
                    162: }
                    163:
                    164: static int
                    165: auth_input_request_forwarding(struct passwd * pw)
                    166: {
                    167:        Channel *nc;
1.237     djm       168:        int sock = -1;
1.136     markus    169:        struct sockaddr_un sunaddr;
                    170:
                    171:        if (auth_sock_name != NULL) {
                    172:                error("authentication forwarding requested twice.");
                    173:                return 0;
                    174:        }
                    175:
                    176:        /* Temporarily drop privileged uid for mkdir/bind. */
                    177:        temporarily_use_uid(pw);
                    178:
                    179:        /* Allocate a buffer for the socket name, and format the name. */
1.237     djm       180:        auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
1.136     markus    181:
                    182:        /* Create private directory for socket */
                    183:        if (mkdtemp(auth_sock_dir) == NULL) {
                    184:                packet_send_debug("Agent forwarding disabled: "
                    185:                    "mkdtemp() failed: %.100s", strerror(errno));
                    186:                restore_uid();
1.265     djm       187:                free(auth_sock_dir);
1.136     markus    188:                auth_sock_dir = NULL;
1.237     djm       189:                goto authsock_err;
1.136     markus    190:        }
1.237     djm       191:
                    192:        xasprintf(&auth_sock_name, "%s/agent.%ld",
                    193:            auth_sock_dir, (long) getpid());
1.136     markus    194:
                    195:        /* Create the socket. */
                    196:        sock = socket(AF_UNIX, SOCK_STREAM, 0);
1.237     djm       197:        if (sock < 0) {
                    198:                error("socket: %.100s", strerror(errno));
                    199:                restore_uid();
                    200:                goto authsock_err;
                    201:        }
1.136     markus    202:
                    203:        /* Bind it to the name. */
                    204:        memset(&sunaddr, 0, sizeof(sunaddr));
                    205:        sunaddr.sun_family = AF_UNIX;
                    206:        strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
                    207:
1.237     djm       208:        if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
                    209:                error("bind: %.100s", strerror(errno));
                    210:                restore_uid();
                    211:                goto authsock_err;
                    212:        }
1.136     markus    213:
                    214:        /* Restore the privileged uid. */
                    215:        restore_uid();
                    216:
                    217:        /* Start listening on the socket. */
1.237     djm       218:        if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                    219:                error("listen: %.100s", strerror(errno));
                    220:                goto authsock_err;
                    221:        }
1.136     markus    222:
                    223:        /* Allocate a channel for the authentication agent socket. */
                    224:        nc = channel_new("auth socket",
                    225:            SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
                    226:            CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
1.156     markus    227:            0, "auth socket", 1);
1.245     djm       228:        nc->path = xstrdup(auth_sock_name);
1.136     markus    229:        return 1;
1.237     djm       230:
                    231:  authsock_err:
1.265     djm       232:        free(auth_sock_name);
1.237     djm       233:        if (auth_sock_dir != NULL) {
                    234:                rmdir(auth_sock_dir);
1.265     djm       235:                free(auth_sock_dir);
1.237     djm       236:        }
                    237:        if (sock != -1)
                    238:                close(sock);
                    239:        auth_sock_name = NULL;
                    240:        auth_sock_dir = NULL;
                    241:        return 0;
1.136     markus    242: }
                    243:
1.179     dtucker   244: static void
                    245: display_loginmsg(void)
                    246: {
1.183     djm       247:        if (buffer_len(&loginmsg) > 0) {
                    248:                buffer_append(&loginmsg, "\0", 1);
                    249:                printf("%s", (char *)buffer_ptr(&loginmsg));
                    250:                buffer_clear(&loginmsg);
                    251:        }
1.179     dtucker   252: }
1.136     markus    253:
1.65      markus    254: void
                    255: do_authenticated(Authctxt *authctxt)
                    256: {
1.153     markus    257:        setproctitle("%s", authctxt->pw->pw_name);
                    258:
1.65      markus    259:        /* setup the channel layer */
1.261     djm       260:        if (no_port_forwarding_flag ||
                    261:            (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
                    262:                channel_disable_adm_local_opens();
                    263:        else
1.65      markus    264:                channel_permit_all_opens();
1.252     dtucker   265:
                    266:        auth_debug_send();
1.65      markus    267:
                    268:        if (compat20)
                    269:                do_authenticated2(authctxt);
                    270:        else
                    271:                do_authenticated1(authctxt);
1.79      markus    272:
1.165     markus    273:        do_cleanup(authctxt);
1.65      markus    274: }
                    275:
1.1       markus    276: /*
                    277:  * Prepares for an interactive session.  This is called after the user has
                    278:  * been successfully authenticated.  During this message exchange, pseudo
                    279:  * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
                    280:  * are requested, etc.
                    281:  */
1.94      itojun    282: static void
1.65      markus    283: do_authenticated1(Authctxt *authctxt)
1.1       markus    284: {
                    285:        Session *s;
1.65      markus    286:        char *command;
1.117     markus    287:        int success, type, screen_flag;
1.139     deraadt   288:        int enable_compression_after_reply = 0;
                    289:        u_int proto_len, data_len, dlen, compression_level = 0;
1.1       markus    290:
1.61      markus    291:        s = session_new();
1.181     markus    292:        if (s == NULL) {
                    293:                error("no more sessions");
                    294:                return;
                    295:        }
1.96      dugsong   296:        s->authctxt = authctxt;
1.65      markus    297:        s->pw = authctxt->pw;
1.28      millert   298:
1.1       markus    299:        /*
                    300:         * We stay in this loop until the client requests to execute a shell
                    301:         * or a command.
                    302:         */
                    303:        for (;;) {
1.65      markus    304:                success = 0;
1.1       markus    305:
                    306:                /* Get a packet from the client. */
1.117     markus    307:                type = packet_read();
1.1       markus    308:
                    309:                /* Process the packet. */
                    310:                switch (type) {
                    311:                case SSH_CMSG_REQUEST_COMPRESSION:
                    312:                        compression_level = packet_get_int();
1.116     markus    313:                        packet_check_eom();
1.1       markus    314:                        if (compression_level < 1 || compression_level > 9) {
1.180     markus    315:                                packet_send_debug("Received invalid compression level %d.",
1.112     deraadt   316:                                    compression_level);
1.138     markus    317:                                break;
                    318:                        }
1.186     markus    319:                        if (options.compression == COMP_NONE) {
1.138     markus    320:                                debug2("compression disabled");
1.1       markus    321:                                break;
                    322:                        }
                    323:                        /* Enable compression after we have responded with SUCCESS. */
                    324:                        enable_compression_after_reply = 1;
                    325:                        success = 1;
                    326:                        break;
                    327:
                    328:                case SSH_CMSG_REQUEST_PTY:
1.86      markus    329:                        success = session_pty_req(s);
1.1       markus    330:                        break;
                    331:
                    332:                case SSH_CMSG_X11_REQUEST_FORWARDING:
                    333:                        s->auth_proto = packet_get_string(&proto_len);
                    334:                        s->auth_data = packet_get_string(&data_len);
                    335:
1.57      markus    336:                        screen_flag = packet_get_protocol_flags() &
                    337:                            SSH_PROTOFLAG_SCREEN_NUMBER;
                    338:                        debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag);
                    339:
                    340:                        if (packet_remaining() == 4) {
                    341:                                if (!screen_flag)
                    342:                                        debug2("Buggy client: "
                    343:                                            "X11 screen flag missing");
1.1       markus    344:                                s->screen = packet_get_int();
1.56      markus    345:                        } else {
1.1       markus    346:                                s->screen = 0;
1.56      markus    347:                        }
1.116     markus    348:                        packet_check_eom();
1.81      markus    349:                        success = session_setup_x11fwd(s);
                    350:                        if (!success) {
1.265     djm       351:                                free(s->auth_proto);
                    352:                                free(s->auth_data);
1.84      markus    353:                                s->auth_proto = NULL;
                    354:                                s->auth_data = NULL;
1.1       markus    355:                        }
                    356:                        break;
                    357:
                    358:                case SSH_CMSG_AGENT_REQUEST_FORWARDING:
1.235     pyr       359:                        if (!options.allow_agent_forwarding ||
                    360:                            no_agent_forwarding_flag || compat13) {
1.1       markus    361:                                debug("Authentication agent forwarding not permitted for this authentication.");
                    362:                                break;
                    363:                        }
                    364:                        debug("Received authentication agent forwarding request.");
1.65      markus    365:                        success = auth_input_request_forwarding(s->pw);
1.1       markus    366:                        break;
                    367:
                    368:                case SSH_CMSG_PORT_FORWARD_REQUEST:
                    369:                        if (no_port_forwarding_flag) {
                    370:                                debug("Port forwarding not permitted for this authentication.");
1.39      markus    371:                                break;
                    372:                        }
1.261     djm       373:                        if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) {
1.39      markus    374:                                debug("Port forwarding not permitted.");
1.1       markus    375:                                break;
                    376:                        }
                    377:                        debug("Received TCP/IP port forwarding request.");
1.208     markus    378:                        if (channel_input_port_forward_request(s->pw->pw_uid == 0,
                    379:                            options.gateway_ports) < 0) {
                    380:                                debug("Port forwarding failed.");
                    381:                                break;
                    382:                        }
1.1       markus    383:                        success = 1;
                    384:                        break;
                    385:
                    386:                case SSH_CMSG_MAX_PACKET_SIZE:
                    387:                        if (packet_set_maxsize(packet_get_int()) > 0)
                    388:                                success = 1;
                    389:                        break;
                    390:
                    391:                case SSH_CMSG_EXEC_SHELL:
                    392:                case SSH_CMSG_EXEC_CMD:
                    393:                        if (type == SSH_CMSG_EXEC_CMD) {
                    394:                                command = packet_get_string(&dlen);
                    395:                                debug("Exec command '%.500s'", command);
1.237     djm       396:                                if (do_exec(s, command) != 0)
                    397:                                        packet_disconnect(
                    398:                                            "command execution failed");
1.265     djm       399:                                free(command);
1.1       markus    400:                        } else {
1.237     djm       401:                                if (do_exec(s, NULL) != 0)
                    402:                                        packet_disconnect(
                    403:                                            "shell execution failed");
1.1       markus    404:                        }
1.116     markus    405:                        packet_check_eom();
1.82      markus    406:                        session_close(s);
1.1       markus    407:                        return;
                    408:
                    409:                default:
                    410:                        /*
                    411:                         * Any unknown messages in this phase are ignored,
                    412:                         * and a failure message is returned.
                    413:                         */
1.155     itojun    414:                        logit("Unknown packet type received after authentication: %d", type);
1.1       markus    415:                }
                    416:                packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
                    417:                packet_send();
                    418:                packet_write_wait();
                    419:
                    420:                /* Enable compression now that we have replied if appropriate. */
                    421:                if (enable_compression_after_reply) {
                    422:                        enable_compression_after_reply = 0;
                    423:                        packet_start_compression(compression_level);
                    424:                }
                    425:        }
                    426: }
                    427:
1.269     dtucker   428: #define USE_PIPES 1
1.1       markus    429: /*
                    430:  * This is called to fork and execute a command when we have no tty.  This
                    431:  * will call do_child from the child, and server_loop from the parent after
                    432:  * setting up file descriptors and such.
