blob: d5c53f11fbe940d4ace269d209a05a1f0ef39b7a [file] [log] [blame]
Damien Millerb38eff82000-04-01 11:09:21 +10001/*
2 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
3 * All rights reserved
4 */
Damien Millerefb4afe2000-04-12 18:45:05 +10005/*
6 * SSH2 support by Markus Friedl.
7 * Copyright (c) 2000 Markus Friedl. All rights reserved.
8 */
Damien Millerb38eff82000-04-01 11:09:21 +10009
10#include "includes.h"
Damien Millereba71ba2000-04-29 23:57:08 +100011RCSID("$OpenBSD: session.c,v 1.6 2000/04/27 15:23:02 markus Exp $");
Damien Millerb38eff82000-04-01 11:09:21 +100012
13#include "xmalloc.h"
14#include "ssh.h"
15#include "pty.h"
16#include "packet.h"
17#include "buffer.h"
18#include "cipher.h"
19#include "mpaux.h"
20#include "servconf.h"
21#include "uidswap.h"
22#include "compat.h"
23#include "channels.h"
24#include "nchan.h"
25
Damien Millerefb4afe2000-04-12 18:45:05 +100026#include "bufaux.h"
27#include "ssh2.h"
28#include "auth.h"
29
Damien Millerb38eff82000-04-01 11:09:21 +100030/* types */
31
32#define TTYSZ 64
33typedef struct Session Session;
34struct Session {
35 int used;
36 int self;
37 struct passwd *pw;
38 pid_t pid;
39 /* tty */
40 char *term;
41 int ptyfd, ttyfd, ptymaster;
42 int row, col, xpixel, ypixel;
43 char tty[TTYSZ];
44 /* X11 */
45 char *display;
46 int screen;
47 char *auth_proto;
48 char *auth_data;
49 /* proto 2 */
50 int chanid;
51};
52
53/* func */
54
55Session *session_new(void);
56void session_set_fds(Session *s, int fdin, int fdout, int fderr);
57void session_pty_cleanup(Session *s);
58void do_exec_pty(Session *s, const char *command, struct passwd * pw);
59void do_exec_no_pty(Session *s, const char *command, struct passwd * pw);
60
61void
62do_child(const char *command, struct passwd * pw, const char *term,
63 const char *display, const char *auth_proto,
64 const char *auth_data, const char *ttyname);
65
66/* import */
67extern ServerOptions options;
Damien Miller06d84b72000-04-21 16:13:07 +100068#ifdef HAVE___PROGNAME
Damien Millerb38eff82000-04-01 11:09:21 +100069extern char *__progname;
Damien Miller06d84b72000-04-21 16:13:07 +100070#else /* HAVE___PROGNAME */
71const char *__progname = "sshd";
72#endif /* HAVE___PROGNAME */
73
Damien Millerb38eff82000-04-01 11:09:21 +100074extern int log_stderr;
75extern int debug_flag;
76
77/* Local Xauthority file. */
78static char *xauthfile;
79
80/* data */
81#define MAX_SESSIONS 10
82Session sessions[MAX_SESSIONS];
83
84/* Flags set in auth-rsa from authorized_keys flags. These are set in auth-rsa.c. */
85int no_port_forwarding_flag = 0;
86int no_agent_forwarding_flag = 0;
87int no_x11_forwarding_flag = 0;
88int no_pty_flag = 0;
89
90/* RSA authentication "command=" option. */
91char *forced_command = NULL;
92
93/* RSA authentication "environment=" options. */
94struct envstring *custom_environment = NULL;
95
96/*
97 * Remove local Xauthority file.
98 */
99void
100xauthfile_cleanup_proc(void *ignore)
101{
102 debug("xauthfile_cleanup_proc called");
103
104 if (xauthfile != NULL) {
105 char *p;
106 unlink(xauthfile);
107 p = strrchr(xauthfile, '/');
108 if (p != NULL) {
109 *p = '\0';
110 rmdir(xauthfile);
111 }
112 xfree(xauthfile);
113 xauthfile = NULL;
114 }
115}
116
117/*
118 * Function to perform cleanup if we get aborted abnormally (e.g., due to a
119 * dropped connection).
120 */
Damien Miller4af51302000-04-16 11:18:38 +1000121void
Damien Millerb38eff82000-04-01 11:09:21 +1000122pty_cleanup_proc(void *session)
123{
124 Session *s=session;
125 if (s == NULL)
126 fatal("pty_cleanup_proc: no session");
127 debug("pty_cleanup_proc: %s", s->tty);
128
129 if (s->pid != 0) {
130 /* Record that the user has logged out. */
131 record_logout(s->pid, s->tty);
132 }
133
134 /* Release the pseudo-tty. */
135 pty_release(s->tty);
136}
137
138/*
139 * Prepares for an interactive session. This is called after the user has
140 * been successfully authenticated. During this message exchange, pseudo
141 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
142 * are requested, etc.
143 */
Damien Miller4af51302000-04-16 11:18:38 +1000144void
Damien Millerb38eff82000-04-01 11:09:21 +1000145do_authenticated(struct passwd * pw)
146{
147 Session *s;
148 int type;
149 int compression_level = 0, enable_compression_after_reply = 0;
150 int have_pty = 0;
151 char *command;
152 int n_bytes;
153 int plen;
154 unsigned int proto_len, data_len, dlen;
155
156 /*
157 * Cancel the alarm we set to limit the time taken for
158 * authentication.
159 */
160 alarm(0);
161
162 /*
163 * Inform the channel mechanism that we are the server side and that
164 * the client may request to connect to any port at all. (The user
165 * could do it anyway, and we wouldn\'t know what is permitted except
166 * by the client telling us, so we can equally well trust the client
167 * not to request anything bogus.)
168 */
169 if (!no_port_forwarding_flag)
170 channel_permit_all_opens();
171
172 s = session_new();
173
174 /*
175 * We stay in this loop until the client requests to execute a shell
176 * or a command.
