Lines Matching +full:pam +full:- +full:afs +full:- +full:session
1 /* $OpenBSD: session.c,v 1.341 2025/04/09 07:00:03 djm Exp $ */
65 #include "openbsd-compat/sys-queue.h"
79 #include "ssh-gss.h"
83 #include "auth-options.h"
92 #include "session.h"
108 * without calling into the monitor. This requires either the post-auth
110 * sshd-session.c:privsep_postauth) or that PTY allocation doesn't require
118 (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
119 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
120 c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
121 c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
125 Session *session_new(void);
126 void session_set_fds(struct ssh *, Session *, int, int, int, int, int);
127 void session_pty_cleanup(Session *);
128 void session_proctitle(Session *);
129 int session_setup_x11fwd(struct ssh *, Session *);
130 int do_exec_pty(struct ssh *, Session *, const char *);
131 int do_exec_no_pty(struct ssh *, Session *, const char *);
132 int do_exec(struct ssh *, Session *, const char *);
133 void do_login(struct ssh *, Session *, const char *);
134 void do_child(struct ssh *, Session *, const char *);
136 int check_quietlogin(Session *, const char *);
140 static int session_pty_req(struct ssh *, Session *);
157 static int sessions_first_unused = -1;
159 static Session *sessions = NULL;
198 int sock = -1; in auth_input_request_forwarding()
209 auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); in auth_input_request_forwarding()
235 nc = channel_new(ssh, "auth-listener", in auth_input_request_forwarding()
236 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, in auth_input_request_forwarding()
239 nc->path = xstrdup(auth_sock_name); in auth_input_request_forwarding()
250 if (sock != -1) in auth_input_request_forwarding()
273 int fd = -1, success = 0; in prepare_auth_info_file()
280 if ((fd = mkstemp(auth_info_file)) == -1) { in prepare_auth_info_file()
296 if (fd != -1) in prepare_auth_info_file()
313 for (i = 0; i < auth_opts->npermitopen; i++) { in set_fwdpermit_from_authopts()
314 tmp = cp = xstrdup(auth_opts->permitopen[i]); in set_fwdpermit_from_authopts()
328 for (i = 0; i < auth_opts->npermitlisten; i++) { in set_fwdpermit_from_authopts()
329 tmp = cp = xstrdup(auth_opts->permitlisten[i]); in set_fwdpermit_from_authopts()
346 setproctitle("%s", authctxt->pw->pw_name); in do_authenticated()
351 /* XXX - streamlocal? */ in do_authenticated()
354 if (!auth_opts->permit_port_forwarding_flag || in do_authenticated()
370 prepare_auth_info_file(authctxt->pw, authctxt->session_info); in do_authenticated()
386 s[i] != '-' && s[i] != '_') in xauth_valid_string()
399 do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) in do_exec_no_pty()
406 fatal("do_exec_no_pty: no session"); in do_exec_no_pty()
409 if (pipe(pin) == -1) { in do_exec_no_pty()
411 return -1; in do_exec_no_pty()
413 if (pipe(pout) == -1) { in do_exec_no_pty()
417 return -1; in do_exec_no_pty()
419 if (pipe(perr) == -1) { in do_exec_no_pty()
425 return -1; in do_exec_no_pty()
431 fatal("do_exec_no_pty: no session"); in do_exec_no_pty()
434 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) { in do_exec_no_pty()
436 return -1; in do_exec_no_pty()
438 if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) { in do_exec_no_pty()
442 return -1; in do_exec_no_pty()
450 case -1: in do_exec_no_pty()
465 return -1; in do_exec_no_pty()
470 * Create a new session and process group since the 4.4BSD in do_exec_no_pty()
473 if (setsid() == -1) in do_exec_no_pty()
482 if (dup2(pin[0], 0) == -1) in do_exec_no_pty()
488 if (dup2(pout[1], 1) == -1) in do_exec_no_pty()
494 if (dup2(perr[1], 2) == -1) in do_exec_no_pty()
505 if (dup2(inout[0], 0) == -1) /* stdin */ in do_exec_no_pty()