                    433:  */
1.237     djm       434: int
1.63      markus    435: do_exec_no_pty(Session *s, const char *command)
1.1       markus    436: {
1.137     mpech     437:        pid_t pid;
1.238     markus    438: #ifdef USE_PIPES
                    439:        int pin[2], pout[2], perr[2];
                    440:
1.253     djm       441:        if (s == NULL)
                    442:                fatal("do_exec_no_pty: no session");
                    443:
1.238     markus    444:        /* Allocate pipes for communicating with the program. */
                    445:        if (pipe(pin) < 0) {
                    446:                error("%s: pipe in: %.100s", __func__, strerror(errno));
                    447:                return -1;
                    448:        }
                    449:        if (pipe(pout) < 0) {
                    450:                error("%s: pipe out: %.100s", __func__, strerror(errno));
                    451:                close(pin[0]);
                    452:                close(pin[1]);
                    453:                return -1;
                    454:        }
1.256     djm       455:        if (pipe(perr) < 0) {
                    456:                error("%s: pipe err: %.100s", __func__,
                    457:                    strerror(errno));
                    458:                close(pin[0]);
                    459:                close(pin[1]);
                    460:                close(pout[0]);
                    461:                close(pout[1]);
                    462:                return -1;
1.238     markus    463:        }
                    464: #else
1.237     djm       465:        int inout[2], err[2];
1.1       markus    466:
1.253     djm       467:        if (s == NULL)
                    468:                fatal("do_exec_no_pty: no session");
                    469:
1.1       markus    470:        /* Uses socket pairs to communicate with the program. */
1.237     djm       471:        if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
                    472:                error("%s: socketpair #1: %.100s", __func__, strerror(errno));
                    473:                return -1;
                    474:        }
1.256     djm       475:        if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
                    476:                error("%s: socketpair #2: %.100s", __func__,
                    477:                    strerror(errno));
                    478:                close(inout[0]);
                    479:                close(inout[1]);
                    480:                return -1;
1.237     djm       481:        }
1.238     markus    482: #endif
1.237     djm       483:
1.9       markus    484:        session_proctitle(s);
1.1       markus    485:
                    486:        /* Fork the child. */
1.237     djm       487:        switch ((pid = fork())) {
                    488:        case -1:
                    489:                error("%s: fork: %.100s", __func__, strerror(errno));
1.238     markus    490: #ifdef USE_PIPES
                    491:                close(pin[0]);
                    492:                close(pin[1]);
                    493:                close(pout[0]);
                    494:                close(pout[1]);
1.256     djm       495:                close(perr[0]);
1.238     markus    496:                close(perr[1]);
                    497: #else
1.237     djm       498:                close(inout[0]);
                    499:                close(inout[1]);
                    500:                close(err[0]);
1.256     djm       501:                close(err[1]);
1.238     markus    502: #endif
1.237     djm       503:                return -1;
                    504:        case 0:
1.165     markus    505:                is_child = 1;
1.144     markus    506:
1.1       markus    507:                /* Child.  Reinitialize the log since the pid has changed. */
1.237     djm       508:                log_init(__progname, options.log_level,
                    509:                    options.log_facility, log_stderr);
1.1       markus    510:
                    511:                /*
                    512:                 * Create a new session and process group since the 4.4BSD
                    513:                 * setlogin() affects the entire process group.
                    514:                 */
                    515:                if (setsid() < 0)
                    516:                        error("setsid failed: %.100s", strerror(errno));
                    517:
1.238     markus    518: #ifdef USE_PIPES
                    519:                /*
                    520:                 * Redirect stdin.  We close the parent side of the socket
                    521:                 * pair, and make the child side the standard input.
                    522:                 */
                    523:                close(pin[1]);
                    524:                if (dup2(pin[0], 0) < 0)
                    525:                        perror("dup2 stdin");
                    526:                close(pin[0]);
                    527:
                    528:                /* Redirect stdout. */
                    529:                close(pout[0]);
                    530:                if (dup2(pout[1], 1) < 0)
                    531:                        perror("dup2 stdout");
                    532:                close(pout[1]);
                    533:
                    534:                /* Redirect stderr. */
1.256     djm       535:                close(perr[0]);
1.238     markus    536:                if (dup2(perr[1], 2) < 0)
                    537:                        perror("dup2 stderr");
                    538:                close(perr[1]);
                    539: #else
1.1       markus    540:                /*
                    541:                 * Redirect stdin, stdout, and stderr.  Stdin and stdout will
                    542:                 * use the same socket, as some programs (particularly rdist)
                    543:                 * seem to depend on it.
                    544:                 */
                    545:                close(inout[1]);
1.256     djm       546:                close(err[1]);
1.1       markus    547:                if (dup2(inout[0], 0) < 0)      /* stdin */
                    548:                        perror("dup2 stdin");
1.237     djm       549:                if (dup2(inout[0], 1) < 0)      /* stdout (same as stdin) */
1.1       markus    550:                        perror("dup2 stdout");
1.238     markus    551:                close(inout[0]);
1.1       markus    552:                if (dup2(err[0], 2) < 0)        /* stderr */
                    553:                        perror("dup2 stderr");
1.238     markus    554:                close(err[0]);
                    555: #endif
1.1       markus    556:
                    557:                /* Do processing for the child (exec command etc). */
1.60      markus    558:                do_child(s, command);
1.1       markus    559:                /* NOTREACHED */
1.237     djm       560:        default:
                    561:                break;
1.1       markus    562:        }
1.237     djm       563:
1.1       markus    564:        s->pid = pid;
1.47      markus    565:        /* Set interactive/non-interactive mode. */
1.257     djm       566:        packet_set_interactive(s->display != NULL,
                    567:            options.ip_qos_interactive, options.ip_qos_bulk);
1.1       markus    568:
1.238     markus    569: #ifdef USE_PIPES
                    570:        /* We are the parent.  Close the child sides of the pipes. */
                    571:        close(pin[0]);
                    572:        close(pout[1]);
                    573:        close(perr[1]);
                    574:
                    575:        if (compat20) {
1.256     djm       576:                session_set_fds(s, pin[1], pout[0], perr[0],
                    577:                    s->is_subsystem, 0);
1.238     markus    578:        } else {
                    579:                /* Enter the interactive session. */
                    580:                server_loop(pid, pin[1], pout[0], perr[0]);
                    581:                /* server_loop has closed pin[1], pout[0], and perr[0]. */
                    582:        }
                    583: #else
1.1       markus    584:        /* We are the parent.  Close the child sides of the socket pairs. */
                    585:        close(inout[0]);
                    586:        close(err[0]);
                    587:
                    588:        /*
                    589:         * Enter the interactive session.  Note: server_loop must be able to
                    590:         * handle the case that fdin and fdout are the same.
                    591:         */
1.2       markus    592:        if (compat20) {
1.256     djm       593:                session_set_fds(s, inout[1], inout[1], err[1],
                    594:                    s->is_subsystem, 0);
1.2       markus    595:        } else {
                    596:                server_loop(pid, inout[1], inout[1], err[1]);
                    597:                /* server_loop has closed inout[1] and err[1]. */
                    598:        }
1.238     markus    599: #endif
1.237     djm       600:        return 0;
1.1       markus    601: }
                    602:
                    603: /*
                    604:  * This is called to fork and execute a command when we have a tty.  This
                    605:  * will call do_child from the child, and server_loop from the parent after
                    606:  * setting up file descriptors, controlling tty, updating wtmp, utmp,
                    607:  * lastlog, and other such operations.
                    608:  */
1.237     djm       609: int
1.63      markus    610: do_exec_pty(Session *s, const char *command)
1.1       markus    611: {
                    612:        int fdout, ptyfd, ttyfd, ptymaster;
                    613:        pid_t pid;
                    614:
                    615:        if (s == NULL)
                    616:                fatal("do_exec_pty: no session");
                    617:        ptyfd = s->ptyfd;
                    618:        ttyfd = s->ttyfd;
                    619:
1.237     djm       620:        /*
                    621:         * Create another descriptor of the pty master side for use as the
                    622:         * standard input.  We could use the original descriptor, but this
                    623:         * simplifies code in server_loop.  The descriptor is bidirectional.
                    624:         * Do this before forking (and cleanup in the child) so as to
                    625:         * detect and gracefully fail out-of-fd conditions.
                    626:         */
                    627:        if ((fdout = dup(ptyfd)) < 0) {
                    628:                error("%s: dup #1: %s", __func__, strerror(errno));
                    629:                close(ttyfd);
                    630:                close(ptyfd);
                    631:                return -1;
                    632:        }
                    633:        /* we keep a reference to the pty master */
                    634:        if ((ptymaster = dup(ptyfd)) < 0) {
                    635:                error("%s: dup #2: %s", __func__, strerror(errno));
                    636:                close(ttyfd);
                    637:                close(ptyfd);
                    638:                close(fdout);
                    639:                return -1;
                    640:        }
                    641:
1.1       markus    642:        /* Fork the child. */
1.237     djm       643:        switch ((pid = fork())) {
                    644:        case -1:
                    645:                error("%s: fork: %.100s", __func__, strerror(errno));
                    646:                close(fdout);
                    647:                close(ptymaster);
                    648:                close(ttyfd);
                    649:                close(ptyfd);
                    650:                return -1;
                    651:        case 0:
1.165     markus    652:                is_child = 1;
1.97      markus    653:
1.237     djm       654:                close(fdout);
                    655:                close(ptymaster);
                    656:
1.24      markus    657:                /* Child.  Reinitialize the log because the pid has changed. */
1.237     djm       658:                log_init(__progname, options.log_level,
                    659:                    options.log_facility, log_stderr);
1.1       markus    660:                /* Close the master side of the pseudo tty. */
                    661:                close(ptyfd);
                    662:
                    663:                /* Make the pseudo tty our controlling tty. */
                    664:                pty_make_controlling_tty(&ttyfd, s->tty);
                    665:
1.103     markus    666:                /* Redirect stdin/stdout/stderr from the pseudo tty. */
                    667:                if (dup2(ttyfd, 0) < 0)
                    668:                        error("dup2 stdin: %s", strerror(errno));
                    669:                if (dup2(ttyfd, 1) < 0)
                    670:                        error("dup2 stdout: %s", strerror(errno));
                    671:                if (dup2(ttyfd, 2) < 0)
                    672:                        error("dup2 stderr: %s", strerror(errno));
1.1       markus    673:
                    674:                /* Close the extra descriptor for the pseudo tty. */
                    675:                close(ttyfd);
                    676:
1.24      markus    677:                /* record login, etc. similar to login(1) */
1.41      markus    678:                if (!(options.use_login && command == NULL))
                    679:                        do_login(s, command);
1.228     djm       680:
1.237     djm       681:                /*
                    682:                 * Do common processing for the child, such as execing
                    683:                 * the command.
                    684:                 */
1.60      markus    685:                do_child(s, command);
1.1       markus    686:                /* NOTREACHED */
1.237     djm       687:        default:
                    688:                break;
1.1       markus    689:        }
                    690:        s->pid = pid;
                    691:
                    692:        /* Parent.  Close the slave side of the pseudo tty. */
                    693:        close(ttyfd);
                    694:
1.237     djm       695:        /* Enter interactive session. */
1.1       markus    696:        s->ptymaster = ptymaster;
1.257     djm       697:        packet_set_interactive(1,
                    698:            options.ip_qos_interactive, options.ip_qos_bulk);
1.2       markus    699:        if (compat20) {
1.256     djm       700:                session_set_fds(s, ptyfd, fdout, -1, 1, 1);
1.2       markus    701:        } else {
                    702:                server_loop(pid, ptyfd, fdout, -1);
                    703:                /* server_loop _has_ closed ptyfd and fdout. */
1.24      markus    704:        }
1.237     djm       705:        return 0;
1.24      markus    706: }
                    707:
1.90      markus    708: /*
                    709:  * This is called to fork and execute a command.  If another command is
                    710:  * to be forced, execute that instead.
                    711:  */
1.237     djm       712: int
1.90      markus    713: do_exec(Session *s, const char *command)
                    714: {
1.237     djm       715:        int ret;
1.267     djm       716:        const char *forced = NULL;
                    717:        char session_type[1024], *tty = NULL;
1.237     djm       718:
1.210     dtucker   719:        if (options.adm_forced_command) {
                    720:                original_command = command;
                    721:                command = options.adm_forced_command;
1.267     djm       722:                forced = "(config)";
1.210     dtucker   723:        } else if (forced_command) {
1.90      markus    724:                original_command = command;
                    725:                command = forced_command;
1.267     djm       726:                forced = "(key-option)";
                    727:        }
                    728:        if (forced != NULL) {
1.248     djm       729:                if (IS_INTERNAL_SFTP(command)) {
                    730:                        s->is_subsystem = s->is_subsystem ?