177 */
178 for (;;) {
179 int success = 0;
180
181 /* Get a packet from the client. */
182 type = packet_read(&plen);
183
184 /* Process the packet. */
185 switch (type) {
186 case SSH_CMSG_REQUEST_COMPRESSION:
187 packet_integrity_check(plen, 4, type);
188 compression_level = packet_get_int();
189 if (compression_level < 1 || compression_level > 9) {
190 packet_send_debug("Received illegal compression level %d.",
191 compression_level);
192 break;
193 }
194 /* Enable compression after we have responded with SUCCESS. */
195 enable_compression_after_reply = 1;
196 success = 1;
197 break;
198
199 case SSH_CMSG_REQUEST_PTY:
200 if (no_pty_flag) {
201 debug("Allocating a pty not permitted for this authentication.");
202 break;
203 }
204 if (have_pty)
205 packet_disconnect("Protocol error: you already have a pty.");
206
207 debug("Allocating pty.");
208
209 /* Allocate a pty and open it. */
210 if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
211 sizeof(s->tty))) {
212 error("Failed to allocate pty.");
213 break;
214 }
215 fatal_add_cleanup(pty_cleanup_proc, (void *)s);
216 pty_setowner(pw, s->tty);
217
218 /* Get TERM from the packet. Note that the value may be of arbitrary length. */
219 s->term = packet_get_string(&dlen);
220 packet_integrity_check(dlen, strlen(s->term), type);
221 /* packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type); */
222 /* Remaining bytes */
223 n_bytes = plen - (4 + dlen + 4 * 4);
224
225 if (strcmp(s->term, "") == 0) {
226 xfree(s->term);
227 s->term = NULL;
228 }
229 /* Get window size from the packet. */
230 s->row = packet_get_int();
231 s->col = packet_get_int();
232 s->xpixel = packet_get_int();
233 s->ypixel = packet_get_int();
234 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
235
236 /* Get tty modes from the packet. */
237 tty_parse_modes(s->ttyfd, &n_bytes);
238 packet_integrity_check(plen, 4 + dlen + 4 * 4 + n_bytes, type);
239
240 /* Indicate that we now have a pty. */
241 success = 1;
242 have_pty = 1;
243 break;
244
245 case SSH_CMSG_X11_REQUEST_FORWARDING:
246 if (!options.x11_forwarding) {
247 packet_send_debug("X11 forwarding disabled in server configuration file.");
248 break;
249 }
250#ifdef XAUTH_PATH
251 if (no_x11_forwarding_flag) {
252 packet_send_debug("X11 forwarding not permitted for this authentication.");
253 break;
254 }
255 debug("Received request for X11 forwarding with auth spoofing.");
256 if (s->display != NULL)
257 packet_disconnect("Protocol error: X11 display already set.");
258
259 s->auth_proto = packet_get_string(&proto_len);
260 s->auth_data = packet_get_string(&data_len);
261 packet_integrity_check(plen, 4 + proto_len + 4 + data_len + 4, type);
262
263 if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER)
264 s->screen = packet_get_int();
265 else
266 s->screen = 0;
267 s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
268
269 if (s->display == NULL)
270 break;
271
272 /* Setup to always have a local .Xauthority. */
273 xauthfile = xmalloc(MAXPATHLEN);
274 strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
275 temporarily_use_uid(pw->pw_uid);
276 if (mkdtemp(xauthfile) == NULL) {
277 restore_uid();
278 error("private X11 dir: mkdtemp %s failed: %s",
279 xauthfile, strerror(errno));
280 xfree(xauthfile);
281 xauthfile = NULL;
282 break;
283 }
284 strlcat(xauthfile, "/cookies", MAXPATHLEN);
285 open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
286 restore_uid();
287 fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
288 success = 1;
289 break;
290#else /* XAUTH_PATH */
291 packet_send_debug("No xauth program; cannot forward with spoofing.");
292 break;
293#endif /* XAUTH_PATH */
294
295 case SSH_CMSG_AGENT_REQUEST_FORWARDING:
296 if (no_agent_forwarding_flag || compat13) {
297 debug("Authentication agent forwarding not permitted for this authentication.");
298 break;
299 }
300 debug("Received authentication agent forwarding request.");
301 auth_input_request_forwarding(pw);
302 success = 1;
303 break;
304
305 case SSH_CMSG_PORT_FORWARD_REQUEST:
306 if (no_port_forwarding_flag) {
307 debug("Port forwarding not permitted for this authentication.");
308 break;
309 }
310 debug("Received TCP/IP port forwarding request.");
311 channel_input_port_forward_request(pw->pw_uid == 0);
312 success = 1;
313 break;
314
315 case SSH_CMSG_MAX_PACKET_SIZE:
316 if (packet_set_maxsize(packet_get_int()) > 0)
317 success = 1;
318 break;
319
320 case SSH_CMSG_EXEC_SHELL:
321 case SSH_CMSG_EXEC_CMD:
322 /* Set interactive/non-interactive mode. */
323 packet_set_interactive(have_pty || s->display != NULL,
324 options.keepalives);
325
326 if (type == SSH_CMSG_EXEC_CMD) {
327 command = packet_get_string(&dlen);
328 debug("Exec command '%.500s'", command);
329 packet_integrity_check(plen, 4 + dlen, type);
330 } else {
331 command = NULL;
332 packet_integrity_check(plen, 0, type);
333 }
334 if (forced_command != NULL) {
335 command = forced_command;
336 debug("Forced command '%.500s'", forced_command);
337 }
338 if (have_pty)
339 do_exec_pty(s, command, pw);
340 else
341 do_exec_no_pty(s, command, pw);
342
343 if (command != NULL)
344 xfree(command);
345 /* Cleanup user's local Xauthority file. */
346 if (xauthfile)
347 xauthfile_cleanup_proc(NULL);
348 return;
349
350 default:
351 /*
352 * Any unknown messages in this phase are ignored,
353 * and a failure message is returned.
354 */
355 log("Unknown packet type received after authentication: %d", type);
356 }
357 packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
358 packet_send();
359 packet_write_wait();
360
361 /* Enable compression now that we have replied if appropriate. */
362 if (enable_compression_after_reply) {
363 enable_compression_after_reply = 0;
364 packet_start_compression(compression_level);
365 }
366 }
367}
368
369/*
370 * This is called to fork and execute a command when we have no tty. This
371 * will call do_child from the child, and server_loop from the parent after
372 * setting up file descriptors and such.