507 if (dup2(inout[0], 1) == -1) /* stdout (same as stdin) */ in do_exec_no_pty()
510 if (dup2(err[0], 2) == -1) /* stderr */ in do_exec_no_pty()
526 s->pid = pid; in do_exec_no_pty()
527 /* Set interactive/non-interactive mode. */ in do_exec_no_pty()
528 ssh_packet_set_interactive(ssh, s->display != NULL, in do_exec_no_pty()
545 s->is_subsystem, 0); in do_exec_no_pty()
552 * Enter the interactive session. Note: server_loop must be able to in do_exec_no_pty()
556 s->is_subsystem, 0); in do_exec_no_pty()
568 do_exec_pty(struct ssh *ssh, Session *s, const char *command) in do_exec_pty()
574 fatal("do_exec_pty: no session"); in do_exec_pty()
575 ptyfd = s->ptyfd; in do_exec_pty()
576 ttyfd = s->ttyfd; in do_exec_pty()
583 * detect and gracefully fail out-of-fd conditions. in do_exec_pty()
585 if ((fdout = dup(ptyfd)) == -1) { in do_exec_pty()
589 return -1; in do_exec_pty()
592 if ((ptymaster = dup(ptyfd)) == -1) { in do_exec_pty()
597 return -1; in do_exec_pty()
602 case -1: in do_exec_pty()
608 return -1; in do_exec_pty()
619 pty_make_controlling_tty(&ttyfd, s->tty); in do_exec_pty()
622 if (dup2(ttyfd, 0) == -1) in do_exec_pty()
624 if (dup2(ttyfd, 1) == -1) in do_exec_pty()
626 if (dup2(ttyfd, 2) == -1) in do_exec_pty()
650 s->pid = pid; in do_exec_pty()
655 /* Enter interactive session. */ in do_exec_pty()
656 s->ptymaster = ptymaster; in do_exec_pty()
659 session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1); in do_exec_pty()
668 do_exec(struct ssh *ssh, Session *s, const char *command) in do_exec()
678 } else if (auth_opts->force_command != NULL) { in do_exec()
680 command = auth_opts->force_command; in do_exec()
681 forced = "(key-option)"; in do_exec()
683 s->forced = 0; in do_exec()
685 s->forced = 1; in do_exec()
687 s->is_subsystem = s->is_subsystem ? in do_exec()
689 } else if (s->is_subsystem) in do_exec()
690 s->is_subsystem = SUBSYSTEM_EXT; in do_exec()
692 "forced-command %s '%.900s'", forced, command); in do_exec()
693 } else if (s->is_subsystem) { in do_exec()
695 "subsystem '%.900s'", s->subsys); in do_exec()
703 if (s->ttyfd != -1) { in do_exec()
704 tty = s->tty; in do_exec()
709 verbose("Starting session: %s%s%s for %s from %.200s port %d id %d", in do_exec()
713 s->pw->pw_name, in do_exec()
716 s->self); in do_exec()
721 else if (s->ttyfd == -1) { in do_exec()
722 char *shell = s->pw->pw_shell; in do_exec()
729 if (s->ttyfd != -1) in do_exec()
746 /* administrative, login(1)-like work */
748 do_login(struct ssh *ssh, Session *s, const char *command) in do_login()
761 (struct sockaddr *)&from, &fromlen) == -1) { in do_login()
804 check_quietlogin(Session *s, const char *command) in check_quietlogin()
807 struct passwd *pw = s->pw; in check_quietlogin()
813 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); in check_quietlogin()
845 while (getline(&line, &linesize, f) != -1) { in read_environment_file()
971 do_setup_env(struct ssh *ssh, Session *s, const char *shell) in do_setup_env()
977 struct passwd *pw = s->pw; in do_setup_env()
1015 for (i = 0; i < s->num_env; i++) in do_setup_env()
1016 child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); in do_setup_env()
1018 child_set_env(&env, &envsize, "USER", pw->pw_name); in do_setup_env()
1019 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); in do_setup_env()
1021 child_set_env(&env, &envsize, "LOGIN", pw->pw_name); in do_setup_env()
1023 child_set_env(&env, &envsize, "HOME", pw->pw_dir); in do_setup_env()
1024 snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); in do_setup_env()
1038 (void)setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV|LOGIN_SETPATH); in do_setup_env()
1057 read_etc_default_login(&env, &envsize, pw->pw_uid); in do_setup_env()
1062 s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); in do_setup_env()
1070 if (s->term) in do_setup_env()