                    731:                            SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
                    732:                } else if (s->is_subsystem)
1.225     markus    733:                        s->is_subsystem = SUBSYSTEM_EXT;
1.267     djm       734:                snprintf(session_type, sizeof(session_type),
                    735:                    "forced-command %s '%.900s'", forced, command);
                    736:        } else if (s->is_subsystem) {
                    737:                snprintf(session_type, sizeof(session_type),
                    738:                    "subsystem '%.900s'", s->subsys);
                    739:        } else if (command == NULL) {
                    740:                snprintf(session_type, sizeof(session_type), "shell");
                    741:        } else {
                    742:                /* NB. we don't log unforced commands to preserve privacy */
                    743:                snprintf(session_type, sizeof(session_type), "command");
1.90      markus    744:        }
1.163     markus    745:
1.267     djm       746:        if (s->ttyfd != -1) {
                    747:                tty = s->tty;
                    748:                if (strncmp(tty, "/dev/", 5) == 0)
                    749:                        tty += 5;
                    750:        }
                    751:
                    752:        verbose("Starting session: %s%s%s for %s from %.200s port %d",
                    753:            session_type,
                    754:            tty == NULL ? "" : " on ",
                    755:            tty == NULL ? "" : tty,
                    756:            s->pw->pw_name,
                    757:            get_remote_ipaddr(),
                    758:            get_remote_port());
                    759:
1.163     markus    760: #ifdef GSSAPI
                    761:        if (options.gss_authentication) {
                    762:                temporarily_use_uid(s->pw);
                    763:                ssh_gssapi_storecreds();
                    764:                restore_uid();
                    765:        }
                    766: #endif
1.90      markus    767:        if (s->ttyfd != -1)
1.237     djm       768:                ret = do_exec_pty(s, command);
1.90      markus    769:        else
1.237     djm       770:                ret = do_exec_no_pty(s, command);
1.90      markus    771:
1.92      markus    772:        original_command = NULL;
1.179     dtucker   773:
                    774:        /*
                    775:         * Clear loginmsg: it's the child's responsibility to display
                    776:         * it to the user, otherwise multiple sessions may accumulate
                    777:         * multiple copies of the login messages.
                    778:         */
                    779:        buffer_clear(&loginmsg);
1.237     djm       780:
                    781:        return ret;
1.90      markus    782: }
                    783:
                    784:
1.24      markus    785: /* administrative, login(1)-like work */
                    786: void
1.41      markus    787: do_login(Session *s, const char *command)
1.24      markus    788: {
                    789:        socklen_t fromlen;
                    790:        struct sockaddr_storage from;
                    791:        struct passwd * pw = s->pw;
                    792:        pid_t pid = getpid();
                    793:
                    794:        /*
                    795:         * Get IP address of client. If the connection is not a socket, let
                    796:         * the address be 0.0.0.0.
                    797:         */
                    798:        memset(&from, 0, sizeof(from));
1.148     stevesk   799:        fromlen = sizeof(from);
1.24      markus    800:        if (packet_connection_is_on_socket()) {
                    801:                if (getpeername(packet_get_connection_in(),
1.200     deraadt   802:                    (struct sockaddr *)&from, &fromlen) < 0) {
1.24      markus    803:                        debug("getpeername: %.100s", strerror(errno));
1.165     markus    804:                        cleanup_exit(255);
1.24      markus    805:                }
                    806:        }
1.25      markus    807:
1.24      markus    808:        /* Record that there was a login on that tty from the remote host. */
1.133     markus    809:        if (!use_privsep)
                    810:                record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
                    811:                    get_remote_name_or_ip(utmp_len,
1.158     markus    812:                    options.use_dns),
1.148     stevesk   813:                    (struct sockaddr *)&from, fromlen);
1.24      markus    814:
1.73      djm       815:        if (check_quietlogin(s, command))
1.24      markus    816:                return;
1.73      djm       817:
1.179     dtucker   818:        display_loginmsg();
1.73      djm       819:
                    820:        do_motd();
                    821: }
                    822:
                    823: /*
                    824:  * Display the message of the day.
                    825:  */
                    826: void
                    827: do_motd(void)
                    828: {
                    829:        FILE *f;
                    830:        char buf[256];
                    831:
1.24      markus    832:        if (options.print_motd) {
1.28      millert   833:                f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
                    834:                    "/etc/motd"), "r");
1.24      markus    835:                if (f) {
                    836:                        while (fgets(buf, sizeof(buf), f))
                    837:                                fputs(buf, stdout);
                    838:                        fclose(f);
                    839:                }
1.2       markus    840:        }
1.73      djm       841: }
                    842:
                    843:
                    844: /*
                    845:  * Check for quiet login, either .hushlogin or command given.
                    846:  */
                    847: int
                    848: check_quietlogin(Session *s, const char *command)
                    849: {
                    850:        char buf[256];
1.96      dugsong   851:        struct passwd *pw = s->pw;
1.73      djm       852:        struct stat st;
                    853:
                    854:        /* Return 1 if .hushlogin exists or a command given. */
                    855:        if (command != NULL)
                    856:                return 1;
                    857:        snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
                    858:        if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
                    859:                return 1;
                    860:        return 0;
1.1       markus    861: }
                    862:
                    863: /*
                    864:  * Sets the value of the given variable in the environment.  If the variable
1.244     tobias    865:  * already exists, its value is overridden.
1.1       markus    866:  */
1.161     markus    867: void
1.45      markus    868: child_set_env(char ***envp, u_int *envsizep, const char *name,
1.112     deraadt   869:        const char *value)
1.1       markus    870: {
1.164     markus    871:        char **env;
                    872:        u_int envsize;
1.45      markus    873:        u_int i, namelen;
1.1       markus    874:
1.271     djm       875:        if (strchr(name, '=') != NULL) {
                    876:                error("Invalid environment variable \"%.100s\"", name);
                    877:                return;
                    878:        }
                    879:
1.1       markus    880:        /*
                    881:         * Find the slot where the value should be stored.  If the variable
                    882:         * already exists, we reuse the slot; otherwise we append a new slot
                    883:         * at the end of the array, expanding if necessary.
                    884:         */
                    885:        env = *envp;
                    886:        namelen = strlen(name);
                    887:        for (i = 0; env[i]; i++)
                    888:                if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=')
                    889:                        break;
                    890:        if (env[i]) {
                    891:                /* Reuse the slot. */
1.265     djm       892:                free(env[i]);
1.1       markus    893:        } else {
                    894:                /* New variable.  Expand if necessary. */
1.164     markus    895:                envsize = *envsizep;
                    896:                if (i >= envsize - 1) {
                    897:                        if (envsize >= 1000)
                    898:                                fatal("child_set_env: too many env vars");
                    899:                        envsize += 50;
1.201     djm       900:                        env = (*envp) = xrealloc(env, envsize, sizeof(char *));
1.164     markus    901:                        *envsizep = envsize;
1.1       markus    902:                }
                    903:                /* Need to set the NULL pointer at end of array beyond the new slot. */
                    904:                env[i + 1] = NULL;
                    905:        }
                    906:
                    907:        /* Allocate space and format the variable in the appropriate slot. */
                    908:        env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
                    909:        snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
                    910: }
                    911:
                    912: /*
                    913:  * Reads environment variables from the given file and adds/overrides them
                    914:  * into the environment.  If the file does not exist, this does nothing.
                    915:  * Otherwise, it must consist of empty lines, comments (line starts with '#')
                    916:  * and assignments of the form name=value.  No other forms are allowed.
                    917:  */
1.94      itojun    918: static void
1.45      markus    919: read_environment_file(char ***env, u_int *envsize,
1.112     deraadt   920:        const char *filename)
1.1       markus    921: {
                    922:        FILE *f;
                    923:        char buf[4096];
                    924:        char *cp, *value;
1.142     deraadt   925:        u_int lineno = 0;
1.1       markus    926:
                    927:        f = fopen(filename, "r");
                    928:        if (!f)
                    929:                return;
                    930:
                    931:        while (fgets(buf, sizeof(buf), f)) {
1.142     deraadt   932:                if (++lineno > 1000)
                    933:                        fatal("Too many lines in environment file %s", filename);
1.1       markus    934:                for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
                    935:                        ;
                    936:                if (!*cp || *cp == '#' || *cp == '\n')
                    937:                        continue;
1.224     gilles    938:
                    939:                cp[strcspn(cp, "\n")] = '\0';
                    940:
1.1       markus    941:                value = strchr(cp, '=');
                    942:                if (value == NULL) {
1.142     deraadt   943:                        fprintf(stderr, "Bad line %u in %.100s\n", lineno,
                    944:                            filename);
1.1       markus    945:                        continue;
                    946:                }
1.14      deraadt   947:                /*
                    948:                 * Replace the equals sign by nul, and advance value to
                    949:                 * the value string.
                    950:                 */
1.1       markus    951:                *value = '\0';
                    952:                value++;
                    953:                child_set_env(env, envsize, cp, value);
                    954:        }
                    955:        fclose(f);
                    956: }
                    957:
1.127     markus    958: static char **
                    959: do_setup_env(Session *s, const char *shell)
1.1       markus    960: {
                    961:        char buf[256];
1.127     markus    962:        u_int i, envsize;
1.154     markus    963:        char **env, *laddr;
1.127     markus    964:        struct passwd *pw = s->pw;
1.1       markus    965:
                    966:        /* Initialize the environment. */
                    967:        envsize = 100;
1.220     djm       968:        env = xcalloc(envsize, sizeof(char *));
1.1       markus    969:        env[0] = NULL;
                    970:
1.161     markus    971: #ifdef GSSAPI
1.168     djm       972:        /* Allow any GSSAPI methods that we've used to alter
1.161     markus    973:         * the childs environment as they see fit
                    974:         */
                    975:        ssh_gssapi_do_child(&env, &envsize);
                    976: #endif
                    977:
1.1       markus    978:        if (!options.use_login) {
                    979:                /* Set basic environment. */
1.173     djm       980:                for (i = 0; i < s->num_env; i++)
1.178     deraadt   981:                        child_set_env(&env, &envsize, s->env[i].name,
1.173     djm       982:                            s->env[i].val);
                    983:
1.1       markus    984:                child_set_env(&env, &envsize, "USER", pw->pw_name);
                    985:                child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
                    986:                child_set_env(&env, &envsize, "HOME", pw->pw_dir);
1.145     markus    987:                if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
                    988:                        child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
                    989:                else
                    990:                        child_set_env(&env, &envsize, "PATH", getenv("PATH"));
1.1       markus    991:
                    992:                snprintf(buf, sizeof buf, "%.200s/%.50s",
                    993:                         _PATH_MAILDIR, pw->pw_name);
                    994:                child_set_env(&env, &envsize, "MAIL", buf);
                    995:
                    996:                /* Normal systems set SHELL by default. */
                    997:                child_set_env(&env, &envsize, "SHELL", shell);
                    998:        }
                    999:        if (getenv("TZ"))
                   1000:                child_set_env(&env, &envsize, "TZ", getenv("TZ"));
                   1001:
                   1002:        /* Set custom environment options from RSA authentication. */
1.110     markus   1003:        if (!options.use_login) {
                   1004:                while (custom_environment) {
                   1005:                        struct envstring *ce = custom_environment;
1.143     deraadt  1006:                        char *str = ce->s;
1.127     markus   1007:
1.143     deraadt  1008:                        for (i = 0; str[i] != '=' && str[i]; i++)
1.110     markus   1009:                                ;
1.143     deraadt  1010:                        if (str[i] == '=') {
                   1011:                                str[i] = 0;
                   1012:                                child_set_env(&env, &envsize, str, str + i + 1);
1.110     markus   1013:                        }
                   1014:                        custom_environment = ce->next;
1.265     djm      1015:                        free(ce->s);
                   1016:                        free(ce);
1.1       markus   1017:                }
                   1018:        }
                   1019:
1.149     stevesk  1020:        /* SSH_CLIENT deprecated */
1.1       markus   1021:        snprintf(buf, sizeof buf, "%.50s %d %d",
1.127     markus   1022:            get_remote_ipaddr(), get_remote_port(), get_local_port());
1.1       markus   1023:        child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1.149     stevesk  1024:
1.154     markus   1025:        laddr = get_local_ipaddr(packet_get_connection_in());
1.149     stevesk  1026:        snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1.154     markus   1027:            get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
1.265     djm      1028:        free(laddr);
1.149     stevesk  1029:        child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1.1       markus   1030:
1.60      markus   1031:        if (s->ttyfd != -1)
                   1032:                child_set_env(&env, &envsize, "SSH_TTY", s->tty);
                   1033:        if (s->term)
                   1034:                child_set_env(&env, &envsize, "TERM", s->term);
                   1035:        if (s->display)
                   1036:                child_set_env(&env, &envsize, "DISPLAY", s->display);
1.34      markus   1037:        if (original_command)
                   1038:                child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
                   1039:                    original_command);
1.96      dugsong  1040: #ifdef KRB5
                   1041:        if (s->authctxt->krb5_ticket_file)
                   1042:                child_set_env(&env, &envsize, "KRB5CCNAME",
1.112     deraadt  1043:                    s->authctxt->krb5_ticket_file);
1.96      dugsong  1044: #endif
1.136     markus   1045:        if (auth_sock_name != NULL)
1.1       markus   1046:                child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
1.136     markus   1047:                    auth_sock_name);
1.1       markus   1048:
                   1049:        /* read $HOME/.ssh/environment. */
1.146     markus   1050:        if (options.permit_user_env && !options.use_login) {
1.14      deraadt  1051:                snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
                   1052:                    pw->pw_dir);
1.1       markus   1053:                read_environment_file(&env, &envsize, buf);
                   1054:        }
                   1055:        if (debug_flag) {
                   1056:                /* dump the environment */
                   1057:                fprintf(stderr, "Environment:\n");
                   1058:                for (i = 0; env[i]; i++)
                   1059:                        fprintf(stderr, "  %.200s\n", env[i]);
                   1060:        }
1.127     markus   1061:        return env;
                   1062: }
                   1063:
                   1064: /*
                   1065:  * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
                   1066:  * first in this order).