373 */
Damien Miller4af51302000-04-16 11:18:38 +1000374void
Damien Millerb38eff82000-04-01 11:09:21 +1000375do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
376{
377 int pid;
378
379#ifdef USE_PIPES
380 int pin[2], pout[2], perr[2];
381 /* Allocate pipes for communicating with the program. */
382 if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
383 packet_disconnect("Could not create pipes: %.100s",
384 strerror(errno));
385#else /* USE_PIPES */
386 int inout[2], err[2];
387 /* Uses socket pairs to communicate with the program. */
388 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
389 socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
390 packet_disconnect("Could not create socket pairs: %.100s",
391 strerror(errno));
392#endif /* USE_PIPES */
393 if (s == NULL)
394 fatal("do_exec_no_pty: no session");
395
396 setproctitle("%s@notty", pw->pw_name);
397
398#ifdef USE_PAM
399 do_pam_setcred();
400#endif /* USE_PAM */
401
402 /* Fork the child. */
403 if ((pid = fork()) == 0) {
404 /* Child. Reinitialize the log since the pid has changed. */
405 log_init(__progname, options.log_level, options.log_facility, log_stderr);
406
407 /*
408 * Create a new session and process group since the 4.4BSD
409 * setlogin() affects the entire process group.
410 */
411 if (setsid() < 0)
412 error("setsid failed: %.100s", strerror(errno));
413
414#ifdef USE_PIPES
415 /*
416 * Redirect stdin. We close the parent side of the socket
417 * pair, and make the child side the standard input.
418 */
419 close(pin[1]);
420 if (dup2(pin[0], 0) < 0)
421 perror("dup2 stdin");
422 close(pin[0]);
423
424 /* Redirect stdout. */
425 close(pout[0]);
426 if (dup2(pout[1], 1) < 0)
427 perror("dup2 stdout");
428 close(pout[1]);
429
430 /* Redirect stderr. */
431 close(perr[0]);
432 if (dup2(perr[1], 2) < 0)
433 perror("dup2 stderr");
434 close(perr[1]);
435#else /* USE_PIPES */
436 /*
437 * Redirect stdin, stdout, and stderr. Stdin and stdout will
438 * use the same socket, as some programs (particularly rdist)
439 * seem to depend on it.
440 */
441 close(inout[1]);
442 close(err[1]);
443 if (dup2(inout[0], 0) < 0) /* stdin */
444 perror("dup2 stdin");
445 if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
446 perror("dup2 stdout");
447 if (dup2(err[0], 2) < 0) /* stderr */
448 perror("dup2 stderr");
449#endif /* USE_PIPES */
450
451 /* Do processing for the child (exec command etc). */
452 do_child(command, pw, NULL, s->display, s->auth_proto, s->auth_data, NULL);
453 /* NOTREACHED */
454 }
455 if (pid < 0)
456 packet_disconnect("fork failed: %.100s", strerror(errno));
457 s->pid = pid;
458#ifdef USE_PIPES
459 /* We are the parent. Close the child sides of the pipes. */
460 close(pin[0]);
461 close(pout[1]);
462 close(perr[1]);
463
Damien Millerefb4afe2000-04-12 18:45:05 +1000464 if (compat20) {
465 session_set_fds(s, pin[1], pout[0], perr[0]);
466 } else {
467 /* Enter the interactive session. */
468 server_loop(pid, pin[1], pout[0], perr[0]);
469 /* server_loop has closed pin[1], pout[1], and perr[1]. */
470 }
Damien Millerb38eff82000-04-01 11:09:21 +1000471#else /* USE_PIPES */
472 /* We are the parent. Close the child sides of the socket pairs. */
473 close(inout[0]);
474 close(err[0]);
475
476 /*
477 * Enter the interactive session. Note: server_loop must be able to
478 * handle the case that fdin and fdout are the same.
479 */
Damien Millerefb4afe2000-04-12 18:45:05 +1000480 if (compat20) {
481 session_set_fds(s, inout[1], inout[1], err[1]);
482 } else {
483 server_loop(pid, inout[1], inout[1], err[1]);
484 /* server_loop has closed inout[1] and err[1]. */
485 }
Damien Millerb38eff82000-04-01 11:09:21 +1000486#endif /* USE_PIPES */
487}
488
489/*
490 * This is called to fork and execute a command when we have a tty. This
491 * will call do_child from the child, and server_loop from the parent after
492 * setting up file descriptors, controlling tty, updating wtmp, utmp,
493 * lastlog, and other such operations.
494 */
Damien Miller4af51302000-04-16 11:18:38 +1000495void
Damien Millerb38eff82000-04-01 11:09:21 +1000496do_exec_pty(Session *s, const char *command, struct passwd * pw)
497{
498 FILE *f;
499 char buf[100], *time_string;
500 char line[256];
501 const char *hostname;
502 int fdout, ptyfd, ttyfd, ptymaster;
503 int quiet_login;
504 pid_t pid;
505 socklen_t fromlen;
506 struct sockaddr_storage from;
507 struct stat st;
508 time_t last_login_time;
509
510 if (s == NULL)
511 fatal("do_exec_pty: no session");
512 ptyfd = s->ptyfd;
513 ttyfd = s->ttyfd;
514
515 /* Get remote host name. */
516 hostname = get_canonical_hostname();
517
518 /*
519 * Get the time when the user last logged in. Buf will be set to
520 * contain the hostname the last login was from.
521 */
522 if (!options.use_login) {
523 last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
524 buf, sizeof(buf));
525 }
526 setproctitle("%s@%s", pw->pw_name, strrchr(s->tty, '/') + 1);
527
528#ifdef USE_PAM
529 do_pam_session(pw->pw_name, s->tty);
530 do_pam_setcred();
531#endif /* USE_PAM */
532
533 /* Fork the child. */
534 if ((pid = fork()) == 0) {
535 pid = getpid();
536
537 /* Child. Reinitialize the log because the pid has
538 changed. */
539 log_init(__progname, options.log_level, options.log_facility, log_stderr);
540
541 /* Close the master side of the pseudo tty. */
542 close(ptyfd);
543
544 /* Make the pseudo tty our controlling tty. */
545 pty_make_controlling_tty(&ttyfd, s->tty);
546
547 /* Redirect stdin from the pseudo tty. */
548 if (dup2(ttyfd, fileno(stdin)) < 0)
549 error("dup2 stdin failed: %.100s", strerror(errno));
550
551 /* Redirect stdout to the pseudo tty. */
552 if (dup2(ttyfd, fileno(stdout)) < 0)
553 error("dup2 stdin failed: %.100s", strerror(errno));
554
555 /* Redirect stderr to the pseudo tty. */
556 if (dup2(ttyfd, fileno(stderr)) < 0)
557 error("dup2 stdin failed: %.100s", strerror(errno));
558
559 /* Close the extra descriptor for the pseudo tty. */
560 close(ttyfd);
561
562///XXXX ? move to do_child() ??
