1 /* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */ 2 /* 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be 10 * called by a name other than "ssh" or "Secure Shell". 11 * 12 * SSH2 support by Markus Friedl. 13 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 #include "includes.h" 37 __RCSID("$FreeBSD$"); 38 39 #include <sys/types.h> 40 #include <sys/param.h> 41 #ifdef HAVE_SYS_STAT_H 42 # include <sys/stat.h> 43 #endif 44 #include <sys/socket.h> 45 #include <sys/un.h> 46 #include <sys/wait.h> 47 48 #include <arpa/inet.h> 49 50 #include <errno.h> 51 #include <grp.h> 52 #ifdef HAVE_PATHS_H 53 #include <paths.h> 54 #endif 55 #include <pwd.h> 56 #include <signal.h> 57 #include <stdarg.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <unistd.h> 62 63 #include "xmalloc.h" 64 #include "ssh.h" 65 #include "ssh1.h" 66 #include "ssh2.h" 67 #include "sshpty.h" 68 #include "packet.h" 69 #include "buffer.h" 70 #include "match.h" 71 #include "uidswap.h" 72 #include "compat.h" 73 #include "channels.h" 74 #include "key.h" 75 #include "cipher.h" 76 #ifdef GSSAPI 77 #include "ssh-gss.h" 78 #endif 79 #include "hostfile.h" 80 #include "auth.h" 81 #include "auth-options.h" 82 #include "pathnames.h" 83 #include "log.h" 84 #include "servconf.h" 85 #include "sshlogin.h" 86 #include "serverloop.h" 87 #include "canohost.h" 88 #include "session.h" 89 #include "kex.h" 90 #include "monitor_wrap.h" 91 92 #if defined(KRB5) && defined(USE_AFS) 93 #include <kafs.h> 94 #endif 95 96 /* func */ 97 98 Session *session_new(void); 99 void session_set_fds(Session *, int, int, int); 100 void session_pty_cleanup(Session *); 101 void session_proctitle(Session *); 102 int session_setup_x11fwd(Session *); 103 void do_exec_pty(Session *, const char *); 104 void do_exec_no_pty(Session *, const char *); 105 void do_exec(Session *, const char *); 106 void do_login(Session *, const char *); 107 #ifdef LOGIN_NEEDS_UTMPX 108 static void do_pre_login(Session *s); 109 #endif 110 void do_child(Session *, const char *); 111 void do_motd(void); 112 int check_quietlogin(Session *, const char *); 113 114 static void do_authenticated1(Authctxt *); 115 static void do_authenticated2(Authctxt *); 116 117 static int session_pty_req(Session *); 118 119 /* import */ 120 extern ServerOptions options; 121 extern char *__progname; 122 extern int log_stderr; 123 extern int debug_flag; 124 extern u_int utmp_len; 125 extern int startup_pipe; 126 extern void destroy_sensitive_data(void); 127 extern Buffer loginmsg; 128 129 /* original command from peer. */ 130 const char *original_command = NULL; 131 132 /* data */ 133 #define MAX_SESSIONS 10 134 Session sessions[MAX_SESSIONS]; 135 136 #ifdef HAVE_LOGIN_CAP 137 login_cap_t *lc; 138 #endif 139 140 static int is_child = 0; 141 142 /* Name and directory of socket for authentication agent forwarding. */ 143 static char *auth_sock_name = NULL; 144 static char *auth_sock_dir = NULL; 145 146 /* removes the agent forwarding socket */ 147 148 static void 149 auth_sock_cleanup_proc(struct passwd *pw) 150 { 151 if (auth_sock_name != NULL) { 152 temporarily_use_uid(pw); 153 unlink(auth_sock_name); 154 rmdir(auth_sock_dir); 155 auth_sock_name = NULL; 156 restore_uid(); 157 } 158 } 159 160 static int 161 auth_input_request_forwarding(struct passwd * pw) 162 { 163 Channel *nc; 164 int sock; 165 struct sockaddr_un sunaddr; 166 167 if (auth_sock_name != NULL) { 168 error("authentication forwarding requested twice."); 169 return 0; 170 } 171 172 /* Temporarily drop privileged uid for mkdir/bind. */ 173 temporarily_use_uid(pw); 174 175 /* Allocate a buffer for the socket name, and format the name. */ 176 auth_sock_name = xmalloc(MAXPATHLEN); 177 auth_sock_dir = xmalloc(MAXPATHLEN); 178 strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); 179 180 /* Create private directory for socket */ 181 if (mkdtemp(auth_sock_dir) == NULL) { 182 packet_send_debug("Agent forwarding disabled: " 183 "mkdtemp() failed: %.100s", strerror(errno)); 184 restore_uid(); 185 xfree(auth_sock_name); 186 xfree(auth_sock_dir); 187 auth_sock_name = NULL; 188 auth_sock_dir = NULL; 189 return 0; 190 } 191 snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld", 192 auth_sock_dir, (long) getpid()); 193 194 /* Create the socket. */ 195 sock = socket(AF_UNIX, SOCK_STREAM, 0); 196 if (sock < 0) 197 packet_disconnect("socket: %.100s", strerror(errno)); 198 199 /* Bind it to the name. */ 200 memset(&sunaddr, 0, sizeof(sunaddr)); 201 sunaddr.sun_family = AF_UNIX; 202 strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); 203 204 if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) 205 packet_disconnect("bind: %.100s", strerror(errno)); 206 207 /* Restore the privileged uid. */ 208 restore_uid(); 209 210 /* Start listening on the socket. */ 211 if (listen(sock, SSH_LISTEN_BACKLOG) < 0) 212 packet_disconnect("listen: %.100s", strerror(errno)); 213 214 /* Allocate a channel for the authentication agent socket. */ 215 nc = channel_new("auth socket", 216 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, 217 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 218 0, "auth socket", 1); 219 strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); 220 return 1; 221 } 222 223 static void 224 display_loginmsg(void) 225 { 226 if (buffer_len(&loginmsg) > 0) { 227 buffer_append(&loginmsg, "\0", 1); 228 printf("%s", (char *)buffer_ptr(&loginmsg)); 229 buffer_clear(&loginmsg); 230 } 231 } 232 233 void 234 do_authenticated(Authctxt *authctxt) 235 { 236 setproctitle("%s", authctxt->pw->pw_name); 237 238 /* setup the channel layer */ 239 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 240 channel_permit_all_opens(); 241 242 if (compat20) 243 do_authenticated2(authctxt); 244 else 245 do_authenticated1(authctxt); 246 247 do_cleanup(authctxt); 248 } 249 250 /* 251 * Prepares for an interactive session. This is called after the user has 252 * been successfully authenticated. During this message exchange, pseudo 253 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings 254 * are requested, etc. 255 */ 256 static void 257 do_authenticated1(Authctxt *authctxt) 258 { 259 Session *s; 260 char *command; 261 int success, type, screen_flag; 262 int enable_compression_after_reply = 0; 263 u_int proto_len, data_len, dlen, compression_level = 0; 264 265 s = session_new(); 266 if (s == NULL) { 267 error("no more sessions"); 268 return; 269 } 270 s->authctxt = authctxt; 271 s->pw = authctxt->pw; 272 273 /* 274 * We stay in this loop until the client requests to execute a shell 275 * or a command. 276 */ 277 for (;;) { 278 success = 0; 279 280 /* Get a packet from the client. */ 281 type = packet_read(); 282 283 /* Process the packet. */ 284 switch (type) { 285 case SSH_CMSG_REQUEST_COMPRESSION: 286 compression_level = packet_get_int(); 287 packet_check_eom(); 288 if (compression_level < 1 || compression_level > 9) { 289 packet_send_debug("Received invalid compression level %d.", 290 compression_level); 291 break; 292 } 293 if (options.compression == COMP_NONE) { 294 debug2("compression disabled"); 295 break; 296 } 297 /* Enable compression after we have responded with SUCCESS. */ 298 enable_compression_after_reply = 1; 299 success = 1; 300 break; 301 302 case SSH_CMSG_REQUEST_PTY: 303 success = session_pty_req(s); 304 break; 305 306 case SSH_CMSG_X11_REQUEST_FORWARDING: 307 s->auth_proto = packet_get_string(&proto_len); 308 s->auth_data = packet_get_string(&data_len); 309 310 screen_flag = packet_get_protocol_flags() & 311 SSH_PROTOFLAG_SCREEN_NUMBER; 312 debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag); 313 314 if (packet_remaining() == 4) { 315 if (!screen_flag) 316 debug2("Buggy client: " 317 "X11 screen flag missing"); 318 s->screen = packet_get_int(); 319 } else { 320 s->screen = 0; 321 } 322 packet_check_eom(); 323 success = session_setup_x11fwd(s); 324 if (!success) { 325 xfree(s->auth_proto); 326 xfree(s->auth_data); 327 s->auth_proto = NULL; 328 s->auth_data = NULL; 329 } 330 break; 331 332 case SSH_CMSG_AGENT_REQUEST_FORWARDING: 333 if (no_agent_forwarding_flag || compat13) { 334 debug("Authentication agent forwarding not permitted for this authentication."); 335 break; 336 } 337 debug("Received authentication agent forwarding request."); 338 success = auth_input_request_forwarding(s->pw); 339 break; 340 341 case SSH_CMSG_PORT_FORWARD_REQUEST: 342 if (no_port_forwarding_flag) { 343 debug("Port forwarding not permitted for this authentication."); 344 break; 345 } 346 if (!options.allow_tcp_forwarding) { 347 debug("Port forwarding not permitted."); 348 break; 349 } 350 debug("Received TCP/IP port forwarding request."); 351 if (channel_input_port_forward_request(s->pw->pw_uid == 0, 352 options.gateway_ports) < 0) { 353 debug("Port forwarding failed."); 354 break; 355 } 356 success = 1; 357 break; 358 359 case SSH_CMSG_MAX_PACKET_SIZE: 360 if (packet_set_maxsize(packet_get_int()) > 0) 361 success = 1; 362 break; 363 364 case SSH_CMSG_EXEC_SHELL: 365 case SSH_CMSG_EXEC_CMD: 366 if (type == SSH_CMSG_EXEC_CMD) { 367 command = packet_get_string(&dlen); 368 debug("Exec command '%.500s'", command); 369 do_exec(s, command); 370 xfree(command); 371 } else { 372 do_exec(s, NULL); 373 } 374 packet_check_eom(); 375 session_close(s); 376 return; 377 378 default: 379 /* 380 * Any unknown messages in this phase are ignored, 381 * and a failure message is returned. 