1071 child_set_env(&env, &envsize, "TERM", s->term); in do_setup_env()
1072 if (s->display) in do_setup_env()
1073 child_set_env(&env, &envsize, "DISPLAY", s->display); in do_setup_env()
1098 if (s->authctxt->krb5_ccname) in do_setup_env()
1100 s->authctxt->krb5_ccname); in do_setup_env()
1109 for (n = 0 ; n < auth_opts->nenv; n++) { in do_setup_env()
1110 ocp = xstrdup(auth_opts->env[n]); in do_setup_env()
1128 pw->pw_dir, _PATH_SSH_USER_DIR); in do_setup_env()
1136 * been set by PAM. in do_setup_env()
1142 * Don't allow PAM-internal env vars to leak in do_setup_env()
1143 * back into the session environment. in do_setup_env()
1187 if (s->ttyfd != -1) in do_setup_env()
1188 child_set_env(&env, &envsize, "SSH_TTY", s->tty); in do_setup_env()
1207 do_rc_files(struct ssh *ssh, Session *s, const char *shell) in do_rc_files()
1215 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; in do_rc_files()
1216 xasprintf(&user_rc, "%s/%s", s->pw->pw_dir, _PATH_SSH_USER_RC); in do_rc_files()
1219 if (!s->is_subsystem && options.adm_forced_command == NULL && in do_rc_files()
1220 auth_opts->permit_user_rc && options.permit_user_rc && in do_rc_files()
1222 if (xasprintf(&cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, in do_rc_files()
1223 user_rc) == -1) in do_rc_files()
1230 fprintf(f, "%s %s\n", s->auth_proto, in do_rc_files()
1231 s->auth_data); in do_rc_files()
1243 fprintf(f, "%s %s\n", s->auth_proto, in do_rc_files()
1244 s->auth_data); in do_rc_files()
1254 options.xauth_location, s->auth_display); in do_rc_files()
1257 options.xauth_location, s->auth_display, in do_rc_files()
1258 s->auth_proto, s->auth_data); in do_rc_files()
1260 if (xasprintf(&cmd, "%s -q -", options.xauth_location) == -1) in do_rc_files()
1265 s->auth_display); in do_rc_files()
1267 s->auth_display, s->auth_proto, in do_rc_files()
1268 s->auth_data); in do_rc_files()
1288 if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) in do_nologin()
1292 if (pw->pw_uid == 0) in do_nologin()
1296 if (stat(nl, &sb) == -1) in do_nologin()
1300 logit("User %.100s not allowed because %s exists", pw->pw_name, nl); in do_nologin()
1311 * must be root-owned directories with strict permissions.
1327 * root-owned directory with strict permissions. in safely_chroot()
1334 memcpy(component, path, cp - path); in safely_chroot()
1335 component[cp - path] = '\0'; in safely_chroot()
1353 if (chdir(path) == -1) in safely_chroot()
1356 if (chroot(path) == -1) in safely_chroot()
1358 if (chdir("/") == -1) in safely_chroot()
1373 if (setusercontext(lc, pw, pw->pw_uid, in do_setusercontext()
1379 if (setlogin(pw->pw_name) < 0) in do_setusercontext()
1381 if (setgid(pw->pw_gid) < 0) { in do_setusercontext()
1386 if (initgroups(pw->pw_name, pw->pw_gid) < 0) { in do_setusercontext()
1398 pw->pw_uid); in do_setusercontext()
1400 (unsigned long long)pw->pw_uid); in do_setusercontext()
1401 chroot_path = percent_expand(tmp, "h", pw->pw_dir, in do_setusercontext()
1402 "u", pw->pw_name, "U", uidstr, (char *)NULL); in do_setusercontext()
1403 safely_chroot(chroot_path, pw->pw_uid); in do_setusercontext()
1413 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { in do_setusercontext()
1421 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); in do_setusercontext()
1432 if (!in_chroot && set_id(pw->pw_name) != 0) in do_setusercontext()
1433 fatal("set_id(%s) Failed", pw->pw_name); in do_setusercontext()
1443 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) in do_setusercontext()
1444 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); in do_setusercontext()
1448 do_pwchange(Session *s) in do_pwchange()
1452 if (s->ttyfd != -1) { in do_pwchange()
1459 execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, in do_pwchange()
1477 if (auth_sock != -1) { in child_close_fds()