563 /*
564 * Get IP address of client. This is needed because we want
565 * to record where the user logged in from. If the
566 * connection is not a socket, let the ip address be 0.0.0.0.
567 */
568 memset(&from, 0, sizeof(from));
569 if (packet_connection_is_on_socket()) {
570 fromlen = sizeof(from);
571 if (getpeername(packet_get_connection_in(),
572 (struct sockaddr *) & from, &fromlen) < 0) {
573 debug("getpeername: %.100s", strerror(errno));
574 fatal_cleanup();
575 }
576 }
577 /* Record that there was a login on that terminal. */
578 record_login(pid, s->tty, pw->pw_name, pw->pw_uid, hostname,
579 (struct sockaddr *)&from);
580
581 /* Check if .hushlogin exists. */
582 snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
583 quiet_login = stat(line, &st) >= 0;
584
585#ifdef USE_PAM
586 if (!quiet_login)
587 print_pam_messages();
588#endif /* USE_PAM */
589
590 /*
591 * If the user has logged in before, display the time of last
592 * login. However, don't display anything extra if a command
593 * has been specified (so that ssh can be used to execute
594 * commands on a remote machine without users knowing they
595 * are going to another machine). Login(1) will do this for
596 * us as well, so check if login(1) is used
597 */
598 if (command == NULL && last_login_time != 0 && !quiet_login &&
599 !options.use_login) {
600 /* Convert the date to a string. */
601 time_string = ctime(&last_login_time);
602 /* Remove the trailing newline. */
603 if (strchr(time_string, '\n'))
604 *strchr(time_string, '\n') = 0;
605 /* Display the last login time. Host if displayed
606 if known. */
607 if (strcmp(buf, "") == 0)
608 printf("Last login: %s\r\n", time_string);
609 else
610 printf("Last login: %s from %s\r\n", time_string, buf);
611 }
612 /*
613 * Print /etc/motd unless a command was specified or printing
614 * it was disabled in server options or login(1) will be
615 * used. Note that some machines appear to print it in
616 * /etc/profile or similar.
617 */
618 if (command == NULL && options.print_motd && !quiet_login &&
619 !options.use_login) {
620 /* Print /etc/motd if it exists. */
621 f = fopen("/etc/motd", "r");
622 if (f) {
623 while (fgets(line, sizeof(line), f))
624 fputs(line, stdout);
625 fclose(f);
626 }
627 }
628 /* Do common processing for the child, such as execing the command. */
629 do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
630 /* NOTREACHED */
631 }
632 if (pid < 0)
633 packet_disconnect("fork failed: %.100s", strerror(errno));
634 s->pid = pid;
635
636 /* Parent. Close the slave side of the pseudo tty. */
637 close(ttyfd);
638
639 /*
640 * Create another descriptor of the pty master side for use as the
641 * standard input. We could use the original descriptor, but this
642 * simplifies code in server_loop. The descriptor is bidirectional.
643 */
644 fdout = dup(ptyfd);
645 if (fdout < 0)
646 packet_disconnect("dup #1 failed: %.100s", strerror(errno));
647
648 /* we keep a reference to the pty master */
649 ptymaster = dup(ptyfd);
650 if (ptymaster < 0)
651 packet_disconnect("dup #2 failed: %.100s", strerror(errno));
652 s->ptymaster = ptymaster;
653
654 /* Enter interactive session. */
Damien Millerefb4afe2000-04-12 18:45:05 +1000655 if (compat20) {
656 session_set_fds(s, ptyfd, fdout, -1);
657 } else {
658 server_loop(pid, ptyfd, fdout, -1);
659 /* server_loop _has_ closed ptyfd and fdout. */
660 session_pty_cleanup(s);
661 }
Damien Millerb38eff82000-04-01 11:09:21 +1000662}
663
664/*
665 * Sets the value of the given variable in the environment. If the variable
666 * already exists, its value is overriden.
667 */
Damien Miller4af51302000-04-16 11:18:38 +1000668void
Damien Millerb38eff82000-04-01 11:09:21 +1000669child_set_env(char ***envp, unsigned int *envsizep, const char *name,
670 const char *value)
671{
672 unsigned int i, namelen;
673 char **env;
674
675 /*
676 * Find the slot where the value should be stored. If the variable
677 * already exists, we reuse the slot; otherwise we append a new slot
678 * at the end of the array, expanding if necessary.
679 */
680 env = *envp;
681 namelen = strlen(name);
682 for (i = 0; env[i]; i++)
683 if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=')
684 break;
685 if (env[i]) {
686 /* Reuse the slot. */
687 xfree(env[i]);
688 } else {
689 /* New variable. Expand if necessary. */
690 if (i >= (*envsizep) - 1) {
691 (*envsizep) += 50;
692 env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
693 }
694 /* Need to set the NULL pointer at end of array beyond the new slot. */
695 env[i + 1] = NULL;
696 }
697
698 /* Allocate space and format the variable in the appropriate slot. */
699 env[i] = xmalloc(strlen(name) + 1 + strlen(value) + 1);
700 snprintf(env[i], strlen(name) + 1 + strlen(value) + 1, "%s=%s", name, value);
701}
702
703/*
704 * Reads environment variables from the given file and adds/overrides them
705 * into the environment. If the file does not exist, this does nothing.
706 * Otherwise, it must consist of empty lines, comments (line starts with '#')
707 * and assignments of the form name=value. No other forms are allowed.
