blob: 58826db1698ac007794a04b16662509ac8e25e35 [file] [log] [blame]
djm@openbsd.org7c856852018-03-03 03:15:51 +00001/* $OpenBSD: session.c,v 1.294 2018/03/03 03:15:51 djm Exp $ */
Damien Millerb38eff82000-04-01 11:09:21 +10002/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Millere4340be2000-09-16 13:29:08 +11005 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 *
Damien Millerefb4afe2000-04-12 18:45:05 +100012 * SSH2 support by Markus Friedl.
Ben Lindstrom44697232001-07-04 03:32:30 +000013 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110014 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Millerefb4afe2000-04-12 18:45:05 +100034 */
Damien Millerb38eff82000-04-01 11:09:21 +100035
36#include "includes.h"
Damien Miller9cf6d072006-03-15 11:29:24 +110037
38#include <sys/types.h>
Damien Miller8dbffe72006-08-05 11:02:17 +100039#include <sys/param.h>
Damien Millerf17883e2006-03-15 11:45:54 +110040#ifdef HAVE_SYS_STAT_H
41# include <sys/stat.h>
42#endif
Damien Millere3b60b52006-07-10 21:08:03 +100043#include <sys/socket.h>
Damien Miller574c41f2006-03-15 11:40:10 +110044#include <sys/un.h>
Damien Miller8dbffe72006-08-05 11:02:17 +100045#include <sys/wait.h>
Damien Miller03e20032006-03-15 11:16:59 +110046
Damien Miller1cdde6f2006-07-24 14:07:35 +100047#include <arpa/inet.h>
48
djm@openbsd.org4b4bfb02016-03-10 11:47:57 +000049#include <ctype.h>
Darren Tucker39972492006-07-12 22:22:46 +100050#include <errno.h>
Damien Miller22a29882010-05-10 11:53:54 +100051#include <fcntl.h>
Damien Miller427a1d52006-07-10 20:20:33 +100052#include <grp.h>
Damien Millere5c0d522014-07-03 21:24:19 +100053#include <netdb.h>
Damien Miller6645e7a2006-03-15 14:42:54 +110054#ifdef HAVE_PATHS_H
Damien Miller03e20032006-03-15 11:16:59 +110055#include <paths.h>
Damien Miller6645e7a2006-03-15 14:42:54 +110056#endif
Damien Miller9f2abc42006-07-10 20:53:08 +100057#include <pwd.h>
Damien Miller6ff3cad2006-03-15 11:52:09 +110058#include <signal.h>
Damien Millerded319c2006-09-01 15:38:36 +100059#include <stdarg.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100060#include <stdio.h>
Damien Millere7a1e5c2006-08-05 11:34:19 +100061#include <stdlib.h>
Damien Millere3476ed2006-07-24 14:13:33 +100062#include <string.h>
Damien Miller1cdde6f2006-07-24 14:07:35 +100063#include <unistd.h>
deraadt@openbsd.org2ae4f332015-01-16 06:40:12 +000064#include <limits.h>
Damien Millerb38eff82000-04-01 11:09:21 +100065
Damien Millerb84886b2008-05-19 15:05:07 +100066#include "openbsd-compat/sys-queue.h"
Damien Millerd7834352006-08-05 12:39:39 +100067#include "xmalloc.h"
Damien Millerb38eff82000-04-01 11:09:21 +100068#include "ssh.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000069#include "ssh2.h"
Ben Lindstromd95c09c2001-02-18 19:13:33 +000070#include "sshpty.h"
Damien Millerb38eff82000-04-01 11:09:21 +100071#include "packet.h"
72#include "buffer.h"
Darren Tucker46bc0752004-05-02 22:11:30 +100073#include "match.h"
Damien Millerb38eff82000-04-01 11:09:21 +100074#include "uidswap.h"
75#include "compat.h"
Ben Lindstromc7637672001-06-09 00:36:26 +000076#include "channels.h"
Damien Millerd7834352006-08-05 12:39:39 +100077#include "key.h"
78#include "cipher.h"
79#ifdef GSSAPI
80#include "ssh-gss.h"
81#endif
82#include "hostfile.h"
Damien Millerefb4afe2000-04-12 18:45:05 +100083#include "auth.h"
Damien Millerf6d9e222000-06-18 14:50:44 +100084#include "auth-options.h"
Damien Miller85b45e02013-07-20 13:21:52 +100085#include "authfd.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000086#include "pathnames.h"
87#include "log.h"
Damien Miller7acefbb2014-07-18 14:11:24 +100088#include "misc.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000089#include "servconf.h"
Ben Lindstromd95c09c2001-02-18 19:13:33 +000090#include "sshlogin.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000091#include "serverloop.h"
92#include "canohost.h"
Ben Lindstrom31ca54a2001-02-09 02:11:24 +000093#include "session.h"
Damien Miller9786e6e2005-07-26 21:54:56 +100094#include "kex.h"
Ben Lindstrom7a2073c2002-03-22 02:30:41 +000095#include "monitor_wrap.h"
Damien Millerdfc24252008-02-10 22:29:40 +110096#include "sftp.h"
djm@openbsd.org8f574952017-06-24 06:34:38 +000097#include "atomicio.h"
Damien Millerefb4afe2000-04-12 18:45:05 +100098
Darren Tucker3c78c5e2004-01-23 22:03:10 +110099#if defined(KRB5) && defined(USE_AFS)
Damien Miller8f341f82004-01-21 11:00:46 +1100100#include <kafs.h>
101#endif
102
Damien Miller14684a12011-05-20 11:23:07 +1000103#ifdef WITH_SELINUX
104#include <selinux/selinux.h>
105#endif
106
Damien Millerad793d52008-11-03 19:17:57 +1100107#define IS_INTERNAL_SFTP(c) \
108 (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
109 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
110 c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
111 c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
112
Damien Millerb38eff82000-04-01 11:09:21 +1000113/* func */
114
115Session *session_new(void);
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000116void session_set_fds(struct ssh *, Session *, int, int, int, int, int);
Darren Tucker3e33cec2003-10-02 16:12:36 +1000117void session_pty_cleanup(Session *);
Kevin Steves8f63caa2001-07-04 18:23:02 +0000118void session_proctitle(Session *);
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000119int session_setup_x11fwd(struct ssh *, Session *);
120int do_exec_pty(struct ssh *, Session *, const char *);
121int do_exec_no_pty(struct ssh *, Session *, const char *);
122int do_exec(struct ssh *, Session *, const char *);
123void do_login(struct ssh *, Session *, const char *);
124void do_child(struct ssh *, Session *, const char *);
Kevin Stevesa0957d62001-09-27 19:50:26 +0000125#ifdef LOGIN_NEEDS_UTMPX
126static void do_pre_login(Session *s);
127#endif
Damien Millercf205e82001-04-16 18:29:15 +1000128void do_motd(void);
Kevin Steves8f63caa2001-07-04 18:23:02 +0000129int check_quietlogin(Session *, const char *);
Damien Millerb38eff82000-04-01 11:09:21 +1000130
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000131static void do_authenticated2(struct ssh *, Authctxt *);
Kevin Steves8f63caa2001-07-04 18:23:02 +0000132
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000133static int session_pty_req(struct ssh *, Session *);
Ben Lindstromb31783d2001-03-22 02:02:12 +0000134
Damien Millerb38eff82000-04-01 11:09:21 +1000135/* import */
136extern ServerOptions options;
137extern char *__progname;
Damien Millerb38eff82000-04-01 11:09:21 +1000138extern int debug_flag;
Ben Lindstrom46c16222000-12-22 01:43:59 +0000139extern u_int utmp_len;
Damien Miller37023962000-07-11 17:31:38 +1000140extern int startup_pipe;
Ben Lindstrom005dd222001-04-18 15:29:33 +0000141extern void destroy_sensitive_data(void);
Darren Tuckerb9aa0a02003-07-08 22:59:59 +1000142extern Buffer loginmsg;
djm@openbsd.org7c856852018-03-03 03:15:51 +0000143extern struct sshauthopt *auth_opts;
djm@openbsd.orgb7548b12017-10-23 05:08:00 +0000144char *tun_fwd_ifnames; /* serverloop.c */
Damien Miller37023962000-07-11 17:31:38 +1000145
Damien Miller7b28dc52000-09-05 13:34:53 +1100146/* original command from peer. */
Ben Lindstrom0a7ca6c2001-06-21 03:17:42 +0000147const char *original_command = NULL;
Damien Miller7b28dc52000-09-05 13:34:53 +1100148
Damien Millerb38eff82000-04-01 11:09:21 +1000149/* data */
Damien Miller7207f642008-05-19 15:34:50 +1000150static int sessions_first_unused = -1;
151static int sessions_nalloc = 0;
152static Session *sessions = NULL;
Damien Miller15e7d4b2000-09-29 10:57:35 +1100153
Darren Tuckerd6b06a92010-01-08 17:09:11 +1100154#define SUBSYSTEM_NONE 0
155#define SUBSYSTEM_EXT 1
156#define SUBSYSTEM_INT_SFTP 2
157#define SUBSYSTEM_INT_SFTP_ERROR 3
Damien Millerdfc24252008-02-10 22:29:40 +1100158
Damien Millerad833b32000-08-23 10:46:23 +1000159#ifdef HAVE_LOGIN_CAP
Ben Lindstromb481e132002-03-22 01:35:47 +0000160login_cap_t *lc;
Damien Millerad833b32000-08-23 10:46:23 +1000161#endif
162
Darren Tucker3e33cec2003-10-02 16:12:36 +1000163static int is_child = 0;
djm@openbsd.org44fc7cd2015-10-24 22:52:22 +0000164static int in_chroot = 0;
Darren Tucker3e33cec2003-10-02 16:12:36 +1000165
djm@openbsd.org8f574952017-06-24 06:34:38 +0000166/* File containing userauth info, if ExposeAuthInfo set */
167static char *auth_info_file = NULL;
168
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000169/* Name and directory of socket for authentication agent forwarding. */
170static char *auth_sock_name = NULL;
171static char *auth_sock_dir = NULL;
172
173/* removes the agent forwarding socket */
174
175static void
Darren Tucker3e33cec2003-10-02 16:12:36 +1000176auth_sock_cleanup_proc(struct passwd *pw)
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000177{
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000178 if (auth_sock_name != NULL) {
179 temporarily_use_uid(pw);
180 unlink(auth_sock_name);
181 rmdir(auth_sock_dir);
182 auth_sock_name = NULL;
183 restore_uid();
184 }
185}
186
187static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000188auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000189{
190 Channel *nc;
Damien Miller7207f642008-05-19 15:34:50 +1000191 int sock = -1;
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000192
193 if (auth_sock_name != NULL) {
194 error("authentication forwarding requested twice.");
195 return 0;
196 }
197
198 /* Temporarily drop privileged uid for mkdir/bind. */
199 temporarily_use_uid(pw);
200
201 /* Allocate a buffer for the socket name, and format the name. */
Damien Miller7207f642008-05-19 15:34:50 +1000202 auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000203
204 /* Create private directory for socket */
205 if (mkdtemp(auth_sock_dir) == NULL) {
206 packet_send_debug("Agent forwarding disabled: "
207 "mkdtemp() failed: %.100s", strerror(errno));
208 restore_uid();
Darren Tuckera627d422013-06-02 07:31:17 +1000209 free(auth_sock_dir);
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000210 auth_sock_dir = NULL;
Damien Miller7207f642008-05-19 15:34:50 +1000211 goto authsock_err;
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000212 }
Damien Miller7207f642008-05-19 15:34:50 +1000213
214 xasprintf(&auth_sock_name, "%s/agent.%ld",
215 auth_sock_dir, (long) getpid());
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000216
Damien Miller7acefbb2014-07-18 14:11:24 +1000217 /* Start a Unix listener on auth_sock_name. */
218 sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0);
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000219
220 /* Restore the privileged uid. */
221 restore_uid();
222
Damien Miller7acefbb2014-07-18 14:11:24 +1000223 /* Check for socket/bind/listen failure. */
224 if (sock < 0)
Damien Miller7207f642008-05-19 15:34:50 +1000225 goto authsock_err;
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000226
227 /* Allocate a channel for the authentication agent socket. */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000228 nc = channel_new(ssh, "auth socket",
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000229 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
230 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
Damien Millerb1ca8bb2003-05-14 13:45:42 +1000231 0, "auth socket", 1);
Damien Millera1c1b6c2009-01-28 16:29:49 +1100232 nc->path = xstrdup(auth_sock_name);
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000233 return 1;
Damien Miller7207f642008-05-19 15:34:50 +1000234
235 authsock_err:
Darren Tuckera627d422013-06-02 07:31:17 +1000236 free(auth_sock_name);
Damien Miller7207f642008-05-19 15:34:50 +1000237 if (auth_sock_dir != NULL) {
238 rmdir(auth_sock_dir);
Darren Tuckera627d422013-06-02 07:31:17 +1000239 free(auth_sock_dir);
Damien Miller7207f642008-05-19 15:34:50 +1000240 }
241 if (sock != -1)
242 close(sock);
243 auth_sock_name = NULL;
244 auth_sock_dir = NULL;
245 return 0;
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000246}
247
Darren Tucker1921ed92004-02-10 13:23:28 +1100248static void
249display_loginmsg(void)
250{
Damien Miller46d38de2005-07-17 17:02:09 +1000251 if (buffer_len(&loginmsg) > 0) {
252 buffer_append(&loginmsg, "\0", 1);
253 printf("%s", (char *)buffer_ptr(&loginmsg));
254 buffer_clear(&loginmsg);
255 }
Darren Tucker1921ed92004-02-10 13:23:28 +1100256}
Ben Lindstrom8bb6f362002-06-11 15:59:02 +0000257
djm@openbsd.org8f574952017-06-24 06:34:38 +0000258static void
259prepare_auth_info_file(struct passwd *pw, struct sshbuf *info)
260{
261 int fd = -1, success = 0;
262
263 if (!options.expose_userauth_info || info == NULL)
264 return;
265
266 temporarily_use_uid(pw);
267 auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX");
268 if ((fd = mkstemp(auth_info_file)) == -1) {
269 error("%s: mkstemp: %s", __func__, strerror(errno));
270 goto out;
271 }
272 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info),
273 sshbuf_len(info)) != sshbuf_len(info)) {
274 error("%s: write: %s", __func__, strerror(errno));
275 goto out;
276 }
277 if (close(fd) != 0) {
278 error("%s: close: %s", __func__, strerror(errno));
279 goto out;
280 }
281 success = 1;
282 out:
283 if (!success) {
284 if (fd != -1)
285 close(fd);
286 free(auth_info_file);
287 auth_info_file = NULL;
288 }
289 restore_uid();
290}
291
djm@openbsd.org7c856852018-03-03 03:15:51 +0000292static void
293set_permitopen_from_authopts(struct ssh *ssh, const struct sshauthopt *opts)
294{
295 char *tmp, *cp, *host;
296 int port;
297 size_t i;
298
299 if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
300 return;
301 channel_clear_permitted_opens(ssh);
302 for (i = 0; i < auth_opts->npermitopen; i++) {
303 tmp = cp = xstrdup(auth_opts->permitopen[i]);
304 /* This shouldn't fail as it has already been checked */
305 if ((host = hpdelim(&cp)) == NULL)
306 fatal("%s: internal error: hpdelim", __func__);
307 host = cleanhostname(host);
308 if (cp == NULL || (port = permitopen_port(cp)) < 0)
309 fatal("%s: internal error: permitopen port",
310 __func__);
311 channel_add_permitted_opens(ssh, host, port);
312 free(tmp);
313 }
314}
315
Ben Lindstromb31783d2001-03-22 02:02:12 +0000316void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000317do_authenticated(struct ssh *ssh, Authctxt *authctxt)
Ben Lindstromb31783d2001-03-22 02:02:12 +0000318{
Damien Miller97f39ae2003-02-24 11:57:01 +1100319 setproctitle("%s", authctxt->pw->pw_name);
320
djm@openbsd.org7c856852018-03-03 03:15:51 +0000321 auth_log_authopts("active", auth_opts, 0);
322
Ben Lindstromb31783d2001-03-22 02:02:12 +0000323 /* setup the channel layer */
Damien Miller7acefbb2014-07-18 14:11:24 +1000324 /* XXX - streamlocal? */
djm@openbsd.org7c856852018-03-03 03:15:51 +0000325 set_permitopen_from_authopts(ssh, auth_opts);
326 if (!auth_opts->permit_port_forwarding_flag ||
327 options.disable_forwarding ||
Damien Milleraa5b3f82012-12-03 09:50:54 +1100328 (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000329 channel_disable_adm_local_opens(ssh);
Damien Milleraa5b3f82012-12-03 09:50:54 +1100330 else
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000331 channel_permit_all_opens(ssh);
Ben Lindstromb31783d2001-03-22 02:02:12 +0000332
Darren Tuckercd70e1b2010-03-07 23:05:17 +1100333 auth_debug_send();
334
djm@openbsd.org8f574952017-06-24 06:34:38 +0000335 prepare_auth_info_file(authctxt->pw, authctxt->session_info);
336
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000337 do_authenticated2(ssh, authctxt);
djm@openbsd.org8f574952017-06-24 06:34:38 +0000338
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000339 do_cleanup(ssh, authctxt);
Ben Lindstromb31783d2001-03-22 02:02:12 +0000340}
341
djm@openbsd.org4b4bfb02016-03-10 11:47:57 +0000342/* Check untrusted xauth strings for metacharacters */
343static int
344xauth_valid_string(const char *s)
345{
346 size_t i;
347
348 for (i = 0; s[i] != '\0'; i++) {
349 if (!isalnum((u_char)s[i]) &&
350 s[i] != '.' && s[i] != ':' && s[i] != '/' &&
351 s[i] != '-' && s[i] != '_')
352 return 0;
353 }
354 return 1;
355}
356
Darren Tucker293ee3c2014-01-19 15:28:01 +1100357#define USE_PIPES 1
Damien Millerb38eff82000-04-01 11:09:21 +1000358/*
359 * This is called to fork and execute a command when we have no tty. This
360 * will call do_child from the child, and server_loop from the parent after
361 * setting up file descriptors and such.