                   1067:  */
                   1068: static void
                   1069: do_rc_files(Session *s, const char *shell)
                   1070: {
                   1071:        FILE *f = NULL;
                   1072:        char cmd[1024];
                   1073:        int do_xauth;
                   1074:        struct stat st;
                   1075:
                   1076:        do_xauth =
                   1077:            s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
                   1078:
1.231     djm      1079:        /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
1.232     djm      1080:        if (!s->is_subsystem && options.adm_forced_command == NULL &&
1.273   ! djm      1081:            !no_user_rc && options.permit_user_rc &&
        !          1082:            stat(_PATH_SSH_USER_RC, &st) >= 0) {
1.127     markus   1083:                snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
                   1084:                    shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
                   1085:                if (debug_flag)
                   1086:                        fprintf(stderr, "Running %s\n", cmd);
                   1087:                f = popen(cmd, "w");
                   1088:                if (f) {
                   1089:                        if (do_xauth)
                   1090:                                fprintf(f, "%s %s\n", s->auth_proto,
                   1091:                                    s->auth_data);
                   1092:                        pclose(f);
                   1093:                } else
                   1094:                        fprintf(stderr, "Could not run %s\n",
                   1095:                            _PATH_SSH_USER_RC);
                   1096:        } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
                   1097:                if (debug_flag)
                   1098:                        fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
                   1099:                            _PATH_SSH_SYSTEM_RC);
                   1100:                f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
                   1101:                if (f) {
                   1102:                        if (do_xauth)
                   1103:                                fprintf(f, "%s %s\n", s->auth_proto,
                   1104:                                    s->auth_data);
                   1105:                        pclose(f);
                   1106:                } else
                   1107:                        fprintf(stderr, "Could not run %s\n",
                   1108:                            _PATH_SSH_SYSTEM_RC);
                   1109:        } else if (do_xauth && options.xauth_location != NULL) {
                   1110:                /* Add authority data to .Xauthority if appropriate. */
                   1111:                if (debug_flag) {
                   1112:                        fprintf(stderr,
1.151     stevesk  1113:                            "Running %.500s remove %.100s\n",
1.165     markus   1114:                            options.xauth_location, s->auth_display);
1.151     stevesk  1115:                        fprintf(stderr,
                   1116:                            "%.500s add %.100s %.100s %.100s\n",
1.127     markus   1117:                            options.xauth_location, s->auth_display,
                   1118:                            s->auth_proto, s->auth_data);
                   1119:                }
                   1120:                snprintf(cmd, sizeof cmd, "%s -q -",
                   1121:                    options.xauth_location);
                   1122:                f = popen(cmd, "w");
                   1123:                if (f) {
1.151     stevesk  1124:                        fprintf(f, "remove %s\n",
                   1125:                            s->auth_display);
1.127     markus   1126:                        fprintf(f, "add %s %s %s\n",
                   1127:                            s->auth_display, s->auth_proto,
                   1128:                            s->auth_data);
                   1129:                        pclose(f);
                   1130:                } else {
                   1131:                        fprintf(stderr, "Could not run %s\n",
                   1132:                            cmd);
                   1133:                }
                   1134:        }
                   1135: }
                   1136:
                   1137: static void
                   1138: do_nologin(struct passwd *pw)
                   1139: {
                   1140:        FILE *f = NULL;
1.251     dtucker  1141:        char buf[1024], *nl, *def_nl = _PATH_NOLOGIN;
                   1142:        struct stat sb;
1.127     markus   1143:
1.260     guenther 1144:        if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
1.251     dtucker  1145:                return;
                   1146:        nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
                   1147:
                   1148:        if (stat(nl, &sb) == -1) {
                   1149:                if (nl != def_nl)
1.265     djm      1150:                        free(nl);
1.251     dtucker  1151:                return;
                   1152:        }
                   1153:
                   1154:        /* /etc/nologin exists.  Print its contents if we can and exit. */
                   1155:        logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
                   1156:        if ((f = fopen(nl, "r")) != NULL) {
1.127     markus   1157:                while (fgets(buf, sizeof(buf), f))
                   1158:                        fputs(buf, stderr);
                   1159:                fclose(f);
                   1160:        }
1.251     dtucker  1161:        exit(254);
1.127     markus   1162: }
                   1163:
1.226     djm      1164: /*
                   1165:  * Chroot into a directory after checking it for safety: all path components
                   1166:  * must be root-owned directories with strict permissions.
                   1167:  */
                   1168: static void
                   1169: safely_chroot(const char *path, uid_t uid)
                   1170: {
                   1171:        const char *cp;
                   1172:        char component[MAXPATHLEN];
                   1173:        struct stat st;
                   1174:
                   1175:        if (*path != '/')
                   1176:                fatal("chroot path does not begin at root");
                   1177:        if (strlen(path) >= sizeof(component))
                   1178:                fatal("chroot path too long");
                   1179:
                   1180:        /*
                   1181:         * Descend the path, checking that each component is a
                   1182:         * root-owned directory with strict permissions.
                   1183:         */
                   1184:        for (cp = path; cp != NULL;) {
                   1185:                if ((cp = strchr(cp, '/')) == NULL)
                   1186:                        strlcpy(component, path, sizeof(component));
                   1187:                else {
                   1188:                        cp++;
                   1189:                        memcpy(component, path, cp - path);
                   1190:                        component[cp - path] = '\0';
                   1191:                }
                   1192:
                   1193:                debug3("%s: checking '%s'", __func__, component);
                   1194:
                   1195:                if (stat(component, &st) != 0)
                   1196:                        fatal("%s: stat(\"%s\"): %s", __func__,
                   1197:                            component, strerror(errno));
                   1198:                if (st.st_uid != 0 || (st.st_mode & 022) != 0)
                   1199:                        fatal("bad ownership or modes for chroot "
                   1200:                            "directory %s\"%s\"",
                   1201:                            cp == NULL ? "" : "component ", component);
                   1202:                if (!S_ISDIR(st.st_mode))
                   1203:                        fatal("chroot path %s\"%s\" is not a directory",
                   1204:                            cp == NULL ? "" : "component ", component);
                   1205:
                   1206:        }
                   1207:
                   1208:        if (chdir(path) == -1)
                   1209:                fatal("Unable to chdir to chroot path \"%s\": "
                   1210:                    "%s", path, strerror(errno));
                   1211:        if (chroot(path) == -1)
                   1212:                fatal("chroot(\"%s\"): %s", path, strerror(errno));
                   1213:        if (chdir("/") == -1)
                   1214:                fatal("%s: chdir(/) after chroot: %s",
                   1215:                    __func__, strerror(errno));
                   1216:        verbose("Changed root directory to \"%s\"", path);
                   1217: }
                   1218:
1.127     markus   1219: /* Set login name, uid, gid, and groups. */
1.130     provos   1220: void
1.127     markus   1221: do_setusercontext(struct passwd *pw)
                   1222: {
1.227     djm      1223:        char *chroot_path, *tmp;
                   1224:
1.127     markus   1225:        if (getuid() == 0 || geteuid() == 0) {
1.226     djm      1226:                /* Prepare groups */
1.127     markus   1227:                if (setusercontext(lc, pw, pw->pw_uid,
1.226     djm      1228:                    (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
1.127     markus   1229:                        perror("unable to set user context");
                   1230:                        exit(1);
                   1231:                }
1.226     djm      1232:
                   1233:                if (options.chroot_directory != NULL &&
                   1234:                    strcasecmp(options.chroot_directory, "none") != 0) {
1.227     djm      1235:                         tmp = tilde_expand_filename(options.chroot_directory,
                   1236:                            pw->pw_uid);
                   1237:                        chroot_path = percent_expand(tmp, "h", pw->pw_dir,
                   1238:                            "u", pw->pw_name, (char *)NULL);
1.226     djm      1239:                        safely_chroot(chroot_path, pw->pw_uid);
1.227     djm      1240:                        free(tmp);
1.226     djm      1241:                        free(chroot_path);
1.264     djm      1242:                        /* Make sure we don't attempt to chroot again */
                   1243:                        free(options.chroot_directory);
                   1244:                        options.chroot_directory = NULL;
1.226     djm      1245:                }
                   1246:
                   1247:                /* Set UID */
                   1248:                if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
                   1249:                        perror("unable to set user context (setuser)");
                   1250:                        exit(1);
                   1251:                }
1.264     djm      1252:        } else if (options.chroot_directory != NULL &&
                   1253:            strcasecmp(options.chroot_directory, "none") != 0) {
                   1254:                fatal("server lacks privileges to chroot to ChrootDirectory");
1.263     dtucker  1255:        }
1.264     djm      1256:
1.127     markus   1257:        if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
                   1258:                fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
                   1259: }
                   1260:
1.131     markus   1261: static void
1.172     markus   1262: do_pwchange(Session *s)
                   1263: {
1.179     dtucker  1264:        fflush(NULL);
1.172     markus   1265:        fprintf(stderr, "WARNING: Your password has expired.\n");
                   1266:        if (s->ttyfd != -1) {
1.178     deraadt  1267:                fprintf(stderr,
1.172     markus   1268:                    "You must change your password now and login again!\n");
                   1269:                execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
                   1270:                perror("passwd");
                   1271:        } else {
                   1272:                fprintf(stderr,
                   1273:                    "Password change required but no TTY available.\n");
                   1274:        }
                   1275:        exit(1);
                   1276: }
                   1277:
                   1278: static void
1.130     provos   1279: launch_login(struct passwd *pw, const char *hostname)
                   1280: {
                   1281:        /* Launch login(1). */
                   1282:
                   1283:        execl("/usr/bin/login", "login", "-h", hostname,
                   1284:            "-p", "-f", "--", pw->pw_name, (char *)NULL);
                   1285:
                   1286:        /* Login couldn't be executed, die. */
                   1287:
                   1288:        perror("login");
                   1289:        exit(1);
                   1290: }
                   1291:
1.172     markus   1292: static void
                   1293: child_close_fds(void)
                   1294: {
1.266     markus   1295:        extern AuthenticationConnection *auth_conn;
                   1296:
                   1297:        if (auth_conn) {
                   1298:                ssh_close_authentication_connection(auth_conn);
                   1299:                auth_conn = NULL;
                   1300:        }
                   1301:
1.172     markus   1302:        if (packet_get_connection_in() == packet_get_connection_out())
                   1303:                close(packet_get_connection_in());
                   1304:        else {
                   1305:                close(packet_get_connection_in());
                   1306:                close(packet_get_connection_out());
                   1307:        }
                   1308:        /*
                   1309:         * Close all descriptors related to channels.  They will still remain
                   1310:         * open in the parent.