708 */
Damien Miller4af51302000-04-16 11:18:38 +1000709void
Damien Millerb38eff82000-04-01 11:09:21 +1000710read_environment_file(char ***env, unsigned int *envsize,
711 const char *filename)
712{
713 FILE *f;
714 char buf[4096];
715 char *cp, *value;
716
717 f = fopen(filename, "r");
718 if (!f)
719 return;
720
721 while (fgets(buf, sizeof(buf), f)) {
722 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
723 ;
724 if (!*cp || *cp == '#' || *cp == '\n')
725 continue;
726 if (strchr(cp, '\n'))
727 *strchr(cp, '\n') = '\0';
728 value = strchr(cp, '=');
729 if (value == NULL) {
730 fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
731 continue;
732 }
733 /* Replace the equals sign by nul, and advance value to the value string. */
734 *value = '\0';
735 value++;
736 child_set_env(env, envsize, cp, value);
737 }
738 fclose(f);
739}
740
741#ifdef USE_PAM
742/*
743 * Sets any environment variables which have been specified by PAM
744 */
745void do_pam_environment(char ***env, int *envsize)
746{
747 char *equals, var_name[512], var_val[512];
748 char **pam_env;
749 int i;
750
751 if ((pam_env = fetch_pam_environment()) == NULL)
752 return;
753
754 for(i = 0; pam_env[i] != NULL; i++) {
755 if ((equals = strstr(pam_env[i], "=")) == NULL)
756 continue;
757
758 if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
759 memset(var_name, '\0', sizeof(var_name));
760 memset(var_val, '\0', sizeof(var_val));
761
762 strncpy(var_name, pam_env[i], equals - pam_env[i]);
763 strcpy(var_val, equals + 1);
764
765 debug("PAM environment: %s=%s", var_name, var_val);
766
767 child_set_env(env, envsize, var_name, var_val);
768 }
769 }
770}
771#endif /* USE_PAM */
772
773/*
774 * Performs common processing for the child, such as setting up the
775 * environment, closing extra file descriptors, setting the user and group
776 * ids, and executing the command or shell.
777 */
Damien Miller4af51302000-04-16 11:18:38 +1000778void
Damien Millerb38eff82000-04-01 11:09:21 +1000779do_child(const char *command, struct passwd * pw, const char *term,
780 const char *display, const char *auth_proto,
781 const char *auth_data, const char *ttyname)
782{
783 const char *shell, *cp = NULL;
784 char buf[256];
785 FILE *f;
786 unsigned int envsize, i;
787 char **env;
788 extern char **environ;
789 struct stat st;
790 char *argv[10];
791
792#ifndef USE_PAM /* pam_nologin handles this */
793 f = fopen("/etc/nologin", "r");
794 if (f) {
795 /* /etc/nologin exists. Print its contents and exit. */
796 while (fgets(buf, sizeof(buf), f))
797 fputs(buf, stderr);
798 fclose(f);
799 if (pw->pw_uid != 0)
800 exit(254);
801 }
802#endif /* USE_PAM */
803
804 /* Set login name in the kernel. */
805 if (setlogin(pw->pw_name) < 0)
806 error("setlogin failed: %s", strerror(errno));
807
808 /* Set uid, gid, and groups. */
809 /* Login(1) does this as well, and it needs uid 0 for the "-h"
810 switch, so we let login(1) to this for us. */
811 if (!options.use_login) {
812 if (getuid() == 0 || geteuid() == 0) {
813 if (setgid(pw->pw_gid) < 0) {
814 perror("setgid");
815 exit(1);
816 }
817 /* Initialize the group list. */
818 if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
819 perror("initgroups");
820 exit(1);
821 }
822 endgrent();
823
824 /* Permanently switch to the desired uid. */
825 permanently_set_uid(pw->pw_uid);
826 }
827 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
828 fatal("Failed to set uids to %d.", (int) pw->pw_uid);
829 }
830 /*
831 * Get the shell from the password data. An empty shell field is
832 * legal, and means /bin/sh.
833 */
834 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
835
836#ifdef AFS
837 /* Try to get AFS tokens for the local cell. */
838 if (k_hasafs()) {
839 char cell[64];
840
841 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
842 krb_afslog(cell, 0);
843
844 krb_afslog(0, 0);
845 }
846#endif /* AFS */
847
848 /* Initialize the environment. */
849 envsize = 100;
850 env = xmalloc(envsize * sizeof(char *));
851 env[0] = NULL;
852
853 if (!options.use_login) {
854 /* Set basic environment. */
855 child_set_env(&env, &envsize, "USER", pw->pw_name);
856 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
857 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
858 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
859
860 snprintf(buf, sizeof buf, "%.200s/%.50s",
861 _PATH_MAILDIR, pw->pw_name);
862 child_set_env(&env, &envsize, "MAIL", buf);
863
864 /* Normal systems set SHELL by default. */
865 child_set_env(&env, &envsize, "SHELL", shell);
866 }
867 if (getenv("TZ"))
868 child_set_env(&env, &envsize, "TZ", getenv("TZ"));
869
870 /* Set custom environment options from RSA authentication. */
871 while (custom_environment) {
872 struct envstring *ce = custom_environment;
873 char *s = ce->s;
874 int i;
875 for (i = 0; s[i] != '=' && s[i]; i++);
876 if (s[i] == '=') {
877 s[i] = 0;
878 child_set_env(&env, &envsize, s, s + i + 1);
879 }
880 custom_environment = ce->next;
881 xfree(ce->s);
882 xfree(ce);
883 }
884
885 snprintf(buf, sizeof buf, "%.50s %d %d",
886 get_remote_ipaddr(), get_remote_port(), get_local_port());
887 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
888
889 if (ttyname)
890 child_set_env(&env, &envsize, "SSH_TTY", ttyname);
891 if (term)
892 child_set_env(&env, &envsize, "TERM", term);
893 if (display)
894 child_set_env(&env, &envsize, "DISPLAY", display);
895
896#ifdef _AIX
897 {
898 char *authstate,*krb5cc;
899
900 if ((authstate = getenv("AUTHSTATE")) != NULL)
901 child_set_env(&env,&envsize,"AUTHSTATE",authstate);
902
903 if ((krb5cc = getenv("KRB5CCNAME")) != NULL)
904 child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc);
905 }
906#endif
907
908#ifdef KRB4
909 {
910 extern char *ticket;
911
912 if (ticket)
913 child_set_env(&env, &envsize, "KRBTKFILE", ticket);
914 }
915#endif /* KRB4 */
916
917#ifdef USE_PAM
918 /* Pull in any environment variables that may have been set by PAM. */
919 do_pam_environment(&env, &envsize);
920#endif /* USE_PAM */
921
922 read_environment_file(&env,&envsize,"/etc/environment");
923
924 if (xauthfile)
925 child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
926 if (auth_get_socket_name() != NULL)
927 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
928 auth_get_socket_name());
929
930 /* read $HOME/.ssh/environment. */
931 if (!options.use_login) {
932 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
933 read_environment_file(&env, &envsize, buf);
934 }
935 if (debug_flag) {
936 /* dump the environment */
937 fprintf(stderr, "Environment:\n");
938 for (i = 0; env[i]; i++)
939 fprintf(stderr, " %.200s\n", env[i]);
940 }
941 /*
942 * Close the connection descriptors; note that this is the child, and
943 * the server will still have the socket open, and it is important
944 * that we do not shutdown it. Note that the descriptors cannot be
945 * closed before building the environment, as we call
946 * get_remote_ipaddr there.