362 */
Damien Miller7207f642008-05-19 15:34:50 +1000363int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000364do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
Damien Millerb38eff82000-04-01 11:09:21 +1000365{
Ben Lindstromce0f6342002-06-11 16:42:49 +0000366 pid_t pid;
Damien Millerb38eff82000-04-01 11:09:21 +1000367#ifdef USE_PIPES
368 int pin[2], pout[2], perr[2];
Damien Miller7207f642008-05-19 15:34:50 +1000369
Damien Miller22a29882010-05-10 11:53:54 +1000370 if (s == NULL)
371 fatal("do_exec_no_pty: no session");
372
Damien Millerb38eff82000-04-01 11:09:21 +1000373 /* Allocate pipes for communicating with the program. */
Damien Miller7207f642008-05-19 15:34:50 +1000374 if (pipe(pin) < 0) {
375 error("%s: pipe in: %.100s", __func__, strerror(errno));
376 return -1;
377 }
378 if (pipe(pout) < 0) {
379 error("%s: pipe out: %.100s", __func__, strerror(errno));
380 close(pin[0]);
381 close(pin[1]);
382 return -1;
383 }
Damien Miller8853ca52010-06-26 10:00:14 +1000384 if (pipe(perr) < 0) {
385 error("%s: pipe err: %.100s", __func__,
386 strerror(errno));
387 close(pin[0]);
388 close(pin[1]);
389 close(pout[0]);
390 close(pout[1]);
391 return -1;
Damien Miller7207f642008-05-19 15:34:50 +1000392 }
393#else
Damien Millerb38eff82000-04-01 11:09:21 +1000394 int inout[2], err[2];
Damien Miller7207f642008-05-19 15:34:50 +1000395
Damien Miller22a29882010-05-10 11:53:54 +1000396 if (s == NULL)
397 fatal("do_exec_no_pty: no session");
398
Damien Millerb38eff82000-04-01 11:09:21 +1000399 /* Uses socket pairs to communicate with the program. */
Damien Miller7207f642008-05-19 15:34:50 +1000400 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
401 error("%s: socketpair #1: %.100s", __func__, strerror(errno));
402 return -1;
403 }
Damien Miller8853ca52010-06-26 10:00:14 +1000404 if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
405 error("%s: socketpair #2: %.100s", __func__,
406 strerror(errno));
407 close(inout[0]);
408 close(inout[1]);
409 return -1;
Damien Miller7207f642008-05-19 15:34:50 +1000410 }
411#endif
412
Damien Millere247cc42000-05-07 12:03:14 +1000413 session_proctitle(s);
Damien Millerb38eff82000-04-01 11:09:21 +1000414
Damien Millerb38eff82000-04-01 11:09:21 +1000415 /* Fork the child. */
Damien Miller7207f642008-05-19 15:34:50 +1000416 switch ((pid = fork())) {
417 case -1:
418 error("%s: fork: %.100s", __func__, strerror(errno));
419#ifdef USE_PIPES
420 close(pin[0]);
421 close(pin[1]);
422 close(pout[0]);
423 close(pout[1]);
Damien Miller8853ca52010-06-26 10:00:14 +1000424 close(perr[0]);
Damien Miller7207f642008-05-19 15:34:50 +1000425 close(perr[1]);
426#else
427 close(inout[0]);
428 close(inout[1]);
429 close(err[0]);
Damien Miller8853ca52010-06-26 10:00:14 +1000430 close(err[1]);
Damien Miller7207f642008-05-19 15:34:50 +1000431#endif
432 return -1;
433 case 0:
Darren Tucker3e33cec2003-10-02 16:12:36 +1000434 is_child = 1;
Ben Lindstrom264ee302002-07-23 21:01:56 +0000435
Damien Millerb38eff82000-04-01 11:09:21 +1000436 /*
437 * Create a new session and process group since the 4.4BSD
438 * setlogin() affects the entire process group.
439 */
440 if (setsid() < 0)
441 error("setsid failed: %.100s", strerror(errno));
442
443#ifdef USE_PIPES
444 /*
445 * Redirect stdin. We close the parent side of the socket
446 * pair, and make the child side the standard input.
447 */
448 close(pin[1]);
449 if (dup2(pin[0], 0) < 0)
450 perror("dup2 stdin");
451 close(pin[0]);
452
453 /* Redirect stdout. */
454 close(pout[0]);
455 if (dup2(pout[1], 1) < 0)
456 perror("dup2 stdout");
457 close(pout[1]);
458
459 /* Redirect stderr. */
Damien Miller8853ca52010-06-26 10:00:14 +1000460 close(perr[0]);
Damien Millerb38eff82000-04-01 11:09:21 +1000461 if (dup2(perr[1], 2) < 0)
462 perror("dup2 stderr");
463 close(perr[1]);
Damien Miller7207f642008-05-19 15:34:50 +1000464#else
Damien Millerb38eff82000-04-01 11:09:21 +1000465 /*
466 * Redirect stdin, stdout, and stderr. Stdin and stdout will
467 * use the same socket, as some programs (particularly rdist)
468 * seem to depend on it.
469 */
470 close(inout[1]);
Damien Miller8853ca52010-06-26 10:00:14 +1000471 close(err[1]);
Damien Millerb38eff82000-04-01 11:09:21 +1000472 if (dup2(inout[0], 0) < 0) /* stdin */
473 perror("dup2 stdin");
Damien Miller7207f642008-05-19 15:34:50 +1000474 if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */
Damien Millerb38eff82000-04-01 11:09:21 +1000475 perror("dup2 stdout");
Damien Miller7207f642008-05-19 15:34:50 +1000476 close(inout[0]);
Damien Millerb38eff82000-04-01 11:09:21 +1000477 if (dup2(err[0], 2) < 0) /* stderr */
478 perror("dup2 stderr");
Damien Miller7207f642008-05-19 15:34:50 +1000479 close(err[0]);
480#endif
481
Damien Millerb38eff82000-04-01 11:09:21 +1000482 /* Do processing for the child (exec command etc). */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000483 do_child(ssh, s, command);
Damien Millerb38eff82000-04-01 11:09:21 +1000484 /* NOTREACHED */
Damien Miller7207f642008-05-19 15:34:50 +1000485 default:
486 break;
Damien Millerb38eff82000-04-01 11:09:21 +1000487 }
Damien Miller7207f642008-05-19 15:34:50 +1000488
Damien Millerbac2d8a2000-09-05 16:13:06 +1100489#ifdef HAVE_CYGWIN
Darren Tucker9d86e5d2009-03-08 11:40:27 +1100490 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
Damien Millerbac2d8a2000-09-05 16:13:06 +1100491#endif
Damien Miller7207f642008-05-19 15:34:50 +1000492
Damien Millerb38eff82000-04-01 11:09:21 +1000493 s->pid = pid;
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000494 /* Set interactive/non-interactive mode. */
Damien Miller0dac6fb2010-11-20 15:19:38 +1100495 packet_set_interactive(s->display != NULL,
496 options.ip_qos_interactive, options.ip_qos_bulk);
Damien Miller7207f642008-05-19 15:34:50 +1000497
498 /*
499 * Clear loginmsg, since it's the child's responsibility to display
500 * it to the user, otherwise multiple sessions may accumulate
501 * multiple copies of the login messages.
502 */
503 buffer_clear(&loginmsg);
504
Damien Millerb38eff82000-04-01 11:09:21 +1000505#ifdef USE_PIPES
506 /* We are the parent. Close the child sides of the pipes. */
507 close(pin[0]);
508 close(pout[1]);
509 close(perr[1]);
510
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000511 session_set_fds(ssh, s, pin[1], pout[0], perr[0],
markus@openbsd.org6cb6dcf2016-08-13 17:47:40 +0000512 s->is_subsystem, 0);
Damien Miller7207f642008-05-19 15:34:50 +1000513#else
Damien Millerb38eff82000-04-01 11:09:21 +1000514 /* We are the parent. Close the child sides of the socket pairs. */
515 close(inout[0]);
516 close(err[0]);
517
518 /*
519 * Enter the interactive session. Note: server_loop must be able to
520 * handle the case that fdin and fdout are the same.
521 */
markus@openbsd.org6cb6dcf2016-08-13 17:47:40 +0000522 session_set_fds(s, inout[1], inout[1], err[1],
523 s->is_subsystem, 0);
Damien Miller7207f642008-05-19 15:34:50 +1000524#endif
525 return 0;
Damien Millerb38eff82000-04-01 11:09:21 +1000526}
527
528/*
529 * This is called to fork and execute a command when we have a tty. This
530 * will call do_child from the child, and server_loop from the parent after
531 * setting up file descriptors, controlling tty, updating wtmp, utmp,
532 * lastlog, and other such operations.
533 */
Damien Miller7207f642008-05-19 15:34:50 +1000534int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000535do_exec_pty(struct ssh *ssh, Session *s, const char *command)
Damien Millerb38eff82000-04-01 11:09:21 +1000536{
Damien Millerb38eff82000-04-01 11:09:21 +1000537 int fdout, ptyfd, ttyfd, ptymaster;
Damien Millerb38eff82000-04-01 11:09:21 +1000538 pid_t pid;
Damien Millerb38eff82000-04-01 11:09:21 +1000539
540 if (s == NULL)
541 fatal("do_exec_pty: no session");
542 ptyfd = s->ptyfd;
543 ttyfd = s->ttyfd;
544
Damien Miller7207f642008-05-19 15:34:50 +1000545 /*
546 * Create another descriptor of the pty master side for use as the
547 * standard input. We could use the original descriptor, but this
548 * simplifies code in server_loop. The descriptor is bidirectional.
549 * Do this before forking (and cleanup in the child) so as to
550 * detect and gracefully fail out-of-fd conditions.
551 */
552 if ((fdout = dup(ptyfd)) < 0) {
553 error("%s: dup #1: %s", __func__, strerror(errno));
554 close(ttyfd);
555 close(ptyfd);
556 return -1;
557 }
558 /* we keep a reference to the pty master */
559 if ((ptymaster = dup(ptyfd)) < 0) {
560 error("%s: dup #2: %s", __func__, strerror(errno));
561 close(ttyfd);
562 close(ptyfd);
563 close(fdout);
564 return -1;
565 }
566
Damien Millerb38eff82000-04-01 11:09:21 +1000567 /* Fork the child. */
Damien Miller7207f642008-05-19 15:34:50 +1000568 switch ((pid = fork())) {
569 case -1:
570 error("%s: fork: %.100s", __func__, strerror(errno));
571 close(fdout);
572 close(ptymaster);
573 close(ttyfd);
574 close(ptyfd);
575 return -1;
576 case 0:
Darren Tucker3e33cec2003-10-02 16:12:36 +1000577 is_child = 1;
Ben Lindstrombddd5512001-07-04 04:53:53 +0000578
Damien Miller7207f642008-05-19 15:34:50 +1000579 close(fdout);
580 close(ptymaster);
581
Damien Millerb38eff82000-04-01 11:09:21 +1000582 /* Close the master side of the pseudo tty. */
583 close(ptyfd);
584
585 /* Make the pseudo tty our controlling tty. */
586 pty_make_controlling_tty(&ttyfd, s->tty);
587
Damien Miller9c751422001-10-10 15:02:46 +1000588 /* Redirect stdin/stdout/stderr from the pseudo tty. */
589 if (dup2(ttyfd, 0) < 0)
590 error("dup2 stdin: %s", strerror(errno));
591 if (dup2(ttyfd, 1) < 0)
592 error("dup2 stdout: %s", strerror(errno));
593 if (dup2(ttyfd, 2) < 0)
594 error("dup2 stderr: %s", strerror(errno));
Damien Millerb38eff82000-04-01 11:09:21 +1000595
596 /* Close the extra descriptor for the pseudo tty. */
597 close(ttyfd);
598
Damien Miller942da032000-08-18 13:59:06 +1000599 /* record login, etc. similar to login(1) */
otto@openbsd.orgfc041c42016-08-23 16:21:45 +0000600#ifndef HAVE_OSF_SIA
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000601 do_login(ssh, s, command);
Damien Miller364a9bd2001-04-16 18:37:05 +1000602#endif
Damien Miller7207f642008-05-19 15:34:50 +1000603 /*
604 * Do common processing for the child, such as execing
605 * the command.
606 */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000607 do_child(ssh, s, command);
Darren Tucker43e7a352009-06-21 19:50:08 +1000608 /* NOTREACHED */
Damien Miller7207f642008-05-19 15:34:50 +1000609 default:
610 break;
Damien Millerb38eff82000-04-01 11:09:21 +1000611 }
Damien Miller7207f642008-05-19 15:34:50 +1000612
Damien Millerbac2d8a2000-09-05 16:13:06 +1100613#ifdef HAVE_CYGWIN
Darren Tucker9d86e5d2009-03-08 11:40:27 +1100614 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
Damien Millerbac2d8a2000-09-05 16:13:06 +1100615#endif
Damien Miller7207f642008-05-19 15:34:50 +1000616
Damien Millerb38eff82000-04-01 11:09:21 +1000617 s->pid = pid;
618
619 /* Parent. Close the slave side of the pseudo tty. */
620 close(ttyfd);
621
Damien Millerb38eff82000-04-01 11:09:21 +1000622 /* Enter interactive session. */
Damien Miller7207f642008-05-19 15:34:50 +1000623 s->ptymaster = ptymaster;
Damien Miller0dac6fb2010-11-20 15:19:38 +1100624 packet_set_interactive(1,
625 options.ip_qos_interactive, options.ip_qos_bulk);
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000626 session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1);
Damien Miller7207f642008-05-19 15:34:50 +1000627 return 0;
Damien Millerb38eff82000-04-01 11:09:21 +1000628}
629
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000630#ifdef LOGIN_NEEDS_UTMPX
Damien Miller599d8eb2001-09-15 12:25:53 +1000631static void
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000632do_pre_login(Session *s)
633{
Darren Tuckeraa377682016-06-20 15:55:34 +1000634 struct ssh *ssh = active_state; /* XXX */
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000635 socklen_t fromlen;
636 struct sockaddr_storage from;
637 pid_t pid = getpid();
638
639 /*
640 * Get IP address of client. If the connection is not a socket, let
641 * the address be 0.0.0.0.
642 */
643 memset(&from, 0, sizeof(from));
Damien Millerebc23062002-09-04 16:45:09 +1000644 fromlen = sizeof(from);
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000645 if (packet_connection_is_on_socket()) {
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000646 if (getpeername(packet_get_connection_in(),
Damien Miller90967402006-03-26 14:07:26 +1100647 (struct sockaddr *)&from, &fromlen) < 0) {
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000648 debug("getpeername: %.100s", strerror(errno));
Darren Tucker3e33cec2003-10-02 16:12:36 +1000649 cleanup_exit(255);
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000650 }
651 }
652
653 record_utmp_only(pid, s->tty, s->pw->pw_name,
Darren Tuckeraa377682016-06-20 15:55:34 +1000654 session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
Kevin Steves678ee512003-01-01 23:43:55 +0000655 (struct sockaddr *)&from, fromlen);
Ben Lindstrom97c677d2001-05-08 20:33:05 +0000656}
657#endif
658
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000659/*
660 * This is called to fork and execute a command. If another command is
661 * to be forced, execute that instead.
662 */
Damien Miller7207f642008-05-19 15:34:50 +1000663int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000664do_exec(struct ssh *ssh, Session *s, const char *command)
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000665{
Damien Miller7207f642008-05-19 15:34:50 +1000666 int ret;
djm@openbsd.org5a0fcb72016-02-16 03:37:48 +0000667 const char *forced = NULL, *tty = NULL;
668 char session_type[1024];
Damien Miller7207f642008-05-19 15:34:50 +1000669
Damien Millere2754432006-07-24 14:06:47 +1000670 if (options.adm_forced_command) {
671 original_command = command;
672 command = options.adm_forced_command;
Damien Miller71df7522013-10-15 12:12:02 +1100673 forced = "(config)";
djm@openbsd.org7c856852018-03-03 03:15:51 +0000674 } else if (auth_opts->force_command != NULL) {
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000675 original_command = command;
djm@openbsd.org7c856852018-03-03 03:15:51 +0000676 command = auth_opts->force_command;
Damien Miller71df7522013-10-15 12:12:02 +1100677 forced = "(key-option)";
678 }
679 if (forced != NULL) {
Darren Tuckerd6b06a92010-01-08 17:09:11 +1100680 if (IS_INTERNAL_SFTP(command)) {
681 s->is_subsystem = s->is_subsystem ?