1479 auth_sock = -1; in child_close_fds()
1493 /* XXX better use close-on-exec? -markus */ in child_close_fds()
1502 /* Stop directing logs to a high-numbered fd before we close it */ in child_close_fds()
1521 do_child(struct ssh *ssh, Session *s, const char *command) in do_child()
1526 struct passwd *pw = s->pw; in do_child()
1535 if (s->authctxt->force_pwchange) { in do_child()
1543 * Login(1) does this as well, and it needs uid 0 for the "-h" in do_child()
1547 session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); in do_child()
1551 /* When PAM is enabled we rely on it to do the nologin check */ in do_child()
1556 * PAM session modules in do_setusercontext may have in do_child()
1566 debug3("PAM session not opened, exiting"); in do_child()
1576 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; in do_child()
1605 * At this point, we check to see if AFS is active and if we have in do_child()
1607 * if we can (and need to) extend the ticket into an AFS token. If in do_child()
1609 * home directory is in AFS and it's not world-readable. in do_child()
1613 (s->authctxt->krb5_ctx != NULL)) { in do_child()
1616 debug("Getting AFS token"); in do_child()
1620 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) in do_child()
1621 krb5_afslog(s->authctxt->krb5_ctx, in do_child()
1622 s->authctxt->krb5_fwd_ccache, cell, NULL); in do_child()
1624 krb5_afslog_home(s->authctxt->krb5_ctx, in do_child()
1625 s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir); in do_child()
1630 if (chdir(pw->pw_dir) == -1) { in do_child()
1637 "directory %s: %s\n", pw->pw_dir, in do_child()
1651 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { in do_child()
1652 error("Connection from %s: refusing non-sftp session", in do_child()
1657 } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { in do_child()
1662 setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME); in do_child()
1663 args = xstrdup(command ? command : "sftp-server"); in do_child()
1665 if (i < ARGV_MAX - 1) in do_child()
1673 exit(sftp_server_main(i, argv, s->pw)); in do_child()
1686 * name to be passed in argv[0] is preceded by '-' to indicate that in do_child()
1692 /* Start the shell. Set initial character to '-'. */ in do_child()
1693 argv0[0] = '-'; in do_child()
1695 if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1) in do_child()
1696 >= sizeof(argv0) - 1) { in do_child()
1712 * Execute the command using the user's shell. This uses the -c in do_child()
1716 argv[1] = "-c"; in do_child()
1727 debug3_f("session id %d unused", id); in session_unused()
1730 fatal_f("insane session id %d (max %d nalloc %d)", in session_unused()
1736 sessions[id].chanid = -1; in session_unused()
1737 sessions[id].ptyfd = -1; in session_unused()
1738 sessions[id].ttyfd = -1; in session_unused()
1739 sessions[id].ptymaster = -1; in session_unused()
1745 Session *
1748 Session *s, *tmp; in session_new()
1750 if (sessions_first_unused == -1) { in session_new()
1774 if (s->used) in session_new()
1775 fatal_f("session %d already used", sessions_first_unused); in session_new()
1776 sessions_first_unused = s->next_unused; in session_new()
1777 s->used = 1; in session_new()
1778 s->next_unused = -1; in session_new()
1779 debug("session_new: session %d", s->self); in session_new()
1789 Session *s = &sessions[i]; in session_dump()
1791 debug("dump: used %d next_unused %d session %d " in session_dump()
1793 s->used, in session_dump()
1794 s->next_unused, in session_dump()
1795 s->self, in session_dump()
1796 s->chanid, in session_dump()
1797 (long)s->pid); in session_dump()
1804 Session *s = session_new(); in session_open()
1810 s->authctxt = authctxt; in session_open()
1811 s->pw = authctxt->pw; in session_open()
1812 if (s->pw == NULL || !authctxt->valid) in session_open()
