session.c revision 5562:0f12179b71ab
1/* 2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * All rights reserved 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 * 11 * SSH2 support by Markus Friedl. 12 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34/* 35 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 36 * Use is subject to license terms. 37 */ 38 39#include "includes.h" 40RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); 41 42#pragma ident "%Z%%M% %I% %E% SMI" 43 44#ifdef HAVE_DEFOPEN 45#include <deflt.h> 46#include <ulimit.h> 47#endif /* HAVE_DEFOPEN */ 48 49#ifdef HAVE_LIBGEN_H 50#include <libgen.h> 51#endif 52 53#include "ssh.h" 54#include "ssh1.h" 55#include "ssh2.h" 56#include "xmalloc.h" 57#include "sshpty.h" 58#include "packet.h" 59#include "buffer.h" 60#include "mpaux.h" 61#include "uidswap.h" 62#include "compat.h" 63#include "channels.h" 64#include "bufaux.h" 65#include "auth.h" 66#include "auth-options.h" 67#include "pathnames.h" 68#include "log.h" 69#include "servconf.h" 70#include "sshlogin.h" 71#include "serverloop.h" 72#include "canohost.h" 73#include "session.h" 74 75#ifdef USE_PAM 76#include <security/pam_appl.h> 77#endif /* USE_PAM */ 78 79#ifdef GSSAPI 80#include "ssh-gss.h" 81#endif 82 83#ifdef ALTPRIVSEP 84#include "altprivsep.h" 85#endif /* ALTPRIVSEP */ 86 87#ifdef HAVE_CYGWIN 88#include <windows.h> 89#include <sys/cygwin.h> 90#define is_winnt (GetVersion() < 0x80000000) 91#endif 92 93/* func */ 94 95Session *session_new(void); 96void session_set_fds(Session *, int, int, int); 97void session_pty_cleanup(void *); 98void session_xauthfile_cleanup(void *s); 99void session_proctitle(Session *); 100int session_setup_x11fwd(Session *); 101void do_exec_pty(Session *, const char *); 102void do_exec_no_pty(Session *, const char *); 103void do_exec(Session *, const char *); 104void do_login(Session *, const char *); 105#ifdef LOGIN_NEEDS_UTMPX 106static void do_pre_login(Session *s); 107#endif 108void do_child(Session *, const char *); 109void do_motd(void); 110int check_quietlogin(Session *, const char *); 111 112static void do_authenticated1(Authctxt *); 113static void do_authenticated2(Authctxt *); 114 115static int session_pty_req(Session *); 116static int session_env_req(Session *s); 117static void session_free_env(char ***envp); 118 119#ifdef USE_PAM 120static void session_do_pam(Session *, int); 121#endif /* USE_PAM */ 122 123/* import */ 124extern ServerOptions options; 125extern char *__progname; 126extern int log_stderr; 127extern int debug_flag; 128extern u_int utmp_len; 129extern void destroy_sensitive_data(void); 130 131#ifdef GSSAPI 132extern Gssctxt *xxx_gssctxt; 133#endif /* GSSAPI */ 134 135/* original command from peer. */ 136const char *original_command = NULL; 137 138/* data */ 139#define MAX_SESSIONS 10 140Session sessions[MAX_SESSIONS]; 141 142#ifdef WITH_AIXAUTHENTICATE 143char *aixloginmsg; 144#endif /* WITH_AIXAUTHENTICATE */ 145 146#ifdef HAVE_LOGIN_CAP 147login_cap_t *lc; 148#endif 149 150/* Name and directory of socket for authentication agent forwarding. */ 151static char *auth_sock_name = NULL; 152static char *auth_sock_dir = NULL; 153 154/* removes the agent forwarding socket */ 155 156static void 157auth_sock_cleanup_proc(void *_pw) 158{ 159 struct passwd *pw = _pw; 160 161 if (auth_sock_name != NULL) { 162 temporarily_use_uid(pw); 163 unlink(auth_sock_name); 164 rmdir(auth_sock_dir); 165 auth_sock_name = NULL; 166 restore_uid(); 167 } 168} 169 170static int 171auth_input_request_forwarding(struct passwd * pw) 172{ 173 Channel *nc; 174 int sock; 175 struct sockaddr_un sunaddr; 176 177 if (auth_sock_name != NULL) { 178 error("authentication forwarding requested twice."); 179 return 0; 180 } 181 182 /* Temporarily drop privileged uid for mkdir/bind. */ 183 temporarily_use_uid(pw); 184 185 /* Allocate a buffer for the socket name, and format the name. */ 186 auth_sock_name = xmalloc(MAXPATHLEN); 187 auth_sock_dir = xmalloc(MAXPATHLEN); 188 strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); 189 190 /* Create private directory for socket */ 191 if (mkdtemp(auth_sock_dir) == NULL) { 192 packet_send_debug("Agent forwarding disabled: " 193 "mkdtemp() failed: %.100s", strerror(errno)); 194 restore_uid(); 195 xfree(auth_sock_name); 196 xfree(auth_sock_dir); 197 auth_sock_name = NULL; 198 auth_sock_dir = NULL; 199 return 0; 200 } 201 snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld", 202 auth_sock_dir, (long) getpid()); 203 204 /* delete agent socket on fatal() */ 205 fatal_add_cleanup(auth_sock_cleanup_proc, pw); 206 207 /* Create the socket. */ 208 sock = socket(AF_UNIX, SOCK_STREAM, 0); 209 if (sock < 0) 210 packet_disconnect("socket: %.100s", strerror(errno)); 211 212 /* Bind it to the name. */ 213 memset(&sunaddr, 0, sizeof(sunaddr)); 214 sunaddr.sun_family = AF_UNIX; 215 strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); 216 217 if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) 218 packet_disconnect("bind: %.100s", strerror(errno)); 219 220 /* Restore the privileged uid. */ 221 restore_uid(); 222 223 /* Start listening on the socket. */ 224 if (listen(sock, 5) < 0) 225 packet_disconnect("listen: %.100s", strerror(errno)); 226 227 /* Allocate a channel for the authentication agent socket. */ 228 nc = channel_new("auth socket", 229 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, 230 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 231 0, xstrdup("auth socket"), 1); 232 strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); 233 return 1; 234} 235 236 237void 238do_authenticated(Authctxt *authctxt) 239{ 240 /* setup the channel layer */ 241 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 242 channel_permit_all_opens(); 243 244 if (compat20) 245 do_authenticated2(authctxt); 246 else 247 do_authenticated1(authctxt); 248 249 /* remove agent socket */ 250 if (auth_sock_name != NULL) 251 auth_sock_cleanup_proc(authctxt->pw); 252#ifdef KRB4 253 if (options.kerberos_ticket_cleanup) 254 krb4_cleanup_proc(authctxt); 255#endif 256#ifdef KRB5 257 if (options.kerberos_ticket_cleanup) 258 krb5_cleanup_proc(authctxt); 259#endif 260} 261 262/* 263 * Prepares for an interactive session. This is called after the user has 264 * been successfully authenticated. During this message exchange, pseudo 265 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings 266 * are requested, etc. 267 */ 268static void 269do_authenticated1(Authctxt *authctxt) 270{ 271 Session *s; 272 char *command; 273 int success, type, screen_flag; 274 int enable_compression_after_reply = 0; 275 u_int proto_len, data_len, dlen, compression_level = 0; 276 277 s = session_new(); 278 s->authctxt = authctxt; 279 s->pw = authctxt->pw; 280 281 /* 282 * We stay in this loop until the client requests to execute a shell 283 * or a command. 284 */ 285 for (;;) { 286 success = 0; 287 288 /* Get a packet from the client. */ 289 type = packet_read(); 290 291 /* Process the packet. */ 292 switch (type) { 293 case SSH_CMSG_REQUEST_COMPRESSION: 294 compression_level = packet_get_int(); 295 packet_check_eom(); 296 if (compression_level < 1 || compression_level > 9) { 297 packet_send_debug("Received illegal compression level %d.", 298 compression_level); 299 break; 300 } 301 if (!options.compression) { 302 debug2("compression disabled"); 303 break; 304 } 305 /* Enable compression after we have responded with SUCCESS. */ 306 enable_compression_after_reply = 1; 307 success = 1; 308 break; 309 310 case SSH_CMSG_REQUEST_PTY: 311 success = session_pty_req(s); 312 break; 313 314 case SSH_CMSG_X11_REQUEST_FORWARDING: 315 s->auth_proto = packet_get_string(&proto_len); 316 s->auth_data = packet_get_string(&data_len); 317 318 screen_flag = packet_get_protocol_flags() & 319 SSH_PROTOFLAG_SCREEN_NUMBER; 320 debug2("SSH_PROTOFLAG_SCREEN_NUMBER: %d", screen_flag); 321 322 if (packet_remaining() == 4) { 323 if (!screen_flag) 324 debug2("Buggy client: " 325 "X11 screen flag missing"); 326 s->screen = packet_get_int(); 327 } else { 328 s->screen = 0; 329 } 330 packet_check_eom(); 331 success = session_setup_x11fwd(s); 332 if (!success) { 333 xfree(s->auth_proto); 334 xfree(s->auth_data); 335 s->auth_proto = NULL; 336 s->auth_data = NULL; 337 } 338 break; 339 340 case SSH_CMSG_AGENT_REQUEST_FORWARDING: 341 if (no_agent_forwarding_flag || compat13) { 342 debug("Authentication agent forwarding not permitted for this authentication."); 343 break; 344 } 345 debug("Received authentication agent forwarding request."); 346 success = auth_input_request_forwarding(s->pw); 347 break; 348 349 case SSH_CMSG_PORT_FORWARD_REQUEST: 350 if (no_port_forwarding_flag) { 351 debug("Port forwarding not permitted for this authentication."); 352 break; 353 } 354 if (!options.allow_tcp_forwarding) { 355 debug("Port forwarding not permitted."); 356 break; 357 } 358 debug("Received TCP/IP port forwarding request."); 359 channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports); 360 success = 1; 361 break; 362 363 case SSH_CMSG_MAX_PACKET_SIZE: 364 if (packet_set_maxsize(packet_get_int()) > 0) 365 success = 1; 366 break; 367 368#if defined(AFS) || defined(KRB5) 369 case SSH_CMSG_HAVE_KERBEROS_TGT: 370 if (!options.kerberos_tgt_passing) { 371 verbose("Kerberos TGT passing disabled."); 372 } else { 373 char *kdata = packet_get_string(&dlen); 374 packet_check_eom(); 375 376 /* XXX - 0x41, see creds_to_radix version */ 377 if (kdata[0] != 0x41) { 378#ifdef KRB5 379 krb5_data tgt; 380 tgt.data = kdata; 381 tgt.length = dlen; 382 383 if (auth_krb5_tgt(s->authctxt, &tgt)) 384 success = 1; 385 else 386 verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user); 387#endif /* KRB5 */ 388 } else { 389#ifdef AFS 390 if (auth_krb4_tgt(s->authctxt, kdata)) 391 success = 1; 392 else 393 verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user); 394#endif /* AFS */ 395 } 396 xfree(kdata); 397 } 398 break; 399#endif /* AFS || KRB5 */ 400 401#ifdef AFS 402 case SSH_CMSG_HAVE_AFS_TOKEN: 403 if (!options.afs_token_passing || !k_hasafs()) { 404 verbose("AFS token passing disabled."); 405 } else { 406 /* Accept AFS token. */ 407 char *token = packet_get_string(&dlen); 408 packet_check_eom(); 409 410 if (auth_afs_token(s->authctxt, token)) 411 success = 1; 412 else 413 verbose("AFS token refused for %.100s", 414 s->authctxt->user); 415 xfree(token); 416 } 417 break; 418#endif /* AFS */ 419 420 case SSH_CMSG_EXEC_SHELL: 421 case SSH_CMSG_EXEC_CMD: 422 if (type == SSH_CMSG_EXEC_CMD) { 423 command = packet_get_string(&dlen); 424 debug("Exec command '%.500s'", command); 425 do_exec(s, command); 426 xfree(command); 427 } else { 428 do_exec(s, NULL); 429 } 430 packet_check_eom(); 431 session_close(s); 432 return; 433 434 default: 435 /* 436 * Any unknown messages in this phase are ignored, 437 * and a failure message is returned. 438 */ 439 log("Unknown packet type received after authentication: %d", type); 440 } 441 packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE); 442 packet_send(); 443 packet_write_wait(); 444 445 /* Enable compression now that we have replied if appropriate. */ 446 if (enable_compression_after_reply) { 447 enable_compression_after_reply = 0; 448 packet_start_compression(compression_level); 449 } 450 } 451} 452 453/* 454 * This is called to fork and execute a command when we have no tty. This 455 * will call do_child from the child, and server_loop from the parent after 456 * setting up file descriptors and such. 457 */ 458void 459do_exec_no_pty(Session *s, const char *command) 460{ 461 pid_t pid; 462 463#ifdef USE_PIPES 464 int pin[2], pout[2], perr[2]; 465 /* Allocate pipes for communicating with the program. */ 466 if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0) 467 packet_disconnect("Could not create pipes: %.100s", 468 strerror(errno)); 469#else /* USE_PIPES */ 470 int inout[2], err[2]; 471 /* Uses socket pairs to communicate with the program. */ 472 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 || 473 socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) 474 packet_disconnect("Could not create socket pairs: %.100s", 475 strerror(errno)); 476#endif /* USE_PIPES */ 477 if (s == NULL) 478 fatal("do_exec_no_pty: no session"); 479 480 session_proctitle(s); 481 482 /* Fork the child. */ 483 if ((pid = fork()) == 0) { 484 fatal_remove_all_cleanups(); 485 486 /* Child. Reinitialize the log since the pid has changed. */ 487 log_init(__progname, options.log_level, options.log_facility, log_stderr); 488 489 /* 490 * Create a new session and process group since the 4.4BSD 491 * setlogin() affects the entire process group. 492 */ 493 if (setsid() < 0) 494 error("setsid failed: %.100s", strerror(errno)); 495 496#ifdef USE_PIPES 497 /* 498 * Redirect stdin. We close the parent side of the socket 499 * pair, and make the child side the standard input. 500 */ 501 close(pin[1]); 502 if (dup2(pin[0], 0) < 0) 503 perror("dup2 stdin"); 504 close(pin[0]); 505 506 /* Redirect stdout. */ 507 close(pout[0]); 508 if (dup2(pout[1], 1) < 0) 509 perror("dup2 stdout"); 510 close(pout[1]); 511 512 /* Redirect stderr. */ 513 close(perr[0]); 514 if (dup2(perr[1], 2) < 0) 515 perror("dup2 stderr"); 516 close(perr[1]); 517#else /* USE_PIPES */ 518 /* 519 * Redirect stdin, stdout, and stderr. Stdin and stdout will 520 * use the same socket, as some programs (particularly rdist) 521 * seem to depend on it. 522 */ 523 close(inout[1]); 524 close(err[1]); 525 if (dup2(inout[0], 0) < 0) /* stdin */ 526 perror("dup2 stdin"); 527 if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */ 528 perror("dup2 stdout"); 529 if (dup2(err[0], 2) < 0) /* stderr */ 530 perror("dup2 stderr"); 531#endif /* USE_PIPES */ 532 533#ifdef _UNICOS 534 cray_init_job(s->pw); /* set up cray jid and tmpdir */ 535#endif 536 537 /* Do processing for the child (exec command etc). */ 538 do_child(s, command); 539 /* NOTREACHED */ 540 } 541#ifdef _UNICOS 542 signal(WJSIGNAL, cray_job_termination_handler); 543#endif /* _UNICOS */ 544#ifdef HAVE_CYGWIN 545 if (is_winnt) 546 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 547#endif 548 if (pid < 0) 549 packet_disconnect("fork failed: %.100s", strerror(errno)); 550 s->pid = pid; 551 /* Set interactive/non-interactive mode. */ 552 packet_set_interactive(s->display != NULL); 553#ifdef USE_PIPES 554 /* We are the parent. Close the child sides of the pipes. */ 555 close(pin[0]); 556 close(pout[1]); 557 close(perr[1]); 558 559 if (compat20) { 560 session_set_fds(s, pin[1], pout[0], s->is_subsystem ? -1 : perr[0]); 561 /* Don't close channel before sending exit-status! */ 562 channel_set_wait_for_exit(s->chanid, 1); 563 } else { 564 /* Enter the interactive session. */ 565 server_loop(pid, pin[1], pout[0], perr[0]); 566 /* server_loop has closed pin[1], pout[0], and perr[0]. */ 567 } 568#else /* USE_PIPES */ 569 /* We are the parent. Close the child sides of the socket pairs. */ 570 close(inout[0]); 571 close(err[0]); 572 573 /* 574 * Enter the interactive session. Note: server_loop must be able to 575 * handle the case that fdin and fdout are the same. 576 */ 577 if (compat20) { 578 session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]); 579 /* Don't close channel before sending exit-status! */ 580 channel_set_wait_for_exit(s->chanid, 1); 581 } else { 582 server_loop(pid, inout[1], inout[1], err[1]); 583 /* server_loop has closed inout[1] and err[1]. */ 584 } 585#endif /* USE_PIPES */ 586} 587 588/* 589 * This is called to fork and execute a command when we have a tty. This 590 * will call do_child from the child, and server_loop from the parent after 591 * setting up file descriptors, controlling tty, updating wtmp, utmp, 592 * lastlog, and other such operations. 593 */ 594void 595do_exec_pty(Session *s, const char *command) 596{ 597 int fdout, ptyfd, ttyfd, ptymaster, pipe_fds[2]; 598 pid_t pid; 599 600 if (s == NULL) 601 fatal("do_exec_pty: no session"); 602 ptyfd = s->ptyfd; 603 ttyfd = s->ttyfd; 604 605#ifdef USE_PAM 606 session_do_pam(s, 1); /* pam_open_session() */ 607#endif /* USE_PAM */ 608 609 /* 610 * This pipe lets sshd wait for child to exec or exit. This is 611 * particularly important for ALTPRIVSEP because the child is 612 * the one to call the monitor to request a record_login() and 613 * we don't want the child and the parent to compete for the 614 * monitor's attention. But this is generic code and doesn't 615 * hurt to have here even if ALTPRIVSEP is not used. 616 */ 617 if (pipe(pipe_fds) != 0) 618 packet_disconnect("pipe failed: %.100s", strerror(errno)); 619 620 (void) fcntl(pipe_fds[0], F_SETFD, FD_CLOEXEC); 621 (void) fcntl(pipe_fds[1], F_SETFD, FD_CLOEXEC); 622 623 /* Fork the child. */ 624 if ((pid = fork()) == 0) { 625 (void) close(pipe_fds[0]); 626 627 fatal_remove_all_cleanups(); 628 629 /* Child. Reinitialize the log because the pid has changed. */ 630 log_init(__progname, options.log_level, options.log_facility, log_stderr); 631 /* Close the master side of the pseudo tty. */ 632 close(ptyfd); 633 634 /* Make the pseudo tty our controlling tty. */ 635 pty_make_controlling_tty(&ttyfd, s->tty); 636 637 /* Redirect stdin/stdout/stderr from the pseudo tty. */ 638 if (dup2(ttyfd, 0) < 0) 639 error("dup2 stdin: %s", strerror(errno)); 640 if (dup2(ttyfd, 1) < 0) 641 error("dup2 stdout: %s", strerror(errno)); 642 if (dup2(ttyfd, 2) < 0) 643 error("dup2 stderr: %s", strerror(errno)); 644 645 /* Close the extra descriptor for the pseudo tty. */ 646 close(ttyfd); 647 648 /* record login, etc. similar to login(1) */ 649#if !defined(HAVE_OSF_SIA) 650 if (!(options.use_login && command == NULL)) { 651#ifdef _UNICOS 652 cray_init_job(s->pw); /* set up cray jid and tmpdir */ 653#endif /* _UNICOS */ 654 do_login(s, command); 655 } 656# ifdef LOGIN_NEEDS_UTMPX 657 else 658 do_pre_login(s); 659# endif 660#endif /* !HAVE_OSF_SIA */ 661 662 /* 663 * do_pre_login() will have completed the record_login(), so 664 * close the pipe to the parent so it can re-enter its event 665 * loop and service the ptm; if enough debug messages get 666 * written to the pty before this happens there will be a 667 * deadlock. 