682 SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
683 } else if (s->is_subsystem)
Damien Millerdfc24252008-02-10 22:29:40 +1100684 s->is_subsystem = SUBSYSTEM_EXT;
Damien Miller71df7522013-10-15 12:12:02 +1100685 snprintf(session_type, sizeof(session_type),
686 "forced-command %s '%.900s'", forced, command);
687 } else if (s->is_subsystem) {
688 snprintf(session_type, sizeof(session_type),
689 "subsystem '%.900s'", s->subsys);
690 } else if (command == NULL) {
691 snprintf(session_type, sizeof(session_type), "shell");
692 } else {
693 /* NB. we don't log unforced commands to preserve privacy */
694 snprintf(session_type, sizeof(session_type), "command");
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000695 }
696
Damien Miller71df7522013-10-15 12:12:02 +1100697 if (s->ttyfd != -1) {
698 tty = s->tty;
699 if (strncmp(tty, "/dev/", 5) == 0)
700 tty += 5;
701 }
702
djm@openbsd.org5a0fcb72016-02-16 03:37:48 +0000703 verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",
Damien Miller71df7522013-10-15 12:12:02 +1100704 session_type,
705 tty == NULL ? "" : " on ",
706 tty == NULL ? "" : tty,
707 s->pw->pw_name,
djm@openbsd.org95767262016-03-07 19:02:43 +0000708 ssh_remote_ipaddr(ssh),
709 ssh_remote_port(ssh),
djm@openbsd.org5a0fcb72016-02-16 03:37:48 +0000710 s->self);
Damien Miller71df7522013-10-15 12:12:02 +1100711
Darren Tucker2e0cf0d2005-02-08 21:52:47 +1100712#ifdef SSH_AUDIT_EVENTS
Darren Tucker269a1ea2005-02-03 00:20:53 +1100713 if (command != NULL)
714 PRIVSEP(audit_run_command(command));
715 else if (s->ttyfd == -1) {
716 char *shell = s->pw->pw_shell;
717
718 if (shell[0] == '\0') /* empty shell means /bin/sh */
719 shell =_PATH_BSHELL;
720 PRIVSEP(audit_run_command(shell));
721 }
722#endif
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000723 if (s->ttyfd != -1)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000724 ret = do_exec_pty(ssh, s, command);
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000725 else
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000726 ret = do_exec_no_pty(ssh, s, command);
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000727
Ben Lindstrom0a7ca6c2001-06-21 03:17:42 +0000728 original_command = NULL;
Ben Lindstromc85ab8a2001-06-21 03:13:10 +0000729
Darren Tucker09991742004-07-17 17:05:14 +1000730 /*
731 * Clear loginmsg: it's the child's responsibility to display
732 * it to the user, otherwise multiple sessions may accumulate
733 * multiple copies of the login messages.
734 */
735 buffer_clear(&loginmsg);
Damien Miller7207f642008-05-19 15:34:50 +1000736
737 return ret;
Darren Tucker09991742004-07-17 17:05:14 +1000738}
Ben Lindstrom4e97e852002-02-19 21:50:43 +0000739
Damien Miller942da032000-08-18 13:59:06 +1000740/* administrative, login(1)-like work */
741void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000742do_login(struct ssh *ssh, Session *s, const char *command)
Damien Miller942da032000-08-18 13:59:06 +1000743{
Damien Miller942da032000-08-18 13:59:06 +1000744 socklen_t fromlen;
745 struct sockaddr_storage from;
Damien Miller942da032000-08-18 13:59:06 +1000746 struct passwd * pw = s->pw;
747 pid_t pid = getpid();
748
749 /*
750 * Get IP address of client. If the connection is not a socket, let
751 * the address be 0.0.0.0.
752 */
753 memset(&from, 0, sizeof(from));
Kevin Steves678ee512003-01-01 23:43:55 +0000754 fromlen = sizeof(from);
Damien Miller942da032000-08-18 13:59:06 +1000755 if (packet_connection_is_on_socket()) {
Damien Miller942da032000-08-18 13:59:06 +1000756 if (getpeername(packet_get_connection_in(),
Darren Tucker43e7a352009-06-21 19:50:08 +1000757 (struct sockaddr *)&from, &fromlen) < 0) {
Damien Miller942da032000-08-18 13:59:06 +1000758 debug("getpeername: %.100s", strerror(errno));
Darren Tucker3e33cec2003-10-02 16:12:36 +1000759 cleanup_exit(255);
Damien Miller942da032000-08-18 13:59:06 +1000760 }
761 }
762
763 /* Record that there was a login on that tty from the remote host. */
Ben Lindstrom2bf56e22002-04-02 20:32:46 +0000764 if (!use_privsep)
765 record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
djm@openbsd.org95767262016-03-07 19:02:43 +0000766 session_get_remote_name_or_ip(ssh, utmp_len,
Damien Miller3a961dc2003-06-03 10:25:48 +1000767 options.use_dns),
Damien Millerebc23062002-09-04 16:45:09 +1000768 (struct sockaddr *)&from, fromlen);
Damien Miller942da032000-08-18 13:59:06 +1000769
Kevin Steves092f2ef2000-10-14 13:36:13 +0000770#ifdef USE_PAM
771 /*
772 * If password change is needed, do it now.
773 * This needs to occur before the ~/.hushlogin check.
774 */
Darren Tucker1921ed92004-02-10 13:23:28 +1100775 if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) {
776 display_loginmsg();
Kevin Steves092f2ef2000-10-14 13:36:13 +0000777 do_pam_chauthtok();
Darren Tucker1921ed92004-02-10 13:23:28 +1100778 s->authctxt->force_pwchange = 0;
Damien Miller1f499fd2003-08-25 13:08:49 +1000779 /* XXX - signal [net] parent to enable forwardings */
Kevin Steves092f2ef2000-10-14 13:36:13 +0000780 }
781#endif
782
Damien Millercf205e82001-04-16 18:29:15 +1000783 if (check_quietlogin(s, command))
Damien Miller942da032000-08-18 13:59:06 +1000784 return;
785
Darren Tucker1921ed92004-02-10 13:23:28 +1100786 display_loginmsg();
Damien Miller942da032000-08-18 13:59:06 +1000787
Damien Millercf205e82001-04-16 18:29:15 +1000788 do_motd();
789}
790
791/*
792 * Display the message of the day.
793 */
794void
795do_motd(void)
796{
797 FILE *f;
798 char buf[256];
799
Damien Miller942da032000-08-18 13:59:06 +1000800 if (options.print_motd) {
Damien Millerad833b32000-08-23 10:46:23 +1000801#ifdef HAVE_LOGIN_CAP
802 f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
803 "/etc/motd"), "r");
804#else
Damien Miller942da032000-08-18 13:59:06 +1000805 f = fopen("/etc/motd", "r");
Damien Millerad833b32000-08-23 10:46:23 +1000806#endif
Damien Miller942da032000-08-18 13:59:06 +1000807 if (f) {
808 while (fgets(buf, sizeof(buf), f))
809 fputs(buf, stdout);
810 fclose(f);
811 }
812 }
813}
814
Kevin Steves8f63caa2001-07-04 18:23:02 +0000815
816/*
817 * Check for quiet login, either .hushlogin or command given.
818 */
819int
820check_quietlogin(Session *s, const char *command)
821{
822 char buf[256];
823 struct passwd *pw = s->pw;
824 struct stat st;
825
826 /* Return 1 if .hushlogin exists or a command given. */
827 if (command != NULL)
828 return 1;
829 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
830#ifdef HAVE_LOGIN_CAP
831 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
832 return 1;
833#else
834 if (stat(buf, &st) >= 0)
835 return 1;
836#endif
837 return 0;
838}
839
Damien Millerb38eff82000-04-01 11:09:21 +1000840/*
Damien Millerb38eff82000-04-01 11:09:21 +1000841 * Reads environment variables from the given file and adds/overrides them
842 * into the environment. If the file does not exist, this does nothing.
843 * Otherwise, it must consist of empty lines, comments (line starts with '#')
844 * and assignments of the form name=value. No other forms are allowed.
845 */
Ben Lindstrombba81212001-06-25 05:01:22 +0000846static void
Ben Lindstrom46c16222000-12-22 01:43:59 +0000847read_environment_file(char ***env, u_int *envsize,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100848 const char *filename)
Damien Millerb38eff82000-04-01 11:09:21 +1000849{
850 FILE *f;
851 char buf[4096];
852 char *cp, *value;
Damien Miller990070a2002-06-26 23:51:06 +1000853 u_int lineno = 0;
Damien Millerb38eff82000-04-01 11:09:21 +1000854
855 f = fopen(filename, "r");
856 if (!f)
857 return;
858
859 while (fgets(buf, sizeof(buf), f)) {
Damien Miller990070a2002-06-26 23:51:06 +1000860 if (++lineno > 1000)
861 fatal("Too many lines in environment file %s", filename);
Damien Millerb38eff82000-04-01 11:09:21 +1000862 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
863 ;
864 if (!*cp || *cp == '#' || *cp == '\n')
865 continue;
Damien Miller14b017d2007-09-17 16:09:15 +1000866
867 cp[strcspn(cp, "\n")] = '\0';
868
Damien Millerb38eff82000-04-01 11:09:21 +1000869 value = strchr(cp, '=');
870 if (value == NULL) {
Damien Miller990070a2002-06-26 23:51:06 +1000871 fprintf(stderr, "Bad line %u in %.100s\n", lineno,
872 filename);
Damien Millerb38eff82000-04-01 11:09:21 +1000873 continue;
874 }
Damien Millerb1715dc2000-05-30 13:44:51 +1000875 /*
876 * Replace the equals sign by nul, and advance value to
877 * the value string.
878 */
Damien Millerb38eff82000-04-01 11:09:21 +1000879 *value = '\0';
880 value++;
881 child_set_env(env, envsize, cp, value);
882 }
883 fclose(f);
884}
885
Darren Tuckere1a790d2003-09-16 11:52:19 +1000886#ifdef HAVE_ETC_DEFAULT_LOGIN
887/*
888 * Return named variable from specified environment, or NULL if not present.
889 */
890static char *
891child_get_env(char **env, const char *name)
892{
893 int i;
894 size_t len;
895
896 len = strlen(name);
897 for (i=0; env[i] != NULL; i++)
898 if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
899 return(env[i] + len + 1);
900 return NULL;
901}
902
903/*
904 * Read /etc/default/login.
905 * We pick up the PATH (or SUPATH for root) and UMASK.
906 */
907static void
908read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
909{
910 char **tmpenv = NULL, *var;
Darren Tuckerc11b1e82003-09-19 20:56:51 +1000911 u_int i, tmpenvsize = 0;
Darren Tuckerf391ba62003-10-02 20:07:09 +1000912 u_long mask;
Darren Tuckere1a790d2003-09-16 11:52:19 +1000913
914 /*
915 * We don't want to copy the whole file to the child's environment,
916 * so we use a temporary environment and copy the variables we're
917 * interested in.
918 */
919 read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
920
Darren Tuckerc11b1e82003-09-19 20:56:51 +1000921 if (tmpenv == NULL)
922 return;
923
Darren Tuckere1a790d2003-09-16 11:52:19 +1000924 if (uid == 0)
925 var = child_get_env(tmpenv, "SUPATH");
926 else
927 var = child_get_env(tmpenv, "PATH");
928 if (var != NULL)
929 child_set_env(env, envsize, "PATH", var);
Damien Miller787b2ec2003-11-21 23:56:47 +1100930
Darren Tuckere1a790d2003-09-16 11:52:19 +1000931 if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
932 if (sscanf(var, "%5lo", &mask) == 1)
Darren Tuckerf391ba62003-10-02 20:07:09 +1000933 umask((mode_t)mask);
Damien Miller787b2ec2003-11-21 23:56:47 +1100934
Darren Tuckere1a790d2003-09-16 11:52:19 +1000935 for (i = 0; tmpenv[i] != NULL; i++)
Darren Tuckerf60845f2013-06-02 08:07:31 +1000936 free(tmpenv[i]);
937 free(tmpenv);
Darren Tuckere1a790d2003-09-16 11:52:19 +1000938}
939#endif /* HAVE_ETC_DEFAULT_LOGIN */
940
Damien Miller94bc1e72017-07-28 14:50:59 +1000941static void
942copy_environment_blacklist(char **source, char ***env, u_int *envsize,
943 const char *blacklist)
Damien Millerb38eff82000-04-01 11:09:21 +1000944{
Damien Millerbb9ffc12002-01-08 10:59:32 +1100945 char *var_name, *var_val;
Damien Millerb38eff82000-04-01 11:09:21 +1000946 int i;
947
Damien Millerbb9ffc12002-01-08 10:59:32 +1100948 if (source == NULL)
Damien Millerb38eff82000-04-01 11:09:21 +1000949 return;
Kevin Stevesef4eea92001-02-05 12:42:17 +0000950
Damien Millerbb9ffc12002-01-08 10:59:32 +1100951 for(i = 0; source[i] != NULL; i++) {
952 var_name = xstrdup(source[i]);
953 if ((var_val = strstr(var_name, "=")) == NULL) {
Darren Tuckerf60845f2013-06-02 08:07:31 +1000954 free(var_name);
Damien Millerb38eff82000-04-01 11:09:21 +1000955 continue;
Damien Millerb38eff82000-04-01 11:09:21 +1000956 }
Damien Millerbb9ffc12002-01-08 10:59:32 +1100957 *var_val++ = '\0';
958
Damien Miller94bc1e72017-07-28 14:50:59 +1000959 if (blacklist == NULL ||
960 match_pattern_list(var_name, blacklist, 0) != 1) {
961 debug3("Copy environment: %s=%s", var_name, var_val);
962 child_set_env(env, envsize, var_name, var_val);
963 }
Damien Miller787b2ec2003-11-21 23:56:47 +1100964
Darren Tuckerf60845f2013-06-02 08:07:31 +1000965 free(var_name);
Damien Millerb38eff82000-04-01 11:09:21 +1000966 }
967}
Damien Millercb5e44a2000-09-29 12:12:36 +1100968
Damien Miller94bc1e72017-07-28 14:50:59 +1000969void
970copy_environment(char **source, char ***env, u_int *envsize)
971{
972 copy_environment_blacklist(source, env, envsize, NULL);
973}
974
Ben Lindstrom4e97e852002-02-19 21:50:43 +0000975static char **
djm@openbsd.orgdbee4112017-09-12 06:32:07 +0000976do_setup_env(struct ssh *ssh, Session *s, const char *shell)
Damien Millerb38eff82000-04-01 11:09:21 +1000977{
Damien Millerb38eff82000-04-01 11:09:21 +1000978 char buf[256];
djm@openbsd.org7c856852018-03-03 03:15:51 +0000979 size_t n;
Ben Lindstrom4e97e852002-02-19 21:50:43 +0000980 u_int i, envsize;
djm@openbsd.org7c856852018-03-03 03:15:51 +0000981 char *ocp, *cp, **env, *laddr;
Ben Lindstrom4e97e852002-02-19 21:50:43 +0000982 struct passwd *pw = s->pw;
Darren Tucker9d86e5d2009-03-08 11:40:27 +1100983#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
Damien Millerad5ecbf2006-07-24 15:03:06 +1000984 char *path = NULL;
985#endif
Damien Millerb38eff82000-04-01 11:09:21 +1000986
Damien Millerb38eff82000-04-01 11:09:21 +1000987 /* Initialize the environment. */
988 envsize = 100;
Darren Tuckerd8093e42006-05-04 16:24:34 +1000989 env = xcalloc(envsize, sizeof(char *));
Damien Millerb38eff82000-04-01 11:09:21 +1000990 env[0] = NULL;
991
Damien Millerbac2d8a2000-09-05 16:13:06 +1100992#ifdef HAVE_CYGWIN
993 /*
994 * The Windows environment contains some setting which are
995 * important for a running system. They must not be dropped.