382 */ 383 logit("Unknown packet type received after authentication: %d", type); 384 } 385 packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE); 386 packet_send(); 387 packet_write_wait(); 388 389 /* Enable compression now that we have replied if appropriate. */ 390 if (enable_compression_after_reply) { 391 enable_compression_after_reply = 0; 392 packet_start_compression(compression_level); 393 } 394 } 395 } 396 397 /* 398 * This is called to fork and execute a command when we have no tty. This 399 * will call do_child from the child, and server_loop from the parent after 400 * setting up file descriptors and such. 401 */ 402 void 403 do_exec_no_pty(Session *s, const char *command) 404 { 405 pid_t pid; 406 407 #ifdef USE_PIPES 408 int pin[2], pout[2], perr[2]; 409 /* Allocate pipes for communicating with the program. */ 410 if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0) 411 packet_disconnect("Could not create pipes: %.100s", 412 strerror(errno)); 413 #else /* USE_PIPES */ 414 int inout[2], err[2]; 415 /* Uses socket pairs to communicate with the program. */ 416 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 || 417 socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) 418 packet_disconnect("Could not create socket pairs: %.100s", 419 strerror(errno)); 420 #endif /* USE_PIPES */ 421 if (s == NULL) 422 fatal("do_exec_no_pty: no session"); 423 424 session_proctitle(s); 425 426 #if defined(USE_PAM) 427 if (options.use_pam && !use_privsep) 428 do_pam_setcred(1); 429 #endif /* USE_PAM */ 430 431 /* Fork the child. */ 432 if ((pid = fork()) == 0) { 433 is_child = 1; 434 435 /* Child. Reinitialize the log since the pid has changed. */ 436 log_init(__progname, options.log_level, options.log_facility, log_stderr); 437 438 /* 439 * Create a new session and process group since the 4.4BSD 440 * setlogin() affects the entire process group. 441 */ 442 if (setsid() < 0) 443 error("setsid failed: %.100s", strerror(errno)); 444 445 #ifdef USE_PIPES 446 /* 447 * Redirect stdin. We close the parent side of the socket 448 * pair, and make the child side the standard input. 449 */ 450 close(pin[1]); 451 if (dup2(pin[0], 0) < 0) 452 perror("dup2 stdin"); 453 close(pin[0]); 454 455 /* Redirect stdout. */ 456 close(pout[0]); 457 if (dup2(pout[1], 1) < 0) 458 perror("dup2 stdout"); 459 close(pout[1]); 460 461 /* Redirect stderr. */ 462 close(perr[0]); 463 if (dup2(perr[1], 2) < 0) 464 perror("dup2 stderr"); 465 close(perr[1]); 466 #else /* USE_PIPES */ 467 /* 468 * Redirect stdin, stdout, and stderr. Stdin and stdout will 469 * use the same socket, as some programs (particularly rdist) 470 * seem to depend on it. 471 */ 472 close(inout[1]); 473 close(err[1]); 474 if (dup2(inout[0], 0) < 0) /* stdin */ 475 perror("dup2 stdin"); 476 if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */ 477 perror("dup2 stdout"); 478 if (dup2(err[0], 2) < 0) /* stderr */ 479 perror("dup2 stderr"); 480 #endif /* USE_PIPES */ 481 482 #ifdef _UNICOS 483 cray_init_job(s->pw); /* set up cray jid and tmpdir */ 484 #endif 485 486 /* Do processing for the child (exec command etc). */ 487 do_child(s, command); 488 /* NOTREACHED */ 489 } 490 #ifdef _UNICOS 491 signal(WJSIGNAL, cray_job_termination_handler); 492 #endif /* _UNICOS */ 493 #ifdef HAVE_CYGWIN 494 if (is_winnt) 495 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 496 #endif 497 if (pid < 0) 498 packet_disconnect("fork failed: %.100s", strerror(errno)); 499 s->pid = pid; 500 /* Set interactive/non-interactive mode. */ 501 packet_set_interactive(s->display != NULL); 502 #ifdef USE_PIPES 503 /* We are the parent. Close the child sides of the pipes. */ 504 close(pin[0]); 505 close(pout[1]); 506 close(perr[1]); 507 508 if (compat20) { 509 if (s->is_subsystem) { 510 close(perr[0]); 511 perr[0] = -1; 512 } 513 session_set_fds(s, pin[1], pout[0], perr[0]); 514 } else { 515 /* Enter the interactive session. */ 516 server_loop(pid, pin[1], pout[0], perr[0]); 517 /* server_loop has closed pin[1], pout[0], and perr[0]. */ 518 } 519 #else /* USE_PIPES */ 520 /* We are the parent. Close the child sides of the socket pairs. */ 521 close(inout[0]); 522 close(err[0]); 523 524 /* 525 * Clear loginmsg, since it's the child's responsibility to display 526 * it to the user, otherwise multiple sessions may accumulate 527 * multiple copies of the login messages. 528 */ 529 buffer_clear(&loginmsg); 530 531 /* 532 * Enter the interactive session. Note: server_loop must be able to 533 * handle the case that fdin and fdout are the same. 534 */ 535 if (compat20) { 536 session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]); 537 } else { 538 server_loop(pid, inout[1], inout[1], err[1]); 539 /* server_loop has closed inout[1] and err[1]. */ 540 } 541 #endif /* USE_PIPES */ 542 } 543 544 /* 545 * This is called to fork and execute a command when we have a tty. This 546 * will call do_child from the child, and server_loop from the parent after 547 * setting up file descriptors, controlling tty, updating wtmp, utmp, 548 * lastlog, and other such operations. 549 */ 550 void 551 do_exec_pty(Session *s, const char *command) 552 { 553 int fdout, ptyfd, ttyfd, ptymaster; 554 pid_t pid; 555 556 if (s == NULL) 557 fatal("do_exec_pty: no session"); 558 ptyfd = s->ptyfd; 559 ttyfd = s->ttyfd; 560 561 #if defined(USE_PAM) 562 if (options.use_pam) { 563 do_pam_set_tty(s->tty); 564 if (!use_privsep) 565 do_pam_setcred(1); 566 } 567 #endif 568 569 /* Fork the child. */ 570 if ((pid = fork()) == 0) { 571 is_child = 1; 572 573 /* Child. Reinitialize the log because the pid has changed. */ 574 log_init(__progname, options.log_level, options.log_facility, log_stderr); 575 /* Close the master side of the pseudo tty. */ 576 close(ptyfd); 577 578 /* Make the pseudo tty our controlling tty. */ 579 pty_make_controlling_tty(&ttyfd, s->tty); 580 581 /* Redirect stdin/stdout/stderr from the pseudo tty. */ 582 if (dup2(ttyfd, 0) < 0) 583 error("dup2 stdin: %s", strerror(errno)); 584 if (dup2(ttyfd, 1) < 0) 585 error("dup2 stdout: %s", strerror(errno)); 586 if (dup2(ttyfd, 2) < 0) 587 error("dup2 stderr: %s", strerror(errno)); 588 589 /* Close the extra descriptor for the pseudo tty. */ 590 close(ttyfd); 591 592 /* record login, etc. similar to login(1) */ 593 #ifndef HAVE_OSF_SIA 594 if (!(options.use_login && command == NULL)) { 595 #ifdef _UNICOS 596 cray_init_job(s->pw); /* set up cray jid and tmpdir */ 597 #endif /* _UNICOS */ 598 do_login(s, command); 599 } 600 # ifdef LOGIN_NEEDS_UTMPX 601 else 602 do_pre_login(s); 603 # endif 604 #endif 605 606 /* Do common processing for the child, such as execing the command. */ 607 do_child(s, command); 608 /* NOTREACHED */ 609 } 610 #ifdef _UNICOS 611 signal(WJSIGNAL, cray_job_termination_handler); 612 #endif /* _UNICOS */ 613 #ifdef HAVE_CYGWIN 614 if (is_winnt) 615 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 616 #endif 617 if (pid < 0) 618 packet_disconnect("fork failed: %.100s", strerror(errno)); 619 s->pid = pid; 620 621 /* Parent. Close the slave side of the pseudo tty. */ 622 close(ttyfd); 623 624 /* 625 * Create another descriptor of the pty master side for use as the 626 * standard input. We could use the original descriptor, but this 627 * simplifies code in server_loop. The descriptor is bidirectional. 