668 */ 669 close(pipe_fds[1]); 670 671 /* Do common processing for the child, such as execing the command. */ 672 do_child(s, command); 673 /* NOTREACHED */ 674 } 675 676 /* Wait for child to exec() or exit() */ 677 (void) close(pipe_fds[1]); 678 (void) read(pipe_fds[0], &pipe_fds[1], sizeof(int)); 679 680#ifdef _UNICOS 681 signal(WJSIGNAL, cray_job_termination_handler); 682#endif /* _UNICOS */ 683#ifdef HAVE_CYGWIN 684 if (is_winnt) 685 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 686#endif 687 if (pid < 0) 688 packet_disconnect("fork failed: %.100s", strerror(errno)); 689 s->pid = pid; 690 691 /* Parent. Close the slave side of the pseudo tty. */ 692 close(ttyfd); 693 694 /* 695 * Create another descriptor of the pty master side for use as the 696 * standard input. We could use the original descriptor, but this 697 * simplifies code in server_loop. The descriptor is bidirectional. 698 */ 699 fdout = dup(ptyfd); 700 if (fdout < 0) 701 packet_disconnect("dup #1 failed: %.100s", strerror(errno)); 702 703 /* we keep a reference to the pty master */ 704 ptymaster = dup(ptyfd); 705 if (ptymaster < 0) 706 packet_disconnect("dup #2 failed: %.100s", strerror(errno)); 707 s->ptymaster = ptymaster; 708 709 /* Enter interactive session. */ 710 packet_set_interactive(1); 711 if (compat20) { 712 session_set_fds(s, ptyfd, fdout, -1); 713 /* Don't close channel before sending exit-status! */ 714 channel_set_wait_for_exit(s->chanid, 1); 715 } else { 716 server_loop(pid, ptyfd, fdout, -1); 717 /* server_loop _has_ closed ptyfd and fdout. */ 718 } 719} 720 721#ifdef LOGIN_NEEDS_UTMPX 722static void 723do_pre_login(Session *s) 724{ 725 socklen_t fromlen; 726 struct sockaddr_storage from; 727 pid_t pid = getpid(); 728 729 /* 730 * Get IP address of client. If the connection is not a socket, let 731 * the address be 0.0.0.0. 732 */ 733 memset(&from, 0, sizeof(from)); 734 fromlen = sizeof(from); 735 if (packet_connection_is_on_socket()) { 736 if (getpeername(packet_get_connection_in(), 737 (struct sockaddr *) & from, &fromlen) < 0) { 738 debug("getpeername: %.100s", strerror(errno)); 739 fatal_cleanup(); 740 } 741 } 742 743 record_utmp_only(pid, s->tty, s->pw->pw_name, 744 get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), 745 (struct sockaddr *)&from); 746} 747#endif 748 749/* 750 * This is called to fork and execute a command. If another command is 751 * to be forced, execute that instead. 752 */ 753void 754do_exec(Session *s, const char *command) 755{ 756 if (command) 757 s->command = xstrdup(command); 758 759 if (forced_command) { 760 original_command = command; 761 command = forced_command; 762 debug("Forced command '%.900s'", command); 763 } 764 765 if (s->ttyfd != -1) 766 do_exec_pty(s, command); 767 else 768 do_exec_no_pty(s, command); 769 770 original_command = NULL; 771} 772 773 774/* administrative, login(1)-like work */ 775void 776do_login(Session *s, const char *command) 777{ 778 char *time_string; 779#ifndef ALTPRIVSEP 780 struct passwd * pw = s->pw; 781#endif /* ALTPRIVSEP*/ 782 pid_t pid = getpid(); 783 784 /* Record that there was a login on that tty from the remote host. */ 785#ifdef ALTPRIVSEP 786 debug3("Recording SSHv2 channel login in utmpx/wtmpx"); 787 altprivsep_record_login(pid, s->tty); 788#endif /* ALTPRIVSEP*/ 789 790 if (check_quietlogin(s, command)) 791 return; 792 793#ifdef USE_PAM 794 print_pam_messages(); 795#endif /* USE_PAM */ 796#ifdef WITH_AIXAUTHENTICATE 797 if (aixloginmsg && *aixloginmsg) 798 printf("%s\n", aixloginmsg); 799#endif /* WITH_AIXAUTHENTICATE */ 800 801#ifndef NO_SSH_LASTLOG 802 if (options.print_lastlog && s->last_login_time != 0) { 803 time_string = ctime(&s->last_login_time); 804 if (strchr(time_string, '\n')) 805 *strchr(time_string, '\n') = 0; 806 if (strcmp(s->hostname, "") == 0) 807 printf("Last login: %s\r\n", time_string); 808 else 809 printf("Last login: %s from %s\r\n", time_string, 810 s->hostname); 811 } 812#endif /* NO_SSH_LASTLOG */ 813 814 do_motd(); 815} 816 817/* 818 * Display the message of the day. 819 */ 820void 821do_motd(void) 822{ 823 FILE *f; 824 char buf[256]; 825 826 if (options.print_motd) { 827#ifdef HAVE_LOGIN_CAP 828 f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", 829 "/etc/motd"), "r"); 830#else 831 f = fopen("/etc/motd", "r"); 832#endif 833 if (f) { 834 while (fgets(buf, sizeof(buf), f)) 835 fputs(buf, stdout); 836 fclose(f); 837 } 838 } 839} 840 841 842/* 843 * Check for quiet login, either .hushlogin or command given. 844 */ 845int 846check_quietlogin(Session *s, const char *command) 847{ 848 char buf[256]; 849 struct passwd *pw = s->pw; 850 struct stat st; 851 852 /* Return 1 if .hushlogin exists or a command given. */ 853 if (command != NULL) 854 return 1; 855 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); 856#ifdef HAVE_LOGIN_CAP 857 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) 858 return 1; 859#else 860 if (stat(buf, &st) >= 0) 861 return 1; 862#endif 863 return 0; 864} 865 866/* 867 * Sets the value of the given variable in the environment. If the variable 868 * already exists, its value is overriden. 869 */ 870void 871child_set_env(char ***envp, u_int *envsizep, const char *name, 872 const char *value) 873{ 874 u_int i, namelen; 875 char **env; 876 877 debug3("child_set_env(%s, %s)", name, value); 878 /* 879 * Find the slot where the value should be stored. If the variable 880 * already exists, we reuse the slot; otherwise we append a new slot 881 * at the end of the array, expanding if necessary. 882 */ 883 env = *envp; 884 namelen = strlen(name); 885 for (i = 0; env[i]; i++) 886 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') 887 break; 888 if (env[i]) { 889 /* Reuse the slot. */ 890 xfree(env[i]); 891 } else { 892 /* New variable. Expand if necessary. */ 893 if (i >= (*envsizep) - 1) { 894 if (*envsizep >= 1000) 895 fatal("child_set_env: too many env vars," 896 " skipping: %.100s", name); 897 (*envsizep) += 50; 898 env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); 899 } 900 /* Need to set the NULL pointer at end of array beyond the new slot. */ 901 env[i + 1] = NULL; 902 } 903 904 /* Allocate space and format the variable in the appropriate slot. */ 905 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1); 906 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value); 907} 908 909/* 910 * Reads environment variables from the given file and adds/overrides them 911 * into the environment. If the file does not exist, this does nothing. 912 * Otherwise, it must consist of empty lines, comments (line starts with '#') 913 * and assignments of the form name=value. No other forms are allowed. 914 */ 915static void 916read_environment_file(char ***env, u_int *envsize, 917 const char *filename) 918{ 919 FILE *f; 920 char buf[4096]; 921 char *cp, *value; 922 u_int lineno = 0; 923 924 f = fopen(filename, "r"); 925 if (!f) 926 return; 927 928 while (fgets(buf, sizeof(buf), f)) { 929 if (++lineno > 1000) 930 fatal("Too many lines in environment file %s", filename); 931 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) 932 ; 933 if (!*cp || *cp == '#' || *cp == '\n') 934 continue; 935 if (strchr(cp, '\n')) 936 *strchr(cp, '\n') = '\0'; 937 value = strchr(cp, '='); 938 if (value == NULL) { 939 fprintf(stderr, gettext("Bad line %u in %.100s\n"), 940 lineno, filename); 941 continue; 942 } 943 /* 944 * Replace the equals sign by nul, and advance value to 945 * the value string. 946 */ 947 *value = '\0'; 948 value++; 949 child_set_env(env, envsize, cp, value); 950 } 951 fclose(f); 952} 953 954void copy_environment(char **source, char ***env, u_int *envsize) 955{ 956 char *var_name, *var_val; 957 int i; 958 959 if (source == NULL) 960 return; 961 962 for(i = 0; source[i] != NULL; i++) { 963 var_name = xstrdup(source[i]); 964 if ((var_val = strstr(var_name, "=")) == NULL) { 965 xfree(var_name); 966 continue; 967 } 968 *var_val++ = '\0'; 969 970 debug3("Copy environment: %s=%s", var_name, var_val); 971 child_set_env(env, envsize, var_name, var_val); 972 973 xfree(var_name); 974 } 975} 976 977#ifdef HAVE_DEFOPEN 978static 979void 980deflt_do_setup_env(Session *s, const char *shell, char ***env, u_int *envsize) 981{ 982 int flags; 983 char *ptr; 984 mode_t Umask = 022; 985 986 if (defopen(_PATH_DEFAULT_LOGIN)) 987 return; 988 989 /* Ignore case */ 990 flags = defcntl(DC_GETFLAGS, 0); 991 TURNOFF(flags, DC_CASE); 992 (void) defcntl(DC_SETFLAGS, flags); 993 994 /* TZ & HZ */ 995 if ((ptr = defread("TIMEZONE=")) != NULL) 996 child_set_env(env, envsize, "TZ", ptr); 997 if ((ptr = defread("HZ=")) != NULL) 998 child_set_env(env, envsize, "HZ", ptr); 999 1000 /* PATH */ 1001 if (s->pw->pw_uid != 0 && (ptr = defread("PATH=")) != NULL) 1002 child_set_env(env, envsize, "PATH", ptr); 1003 if (s->pw->pw_uid == 0 && (ptr = defread("SUPATH=")) != NULL) 1004 child_set_env(env, envsize, "PATH", ptr); 1005 1006 /* SHELL */ 1007 if ((ptr = defread("ALTSHELL=")) != NULL) { 1008 if (strcasecmp("YES", ptr) == 0) 1009 child_set_env(env, envsize, "SHELL", shell); 1010 else 1011 child_set_env(env, envsize, "SHELL", ""); 1012 } 1013 1014 /* UMASK */ 1015 if ((ptr = defread("UMASK=")) != NULL && 1016 sscanf(ptr, "%lo", &Umask) == 1 && 1017 Umask <= (mode_t)0777) 1018 (void) umask(Umask); 1019 else 1020 (void) umask(022); 1021 1022 /* ULIMIT */ 1023 if ((ptr = defread("ULIMIT=")) != NULL && atol(ptr) > 0L && 1024 ulimit(UL_SETFSIZE, atol(ptr)) < 0L) 1025 error("Could not set ULIMIT to %ld from %s\n", atol(ptr), 1026 _PATH_DEFAULT_LOGIN); 1027 1028 (void) defopen(NULL); 1029} 1030#endif /* HAVE_DEFOPEN */ 1031 1032static char ** 1033do_setup_env(Session *s, const char *shell) 1034{ 1035 char buf[256]; 1036 char path_maildir[] = _PATH_MAILDIR; 1037 u_int i, envsize, pm_len; 1038 char **env; 1039 struct passwd *pw = s->pw; 1040 1041 /* Initialize the environment. */ 1042 envsize = 100; 1043 env = xmalloc(envsize * sizeof(char *)); 1044 env[0] = NULL; 1045 1046#ifdef HAVE_CYGWIN 1047 /* 1048 * The Windows environment contains some setting which are 1049 * important for a running system. They must not be dropped. 