996 */
Darren Tucker14c372d2004-08-30 20:42:08 +1000997 {
998 char **p;
999
1000 p = fetch_windows_environment();
1001 copy_environment(p, &env, &envsize);
1002 free_windows_environment(p);
1003 }
Damien Millerbac2d8a2000-09-05 16:13:06 +11001004#endif
1005
Darren Tucker0efd1552003-08-26 11:49:55 +10001006#ifdef GSSAPI
Damien Millera8e06ce2003-11-21 23:48:55 +11001007 /* Allow any GSSAPI methods that we've used to alter
Darren Tucker0efd1552003-08-26 11:49:55 +10001008 * the childs environment as they see fit
1009 */
1010 ssh_gssapi_do_child(&env, &envsize);
1011#endif
1012
djm@openbsd.org83b58182016-08-19 03:18:06 +00001013 /* Set basic environment. */
1014 for (i = 0; i < s->num_env; i++)
1015 child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
Darren Tucker46bc0752004-05-02 22:11:30 +10001016
djm@openbsd.org83b58182016-08-19 03:18:06 +00001017 child_set_env(&env, &envsize, "USER", pw->pw_name);
1018 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
Damien Millerdfedbf82003-01-03 14:52:53 +11001019#ifdef _AIX
djm@openbsd.org83b58182016-08-19 03:18:06 +00001020 child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
Damien Millerdfedbf82003-01-03 14:52:53 +11001021#endif
djm@openbsd.org83b58182016-08-19 03:18:06 +00001022 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
Damien Millerad833b32000-08-23 10:46:23 +10001023#ifdef HAVE_LOGIN_CAP
djm@openbsd.org83b58182016-08-19 03:18:06 +00001024 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
1025 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
1026 else
1027 child_set_env(&env, &envsize, "PATH", getenv("PATH"));
Damien Millercb5e44a2000-09-29 12:12:36 +11001028#else /* HAVE_LOGIN_CAP */
1029# ifndef HAVE_CYGWIN
djm@openbsd.org83b58182016-08-19 03:18:06 +00001030 /*
1031 * There's no standard path on Windows. The path contains
1032 * important components pointing to the system directories,
1033 * needed for loading shared libraries. So the path better
1034 * remains intact here.
1035 */
Darren Tuckere1a790d2003-09-16 11:52:19 +10001036# ifdef HAVE_ETC_DEFAULT_LOGIN
djm@openbsd.org83b58182016-08-19 03:18:06 +00001037 read_etc_default_login(&env, &envsize, pw->pw_uid);
1038 path = child_get_env(env, "PATH");
Darren Tuckere1a790d2003-09-16 11:52:19 +10001039# endif /* HAVE_ETC_DEFAULT_LOGIN */
djm@openbsd.org83b58182016-08-19 03:18:06 +00001040 if (path == NULL || *path == '\0') {
1041 child_set_env(&env, &envsize, "PATH",
1042 s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
1043 }
Damien Millercb5e44a2000-09-29 12:12:36 +11001044# endif /* HAVE_CYGWIN */
1045#endif /* HAVE_LOGIN_CAP */
Damien Millerb38eff82000-04-01 11:09:21 +10001046
djm@openbsd.org83b58182016-08-19 03:18:06 +00001047 snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
1048 child_set_env(&env, &envsize, "MAIL", buf);
Damien Millerb38eff82000-04-01 11:09:21 +10001049
djm@openbsd.org83b58182016-08-19 03:18:06 +00001050 /* Normal systems set SHELL by default. */
1051 child_set_env(&env, &envsize, "SHELL", shell);
1052
Damien Millerb38eff82000-04-01 11:09:21 +10001053 if (getenv("TZ"))
1054 child_set_env(&env, &envsize, "TZ", getenv("TZ"));
1055
djm@openbsd.org7c856852018-03-03 03:15:51 +00001056 /* Set custom environment options from pubkey authentication. */
1057 if (options.permit_user_env) {
1058 for (n = 0 ; n < auth_opts->nenv; n++) {
1059 ocp = xstrdup(auth_opts->env[n]);
1060 cp = strchr(ocp, '=');
1061 if (*cp == '=') {
1062 *cp = '\0';
1063 child_set_env(&env, &envsize, ocp, cp + 1);
1064 }
1065 free(ocp);
Damien Millerb38eff82000-04-01 11:09:21 +10001066 }
Damien Millerb38eff82000-04-01 11:09:21 +10001067 }
1068
Damien Millerf37e2462002-09-19 11:47:55 +10001069 /* SSH_CLIENT deprecated */
Damien Millerb38eff82000-04-01 11:09:21 +10001070 snprintf(buf, sizeof buf, "%.50s %d %d",
djm@openbsd.org95767262016-03-07 19:02:43 +00001071 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1072 ssh_local_port(ssh));
Damien Millerb38eff82000-04-01 11:09:21 +10001073 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1074
Damien Miller00111382003-03-10 11:21:17 +11001075 laddr = get_local_ipaddr(packet_get_connection_in());
Damien Millerf37e2462002-09-19 11:47:55 +10001076 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
djm@openbsd.org95767262016-03-07 19:02:43 +00001077 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1078 laddr, ssh_local_port(ssh));
Darren Tuckera627d422013-06-02 07:31:17 +10001079 free(laddr);
Damien Millerf37e2462002-09-19 11:47:55 +10001080 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1081
djm@openbsd.orgb7548b12017-10-23 05:08:00 +00001082 if (tun_fwd_ifnames != NULL)
1083 child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames);
djm@openbsd.org8f574952017-06-24 06:34:38 +00001084 if (auth_info_file != NULL)
1085 child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file);
Ben Lindstrom86fe8682001-03-17 00:32:57 +00001086 if (s->ttyfd != -1)
1087 child_set_env(&env, &envsize, "SSH_TTY", s->tty);
1088 if (s->term)
1089 child_set_env(&env, &envsize, "TERM", s->term);
1090 if (s->display)
1091 child_set_env(&env, &envsize, "DISPLAY", s->display);
Damien Miller7b28dc52000-09-05 13:34:53 +11001092 if (original_command)
1093 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
1094 original_command);
Damien Millerb38eff82000-04-01 11:09:21 +10001095
Darren Tucker9dc6c7d2005-02-02 18:30:33 +11001096 /*
1097 * Since we clear KRB5CCNAME at startup, if it's set now then it
1098 * must have been set by a native authentication method (eg AIX or
1099 * SIA), so copy it to the child.
1100 */
1101 {
1102 char *cp;
1103
1104 if ((cp = getenv("KRB5CCNAME")) != NULL)
1105 child_set_env(&env, &envsize, "KRB5CCNAME", cp);
1106 }
1107
Damien Millerb38eff82000-04-01 11:09:21 +10001108#ifdef _AIX
Ben Lindstrom839ac4f2002-02-24 20:42:46 +00001109 {
1110 char *cp;
1111
1112 if ((cp = getenv("AUTHSTATE")) != NULL)
1113 child_set_env(&env, &envsize, "AUTHSTATE", cp);
Ben Lindstrom839ac4f2002-02-24 20:42:46 +00001114 read_environment_file(&env, &envsize, "/etc/environment");
1115 }
Damien Millerb38eff82000-04-01 11:09:21 +10001116#endif
Ben Lindstromec95ed92001-07-04 04:21:14 +00001117#ifdef KRB5
Damien Miller9c870f92004-04-16 22:47:55 +10001118 if (s->authctxt->krb5_ccname)
Ben Lindstromec95ed92001-07-04 04:21:14 +00001119 child_set_env(&env, &envsize, "KRB5CCNAME",
Damien Miller9c870f92004-04-16 22:47:55 +10001120 s->authctxt->krb5_ccname);
Ben Lindstromec95ed92001-07-04 04:21:14 +00001121#endif
Damien Millerb38eff82000-04-01 11:09:21 +10001122#ifdef USE_PAM
Kevin Steves38b050a2002-07-23 00:44:07 +00001123 /*
1124 * Pull in any environment variables that may have
1125 * been set by PAM.
1126 */
djm@openbsd.org83b58182016-08-19 03:18:06 +00001127 if (options.use_pam) {
Damien Millerc756e9b2003-11-17 21:41:42 +11001128 char **p;
Damien Miller787b2ec2003-11-21 23:56:47 +11001129
Damien Miller94bc1e72017-07-28 14:50:59 +10001130 /*
1131 * Don't allow SSH_AUTH_INFO variables posted to PAM to leak
1132 * back into the environment.
1133 */
Damien Millerc756e9b2003-11-17 21:41:42 +11001134 p = fetch_pam_child_environment();
Damien Miller94bc1e72017-07-28 14:50:59 +10001135 copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
Damien Millerc756e9b2003-11-17 21:41:42 +11001136 free_pam_environment(p);
Kevin Steves38b050a2002-07-23 00:44:07 +00001137
Damien Millerc756e9b2003-11-17 21:41:42 +11001138 p = fetch_pam_environment();
Damien Miller94bc1e72017-07-28 14:50:59 +10001139 copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
Kevin Steves38b050a2002-07-23 00:44:07 +00001140 free_pam_environment(p);
1141 }
Damien Millerb38eff82000-04-01 11:09:21 +10001142#endif /* USE_PAM */
1143
Ben Lindstrom8bb6f362002-06-11 15:59:02 +00001144 if (auth_sock_name != NULL)
Damien Millerb38eff82000-04-01 11:09:21 +10001145 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
Ben Lindstrom8bb6f362002-06-11 15:59:02 +00001146 auth_sock_name);
Damien Millerb38eff82000-04-01 11:09:21 +10001147
1148 /* read $HOME/.ssh/environment. */
djm@openbsd.org83b58182016-08-19 03:18:06 +00001149 if (options.permit_user_env) {
Damien Millerb1715dc2000-05-30 13:44:51 +10001150 snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
Damien Millere9994cb2002-09-10 21:43:53 +10001151 strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
Damien Millerb38eff82000-04-01 11:09:21 +10001152 read_environment_file(&env, &envsize, buf);
1153 }
1154 if (debug_flag) {
1155 /* dump the environment */
1156 fprintf(stderr, "Environment:\n");
1157 for (i = 0; env[i]; i++)
1158 fprintf(stderr, " %.200s\n", env[i]);
1159 }
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001160 return env;
1161}
1162
1163/*
1164 * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
1165 * first in this order).
1166 */
1167static void
djm@openbsd.org7c856852018-03-03 03:15:51 +00001168do_rc_files(struct ssh *ssh, Session *s, const char *shell)
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001169{
1170 FILE *f = NULL;
1171 char cmd[1024];
1172 int do_xauth;
1173 struct stat st;
1174
1175 do_xauth =
1176 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
1177
Damien Millera1b48cc2008-03-27 11:02:02 +11001178 /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
Damien Miller55360e12008-03-27 11:02:27 +11001179 if (!s->is_subsystem && options.adm_forced_command == NULL &&
djm@openbsd.org7c856852018-03-03 03:15:51 +00001180 auth_opts->permit_user_rc && options.permit_user_rc &&
Damien Miller72e6b5c2014-07-04 09:00:04 +10001181 stat(_PATH_SSH_USER_RC, &st) >= 0) {
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001182 snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
1183 shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
1184 if (debug_flag)
1185 fprintf(stderr, "Running %s\n", cmd);
1186 f = popen(cmd, "w");
1187 if (f) {
1188 if (do_xauth)
1189 fprintf(f, "%s %s\n", s->auth_proto,
1190 s->auth_data);
1191 pclose(f);
1192 } else
1193 fprintf(stderr, "Could not run %s\n",
1194 _PATH_SSH_USER_RC);
1195 } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
1196 if (debug_flag)
1197 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
1198 _PATH_SSH_SYSTEM_RC);
1199 f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
1200 if (f) {
1201 if (do_xauth)
1202 fprintf(f, "%s %s\n", s->auth_proto,
1203 s->auth_data);
1204 pclose(f);
1205 } else
1206 fprintf(stderr, "Could not run %s\n",
1207 _PATH_SSH_SYSTEM_RC);
1208 } else if (do_xauth && options.xauth_location != NULL) {
1209 /* Add authority data to .Xauthority if appropriate. */
1210 if (debug_flag) {
1211 fprintf(stderr,
Ben Lindstrom611797e2002-12-23 02:15:57 +00001212 "Running %.500s remove %.100s\n",
Darren Tucker3e33cec2003-10-02 16:12:36 +10001213 options.xauth_location, s->auth_display);
Ben Lindstrom611797e2002-12-23 02:15:57 +00001214 fprintf(stderr,
1215 "%.500s add %.100s %.100s %.100s\n",
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001216 options.xauth_location, s->auth_display,
1217 s->auth_proto, s->auth_data);
1218 }
1219 snprintf(cmd, sizeof cmd, "%s -q -",
1220 options.xauth_location);
1221 f = popen(cmd, "w");
1222 if (f) {
Ben Lindstrom611797e2002-12-23 02:15:57 +00001223 fprintf(f, "remove %s\n",
1224 s->auth_display);
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001225 fprintf(f, "add %s %s %s\n",
1226 s->auth_display, s->auth_proto,
1227 s->auth_data);
1228 pclose(f);
1229 } else {
1230 fprintf(stderr, "Could not run %s\n",
1231 cmd);
1232 }
1233 }
1234}
1235
1236static void
1237do_nologin(struct passwd *pw)
1238{
1239 FILE *f = NULL;
Darren Tucker09aa4c02010-01-12 19:51:48 +11001240 char buf[1024], *nl, *def_nl = _PATH_NOLOGIN;
1241 struct stat sb;
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001242
1243#ifdef HAVE_LOGIN_CAP
Damien Miller29cd1882012-04-22 11:08:10 +10001244 if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
Darren Tucker09aa4c02010-01-12 19:51:48 +11001245 return;
1246 nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001247#else
Darren Tucker09aa4c02010-01-12 19:51:48 +11001248 if (pw->pw_uid == 0)
1249 return;
1250 nl = def_nl;
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001251#endif
Darren Tucker09aa4c02010-01-12 19:51:48 +11001252 if (stat(nl, &sb) == -1) {
1253 if (nl != def_nl)
Darren Tuckera627d422013-06-02 07:31:17 +10001254 free(nl);
Darren Tucker09aa4c02010-01-12 19:51:48 +11001255 return;
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001256 }
Darren Tucker09aa4c02010-01-12 19:51:48 +11001257
1258 /* /etc/nologin exists. Print its contents if we can and exit. */
1259 logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
1260 if ((f = fopen(nl, "r")) != NULL) {
Darren Tucker19edfd42018-02-13 08:25:46 +11001261 while (fgets(buf, sizeof(buf), f))
1262 fputs(buf, stderr);
1263 fclose(f);
1264 }
Darren Tucker09aa4c02010-01-12 19:51:48 +11001265 exit(254);
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001266}
1267
Damien Millerd8cb1f12008-02-10 22:40:12 +11001268/*
1269 * Chroot into a directory after checking it for safety: all path components
1270 * must be root-owned directories with strict permissions.
1271 */
1272static void
1273safely_chroot(const char *path, uid_t uid)
1274{
1275 const char *cp;
deraadt@openbsd.org2ae4f332015-01-16 06:40:12 +00001276 char component[PATH_MAX];
Damien Millerd8cb1f12008-02-10 22:40:12 +11001277 struct stat st;
1278
1279 if (*path != '/')
1280 fatal("chroot path does not begin at root");
1281 if (strlen(path) >= sizeof(component))
1282 fatal("chroot path too long");
1283
1284 /*
1285 * Descend the path, checking that each component is a
1286 * root-owned directory with strict permissions.