628 */ 629 fdout = dup(ptyfd); 630 if (fdout < 0) 631 packet_disconnect("dup #1 failed: %.100s", strerror(errno)); 632 633 /* we keep a reference to the pty master */ 634 ptymaster = dup(ptyfd); 635 if (ptymaster < 0) 636 packet_disconnect("dup #2 failed: %.100s", strerror(errno)); 637 s->ptymaster = ptymaster; 638 639 /* Enter interactive session. */ 640 packet_set_interactive(1); 641 if (compat20) { 642 session_set_fds(s, ptyfd, fdout, -1); 643 } else { 644 server_loop(pid, ptyfd, fdout, -1); 645 /* server_loop _has_ closed ptyfd and fdout. */ 646 } 647 } 648 649 #ifdef LOGIN_NEEDS_UTMPX 650 static void 651 do_pre_login(Session *s) 652 { 653 socklen_t fromlen; 654 struct sockaddr_storage from; 655 pid_t pid = getpid(); 656 657 /* 658 * Get IP address of client. If the connection is not a socket, let 659 * the address be 0.0.0.0. 660 */ 661 memset(&from, 0, sizeof(from)); 662 fromlen = sizeof(from); 663 if (packet_connection_is_on_socket()) { 664 if (getpeername(packet_get_connection_in(), 665 (struct sockaddr *)&from, &fromlen) < 0) { 666 debug("getpeername: %.100s", strerror(errno)); 667 cleanup_exit(255); 668 } 669 } 670 671 record_utmp_only(pid, s->tty, s->pw->pw_name, 672 get_remote_name_or_ip(utmp_len, options.use_dns), 673 (struct sockaddr *)&from, fromlen); 674 } 675 #endif 676 677 /* 678 * This is called to fork and execute a command. If another command is 679 * to be forced, execute that instead. 680 */ 681 void 682 do_exec(Session *s, const char *command) 683 { 684 if (options.adm_forced_command) { 685 original_command = command; 686 command = options.adm_forced_command; 687 debug("Forced command (config) '%.900s'", command); 688 } else if (forced_command) { 689 original_command = command; 690 command = forced_command; 691 debug("Forced command (key option) '%.900s'", command); 692 } 693 694 #ifdef SSH_AUDIT_EVENTS 695 if (command != NULL) 696 PRIVSEP(audit_run_command(command)); 697 else if (s->ttyfd == -1) { 698 char *shell = s->pw->pw_shell; 699 700 if (shell[0] == '\0') /* empty shell means /bin/sh */ 701 shell =_PATH_BSHELL; 702 PRIVSEP(audit_run_command(shell)); 703 } 704 #endif 705 706 if (s->ttyfd != -1) 707 do_exec_pty(s, command); 708 else 709 do_exec_no_pty(s, command); 710 711 original_command = NULL; 712 713 /* 714 * Clear loginmsg: it's the child's responsibility to display 715 * it to the user, otherwise multiple sessions may accumulate 716 * multiple copies of the login messages. 717 */ 718 buffer_clear(&loginmsg); 719 } 720 721 /* administrative, login(1)-like work */ 722 void 723 do_login(Session *s, const char *command) 724 { 725 socklen_t fromlen; 726 struct sockaddr_storage from; 727 struct passwd * pw = s->pw; 728 pid_t pid = getpid(); 729 730 /* 731 * Get IP address of client. If the connection is not a socket, let 732 * the address be 0.0.0.0. 733 */ 734 memset(&from, 0, sizeof(from)); 735 fromlen = sizeof(from); 736 if (packet_connection_is_on_socket()) { 737 if (getpeername(packet_get_connection_in(), 738 (struct sockaddr *) & from, &fromlen) < 0) { 739 debug("getpeername: %.100s", strerror(errno)); 740 cleanup_exit(255); 741 } 742 } 743 744 /* Record that there was a login on that tty from the remote host. */ 745 if (!use_privsep) 746 record_login(pid, s->tty, pw->pw_name, pw->pw_uid, 747 get_remote_name_or_ip(utmp_len, 748 options.use_dns), 749 (struct sockaddr *)&from, fromlen); 750 751 #ifdef USE_PAM 752 /* 753 * If password change is needed, do it now. 754 * This needs to occur before the ~/.hushlogin check. 755 */ 756 if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) { 757 display_loginmsg(); 758 do_pam_chauthtok(); 759 s->authctxt->force_pwchange = 0; 760 /* XXX - signal [net] parent to enable forwardings */ 761 } 762 #endif 763 764 if (check_quietlogin(s, command)) 765 return; 766 767 display_loginmsg(); 768 769 do_motd(); 770 } 771 772 /* 773 * Display the message of the day. 774 */ 775 void 776 do_motd(void) 777 { 778 FILE *f; 779 char buf[256]; 780 #ifdef HAVE_LOGIN_CAP 781 const char *fname; 782 #endif 783 784 #ifdef HAVE_LOGIN_CAP 785 fname = login_getcapstr(lc, "copyright", NULL, NULL); 786 if (fname != NULL && (f = fopen(fname, "r")) != NULL) { 787 while (fgets(buf, sizeof(buf), f) != NULL) 788 fputs(buf, stdout); 789 fclose(f); 790 } else 791 #endif /* HAVE_LOGIN_CAP */ 792 (void)printf("%s\n\t%s %s\n", 793 "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", 794 "The Regents of the University of California. ", 795 "All rights reserved."); 796 797 (void)printf("\n"); 798 799 if (options.print_motd) { 800 #ifdef HAVE_LOGIN_CAP 801 f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", 802 "/etc/motd"), "r"); 803 #else 804 f = fopen("/etc/motd", "r"); 805 #endif 806 if (f) { 807 while (fgets(buf, sizeof(buf), f)) 808 fputs(buf, stdout); 809 fclose(f); 810 } 811 } 812 } 813 814 815 /* 816 * Check for quiet login, either .hushlogin or command given. 817 */ 818 int 819 check_quietlogin(Session *s, const char *command) 820 { 821 char buf[256]; 822 struct passwd *pw = s->pw; 823 struct stat st; 824 825 /* Return 1 if .hushlogin exists or a command given. */ 826 if (command != NULL) 827 return 1; 828 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); 829 #ifdef HAVE_LOGIN_CAP 830 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) 831 return 1; 832 #else 833 if (stat(buf, &st) >= 0) 834 return 1; 835 #endif 836 return 0; 837 } 838 839 /* 840 * Sets the value of the given variable in the environment. If the variable 841 * already exists, its value is overriden. 842 */ 843 void 844 child_set_env(char ***envp, u_int *envsizep, const char *name, 845 const char *value) 846 { 847 char **env; 848 u_int envsize; 849 u_int i, namelen; 850 851 /* 852 * If we're passed an uninitialized list, allocate a single null 853 * entry before continuing. 854 */ 855 if (*envp == NULL && *envsizep == 0) { 856 *envp = xmalloc(sizeof(char *)); 857 *envp[0] = NULL; 858 *envsizep = 1; 859 } 860 861 /* 862 * Find the slot where the value should be stored. If the variable 863 * already exists, we reuse the slot; otherwise we append a new slot 864 * at the end of the array, expanding if necessary. 865 */ 866 env = *envp; 867 namelen = strlen(name); 868 for (i = 0; env[i]; i++) 869 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') 870 break; 871 if (env[i]) { 872 /* Reuse the slot. */ 873 xfree(env[i]); 874 } else { 875 /* New variable. Expand if necessary. */ 876 envsize = *envsizep; 877 if (i >= envsize - 1) { 878 if (envsize >= 1000) 879 fatal("child_set_env: too many env vars"); 880 envsize += 50; 881 env = (*envp) = xrealloc(env, envsize, sizeof(char *)); 882 *envsizep = envsize; 883 } 884 /* Need to set the NULL pointer at end of array beyond the new slot. */ 885 env[i + 1] = NULL; 886 } 887 888 /* Allocate space and format the variable in the appropriate slot. */ 889 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); 890 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); 891 } 892 893 /* 894 * Reads environment variables from the given file and adds/overrides them 895 * into the environment. If the file does not exist, this does nothing. 896 * Otherwise, it must consist of empty lines, comments (line starts with '#') 897 * and assignments of the form name=value. No other forms are allowed. 898 */ 899 static void 900 read_environment_file(char ***env, u_int *envsize, 901 const char *filename) 902 { 903 FILE *f; 904 char buf[4096]; 905 char *cp, *value; 906 u_int lineno = 0; 907 908 f = fopen(filename, "r"); 909 if (!f) 910 return; 911 912 while (fgets(buf, sizeof(buf), f)) { 913 if (++lineno > 1000) 914 fatal("Too many lines in environment file %s", filename); 915 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) 916 ; 917 if (!*cp || *cp == '#' || *cp == '\n') 918 continue; 919 if (strchr(cp, '\n')) 920 *strchr(cp, '\n') = '\0'; 921 value = strchr(cp, '='); 922 if (value == NULL) { 923 fprintf(stderr, "Bad line %u in %.100s\n", lineno, 924 filename); 925 continue; 926 } 927 /* 928 * Replace the equals sign by nul, and advance value to 929 * the value string. 930 */ 931 *value = '\0'; 932 value++; 933 child_set_env(env, envsize, cp, value); 934 } 935 fclose(f); 936 } 937 938 #ifdef HAVE_ETC_DEFAULT_LOGIN 939 /* 940 * Return named variable from specified environment, or NULL if not present. 941 */ 942 static char * 943 child_get_env(char **env, const char *name) 944 { 945 int i; 946 size_t len; 947 948 len = strlen(name); 949 for (i=0; env[i] != NULL; i++) 950 if (strncmp(name, env[i], len) == 0 && env[i][len] == '=') 951 return(env[i] + len + 1); 952 return NULL; 953 } 954 955 /* 956 * Read /etc/default/login. 957 * We pick up the PATH (or SUPATH for root) and UMASK. 