1050 */ 1051 copy_environment(environ, &env, &envsize); 1052#endif 1053 1054#ifdef GSSAPI 1055 /* Allow any GSSAPI methods that we've used to alter 1056 * the childs environment as they see fit 1057 */ 1058 ssh_gssapi_do_child(xxx_gssctxt, &env,&envsize); 1059#endif 1060 1061 if (!options.use_login) { 1062 /* Set basic environment. */ 1063 child_set_env(&env, &envsize, "USER", pw->pw_name); 1064 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); 1065 child_set_env(&env, &envsize, "HOME", pw->pw_dir); 1066#ifdef HAVE_LOGIN_CAP 1067 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) 1068 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); 1069 else 1070 child_set_env(&env, &envsize, "PATH", getenv("PATH")); 1071#else /* HAVE_LOGIN_CAP */ 1072# ifndef HAVE_CYGWIN 1073 /* 1074 * There's no standard path on Windows. The path contains 1075 * important components pointing to the system directories, 1076 * needed for loading shared libraries. So the path better 1077 * remains intact here. 1078 */ 1079# ifdef SUPERUSER_PATH 1080 child_set_env(&env, &envsize, "PATH", 1081 s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); 1082# else 1083 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); 1084# endif /* SUPERUSER_PATH */ 1085# endif /* HAVE_CYGWIN */ 1086#endif /* HAVE_LOGIN_CAP */ 1087 1088 pm_len = strlen(path_maildir); 1089 if (path_maildir[pm_len - 1] == '/' && pm_len > 1) 1090 path_maildir[pm_len - 1] = NULL; 1091 snprintf(buf, sizeof buf, "%.200s/%.50s", 1092 path_maildir, pw->pw_name); 1093 child_set_env(&env, &envsize, "MAIL", buf); 1094 1095 /* Normal systems set SHELL by default. */ 1096 child_set_env(&env, &envsize, "SHELL", shell); 1097 1098#ifdef HAVE_DEFOPEN 1099 deflt_do_setup_env(s, shell, &env, &envsize); 1100#endif /* HAVE_DEFOPEN */ 1101 } 1102 1103#define PASS_ENV(x) \ 1104 if (getenv(x)) \ 1105 child_set_env(&env, &envsize, x, getenv(x)); 1106 1107 if (getenv("TZ")) 1108 child_set_env(&env, &envsize, "TZ", getenv("TZ")); 1109 1110 if (s->auth_file != NULL) 1111 child_set_env(&env, &envsize, "XAUTHORITY", s->auth_file); 1112 1113 PASS_ENV("LANG") 1114 PASS_ENV("LC_ALL") 1115 PASS_ENV("LC_CTYPE") 1116 PASS_ENV("LC_COLLATE") 1117 PASS_ENV("LC_TIME") 1118 PASS_ENV("LC_NUMERIC") 1119 PASS_ENV("LC_MONETARY") 1120 PASS_ENV("LC_MESSAGES") 1121 1122#undef PASS_ENV 1123 1124 if (s->env != NULL) 1125 copy_environment(s->env, &env, &envsize); 1126 1127 /* Set custom environment options from RSA authentication. */ 1128 if (!options.use_login) { 1129 while (custom_environment) { 1130 struct envstring *ce = custom_environment; 1131 char *str = ce->s; 1132 1133 for (i = 0; str[i] != '=' && str[i]; i++) 1134 ; 1135 if (str[i] == '=') { 1136 str[i] = 0; 1137 child_set_env(&env, &envsize, str, str + i + 1); 1138 } 1139 custom_environment = ce->next; 1140 xfree(ce->s); 1141 xfree(ce); 1142 } 1143 } 1144 1145 /* SSH_CLIENT deprecated */ 1146 snprintf(buf, sizeof buf, "%.50s %d %d", 1147 get_remote_ipaddr(), get_remote_port(), get_local_port()); 1148 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 1149 1150 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 1151 get_remote_ipaddr(), get_remote_port(), 1152 get_local_ipaddr(packet_get_connection_in()), get_local_port()); 1153 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 1154 1155 if (s->ttyfd != -1) 1156 child_set_env(&env, &envsize, "SSH_TTY", s->tty); 1157 if (s->term) 1158 child_set_env(&env, &envsize, "TERM", s->term); 1159 if (s->display) 1160 child_set_env(&env, &envsize, "DISPLAY", s->display); 1161 if (original_command) 1162 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", 1163 original_command); 1164 1165#ifdef _UNICOS 1166 if (cray_tmpdir[0] != '\0') 1167 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); 1168#endif /* _UNICOS */ 1169 1170#ifdef _AIX 1171 { 1172 char *cp; 1173 1174 if ((cp = getenv("AUTHSTATE")) != NULL) 1175 child_set_env(&env, &envsize, "AUTHSTATE", cp); 1176 if ((cp = getenv("KRB5CCNAME")) != NULL) 1177 child_set_env(&env, &envsize, "KRB5CCNAME", cp); 1178 read_environment_file(&env, &envsize, "/etc/environment"); 1179 } 1180#endif 1181#ifdef KRB4 1182 if (s->authctxt->krb4_ticket_file) 1183 child_set_env(&env, &envsize, "KRBTKFILE", 1184 s->authctxt->krb4_ticket_file); 1185#endif 1186#ifdef KRB5 1187 if (s->authctxt->krb5_ticket_file) 1188 child_set_env(&env, &envsize, "KRB5CCNAME", 1189 s->authctxt->krb5_ticket_file); 1190#endif 1191#ifdef USE_PAM 1192 /* 1193 * Pull in any environment variables that may have 1194 * been set by PAM. 1195 */ 1196 { 1197 char **p; 1198 1199 p = fetch_pam_environment(s->authctxt); 1200 copy_environment(p, &env, &envsize); 1201 free_pam_environment(p); 1202 } 1203#endif /* USE_PAM */ 1204 1205 if (auth_sock_name != NULL) 1206 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 1207 auth_sock_name); 1208 1209 /* read $HOME/.ssh/environment. */ 1210 if (options.permit_user_env && !options.use_login) { 1211 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", 1212 strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); 1213 read_environment_file(&env, &envsize, buf); 1214 } 1215 if (debug_flag) { 1216 /* dump the environment */ 1217 fprintf(stderr, gettext("Environment:\n")); 1218 for (i = 0; env[i]; i++) 1219 fprintf(stderr, " %.200s\n", env[i]); 1220 } 1221 return env; 1222} 1223 1224/* 1225 * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found 1226 * first in this order). 1227 */ 1228static void 1229do_rc_files(Session *s, const char *shell) 1230{ 1231 FILE *f = NULL; 1232 char cmd[1024]; 1233 int do_xauth; 1234 struct stat st; 1235 1236 do_xauth = 1237 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; 1238 1239 /* ignore _PATH_SSH_USER_RC for subsystems */ 1240 if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { 1241 snprintf(cmd, sizeof cmd, "%s -c '%s %s'", 1242 shell, _PATH_BSHELL, _PATH_SSH_USER_RC); 1243 if (debug_flag) 1244 fprintf(stderr, "Running %s\n", cmd); 1245 f = popen(cmd, "w"); 1246 if (f) { 1247 if (do_xauth) 1248 fprintf(f, "%s %s\n", s->auth_proto, 1249 s->auth_data); 1250 pclose(f); 1251 } else 1252 fprintf(stderr, "Could not run %s\n", 1253 _PATH_SSH_USER_RC); 1254 } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { 1255 if (debug_flag) 1256 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, 1257 _PATH_SSH_SYSTEM_RC); 1258 f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w"); 1259 if (f) { 1260 if (do_xauth) 1261 fprintf(f, "%s %s\n", s->auth_proto, 1262 s->auth_data); 1263 pclose(f); 1264 } else 1265 fprintf(stderr, "Could not run %s\n", 1266 _PATH_SSH_SYSTEM_RC); 1267 } else if (do_xauth && options.xauth_location != NULL) { 1268 /* Add authority data to .Xauthority if appropriate. */ 1269 if (debug_flag) { 1270 fprintf(stderr, 1271 "Running %.500s add " 1272 "%.100s %.100s %.100s\n", 1273 options.xauth_location, s->auth_display, 1274 s->auth_proto, s->auth_data); 1275 } 1276 snprintf(cmd, sizeof cmd, "%s -q -", 1277 options.xauth_location); 1278 f = popen(cmd, "w"); 1279 if (f) { 1280 fprintf(f, "add %s %s %s\n", 1281 s->auth_display, s->auth_proto, 1282 s->auth_data); 1283 pclose(f); 1284 } else { 1285 fprintf(stderr, "Could not run %s\n", 1286 cmd); 1287 } 1288 } 1289} 1290 1291static void 1292do_nologin(struct passwd *pw) 1293{ 1294 FILE *f = NULL; 1295 char buf[1024]; 1296 1297#ifdef HAVE_LOGIN_CAP 1298 if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid) 1299 f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, 1300 _PATH_NOLOGIN), "r"); 1301#else 1302 if (pw->pw_uid) 1303 f = fopen(_PATH_NOLOGIN, "r"); 1304#endif 1305 if (f) { 1306 /* /etc/nologin exists. Print its contents and exit. */ 1307 log("User %.100s not allowed because %s exists", 1308 pw->pw_name, _PATH_NOLOGIN); 1309 while (fgets(buf, sizeof(buf), f)) 1310 fputs(buf, stderr); 1311 fclose(f); 1312 exit(254); 1313 } 1314} 1315 1316/* Set login name, uid, gid, and groups. */ 1317void 1318do_setusercontext(struct passwd *pw) 1319{ 1320#ifdef HAVE_CYGWIN 1321 if (is_winnt) { 1322#else /* HAVE_CYGWIN */ 1323 if (getuid() == 0 || geteuid() == 0) { 1324#endif /* HAVE_CYGWIN */ 1325#ifdef HAVE_SETPCRED 1326 setpcred(pw->pw_name); 1327#endif /* HAVE_SETPCRED */ 1328#ifdef HAVE_LOGIN_CAP 1329# ifdef __bsdi__ 1330 setpgid(0, 0); 1331# endif 1332 if (setusercontext(lc, pw, pw->pw_uid, 1333 (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { 1334 perror("unable to set user context"); 1335 exit(1); 1336 } 1337#else 1338# if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) 1339 /* Sets login uid for accounting */ 1340 if (getluid() == -1 && setluid(pw->pw_uid) == -1) 1341 error("setluid: %s", strerror(errno)); 1342# endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ 1343 1344 if (setlogin(pw->pw_name) < 0) 1345 error("setlogin failed: %s", strerror(errno)); 1346 if (setgid(pw->pw_gid) < 0) { 1347 perror("setgid"); 1348 exit(1); 1349 } 1350 /* Initialize the group list. */ 1351 if (initgroups(pw->pw_name, pw->pw_gid) < 0) { 1352 perror("initgroups"); 1353 exit(1); 1354 } 1355 endgrent(); 1356# if 0 1357# ifdef USE_PAM 1358 /* 1359 * PAM credentials may take the form of supplementary groups. 