1287 */
1288 for (cp = path; cp != NULL;) {
1289 if ((cp = strchr(cp, '/')) == NULL)
1290 strlcpy(component, path, sizeof(component));
1291 else {
1292 cp++;
1293 memcpy(component, path, cp - path);
1294 component[cp - path] = '\0';
1295 }
1296
1297 debug3("%s: checking '%s'", __func__, component);
1298
1299 if (stat(component, &st) != 0)
1300 fatal("%s: stat(\"%s\"): %s", __func__,
1301 component, strerror(errno));
1302 if (st.st_uid != 0 || (st.st_mode & 022) != 0)
1303 fatal("bad ownership or modes for chroot "
1304 "directory %s\"%s\"",
1305 cp == NULL ? "" : "component ", component);
1306 if (!S_ISDIR(st.st_mode))
1307 fatal("chroot path %s\"%s\" is not a directory",
1308 cp == NULL ? "" : "component ", component);
1309
1310 }
1311
1312 if (chdir(path) == -1)
1313 fatal("Unable to chdir to chroot path \"%s\": "
1314 "%s", path, strerror(errno));
1315 if (chroot(path) == -1)
1316 fatal("chroot(\"%s\"): %s", path, strerror(errno));
1317 if (chdir("/") == -1)
1318 fatal("%s: chdir(/) after chroot: %s",
1319 __func__, strerror(errno));
1320 verbose("Changed root directory to \"%s\"", path);
1321}
1322
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001323/* Set login name, uid, gid, and groups. */
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00001324void
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001325do_setusercontext(struct passwd *pw)
1326{
Damien Miller54e37732008-02-10 22:48:55 +11001327 char *chroot_path, *tmp;
1328
Darren Tucker97528352010-11-05 12:03:05 +11001329 platform_setusercontext(pw);
1330
Darren Tuckerb12fe272010-11-05 14:47:01 +11001331 if (platform_privileged_uidswap()) {
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001332#ifdef HAVE_LOGIN_CAP
1333 if (setusercontext(lc, pw, pw->pw_uid,
Damien Millerd8cb1f12008-02-10 22:40:12 +11001334 (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001335 perror("unable to set user context");
1336 exit(1);
1337 }
1338#else
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001339 if (setlogin(pw->pw_name) < 0)
1340 error("setlogin failed: %s", strerror(errno));
1341 if (setgid(pw->pw_gid) < 0) {
1342 perror("setgid");
1343 exit(1);
1344 }
1345 /* Initialize the group list. */
1346 if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
1347 perror("initgroups");
1348 exit(1);
1349 }
1350 endgrent();
Damien Millerd8cb1f12008-02-10 22:40:12 +11001351#endif
1352
Darren Tucker920612e2010-11-05 12:36:15 +11001353 platform_setusercontext_post_groups(pw);
Damien Miller8b906422010-03-26 11:04:09 +11001354
djm@openbsd.org44fc7cd2015-10-24 22:52:22 +00001355 if (!in_chroot && options.chroot_directory != NULL &&
Damien Millerd8cb1f12008-02-10 22:40:12 +11001356 strcasecmp(options.chroot_directory, "none") != 0) {
Damien Miller54e37732008-02-10 22:48:55 +11001357 tmp = tilde_expand_filename(options.chroot_directory,
1358 pw->pw_uid);
1359 chroot_path = percent_expand(tmp, "h", pw->pw_dir,
1360 "u", pw->pw_name, (char *)NULL);
Damien Millerd8cb1f12008-02-10 22:40:12 +11001361 safely_chroot(chroot_path, pw->pw_uid);
Damien Miller54e37732008-02-10 22:48:55 +11001362 free(tmp);
Damien Millerd8cb1f12008-02-10 22:40:12 +11001363 free(chroot_path);
Damien Millera56086b2013-04-23 15:24:18 +10001364 /* Make sure we don't attempt to chroot again */
1365 free(options.chroot_directory);
1366 options.chroot_directory = NULL;
djm@openbsd.org44fc7cd2015-10-24 22:52:22 +00001367 in_chroot = 1;
Damien Millerd8cb1f12008-02-10 22:40:12 +11001368 }
1369
1370#ifdef HAVE_LOGIN_CAP
1371 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
1372 perror("unable to set user context (setuser)");
1373 exit(1);
1374 }
Damien Miller58528402013-03-15 11:22:37 +11001375 /*
1376 * FreeBSD's setusercontext() will not apply the user's
1377 * own umask setting unless running with the user's UID.
1378 */
1379 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
Damien Millerd8cb1f12008-02-10 22:40:12 +11001380#else
Tim Rice9464ba62014-01-20 17:59:28 -08001381# ifdef USE_LIBIAF
djm@openbsd.org44fc7cd2015-10-24 22:52:22 +00001382 /*
1383 * In a chroot environment, the set_id() will always fail;
1384 * typically because of the lack of necessary authentication
1385 * services and runtime such as ./usr/lib/libiaf.so,
1386 * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the
1387 * internal sftp chroot case. We'll lose auditing and ACLs but
1388 * permanently_set_uid will take care of the rest.
1389 */
1390 if (!in_chroot && set_id(pw->pw_name) != 0)
1391 fatal("set_id(%s) Failed", pw->pw_name);
Tim Rice9464ba62014-01-20 17:59:28 -08001392# endif /* USE_LIBIAF */
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001393 /* Permanently switch to the desired uid. */
1394 permanently_set_uid(pw);
1395#endif
Damien Millera56086b2013-04-23 15:24:18 +10001396 } else if (options.chroot_directory != NULL &&
1397 strcasecmp(options.chroot_directory, "none") != 0) {
1398 fatal("server lacks privileges to chroot to ChrootDirectory");
Damien Millerf1a02ae2013-04-23 15:22:13 +10001399 }
Damien Miller1a3ccb02003-02-24 13:04:01 +11001400
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001401 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
1402 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
1403}
1404
Ben Lindstrom08105192002-03-22 02:50:06 +00001405static void
Darren Tucker23bc8d02004-02-06 16:24:31 +11001406do_pwchange(Session *s)
1407{
Darren Tucker09991742004-07-17 17:05:14 +10001408 fflush(NULL);
Darren Tucker23bc8d02004-02-06 16:24:31 +11001409 fprintf(stderr, "WARNING: Your password has expired.\n");
1410 if (s->ttyfd != -1) {
Darren Tuckerfc959702004-07-17 16:12:08 +10001411 fprintf(stderr,
Darren Tucker23bc8d02004-02-06 16:24:31 +11001412 "You must change your password now and login again!\n");
Damien Miller14684a12011-05-20 11:23:07 +10001413#ifdef WITH_SELINUX
1414 setexeccon(NULL);
1415#endif
Darren Tucker33370e02005-02-09 22:17:28 +11001416#ifdef PASSWD_NEEDS_USERNAME
1417 execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
1418 (char *)NULL);
1419#else
Darren Tucker23bc8d02004-02-06 16:24:31 +11001420 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
Darren Tucker33370e02005-02-09 22:17:28 +11001421#endif
Darren Tucker23bc8d02004-02-06 16:24:31 +11001422 perror("passwd");
1423 } else {
1424 fprintf(stderr,
1425 "Password change required but no TTY available.\n");
1426 }
1427 exit(1);
1428}
1429
1430static void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001431child_close_fds(struct ssh *ssh)
Darren Tucker23bc8d02004-02-06 16:24:31 +11001432{
djm@openbsd.org141efe42015-01-14 20:05:27 +00001433 extern int auth_sock;
Damien Miller85b45e02013-07-20 13:21:52 +10001434
djm@openbsd.org141efe42015-01-14 20:05:27 +00001435 if (auth_sock != -1) {
1436 close(auth_sock);
1437 auth_sock = -1;
Damien Miller85b45e02013-07-20 13:21:52 +10001438 }
1439
Darren Tucker23bc8d02004-02-06 16:24:31 +11001440 if (packet_get_connection_in() == packet_get_connection_out())
1441 close(packet_get_connection_in());
1442 else {
1443 close(packet_get_connection_in());
1444 close(packet_get_connection_out());
1445 }
1446 /*
1447 * Close all descriptors related to channels. They will still remain
1448 * open in the parent.
1449 */
1450 /* XXX better use close-on-exec? -markus */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001451 channel_close_all(ssh);
Darren Tucker23bc8d02004-02-06 16:24:31 +11001452
1453 /*
1454 * Close any extra file descriptors. Note that there may still be
1455 * descriptors left by system functions. They will be closed later.
1456 */
1457 endpwent();
1458
1459 /*
Damien Miller788f2122005-11-05 15:14:59 +11001460 * Close any extra open file descriptors so that we don't have them
Darren Tucker23bc8d02004-02-06 16:24:31 +11001461 * hanging around in clients. Note that we want to do this after
1462 * initgroups, because at least on Solaris 2.3 it leaves file
1463 * descriptors open.
1464 */
Damien Millerf80c3de2010-12-01 12:02:59 +11001465 closefrom(STDERR_FILENO + 1);
Darren Tucker23bc8d02004-02-06 16:24:31 +11001466}
1467
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001468/*
1469 * Performs common processing for the child, such as setting up the
1470 * environment, closing extra file descriptors, setting the user and group
1471 * ids, and executing the command or shell.
1472 */
Damien Millerdfc24252008-02-10 22:29:40 +11001473#define ARGV_MAX 10
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001474void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001475do_child(struct ssh *ssh, Session *s, const char *command)
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001476{
1477 extern char **environ;
1478 char **env;
Damien Millerdfc24252008-02-10 22:29:40 +11001479 char *argv[ARGV_MAX];
djm@openbsd.org83b58182016-08-19 03:18:06 +00001480 const char *shell, *shell0;
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001481 struct passwd *pw = s->pw;
Damien Miller6051c942008-06-16 07:53:16 +10001482 int r = 0;
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001483
1484 /* remove hostkey from the child's memory */
1485 destroy_sensitive_data();
markus@openbsd.org1e0cdf82017-05-31 08:09:45 +00001486 packet_clear_keys();
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001487
Darren Tucker23bc8d02004-02-06 16:24:31 +11001488 /* Force a password change */
1489 if (s->authctxt->force_pwchange) {
1490 do_setusercontext(pw);
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001491 child_close_fds(ssh);
Darren Tucker23bc8d02004-02-06 16:24:31 +11001492 do_pwchange(s);
1493 exit(1);
1494 }
1495
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001496 /*
1497 * Login(1) does this as well, and it needs uid 0 for the "-h"
1498 * switch, so we let login(1) to this for us.
1499 */
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001500#ifdef HAVE_OSF_SIA
djm@openbsd.org83b58182016-08-19 03:18:06 +00001501 session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
1502 if (!check_quietlogin(s, command))
1503 do_motd();
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001504#else /* HAVE_OSF_SIA */
djm@openbsd.org83b58182016-08-19 03:18:06 +00001505 /* When PAM is enabled we rely on it to do the nologin check */
1506 if (!options.use_pam)
1507 do_nologin(pw);
1508 do_setusercontext(pw);
1509 /*
1510 * PAM session modules in do_setusercontext may have
1511 * generated messages, so if this in an interactive
1512 * login then display them too.
1513 */
1514 if (!check_quietlogin(s, command))
1515 display_loginmsg();
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001516#endif /* HAVE_OSF_SIA */
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001517
Darren Tucker69687f42004-09-11 22:17:26 +10001518#ifdef USE_PAM
djm@openbsd.org83b58182016-08-19 03:18:06 +00001519 if (options.use_pam && !is_pam_session_open()) {
Darren Tucker48554152005-04-21 19:50:55 +10001520 debug3("PAM session not opened, exiting");
Darren Tucker69687f42004-09-11 22:17:26 +10001521 display_loginmsg();
1522 exit(254);
1523 }
1524#endif
1525
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001526 /*
1527 * Get the shell from the password data. An empty shell field is
1528 * legal, and means /bin/sh.
1529 */
1530 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
Ben Lindstrom46767602002-12-23 02:26:08 +00001531
1532 /*
1533 * Make sure $SHELL points to the shell from the password file,
1534 * even if shell is overridden from login.conf
1535 */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001536 env = do_setup_env(ssh, s, shell);
Ben Lindstrom46767602002-12-23 02:26:08 +00001537
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001538#ifdef HAVE_LOGIN_CAP
1539 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
1540#endif
1541
Damien Millerb38eff82000-04-01 11:09:21 +10001542 /*
1543 * Close the connection descriptors; note that this is the child, and
1544 * the server will still have the socket open, and it is important
1545 * that we do not shutdown it. Note that the descriptors cannot be
1546 * closed before building the environment, as we call
djm@openbsd.org95767262016-03-07 19:02:43 +00001547 * ssh_remote_ipaddr there.
Damien Millerb38eff82000-04-01 11:09:21 +10001548 */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001549 child_close_fds(ssh);
Damien Millerb38eff82000-04-01 11:09:21 +10001550
Damien Millerb38eff82000-04-01 11:09:21 +10001551 /*
Damien Miller05eda432002-02-10 18:32:28 +11001552 * Must take new environment into use so that .ssh/rc,
1553 * /etc/ssh/sshrc and xauth are run in the proper environment.
Damien Millerb38eff82000-04-01 11:09:21 +10001554 */
1555 environ = env;
1556
Darren Tucker3c78c5e2004-01-23 22:03:10 +11001557#if defined(KRB5) && defined(USE_AFS)
Darren Tucker22ef5082003-12-31 11:37:34 +11001558 /*
1559 * At this point, we check to see if AFS is active and if we have
1560 * a valid Kerberos 5 TGT. If so, it seems like a good idea to see
1561 * if we can (and need to) extend the ticket into an AFS token. If
1562 * we don't do this, we run into potential problems if the user's
1563 * home directory is in AFS and it's not world-readable.
1564 */
1565
1566 if (options.kerberos_get_afs_token && k_hasafs() &&
Damien Miller0dc1bef2005-07-17 17:22:45 +10001567 (s->authctxt->krb5_ctx != NULL)) {
Darren Tucker22ef5082003-12-31 11:37:34 +11001568 char cell[64];
1569
1570 debug("Getting AFS token");
1571
1572 k_setpag();
1573
1574 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
1575 krb5_afslog(s->authctxt->krb5_ctx,
1576 s->authctxt->krb5_fwd_ccache, cell, NULL);
1577
1578 krb5_afslog_home(s->authctxt->krb5_ctx,
1579 s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir);
1580 }
1581#endif
1582
Damien Miller788f2122005-11-05 15:14:59 +11001583 /* Change current directory to the user's home directory. */
Damien Miller139d4cd2001-10-10 15:07:44 +10001584 if (chdir(pw->pw_dir) < 0) {
Damien Miller6051c942008-06-16 07:53:16 +10001585 /* Suppress missing homedir warning for chroot case */
Damien Miller139d4cd2001-10-10 15:07:44 +10001586#ifdef HAVE_LOGIN_CAP
Damien Miller6051c942008-06-16 07:53:16 +10001587 r = login_getcapbool(lc, "requirehome", 0);
Damien Miller139d4cd2001-10-10 15:07:44 +10001588#endif
djm@openbsd.org44fc7cd2015-10-24 22:52:22 +00001589 if (r || !in_chroot) {
Damien Miller6051c942008-06-16 07:53:16 +10001590 fprintf(stderr, "Could not chdir to home "
1591 "directory %s: %s\n", pw->pw_dir,
1592 strerror(errno));
djm@openbsd.org44fc7cd2015-10-24 22:52:22 +00001593 }
Damien Miller6051c942008-06-16 07:53:16 +10001594 if (r)
1595 exit(1);
Damien Miller139d4cd2001-10-10 15:07:44 +10001596 }
1597
Damien Millera1939002008-03-15 17:27:58 +11001598 closefrom(STDERR_FILENO + 1);
1599
djm@openbsd.org7c856852018-03-03 03:15:51 +00001600 do_rc_files(ssh, s, shell);
Ben Lindstromde71cda2001-03-24 00:43:26 +00001601
1602 /* restore SIGPIPE for child */
Damien Miller9ab00b42006-08-05 12:40:11 +10001603 signal(SIGPIPE, SIG_DFL);
Ben Lindstromde71cda2001-03-24 00:43:26 +00001604
Darren Tuckerd6b06a92010-01-08 17:09:11 +11001605 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
1606 printf("This service allows sftp connections only.\n");
1607 fflush(NULL);
1608 exit(1);
1609 } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
Damien Millerdfc24252008-02-10 22:29:40 +11001610 extern int optind, optreset;
1611 int i;
1612 char *p, *args;
1613
Darren Tuckerac46a912009-06-21 17:55:23 +10001614 setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
Damien Millerd58f5602008-11-03 19:20:49 +11001615 args = xstrdup(command ? command : "sftp-server");
Damien Millerdfc24252008-02-10 22:29:40 +11001616 for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
1617 if (i < ARGV_MAX - 1)
1618 argv[i++] = p;
1619 argv[i] = NULL;
1620 optind = optreset = 1;
1621 __progname = argv[0];
Darren Tucker4d6656b2009-10-24 15:04:12 +11001622#ifdef WITH_SELINUX
1623 ssh_selinux_change_context("sftpd_t");
1624#endif
Damien Millerd8cb1f12008-02-10 22:40:12 +11001625 exit(sftp_server_main(i, argv, s->pw));
Damien Millerdfc24252008-02-10 22:29:40 +11001626 }
1627
Darren Tucker695ed392009-10-07 09:02:18 +11001628 fflush(NULL);
1629
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001630 /* Get the last component of the shell name. */
1631 if ((shell0 = strrchr(shell, '/')) != NULL)
1632 shell0++;
1633 else
1634 shell0 = shell;
1635
Damien Millerb38eff82000-04-01 11:09:21 +10001636 /*
1637 * If we have no command, execute the shell. In this case, the shell
1638 * name to be passed in argv[0] is preceded by '-' to indicate that
1639 * this is a login shell.
1640 */
1641 if (!command) {
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001642 char argv0[256];
Damien Millerb38eff82000-04-01 11:09:21 +10001643
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001644 /* Start the shell. Set initial character to '-'. */
1645 argv0[0] = '-';
Damien Millerb38eff82000-04-01 11:09:21 +10001646
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001647 if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
1648 >= sizeof(argv0) - 1) {
1649 errno = EINVAL;
Damien Millerb38eff82000-04-01 11:09:21 +10001650 perror(shell);
1651 exit(1);
Damien Millerb38eff82000-04-01 11:09:21 +10001652 }
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001653
1654 /* Execute the shell. */
1655 argv[0] = argv0;
1656 argv[1] = NULL;
1657 execve(shell, argv, env);
1658
1659 /* Executing the shell failed. */
1660 perror(shell);
1661 exit(1);
Damien Millerb38eff82000-04-01 11:09:21 +10001662 }
1663 /*
1664 * Execute the command using the user's shell. This uses the -c
1665 * option to execute the command.