947 */
948 if (packet_get_connection_in() == packet_get_connection_out())
949 close(packet_get_connection_in());
950 else {
951 close(packet_get_connection_in());
952 close(packet_get_connection_out());
953 }
954 /*
955 * Close all descriptors related to channels. They will still remain
956 * open in the parent.
957 */
958 /* XXX better use close-on-exec? -markus */
959 channel_close_all();
960
961 /*
962 * Close any extra file descriptors. Note that there may still be
963 * descriptors left by system functions. They will be closed later.
964 */
965 endpwent();
966
967 /*
968 * Close any extra open file descriptors so that we don\'t have them
969 * hanging around in clients. Note that we want to do this after
970 * initgroups, because at least on Solaris 2.3 it leaves file
971 * descriptors open.
972 */
973 for (i = 3; i < 64; i++)
974 close(i);
975
976 /* Change current directory to the user\'s home directory. */
977 if (chdir(pw->pw_dir) < 0)
978 fprintf(stderr, "Could not chdir to home directory %s: %s\n",
979 pw->pw_dir, strerror(errno));
980
981 /*
982 * Must take new environment into use so that .ssh/rc, /etc/sshrc and
983 * xauth are run in the proper environment.
984 */
985 environ = env;
986
987 /*
988 * Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first
989 * in this order).
990 */
991 if (!options.use_login) {
992 if (stat(SSH_USER_RC, &st) >= 0) {
993 if (debug_flag)
994 fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);
995
996 f = popen("/bin/sh " SSH_USER_RC, "w");
997 if (f) {
998 if (auth_proto != NULL && auth_data != NULL)
999 fprintf(f, "%s %s\n", auth_proto, auth_data);
1000 pclose(f);
1001 } else
1002 fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
1003 } else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
1004 if (debug_flag)
1005 fprintf(stderr, "Running /bin/sh %s\n", SSH_SYSTEM_RC);
1006
1007 f = popen("/bin/sh " SSH_SYSTEM_RC, "w");
1008 if (f) {
1009 if (auth_proto != NULL && auth_data != NULL)
1010 fprintf(f, "%s %s\n", auth_proto, auth_data);
1011 pclose(f);
1012 } else
1013 fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
1014 }
1015#ifdef XAUTH_PATH
1016 else {
1017 /* Add authority data to .Xauthority if appropriate. */
1018 if (auth_proto != NULL && auth_data != NULL) {
1019 if (debug_flag)
1020 fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
1021 XAUTH_PATH, display, auth_proto, auth_data);
1022
1023 f = popen(XAUTH_PATH " -q -", "w");
1024 if (f) {
1025 fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
1026 pclose(f);
1027 } else
1028 fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
1029 }
1030 }
1031#endif /* XAUTH_PATH */
1032
1033 /* Get the last component of the shell name. */
1034 cp = strrchr(shell, '/');
1035 if (cp)
1036 cp++;
1037 else
1038 cp = shell;
1039 }
1040 /*
1041 * If we have no command, execute the shell. In this case, the shell
1042 * name to be passed in argv[0] is preceded by '-' to indicate that
1043 * this is a login shell.
1044 */
1045 if (!command) {
1046 if (!options.use_login) {
1047 char buf[256];
1048
1049 /*
1050 * Check for mail if we have a tty and it was enabled
1051 * in server options.
1052 */
1053 if (ttyname && options.check_mail) {
1054 char *mailbox;
1055 struct stat mailstat;
1056 mailbox = getenv("MAIL");
1057 if (mailbox != NULL) {
1058 if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
1059 printf("No mail.\n");
1060 else if (mailstat.st_mtime < mailstat.st_atime)
1061 printf("You have mail.\n");
1062 else
1063 printf("You have new mail.\n");
1064 }
1065 }
1066 /* Start the shell. Set initial character to '-'. */
1067 buf[0] = '-';
1068 strncpy(buf + 1, cp, sizeof(buf) - 1);
1069 buf[sizeof(buf) - 1] = 0;
1070
1071 /* Execute the shell. */
1072 argv[0] = buf;
1073 argv[1] = NULL;
1074 execve(shell, argv, env);
1075
1076 /* Executing the shell failed. */
1077 perror(shell);
1078 exit(1);
1079
1080 } else {
1081 /* Launch login(1). */
1082
1083 execl("/usr/bin/login", "login", "-h", get_remote_ipaddr(),
1084 "-p", "-f", "--", pw->pw_name, NULL);
1085
1086 /* Login couldn't be executed, die. */
1087
1088 perror("login");
1089 exit(1);
1090 }
1091 }
1092 /*
1093 * Execute the command using the user's shell. This uses the -c
1094 * option to execute the command.