                   1311:         */
                   1312:        /* XXX better use close-on-exec? -markus */
                   1313:        channel_close_all();
                   1314:
                   1315:        /*
                   1316:         * Close any extra file descriptors.  Note that there may still be
                   1317:         * descriptors left by system functions.  They will be closed later.
                   1318:         */
                   1319:        endpwent();
                   1320:
                   1321:        /*
1.188     djm      1322:         * Close any extra open file descriptors so that we don't have them
1.172     markus   1323:         * hanging around in clients.  Note that we want to do this after
                   1324:         * initgroups, because at least on Solaris 2.3 it leaves file
                   1325:         * descriptors open.
                   1326:         */
1.258     djm      1327:        closefrom(STDERR_FILENO + 1);
1.172     markus   1328: }
                   1329:
1.127     markus   1330: /*
                   1331:  * Performs common processing for the child, such as setting up the
                   1332:  * environment, closing extra file descriptors, setting the user and group
                   1333:  * ids, and executing the command or shell.
                   1334:  */
1.225     markus   1335: #define ARGV_MAX 10
1.127     markus   1336: void
                   1337: do_child(Session *s, const char *command)
                   1338: {
                   1339:        extern char **environ;
                   1340:        char **env;
1.225     markus   1341:        char *argv[ARGV_MAX];
1.127     markus   1342:        const char *shell, *shell0, *hostname = NULL;
                   1343:        struct passwd *pw = s->pw;
1.239     djm      1344:        int r = 0;
1.127     markus   1345:
                   1346:        /* remove hostkey from the child's memory */
                   1347:        destroy_sensitive_data();
                   1348:
1.172     markus   1349:        /* Force a password change */
                   1350:        if (s->authctxt->force_pwchange) {
                   1351:                do_setusercontext(pw);
                   1352:                child_close_fds();
                   1353:                do_pwchange(s);
                   1354:                exit(1);
                   1355:        }
                   1356:
1.127     markus   1357:        /* login(1) is only called if we execute the login shell */
                   1358:        if (options.use_login && command != NULL)
                   1359:                options.use_login = 0;
                   1360:
                   1361:        /*
                   1362:         * Login(1) does this as well, and it needs uid 0 for the "-h"
                   1363:         * switch, so we let login(1) to this for us.
                   1364:         */
                   1365:        if (!options.use_login) {
                   1366:                do_nologin(pw);
                   1367:                do_setusercontext(pw);
                   1368:        }
                   1369:
                   1370:        /*
                   1371:         * Get the shell from the password data.  An empty shell field is
                   1372:         * legal, and means /bin/sh.
                   1373:         */
                   1374:        shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
1.152     markus   1375:
                   1376:        /*
                   1377:         * Make sure $SHELL points to the shell from the password file,
                   1378:         * even if shell is overridden from login.conf
                   1379:         */
                   1380:        env = do_setup_env(s, shell);
                   1381:
1.127     markus   1382:        shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
                   1383:
1.26      millert  1384:        /* we have to stash the hostname before we close our socket. */
                   1385:        if (options.use_login)
1.70      stevesk  1386:                hostname = get_remote_name_or_ip(utmp_len,
1.158     markus   1387:                    options.use_dns);
1.1       markus   1388:        /*
                   1389:         * Close the connection descriptors; note that this is the child, and
                   1390:         * the server will still have the socket open, and it is important
                   1391:         * that we do not shutdown it.  Note that the descriptors cannot be
                   1392:         * closed before building the environment, as we call
                   1393:         * get_remote_ipaddr there.
                   1394:         */
1.172     markus   1395:        child_close_fds();
1.1       markus   1396:
                   1397:        /*
1.125     deraadt  1398:         * Must take new environment into use so that .ssh/rc,
                   1399:         * /etc/ssh/sshrc and xauth are run in the proper environment.
1.1       markus   1400:         */
                   1401:        environ = env;
1.170     jakob    1402:
                   1403: #ifdef KRB5
                   1404:        /*
                   1405:         * At this point, we check to see if AFS is active and if we have
                   1406:         * a valid Kerberos 5 TGT. If so, it seems like a good idea to see
                   1407:         * if we can (and need to) extend the ticket into an AFS token. If
                   1408:         * we don't do this, we run into potential problems if the user's
                   1409:         * home directory is in AFS and it's not world-readable.
                   1410:         */
                   1411:
                   1412:        if (options.kerberos_get_afs_token && k_hasafs() &&
1.185     djm      1413:            (s->authctxt->krb5_ctx != NULL)) {
1.170     jakob    1414:                char cell[64];
                   1415:
                   1416:                debug("Getting AFS token");
                   1417:
                   1418:                k_setpag();
                   1419:
                   1420:                if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
                   1421:                        krb5_afslog(s->authctxt->krb5_ctx,
                   1422:                            s->authctxt->krb5_fwd_ccache, cell, NULL);
                   1423:
                   1424:                krb5_afslog_home(s->authctxt->krb5_ctx,
                   1425:                    s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir);
                   1426:        }
                   1427: #endif
1.104     markus   1428:
1.188     djm      1429:        /* Change current directory to the user's home directory. */
1.104     markus   1430:        if (chdir(pw->pw_dir) < 0) {
1.239     djm      1431:                /* Suppress missing homedir warning for chroot case */
                   1432:                r = login_getcapbool(lc, "requirehome", 0);
1.254     djm      1433:                if (r || options.chroot_directory == NULL ||
                   1434:                    strcasecmp(options.chroot_directory, "none") == 0)
1.239     djm      1435:                        fprintf(stderr, "Could not chdir to home "
                   1436:                            "directory %s: %s\n", pw->pw_dir,
                   1437:                            strerror(errno));
                   1438:                if (r)
1.104     markus   1439:                        exit(1);
                   1440:        }
1.230     djm      1441:
                   1442:        closefrom(STDERR_FILENO + 1);
1.1       markus   1443:
1.127     markus   1444:        if (!options.use_login)
                   1445:                do_rc_files(s, shell);
1.67      markus   1446:
                   1447:        /* restore SIGPIPE for child */
1.217     stevesk  1448:        signal(SIGPIPE, SIG_DFL);
1.67      markus   1449:
1.248     djm      1450:        if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
                   1451:                printf("This service allows sftp connections only.\n");
                   1452:                fflush(NULL);
                   1453:                exit(1);
                   1454:        } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
1.225     markus   1455:                extern int optind, optreset;
                   1456:                int i;
                   1457:                char *p, *args;
                   1458:
1.246     stevesk  1459:                setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
1.243     millert  1460:                args = xstrdup(command ? command : "sftp-server");
1.225     markus   1461:                for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
                   1462:                        if (i < ARGV_MAX - 1)
                   1463:                                argv[i++] = p;
                   1464:                argv[i] = NULL;
                   1465:                optind = optreset = 1;
                   1466:                __progname = argv[0];
1.226     djm      1467:                exit(sftp_server_main(i, argv, s->pw));
1.225     markus   1468:        }
1.247     djm      1469:
                   1470:        fflush(NULL);
1.225     markus   1471:
1.127     markus   1472:        if (options.use_login) {
1.130     provos   1473:                launch_login(pw, hostname);
                   1474:                /* NEVERREACHED */
1.127     markus   1475:        }
                   1476:
                   1477:        /* Get the last component of the shell name. */
                   1478:        if ((shell0 = strrchr(shell, '/')) != NULL)
                   1479:                shell0++;
                   1480:        else
                   1481:                shell0 = shell;
                   1482:
1.1       markus   1483:        /*
                   1484:         * If we have no command, execute the shell.  In this case, the shell
                   1485:         * name to be passed in argv[0] is preceded by '-' to indicate that
                   1486:         * this is a login shell.
                   1487:         */
                   1488:        if (!command) {
1.127     markus   1489:                char argv0[256];
1.1       markus   1490:
1.127     markus   1491:                /* Start the shell.  Set initial character to '-'. */
                   1492:                argv0[0] = '-';
1.1       markus   1493:
1.127     markus   1494:                if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
1.128     markus   1495:                    >= sizeof(argv0) - 1) {
1.127     markus   1496:                        errno = EINVAL;
1.1       markus   1497:                        perror(shell);
                   1498:                        exit(1);
1.127     markus   1499:                }
1.1       markus   1500:
1.127     markus   1501:                /* Execute the shell. */
                   1502:                argv[0] = argv0;
                   1503:                argv[1] = NULL;
                   1504:                execve(shell, argv, env);
                   1505:
                   1506:                /* Executing the shell failed. */
                   1507:                perror(shell);
                   1508:                exit(1);
1.1       markus   1509:        }
                   1510:        /*
                   1511:         * Execute the command using the user's shell.  This uses the -c
                   1512:         * option to execute the command.