1813 fatal("no user for session %d", s->self); in session_open()
1814 debug("session_open: session %d: link with channel %d", s->self, chanid); in session_open()
1815 s->chanid = chanid; in session_open()
1819 Session *
1824 Session *s = &sessions[i]; in session_by_tty()
1825 if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) { in session_by_tty()
1826 debug("session_by_tty: session %d tty %s", i, tty); in session_by_tty()
1835 static Session *
1840 Session *s = &sessions[i]; in session_by_channel()
1841 if (s->used && s->chanid == id) { in session_by_channel()
1842 debug("session_by_channel: session %d channel %d", in session_by_channel()
1852 static Session *
1858 Session *s = &sessions[i]; in session_by_x11_channel()
1860 if (s->x11_chanids == NULL || !s->used) in session_by_x11_channel()
1862 for (j = 0; s->x11_chanids[j] != -1; j++) { in session_by_x11_channel()
1863 if (s->x11_chanids[j] == id) { in session_by_x11_channel()
1864 debug("session_by_x11_channel: session %d " in session_by_x11_channel()
1865 "channel %d", s->self, id); in session_by_x11_channel()
1875 static Session *
1881 Session *s = &sessions[i]; in session_by_pid()
1882 if (s->used && s->pid == pid) in session_by_pid()
1891 session_window_change_req(struct ssh *ssh, Session *s) in session_window_change_req()
1895 if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 || in session_window_change_req()
1896 (r = sshpkt_get_u32(ssh, &s->row)) != 0 || in session_window_change_req()
1897 (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || in session_window_change_req()
1898 (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 || in session_window_change_req()
1901 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); in session_window_change_req()
1906 session_pty_req(struct ssh *ssh, Session *s) in session_pty_req()
1910 if (!auth_opts->permit_pty_flag || !options.permit_tty) { in session_pty_req()
1914 if (s->ttyfd != -1) { in session_pty_req()
1919 if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 || in session_pty_req()
1920 (r = sshpkt_get_u32(ssh, &s->col)) != 0 || in session_pty_req()
1921 (r = sshpkt_get_u32(ssh, &s->row)) != 0 || in session_pty_req()
1922 (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || in session_pty_req()
1923 (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0) in session_pty_req()
1926 if (strcmp(s->term, "") == 0) { in session_pty_req()
1927 free(s->term); in session_pty_req()
1928 s->term = NULL; in session_pty_req()
1933 if (!mm_pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) { in session_pty_req()
1934 free(s->term); in session_pty_req()
1935 s->term = NULL; in session_pty_req()
1936 s->ptyfd = -1; in session_pty_req()
1937 s->ttyfd = -1; in session_pty_req()
1938 error("session_pty_req: session %d alloc failed", s->self); in session_pty_req()
1941 debug("session_pty_req: session %d alloc %s", s->self, s->tty); in session_pty_req()
1943 ssh_tty_parse_modes(ssh, s->ttyfd); in session_pty_req()
1949 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); in session_pty_req()
1956 session_subsystem_req(struct ssh *ssh, Session *s) in session_subsystem_req()
1963 if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 || in session_subsystem_req()
1966 debug2("subsystem request for %.100s by user %s", s->subsys, in session_subsystem_req()
1967 s->pw->pw_name); in session_subsystem_req()
1970 if (strcmp(s->subsys, options.subsystem_name[i]) == 0) { in session_subsystem_req()
1974 s->is_subsystem = SUBSYSTEM_INT_SFTP; in session_subsystem_req()
1977 if (stat(prog, &st) == -1) in session_subsystem_req()
1980 s->is_subsystem = SUBSYSTEM_EXT; in session_subsystem_req()
1983 xasprintf(&type, "session:subsystem:%s", in session_subsystem_req()
1985 channel_set_xtype(ssh, s->chanid, type); in session_subsystem_req()