958 */ 959 static void 960 read_etc_default_login(char ***env, u_int *envsize, uid_t uid) 961 { 962 char **tmpenv = NULL, *var; 963 u_int i, tmpenvsize = 0; 964 u_long mask; 965 966 /* 967 * We don't want to copy the whole file to the child's environment, 968 * so we use a temporary environment and copy the variables we're 969 * interested in. 970 */ 971 read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login"); 972 973 if (tmpenv == NULL) 974 return; 975 976 if (uid == 0) 977 var = child_get_env(tmpenv, "SUPATH"); 978 else 979 var = child_get_env(tmpenv, "PATH"); 980 if (var != NULL) 981 child_set_env(env, envsize, "PATH", var); 982 983 if ((var = child_get_env(tmpenv, "UMASK")) != NULL) 984 if (sscanf(var, "%5lo", &mask) == 1) 985 umask((mode_t)mask); 986 987 for (i = 0; tmpenv[i] != NULL; i++) 988 xfree(tmpenv[i]); 989 xfree(tmpenv); 990 } 991 #endif /* HAVE_ETC_DEFAULT_LOGIN */ 992 993 void 994 copy_environment(char **source, char ***env, u_int *envsize) 995 { 996 char *var_name, *var_val; 997 int i; 998 999 if (source == NULL) 1000 return; 1001 1002 for(i = 0; source[i] != NULL; i++) { 1003 var_name = xstrdup(source[i]); 1004 if ((var_val = strstr(var_name, "=")) == NULL) { 1005 xfree(var_name); 1006 continue; 1007 } 1008 *var_val++ = '\0'; 1009 1010 debug3("Copy environment: %s=%s", var_name, var_val); 1011 child_set_env(env, envsize, var_name, var_val); 1012 1013 xfree(var_name); 1014 } 1015 } 1016 1017 static char ** 1018 do_setup_env(Session *s, const char *shell) 1019 { 1020 char buf[256]; 1021 u_int i, envsize; 1022 char **env, *laddr; 1023 struct passwd *pw = s->pw; 1024 #ifndef HAVE_LOGIN_CAP 1025 char *path = NULL; 1026 #else 1027 extern char **environ; 1028 char **senv, **var; 1029 #endif 1030 1031 /* Initialize the environment. */ 1032 envsize = 100; 1033 env = xcalloc(envsize, sizeof(char *)); 1034 env[0] = NULL; 1035 1036 #ifdef HAVE_CYGWIN 1037 /* 1038 * The Windows environment contains some setting which are 1039 * important for a running system. They must not be dropped. 1040 */ 1041 { 1042 char **p; 1043 1044 p = fetch_windows_environment(); 1045 copy_environment(p, &env, &envsize); 1046 free_windows_environment(p); 1047 } 1048 #endif 1049 1050 if (getenv("TZ")) 1051 child_set_env(&env, &envsize, "TZ", getenv("TZ")); 1052 1053 #ifdef GSSAPI 1054 /* Allow any GSSAPI methods that we've used to alter 1055 * the childs environment as they see fit 1056 */ 1057 ssh_gssapi_do_child(&env, &envsize); 1058 #endif 1059 1060 if (!options.use_login) { 1061 /* Set basic environment. */ 1062 for (i = 0; i < s->num_env; i++) 1063 child_set_env(&env, &envsize, s->env[i].name, 1064 s->env[i].val); 1065 1066 child_set_env(&env, &envsize, "USER", pw->pw_name); 1067 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); 1068 #ifdef _AIX 1069 child_set_env(&env, &envsize, "LOGIN", pw->pw_name); 1070 #endif 1071 child_set_env(&env, &envsize, "HOME", pw->pw_dir); 1072 snprintf(buf, sizeof buf, "%.200s/%.50s", 1073 _PATH_MAILDIR, pw->pw_name); 1074 child_set_env(&env, &envsize, "MAIL", buf); 1075 #ifdef HAVE_LOGIN_CAP 1076 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); 1077 child_set_env(&env, &envsize, "TERM", "su"); 1078 senv = environ; 1079 environ = xmalloc(sizeof(char *)); 1080 *environ = NULL; 1081 (void) setusercontext(lc, pw, pw->pw_uid, 1082 LOGIN_SETENV|LOGIN_SETPATH); 1083 copy_environment(environ, &env, &envsize); 1084 for (var = environ; *var != NULL; ++var) 1085 xfree(*var); 1086 xfree(environ); 1087 environ = senv; 1088 #else /* HAVE_LOGIN_CAP */ 1089 # ifndef HAVE_CYGWIN 1090 /* 1091 * There's no standard path on Windows. The path contains 1092 * important components pointing to the system directories, 1093 * needed for loading shared libraries. So the path better 1094 * remains intact here. 1095 */ 1096 # ifdef HAVE_ETC_DEFAULT_LOGIN 1097 read_etc_default_login(&env, &envsize, pw->pw_uid); 1098 path = child_get_env(env, "PATH"); 1099 # endif /* HAVE_ETC_DEFAULT_LOGIN */ 1100 if (path == NULL || *path == '\0') { 1101 child_set_env(&env, &envsize, "PATH", 1102 s->pw->pw_uid == 0 ? 1103 SUPERUSER_PATH : _PATH_STDPATH); 1104 } 1105 # endif /* HAVE_CYGWIN */ 1106 #endif /* HAVE_LOGIN_CAP */ 1107 1108 /* Normal systems set SHELL by default. */ 1109 child_set_env(&env, &envsize, "SHELL", shell); 1110 } 1111 1112 /* Set custom environment options from RSA authentication. */ 1113 if (!options.use_login) { 1114 while (custom_environment) { 1115 struct envstring *ce = custom_environment; 1116 char *str = ce->s; 1117 1118 for (i = 0; str[i] != '=' && str[i]; i++) 1119 ; 1120 if (str[i] == '=') { 1121 str[i] = 0; 1122 child_set_env(&env, &envsize, str, str + i + 1); 1123 } 1124 custom_environment = ce->next; 1125 xfree(ce->s); 1126 xfree(ce); 1127 } 1128 } 1129 1130 /* SSH_CLIENT deprecated */ 1131 snprintf(buf, sizeof buf, "%.50s %d %d", 1132 get_remote_ipaddr(), get_remote_port(), get_local_port()); 1133 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 1134 1135 laddr = get_local_ipaddr(packet_get_connection_in()); 1136 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1137 get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); 1138 xfree(laddr); 1139 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 1140 1141 if (s->ttyfd != -1) 1142 child_set_env(&env, &envsize, "SSH_TTY", s->tty); 1143 if (s->term) 1144 child_set_env(&env, &envsize, "TERM", s->term); 1145 if (s->display) 1146 child_set_env(&env, &envsize, "DISPLAY", s->display); 1147 if (original_command) 1148 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", 1149 original_command); 1150 1151 #ifdef _UNICOS 1152 if (cray_tmpdir[0] != '\0') 1153 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); 1154 #endif /* _UNICOS */ 1155 1156 /* 1157 * Since we clear KRB5CCNAME at startup, if it's set now then it 1158 * must have been set by a native authentication method (eg AIX or 1159 * SIA), so copy it to the child. 1160 */ 1161 { 1162 char *cp; 1163 1164 if ((cp = getenv("KRB5CCNAME")) != NULL) 1165 child_set_env(&env, &envsize, "KRB5CCNAME", cp); 1166 } 1167 1168 #ifdef _AIX 1169 { 1170 char *cp; 1171 1172 if ((cp = getenv("AUTHSTATE")) != NULL) 1173 child_set_env(&env, &envsize, "AUTHSTATE", cp); 1174 read_environment_file(&env, &envsize, "/etc/environment"); 1175 } 1176 #endif 1177 #ifdef KRB5 1178 if (s->authctxt->krb5_ccname) 1179 child_set_env(&env, &envsize, "KRB5CCNAME", 1180 s->authctxt->krb5_ccname); 1181 #endif 1182 #ifdef USE_PAM 1183 /* 1184 * Pull in any environment variables that may have 1185 * been set by PAM. 1186 */ 1187 if (options.use_pam) { 1188 char **p; 1189 1190 p = fetch_pam_child_environment(); 1191 copy_environment(p, &env, &envsize); 1192 free_pam_environment(p); 1193 1194 p = fetch_pam_environment(); 1195 copy_environment(p, &env, &envsize); 1196 free_pam_environment(p); 1197 } 1198 #endif /* USE_PAM */ 1199 1200 if (auth_sock_name != NULL) 1201 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 1202 auth_sock_name); 1203 1204 /* read $HOME/.ssh/environment. */ 1205 if (options.permit_user_env && !options.use_login) { 1206 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", 1207 strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); 1208 read_environment_file(&env, &envsize, buf); 1209 } 1210 if (debug_flag) { 1211 /* dump the environment */ 1212 fprintf(stderr, "Environment:\n"); 1213 for (i = 0; env[i]; i++) 1214 fprintf(stderr, " %.200s\n", env[i]); 1215 } 1216 return env; 1217 } 1218 1219 /* 1220 * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found 1221 * first in this order). 