1095 */
1096 argv[0] = (char *) cp;
1097 argv[1] = "-c";
1098 argv[2] = (char *) command;
1099 argv[3] = NULL;
1100 execve(shell, argv, env);
1101 perror(shell);
1102 exit(1);
1103}
1104
1105Session *
1106session_new(void)
1107{
1108 int i;
1109 static int did_init = 0;
1110 if (!did_init) {
1111 debug("session_new: init");
1112 for(i = 0; i < MAX_SESSIONS; i++) {
1113 sessions[i].used = 0;
1114 sessions[i].self = i;
1115 }
1116 did_init = 1;
1117 }
1118 for(i = 0; i < MAX_SESSIONS; i++) {
1119 Session *s = &sessions[i];
1120 if (! s->used) {
1121 s->pid = 0;
1122 s->chanid = -1;
1123 s->ptyfd = -1;
1124 s->ttyfd = -1;
1125 s->term = NULL;
1126 s->pw = NULL;
1127 s->display = NULL;
1128 s->screen = 0;
1129 s->auth_data = NULL;
1130 s->auth_proto = NULL;
1131 s->used = 1;
1132 debug("session_new: session %d", i);
1133 return s;
1134 }
1135 }
1136 return NULL;
1137}
1138
1139void
1140session_dump(void)
1141{
1142 int i;
1143 for(i = 0; i < MAX_SESSIONS; i++) {
1144 Session *s = &sessions[i];
1145 debug("dump: used %d session %d %p channel %d pid %d",
1146 s->used,
1147 s->self,
1148 s,
1149 s->chanid,
1150 s->pid);
1151 }
1152}
1153
Damien Millerefb4afe2000-04-12 18:45:05 +10001154int
1155session_open(int chanid)
1156{
1157 Session *s = session_new();
1158 debug("session_open: channel %d", chanid);
1159 if (s == NULL) {
1160 error("no more sessions");
1161 return 0;
1162 }
1163 debug("session_open: session %d: link with channel %d", s->self, chanid);
1164 s->chanid = chanid;
1165 s->pw = auth_get_user();
1166 if (s->pw == NULL)
1167 fatal("no user for session %i channel %d",
1168 s->self, s->chanid);
1169 return 1;
1170}
1171
1172Session *
1173session_by_channel(int id)
1174{
1175 int i;
1176 for(i = 0; i < MAX_SESSIONS; i++) {
1177 Session *s = &sessions[i];
1178 if (s->used && s->chanid == id) {
1179 debug("session_by_channel: session %d channel %d", i, id);
1180 return s;
1181 }
1182 }
1183 debug("session_by_channel: unknown channel %d", id);
1184 session_dump();
1185 return NULL;
1186}
1187
1188Session *
1189session_by_pid(pid_t pid)
1190{
1191 int i;
1192 debug("session_by_pid: pid %d", pid);
1193 for(i = 0; i < MAX_SESSIONS; i++) {
1194 Session *s = &sessions[i];
1195 if (s->used && s->pid == pid)
1196 return s;
1197 }
1198 error("session_by_pid: unknown pid %d", pid);
1199 session_dump();
1200 return NULL;
1201}
1202
1203int
1204session_window_change_req(Session *s)
1205{
1206 s->col = packet_get_int();
1207 s->row = packet_get_int();
1208 s->xpixel = packet_get_int();
1209 s->ypixel = packet_get_int();
Damien Miller4af51302000-04-16 11:18:38 +10001210 packet_done();
Damien Millerefb4afe2000-04-12 18:45:05 +10001211 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1212 return 1;
1213}
1214
1215int
1216session_pty_req(Session *s)
1217{
1218 unsigned int len;
Damien Miller4af51302000-04-16 11:18:38 +10001219 char *term_modes; /* encoded terminal modes */
Damien Millerefb4afe2000-04-12 18:45:05 +10001220
1221 if (s->ttyfd != -1)
Damien Miller4af51302000-04-16 11:18:38 +10001222 return 0;
Damien Millerefb4afe2000-04-12 18:45:05 +10001223 s->term = packet_get_string(&len);
1224 s->col = packet_get_int();
1225 s->row = packet_get_int();
1226 s->xpixel = packet_get_int();
1227 s->ypixel = packet_get_int();
Damien Miller4af51302000-04-16 11:18:38 +10001228 term_modes = packet_get_string(&len);
1229 packet_done();
Damien Millerefb4afe2000-04-12 18:45:05 +10001230
1231 if (strcmp(s->term, "") == 0) {
1232 xfree(s->term);
1233 s->term = NULL;
1234 }
1235 /* Allocate a pty and open it. */
1236 if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) {
1237 xfree(s->term);
1238 s->term = NULL;
1239 s->ptyfd = -1;
1240 s->ttyfd = -1;
1241 error("session_pty_req: session %d alloc failed", s->self);
Damien Miller4af51302000-04-16 11:18:38 +10001242 xfree(term_modes);
1243 return 0;
Damien Millerefb4afe2000-04-12 18:45:05 +10001244 }
1245 debug("session_pty_req: session %d alloc %s", s->self, s->tty);
1246 /*
1247 * Add a cleanup function to clear the utmp entry and record logout
1248 * time in case we call fatal() (e.g., the connection gets closed).
1249 */
1250 fatal_add_cleanup(pty_cleanup_proc, (void *)s);
1251 pty_setowner(s->pw, s->tty);
1252 /* Get window size from the packet. */
1253 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1254
Damien Miller5f056372000-04-16 12:31:48 +10001255 /* XXX parse and set terminal modes */
1256 xfree(term_modes);
Damien Millerefb4afe2000-04-12 18:45:05 +10001257 return 1;
1258}
1259
1260void
1261session_input_channel_req(int id, void *arg)
1262{
1263 unsigned int len;
1264 int reply;
1265 int success = 0;
1266 char *rtype;
1267 Session *s;
1268 Channel *c;
1269
1270 rtype = packet_get_string(&len);
1271 reply = packet_get_char();
1272
1273 s = session_by_channel(id);
1274 if (s == NULL)
1275 fatal("session_input_channel_req: channel %d: no session", id);
1276 c = channel_lookup(id);
1277 if (c == NULL)
1278 fatal("session_input_channel_req: channel %d: bad channel", id);
1279
1280 debug("session_input_channel_req: session %d channel %d request %s reply %d",
1281 s->self, id, rtype, reply);
1282
1283 /*
1284 * a session is in LARVAL state until a shell
1285 * or programm is executed
1286 */
1287 if (c->type == SSH_CHANNEL_LARVAL) {
1288 if (strcmp(rtype, "shell") == 0) {
1289 if (s->ttyfd == -1)
1290 do_exec_no_pty(s, NULL, s->pw);
1291 else
1292 do_exec_pty(s, NULL, s->pw);
1293 success = 1;
1294 } else if (strcmp(rtype, "exec") == 0) {
1295 char *command = packet_get_string(&len);
Damien Miller5f056372000-04-16 12:31:48 +10001296 packet_done();
Damien Millerefb4afe2000-04-12 18:45:05 +10001297 if (s->ttyfd == -1)
1298 do_exec_no_pty(s, command, s->pw);
1299 else
1300 do_exec_pty(s, command, s->pw);
1301 xfree(command);
1302 success = 1;
1303 } else if (strcmp(rtype, "pty-req") == 0) {
Damien Miller5f056372000-04-16 12:31:48 +10001304 success = session_pty_req(s);
Damien Millerefb4afe2000-04-12 18:45:05 +10001305 }
1306 }
1307 if (strcmp(rtype, "window-change") == 0) {
1308 success = session_window_change_req(s);
1309 }
1310
1311 if (reply) {
1312 packet_start(success ?