1994 "subsystem not found", s->subsys, s->pw->pw_name); in session_subsystem_req()
2000 session_x11_req(struct ssh *ssh, Session *s) in session_x11_req()
2005 if (s->auth_proto != NULL || s->auth_data != NULL) { in session_x11_req()
2006 error("session_x11_req: session %d: " in session_x11_req()
2007 "x11 forwarding already active", s->self); in session_x11_req()
2011 (r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 || in session_x11_req()
2012 (r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 || in session_x11_req()
2013 (r = sshpkt_get_u32(ssh, &s->screen)) != 0 || in session_x11_req()
2017 s->single_connection = single_connection; in session_x11_req()
2019 if (xauth_valid_string(s->auth_proto) && in session_x11_req()
2020 xauth_valid_string(s->auth_data)) in session_x11_req()
2027 free(s->auth_proto); in session_x11_req()
2028 free(s->auth_data); in session_x11_req()
2029 s->auth_proto = NULL; in session_x11_req()
2030 s->auth_data = NULL; in session_x11_req()
2036 session_shell_req(struct ssh *ssh, Session *s) in session_shell_req()
2043 channel_set_xtype(ssh, s->chanid, "session:shell"); in session_shell_req()
2049 session_exec_req(struct ssh *ssh, Session *s) in session_exec_req()
2059 channel_set_xtype(ssh, s->chanid, "session:command"); in session_exec_req()
2067 session_break_req(struct ssh *ssh, Session *s) in session_break_req()
2075 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1) in session_break_req()
2081 session_env_req(struct ssh *ssh, Session *s) in session_env_req()
2093 if (s->num_env > 128) { in session_env_req()
2100 debug2("Setting env %d: %s=%s", s->num_env, name, val); in session_env_req()
2101 s->env = xrecallocarray(s->env, s->num_env, in session_env_req()
2102 s->num_env + 1, sizeof(*s->env)); in session_env_req()
2103 s->env[s->num_env].name = name; in session_env_req()
2104 s->env[s->num_env].val = val; in session_env_req()
2105 s->num_env++; in session_env_req()
2138 return -1; in name2sig()
2142 session_signal_req(struct ssh *ssh, Session *s) in session_signal_req()
2152 if ((sig = name2sig(signame)) == -1) { in session_signal_req()
2156 if (s->pid <= 0) { in session_signal_req()
2157 error_f("no pid for session %d", s->self); in session_signal_req()
2160 if (s->forced || s->is_subsystem) { in session_signal_req()
2161 error_f("refusing to send signal %s to %s session", in session_signal_req()
2162 signame, s->forced ? "forced-command" : "subsystem"); in session_signal_req()
2166 debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig); in session_signal_req()
2167 temporarily_use_uid(s->pw); in session_signal_req()
2168 r = killpg(s->pid, sig); in session_signal_req()
2171 error_f("killpg(%ld, %d): %s", (long)s->pid, in session_signal_req()
2184 session_auth_agent_req(struct ssh *ssh, Session *s) in session_auth_agent_req()
2191 if (!auth_opts->permit_agent_forwarding_flag || in session_auth_agent_req()
2201 return auth_input_request_forwarding(ssh, s->pw); in session_auth_agent_req()
2209 Session *s; in session_input_channel_req()
2211 if ((s = session_by_channel(c->self)) == NULL) { in session_input_channel_req()
2212 logit_f("no session %d req %.100s", c->self, rtype); in session_input_channel_req()
2215 debug_f("session %d req %s", s->self, rtype); in session_input_channel_req()
2218 * a session is in LARVAL state until a shell, a command in session_input_channel_req()
2221 if (c->type == SSH_CHANNEL_LARVAL) { in session_input_channel_req()
2226 } else if (strcmp(rtype, "pty-req") == 0) { in session_input_channel_req()
2228 } else if (strcmp(rtype, "x11-req") == 0) { in session_input_channel_req()
2230 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) { in session_input_channel_req()
2238 if (strcmp(rtype, "window-change") == 0) { in session_input_channel_req()