1222 */ 1223 static void 1224 do_rc_files(Session *s, const char *shell) 1225 { 1226 FILE *f = NULL; 1227 char cmd[1024]; 1228 int do_xauth; 1229 struct stat st; 1230 1231 do_xauth = 1232 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; 1233 1234 /* ignore _PATH_SSH_USER_RC for subsystems */ 1235 if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { 1236 snprintf(cmd, sizeof cmd, "%s -c '%s %s'", 1237 shell, _PATH_BSHELL, _PATH_SSH_USER_RC); 1238 if (debug_flag) 1239 fprintf(stderr, "Running %s\n", cmd); 1240 f = popen(cmd, "w"); 1241 if (f) { 1242 if (do_xauth) 1243 fprintf(f, "%s %s\n", s->auth_proto, 1244 s->auth_data); 1245 pclose(f); 1246 } else 1247 fprintf(stderr, "Could not run %s\n", 1248 _PATH_SSH_USER_RC); 1249 } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { 1250 if (debug_flag) 1251 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, 1252 _PATH_SSH_SYSTEM_RC); 1253 f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w"); 1254 if (f) { 1255 if (do_xauth) 1256 fprintf(f, "%s %s\n", s->auth_proto, 1257 s->auth_data); 1258 pclose(f); 1259 } else 1260 fprintf(stderr, "Could not run %s\n", 1261 _PATH_SSH_SYSTEM_RC); 1262 } else if (do_xauth && options.xauth_location != NULL) { 1263 /* Add authority data to .Xauthority if appropriate. */ 1264 if (debug_flag) { 1265 fprintf(stderr, 1266 "Running %.500s remove %.100s\n", 1267 options.xauth_location, s->auth_display); 1268 fprintf(stderr, 1269 "%.500s add %.100s %.100s %.100s\n", 1270 options.xauth_location, s->auth_display, 1271 s->auth_proto, s->auth_data); 1272 } 1273 snprintf(cmd, sizeof cmd, "%s -q -", 1274 options.xauth_location); 1275 f = popen(cmd, "w"); 1276 if (f) { 1277 fprintf(f, "remove %s\n", 1278 s->auth_display); 1279 fprintf(f, "add %s %s %s\n", 1280 s->auth_display, s->auth_proto, 1281 s->auth_data); 1282 pclose(f); 1283 } else { 1284 fprintf(stderr, "Could not run %s\n", 1285 cmd); 1286 } 1287 } 1288 } 1289 1290 static void 1291 do_nologin(struct passwd *pw) 1292 { 1293 FILE *f = NULL; 1294 char buf[1024]; 1295 1296 #ifdef HAVE_LOGIN_CAP 1297 if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) 1298 f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, 1299 _PATH_NOLOGIN), "r"); 1300 #else 1301 if (pw->pw_uid) 1302 f = fopen(_PATH_NOLOGIN, "r"); 1303 #endif 1304 if (f) { 1305 /* /etc/nologin exists. Print its contents and exit. */ 1306 logit("User %.100s not allowed because %s exists", 1307 pw->pw_name, _PATH_NOLOGIN); 1308 while (fgets(buf, sizeof(buf), f)) 1309 fputs(buf, stderr); 1310 fclose(f); 1311 fflush(NULL); 1312 exit(254); 1313 } 1314 } 1315 1316 /* Set login name, uid, gid, and groups. */ 1317 void 1318 do_setusercontext(struct passwd *pw) 1319 { 1320 #ifndef HAVE_CYGWIN 1321 if (getuid() == 0 || geteuid() == 0) 1322 #endif /* HAVE_CYGWIN */ 1323 { 1324 1325 #ifdef HAVE_SETPCRED 1326 if (setpcred(pw->pw_name, (char **)NULL) == -1) 1327 fatal("Failed to set process credentials"); 1328 #endif /* HAVE_SETPCRED */ 1329 #ifdef HAVE_LOGIN_CAP 1330 # ifdef __bsdi__ 1331 setpgid(0, 0); 1332 # endif 1333 #ifdef GSSAPI 1334 if (options.gss_authentication) { 1335 temporarily_use_uid(pw); 1336 ssh_gssapi_storecreds(); 1337 restore_uid(); 1338 } 1339 #endif 1340 # ifdef USE_PAM 1341 if (options.use_pam) { 1342 do_pam_session(); 1343 do_pam_setcred(0); 1344 } 1345 # endif /* USE_PAM */ 1346 if (setusercontext(lc, pw, pw->pw_uid, 1347 (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) { 1348 perror("unable to set user context"); 1349 exit(1); 1350 } 1351 #else 1352 # if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) 1353 /* Sets login uid for accounting */ 1354 if (getluid() == -1 && setluid(pw->pw_uid) == -1) 1355 error("setluid: %s", strerror(errno)); 1356 # endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ 1357 1358 if (setlogin(pw->pw_name) < 0) 1359 error("setlogin failed: %s", strerror(errno)); 1360 if (setgid(pw->pw_gid) < 0) { 1361 perror("setgid"); 1362 exit(1); 1363 } 1364 /* Initialize the group list. */ 1365 if (initgroups(pw->pw_name, pw->pw_gid) < 0) { 1366 perror("initgroups"); 1367 exit(1); 1368 } 1369 endgrent(); 1370 #ifdef GSSAPI 1371 if (options.gss_authentication) { 1372 temporarily_use_uid(pw); 1373 ssh_gssapi_storecreds(); 1374 restore_uid(); 1375 } 1376 #endif 1377 # ifdef USE_PAM 1378 /* 1379 * PAM credentials may take the form of supplementary groups. 1380 * These will have been wiped by the above initgroups() call. 1381 * Reestablish them here. 1382 */ 1383 if (options.use_pam) { 1384 do_pam_session(); 1385 do_pam_setcred(0); 1386 } 1387 # endif /* USE_PAM */ 1388 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) 1389 irix_setusercontext(pw); 1390 # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ 1391 # ifdef _AIX 1392 aix_usrinfo(pw); 1393 # endif /* _AIX */ 1394 #if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) 1395 if (set_id(pw->pw_name) != 0) { 1396 exit(1); 1397 } 1398 #endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ 1399 /* Permanently switch to the desired uid. */ 1400 permanently_set_uid(pw); 1401 #endif 1402 } 1403 1404 #ifdef HAVE_CYGWIN 1405 if (is_winnt) 1406 #endif 1407 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1408 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); 1409 1410 #ifdef WITH_SELINUX 1411 ssh_selinux_setup_exec_context(pw->pw_name); 1412 #endif 1413 } 1414 1415 static void 1416 do_pwchange(Session *s) 1417 { 1418 fflush(NULL); 1419 fprintf(stderr, "WARNING: Your password has expired.\n"); 1420 if (s->ttyfd != -1) { 1421 fprintf(stderr, 1422 "You must change your password now and login again!\n"); 1423 #ifdef PASSWD_NEEDS_USERNAME 1424 execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, 1425 (char *)NULL); 1426 #else 1427 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); 1428 #endif 1429 perror("passwd"); 1430 } else { 1431 fprintf(stderr, 1432 "Password change required but no TTY available.\n"); 1433 } 1434 exit(1); 1435 } 1436 1437 static void 1438 launch_login(struct passwd *pw, const char *hostname) 1439 { 1440 /* Launch login(1). */ 1441 1442 execl(LOGIN_PROGRAM, "login", "-h", hostname, 1443 #ifdef xxxLOGIN_NEEDS_TERM 1444 (s->term ? s->term : "unknown"), 1445 #endif /* LOGIN_NEEDS_TERM */ 1446 #ifdef LOGIN_NO_ENDOPT 1447 "-p", "-f", pw->pw_name, (char *)NULL); 1448 #else 1449 "-p", "-f", "--", pw->pw_name, (char *)NULL); 1450 #endif 1451 1452 /* Login couldn't be executed, die. */ 1453 1454 perror("login"); 1455 exit(1); 1456 } 1457 1458 static void 1459 child_close_fds(void) 1460 { 1461 int i; 1462 1463 if (packet_get_connection_in() == packet_get_connection_out()) 1464 close(packet_get_connection_in()); 1465 else { 1466 close(packet_get_connection_in()); 1467 close(packet_get_connection_out()); 1468 } 1469 /* 1470 * Close all descriptors related to channels. They will still remain 1471 * open in the parent. 1472 */ 1473 /* XXX better use close-on-exec? -markus */ 1474 channel_close_all(); 1475 1476 /* 1477 * Close any extra file descriptors. Note that there may still be 1478 * descriptors left by system functions. They will be closed later. 1479 */ 1480 endpwent(); 1481 1482 /* 1483 * Close any extra open file descriptors so that we don't have them 1484 * hanging around in clients. Note that we want to do this after 1485 * initgroups, because at least on Solaris 2.3 it leaves file 1486 * descriptors open. 1487 */ 1488 for (i = 3; i < 64; i++) 1489 close(i); 1490 } 1491 1492 /* 1493 * Performs common processing for the child, such as setting up the 1494 * environment, closing extra file descriptors, setting the user and group 1495 * ids, and executing the command or shell. 1496 */ 1497 void 1498 do_child(Session *s, const char *command) 1499 { 1500 extern char **environ; 1501 char **env; 1502 char *argv[10]; 1503 const char *shell, *shell0, *hostname = NULL; 1504 struct passwd *pw = s->pw; 1505 #ifdef HAVE_LOGIN_CAP 1506 int lc_requirehome; 1507 #endif 1508 1509 /* remove hostkey from the child's memory */ 1510 destroy_sensitive_data(); 1511 1512 /* Force a password change */ 1513 if (s->authctxt->force_pwchange) { 1514 do_setusercontext(pw); 1515 child_close_fds(); 1516 do_pwchange(s); 1517 exit(1); 1518 } 1519 1520 /* login(1) is only called if we execute the login shell */ 1521 if (options.use_login && command != NULL) 1522 options.use_login = 0; 1523 1524 #ifdef _UNICOS 1525 cray_setup(pw->pw_uid, pw->pw_name, command); 1526 #endif /* _UNICOS */ 1527 1528 /* 1529 * Login(1) does this as well, and it needs uid 0 for the "-h" 1530 * switch, so we let login(1) to this for us. 1531 */ 1532 if (!options.use_login) { 1533 #ifdef HAVE_OSF_SIA 1534 session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); 1535 if (!check_quietlogin(s, command)) 1536 do_motd(); 1537 #else /* HAVE_OSF_SIA */ 1538 /* When PAM is enabled we rely on it to do the nologin check */ 1539 if (!options.use_pam) 1540 do_nologin(pw); 1541 do_setusercontext(pw); 1542 /* 1543 * PAM session modules in do_setusercontext may have 1544 * generated messages, so if this in an interactive 1545 * login then display them too. 1546 */ 1547 if (!check_quietlogin(s, command)) 1548 display_loginmsg(); 1549 #endif /* HAVE_OSF_SIA */ 1550 } 1551 1552 #ifdef USE_PAM 1553 if (options.use_pam && !options.use_login && !is_pam_session_open()) { 1554 debug3("PAM session not opened, exiting"); 1555 display_loginmsg(); 1556 exit(254); 1557 } 1558 #endif 1559 1560 /* 1561 * Get the shell from the password data. An empty shell field is 1562 * legal, and means /bin/sh. 1563 */ 1564 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 1565 1566 /* 1567 * Make sure $SHELL points to the shell from the password file, 1568 * even if shell is overridden from login.conf 1569 */ 1570 env = do_setup_env(s, shell); 1571 1572 #ifdef HAVE_LOGIN_CAP 1573 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); 1574 #endif 1575 1576 /* we have to stash the hostname before we close our socket. */ 1577 if (options.use_login) 1578 hostname = get_remote_name_or_ip(utmp_len, 1579 options.use_dns); 1580 /* 1581 * Close the connection descriptors; note that this is the child, and 1582 * the server will still have the socket open, and it is important 1583 * that we do not shutdown it. Note that the descriptors cannot be 1584 * closed before building the environment, as we call 1585 * get_remote_ipaddr there. 