1360 * These will have been wiped by the above initgroups() call. 1361 * Reestablish them here. 1362 */ 1363 do_pam_setcred(0); 1364# endif /* USE_PAM */ 1365# endif /* 0 */ 1366# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) 1367 irix_setusercontext(pw); 1368# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ 1369# ifdef _AIX 1370 aix_usrinfo(pw); 1371# endif /* _AIX */ 1372 /* Permanently switch to the desired uid. */ 1373 permanently_set_uid(pw); 1374#endif 1375 } 1376 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1377 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); 1378} 1379 1380static void 1381launch_login(struct passwd *pw, const char *hostname) 1382{ 1383 /* Launch login(1). */ 1384 1385 execl(LOGIN_PROGRAM, "login", "-h", hostname, 1386#ifdef xxxLOGIN_NEEDS_TERM 1387 (s->term ? s->term : "unknown"), 1388#endif /* LOGIN_NEEDS_TERM */ 1389#ifdef LOGIN_NO_ENDOPT 1390 "-p", "-f", pw->pw_name, (char *)NULL); 1391#else 1392 "-p", "-f", "--", pw->pw_name, (char *)NULL); 1393#endif 1394 1395 /* Login couldn't be executed, die. */ 1396 1397 perror("login"); 1398 exit(1); 1399} 1400 1401/* 1402 * Performs common processing for the child, such as setting up the 1403 * environment, closing extra file descriptors, setting the user and group 1404 * ids, and executing the command or shell. 1405 */ 1406void 1407do_child(Session *s, const char *command) 1408{ 1409 extern char **environ; 1410 char **env; 1411 char *argv[10]; 1412 const char *shell, *shell0, *hostname = NULL; 1413 struct passwd *pw = s->pw; 1414 1415 /* remove hostkey from the child's memory */ 1416 destroy_sensitive_data(); 1417 1418 /* login(1) is only called if we execute the login shell */ 1419 if (options.use_login && command != NULL) 1420 options.use_login = 0; 1421 1422#ifdef _UNICOS 1423 cray_setup(pw->pw_uid, pw->pw_name, command); 1424#endif /* _UNICOS */ 1425 1426 /* 1427 * Login(1) does this as well, and it needs uid 0 for the "-h" 1428 * switch, so we let login(1) to this for us. 1429 */ 1430 if (!options.use_login) { 1431#ifdef HAVE_OSF_SIA 1432 session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); 1433 if (!check_quietlogin(s, command)) 1434 do_motd(); 1435#else /* HAVE_OSF_SIA */ 1436 do_nologin(pw); 1437 do_setusercontext(pw); 1438#endif /* HAVE_OSF_SIA */ 1439 } 1440 1441 /* 1442 * Get the shell from the password data. An empty shell field is 1443 * legal, and means /bin/sh. 1444 */ 1445 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 1446#ifdef HAVE_LOGIN_CAP 1447 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); 1448#endif 1449 1450 env = do_setup_env(s, shell); 1451 1452 /* we have to stash the hostname before we close our socket. */ 1453 if (options.use_login) 1454 hostname = get_remote_name_or_ip(utmp_len, 1455 options.verify_reverse_mapping); 1456 /* 1457 * Close the connection descriptors; note that this is the child, and 1458 * the server will still have the socket open, and it is important 1459 * that we do not shutdown it. Note that the descriptors cannot be 1460 * closed before building the environment, as we call 1461 * get_remote_ipaddr there. 1462 */ 1463 if (packet_get_connection_in() == packet_get_connection_out()) 1464 close(packet_get_connection_in()); 1465 else { 1466 close(packet_get_connection_in()); 1467 close(packet_get_connection_out()); 1468 } 1469 /* 1470 * Close all descriptors related to channels. They will still remain 1471 * open in the parent. 1472 */ 1473 /* XXX better use close-on-exec? -markus */ 1474 channel_close_all(); 1475 1476 /* 1477 * Close any extra file descriptors. Note that there may still be 1478 * descriptors left by system functions. They will be closed later. 1479 */ 1480 endpwent(); 1481 1482 /* 1483 * Close any extra open file descriptors so that we don\'t have them 1484 * hanging around in clients. Note that we want to do this after 1485 * initgroups, because at least on Solaris 2.3 it leaves file 1486 * descriptors open. 1487 */ 1488 closefrom(STDERR_FILENO + 1); 1489 1490 /* 1491 * Must take new environment into use so that .ssh/rc, 1492 * /etc/ssh/sshrc and xauth are run in the proper environment. 1493 */ 1494 environ = env; 1495 1496#ifdef AFS 1497 /* Try to get AFS tokens for the local cell. */ 1498 if (k_hasafs()) { 1499 char cell[64]; 1500 1501 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) 1502 krb_afslog(cell, 0); 1503 1504 krb_afslog(0, 0); 1505 } 1506#endif /* AFS */ 1507 1508 /* Change current directory to the user\'s home directory. */ 1509 if (chdir(pw->pw_dir) < 0) { 1510 fprintf(stderr, 1511 gettext("Could not chdir to home directory %s: %s\n"), 1512 pw->pw_dir, strerror(errno)); 1513#ifdef HAVE_LOGIN_CAP 1514 if (login_getcapbool(lc, "requirehome", 0)) 1515 exit(1); 1516#endif 1517 } 1518 1519 if (!options.use_login) 1520 do_rc_files(s, shell); 1521 1522 /* restore SIGPIPE for child */ 1523 signal(SIGPIPE, SIG_DFL); 1524 1525 if (options.use_login) { 1526 launch_login(pw, hostname); 1527 /* NEVERREACHED */ 1528 } 1529 1530 /* Get the last component of the shell name. */ 1531 if ((shell0 = strrchr(shell, '/')) != NULL) 1532 shell0++; 1533 else 1534 shell0 = shell; 1535 1536 /* 1537 * If we have no command, execute the shell. In this case, the shell 1538 * name to be passed in argv[0] is preceded by '-' to indicate that 1539 * this is a login shell. 1540 */ 1541 if (!command) { 1542 char argv0[256]; 1543 1544 /* Start the shell. Set initial character to '-'. */ 1545 argv0[0] = '-'; 1546 1547 if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1) 1548 >= sizeof(argv0) - 1) { 1549 errno = EINVAL; 1550 perror(shell); 1551 exit(1); 1552 } 1553 1554 /* Execute the shell. */ 1555 argv[0] = argv0; 1556 argv[1] = NULL; 1557 execve(shell, argv, env); 1558 1559 /* Executing the shell failed. */ 1560 perror(shell); 1561 exit(1); 1562 } 1563 /* 1564 * Execute the command using the user's shell. This uses the -c 1565 * option to execute the command. 1566 */ 1567 argv[0] = (char *) shell0; 1568 argv[1] = "-c"; 1569 argv[2] = (char *) command; 1570 argv[3] = NULL; 1571 execve(shell, argv, env); 1572 perror(shell); 1573 exit(1); 1574} 1575 1576Session * 1577session_new(void) 1578{ 1579 int i; 1580 static int did_init = 0; 1581 if (!did_init) { 1582 debug("session_new: init"); 1583 for (i = 0; i < MAX_SESSIONS; i++) { 1584 sessions[i].used = 0; 1585 } 1586 did_init = 1; 1587 } 1588 for (i = 0; i < MAX_SESSIONS; i++) { 1589 Session *s = &sessions[i]; 1590 if (! s->used) { 1591 memset(s, 0, sizeof(*s)); 1592 s->chanid = -1; 1593 s->ptyfd = -1; 1594 s->ttyfd = -1; 1595 s->used = 1; 1596 s->self = i; 1597 s->env = NULL; 1598 debug("session_new: session %d", i); 1599 return s; 1600 } 1601 } 1602 return NULL; 1603} 1604 1605static void 1606session_dump(void) 1607{ 1608 int i; 1609 for (i = 0; i < MAX_SESSIONS; i++) { 1610 Session *s = &sessions[i]; 1611 debug("dump: used %d session %d %p channel %d pid %ld", 1612 s->used, 1613 s->self, 1614 s, 1615 s->chanid, 1616 (long)s->pid); 1617 } 1618} 1619 1620int 1621session_open(Authctxt *authctxt, int chanid) 1622{ 1623 Session *s = session_new(); 1624 debug("session_open: channel %d", chanid); 1625 if (s == NULL) { 1626 error("no more sessions"); 1627 return 0; 1628 } 1629 s->authctxt = authctxt; 1630 s->pw = authctxt->pw; 1631 if (s->pw == NULL) 1632 fatal("no user for session %d", s->self); 1633 debug("session_open: session %d: link with channel %d", s->self, chanid); 1634 s->chanid = chanid; 1635 return 1; 1636} 1637 1638#ifndef lint 1639Session * 1640session_by_tty(char *tty) 1641{ 1642 int i; 1643 for (i = 0; i < MAX_SESSIONS; i++) { 1644 Session *s = &sessions[i]; 1645 if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) { 1646 debug("session_by_tty: session %d tty %s", i, tty); 1647 return s; 1648 } 1649 } 1650 debug("session_by_tty: unknown tty %.100s", tty); 1651 session_dump(); 1652 