2250 session_set_fds(struct ssh *ssh, Session *s, in session_set_fds()
2257 if (s->chanid == -1) in session_set_fds()
2258 fatal("no channel for session %d", s->self); in session_set_fds()
2259 channel_set_fds(ssh, s->chanid, in session_set_fds()
2270 session_pty_cleanup2(Session *s) in session_pty_cleanup2()
2273 error_f("no session"); in session_pty_cleanup2()
2276 if (s->ttyfd == -1) in session_pty_cleanup2()
2279 debug_f("session %d release %s", s->self, s->tty); in session_pty_cleanup2()
2282 if (s->pid != 0) in session_pty_cleanup2()
2283 record_logout(s->pid, s->tty, s->pw->pw_name); in session_pty_cleanup2()
2285 /* Release the pseudo-tty. */ in session_pty_cleanup2()
2287 pty_release(s->tty); in session_pty_cleanup2()
2294 if (s->ptymaster != -1 && close(s->ptymaster) == -1) in session_pty_cleanup2()
2295 error("close(s->ptymaster/%d): %s", in session_pty_cleanup2()
2296 s->ptymaster, strerror(errno)); in session_pty_cleanup2()
2298 /* unlink pty from session */ in session_pty_cleanup2()
2299 s->ttyfd = -1; in session_pty_cleanup2()
2303 session_pty_cleanup(Session *s) in session_pty_cleanup()
2340 if (c->ostate != CHAN_OUTPUT_CLOSED) in session_close_x11()
2348 Session *s; in session_close_single_x11()
2355 for (i = 0; s->x11_chanids[i] != -1; i++) { in session_close_single_x11()
2356 debug_f("session %d: closing channel %d", in session_close_single_x11()
2357 s->self, s->x11_chanids[i]); in session_close_single_x11()
2362 if (s->x11_chanids[i] != id) in session_close_single_x11()
2363 session_close_x11(ssh, s->x11_chanids[i]); in session_close_single_x11()
2365 free(s->x11_chanids); in session_close_single_x11()
2366 s->x11_chanids = NULL; in session_close_single_x11()
2367 free(s->display); in session_close_single_x11()
2368 s->display = NULL; in session_close_single_x11()
2369 free(s->auth_proto); in session_close_single_x11()
2370 s->auth_proto = NULL; in session_close_single_x11()
2371 free(s->auth_data); in session_close_single_x11()
2372 s->auth_data = NULL; in session_close_single_x11()
2373 free(s->auth_display); in session_close_single_x11()
2374 s->auth_display = NULL; in session_close_single_x11()
2378 session_exit_message(struct ssh *ssh, Session *s, int status) in session_exit_message()
2384 if ((c = channel_lookup(ssh, s->chanid)) == NULL) in session_exit_message()
2385 fatal_f("session %d: no channel %d", s->self, s->chanid); in session_exit_message()
2388 channel_request_start(ssh, s->chanid, "exit-status", 0); in session_exit_message()
2394 channel_request_start(ssh, s->chanid, "exit-signal", 0); in session_exit_message()
2412 debug_f("session %d channel %d pid %ld %s", s->self, s->chanid, in session_exit_message()
2413 (long)s->pid, note == NULL ? "UNKNOWN" : note); in session_exit_message()
2417 debug_f("release channel %d", s->chanid); in session_exit_message()
2421 * the channel gets EOF. The session will be then be closed in session_exit_message()
2424 channel_register_cleanup(ssh, c->self, session_close_by_channel, 1); in session_exit_message()
2432 if (c->ostate != CHAN_OUTPUT_CLOSED) in session_exit_message()
2437 session_close(struct ssh *ssh, Session *s) in session_close()
2441 verbose("Close session: user %s from %.200s port %d id %d", in session_close()
2442 s->pw->pw_name, in session_close()
2445 s->self); in session_close()
2447 if (s->ttyfd != -1) in session_close()
2449 free(s->term); in session_close()
2450 free(s->display); in session_close()
2451 free(s->x11_chanids); in session_close()
2452 free(s->auth_display); in session_close()
2453 free(s->auth_data); in session_close()
2454 free(s->auth_proto); in session_close()
2455 free(s->subsys); in session_close()
2456 if (s->env != NULL) { in session_close()
2457 for (i = 0; i < s->num_env; i++) { in session_close()
2458 free(s->env[i].name); in session_close()