1586 */ 1587 child_close_fds(); 1588 1589 /* 1590 * Must take new environment into use so that .ssh/rc, 1591 * /etc/ssh/sshrc and xauth are run in the proper environment. 1592 */ 1593 environ = env; 1594 1595 #ifdef HAVE_LOGIN_CAP 1596 lc_requirehome = login_getcapbool(lc, "requirehome", 0); 1597 login_close(lc); 1598 #endif 1599 #if defined(KRB5) && defined(USE_AFS) 1600 /* 1601 * At this point, we check to see if AFS is active and if we have 1602 * a valid Kerberos 5 TGT. If so, it seems like a good idea to see 1603 * if we can (and need to) extend the ticket into an AFS token. If 1604 * we don't do this, we run into potential problems if the user's 1605 * home directory is in AFS and it's not world-readable. 1606 */ 1607 1608 if (options.kerberos_get_afs_token && k_hasafs() && 1609 (s->authctxt->krb5_ctx != NULL)) { 1610 char cell[64]; 1611 1612 debug("Getting AFS token"); 1613 1614 k_setpag(); 1615 1616 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) 1617 krb5_afslog(s->authctxt->krb5_ctx, 1618 s->authctxt->krb5_fwd_ccache, cell, NULL); 1619 1620 krb5_afslog_home(s->authctxt->krb5_ctx, 1621 s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir); 1622 } 1623 #endif 1624 1625 /* Change current directory to the user's home directory. */ 1626 if (chdir(pw->pw_dir) < 0) { 1627 fprintf(stderr, "Could not chdir to home directory %s: %s\n", 1628 pw->pw_dir, strerror(errno)); 1629 #ifdef HAVE_LOGIN_CAP 1630 if (lc_requirehome) 1631 exit(1); 1632 #endif 1633 } 1634 1635 if (!options.use_login) 1636 do_rc_files(s, shell); 1637 1638 /* restore SIGPIPE for child */ 1639 signal(SIGPIPE, SIG_DFL); 1640 1641 if (options.use_login) { 1642 launch_login(pw, hostname); 1643 /* NEVERREACHED */ 1644 } 1645 1646 /* Get the last component of the shell name. */ 1647 if ((shell0 = strrchr(shell, '/')) != NULL) 1648 shell0++; 1649 else 1650 shell0 = shell; 1651 1652 /* 1653 * If we have no command, execute the shell. In this case, the shell 1654 * name to be passed in argv[0] is preceded by '-' to indicate that 1655 * this is a login shell. 1656 */ 1657 if (!command) { 1658 char argv0[256]; 1659 1660 /* Start the shell. Set initial character to '-'. */ 1661 argv0[0] = '-'; 1662 1663 if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1) 1664 >= sizeof(argv0) - 1) { 1665 errno = EINVAL; 1666 perror(shell); 1667 exit(1); 1668 } 1669 1670 /* Execute the shell. */ 1671 argv[0] = argv0; 1672 argv[1] = NULL; 1673 execve(shell, argv, env); 1674 1675 /* Executing the shell failed. */ 1676 perror(shell); 1677 exit(1); 1678 } 1679 /* 1680 * Execute the command using the user's shell. This uses the -c 1681 * option to execute the command. 1682 */ 1683 argv[0] = (char *) shell0; 1684 argv[1] = "-c"; 1685 argv[2] = (char *) command; 1686 argv[3] = NULL; 1687 execve(shell, argv, env); 1688 perror(shell); 1689 exit(1); 1690 } 1691 1692 Session * 1693 session_new(void) 1694 { 1695 int i; 1696 static int did_init = 0; 1697 if (!did_init) { 1698 debug("session_new: init"); 1699 for (i = 0; i < MAX_SESSIONS; i++) { 1700 sessions[i].used = 0; 1701 } 1702 did_init = 1; 1703 } 1704 for (i = 0; i < MAX_SESSIONS; i++) { 1705 Session *s = &sessions[i]; 1706 if (! s->used) { 1707 memset(s, 0, sizeof(*s)); 1708 s->chanid = -1; 1709 s->ptyfd = -1; 1710 s->ttyfd = -1; 1711 s->used = 1; 1712 s->self = i; 1713 s->x11_chanids = NULL; 1714 debug("session_new: session %d", i); 1715 return s; 1716 } 1717 } 1718 return NULL; 1719 } 1720 1721 static void 1722 session_dump(void) 1723 { 1724 int i; 1725 for (i = 0; i < MAX_SESSIONS; i++) { 1726 Session *s = &sessions[i]; 1727 debug("dump: used %d session %d %p channel %d pid %ld", 1728 s->used, 1729 s->self, 1730 s, 1731 s->chanid, 1732 (long)s->pid); 1733 } 1734 } 1735 1736 int 1737 session_open(Authctxt *authctxt, int chanid) 1738 { 1739 Session *s = session_new(); 1740 debug("session_open: channel %d", chanid); 1741 if (s == NULL) { 1742 error("no more sessions"); 1743 return 0; 1744 } 1745 s->authctxt = authctxt; 1746 s->pw = authctxt->pw; 1747 if (s->pw == NULL || !authctxt->valid) 1748 fatal("no user for session %d", s->self); 1749 debug("session_open: session %d: link with channel %d", s->self, chanid); 1750 s->chanid = chanid; 1751 return 1; 1752 } 1753 1754 Session * 1755 session_by_tty(char *tty) 1756 { 1757 int i; 1758 for (i = 0; i < MAX_SESSIONS; i++) { 1759 Session *s = &sessions[i]; 1760 if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) { 1761 debug("session_by_tty: session %d tty %s", i, tty); 1762 return s; 1763 } 1764 } 1765 debug("session_by_tty: unknown tty %.100s", tty); 1766 session_dump(); 1767 return NULL; 1768 } 1769 1770 static Session * 1771 session_by_channel(int id) 1772 { 1773 int i; 1774 for (i = 0; i < MAX_SESSIONS; i++) { 1775 Session *s = &sessions[i]; 1776 if (s->used && s->chanid == id) { 1777 debug("session_by_channel: session %d channel %d", i, id); 1778 return s; 1779 } 1780 } 1781 debug("session_by_channel: unknown channel %d", id); 1782 session_dump(); 1783 return NULL; 1784 } 1785 1786 static Session * 1787 session_by_x11_channel(int id) 1788 { 1789 int i, j; 1790 1791 for (i = 0; i < MAX_SESSIONS; i++) { 1792 Session *s = &sessions[i]; 1793 1794 if (s->x11_chanids == NULL || !s->used) 1795 continue; 1796 for (j = 0; s->x11_chanids[j] != -1; j++) { 1797 if (s->x11_chanids[j] == id) { 1798 debug("session_by_x11_channel: session %d " 1799 "channel %d", s->self, id); 1800 return s; 1801 } 1802 } 1803 } 1804 debug("session_by_x11_channel: unknown channel %d", id); 1805 session_dump(); 1806 return NULL; 1807 } 1808 1809 static Session * 1810 session_by_pid(pid_t pid) 1811 { 1812 int i; 1813 debug("session_by_pid: pid %ld", (long)pid); 1814 for (i = 0; i < MAX_SESSIONS; i++) { 1815 Session *s = &sessions[i]; 1816 if (s->used && s->pid == pid) 1817 return s; 1818 } 1819 error("session_by_pid: unknown pid %ld", (long)pid); 1820 session_dump(); 1821 return NULL; 1822 } 1823 1824 static int 1825 session_window_change_req(Session *s) 1826 { 1827 s->col = packet_get_int(); 1828 s->row = packet_get_int(); 1829 s->xpixel = packet_get_int(); 1830 s->ypixel = packet_get_int(); 1831 packet_check_eom(); 1832 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1833 return 1; 1834 } 1835 1836 static int 1837 session_pty_req(Session *s) 1838 { 1839 u_int len; 1840 int n_bytes; 1841 1842 if (no_pty_flag) { 1843 debug("Allocating a pty not permitted for this authentication."); 1844 return 0; 1845 } 1846 if (s->ttyfd != -1) { 1847 packet_disconnect("Protocol error: you already have a pty."); 1848 return 0; 1849 } 1850 1851 s->term = packet_get_string(&len); 1852 1853 if (compat20) { 1854 s->col = packet_get_int(); 1855 s->row = packet_get_int(); 1856 } else { 1857 s->row = packet_get_int(); 1858 s->col = packet_get_int(); 1859 } 1860 s->xpixel = packet_get_int(); 1861 s->ypixel = packet_get_int(); 1862 1863 if (strcmp(s->term, "") == 0) { 1864 xfree(s->term); 1865 s->term = NULL; 1866 } 1867 1868 /* Allocate a pty and open it. */ 1869 debug("Allocating pty."); 1870 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)))) { 1871 if (s->term) 1872 xfree(s->term); 1873 s->term = NULL; 1874 s->ptyfd = -1; 1875 s->ttyfd = -1; 1876 error("session_pty_req: session %d alloc failed", s->self); 1877 return 0; 1878 } 1879 debug("session_pty_req: session %d alloc %s", s->self, s->tty); 1880 1881 /* for SSH1 the tty modes length is not given */ 1882 if (!compat20) 1883 n_bytes = packet_remaining(); 1884 tty_parse_modes(s->ttyfd, &n_bytes); 1885 1886 if (!use_privsep) 1887 pty_setowner(s->pw, s->tty); 1888 1889 /* Set window size from the packet. */ 1890 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1891 1892 packet_check_eom(); 1893 session_proctitle(s); 1894 return 1; 1895 } 1896 1897 static int 1898 