1666 */
Ben Lindstrom4e97e852002-02-19 21:50:43 +00001667 argv[0] = (char *) shell0;
Damien Millerb38eff82000-04-01 11:09:21 +10001668 argv[1] = "-c";
1669 argv[2] = (char *) command;
1670 argv[3] = NULL;
1671 execve(shell, argv, env);
1672 perror(shell);
1673 exit(1);
1674}
1675
Damien Miller7207f642008-05-19 15:34:50 +10001676void
1677session_unused(int id)
1678{
1679 debug3("%s: session id %d unused", __func__, id);
1680 if (id >= options.max_sessions ||
1681 id >= sessions_nalloc) {
1682 fatal("%s: insane session id %d (max %d nalloc %d)",
1683 __func__, id, options.max_sessions, sessions_nalloc);
1684 }
Damien Miller1d2c4562014-02-04 11:18:20 +11001685 memset(&sessions[id], 0, sizeof(*sessions));
Damien Miller7207f642008-05-19 15:34:50 +10001686 sessions[id].self = id;
1687 sessions[id].used = 0;
1688 sessions[id].chanid = -1;
1689 sessions[id].ptyfd = -1;
1690 sessions[id].ttyfd = -1;
1691 sessions[id].ptymaster = -1;
1692 sessions[id].x11_chanids = NULL;
1693 sessions[id].next_unused = sessions_first_unused;
1694 sessions_first_unused = id;
1695}
1696
Damien Millerb38eff82000-04-01 11:09:21 +10001697Session *
1698session_new(void)
1699{
Damien Miller7207f642008-05-19 15:34:50 +10001700 Session *s, *tmp;
1701
1702 if (sessions_first_unused == -1) {
1703 if (sessions_nalloc >= options.max_sessions)
1704 return NULL;
1705 debug2("%s: allocate (allocated %d max %d)",
1706 __func__, sessions_nalloc, options.max_sessions);
deraadt@openbsd.org9e509d42017-05-31 09:15:42 +00001707 tmp = xrecallocarray(sessions, sessions_nalloc,
1708 sessions_nalloc + 1, sizeof(*sessions));
Damien Miller7207f642008-05-19 15:34:50 +10001709 if (tmp == NULL) {
1710 error("%s: cannot allocate %d sessions",
1711 __func__, sessions_nalloc + 1);
1712 return NULL;
Damien Millerb38eff82000-04-01 11:09:21 +10001713 }
Damien Miller7207f642008-05-19 15:34:50 +10001714 sessions = tmp;
1715 session_unused(sessions_nalloc++);
Damien Millerb38eff82000-04-01 11:09:21 +10001716 }
Damien Miller7207f642008-05-19 15:34:50 +10001717
1718 if (sessions_first_unused >= sessions_nalloc ||
1719 sessions_first_unused < 0) {
1720 fatal("%s: insane first_unused %d max %d nalloc %d",
1721 __func__, sessions_first_unused, options.max_sessions,
1722 sessions_nalloc);
Damien Millerb38eff82000-04-01 11:09:21 +10001723 }
Damien Miller7207f642008-05-19 15:34:50 +10001724
1725 s = &sessions[sessions_first_unused];
1726 if (s->used) {
1727 fatal("%s: session %d already used",
1728 __func__, sessions_first_unused);
1729 }
1730 sessions_first_unused = s->next_unused;
1731 s->used = 1;
1732 s->next_unused = -1;
1733 debug("session_new: session %d", s->self);
1734
1735 return s;
Damien Millerb38eff82000-04-01 11:09:21 +10001736}
1737
Ben Lindstrombba81212001-06-25 05:01:22 +00001738static void
Damien Millerb38eff82000-04-01 11:09:21 +10001739session_dump(void)
1740{
1741 int i;
Damien Miller7207f642008-05-19 15:34:50 +10001742 for (i = 0; i < sessions_nalloc; i++) {
Damien Millerb38eff82000-04-01 11:09:21 +10001743 Session *s = &sessions[i];
Damien Miller7207f642008-05-19 15:34:50 +10001744
1745 debug("dump: used %d next_unused %d session %d %p "
1746 "channel %d pid %ld",
Damien Millerb38eff82000-04-01 11:09:21 +10001747 s->used,
Damien Miller7207f642008-05-19 15:34:50 +10001748 s->next_unused,
Damien Millerb38eff82000-04-01 11:09:21 +10001749 s->self,
1750 s,
1751 s->chanid,
Ben Lindstromce0f6342002-06-11 16:42:49 +00001752 (long)s->pid);
Damien Millerb38eff82000-04-01 11:09:21 +10001753 }
1754}
1755
Damien Millerefb4afe2000-04-12 18:45:05 +10001756int
Ben Lindstrombddd5512001-07-04 04:53:53 +00001757session_open(Authctxt *authctxt, int chanid)
Damien Millerefb4afe2000-04-12 18:45:05 +10001758{
1759 Session *s = session_new();
1760 debug("session_open: channel %d", chanid);
1761 if (s == NULL) {
1762 error("no more sessions");
1763 return 0;
1764 }
Ben Lindstrombddd5512001-07-04 04:53:53 +00001765 s->authctxt = authctxt;
1766 s->pw = authctxt->pw;
Damien Miller3e3b5142003-11-17 21:13:40 +11001767 if (s->pw == NULL || !authctxt->valid)
Kevin Steves43cdef32001-02-11 14:12:08 +00001768 fatal("no user for session %d", s->self);
Damien Millerbd483e72000-04-30 10:00:53 +10001769 debug("session_open: session %d: link with channel %d", s->self, chanid);
1770 s->chanid = chanid;
Damien Millerefb4afe2000-04-12 18:45:05 +10001771 return 1;
1772}
1773
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00001774Session *
1775session_by_tty(char *tty)
1776{
1777 int i;
Damien Miller7207f642008-05-19 15:34:50 +10001778 for (i = 0; i < sessions_nalloc; i++) {
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00001779 Session *s = &sessions[i];
1780 if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
1781 debug("session_by_tty: session %d tty %s", i, tty);
1782 return s;
1783 }
1784 }
1785 debug("session_by_tty: unknown tty %.100s", tty);
1786 session_dump();
1787 return NULL;
1788}
1789
Ben Lindstrombba81212001-06-25 05:01:22 +00001790static Session *
Damien Millerefb4afe2000-04-12 18:45:05 +10001791session_by_channel(int id)
1792{
1793 int i;
Damien Miller7207f642008-05-19 15:34:50 +10001794 for (i = 0; i < sessions_nalloc; i++) {
Damien Millerefb4afe2000-04-12 18:45:05 +10001795 Session *s = &sessions[i];
1796 if (s->used && s->chanid == id) {
Damien Miller7207f642008-05-19 15:34:50 +10001797 debug("session_by_channel: session %d channel %d",
1798 i, id);
Damien Millerefb4afe2000-04-12 18:45:05 +10001799 return s;
1800 }
1801 }
1802 debug("session_by_channel: unknown channel %d", id);
1803 session_dump();
1804 return NULL;
1805}
1806
Ben Lindstrombba81212001-06-25 05:01:22 +00001807static Session *
Damien Miller2b9b0452005-07-17 17:19:24 +10001808session_by_x11_channel(int id)
1809{
1810 int i, j;
1811
Damien Miller7207f642008-05-19 15:34:50 +10001812 for (i = 0; i < sessions_nalloc; i++) {
Damien Miller2b9b0452005-07-17 17:19:24 +10001813 Session *s = &sessions[i];
1814
1815 if (s->x11_chanids == NULL || !s->used)
1816 continue;
1817 for (j = 0; s->x11_chanids[j] != -1; j++) {
1818 if (s->x11_chanids[j] == id) {
1819 debug("session_by_x11_channel: session %d "
1820 "channel %d", s->self, id);
1821 return s;
1822 }
1823 }
1824 }
1825 debug("session_by_x11_channel: unknown channel %d", id);
1826 session_dump();
1827 return NULL;
1828}
1829
1830static Session *
Damien Millerefb4afe2000-04-12 18:45:05 +10001831session_by_pid(pid_t pid)
1832{
1833 int i;
Ben Lindstromce0f6342002-06-11 16:42:49 +00001834 debug("session_by_pid: pid %ld", (long)pid);
Damien Miller7207f642008-05-19 15:34:50 +10001835 for (i = 0; i < sessions_nalloc; i++) {
Damien Millerefb4afe2000-04-12 18:45:05 +10001836 Session *s = &sessions[i];
1837 if (s->used && s->pid == pid)
1838 return s;
1839 }
Ben Lindstromce0f6342002-06-11 16:42:49 +00001840 error("session_by_pid: unknown pid %ld", (long)pid);
Damien Millerefb4afe2000-04-12 18:45:05 +10001841 session_dump();
1842 return NULL;
1843}
1844
Ben Lindstrombba81212001-06-25 05:01:22 +00001845static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001846session_window_change_req(struct ssh *ssh, Session *s)
Damien Millerefb4afe2000-04-12 18:45:05 +10001847{
1848 s->col = packet_get_int();
1849 s->row = packet_get_int();
1850 s->xpixel = packet_get_int();
1851 s->ypixel = packet_get_int();
Damien Miller48b03fc2002-01-22 23:11:40 +11001852 packet_check_eom();
Damien Millerefb4afe2000-04-12 18:45:05 +10001853 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1854 return 1;
1855}
1856
Ben Lindstrombba81212001-06-25 05:01:22 +00001857static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001858session_pty_req(struct ssh *ssh, Session *s)
Damien Millerefb4afe2000-04-12 18:45:05 +10001859{
Ben Lindstrom46c16222000-12-22 01:43:59 +00001860 u_int len;
Ben Lindstromae8e2d32001-04-14 23:13:02 +00001861 int n_bytes;
Ben Lindstrom6328ab32002-03-22 02:54:23 +00001862
djm@openbsd.org7c856852018-03-03 03:15:51 +00001863 if (!auth_opts->permit_pty_flag || !options.permit_tty) {
1864 debug("Allocating a pty not permitted for this connection.");
Damien Millerf6d9e222000-06-18 14:50:44 +10001865 return 0;
Ben Lindstrom49c12602001-06-13 04:37:36 +00001866 }
1867 if (s->ttyfd != -1) {
1868 packet_disconnect("Protocol error: you already have a pty.");
Damien Miller4af51302000-04-16 11:18:38 +10001869 return 0;
Ben Lindstrom49c12602001-06-13 04:37:36 +00001870 }
1871
Damien Millerefb4afe2000-04-12 18:45:05 +10001872 s->term = packet_get_string(&len);
markus@openbsd.org6cb6dcf2016-08-13 17:47:40 +00001873 s->col = packet_get_int();
1874 s->row = packet_get_int();
Damien Millerefb4afe2000-04-12 18:45:05 +10001875 s->xpixel = packet_get_int();
1876 s->ypixel = packet_get_int();
1877
1878 if (strcmp(s->term, "") == 0) {
Darren Tuckera627d422013-06-02 07:31:17 +10001879 free(s->term);
Damien Millerefb4afe2000-04-12 18:45:05 +10001880 s->term = NULL;
1881 }
Ben Lindstrom49c12602001-06-13 04:37:36 +00001882
Damien Millerefb4afe2000-04-12 18:45:05 +10001883 /* Allocate a pty and open it. */
Ben Lindstrom49c12602001-06-13 04:37:36 +00001884 debug("Allocating pty.");
Damien Miller7207f642008-05-19 15:34:50 +10001885 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
1886 sizeof(s->tty)))) {
Darren Tuckera627d422013-06-02 07:31:17 +10001887 free(s->term);
Damien Millerefb4afe2000-04-12 18:45:05 +10001888 s->term = NULL;
1889 s->ptyfd = -1;
1890 s->ttyfd = -1;
1891 error("session_pty_req: session %d alloc failed", s->self);
Damien Miller4af51302000-04-16 11:18:38 +10001892 return 0;
Damien Millerefb4afe2000-04-12 18:45:05 +10001893 }
1894 debug("session_pty_req: session %d alloc %s", s->self, s->tty);
Ben Lindstrom49c12602001-06-13 04:37:36 +00001895
markus@openbsd.org6cb6dcf2016-08-13 17:47:40 +00001896 n_bytes = packet_remaining();
Ben Lindstrom49c12602001-06-13 04:37:36 +00001897 tty_parse_modes(s->ttyfd, &n_bytes);
1898
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00001899 if (!use_privsep)
1900 pty_setowner(s->pw, s->tty);
Ben Lindstrom49c12602001-06-13 04:37:36 +00001901
1902 /* Set window size from the packet. */
Damien Millerefb4afe2000-04-12 18:45:05 +10001903 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1904
Damien Miller48b03fc2002-01-22 23:11:40 +11001905 packet_check_eom();
Damien Millere247cc42000-05-07 12:03:14 +10001906 session_proctitle(s);
Damien Millerefb4afe2000-04-12 18:45:05 +10001907 return 1;
1908}
1909
Ben Lindstrombba81212001-06-25 05:01:22 +00001910static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001911session_subsystem_req(struct ssh *ssh, Session *s)
Damien Millerbd483e72000-04-30 10:00:53 +10001912{
Damien Millerae452462001-10-10 15:08:06 +10001913 struct stat st;
Ben Lindstrom46c16222000-12-22 01:43:59 +00001914 u_int len;
Damien Millerbd483e72000-04-30 10:00:53 +10001915 int success = 0;
Damien Miller71df7522013-10-15 12:12:02 +11001916 char *prog, *cmd;
Damien Millereccb9de2005-06-17 12:59:34 +10001917 u_int i;
Damien Millerbd483e72000-04-30 10:00:53 +10001918
Damien Miller71df7522013-10-15 12:12:02 +11001919 s->subsys = packet_get_string(&len);
Damien Miller48b03fc2002-01-22 23:11:40 +11001920 packet_check_eom();
Damien Miller71df7522013-10-15 12:12:02 +11001921 debug2("subsystem request for %.100s by user %s", s->subsys,
Damien Miller1b2b61e2010-06-26 09:47:43 +10001922 s->pw->pw_name);
Damien Millerbd483e72000-04-30 10:00:53 +10001923
Damien Millerf6d9e222000-06-18 14:50:44 +10001924 for (i = 0; i < options.num_subsystems; i++) {
Damien Miller71df7522013-10-15 12:12:02 +11001925 if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
Damien Miller917f9b62006-07-10 20:36:47 +10001926 prog = options.subsystem_command[i];
1927 cmd = options.subsystem_args[i];
Darren Tuckerc3dc4042010-01-08 17:09:50 +11001928 if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
Damien Millerdfc24252008-02-10 22:29:40 +11001929 s->is_subsystem = SUBSYSTEM_INT_SFTP;
Darren Tuckerc3dc4042010-01-08 17:09:50 +11001930 debug("subsystem: %s", prog);
Damien Millerdfc24252008-02-10 22:29:40 +11001931 } else {
Darren Tuckerc3dc4042010-01-08 17:09:50 +11001932 if (stat(prog, &st) < 0)
1933 debug("subsystem: cannot stat %s: %s",
1934 prog, strerror(errno));
Damien Millerdfc24252008-02-10 22:29:40 +11001935 s->is_subsystem = SUBSYSTEM_EXT;
Darren Tuckerc3dc4042010-01-08 17:09:50 +11001936 debug("subsystem: exec() %s", cmd);
Damien Millerae452462001-10-10 15:08:06 +10001937 }
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001938 success = do_exec(ssh, s, cmd) == 0;
Damien Miller5fab4b92002-02-05 12:15:07 +11001939 break;
Damien Millerf6d9e222000-06-18 14:50:44 +10001940 }
1941 }
1942
1943 if (!success)
Damien Miller71df7522013-10-15 12:12:02 +11001944 logit("subsystem request for %.100s by user %s failed, "
1945 "subsystem not found", s->subsys, s->pw->pw_name);
Damien Millerf6d9e222000-06-18 14:50:44 +10001946
Damien Millerbd483e72000-04-30 10:00:53 +10001947 return success;
1948}
1949
Ben Lindstrombba81212001-06-25 05:01:22 +00001950static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001951session_x11_req(struct ssh *ssh, Session *s)
Damien Millerbd483e72000-04-30 10:00:53 +10001952{
Ben Lindstrom768176b2001-06-09 01:29:12 +00001953 int success;
Damien Millerbd483e72000-04-30 10:00:53 +10001954
Damien Miller2b9b0452005-07-17 17:19:24 +10001955 if (s->auth_proto != NULL || s->auth_data != NULL) {
1956 error("session_x11_req: session %d: "
Darren Tucker63551872005-12-20 16:14:15 +11001957 "x11 forwarding already active", s->self);
Damien Miller2b9b0452005-07-17 17:19:24 +10001958 return 0;
1959 }
Damien Millerbd483e72000-04-30 10:00:53 +10001960 s->single_connection = packet_get_char();
1961 s->auth_proto = packet_get_string(NULL);
1962 s->auth_data = packet_get_string(NULL);
1963 s->screen = packet_get_int();
Damien Miller48b03fc2002-01-22 23:11:40 +11001964 packet_check_eom();
Damien Millerbd483e72000-04-30 10:00:53 +10001965
djm@openbsd.org4b4bfb02016-03-10 11:47:57 +00001966 if (xauth_valid_string(s->auth_proto) &&
1967 xauth_valid_string(s->auth_data))
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001968 success = session_setup_x11fwd(ssh, s);
djm@openbsd.org4b4bfb02016-03-10 11:47:57 +00001969 else {
1970 success = 0;
1971 error("Invalid X11 forwarding data");
1972 }
Ben Lindstrom768176b2001-06-09 01:29:12 +00001973 if (!success) {
Darren Tuckera627d422013-06-02 07:31:17 +10001974 free(s->auth_proto);
1975 free(s->auth_data);
Ben Lindstrom88259fb2001-06-12 00:21:34 +00001976 s->auth_proto = NULL;
1977 s->auth_data = NULL;
Damien Millerbd483e72000-04-30 10:00:53 +10001978 }
Ben Lindstrom768176b2001-06-09 01:29:12 +00001979 return success;
Damien Millerbd483e72000-04-30 10:00:53 +10001980}
1981
Ben Lindstrombba81212001-06-25 05:01:22 +00001982static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001983session_shell_req(struct ssh *ssh, Session *s)