2459 free(s->env[i].val); in session_close()
2461 free(s->env); in session_close()
2464 session_unused(s->self); in session_close()
2470 Session *s = session_by_pid(pid); in session_close_by_pid()
2472 debug_f("no session for pid %ld", (long)pid); in session_close_by_pid()
2475 if (s->chanid != -1) in session_close_by_pid()
2477 if (s->ttyfd != -1) in session_close_by_pid()
2479 s->pid = 0; in session_close_by_pid()
2484 * the session 'child' itself dies
2489 Session *s = session_by_channel(id); in session_close_by_channel()
2493 debug_f("no session for id %d", id); in session_close_by_channel()
2496 debug_f("channel %d child %ld", id, (long)s->pid); in session_close_by_channel()
2497 if (s->pid != 0) { in session_close_by_channel()
2498 debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd); in session_close_by_channel()
2500 * delay detach of session (unless this is a forced close), in session_close_by_channel()
2504 if (s->ttyfd != -1) in session_close_by_channel()
2510 channel_cancel_cleanup(ssh, s->chanid); in session_close_by_channel()
2512 /* Close any X11 listeners associated with this session */ in session_close_by_channel()
2513 if (s->x11_chanids != NULL) { in session_close_by_channel()
2514 for (i = 0; s->x11_chanids[i] != -1; i++) { in session_close_by_channel()
2515 session_close_x11(ssh, s->x11_chanids[i]); in session_close_by_channel()
2516 s->x11_chanids[i] = -1; in session_close_by_channel()
2520 s->chanid = -1; in session_close_by_channel()
2525 session_destroy_all(struct ssh *ssh, void (*closefunc)(Session *)) in session_destroy_all() argument
2529 Session *s = &sessions[i]; in session_destroy_all()
2530 if (s->used) { in session_destroy_all()
2548 Session *s = &sessions[i]; in session_tty_list()
2549 if (s->used && s->ttyfd != -1) { in session_tty_list()
2551 if (strncmp(s->tty, "/dev/", 5) != 0) { in session_tty_list()
2552 cp = strrchr(s->tty, '/'); in session_tty_list()
2553 cp = (cp == NULL) ? s->tty : cp + 1; in session_tty_list()
2555 cp = s->tty + 5; in session_tty_list()
2568 session_proctitle(Session *s) in session_proctitle()
2570 if (s->pw == NULL) in session_proctitle()
2571 error("no user for session %d", s->self); in session_proctitle()
2573 setproctitle("%s@%s", s->pw->pw_name, session_tty_list()); in session_proctitle()
2577 session_setup_x11fwd(struct ssh *ssh, Session *s) in session_setup_x11fwd()
2584 if (!auth_opts->permit_x11_forwarding_flag) { in session_setup_x11fwd()
2593 (stat(options.xauth_location, &st) == -1)) { in session_setup_x11fwd()
2597 if (s->display != NULL) { in session_setup_x11fwd()
2602 options.x11_use_localhost, s->single_connection, in session_setup_x11fwd()
2603 &s->display_number, &s->x11_chanids) == -1) { in session_setup_x11fwd()
2607 for (i = 0; s->x11_chanids[i] != -1; i++) { in session_setup_x11fwd()
2608 channel_register_cleanup(ssh, s->x11_chanids[i], in session_setup_x11fwd()
2613 if (gethostname(hostname, sizeof(hostname)) == -1) in session_setup_x11fwd()
2622 s->display_number, s->screen); in session_setup_x11fwd()
2624 s->display_number, s->screen); in session_setup_x11fwd()
2625 s->display = xstrdup(display); in session_setup_x11fwd()
2626 s->auth_display = xstrdup(auth_display); in session_setup_x11fwd()
2638 memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); in session_setup_x11fwd()
2640 s->display_number, s->screen); in session_setup_x11fwd()
2643 s->display_number, s->screen); in session_setup_x11fwd()
2645 s->display = xstrdup(display); in session_setup_x11fwd()
2646 s->auth_display = xstrdup(display); in session_setup_x11fwd()
2684 if (!authctxt->authenticated) in do_cleanup()
2689 authctxt->krb5_ctx) in do_cleanup()
2699 auth_sock_cleanup_proc(authctxt->pw); in do_cleanup()
2703 temporarily_use_uid(authctxt->pw); in do_cleanup()