return NULL; 1653} 1654#endif /* lint */ 1655 1656static Session * 1657session_by_channel(int id) 1658{ 1659 int i; 1660 for (i = 0; i < MAX_SESSIONS; i++) { 1661 Session *s = &sessions[i]; 1662 if (s->used && s->chanid == id) { 1663 debug("session_by_channel: session %d channel %d", i, id); 1664 return s; 1665 } 1666 } 1667 debug("session_by_channel: unknown channel %d", id); 1668 session_dump(); 1669 return NULL; 1670} 1671 1672static Session * 1673session_by_pid(pid_t pid) 1674{ 1675 int i; 1676 debug("session_by_pid: pid %ld", (long)pid); 1677 for (i = 0; i < MAX_SESSIONS; i++) { 1678 Session *s = &sessions[i]; 1679 if (s->used && s->pid == pid) 1680 return s; 1681 } 1682 error("session_by_pid: unknown pid %ld", (long)pid); 1683 session_dump(); 1684 return NULL; 1685} 1686 1687static int 1688session_window_change_req(Session *s) 1689{ 1690 s->col = packet_get_int(); 1691 s->row = packet_get_int(); 1692 s->xpixel = packet_get_int(); 1693 s->ypixel = packet_get_int(); 1694 packet_check_eom(); 1695 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1696 return 1; 1697} 1698 1699static int 1700session_pty_req(Session *s) 1701{ 1702 u_int len; 1703 int n_bytes; 1704 1705 if (no_pty_flag) { 1706 debug("Allocating a pty not permitted for this authentication."); 1707 return 0; 1708 } 1709 if (s->ttyfd != -1) { 1710 packet_disconnect("Protocol error: you already have a pty."); 1711 return 0; 1712 } 1713 /* Get the time and hostname when the user last logged in. */ 1714 if (options.print_lastlog) { 1715 s->hostname[0] = '\0'; 1716 s->last_login_time = get_last_login_time(s->pw->pw_uid, 1717 s->pw->pw_name, s->hostname, sizeof(s->hostname)); 1718 1719 /* 1720 * PAM may update the last login date. 1721 * 1722 * Ideally PAM would also show the last login date as a 1723 * PAM_TEXT_INFO conversation message, and then we could just 1724 * always force the use of keyboard-interactive just so we can 1725 * pass any such PAM prompts and messages from the account and 1726 * session stacks, but skip pam_authenticate() if other userauth 1727 * has succeeded and the user's password isn't expired. 1728 * 1729 * Unfortunately this depends on support for keyboard- 1730 * interactive in the client, and support for lastlog messages 1731 * in some PAM module. 1732 * 1733 * As it is Solaris updates the lastlog in PAM, but does 1734 * not show the lastlog date in PAM. If and when this state of 1735 * affairs changes this hack can be reconsidered, and, maybe, 1736 * removed. 1737 * 1738 * So we're stuck with a crude hack: get the lastlog 1739 * time before calling pam_open_session() and store it 1740 * in the Authctxt and then use it here once. After 1741 * that, if the client opens any more pty sessions we'll 1742 * show the last lastlog entry since userauth. 1743 */ 1744 if (s->authctxt != NULL && s->authctxt->last_login_time > 0) { 1745 s->last_login_time = s->authctxt->last_login_time; 1746 (void) strlcpy(s->hostname, 1747 s->authctxt->last_login_host, 1748 sizeof(s->hostname)); 1749 s->authctxt->last_login_time = 0; 1750 s->authctxt->last_login_host[0] = '\0'; 1751 } 1752 } 1753 1754 s->term = packet_get_string(&len); 1755 1756 if (compat20) { 1757 s->col = packet_get_int(); 1758 s->row = packet_get_int(); 1759 } else { 1760 s->row = packet_get_int(); 1761 s->col = packet_get_int(); 1762 } 1763 s->xpixel = packet_get_int(); 1764 s->ypixel = packet_get_int(); 1765 1766 if (strcmp(s->term, "") == 0) { 1767 xfree(s->term); 1768 s->term = NULL; 1769 } 1770 1771 /* Allocate a pty and open it. */ 1772 debug("Allocating pty."); 1773 if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) { 1774 if (s->term) 1775 xfree(s->term); 1776 s->term = NULL; 1777 s->ptyfd = -1; 1778 s->ttyfd = -1; 1779 error("session_pty_req: session %d alloc failed", s->self); 1780 return 0; 1781 } 1782 debug("session_pty_req: session %d alloc %s", s->self, s->tty); 1783 1784 /* for SSH1 the tty modes length is not given */ 1785 if (!compat20) 1786 n_bytes = packet_remaining(); 1787 tty_parse_modes(s->ttyfd, &n_bytes); 1788 1789 /* 1790 * Add a cleanup function to clear the utmp entry and record logout 1791 * time in case we call fatal() (e.g., the connection gets closed). 1792 */ 1793 fatal_add_cleanup(session_pty_cleanup, (void *)s); 1794 pty_setowner(s->pw, s->tty); 1795 1796 /* Set window size from the packet. */ 1797 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1798 1799 packet_check_eom(); 1800 session_proctitle(s); 1801 return 1; 1802} 1803 1804static int 1805session_subsystem_req(Session *s) 1806{ 1807 struct stat st; 1808 u_int len; 1809 int success = 0; 1810 char *cmd, *subsys = packet_get_string(&len); 1811 int i; 1812 1813 packet_check_eom(); 1814 log("subsystem request for %.100s", subsys); 1815 1816 for (i = 0; i < options.num_subsystems; i++) { 1817 if (strcmp(subsys, options.subsystem_name[i]) == 0) { 1818 cmd = options.subsystem_command[i]; 1819 if (stat(cmd, &st) < 0) { 1820 error("subsystem: cannot stat %s: %s", cmd, 1821 strerror(errno)); 1822 break; 1823 } 1824 debug("subsystem: exec() %s", cmd); 1825 s->is_subsystem = 1; 1826 do_exec(s, cmd); 1827 success = 1; 1828 break; 1829 } 1830 } 1831 1832 if (!success) 1833 log("subsystem request for %.100s failed, subsystem not found", 1834 subsys); 1835 1836 xfree(subsys); 1837 return success; 1838} 1839 1840/* 1841 * Serve "x11-req" channel request for X11 forwarding for the current session 1842 * channel. 1843 */ 1844static int 1845session_x11_req(Session *s) 1846{ 1847 int success, fd; 1848 char xauthdir[] = "/tmp/ssh-xauth-XXXXXX"; 1849 1850 s->single_connection = packet_get_char(); 1851 s->auth_proto = packet_get_string(NULL); 1852 s->auth_data = packet_get_string(NULL); 1853 s->screen = packet_get_int(); 1854 packet_check_eom(); 1855 1856 success = session_setup_x11fwd(s); 1857 if (!success) { 1858 xfree(s->auth_proto); 1859 xfree(s->auth_data); 1860 s->auth_proto = NULL; 1861 s->auth_data = NULL; 1862 } 1863 1864 /* 1865 * Create per session X authority file so that different sessions 1866 * don't contend for one common file. The reason for this is that 1867 * xauth(1) locking doesn't work too well over network filesystems. 1868 * 1869 * If mkdtemp() or open() fails then s->auth_file remains NULL which 1870 * means that we won't set XAUTHORITY variable in child's environment 1871 * and xauth(1) will use the default location for the authority file. 1872 */ 1873 if (success && mkdtemp(xauthdir) != NULL) { 1874 s->auth_file = xmalloc(MAXPATHLEN); 1875 snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile", 1876 xauthdir); 1877 /* 1878 * we don't want that "creating new authority file" message to 1879 * be printed by xauth(1) so we must create that file 1880 * beforehand. 1881 */ 1882 if ((fd = open(s->auth_file, O_CREAT | O_EXCL | O_RDONLY, 1883 S_IRUSR | S_IWUSR)) == -1) { 1884 error("failed to create the temporary X authority " 1885 "file %s: %.100s; will use the default one", 1886 s->auth_file, strerror(errno)); 1887 xfree(s->auth_file); 1888 s->auth_file = NULL; 1889 if (rmdir(xauthdir) == -1) { 1890 error("cannot remove xauth directory %s: %.100s", 1891 xauthdir, strerror(errno)); 1892 } 1893 } else { 1894 close(fd); 1895 debug("temporary X authority file %s created", 1896 s->auth_file); 1897 1898 /* 1899 * add a cleanup function to remove the temporary 1900 * xauth file in case we call fatal() (e.g., the 1901 * connection gets closed). 1902 */ 1903 fatal_add_cleanup(session_xauthfile_cleanup, (void *)s); 1904 } 1905 } 1906 else { 1907 error("failed to create a directory for the temporary X " 1908 "authority file: %.100s; will use the default xauth file", 1909 strerror(errno)); 1910 } 1911 1912 return success; 1913} 1914 1915static int 1916session_shell_req(Session *s) 1917{ 1918 packet_check_eom(); 1919 do_exec(s, NULL); 1920 return 1; 1921} 1922 1923static int 1924session_exec_req(Session *s) 1925{ 1926 u_int len; 1927 char *command = packet_get_string(&len); 1928 packet_check_eom(); 1929 do_exec(s, command); 1930 xfree(command); 1931 return 1; 1932} 1933 1934static int 1935session_auth_agent_req(Session *s) 1936{ 1937 static int called = 0; 1938 packet_check_eom(); 1939 if (no_agent_forwarding_flag) { 1940 debug("session_auth_agent_req: no_agent_forwarding_flag"); 1941 return 0; 1942 } 1943 if (called) { 1944 return 0; 1945 } else { 1946 called = 1; 1947 return auth_input_request_forwarding(s->pw); 1948 } 1949} 1950 1951static int 1952session_loc_env_check(char *var, char *val) 1953{ 1954 char *current; 1955 int cat, ret; 1956 1957 if (strcmp(var, "LANG") == 0) 1958 cat = LC_ALL; 1959 else if (strcmp(var, "LC_ALL") == 0) 1960 cat = LC_ALL; 1961 else if (strcmp(var, "LC_CTYPE") == 0) 1962 cat = LC_CTYPE; 1963 else if (strcmp(var, "LC_COLLATE") == 0) 1964 cat = LC_COLLATE; 1965 else if (strcmp(var, "LC_TIME") == 0) 1966 cat = LC_TIME; 1967 else if (strcmp(var, "LC_NUMERIC") == 0) 1968 cat = LC_NUMERIC; 1969 else if (strcmp(var, "LC_MONETARY") == 0) 1970 cat = LC_MONETARY; 1971 else if (strcmp(var, "LC_MESSAGES") == 0) 1972 cat = LC_MESSAGES; 1973 1974 if ((current = setlocale(cat, NULL)) != NULL) 1975 current = xstrdup(current); 1976 1977 ret = (setlocale(cat, val) != NULL); 1978 (void) setlocale(cat, current); 1979 return (ret); 1980} 1981 1982static int 1983session_env_req(Session *s) 1984{ 1985 Channel *c; 1986 char *var, *val, *e; 1987 char **p; 1988 size_t len; 1989 int ret = 0; 1990 1991 /* Get var/val from the rest of this packet */ 1992 var = packet_get_string(NULL); 1993 val = packet_get_string(NULL); 1994 1995 /* 1996 * We'll need the channel ID for the packet_send_debug messages, 1997 * so get it now. 1998 */ 1999 if ((c = channel_lookup(s->chanid)) == NULL) 2000 goto done; /* shouldn't happen! */ 2001 2002 debug2("Received request for environment variable %s=%s", var, val); 2003 2004 /* For now allow only LANG and LC_* */ 2005 if (strcmp(var, "LANG") != 0 && strncmp(var, "LC_", 3) != 0) { 2006 debug2("Rejecting request for environment variable %s", var); 2007 goto done; 2008 } 2009 2010 if (!session_loc_env_check(var, val)) { 2011 packet_send_debug(gettext("Missing locale support for %s=%s"), 2012 var, val); 2013 goto done; 2014 } 2015 2016 packet_send_debug(gettext("Channel %d set: %s=%s"), c->remote_id, 2017 var, val); 2018 2019 /* 2020 * Always append new environment variables without regard to old 2021 * ones being overriden. The way these are actually added to 2022 * the environment of the session process later settings 2023 * override earlier ones; see copy_environment(). 2024 */ 2025 if (s->env == NULL) { 2026 char **env; 2027 2028 env = xmalloc(sizeof (char **) * 2); 2029 memset(env, 0, sizeof (char **) * 2); 2030 2031 s->env = env; 2032 p = env; 2033 } else { 2034 for (p = s->env; *p != NULL ; p++); 2035 2036 s->env = xrealloc(s->env, (p - s->env + 2) * sizeof (char **)); 2037 2038 for (p = s->env; *p != NULL ; p++); 2039 } 2040 2041 len = snprintf(NULL, 0, "%s=%s", var, val); 2042 e = xmalloc(len + 1); 2043 (void) snprintf(e, len + 1, "%s=%s", var, val); 2044 2045 (*p++) = e; 2046 *p = NULL; 2047 2048 ret = 1; 2049 2050done: 2051 xfree(var); 2052 xfree(val); 2053 2054 return (ret); 2055} 2056 2057static void 2058session_free_env(char ***envp) 2059{ 2060 char **env, **p; 2061 2062 if (envp == NULL || *envp == NULL) 2063 return; 2064 2065 env = *envp; 2066 2067 *envp = NULL; 2068 2069 for (p = env; *p != NULL; p++) 2070 xfree(*p); 2071 2072 xfree(env); 2073} 2074 2075int 2076session_input_channel_req(Channel *c, const char *rtype) 2077{ 2078 int success = 0; 2079 Session *s; 2080 2081 if ((s = session_by_channel(c->self)) == NULL) { 2082 log("session_input_channel_req: no session %d req %.100s", 2083 c->self, rtype); 2084 return 0; 2085 } 2086 debug("session_input_channel_req: session %d req %s", s->self, rtype); 2087 2088 /* 2089 * a session is in LARVAL state until a shell, a command 2090 * or a subsystem is executed 2091 */ 2092 if (c->type == SSH_CHANNEL_LARVAL) { 2093 if (strcmp(rtype, "shell") == 0) { 2094 success = session_shell_req(s); 2095 } else if (strcmp(rtype, "exec") == 0) { 2096 success = session_exec_req(s); 2097 } else if (strcmp(rtype, "pty-req") == 0) { 2098 success = session_pty_req(s); 2099 } else if (strcmp(rtype, "x11-req") == 0) { 2100 success = session_x11_req(s); 2101 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) { 2102 success = session_auth_agent_req(s); 2103 } else if (strcmp(rtype, "subsystem") == 0) { 2104 success = session_subsystem_req(s); 2105 } else if (strcmp(rtype, "env") == 0) { 2106 success = session_env_req(s); 2107 } 2108 } 2109 if (strcmp(rtype, "window-change") == 0) { 2110 success = session_window_change_req(s); 2111 } 2112 return success; 2113} 2114 2115void 2116session_set_fds(Session *s, int fdin, int fdout, int fderr) 2117{ 2118 if (!compat20) 2119 fatal("session_set_fds: called for proto != 2.0"); 2120 /* 2121 * now that have a child and a pipe to the child, 2122 * we can activate our channel and register the fd's 2123 */ 2124 if (s->chanid == -1) 2125 fatal("no channel for session %d", s->self); 2126 channel_set_fds(s->chanid, 2127 fdout, fdin, fderr, 2128 fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, 2129 1, 2130 CHAN_SES_WINDOW_DEFAULT); 2131} 2132 2133/* 2134 * Function to perform pty cleanup. Also called if we get aborted abnormally 2135 * (e.g., due to a dropped connection). 2136 */ 2137void 2138session_pty_cleanup2(void *session) 2139{ 2140 Session *s = session; 2141 2142 if (s == NULL) { 2143 error("session_pty_cleanup: no session"); 2144 return; 2145 } 2146 if (s->ttyfd == -1) 2147 return; 2148 2149 debug("session_pty_cleanup: session %d release %s", s->self, s->tty); 2150 2151#ifdef USE_PAM 2152 session_do_pam(s, 0); 2153#endif /* USE_PAM */ 2154 2155 /* Record that the user has logged out. */ 2156 if (s->pid != 0) { 2157 debug3("Recording SSHv2 channel login in utmpx/wtmpx"); 2158#ifdef ALTPRIVSEP 2159 altprivsep_record_logout(s->pid); 2160#endif /* ALTPRIVSEP */ 2161 } 2162 2163 /* Release the pseudo-tty. */ 2164 if (getuid() == 0) 2165 pty_release(s->tty); 2166 2167 /* 2168 * Close the server side of the socket pairs. We must do this after 2169 * the pty cleanup, so that another process doesn't get this pty 2170 * while we're still cleaning up. 2171 */ 2172 if (close(s->ptymaster) < 0) 2173 error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); 2174 2175 /* unlink pty from session */ 2176 s->ttyfd = -1; 2177} 2178 2179void 2180session_pty_cleanup(void *session) 2181{ 2182 session_pty_cleanup2(session); 2183} 2184 2185/* 2186 * We use a different temporary X authority file per every session so we 2187 * should remove those files when fatal() is called. 2188 */ 2189void 2190session_xauthfile_cleanup(void *session) 2191{ 2192 Session *s = session; 2193 2194 if (s == NULL) { 2195 error("session_xauthfile_cleanup: no session"); 2196 return; 2197 } 2198 2199 debug("session_xauthfile_cleanup: session %d removing %s", s->self, 2200 s->auth_file); 2201 2202 if (unlink(s->auth_file) == -1) { 2203 error("session_xauthfile_cleanup: cannot remove xauth file: " 2204 "%.100s", strerror(errno)); 2205 return; 2206 } 2207 2208 /* dirname() will modify s->auth_file but that's ok */ 2209 if (rmdir(dirname(s->auth_file)) == -1) { 2210 error("session_xauthfile_cleanup: " 2211 "cannot remove xauth directory: %.100s", strerror(errno)); 2212 return; 2213 } 2214} 2215 2216static char * 2217sig2name(int sig) 2218{ 2219#define SSH_SIG(x) if (sig == SIG ## x) return #x 2220 SSH_SIG(ABRT); 2221 SSH_SIG(ALRM); 2222 SSH_SIG(FPE); 2223 SSH_SIG(HUP); 2224 SSH_SIG(ILL); 2225 SSH_SIG(INT); 2226 SSH_SIG(KILL); 2227 SSH_SIG(PIPE); 2228 SSH_SIG(QUIT); 2229 SSH_SIG(SEGV); 2230 SSH_SIG(TERM); 2231 SSH_SIG(USR1); 2232 SSH_SIG(USR2); 2233#undef SSH_SIG 2234 return "SIG@openssh.com"; 2235} 2236 2237static void 2238session_exit_message(Session *s, int status) 2239{ 2240 Channel *c; 2241 2242 if ((c = channel_lookup(s->chanid)) == NULL) 2243 fatal("session_exit_message: session %d: no channel %d", 2244 s->self, s->chanid); 2245 debug("session_exit_message: session %d channel %d pid %ld", 2246 s->self, s->chanid, (long)s->pid); 2247 2248 if (WIFEXITED(status)) { 2249 channel_request_start(s->chanid, "exit-status", 0); 2250 packet_put_int(WEXITSTATUS(status)); 2251 packet_send(); 2252 } else if (WIFSIGNALED(status)) { 2253 channel_request_start(s->chanid, "exit-signal", 0); 2254 packet_put_cstring(sig2name(WTERMSIG(status))); 2255#ifdef WCOREDUMP 2256 packet_put_char(WCOREDUMP(status)); 2257#else /* WCOREDUMP */ 2258 packet_put_char(0); 2259#endif /* WCOREDUMP */ 2260 packet_put_cstring(""); 2261 packet_put_cstring(""); 2262 packet_send(); 2263 } else { 2264 /* Some weird exit cause. Just exit. */ 2265 packet_disconnect("wait returned status %04x.", status); 2266 } 2267 2268 /* Ok to close channel now */ 2269 channel_set_wait_for_exit(s->chanid, 0); 2270 2271 /* disconnect channel */ 2272 debug("session_exit_message: release channel %d", s->chanid); 2273 channel_cancel_cleanup(s->chanid); 2274 /* 2275 * emulate a write failure with 'chan_write_failed', nobody will be 2276 * interested in data we write. 2277 * Note that we must not call 'chan_read_failed', since there could 2278 * be some more data waiting in the pipe. 2279 */ 2280 if (c->ostate != CHAN_OUTPUT_CLOSED) 2281 chan_write_failed(c); 2282 s->chanid = -1; 2283} 2284 2285void 2286session_close(Session *s) 2287{ 2288 debug("session_close: session %d pid %ld", s->self, (long)s->pid); 2289 if (s->ttyfd != -1) { 2290 fatal_remove_cleanup(session_pty_cleanup, (void *)s); 2291 session_pty_cleanup(s); 2292 } 2293 if (s->auth_file != NULL) { 2294 fatal_remove_cleanup(session_xauthfile_cleanup, (void *)s); 2295 session_xauthfile_cleanup(s); 2296 xfree(s->auth_file); 2297 } 2298 if (s->term) 2299 xfree(s->term); 2300 if (s->display) 2301 xfree(s->display); 2302 if (s->auth_display) 2303 xfree(s->auth_display); 2304 if (s->auth_data) 2305 xfree(s->auth_data); 2306 if (s->auth_proto) 2307 xfree(s->auth_proto); 2308 if (s->command) 2309 xfree(s->command); 2310 session_free_env(&s->env); 2311 s->used = 0; 2312 session_proctitle(s); 2313} 2314 2315void 2316session_close_by_pid(pid_t pid, int status) 2317{ 2318 Session *s = session_by_pid(pid); 2319 if (s == NULL) { 2320 debug("session_close_by_pid: no session for pid %ld", 2321 (long)pid); 2322 return; 2323 } 2324 if (s->chanid != -1) 2325 session_exit_message(s, status); 2326 session_close(s); 2327} 2328 2329/* 2330 * This is called when a channel dies before the session 'child' itself dies. 2331 * It can happen for example if we exit from an interactive shell before we 2332 * exit from forwarded X11 applications. 