Damien Millerf6d9e222000-06-18 14:50:44 +10001984{
Damien Miller48b03fc2002-01-22 23:11:40 +11001985 packet_check_eom();
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001986 return do_exec(ssh, s, NULL) == 0;
Damien Millerf6d9e222000-06-18 14:50:44 +10001987}
1988
Ben Lindstrombba81212001-06-25 05:01:22 +00001989static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001990session_exec_req(struct ssh *ssh, Session *s)
Damien Millerf6d9e222000-06-18 14:50:44 +10001991{
Damien Miller7207f642008-05-19 15:34:50 +10001992 u_int len, success;
1993
Damien Millerf6d9e222000-06-18 14:50:44 +10001994 char *command = packet_get_string(&len);
Damien Miller48b03fc2002-01-22 23:11:40 +11001995 packet_check_eom();
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00001996 success = do_exec(ssh, s, command) == 0;
Darren Tuckera627d422013-06-02 07:31:17 +10001997 free(command);
Damien Miller7207f642008-05-19 15:34:50 +10001998 return success;
Damien Millerf6d9e222000-06-18 14:50:44 +10001999}
2000
Ben Lindstrombba81212001-06-25 05:01:22 +00002001static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002002session_break_req(struct ssh *ssh, Session *s)
Damien Miller54c45982003-05-15 10:20:13 +10002003{
Damien Miller54c45982003-05-15 10:20:13 +10002004
Darren Tucker1f8311c2004-05-13 16:39:33 +10002005 packet_get_int(); /* ignored */
Damien Miller54c45982003-05-15 10:20:13 +10002006 packet_check_eom();
2007
Darren Tucker9c5d5532011-11-04 10:55:24 +11002008 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
Damien Miller54c45982003-05-15 10:20:13 +10002009 return 0;
Damien Miller54c45982003-05-15 10:20:13 +10002010 return 1;
2011}
2012
2013static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002014session_env_req(struct ssh *ssh, Session *s)
Darren Tucker46bc0752004-05-02 22:11:30 +10002015{
2016 char *name, *val;
2017 u_int name_len, val_len, i;
2018
Damien Miller8569eba2014-03-04 09:35:17 +11002019 name = packet_get_cstring(&name_len);
2020 val = packet_get_cstring(&val_len);
Darren Tucker46bc0752004-05-02 22:11:30 +10002021 packet_check_eom();
2022
2023 /* Don't set too many environment variables */
2024 if (s->num_env > 128) {
2025 debug2("Ignoring env request %s: too many env vars", name);
2026 goto fail;
2027 }
2028
2029 for (i = 0; i < options.num_accept_env; i++) {
2030 if (match_pattern(name, options.accept_env[i])) {
2031 debug2("Setting env %d: %s=%s", s->num_env, name, val);
deraadt@openbsd.org9e509d42017-05-31 09:15:42 +00002032 s->env = xrecallocarray(s->env, s->num_env,
2033 s->num_env + 1, sizeof(*s->env));
Darren Tucker46bc0752004-05-02 22:11:30 +10002034 s->env[s->num_env].name = name;
2035 s->env[s->num_env].val = val;
2036 s->num_env++;
2037 return (1);
2038 }
2039 }
2040 debug2("Ignoring env request %s: disallowed name", name);
2041
2042 fail:
Darren Tuckera627d422013-06-02 07:31:17 +10002043 free(name);
2044 free(val);
Darren Tucker46bc0752004-05-02 22:11:30 +10002045 return (0);
2046}
2047
2048static int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002049session_auth_agent_req(struct ssh *ssh, Session *s)
Damien Miller0bc1bd82000-11-13 22:57:25 +11002050{
2051 static int called = 0;
djm@openbsd.org7c856852018-03-03 03:15:51 +00002052
Damien Miller48b03fc2002-01-22 23:11:40 +11002053 packet_check_eom();
djm@openbsd.org7c856852018-03-03 03:15:51 +00002054 if (!auth_opts->permit_agent_forwarding_flag ||
2055 !options.allow_agent_forwarding) {
2056 debug("%s: agent forwarding disabled", __func__);
Ben Lindstrom14920292000-11-21 21:24:55 +00002057 return 0;
2058 }
Damien Miller0bc1bd82000-11-13 22:57:25 +11002059 if (called) {
2060 return 0;
2061 } else {
2062 called = 1;
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002063 return auth_input_request_forwarding(ssh, s->pw);
Damien Miller0bc1bd82000-11-13 22:57:25 +11002064 }
2065}
2066
Damien Millerc7ef63d2002-02-05 12:21:42 +11002067int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002068session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype)
Damien Millerefb4afe2000-04-12 18:45:05 +10002069{
Damien Millerefb4afe2000-04-12 18:45:05 +10002070 int success = 0;
Damien Millerefb4afe2000-04-12 18:45:05 +10002071 Session *s;
Damien Millerefb4afe2000-04-12 18:45:05 +10002072
Damien Millerc7ef63d2002-02-05 12:21:42 +11002073 if ((s = session_by_channel(c->self)) == NULL) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002074 logit("%s: no session %d req %.100s", __func__, c->self, rtype);
Damien Millerc7ef63d2002-02-05 12:21:42 +11002075 return 0;
2076 }
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002077 debug("%s: session %d req %s", __func__, s->self, rtype);
Damien Millerefb4afe2000-04-12 18:45:05 +10002078
2079 /*
Ben Lindstromfc9b07d2001-03-22 01:27:23 +00002080 * a session is in LARVAL state until a shell, a command
2081 * or a subsystem is executed
Damien Millerefb4afe2000-04-12 18:45:05 +10002082 */
2083 if (c->type == SSH_CHANNEL_LARVAL) {
2084 if (strcmp(rtype, "shell") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002085 success = session_shell_req(ssh, s);
Damien Millerefb4afe2000-04-12 18:45:05 +10002086 } else if (strcmp(rtype, "exec") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002087 success = session_exec_req(ssh, s);
Damien Millerefb4afe2000-04-12 18:45:05 +10002088 } else if (strcmp(rtype, "pty-req") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002089 success = session_pty_req(ssh, s);
Damien Millerbd483e72000-04-30 10:00:53 +10002090 } else if (strcmp(rtype, "x11-req") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002091 success = session_x11_req(ssh, s);
Damien Miller0bc1bd82000-11-13 22:57:25 +11002092 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002093 success = session_auth_agent_req(ssh, s);
Damien Millerbd483e72000-04-30 10:00:53 +10002094 } else if (strcmp(rtype, "subsystem") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002095 success = session_subsystem_req(ssh, s);
Darren Tucker46bc0752004-05-02 22:11:30 +10002096 } else if (strcmp(rtype, "env") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002097 success = session_env_req(ssh, s);
Damien Millerefb4afe2000-04-12 18:45:05 +10002098 }
2099 }
2100 if (strcmp(rtype, "window-change") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002101 success = session_window_change_req(ssh, s);
Damien Millera6b1d162004-06-30 22:41:07 +10002102 } else if (strcmp(rtype, "break") == 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002103 success = session_break_req(ssh, s);
Damien Millerefb4afe2000-04-12 18:45:05 +10002104 }
Damien Millera6b1d162004-06-30 22:41:07 +10002105
Damien Millerc7ef63d2002-02-05 12:21:42 +11002106 return success;
Damien Millerefb4afe2000-04-12 18:45:05 +10002107}
2108
2109void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002110session_set_fds(struct ssh *ssh, Session *s,
2111 int fdin, int fdout, int fderr, int ignore_fderr, int is_tty)
Damien Millerefb4afe2000-04-12 18:45:05 +10002112{
Damien Millerefb4afe2000-04-12 18:45:05 +10002113 /*
2114 * now that have a child and a pipe to the child,
2115 * we can activate our channel and register the fd's
2116 */
2117 if (s->chanid == -1)
2118 fatal("no channel for session %d", s->self);
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002119 channel_set_fds(ssh, s->chanid,
Damien Millerefb4afe2000-04-12 18:45:05 +10002120 fdout, fdin, fderr,
Damien Miller8853ca52010-06-26 10:00:14 +10002121 ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
Darren Tuckered3cdc02008-06-16 23:29:18 +10002122 1, is_tty, CHAN_SES_WINDOW_DEFAULT);
Damien Millerefb4afe2000-04-12 18:45:05 +10002123}
2124
Ben Lindstrom7eaf8e42001-06-13 04:35:43 +00002125/*
2126 * Function to perform pty cleanup. Also called if we get aborted abnormally
2127 * (e.g., due to a dropped connection).
2128 */
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002129void
Darren Tucker3e33cec2003-10-02 16:12:36 +10002130session_pty_cleanup2(Session *s)
Damien Millerb38eff82000-04-01 11:09:21 +10002131{
Ben Lindstrom7eaf8e42001-06-13 04:35:43 +00002132 if (s == NULL) {
2133 error("session_pty_cleanup: no session");
2134 return;
2135 }
2136 if (s->ttyfd == -1)
Damien Millerb38eff82000-04-01 11:09:21 +10002137 return;
2138
Kevin Steves43cdef32001-02-11 14:12:08 +00002139 debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
Damien Millerb38eff82000-04-01 11:09:21 +10002140
Damien Millerb38eff82000-04-01 11:09:21 +10002141 /* Record that the user has logged out. */
Ben Lindstrom7eaf8e42001-06-13 04:35:43 +00002142 if (s->pid != 0)
Tim Ricee06ae4a2002-02-24 17:56:46 -08002143 record_logout(s->pid, s->tty, s->pw->pw_name);
Damien Millerb38eff82000-04-01 11:09:21 +10002144
2145 /* Release the pseudo-tty. */
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002146 if (getuid() == 0)
2147 pty_release(s->tty);
Damien Millerb38eff82000-04-01 11:09:21 +10002148
2149 /*
2150 * Close the server side of the socket pairs. We must do this after
2151 * the pty cleanup, so that another process doesn't get this pty
2152 * while we're still cleaning up.
2153 */
Damien Miller7207f642008-05-19 15:34:50 +10002154 if (s->ptymaster != -1 && close(s->ptymaster) < 0)
2155 error("close(s->ptymaster/%d): %s",
2156 s->ptymaster, strerror(errno));
Damien Miller0585d512001-10-12 11:35:50 +10002157
2158 /* unlink pty from session */
2159 s->ttyfd = -1;
Damien Millerb38eff82000-04-01 11:09:21 +10002160}
Damien Millerefb4afe2000-04-12 18:45:05 +10002161
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002162void
Darren Tucker3e33cec2003-10-02 16:12:36 +10002163session_pty_cleanup(Session *s)
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002164{
Darren Tucker3e33cec2003-10-02 16:12:36 +10002165 PRIVSEP(session_pty_cleanup2(s));
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002166}
2167
Damien Miller5a80bba2002-09-04 16:39:02 +10002168static char *
2169sig2name(int sig)
2170{
2171#define SSH_SIG(x) if (sig == SIG ## x) return #x
2172 SSH_SIG(ABRT);
2173 SSH_SIG(ALRM);
2174 SSH_SIG(FPE);
2175 SSH_SIG(HUP);
2176 SSH_SIG(ILL);
2177 SSH_SIG(INT);
2178 SSH_SIG(KILL);
2179 SSH_SIG(PIPE);
2180 SSH_SIG(QUIT);
2181 SSH_SIG(SEGV);
2182 SSH_SIG(TERM);
2183 SSH_SIG(USR1);
2184 SSH_SIG(USR2);
2185#undef SSH_SIG
2186 return "SIG@openssh.com";
2187}
2188
Ben Lindstrombba81212001-06-25 05:01:22 +00002189static void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002190session_close_x11(struct ssh *ssh, int id)
Damien Miller2b9b0452005-07-17 17:19:24 +10002191{
2192 Channel *c;
2193
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002194 if ((c = channel_by_id(ssh, id)) == NULL) {
2195 debug("%s: x11 channel %d missing", __func__, id);
Damien Miller2b9b0452005-07-17 17:19:24 +10002196 } else {
2197 /* Detach X11 listener */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002198 debug("%s: detach x11 channel %d", __func__, id);
2199 channel_cancel_cleanup(ssh, id);
Damien Miller2b9b0452005-07-17 17:19:24 +10002200 if (c->ostate != CHAN_OUTPUT_CLOSED)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002201 chan_mark_dead(ssh, c);
Damien Miller2b9b0452005-07-17 17:19:24 +10002202 }
2203}
2204
2205static void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002206session_close_single_x11(struct ssh *ssh, int id, void *arg)
Damien Miller2b9b0452005-07-17 17:19:24 +10002207{
2208 Session *s;
2209 u_int i;
2210
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002211 debug3("%s: channel %d", __func__, id);
2212 channel_cancel_cleanup(ssh, id);
Darren Tucker82a3d2b2007-02-19 22:10:25 +11002213 if ((s = session_by_x11_channel(id)) == NULL)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002214 fatal("%s: no x11 channel %d", __func__, id);
Damien Miller2b9b0452005-07-17 17:19:24 +10002215 for (i = 0; s->x11_chanids[i] != -1; i++) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002216 debug("%s: session %d: closing channel %d",
2217 __func__, s->self, s->x11_chanids[i]);
Damien Miller2b9b0452005-07-17 17:19:24 +10002218 /*
2219 * The channel "id" is already closing, but make sure we
2220 * close all of its siblings.
2221 */
2222 if (s->x11_chanids[i] != id)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002223 session_close_x11(ssh, s->x11_chanids[i]);
Damien Miller2b9b0452005-07-17 17:19:24 +10002224 }
Darren Tuckera627d422013-06-02 07:31:17 +10002225 free(s->x11_chanids);
Damien Miller2b9b0452005-07-17 17:19:24 +10002226 s->x11_chanids = NULL;
Darren Tuckera627d422013-06-02 07:31:17 +10002227 free(s->display);
2228 s->display = NULL;
2229 free(s->auth_proto);
2230 s->auth_proto = NULL;
2231 free(s->auth_data);
2232 s->auth_data = NULL;
2233 free(s->auth_display);
2234 s->auth_display = NULL;
Damien Miller2b9b0452005-07-17 17:19:24 +10002235}
2236
2237static void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002238session_exit_message(struct ssh *ssh, Session *s, int status)
Damien Millerefb4afe2000-04-12 18:45:05 +10002239{
2240 Channel *c;
Damien Millerf3dcf1f2002-02-08 22:06:48 +11002241
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002242 if ((c = channel_lookup(ssh, s->chanid)) == NULL)
2243 fatal("%s: session %d: no channel %d",
2244 __func__, s->self, s->chanid);
2245 debug("%s: session %d channel %d pid %ld",
2246 __func__, s->self, s->chanid, (long)s->pid);
Damien Millerefb4afe2000-04-12 18:45:05 +10002247
2248 if (WIFEXITED(status)) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002249 channel_request_start(ssh, s->chanid, "exit-status", 0);
Damien Millerefb4afe2000-04-12 18:45:05 +10002250 packet_put_int(WEXITSTATUS(status));
2251 packet_send();
2252 } else if (WIFSIGNALED(status)) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002253 channel_request_start(ssh, s->chanid, "exit-signal", 0);
Damien Miller5a80bba2002-09-04 16:39:02 +10002254 packet_put_cstring(sig2name(WTERMSIG(status)));
Damien Millerf3c6cf12000-05-17 22:08:29 +10002255#ifdef WCOREDUMP
Damien Miller767087b2008-03-07 18:32:42 +11002256 packet_put_char(WCOREDUMP(status)? 1 : 0);
Damien Millerf3c6cf12000-05-17 22:08:29 +10002257#else /* WCOREDUMP */
2258 packet_put_char(0);
2259#endif /* WCOREDUMP */
Damien Millerefb4afe2000-04-12 18:45:05 +10002260 packet_put_cstring("");
2261 packet_put_cstring("");
2262 packet_send();
2263 } else {
2264 /* Some weird exit cause. Just exit. */
2265 packet_disconnect("wait returned status %04x.", status);
2266 }
2267
2268 /* disconnect channel */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002269 debug("%s: release channel %d", __func__, s->chanid);
Damien Miller39eda6e2005-11-05 14:52:50 +11002270
2271 /*
2272 * Adjust cleanup callback attachment to send close messages when
Damien Millerc91e5562006-03-26 13:58:55 +11002273 * the channel gets EOF. The session will be then be closed
Damien Miller39eda6e2005-11-05 14:52:50 +11002274 * by session_close_by_channel when the childs close their fds.