session_subsystem_req(Session *s) 1899 { 1900 struct stat st; 1901 u_int len; 1902 int success = 0; 1903 char *prog, *cmd, *subsys = packet_get_string(&len); 1904 u_int i; 1905 1906 packet_check_eom(); 1907 logit("subsystem request for %.100s", subsys); 1908 1909 for (i = 0; i < options.num_subsystems; i++) { 1910 if (strcmp(subsys, options.subsystem_name[i]) == 0) { 1911 prog = options.subsystem_command[i]; 1912 cmd = options.subsystem_args[i]; 1913 if (stat(prog, &st) < 0) { 1914 error("subsystem: cannot stat %s: %s", prog, 1915 strerror(errno)); 1916 break; 1917 } 1918 debug("subsystem: exec() %s", cmd); 1919 s->is_subsystem = 1; 1920 do_exec(s, cmd); 1921 success = 1; 1922 break; 1923 } 1924 } 1925 1926 if (!success) 1927 logit("subsystem request for %.100s failed, subsystem not found", 1928 subsys); 1929 1930 xfree(subsys); 1931 return success; 1932 } 1933 1934 static int 1935 session_x11_req(Session *s) 1936 { 1937 int success; 1938 1939 if (s->auth_proto != NULL || s->auth_data != NULL) { 1940 error("session_x11_req: session %d: " 1941 "x11 forwarding already active", s->self); 1942 return 0; 1943 } 1944 s->single_connection = packet_get_char(); 1945 s->auth_proto = packet_get_string(NULL); 1946 s->auth_data = packet_get_string(NULL); 1947 s->screen = packet_get_int(); 1948 packet_check_eom(); 1949 1950 success = session_setup_x11fwd(s); 1951 if (!success) { 1952 xfree(s->auth_proto); 1953 xfree(s->auth_data); 1954 s->auth_proto = NULL; 1955 s->auth_data = NULL; 1956 } 1957 return success; 1958 } 1959 1960 static int 1961 session_shell_req(Session *s) 1962 { 1963 packet_check_eom(); 1964 do_exec(s, NULL); 1965 return 1; 1966 } 1967 1968 static int 1969 session_exec_req(Session *s) 1970 { 1971 u_int len; 1972 char *command = packet_get_string(&len); 1973 packet_check_eom(); 1974 do_exec(s, command); 1975 xfree(command); 1976 return 1; 1977 } 1978 1979 static int 1980 session_break_req(Session *s) 1981 { 1982 1983 packet_get_int(); /* ignored */ 1984 packet_check_eom(); 1985 1986 if (s->ttyfd == -1 || 1987 tcsendbreak(s->ttyfd, 0) < 0) 1988 return 0; 1989 return 1; 1990 } 1991 1992 static int 1993 session_env_req(Session *s) 1994 { 1995 char *name, *val; 1996 u_int name_len, val_len, i; 1997 1998 name = packet_get_string(&name_len); 1999 val = packet_get_string(&val_len); 2000 packet_check_eom(); 2001 2002 /* Don't set too many environment variables */ 2003 if (s->num_env > 128) { 2004 debug2("Ignoring env request %s: too many env vars", name); 2005 goto fail; 2006 } 2007 2008 for (i = 0; i < options.num_accept_env; i++) { 2009 if (match_pattern(name, options.accept_env[i])) { 2010 debug2("Setting env %d: %s=%s", s->num_env, name, val); 2011 s->env = xrealloc(s->env, s->num_env + 1, 2012 sizeof(*s->env)); 2013 s->env[s->num_env].name = name; 2014 s->env[s->num_env].val = val; 2015 s->num_env++; 2016 return (1); 2017 } 2018 } 2019 debug2("Ignoring env request %s: disallowed name", name); 2020 2021 fail: 2022 xfree(name); 2023 xfree(val); 2024 return (0); 2025 } 2026 2027 static int 2028 session_auth_agent_req(Session *s) 2029 { 2030 static int called = 0; 2031 packet_check_eom(); 2032 if (no_agent_forwarding_flag) { 2033 debug("session_auth_agent_req: no_agent_forwarding_flag"); 2034 return 0; 2035 } 2036 if (called) { 2037 return 0; 2038 } else { 2039 called = 1; 2040 return auth_input_request_forwarding(s->pw); 2041 } 2042 } 2043 2044 int 2045 session_input_channel_req(Channel *c, const char *rtype) 2046 { 2047 int success = 0; 2048 Session *s; 2049 2050 if ((s = session_by_channel(c->self)) == NULL) { 2051 logit("session_input_channel_req: no session %d req %.100s", 2052 c->self, rtype); 2053 return 0; 2054 } 2055 debug("session_input_channel_req: session %d req %s", s->self, rtype); 2056 2057 /* 2058 * a session is in LARVAL state until a shell, a command 2059 * or a subsystem is executed 2060 */ 2061 if (c->type == SSH_CHANNEL_LARVAL) { 2062 if (strcmp(rtype, "shell") == 0) { 2063 success = session_shell_req(s); 2064 } else if (strcmp(rtype, "exec") == 0) { 2065 success = session_exec_req(s); 2066 } else if (strcmp(rtype, "pty-req") == 0) { 2067 success = session_pty_req(s); 2068 } else if (strcmp(rtype, "x11-req") == 0) { 2069 success = session_x11_req(s); 2070 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) { 2071 success = session_auth_agent_req(s); 2072 } else if (strcmp(rtype, "subsystem") == 0) { 2073 success = session_subsystem_req(s); 2074 } else if (strcmp(rtype, "env") == 0) { 2075 success = session_env_req(s); 2076 } 2077 } 2078 if (strcmp(rtype, "window-change") == 0) { 2079 success = session_window_change_req(s); 2080 } else if (strcmp(rtype, "break") == 0) { 2081 success = session_break_req(s); 2082 } 2083 2084 return success; 2085 } 2086 2087 void 2088 session_set_fds(Session *s, int fdin, int fdout, int fderr) 2089 { 2090 if (!compat20) 2091 fatal("session_set_fds: called for proto != 2.0"); 2092 /* 2093 * now that have a child and a pipe to the child, 2094 * we can activate our channel and register the fd's 2095 */ 2096 if (s->chanid == -1) 2097 fatal("no channel for session %d", s->self); 2098 channel_set_fds(s->chanid, 2099 fdout, fdin, fderr, 2100 fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, 2101 1, 2102 CHAN_SES_WINDOW_DEFAULT); 2103 } 2104 2105 /* 2106 * Function to perform pty cleanup. Also called if we get aborted abnormally 2107 * (e.g., due to a dropped connection). 2108 */ 2109 void 2110 session_pty_cleanup2(Session *s) 2111 { 2112 if (s == NULL) { 2113 error("session_pty_cleanup: no session"); 2114 return; 2115 } 2116 if (s->ttyfd == -1) 2117 return; 2118 2119 debug("session_pty_cleanup: session %d release %s", s->self, s->tty); 2120 2121 /* Record that the user has logged out. */ 2122 if (s->pid != 0) 2123 record_logout(s->pid, s->tty, s->pw->pw_name); 2124 2125 /* Release the pseudo-tty. */ 2126 if (getuid() == 0) 2127 pty_release(s->tty); 2128 2129 /* 2130 * Close the server side of the socket pairs. We must do this after 2131 * the pty cleanup, so that another process doesn't get this pty 2132 * while we're still cleaning up. 2133 */ 2134 if (close(s->ptymaster) < 0) 2135 error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); 2136 2137 /* unlink pty from session */ 2138 s->ttyfd = -1; 2139 } 2140 2141 void 2142 session_pty_cleanup(Session *s) 2143 { 2144 PRIVSEP(session_pty_cleanup2(s)); 2145 } 2146 2147 static char * 2148 sig2name(int sig) 2149 { 2150 #define SSH_SIG(x) if (sig == SIG ## x) return #x 2151 SSH_SIG(ABRT); 2152 SSH_SIG(ALRM); 2153 SSH_SIG(FPE); 2154 SSH_SIG(HUP); 2155 SSH_SIG(ILL); 2156 SSH_SIG(INT); 2157 SSH_SIG(KILL); 2158 SSH_SIG(PIPE); 2159 SSH_SIG(QUIT); 2160 SSH_SIG(SEGV); 2161 SSH_SIG(TERM); 2162 SSH_SIG(USR1); 2163 SSH_SIG(USR2); 2164 #undef SSH_SIG 2165 return "SIG@openssh.com"; 2166 } 2167 2168 static void 2169 session_close_x11(int id) 2170 { 2171 Channel *c; 2172 2173 if ((c = channel_by_id(id)) == NULL) { 2174 debug("session_close_x11: x11 channel %d missing", id); 2175 } else { 2176 /* Detach X11 listener */ 2177 debug("session_close_x11: detach x11 channel %d", id); 2178 channel_cancel_cleanup(id); 2179 if (c->ostate != CHAN_OUTPUT_CLOSED) 2180 chan_mark_dead(c); 2181 } 2182 } 2183 2184 static void 2185 session_close_single_x11(int id, void *arg) 2186 { 2187 Session *s; 2188 u_int i; 2189 2190 debug3("session_close_single_x11: channel %d", id); 2191 channel_cancel_cleanup(id); 2192 if ((s = session_by_x11_channel(id)) == NULL) 2193 fatal("session_close_single_x11: no x11 channel %d", id); 2194 for (i = 0; s->x11_chanids[i] != -1; i++) { 2195 debug("session_close_single_x11: session %d: " 2196 "closing channel %d", s->self, s->x11_chanids[i]); 2197 /* 2198 * The channel "id" is already closing, but make sure we 2199 * close all of its siblings. 