                   1513:         */
1.127     markus   1514:        argv[0] = (char *) shell0;
1.1       markus   1515:        argv[1] = "-c";
                   1516:        argv[2] = (char *) command;
                   1517:        argv[3] = NULL;
                   1518:        execve(shell, argv, env);
                   1519:        perror(shell);
                   1520:        exit(1);
                   1521: }
                   1522:
1.237     djm      1523: void
                   1524: session_unused(int id)
                   1525: {
                   1526:        debug3("%s: session id %d unused", __func__, id);
                   1527:        if (id >= options.max_sessions ||
                   1528:            id >= sessions_nalloc) {
                   1529:                fatal("%s: insane session id %d (max %d nalloc %d)",
                   1530:                    __func__, id, options.max_sessions, sessions_nalloc);
                   1531:        }
1.270     tedu     1532:        memset(&sessions[id], 0, sizeof(*sessions));
1.237     djm      1533:        sessions[id].self = id;
                   1534:        sessions[id].used = 0;
                   1535:        sessions[id].chanid = -1;
                   1536:        sessions[id].ptyfd = -1;
                   1537:        sessions[id].ttyfd = -1;
                   1538:        sessions[id].ptymaster = -1;
                   1539:        sessions[id].x11_chanids = NULL;
                   1540:        sessions[id].next_unused = sessions_first_unused;
                   1541:        sessions_first_unused = id;
                   1542: }
                   1543:
1.1       markus   1544: Session *
                   1545: session_new(void)
                   1546: {
1.237     djm      1547:        Session *s, *tmp;
                   1548:
                   1549:        if (sessions_first_unused == -1) {
                   1550:                if (sessions_nalloc >= options.max_sessions)
                   1551:                        return NULL;
                   1552:                debug2("%s: allocate (allocated %d max %d)",
                   1553:                    __func__, sessions_nalloc, options.max_sessions);
                   1554:                tmp = xrealloc(sessions, sessions_nalloc + 1,
                   1555:                    sizeof(*sessions));
                   1556:                if (tmp == NULL) {
                   1557:                        error("%s: cannot allocate %d sessions",
                   1558:                            __func__, sessions_nalloc + 1);
                   1559:                        return NULL;
                   1560:                }
                   1561:                sessions = tmp;
                   1562:                session_unused(sessions_nalloc++);
                   1563:        }
                   1564:
                   1565:        if (sessions_first_unused >= sessions_nalloc ||
                   1566:            sessions_first_unused < 0) {
                   1567:                fatal("%s: insane first_unused %d max %d nalloc %d",
                   1568:                    __func__, sessions_first_unused, options.max_sessions,
                   1569:                    sessions_nalloc);
                   1570:        }
                   1571:
                   1572:        s = &sessions[sessions_first_unused];
                   1573:        if (s->used) {
                   1574:                fatal("%s: session %d already used",
                   1575:                    __func__, sessions_first_unused);
                   1576:        }
                   1577:        sessions_first_unused = s->next_unused;
                   1578:        s->used = 1;
                   1579:        s->next_unused = -1;
                   1580:        debug("session_new: session %d", s->self);
                   1581:
                   1582:        return s;
1.1       markus   1583: }
                   1584:
1.94      itojun   1585: static void
1.1       markus   1586: session_dump(void)
                   1587: {
                   1588:        int i;
1.237     djm      1589:        for (i = 0; i < sessions_nalloc; i++) {
1.1       markus   1590:                Session *s = &sessions[i];
1.237     djm      1591:
                   1592:                debug("dump: used %d next_unused %d session %d %p "
                   1593:                    "channel %d pid %ld",
1.1       markus   1594:                    s->used,
1.237     djm      1595:                    s->next_unused,
1.1       markus   1596:                    s->self,
                   1597:                    s,
                   1598:                    s->chanid,
1.137     mpech    1599:                    (long)s->pid);
1.1       markus   1600:        }
                   1601: }
                   1602:
1.2       markus   1603: int
1.97      markus   1604: session_open(Authctxt *authctxt, int chanid)
1.2       markus   1605: {
                   1606:        Session *s = session_new();
                   1607:        debug("session_open: channel %d", chanid);
                   1608:        if (s == NULL) {
                   1609:                error("no more sessions");
                   1610:                return 0;
                   1611:        }
1.97      markus   1612:        s->authctxt = authctxt;
                   1613:        s->pw = authctxt->pw;
1.167     djm      1614:        if (s->pw == NULL || !authctxt->valid)
1.54      stevesk  1615:                fatal("no user for session %d", s->self);
1.2       markus   1616:        debug("session_open: session %d: link with channel %d", s->self, chanid);
                   1617:        s->chanid = chanid;
                   1618:        return 1;
                   1619: }
                   1620:
1.130     provos   1621: Session *
                   1622: session_by_tty(char *tty)
                   1623: {
                   1624:        int i;
1.237     djm      1625:        for (i = 0; i < sessions_nalloc; i++) {
1.130     provos   1626:                Session *s = &sessions[i];
                   1627:                if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
                   1628:                        debug("session_by_tty: session %d tty %s", i, tty);
                   1629:                        return s;
                   1630:                }
                   1631:        }
                   1632:        debug("session_by_tty: unknown tty %.100s", tty);
                   1633:        session_dump();
                   1634:        return NULL;
                   1635: }
                   1636:
1.94      itojun   1637: static Session *
1.2       markus   1638: session_by_channel(int id)
                   1639: {
                   1640:        int i;
1.237     djm      1641:        for (i = 0; i < sessions_nalloc; i++) {
1.2       markus   1642:                Session *s = &sessions[i];
                   1643:                if (s->used && s->chanid == id) {
1.237     djm      1644:                        debug("session_by_channel: session %d channel %d",
                   1645:                            i, id);
1.2       markus   1646:                        return s;
                   1647:                }
                   1648:        }
                   1649:        debug("session_by_channel: unknown channel %d", id);
                   1650:        session_dump();
                   1651:        return NULL;
                   1652: }
                   1653:
1.94      itojun   1654: static Session *
1.184     djm      1655: session_by_x11_channel(int id)
                   1656: {
                   1657:        int i, j;
                   1658:
1.237     djm      1659:        for (i = 0; i < sessions_nalloc; i++) {
1.184     djm      1660:                Session *s = &sessions[i];
                   1661:
                   1662:                if (s->x11_chanids == NULL || !s->used)
                   1663:                        continue;
                   1664:                for (j = 0; s->x11_chanids[j] != -1; j++) {
                   1665:                        if (s->x11_chanids[j] == id) {
                   1666:                                debug("session_by_x11_channel: session %d "
                   1667:                                    "channel %d", s->self, id);
                   1668:                                return s;
                   1669:                        }
                   1670:                }
                   1671:        }
                   1672:        debug("session_by_x11_channel: unknown channel %d", id);
                   1673:        session_dump();
                   1674:        return NULL;
                   1675: }
                   1676:
                   1677: static Session *
1.2       markus   1678: session_by_pid(pid_t pid)
                   1679: {
                   1680:        int i;
1.137     mpech    1681:        debug("session_by_pid: pid %ld", (long)pid);
1.237     djm      1682:        for (i = 0; i < sessions_nalloc; i++) {
1.2       markus   1683:                Session *s = &sessions[i];
                   1684:                if (s->used && s->pid == pid)
                   1685:                        return s;
                   1686:        }
1.137     mpech    1687:        error("session_by_pid: unknown pid %ld", (long)pid);
1.2       markus   1688:        session_dump();
                   1689:        return NULL;
                   1690: }
                   1691:
1.94      itojun   1692: static int
1.2       markus   1693: session_window_change_req(Session *s)
                   1694: {
                   1695:        s->col = packet_get_int();
                   1696:        s->row = packet_get_int();
                   1697:        s->xpixel = packet_get_int();
                   1698:        s->ypixel = packet_get_int();
1.116     markus   1699:        packet_check_eom();
1.2       markus   1700:        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
                   1701:        return 1;
                   1702: }
                   1703:
1.94      itojun   1704: static int
1.2       markus   1705: session_pty_req(Session *s)
                   1706: {
1.45      markus   1707:        u_int len;
1.72      stevesk  1708:        int n_bytes;
1.132     markus   1709:
1.268     djm      1710:        if (no_pty_flag || !options.permit_tty) {
1.86      markus   1711:                debug("Allocating a pty not permitted for this authentication.");
1.19      markus   1712:                return 0;
1.86      markus   1713:        }
                   1714:        if (s->ttyfd != -1) {
                   1715:                packet_disconnect("Protocol error: you already have a pty.");
1.3       markus   1716:                return 0;
1.86      markus   1717:        }
                   1718:
1.2       markus   1719:        s->term = packet_get_string(&len);
1.86      markus   1720:
                   1721:        if (compat20) {
                   1722:                s->col = packet_get_int();
                   1723:                s->row = packet_get_int();
                   1724:        } else {
                   1725:                s->row = packet_get_int();
                   1726:                s->col = packet_get_int();
                   1727:        }
1.2       markus   1728:        s->xpixel = packet_get_int();
                   1729:        s->ypixel = packet_get_int();
                   1730:
                   1731:        if (strcmp(s->term, "") == 0) {
1.265     djm      1732:                free(s->term);
1.2       markus   1733:                s->term = NULL;
                   1734:        }
1.86      markus   1735:
1.2       markus   1736:        /* Allocate a pty and open it. */
1.86      markus   1737:        debug("Allocating pty.");
1.237     djm      1738:        if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
                   1739:            sizeof(s->tty)))) {
1.265     djm      1740:                free(s->term);
1.2       markus   1741:                s->term = NULL;
                   1742:                s->ptyfd = -1;
                   1743:                s->ttyfd = -1;
                   1744:                error("session_pty_req: session %d alloc failed", s->self);
1.3       markus   1745:                return 0;
1.2       markus   1746:        }
                   1747:        debug("session_pty_req: session %d alloc %s", s->self, s->tty);
1.86      markus   1748:
                   1749:        /* for SSH1 the tty modes length is not given */
                   1750:        if (!compat20)
                   1751:                n_bytes = packet_remaining();
                   1752:        tty_parse_modes(s->ttyfd, &n_bytes);
                   1753:
1.130     provos   1754:        if (!use_privsep)
                   1755:                pty_setowner(s->pw, s->tty);
1.86      markus   1756:
                   1757:        /* Set window size from the packet. */
1.2       markus   1758:        pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
                   1759:
1.116     markus   1760:        packet_check_eom();
1.9       markus   1761:        session_proctitle(s);
1.2       markus   1762:        return 1;
                   1763: }
                   1764:
1.94      itojun   1765: static int
1.7       markus   1766: session_subsystem_req(Session *s)
                   1767: {
1.105     markus   1768:        struct stat st;
1.45      markus   1769:        u_int len;
1.7       markus   1770:        int success = 0;
1.267     djm      1771:        char *prog, *cmd;
1.182     djm      1772:        u_int i;
1.7       markus   1773:
1.267     djm      1774:        s->subsys = packet_get_string(&len);
1.116     markus   1775:        packet_check_eom();
1.267     djm      1776:        debug2("subsystem request for %.100s by user %s", s->subsys,
1.255     djm      1777:            s->pw->pw_name);
1.18      jakob    1778:
                   1779:        for (i = 0; i < options.num_subsystems; i++) {
1.267     djm      1780:                if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
1.205     djm      1781:                        prog = options.subsystem_command[i];
                   1782:                        cmd = options.subsystem_args[i];
1.249     dtucker  1783:                        if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
1.225     markus   1784:                                s->is_subsystem = SUBSYSTEM_INT_SFTP;
1.249     dtucker  1785:                                debug("subsystem: %s", prog);
1.225     markus   1786:                        } else {
1.249     dtucker  1787:                                if (stat(prog, &st) < 0)
                   1788:                                        debug("subsystem: cannot stat %s: %s",
                   1789:                                            prog, strerror(errno));
1.225     markus   1790:                                s->is_subsystem = SUBSYSTEM_EXT;
1.249     dtucker  1791:                                debug("subsystem: exec() %s", cmd);
1.105     markus   1792:                        }
1.237     djm      1793:                        success = do_exec(s, cmd) == 0;
1.122     markus   1794:                        break;
1.18      jakob    1795:                }
                   1796:        }
                   1797:
                   1798:        if (!success)
1.267     djm      1799:                logit("subsystem request for %.100s by user %s failed, "
                   1800:                    "subsystem not found", s->subsys, s->pw->pw_name);
1.7       markus   1801:
                   1802:        return success;
                   1803: }
                   1804:
1.94      itojun   1805: static int
1.7       markus   1806: session_x11_req(Session *s)
                   1807: {
1.81      markus   1808:        int success;
1.7       markus   1809:
1.184     djm      1810:        if (s->auth_proto != NULL || s->auth_data != NULL) {
                   1811:                error("session_x11_req: session %d: "
1.190     stevesk  1812:                    "x11 forwarding already active", s->self);
1.184     djm      1813:                return 0;
                   1814:        }
1.7       markus   1815:        s->single_connection = packet_get_char();
                   1816:        s->auth_proto = packet_get_string(NULL);