1313 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1314 packet_put_int(c->remote_id);
1315 packet_send();
1316 }
1317 xfree(rtype);
1318}
1319
1320void
1321session_set_fds(Session *s, int fdin, int fdout, int fderr)
1322{
1323 if (!compat20)
1324 fatal("session_set_fds: called for proto != 2.0");
1325 /*
1326 * now that have a child and a pipe to the child,
1327 * we can activate our channel and register the fd's
1328 */
1329 if (s->chanid == -1)
1330 fatal("no channel for session %d", s->self);
1331 channel_set_fds(s->chanid,
1332 fdout, fdin, fderr,
1333 fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ);
1334}
1335
Damien Millerb38eff82000-04-01 11:09:21 +10001336void
1337session_pty_cleanup(Session *s)
1338{
1339 if (s == NULL || s->ttyfd == -1)
1340 return;
1341
1342 debug("session_pty_cleanup: session %i release %s", s->self, s->tty);
1343
1344 /* Cancel the cleanup function. */
1345 fatal_remove_cleanup(pty_cleanup_proc, (void *)s);
1346
1347 /* Record that the user has logged out. */
1348 record_logout(s->pid, s->tty);
1349
1350 /* Release the pseudo-tty. */
1351 pty_release(s->tty);
1352
1353 /*
1354 * Close the server side of the socket pairs. We must do this after
1355 * the pty cleanup, so that another process doesn't get this pty
1356 * while we're still cleaning up.
1357 */
1358 if (close(s->ptymaster) < 0)
1359 error("close(s->ptymaster): %s", strerror(errno));
1360}
Damien Millerefb4afe2000-04-12 18:45:05 +10001361
1362void
1363session_exit_message(Session *s, int status)
1364{
1365 Channel *c;
1366 if (s == NULL)
1367 fatal("session_close: no session");
1368 c = channel_lookup(s->chanid);
1369 if (c == NULL)
1370 fatal("session_close: session %d: no channel %d",
1371 s->self, s->chanid);
1372 debug("session_exit_message: session %d channel %d pid %d",
1373 s->self, s->chanid, s->pid);
1374
1375 if (WIFEXITED(status)) {
1376 channel_request_start(s->chanid,
1377 "exit-status", 0);
1378 packet_put_int(WEXITSTATUS(status));
1379 packet_send();
1380 } else if (WIFSIGNALED(status)) {
1381 channel_request_start(s->chanid,
1382 "exit-signal", 0);
1383 packet_put_int(WTERMSIG(status));
1384 packet_put_char(WCOREDUMP(status));
1385 packet_put_cstring("");
1386 packet_put_cstring("");
1387 packet_send();
1388 } else {
1389 /* Some weird exit cause. Just exit. */
1390 packet_disconnect("wait returned status %04x.", status);
1391 }
1392
1393 /* disconnect channel */
1394 debug("session_exit_message: release channel %d", s->chanid);
1395 channel_cancel_cleanup(s->chanid);
Damien Miller166fca82000-04-20 07:42:21 +10001396 /*
1397 * emulate a write failure with 'chan_write_failed', nobody will be
1398 * interested in data we write.
1399 * Note that we must not call 'chan_read_failed', since there could
1400 * be some more data waiting in the pipe.
1401 */
Damien Millerefb4afe2000-04-12 18:45:05 +10001402 chan_write_failed(c);
1403 s->chanid = -1;
1404}
1405
1406void
1407session_free(Session *s)
1408{
1409 debug("session_free: session %d pid %d", s->self, s->pid);
1410 if (s->term)
1411 xfree(s->term);
1412 if (s->display)
1413 xfree(s->display);
1414 if (s->auth_data)
1415 xfree(s->auth_data);
1416 if (s->auth_proto)
1417 xfree(s->auth_proto);
1418 s->used = 0;
1419}
1420
1421void
1422session_close(Session *s)
1423{
1424 session_pty_cleanup(s);
1425 session_free(s);
1426}
1427
1428void
1429session_close_by_pid(pid_t pid, int status)
1430{
1431 Session *s = session_by_pid(pid);
1432 if (s == NULL) {
1433 debug("session_close_by_pid: no session for pid %d", s->pid);
1434 return;
1435 }
1436 if (s->chanid != -1)
1437 session_exit_message(s, status);
1438 session_close(s);
1439}
1440
1441/*
1442 * this is called when a channel dies before
1443 * the session 'child' itself dies
1444 */
1445void
1446session_close_by_channel(int id, void *arg)
1447{
1448 Session *s = session_by_channel(id);
1449 if (s == NULL) {
1450 debug("session_close_by_channel: no session for channel %d", id);
1451 return;
1452 }
1453 /* disconnect channel */
1454 channel_cancel_cleanup(s->chanid);
1455 s->chanid = -1;
1456
1457 debug("session_close_by_channel: channel %d kill %d", id, s->pid);
1458 if (s->pid == 0) {
1459 /* close session immediately */
1460 session_close(s);
1461 } else {
1462 /* notify child, delay session cleanup */
1463 if (kill(s->pid, (s->ttyfd == -1) ? SIGTERM : SIGHUP) < 0)
1464 error("session_close_by_channel: kill %d: %s",
1465 s->pid, strerror(errno));
1466 }
1467}
1468
1469void
1470do_authenticated2(void)
1471{
1472 /*
1473 * Cancel the alarm we set to limit the time taken for
1474 * authentication.
1475 */
1476 alarm(0);
Damien Millerefb4afe2000-04-12 18:45:05 +10001477 server_loop2();
1478}