2333 */ 2334void 2335session_close_by_channel(int id, void *arg) 2336{ 2337 Session *s = session_by_channel(id); 2338 if (s == NULL) { 2339 debug("session_close_by_channel: no session for id %d", id); 2340 return; 2341 } 2342 debug("session_close_by_channel: channel %d child %ld", 2343 id, (long)s->pid); 2344 if (s->pid != 0) { 2345 debug("session_close_by_channel: channel %d: has child", id); 2346 /* 2347 * delay detach of session, but release pty, since 2348 * the fd's to the child are already closed 2349 */ 2350 if (s->ttyfd != -1) { 2351 fatal_remove_cleanup(session_pty_cleanup, (void *)s); 2352 session_pty_cleanup(s); 2353 } 2354 return; 2355 } 2356 /* detach by removing callback */ 2357 channel_cancel_cleanup(s->chanid); 2358 s->chanid = -1; 2359 session_close(s); 2360} 2361 2362void 2363session_destroy_all(void (*closefunc)(Session *)) 2364{ 2365 int i; 2366 for (i = 0; i < MAX_SESSIONS; i++) { 2367 Session *s = &sessions[i]; 2368 if (s->used) { 2369 if (closefunc != NULL) 2370 closefunc(s); 2371 else 2372 session_close(s); 2373 } 2374 } 2375} 2376 2377static char * 2378session_tty_list(void) 2379{ 2380 static char buf[1024]; 2381 int i; 2382 buf[0] = '\0'; 2383 for (i = 0; i < MAX_SESSIONS; i++) { 2384 Session *s = &sessions[i]; 2385 if (s->used && s->ttyfd != -1) { 2386 if (buf[0] != '\0') 2387 strlcat(buf, ",", sizeof buf); 2388 strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf); 2389 } 2390 } 2391 if (buf[0] == '\0') 2392 strlcpy(buf, "notty", sizeof buf); 2393 return buf; 2394} 2395 2396void 2397session_proctitle(Session *s) 2398{ 2399 if (s->pw == NULL) 2400 error("no user for session %d", s->self); 2401 else 2402 setproctitle("%s@%s", s->pw->pw_name, session_tty_list()); 2403} 2404 2405int 2406session_setup_x11fwd(Session *s) 2407{ 2408 struct stat st; 2409 char display[512], auth_display[512]; 2410 char hostname[MAXHOSTNAMELEN]; 2411 2412 if (no_x11_forwarding_flag) { 2413 packet_send_debug("X11 forwarding disabled in user configuration file."); 2414 return 0; 2415 } 2416 if (!options.x11_forwarding) { 2417 debug("X11 forwarding disabled in server configuration file."); 2418 return 0; 2419 } 2420 if (!options.xauth_location || 2421 (stat(options.xauth_location, &st) == -1)) { 2422 packet_send_debug("No xauth program; cannot forward with spoofing."); 2423 return 0; 2424 } 2425 if (options.use_login) { 2426 packet_send_debug("X11 forwarding disabled; " 2427 "not compatible with UseLogin=yes."); 2428 return 0; 2429 } 2430 if (s->display != NULL) { 2431 debug("X11 display already set."); 2432 return 0; 2433 } 2434 if (x11_create_display_inet(options.x11_display_offset, 2435 options.x11_use_localhost, s->single_connection, 2436 &s->display_number) == -1) { 2437 debug("x11_create_display_inet failed."); 2438 return 0; 2439 } 2440 2441 /* Set up a suitable value for the DISPLAY variable. */ 2442 if (gethostname(hostname, sizeof(hostname)) < 0) 2443 fatal("gethostname: %.100s", strerror(errno)); 2444 /* 2445 * auth_display must be used as the displayname when the 2446 * authorization entry is added with xauth(1). This will be 2447 * different than the DISPLAY string for localhost displays. 2448 */ 2449 if (options.x11_use_localhost) { 2450 snprintf(display, sizeof display, "localhost:%u.%u", 2451 s->display_number, s->screen); 2452 snprintf(auth_display, sizeof auth_display, "unix:%u.%u", 2453 s->display_number, s->screen); 2454 s->display = xstrdup(display); 2455 s->auth_display = xstrdup(auth_display); 2456 } else { 2457#ifdef IPADDR_IN_DISPLAY 2458 struct hostent *he; 2459 struct in_addr my_addr; 2460 2461 he = gethostbyname(hostname); 2462 if (he == NULL) { 2463 error("Can't get IP address for X11 DISPLAY."); 2464 packet_send_debug("Can't get IP address for X11 DISPLAY."); 2465 return 0; 2466 } 2467 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); 2468 snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr), 2469 s->display_number, s->screen); 2470#else 2471 snprintf(display, sizeof display, "%.400s:%u.%u", hostname, 2472 s->display_number, s->screen); 2473#endif 2474 s->display = xstrdup(display); 2475 s->auth_display = xstrdup(display); 2476 } 2477 2478 return 1; 2479} 2480 2481#ifdef USE_PAM 2482int session_do_pam_conv(int, struct pam_message **, 2483 struct pam_response **, void *); 2484 2485static struct pam_conv session_pam_conv = { 2486 session_do_pam_conv, 2487 NULL 2488}; 2489 2490static void 2491session_do_pam(Session *s, int do_open) 2492{ 2493 int pam_retval; 2494 char *where, *old_tty, *old_tty_copy = NULL; 2495 struct pam_conv old_conv, *old_conv_ptr; 2496 2497 if (!s || !s->authctxt || !s->authctxt->pam || !s->authctxt->pam->h) 2498 return; 2499 2500 /* Save current PAM item values */ 2501 where = "getting PAM_CONV"; 2502 pam_retval = pam_get_item(s->authctxt->pam->h, PAM_CONV, 2503 (void **) &old_conv_ptr); 2504 if (pam_retval != PAM_SUCCESS) 2505 goto done; 2506 old_conv = *old_conv_ptr; 2507 2508 where = "getting PAM_TTY"; 2509 pam_retval = pam_get_item(s->authctxt->pam->h, PAM_TTY, 2510 (void **) &old_tty); 2511 if (pam_retval != PAM_SUCCESS) 2512 goto done; 2513 old_tty_copy = xstrdup(old_tty); 2514 2515 /* Change PAM_TTY and PAM_CONV items */ 2516 where = "setting PAM_TTY"; 2517 pam_retval = pam_set_item(s->authctxt->pam->h, PAM_TTY, s->tty); 2518 if (pam_retval != PAM_SUCCESS) 2519 goto done; 2520 2521 where = "setting PAM_CONV"; 2522 session_pam_conv.appdata_ptr = s; 2523 pam_retval = pam_set_item(s->authctxt->pam->h, 2524 PAM_CONV, &session_pam_conv); 2525 if (pam_retval != PAM_SUCCESS) 2526 goto done; 2527 2528 /* Call pam_open/close_session() */ 2529 if (do_open) { 2530 where = "calling pam_open_session()"; 2531 pam_retval = pam_open_session(s->authctxt->pam->h, 0); 2532 } 2533 else { 2534 where = "calling pam_close_session()"; 2535 pam_retval = pam_close_session(s->authctxt->pam->h, 0); 2536 } 2537 2538 /* Reset PAM_TTY and PAM_CONV items to previous values */ 2539 where = "setting PAM_TTY"; 2540 pam_retval = pam_set_item(s->authctxt->pam->h, PAM_TTY, old_tty_copy); 2541 if (pam_retval != PAM_SUCCESS) 2542 goto done; 2543 2544 where = "setting PAM_CONV"; 2545 pam_retval = pam_set_item(s->authctxt->pam->h, PAM_CONV, &old_conv); 2546 if (pam_retval != PAM_SUCCESS) 2547 goto done; 2548 2549 session_pam_conv.appdata_ptr = NULL; 2550 2551done: 2552 if (old_tty_copy) 2553 xfree(old_tty_copy); 2554 2555 if (pam_retval == PAM_SUCCESS) 2556 return; 2557 2558 /* fatal()? probably not... */ 2559 log("PAM failed[%d] while %s: %s", pam_retval, where, 2560 PAM_STRERROR(s->authctxt->pam->h, pam_retval)); 2561} 2562 2563int 2564session_do_pam_conv(int num_prompts, 2565 struct pam_message **prompts, 2566 struct pam_response **resp, 2567 void *app_data) 2568{ 2569 Session *s = (Session *) app_data; 2570 2571 struct pam_response *reply; 2572 int count; 2573 char *prompt; 2574 2575 if (channel_lookup(s->chanid) == NULL) 2576 return PAM_CONV_ERR; 2577 2578 /* PAM will free this later */ 2579 reply = xmalloc(num_prompts * sizeof(*reply)); 2580 2581 (void) memset(reply, 0, num_prompts * sizeof(*reply)); 2582 for (count = 0; count < num_prompts; count++) { 2583 switch(PAM_MSG_MEMBER(prompts, count, msg_style)) { 2584 case PAM_TEXT_INFO: 2585 /* Write to stdout of channel */ 2586 prompt = PAM_MSG_MEMBER(prompts, count, msg); 2587 if (prompt != NULL && s->ttyfd != -1) { 2588 debug2("session_do_pam_conv: text info " 2589 "prompt: %s", prompt); 2590 (void) write(s->ttyfd, prompt, strlen(prompt)); 2591 (void) write(s->ttyfd, "\n", 1); 2592 } 2593 reply[count].resp = xstrdup(""); 2594 reply[count].resp_retcode = PAM_SUCCESS; 2595 break; 2596 case PAM_ERROR_MSG: 2597 /* Write to stderr of channel */ 2598 prompt = PAM_MSG_MEMBER(prompts, count, msg); 2599 if (prompt != NULL && s->ttyfd != -1) { 2600 debug2("session_do_pam_conv: error " 2601 "prompt: %s", prompt); 2602 (void) write(s->ttyfd, prompt, strlen(prompt)); 2603 (void) write(s->ttyfd, "\n", 1); 2604 } 2605 reply[count].resp = xstrdup(""); 2606 reply[count].resp_retcode = PAM_SUCCESS; 2607 break; 2608 case PAM_PROMPT_ECHO_ON: 2609 case PAM_PROMPT_ECHO_OFF: 2610 /* 2611 * XXX Someday add support for echo on/off prompts 2612 * here on sessions with ttys. 2613 */ 2614 default: 2615 xfree(reply); 2616 return PAM_CONV_ERR; 2617 } 2618 } 2619 2620 *resp = reply; 2621 2622 return PAM_SUCCESS; 2623} 2624#endif /* USE_PAM */ 2625 2626static void 2627do_authenticated2(Authctxt *authctxt) 2628{ 2629 server_loop2(authctxt); 2630} 2631