                   1817:        s->auth_data = packet_get_string(NULL);
                   1818:        s->screen = packet_get_int();
1.116     markus   1819:        packet_check_eom();
1.7       markus   1820:
1.81      markus   1821:        success = session_setup_x11fwd(s);
                   1822:        if (!success) {
1.265     djm      1823:                free(s->auth_proto);
                   1824:                free(s->auth_data);
1.84      markus   1825:                s->auth_proto = NULL;
                   1826:                s->auth_data = NULL;
1.7       markus   1827:        }
1.81      markus   1828:        return success;
1.7       markus   1829: }
                   1830:
1.94      itojun   1831: static int
1.19      markus   1832: session_shell_req(Session *s)
                   1833: {
1.116     markus   1834:        packet_check_eom();
1.237     djm      1835:        return do_exec(s, NULL) == 0;
1.19      markus   1836: }
                   1837:
1.94      itojun   1838: static int
1.19      markus   1839: session_exec_req(Session *s)
                   1840: {
1.237     djm      1841:        u_int len, success;
                   1842:
1.19      markus   1843:        char *command = packet_get_string(&len);
1.116     markus   1844:        packet_check_eom();
1.237     djm      1845:        success = do_exec(s, command) == 0;
1.265     djm      1846:        free(command);
1.237     djm      1847:        return success;
1.19      markus   1848: }
                   1849:
1.94      itojun   1850: static int
1.157     markus   1851: session_break_req(Session *s)
                   1852: {
                   1853:
1.175     deraadt  1854:        packet_get_int();       /* ignored */
1.157     markus   1855:        packet_check_eom();
                   1856:
1.259     djm      1857:        if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
1.157     markus   1858:                return 0;
                   1859:        return 1;
                   1860: }
                   1861:
                   1862: static int
1.173     djm      1863: session_env_req(Session *s)
                   1864: {
                   1865:        char *name, *val;
                   1866:        u_int name_len, val_len, i;
                   1867:
1.271     djm      1868:        name = packet_get_cstring(&name_len);
                   1869:        val = packet_get_cstring(&val_len);
1.173     djm      1870:        packet_check_eom();
                   1871:
                   1872:        /* Don't set too many environment variables */
                   1873:        if (s->num_env > 128) {
                   1874:                debug2("Ignoring env request %s: too many env vars", name);
                   1875:                goto fail;
                   1876:        }
                   1877:
                   1878:        for (i = 0; i < options.num_accept_env; i++) {
                   1879:                if (match_pattern(name, options.accept_env[i])) {
                   1880:                        debug2("Setting env %d: %s=%s", s->num_env, name, val);
1.201     djm      1881:                        s->env = xrealloc(s->env, s->num_env + 1,
                   1882:                            sizeof(*s->env));
1.173     djm      1883:                        s->env[s->num_env].name = name;
                   1884:                        s->env[s->num_env].val = val;
                   1885:                        s->num_env++;
                   1886:                        return (1);
                   1887:                }
                   1888:        }
                   1889:        debug2("Ignoring env request %s: disallowed name", name);
                   1890:
                   1891:  fail:
1.265     djm      1892:        free(name);
                   1893:        free(val);
1.173     djm      1894:        return (0);
                   1895: }
                   1896:
                   1897: static int
1.43      markus   1898: session_auth_agent_req(Session *s)
                   1899: {
                   1900:        static int called = 0;
1.116     markus   1901:        packet_check_eom();
1.235     pyr      1902:        if (no_agent_forwarding_flag || !options.allow_agent_forwarding) {
1.44      markus   1903:                debug("session_auth_agent_req: no_agent_forwarding_flag");
                   1904:                return 0;
                   1905:        }
1.43      markus   1906:        if (called) {
                   1907:                return 0;
                   1908:        } else {
                   1909:                called = 1;
                   1910:                return auth_input_request_forwarding(s->pw);
                   1911:        }
                   1912: }
                   1913:
1.123     markus   1914: int
                   1915: session_input_channel_req(Channel *c, const char *rtype)
1.2       markus   1916: {
                   1917:        int success = 0;
                   1918:        Session *s;
                   1919:
1.123     markus   1920:        if ((s = session_by_channel(c->self)) == NULL) {
1.155     itojun   1921:                logit("session_input_channel_req: no session %d req %.100s",
1.123     markus   1922:                    c->self, rtype);
                   1923:                return 0;
                   1924:        }
                   1925:        debug("session_input_channel_req: session %d req %s", s->self, rtype);
1.2       markus   1926:
                   1927:        /*
1.64      markus   1928:         * a session is in LARVAL state until a shell, a command
                   1929:         * or a subsystem is executed
1.2       markus   1930:         */
                   1931:        if (c->type == SSH_CHANNEL_LARVAL) {
                   1932:                if (strcmp(rtype, "shell") == 0) {
1.19      markus   1933:                        success = session_shell_req(s);
1.2       markus   1934:                } else if (strcmp(rtype, "exec") == 0) {
1.19      markus   1935:                        success = session_exec_req(s);
1.2       markus   1936:                } else if (strcmp(rtype, "pty-req") == 0) {
1.221     stevesk  1937:                        success = session_pty_req(s);
1.7       markus   1938:                } else if (strcmp(rtype, "x11-req") == 0) {
                   1939:                        success = session_x11_req(s);
1.43      markus   1940:                } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
                   1941:                        success = session_auth_agent_req(s);
1.7       markus   1942:                } else if (strcmp(rtype, "subsystem") == 0) {
                   1943:                        success = session_subsystem_req(s);
1.173     djm      1944:                } else if (strcmp(rtype, "env") == 0) {
                   1945:                        success = session_env_req(s);
1.2       markus   1946:                }
                   1947:        }
                   1948:        if (strcmp(rtype, "window-change") == 0) {
                   1949:                success = session_window_change_req(s);
1.177     djm      1950:        } else if (strcmp(rtype, "break") == 0) {
                   1951:                success = session_break_req(s);
1.2       markus   1952:        }
1.177     djm      1953:
1.123     markus   1954:        return success;
1.2       markus   1955: }
                   1956:
                   1957: void
1.256     djm      1958: session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
                   1959:     int is_tty)
1.2       markus   1960: {
                   1961:        if (!compat20)
                   1962:                fatal("session_set_fds: called for proto != 2.0");
                   1963:        /*
                   1964:         * now that have a child and a pipe to the child,
                   1965:         * we can activate our channel and register the fd's
                   1966:         */
                   1967:        if (s->chanid == -1)
                   1968:                fatal("no channel for session %d", s->self);
                   1969:        channel_set_fds(s->chanid,
                   1970:            fdout, fdin, fderr,
1.256     djm      1971:            ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1.241     dtucker  1972:            1, is_tty, CHAN_SES_WINDOW_DEFAULT);
1.2       markus   1973: }
                   1974:
1.85      markus   1975: /*
                   1976:  * Function to perform pty cleanup. Also called if we get aborted abnormally
                   1977:  * (e.g., due to a dropped connection).
                   1978:  */
1.130     provos   1979: void
1.165     markus   1980: session_pty_cleanup2(Session *s)
1.1       markus   1981: {
1.85      markus   1982:        if (s == NULL) {
                   1983:                error("session_pty_cleanup: no session");
                   1984:                return;
                   1985:        }
                   1986:        if (s->ttyfd == -1)
1.1       markus   1987:                return;
                   1988:
1.54      stevesk  1989:        debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
1.1       markus   1990:
                   1991:        /* Record that the user has logged out. */
1.85      markus   1992:        if (s->pid != 0)
                   1993:                record_logout(s->pid, s->tty);
1.1       markus   1994:
                   1995:        /* Release the pseudo-tty. */
1.130     provos   1996:        if (getuid() == 0)
                   1997:                pty_release(s->tty);
1.1       markus   1998:
                   1999:        /*
                   2000:         * Close the server side of the socket pairs.  We must do this after
                   2001:         * the pty cleanup, so that another process doesn't get this pty
                   2002:         * while we're still cleaning up.
                   2003:         */
1.237     djm      2004:        if (s->ptymaster != -1 && close(s->ptymaster) < 0)
                   2005:                error("close(s->ptymaster/%d): %s",
                   2006:                    s->ptymaster, strerror(errno));
1.108     markus   2007:
                   2008:        /* unlink pty from session */
                   2009:        s->ttyfd = -1;
1.2       markus   2010: }
                   2011:
1.130     provos   2012: void
1.165     markus   2013: session_pty_cleanup(Session *s)
1.130     provos   2014: {
1.165     markus   2015:        PRIVSEP(session_pty_cleanup2(s));
1.130     provos   2016: }
                   2017:
1.147     markus   2018: static char *
                   2019: sig2name(int sig)
                   2020: {
                   2021: #define SSH_SIG(x) if (sig == SIG ## x) return #x
                   2022:        SSH_SIG(ABRT);
                   2023:        SSH_SIG(ALRM);
                   2024:        SSH_SIG(FPE);
                   2025:        SSH_SIG(HUP);
                   2026:        SSH_SIG(ILL);
                   2027:        SSH_SIG(INT);
                   2028:        SSH_SIG(KILL);
                   2029:        SSH_SIG(PIPE);
                   2030:        SSH_SIG(QUIT);
                   2031:        SSH_SIG(SEGV);
                   2032:        SSH_SIG(TERM);
                   2033:        SSH_SIG(USR1);
                   2034:        SSH_SIG(USR2);
                   2035: #undef SSH_SIG
                   2036:        return "SIG@openssh.com";
                   2037: }
                   2038:
1.94      itojun   2039: static void
1.184     djm      2040: session_close_x11(int id)
                   2041: {
                   2042:        Channel *c;
                   2043:
1.189     markus   2044:        if ((c = channel_by_id(id)) == NULL) {
1.184     djm      2045:                debug("session_close_x11: x11 channel %d missing", id);
                   2046:        } else {
                   2047:                /* Detach X11 listener */
                   2048:                debug("session_close_x11: detach x11 channel %d", id);
                   2049:                channel_cancel_cleanup(id);
                   2050:                if (c->ostate != CHAN_OUTPUT_CLOSED)
                   2051:                        chan_mark_dead(c);
                   2052:        }
                   2053: }
                   2054:
                   2055: static void
                   2056: session_close_single_x11(int id, void *arg)
                   2057: {
                   2058:        Session *s;
                   2059:        u_int i;
                   2060:
                   2061:        debug3("session_close_single_x11: channel %d", id);
                   2062:        channel_cancel_cleanup(id);
1.221     stevesk  2063:        if ((s = session_by_x11_channel(id)) == NULL)
1.184     djm      2064:                fatal("session_close_single_x11: no x11 channel %d", id);
                   2065:        for (i = 0; s->x11_chanids[i] != -1; i++) {
                   2066:                debug("session_close_single_x11: session %d: "
                   2067:                    "closing channel %d", s->self, s->x11_chanids[i]);
                   2068:                /*
                   2069:                 * The channel "id" is already closing, but make sure we
                   2070:                 * close all of its siblings.
                   2071:                 */
                   2072:                if (s->x11_chanids[i] != id)
                   2073:                        session_close_x11(s->x11_chanids[i]);
                   2074:        }
1.265     djm      2075:        free(s->x11_chanids);
1.184     djm      2076:        s->x11_chanids = NULL;
1.265     djm      2077:        free(s->display);
                   2078:        s->display = NULL;
                   2079:        free(s->auth_proto);
                   2080:        s->auth_proto = NULL;
                   2081:        free(s->auth_data);
                   2082:        s->auth_data = NULL;
                   2083:        free(s->auth_display);
                   2084:        s->auth_display = NULL;
1.184     djm      2085: }
                   2086:
                   2087: static void
1.2       markus   2088: session_exit_message(Session *s, int status)
                   2089: {
                   2090:        Channel *c;
1.124     markus   2091:
                   2092:        if ((c = channel_lookup(s->chanid)) == NULL)
1.85      markus   2093:                fatal("session_exit_message: session %d: no channel %d",
1.2       markus   2094:                    s->self, s->chanid);
1.137     mpech    2095:        debug("session_exit_message: session %d channel %d pid %ld",
                   2096:            s->self, s->chanid, (long)s->pid);
1.2       markus   2097:
                   2098:        if (WIFEXITED(status)) {
1.124     markus   2099:                channel_request_start(s->chanid, "exit-status", 0);
1.2       markus   2100:                packet_put_int(WEXITSTATUS(status));
                   2101:                packet_send();
                   2102:        } else if (WIFSIGNALED(status)) {
1.124     markus   2103:                channel_request_start(s->chanid, "exit-signal", 0);
1.147     markus   2104:                packet_put_cstring(sig2name(WTERMSIG(status)));
1.229     markus   2105:                packet_put_char(WCOREDUMP(status)? 1 : 0);
1.2       markus   2106:                packet_put_cstring("");
                   2107:                packet_put_cstring("");
                   2108:                packet_send();
                   2109:        } else {
                   2110:                /* Some weird exit cause.  Just exit. */
                   2111:                packet_disconnect("wait returned status %04x.", status);
                   2112:        }
                   2113:
                   2114:        /* disconnect channel */
                   2115:        debug("session_exit_message: release channel %d", s->chanid);
1.187     djm      2116:
                   2117:        /*
                   2118:         * Adjust cleanup callback attachment to send close messages when
1.199     deraadt  2119:         * the channel gets EOF. The session will be then be closed
1.187     djm      2120:         * by session_close_by_channel when the childs close their fds.