2275 */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002276 channel_register_cleanup(ssh, c->self, session_close_by_channel, 1);
Damien Miller39eda6e2005-11-05 14:52:50 +11002277
Damien Miller166fca82000-04-20 07:42:21 +10002278 /*
2279 * emulate a write failure with 'chan_write_failed', nobody will be
2280 * interested in data we write.
2281 * Note that we must not call 'chan_read_failed', since there could
2282 * be some more data waiting in the pipe.
2283 */
Damien Millerbd483e72000-04-30 10:00:53 +10002284 if (c->ostate != CHAN_OUTPUT_CLOSED)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002285 chan_write_failed(ssh, c);
Damien Millerefb4afe2000-04-12 18:45:05 +10002286}
2287
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002288void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002289session_close(struct ssh *ssh, Session *s)
Damien Millerefb4afe2000-04-12 18:45:05 +10002290{
Damien Millereccb9de2005-06-17 12:59:34 +10002291 u_int i;
Darren Tucker46bc0752004-05-02 22:11:30 +10002292
djm@openbsd.org5a0fcb72016-02-16 03:37:48 +00002293 verbose("Close session: user %s from %.200s port %d id %d",
2294 s->pw->pw_name,
djm@openbsd.org95767262016-03-07 19:02:43 +00002295 ssh_remote_ipaddr(ssh),
2296 ssh_remote_port(ssh),
djm@openbsd.org5a0fcb72016-02-16 03:37:48 +00002297 s->self);
2298
Darren Tucker3e33cec2003-10-02 16:12:36 +10002299 if (s->ttyfd != -1)
Ben Lindstrom7eaf8e42001-06-13 04:35:43 +00002300 session_pty_cleanup(s);
Darren Tuckera627d422013-06-02 07:31:17 +10002301 free(s->term);
2302 free(s->display);
2303 free(s->x11_chanids);
2304 free(s->auth_display);
2305 free(s->auth_data);
2306 free(s->auth_proto);
Damien Miller71df7522013-10-15 12:12:02 +11002307 free(s->subsys);
Damien Millerd5fe0ba2006-08-30 11:07:39 +10002308 if (s->env != NULL) {
2309 for (i = 0; i < s->num_env; i++) {
Darren Tuckera627d422013-06-02 07:31:17 +10002310 free(s->env[i].name);
2311 free(s->env[i].val);
Damien Millerd5fe0ba2006-08-30 11:07:39 +10002312 }
Darren Tuckera627d422013-06-02 07:31:17 +10002313 free(s->env);
Damien Millerd5fe0ba2006-08-30 11:07:39 +10002314 }
Damien Millere247cc42000-05-07 12:03:14 +10002315 session_proctitle(s);
Damien Miller7207f642008-05-19 15:34:50 +10002316 session_unused(s->self);
Damien Millerefb4afe2000-04-12 18:45:05 +10002317}
2318
2319void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002320session_close_by_pid(struct ssh *ssh, pid_t pid, int status)
Damien Millerefb4afe2000-04-12 18:45:05 +10002321{
2322 Session *s = session_by_pid(pid);
2323 if (s == NULL) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002324 debug("%s: no session for pid %ld", __func__, (long)pid);
Damien Millerefb4afe2000-04-12 18:45:05 +10002325 return;
2326 }
2327 if (s->chanid != -1)
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002328 session_exit_message(ssh, s, status);
Damien Miller39eda6e2005-11-05 14:52:50 +11002329 if (s->ttyfd != -1)
2330 session_pty_cleanup(s);
Tim Rice83d2f5f2006-02-07 15:17:44 -08002331 s->pid = 0;
Damien Millerefb4afe2000-04-12 18:45:05 +10002332}
2333
2334/*
2335 * this is called when a channel dies before
2336 * the session 'child' itself dies
2337 */
2338void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002339session_close_by_channel(struct ssh *ssh, int id, void *arg)
Damien Millerefb4afe2000-04-12 18:45:05 +10002340{
2341 Session *s = session_by_channel(id);
Damien Miller39eda6e2005-11-05 14:52:50 +11002342 u_int i;
Damien Miller2b9b0452005-07-17 17:19:24 +10002343
Damien Millerefb4afe2000-04-12 18:45:05 +10002344 if (s == NULL) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002345 debug("%s: no session for id %d", __func__, id);
Damien Millerefb4afe2000-04-12 18:45:05 +10002346 return;
2347 }
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002348 debug("%s: channel %d child %ld", __func__, id, (long)s->pid);
Damien Miller3ec27592001-10-12 11:35:04 +10002349 if (s->pid != 0) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002350 debug("%s: channel %d: has child", __func__, id);
Damien Miller0585d512001-10-12 11:35:50 +10002351 /*
2352 * delay detach of session, but release pty, since
2353 * the fd's to the child are already closed
2354 */
Darren Tucker3e33cec2003-10-02 16:12:36 +10002355 if (s->ttyfd != -1)
Damien Miller0585d512001-10-12 11:35:50 +10002356 session_pty_cleanup(s);
Damien Miller3ec27592001-10-12 11:35:04 +10002357 return;
2358 }
2359 /* detach by removing callback */
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002360 channel_cancel_cleanup(ssh, s->chanid);
Damien Miller39eda6e2005-11-05 14:52:50 +11002361
2362 /* Close any X11 listeners associated with this session */
2363 if (s->x11_chanids != NULL) {
2364 for (i = 0; s->x11_chanids[i] != -1; i++) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002365 session_close_x11(ssh, s->x11_chanids[i]);
Damien Miller39eda6e2005-11-05 14:52:50 +11002366 s->x11_chanids[i] = -1;
2367 }
2368 }
2369
Damien Millerefb4afe2000-04-12 18:45:05 +10002370 s->chanid = -1;
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002371 session_close(ssh, s);
Damien Miller52b77be2001-10-10 15:14:37 +10002372}
2373
2374void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002375session_destroy_all(struct ssh *ssh, void (*closefunc)(Session *))
Damien Miller52b77be2001-10-10 15:14:37 +10002376{
2377 int i;
Damien Miller7207f642008-05-19 15:34:50 +10002378 for (i = 0; i < sessions_nalloc; i++) {
Damien Miller52b77be2001-10-10 15:14:37 +10002379 Session *s = &sessions[i];
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002380 if (s->used) {
2381 if (closefunc != NULL)
2382 closefunc(s);
2383 else
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002384 session_close(ssh, s);
Ben Lindstrom7a2073c2002-03-22 02:30:41 +00002385 }
Damien Miller52b77be2001-10-10 15:14:37 +10002386 }
Damien Millerefb4afe2000-04-12 18:45:05 +10002387}
2388
Ben Lindstrombba81212001-06-25 05:01:22 +00002389static char *
Damien Millere247cc42000-05-07 12:03:14 +10002390session_tty_list(void)
2391{
2392 static char buf[1024];
2393 int i;
Damien Millera8ed44b2003-01-10 09:53:12 +11002394 char *cp;
2395
Damien Millere247cc42000-05-07 12:03:14 +10002396 buf[0] = '\0';
Damien Miller7207f642008-05-19 15:34:50 +10002397 for (i = 0; i < sessions_nalloc; i++) {
Damien Millere247cc42000-05-07 12:03:14 +10002398 Session *s = &sessions[i];
2399 if (s->used && s->ttyfd != -1) {
Damien Miller787b2ec2003-11-21 23:56:47 +11002400
Damien Millera8ed44b2003-01-10 09:53:12 +11002401 if (strncmp(s->tty, "/dev/", 5) != 0) {
2402 cp = strrchr(s->tty, '/');
2403 cp = (cp == NULL) ? s->tty : cp + 1;
2404 } else
2405 cp = s->tty + 5;
Damien Miller787b2ec2003-11-21 23:56:47 +11002406
Damien Millere247cc42000-05-07 12:03:14 +10002407 if (buf[0] != '\0')
2408 strlcat(buf, ",", sizeof buf);
Damien Millera8ed44b2003-01-10 09:53:12 +11002409 strlcat(buf, cp, sizeof buf);
Damien Millere247cc42000-05-07 12:03:14 +10002410 }
2411 }
2412 if (buf[0] == '\0')
2413 strlcpy(buf, "notty", sizeof buf);
2414 return buf;
2415}
2416
2417void
2418session_proctitle(Session *s)
2419{
2420 if (s->pw == NULL)
2421 error("no user for session %d", s->self);
2422 else
2423 setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
2424}
2425
Ben Lindstrom768176b2001-06-09 01:29:12 +00002426int
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002427session_setup_x11fwd(struct ssh *ssh, Session *s)
Ben Lindstrom768176b2001-06-09 01:29:12 +00002428{
Ben Lindstrom768176b2001-06-09 01:29:12 +00002429 struct stat st;
Kevin Steves366298c2001-12-19 17:58:01 +00002430 char display[512], auth_display[512];
Damien Millere5c0d522014-07-03 21:24:19 +10002431 char hostname[NI_MAXHOST];
Damien Miller2b9b0452005-07-17 17:19:24 +10002432 u_int i;
Ben Lindstrom768176b2001-06-09 01:29:12 +00002433
djm@openbsd.org7c856852018-03-03 03:15:51 +00002434 if (!auth_opts->permit_x11_forwarding_flag) {
2435 packet_send_debug("X11 forwarding disabled by key options.");
Ben Lindstrom768176b2001-06-09 01:29:12 +00002436 return 0;
2437 }
2438 if (!options.x11_forwarding) {
2439 debug("X11 forwarding disabled in server configuration file.");
2440 return 0;
2441 }
djm@openbsd.org161cf412014-12-22 07:55:51 +00002442 if (options.xauth_location == NULL ||
Ben Lindstrom768176b2001-06-09 01:29:12 +00002443 (stat(options.xauth_location, &st) == -1)) {
djm@openbsd.org7c856852018-03-03 03:15:51 +00002444 packet_send_debug("No xauth program; cannot forward X11.");
Ben Lindstrom768176b2001-06-09 01:29:12 +00002445 return 0;
2446 }
Ben Lindstrom2bcdf062001-06-13 04:41:41 +00002447 if (s->display != NULL) {
Ben Lindstrom768176b2001-06-09 01:29:12 +00002448 debug("X11 display already set.");
2449 return 0;
2450 }
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002451 if (x11_create_display_inet(ssh, options.x11_display_offset,
Ben Lindstroma9d2c892002-06-23 21:48:28 +00002452 options.x11_use_localhost, s->single_connection,
Damien Miller2b9b0452005-07-17 17:19:24 +10002453 &s->display_number, &s->x11_chanids) == -1) {
Ben Lindstrom2bcdf062001-06-13 04:41:41 +00002454 debug("x11_create_display_inet failed.");
Ben Lindstrom768176b2001-06-09 01:29:12 +00002455 return 0;
2456 }
Damien Miller2b9b0452005-07-17 17:19:24 +10002457 for (i = 0; s->x11_chanids[i] != -1; i++) {
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002458 channel_register_cleanup(ssh, s->x11_chanids[i],
Damien Miller39eda6e2005-11-05 14:52:50 +11002459 session_close_single_x11, 0);
Damien Miller2b9b0452005-07-17 17:19:24 +10002460 }
Kevin Steves366298c2001-12-19 17:58:01 +00002461
2462 /* Set up a suitable value for the DISPLAY variable. */
2463 if (gethostname(hostname, sizeof(hostname)) < 0)
2464 fatal("gethostname: %.100s", strerror(errno));
2465 /*
2466 * auth_display must be used as the displayname when the
2467 * authorization entry is added with xauth(1). This will be
2468 * different than the DISPLAY string for localhost displays.
2469 */
Damien Miller95c249f2002-02-05 12:11:34 +11002470 if (options.x11_use_localhost) {
Ben Lindstroma9d2c892002-06-23 21:48:28 +00002471 snprintf(display, sizeof display, "localhost:%u.%u",
Kevin Steves366298c2001-12-19 17:58:01 +00002472 s->display_number, s->screen);
Ben Lindstroma9d2c892002-06-23 21:48:28 +00002473 snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
Damien Miller512bccb2002-02-05 12:11:02 +11002474 s->display_number, s->screen);
Kevin Steves366298c2001-12-19 17:58:01 +00002475 s->display = xstrdup(display);
Damien Miller512bccb2002-02-05 12:11:02 +11002476 s->auth_display = xstrdup(auth_display);
Kevin Steves366298c2001-12-19 17:58:01 +00002477 } else {
2478#ifdef IPADDR_IN_DISPLAY
2479 struct hostent *he;
2480 struct in_addr my_addr;
2481
2482 he = gethostbyname(hostname);
2483 if (he == NULL) {
2484 error("Can't get IP address for X11 DISPLAY.");
2485 packet_send_debug("Can't get IP address for X11 DISPLAY.");
2486 return 0;
2487 }
2488 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
Ben Lindstroma9d2c892002-06-23 21:48:28 +00002489 snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
Kevin Steves366298c2001-12-19 17:58:01 +00002490 s->display_number, s->screen);
2491#else
Ben Lindstroma9d2c892002-06-23 21:48:28 +00002492 snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
Kevin Steves366298c2001-12-19 17:58:01 +00002493 s->display_number, s->screen);
2494#endif
2495 s->display = xstrdup(display);
Damien Miller512bccb2002-02-05 12:11:02 +11002496 s->auth_display = xstrdup(display);
Kevin Steves366298c2001-12-19 17:58:01 +00002497 }
2498
Ben Lindstrom768176b2001-06-09 01:29:12 +00002499 return 1;
2500}
2501
Ben Lindstrombba81212001-06-25 05:01:22 +00002502static void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002503do_authenticated2(struct ssh *ssh, Authctxt *authctxt)
Damien Millerefb4afe2000-04-12 18:45:05 +10002504{
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002505 server_loop2(ssh, authctxt);
Darren Tucker3e33cec2003-10-02 16:12:36 +10002506}
2507
2508void
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002509do_cleanup(struct ssh *ssh, Authctxt *authctxt)
Darren Tucker3e33cec2003-10-02 16:12:36 +10002510{
2511 static int called = 0;
2512
2513 debug("do_cleanup");
2514
2515 /* no cleanup if we're in the child for login shell */
2516 if (is_child)
2517 return;
2518
2519 /* avoid double cleanup */
2520 if (called)
2521 return;
2522 called = 1;
2523
Darren Tucker9142e1c2007-08-16 23:28:04 +10002524 if (authctxt == NULL)
Darren Tucker3e33cec2003-10-02 16:12:36 +10002525 return;
Darren Tucker9142e1c2007-08-16 23:28:04 +10002526
2527#ifdef USE_PAM
2528 if (options.use_pam) {
2529 sshpam_cleanup();
2530 sshpam_thread_cleanup();
2531 }
2532#endif
2533
2534 if (!authctxt->authenticated)
2535 return;
2536
Darren Tucker3e33cec2003-10-02 16:12:36 +10002537#ifdef KRB5
2538 if (options.kerberos_ticket_cleanup &&
2539 authctxt->krb5_ctx)
2540 krb5_cleanup_proc(authctxt);
Darren Tucker0efd1552003-08-26 11:49:55 +10002541#endif
Darren Tucker3e33cec2003-10-02 16:12:36 +10002542
2543#ifdef GSSAPI
markus@openbsd.org6cb6dcf2016-08-13 17:47:40 +00002544 if (options.gss_cleanup_creds)
Darren Tucker3e33cec2003-10-02 16:12:36 +10002545 ssh_gssapi_cleanup_creds();
2546#endif
2547
2548 /* remove agent socket */
2549 auth_sock_cleanup_proc(authctxt->pw);
2550
djm@openbsd.org8f574952017-06-24 06:34:38 +00002551 /* remove userauth info */
2552 if (auth_info_file != NULL) {
2553 temporarily_use_uid(authctxt->pw);
2554 unlink(auth_info_file);
2555 restore_uid();
2556 free(auth_info_file);
2557 auth_info_file = NULL;
2558 }
2559
Darren Tucker3e33cec2003-10-02 16:12:36 +10002560 /*
2561 * Cleanup ptys/utmp only if privsep is disabled,
2562 * or if running in monitor.
2563 */
2564 if (!use_privsep || mm_is_monitor())
djm@openbsd.orgdbee4112017-09-12 06:32:07 +00002565 session_destroy_all(ssh, session_pty_cleanup2);
Damien Millerefb4afe2000-04-12 18:45:05 +10002566}
djm@openbsd.org95767262016-03-07 19:02:43 +00002567
2568/* Return a name for the remote host that fits inside utmp_size */
2569
2570const char *
2571session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns)
2572{
2573 const char *remote = "";
2574
2575 if (utmp_size > 0)
2576 remote = auth_get_canonical_hostname(ssh, use_dns);
2577 if (utmp_size == 0 || strlen(remote) > utmp_size)
2578 remote = ssh_remote_ipaddr(ssh);
2579 return remote;
2580}
2581