2200 */ 2201 if (s->x11_chanids[i] != id) 2202 session_close_x11(s->x11_chanids[i]); 2203 } 2204 xfree(s->x11_chanids); 2205 s->x11_chanids = NULL; 2206 if (s->display) { 2207 xfree(s->display); 2208 s->display = NULL; 2209 } 2210 if (s->auth_proto) { 2211 xfree(s->auth_proto); 2212 s->auth_proto = NULL; 2213 } 2214 if (s->auth_data) { 2215 xfree(s->auth_data); 2216 s->auth_data = NULL; 2217 } 2218 if (s->auth_display) { 2219 xfree(s->auth_display); 2220 s->auth_display = NULL; 2221 } 2222 } 2223 2224 static void 2225 session_exit_message(Session *s, int status) 2226 { 2227 Channel *c; 2228 2229 if ((c = channel_lookup(s->chanid)) == NULL) 2230 fatal("session_exit_message: session %d: no channel %d", 2231 s->self, s->chanid); 2232 debug("session_exit_message: session %d channel %d pid %ld", 2233 s->self, s->chanid, (long)s->pid); 2234 2235 if (WIFEXITED(status)) { 2236 channel_request_start(s->chanid, "exit-status", 0); 2237 packet_put_int(WEXITSTATUS(status)); 2238 packet_send(); 2239 } else if (WIFSIGNALED(status)) { 2240 channel_request_start(s->chanid, "exit-signal", 0); 2241 packet_put_cstring(sig2name(WTERMSIG(status))); 2242 #ifdef WCOREDUMP 2243 packet_put_char(WCOREDUMP(status)); 2244 #else /* WCOREDUMP */ 2245 packet_put_char(0); 2246 #endif /* WCOREDUMP */ 2247 packet_put_cstring(""); 2248 packet_put_cstring(""); 2249 packet_send(); 2250 } else { 2251 /* Some weird exit cause. Just exit. */ 2252 packet_disconnect("wait returned status %04x.", status); 2253 } 2254 2255 /* disconnect channel */ 2256 debug("session_exit_message: release channel %d", s->chanid); 2257 2258 /* 2259 * Adjust cleanup callback attachment to send close messages when 2260 * the channel gets EOF. The session will be then be closed 2261 * by session_close_by_channel when the childs close their fds. 2262 */ 2263 channel_register_cleanup(c->self, session_close_by_channel, 1); 2264 2265 /* 2266 * emulate a write failure with 'chan_write_failed', nobody will be 2267 * interested in data we write. 2268 * Note that we must not call 'chan_read_failed', since there could 2269 * be some more data waiting in the pipe. 2270 */ 2271 if (c->ostate != CHAN_OUTPUT_CLOSED) 2272 chan_write_failed(c); 2273 } 2274 2275 void 2276 session_close(Session *s) 2277 { 2278 u_int i; 2279 2280 debug("session_close: session %d pid %ld", s->self, (long)s->pid); 2281 if (s->ttyfd != -1) 2282 session_pty_cleanup(s); 2283 if (s->term) 2284 xfree(s->term); 2285 if (s->display) 2286 xfree(s->display); 2287 if (s->x11_chanids) 2288 xfree(s->x11_chanids); 2289 if (s->auth_display) 2290 xfree(s->auth_display); 2291 if (s->auth_data) 2292 xfree(s->auth_data); 2293 if (s->auth_proto) 2294 xfree(s->auth_proto); 2295 s->used = 0; 2296 if (s->env != NULL) { 2297 for (i = 0; i < s->num_env; i++) { 2298 xfree(s->env[i].name); 2299 xfree(s->env[i].val); 2300 } 2301 xfree(s->env); 2302 } 2303 session_proctitle(s); 2304 } 2305 2306 void 2307 session_close_by_pid(pid_t pid, int status) 2308 { 2309 Session *s = session_by_pid(pid); 2310 if (s == NULL) { 2311 debug("session_close_by_pid: no session for pid %ld", 2312 (long)pid); 2313 return; 2314 } 2315 if (s->chanid != -1) 2316 session_exit_message(s, status); 2317 if (s->ttyfd != -1) 2318 session_pty_cleanup(s); 2319 s->pid = 0; 2320 } 2321 2322 /* 2323 * this is called when a channel dies before 2324 * the session 'child' itself dies 2325 */ 2326 void 2327 session_close_by_channel(int id, void *arg) 2328 { 2329 Session *s = session_by_channel(id); 2330 u_int i; 2331 2332 if (s == NULL) { 2333 debug("session_close_by_channel: no session for id %d", id); 2334 return; 2335 } 2336 debug("session_close_by_channel: channel %d child %ld", 2337 id, (long)s->pid); 2338 if (s->pid != 0) { 2339 debug("session_close_by_channel: channel %d: has child", id); 2340 /* 2341 * delay detach of session, but release pty, since 2342 * the fd's to the child are already closed 2343 */ 2344 if (s->ttyfd != -1) 2345 session_pty_cleanup(s); 2346 return; 2347 } 2348 /* detach by removing callback */ 2349 channel_cancel_cleanup(s->chanid); 2350 2351 /* Close any X11 listeners associated with this session */ 2352 if (s->x11_chanids != NULL) { 2353 for (i = 0; s->x11_chanids[i] != -1; i++) { 2354 session_close_x11(s->x11_chanids[i]); 2355 s->x11_chanids[i] = -1; 2356 } 2357 } 2358 2359 s->chanid = -1; 2360 session_close(s); 2361 } 2362 2363 void 2364 session_destroy_all(void (*closefunc)(Session *)) 2365 { 2366 int i; 2367 for (i = 0; i < MAX_SESSIONS; i++) { 2368 Session *s = &sessions[i]; 2369 if (s->used) { 2370 if (closefunc != NULL) 2371 closefunc(s); 2372 else 2373 session_close(s); 2374 } 2375 } 2376 } 2377 2378 static char * 2379 session_tty_list(void) 2380 { 2381 static char buf[1024]; 2382 int i; 2383 char *cp; 2384 2385 buf[0] = '\0'; 2386 for (i = 0; i < MAX_SESSIONS; i++) { 2387 Session *s = &sessions[i]; 2388 if (s->used && s->ttyfd != -1) { 2389 2390 if (strncmp(s->tty, "/dev/", 5) != 0) { 2391 cp = strrchr(s->tty, '/'); 2392 cp = (cp == NULL) ? s->tty : cp + 1; 2393 } else 2394 cp = s->tty + 5; 2395 2396 if (buf[0] != '\0') 2397 strlcat(buf, ",", sizeof buf); 2398 strlcat(buf, cp, sizeof buf); 2399 } 2400 } 2401 if (buf[0] == '\0') 2402 strlcpy(buf, "notty", sizeof buf); 2403 return buf; 2404 } 2405 2406 void 2407 session_proctitle(Session *s) 2408 { 2409 if (s->pw == NULL) 2410 error("no user for session %d", s->self); 2411 else 2412 setproctitle("%s@%s", s->pw->pw_name, session_tty_list()); 2413 } 2414 2415 int 2416 session_setup_x11fwd(Session *s) 2417 { 2418 struct stat st; 2419 char display[512], auth_display[512]; 2420 char hostname[MAXHOSTNAMELEN]; 2421 u_int i; 2422 2423 if (no_x11_forwarding_flag) { 2424 packet_send_debug("X11 forwarding disabled in user configuration file."); 2425 return 0; 2426 } 2427 if (!options.x11_forwarding) { 2428 debug("X11 forwarding disabled in server configuration file."); 2429 return 0; 2430 } 2431 if (!options.xauth_location || 2432 (stat(options.xauth_location, &st) == -1)) { 2433 packet_send_debug("No xauth program; cannot forward with spoofing."); 2434 return 0; 2435 } 2436 if (options.use_login) { 2437 packet_send_debug("X11 forwarding disabled; " 2438 "not compatible with UseLogin=yes."); 2439 return 0; 2440 } 2441 if (s->display != NULL) { 2442 debug("X11 display already set."); 2443 return 0; 2444 } 2445 if (x11_create_display_inet(options.x11_display_offset, 2446 options.x11_use_localhost, s->single_connection, 2447 &s->display_number, &s->x11_chanids) == -1) { 2448 debug("x11_create_display_inet failed."); 2449 return 0; 2450 } 2451 for (i = 0; s->x11_chanids[i] != -1; i++) { 2452 channel_register_cleanup(s->x11_chanids[i], 2453 session_close_single_x11, 0); 2454 } 2455 2456 /* Set up a suitable value for the DISPLAY variable. */ 2457 if (gethostname(hostname, sizeof(hostname)) < 0) 2458 fatal("gethostname: %.100s", strerror(errno)); 2459 /* 2460 * auth_display must be used as the displayname when the 2461 * authorization entry is added with xauth(1). This will be 2462 * different than the DISPLAY string for localhost displays. 2463 */ 2464 if (options.x11_use_localhost) { 2465 snprintf(display, sizeof display, "localhost:%u.%u", 2466 s->display_number, s->screen); 2467 snprintf(auth_display, sizeof auth_display, "unix:%u.%u", 2468 s->display_number, s->screen); 2469 s->display = xstrdup(display); 2470 s->auth_display = xstrdup(auth_display); 2471 } else { 2472 #ifdef IPADDR_IN_DISPLAY 2473 struct hostent *he; 2474 struct in_addr my_addr; 2475 2476 he = gethostbyname(hostname); 2477 if (he == NULL) { 2478 error("Can't get IP address for X11 DISPLAY."); 2479 packet_send_debug("Can't get IP address for X11 DISPLAY."); 2480 return 0; 2481 } 2482 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); 2483 snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr), 2484 s->display_number, s->screen); 2485 #else 2486 snprintf(display, sizeof display, "%.400s:%u.%u", hostname, 2487 s->display_number, s->screen); 2488 #endif 2489 s->display = xstrdup(display); 2490 s->auth_display = xstrdup(display); 2491 } 2492 2493 return 1; 2494 } 2495 2496 static void 2497 do_authenticated2(Authctxt *authctxt) 2498 { 2499 server_loop2(authctxt); 2500 } 2501 2502 void 2503 do_cleanup(Authctxt *authctxt) 2504 { 2505 static int called = 0; 2506 2507 debug("do_cleanup"); 2508 2509 /* no cleanup if we're in the child for login shell */ 2510 if (is_child) 2511 return; 2512 2513 /* avoid double cleanup */ 2514 if (called) 2515 return; 2516 called = 1; 2517 2518 if (authctxt == NULL || !authctxt->authenticated) 2519 return; 2520 #ifdef KRB5 2521 if (options.kerberos_ticket_cleanup && 2522 authctxt->krb5_ctx) 2523 krb5_cleanup_proc(authctxt); 2524 #endif 2525 2526 #ifdef GSSAPI 2527 if (compat20 && options.gss_cleanup_creds) 2528 ssh_gssapi_cleanup_creds(); 2529 #endif 2530 2531 #ifdef USE_PAM 2532 if (options.use_pam) { 2533 sshpam_cleanup(); 2534 sshpam_thread_cleanup(); 2535 } 2536 #endif 2537 2538 /* remove agent socket */ 2539 auth_sock_cleanup_proc(authctxt->pw); 2540 2541 /* 2542 * Cleanup ptys/utmp only if privsep is disabled, 2543 * or if running in monitor. 2544 */ 2545 if (!use_privsep || mm_is_monitor()) 2546 session_destroy_all(session_pty_cleanup2); 2547 } 2548