                   2121:         */
                   2122:        channel_register_cleanup(c->self, session_close_by_channel, 1);
                   2123:
1.5       markus   2124:        /*
                   2125:         * emulate a write failure with 'chan_write_failed', nobody will be
                   2126:         * interested in data we write.
                   2127:         * Note that we must not call 'chan_read_failed', since there could
                   2128:         * be some more data waiting in the pipe.
                   2129:         */
1.8       markus   2130:        if (c->ostate != CHAN_OUTPUT_CLOSED)
                   2131:                chan_write_failed(c);
1.2       markus   2132: }
                   2133:
1.130     provos   2134: void
1.85      markus   2135: session_close(Session *s)
1.2       markus   2136: {
1.182     djm      2137:        u_int i;
1.173     djm      2138:
1.137     mpech    2139:        debug("session_close: session %d pid %ld", s->self, (long)s->pid);
1.165     markus   2140:        if (s->ttyfd != -1)
1.85      markus   2141:                session_pty_cleanup(s);
1.265     djm      2142:        free(s->term);
                   2143:        free(s->display);
                   2144:        free(s->x11_chanids);
                   2145:        free(s->auth_display);
                   2146:        free(s->auth_data);
                   2147:        free(s->auth_proto);
1.267     djm      2148:        free(s->subsys);
1.219     djm      2149:        if (s->env != NULL) {
                   2150:                for (i = 0; i < s->num_env; i++) {
1.265     djm      2151:                        free(s->env[i].name);
                   2152:                        free(s->env[i].val);
1.219     djm      2153:                }
1.265     djm      2154:                free(s->env);
1.173     djm      2155:        }
1.9       markus   2156:        session_proctitle(s);
1.237     djm      2157:        session_unused(s->self);
1.2       markus   2158: }
                   2159:
                   2160: void
                   2161: session_close_by_pid(pid_t pid, int status)
                   2162: {
                   2163:        Session *s = session_by_pid(pid);
                   2164:        if (s == NULL) {
1.137     mpech    2165:                debug("session_close_by_pid: no session for pid %ld",
                   2166:                    (long)pid);
1.2       markus   2167:                return;
                   2168:        }
                   2169:        if (s->chanid != -1)
                   2170:                session_exit_message(s, status);
1.187     djm      2171:        if (s->ttyfd != -1)
                   2172:                session_pty_cleanup(s);
1.197     djm      2173:        s->pid = 0;
1.98      markus   2174: }
                   2175:
1.2       markus   2176: /*
                   2177:  * this is called when a channel dies before
                   2178:  * the session 'child' itself dies
                   2179:  */
                   2180: void
                   2181: session_close_by_channel(int id, void *arg)
                   2182: {
                   2183:        Session *s = session_by_channel(id);
1.187     djm      2184:        u_int i;
1.184     djm      2185:
1.2       markus   2186:        if (s == NULL) {
1.107     markus   2187:                debug("session_close_by_channel: no session for id %d", id);
1.2       markus   2188:                return;
                   2189:        }
1.137     mpech    2190:        debug("session_close_by_channel: channel %d child %ld",
                   2191:            id, (long)s->pid);
1.107     markus   2192:        if (s->pid != 0) {
                   2193:                debug("session_close_by_channel: channel %d: has child", id);
1.108     markus   2194:                /*
                   2195:                 * delay detach of session, but release pty, since
                   2196:                 * the fd's to the child are already closed
                   2197:                 */
1.165     markus   2198:                if (s->ttyfd != -1)
1.108     markus   2199:                        session_pty_cleanup(s);
1.107     markus   2200:                return;
                   2201:        }
                   2202:        /* detach by removing callback */
1.2       markus   2203:        channel_cancel_cleanup(s->chanid);
1.187     djm      2204:
                   2205:        /* Close any X11 listeners associated with this session */
                   2206:        if (s->x11_chanids != NULL) {
                   2207:                for (i = 0; s->x11_chanids[i] != -1; i++) {
                   2208:                        session_close_x11(s->x11_chanids[i]);
                   2209:                        s->x11_chanids[i] = -1;
                   2210:                }
                   2211:        }
                   2212:
1.2       markus   2213:        s->chanid = -1;
1.106     markus   2214:        session_close(s);
                   2215: }
                   2216:
                   2217: void
1.130     provos   2218: session_destroy_all(void (*closefunc)(Session *))
1.106     markus   2219: {
                   2220:        int i;
1.237     djm      2221:        for (i = 0; i < sessions_nalloc; i++) {
1.106     markus   2222:                Session *s = &sessions[i];
1.130     provos   2223:                if (s->used) {
                   2224:                        if (closefunc != NULL)
                   2225:                                closefunc(s);
                   2226:                        else
                   2227:                                session_close(s);
                   2228:                }
1.2       markus   2229:        }
1.9       markus   2230: }
                   2231:
1.94      itojun   2232: static char *
1.9       markus   2233: session_tty_list(void)
                   2234: {
                   2235:        static char buf[1024];
                   2236:        int i;
                   2237:        buf[0] = '\0';
1.237     djm      2238:        for (i = 0; i < sessions_nalloc; i++) {
1.9       markus   2239:                Session *s = &sessions[i];
                   2240:                if (s->used && s->ttyfd != -1) {
                   2241:                        if (buf[0] != '\0')
                   2242:                                strlcat(buf, ",", sizeof buf);
                   2243:                        strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf);
                   2244:                }
                   2245:        }
                   2246:        if (buf[0] == '\0')
                   2247:                strlcpy(buf, "notty", sizeof buf);
                   2248:        return buf;
                   2249: }
                   2250:
                   2251: void
                   2252: session_proctitle(Session *s)
                   2253: {
                   2254:        if (s->pw == NULL)
                   2255:                error("no user for session %d", s->self);
                   2256:        else
                   2257:                setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
1.81      markus   2258: }
                   2259:
                   2260: int
                   2261: session_setup_x11fwd(Session *s)
                   2262: {
                   2263:        struct stat st;
1.109     stevesk  2264:        char display[512], auth_display[512];
1.272     djm      2265:        char hostname[NI_MAXHOST];
1.184     djm      2266:        u_int i;
1.81      markus   2267:
                   2268:        if (no_x11_forwarding_flag) {
                   2269:                packet_send_debug("X11 forwarding disabled in user configuration file.");
                   2270:                return 0;
                   2271:        }
                   2272:        if (!options.x11_forwarding) {
                   2273:                debug("X11 forwarding disabled in server configuration file.");
                   2274:                return 0;
                   2275:        }
                   2276:        if (!options.xauth_location ||
                   2277:            (stat(options.xauth_location, &st) == -1)) {
                   2278:                packet_send_debug("No xauth program; cannot forward with spoofing.");
1.91      markus   2279:                return 0;
                   2280:        }
                   2281:        if (options.use_login) {
                   2282:                packet_send_debug("X11 forwarding disabled; "
                   2283:                    "not compatible with UseLogin=yes.");
1.81      markus   2284:                return 0;
                   2285:        }
1.87      markus   2286:        if (s->display != NULL) {
1.81      markus   2287:                debug("X11 display already set.");
                   2288:                return 0;
                   2289:        }
1.140     deraadt  2290:        if (x11_create_display_inet(options.x11_display_offset,
                   2291:            options.x11_use_localhost, s->single_connection,
1.184     djm      2292:            &s->display_number, &s->x11_chanids) == -1) {
1.87      markus   2293:                debug("x11_create_display_inet failed.");
1.81      markus   2294:                return 0;
1.184     djm      2295:        }
                   2296:        for (i = 0; s->x11_chanids[i] != -1; i++) {
                   2297:                channel_register_cleanup(s->x11_chanids[i],
1.187     djm      2298:                    session_close_single_x11, 0);
1.81      markus   2299:        }
1.109     stevesk  2300:
                   2301:        /* Set up a suitable value for the DISPLAY variable. */
                   2302:        if (gethostname(hostname, sizeof(hostname)) < 0)
                   2303:                fatal("gethostname: %.100s", strerror(errno));
                   2304:        /*
                   2305:         * auth_display must be used as the displayname when the
                   2306:         * authorization entry is added with xauth(1).  This will be
                   2307:         * different than the DISPLAY string for localhost displays.
                   2308:         */
1.119     stevesk  2309:        if (options.x11_use_localhost) {
1.140     deraadt  2310:                snprintf(display, sizeof display, "localhost:%u.%u",
1.109     stevesk  2311:                    s->display_number, s->screen);
1.140     deraadt  2312:                snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
1.118     stevesk  2313:                    s->display_number, s->screen);
1.109     stevesk  2314:                s->display = xstrdup(display);
1.118     stevesk  2315:                s->auth_display = xstrdup(auth_display);
1.109     stevesk  2316:        } else {
1.140     deraadt  2317:                snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
1.109     stevesk  2318:                    s->display_number, s->screen);
                   2319:                s->display = xstrdup(display);
1.118     stevesk  2320:                s->auth_display = xstrdup(display);
1.109     stevesk  2321:        }
                   2322:
1.81      markus   2323:        return 1;
1.2       markus   2324: }
                   2325:
1.94      itojun   2326: static void
1.49      markus   2327: do_authenticated2(Authctxt *authctxt)
1.2       markus   2328: {
1.97      markus   2329:        server_loop2(authctxt);
1.165     markus   2330: }
                   2331:
                   2332: void
                   2333: do_cleanup(Authctxt *authctxt)
                   2334: {
                   2335:        static int called = 0;
                   2336:
                   2337:        debug("do_cleanup");
                   2338:
                   2339:        /* no cleanup if we're in the child for login shell */
                   2340:        if (is_child)
                   2341:                return;
                   2342:
                   2343:        /* avoid double cleanup */
                   2344:        if (called)
                   2345:                return;
                   2346:        called = 1;
                   2347:
1.218     markus   2348:        if (authctxt == NULL || !authctxt->authenticated)
1.165     markus   2349:                return;
                   2350: #ifdef KRB5
                   2351:        if (options.kerberos_ticket_cleanup &&
                   2352:            authctxt->krb5_ctx)
                   2353:                krb5_cleanup_proc(authctxt);
1.161     markus   2354: #endif
1.165     markus   2355:
                   2356: #ifdef GSSAPI
                   2357:        if (compat20 && options.gss_cleanup_creds)
                   2358:                ssh_gssapi_cleanup_creds();
                   2359: #endif
                   2360:
                   2361:        /* remove agent socket */
                   2362:        auth_sock_cleanup_proc(authctxt->pw);
                   2363:
                   2364:        /*
                   2365:         * Cleanup ptys/utmp only if privsep is disabled,
                   2366:         * or if running in monitor.
                   2367:         */
                   2368:        if (!use_privsep || mm_is_monitor())
                   2369:                session_destroy_all(session_pty_cleanup2);
1.1       markus   2370: }