xref: /freebsd/crypto/openssh/session.c (revision 4f52dfbb8d6c4d446500c5b097e3806ec219fbd4)
1*4f52dfbbSDag-Erling Smørgrav /* $OpenBSD: session.c,v 1.292 2017/09/12 06:32:07 djm Exp $ */
2a04a10f8SKris Kennaway /*
3a04a10f8SKris Kennaway  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4a04a10f8SKris Kennaway  *                    All rights reserved
5c2d3a559SKris Kennaway  *
6c2d3a559SKris Kennaway  * As far as I am concerned, the code I have written for this software
7c2d3a559SKris Kennaway  * can be used freely for any purpose.  Any derived versions of this
8c2d3a559SKris Kennaway  * software must be clearly marked as such, and if the derived work is
9c2d3a559SKris Kennaway  * incompatible with the protocol description in the RFC file, it must be
10c2d3a559SKris Kennaway  * called by a name other than "ssh" or "Secure Shell".
11c2d3a559SKris Kennaway  *
12a04a10f8SKris Kennaway  * SSH2 support by Markus Friedl.
13af12a3e7SDag-Erling Smørgrav  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
14e8aafc91SKris Kennaway  *
15c2d3a559SKris Kennaway  * Redistribution and use in source and binary forms, with or without
16c2d3a559SKris Kennaway  * modification, are permitted provided that the following conditions
17c2d3a559SKris Kennaway  * are met:
18c2d3a559SKris Kennaway  * 1. Redistributions of source code must retain the above copyright
19c2d3a559SKris Kennaway  *    notice, this list of conditions and the following disclaimer.
20c2d3a559SKris Kennaway  * 2. Redistributions in binary form must reproduce the above copyright
21c2d3a559SKris Kennaway  *    notice, this list of conditions and the following disclaimer in the
22c2d3a559SKris Kennaway  *    documentation and/or other materials provided with the distribution.
23c2d3a559SKris Kennaway  *
24c2d3a559SKris Kennaway  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25c2d3a559SKris Kennaway  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26c2d3a559SKris Kennaway  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27c2d3a559SKris Kennaway  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28c2d3a559SKris Kennaway  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29c2d3a559SKris Kennaway  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30c2d3a559SKris Kennaway  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31c2d3a559SKris Kennaway  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32c2d3a559SKris Kennaway  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33c2d3a559SKris Kennaway  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34a04a10f8SKris Kennaway  */
35a04a10f8SKris Kennaway 
36a04a10f8SKris Kennaway #include "includes.h"
37333ee039SDag-Erling Smørgrav __RCSID("$FreeBSD$");
38a04a10f8SKris Kennaway 
39333ee039SDag-Erling Smørgrav #include <sys/types.h>
40333ee039SDag-Erling Smørgrav #include <sys/param.h>
41333ee039SDag-Erling Smørgrav #ifdef HAVE_SYS_STAT_H
42333ee039SDag-Erling Smørgrav # include <sys/stat.h>
43333ee039SDag-Erling Smørgrav #endif
44333ee039SDag-Erling Smørgrav #include <sys/socket.h>
45333ee039SDag-Erling Smørgrav #include <sys/un.h>
46333ee039SDag-Erling Smørgrav #include <sys/wait.h>
47333ee039SDag-Erling Smørgrav 
48333ee039SDag-Erling Smørgrav #include <arpa/inet.h>
49333ee039SDag-Erling Smørgrav 
50acc1a9efSDag-Erling Smørgrav #include <ctype.h>
51333ee039SDag-Erling Smørgrav #include <errno.h>
52e2f6069cSDag-Erling Smørgrav #include <fcntl.h>
53333ee039SDag-Erling Smørgrav #include <grp.h>
54a0ee8cc6SDag-Erling Smørgrav #include <netdb.h>
55333ee039SDag-Erling Smørgrav #ifdef HAVE_PATHS_H
56333ee039SDag-Erling Smørgrav #include <paths.h>
57333ee039SDag-Erling Smørgrav #endif
58333ee039SDag-Erling Smørgrav #include <pwd.h>
59333ee039SDag-Erling Smørgrav #include <signal.h>
60333ee039SDag-Erling Smørgrav #include <stdarg.h>
61333ee039SDag-Erling Smørgrav #include <stdio.h>
62333ee039SDag-Erling Smørgrav #include <stdlib.h>
63333ee039SDag-Erling Smørgrav #include <string.h>
64333ee039SDag-Erling Smørgrav #include <unistd.h>
65bc5531deSDag-Erling Smørgrav #include <limits.h>
66333ee039SDag-Erling Smørgrav 
67d4af9e69SDag-Erling Smørgrav #include "openbsd-compat/sys-queue.h"
68333ee039SDag-Erling Smørgrav #include "xmalloc.h"
69a04a10f8SKris Kennaway #include "ssh.h"
70ca3176e7SBrian Feldman #include "ssh2.h"
71ca3176e7SBrian Feldman #include "sshpty.h"
72a04a10f8SKris Kennaway #include "packet.h"
73a04a10f8SKris Kennaway #include "buffer.h"
7421e764dfSDag-Erling Smørgrav #include "match.h"
75a04a10f8SKris Kennaway #include "uidswap.h"
76a04a10f8SKris Kennaway #include "compat.h"
77a04a10f8SKris Kennaway #include "channels.h"
78333ee039SDag-Erling Smørgrav #include "key.h"
79333ee039SDag-Erling Smørgrav #include "cipher.h"
80333ee039SDag-Erling Smørgrav #ifdef GSSAPI
81333ee039SDag-Erling Smørgrav #include "ssh-gss.h"
82333ee039SDag-Erling Smørgrav #endif
83333ee039SDag-Erling Smørgrav #include "hostfile.h"
84a04a10f8SKris Kennaway #include "auth.h"
85c2d3a559SKris Kennaway #include "auth-options.h"
86e4a9863fSDag-Erling Smørgrav #include "authfd.h"
87ca3176e7SBrian Feldman #include "pathnames.h"
88ca3176e7SBrian Feldman #include "log.h"
89a0ee8cc6SDag-Erling Smørgrav #include "misc.h"
90ca3176e7SBrian Feldman #include "servconf.h"
91ca3176e7SBrian Feldman #include "sshlogin.h"
92ca3176e7SBrian Feldman #include "serverloop.h"
93ca3176e7SBrian Feldman #include "canohost.h"
94ca3176e7SBrian Feldman #include "session.h"
95d4ecd108SDag-Erling Smørgrav #include "kex.h"
9680628bacSDag-Erling Smørgrav #include "monitor_wrap.h"
97d4af9e69SDag-Erling Smørgrav #include "sftp.h"
98*4f52dfbbSDag-Erling Smørgrav #include "atomicio.h"
99a04a10f8SKris Kennaway 
1001ec0d754SDag-Erling Smørgrav #if defined(KRB5) && defined(USE_AFS)
1011ec0d754SDag-Erling Smørgrav #include <kafs.h>
1021ec0d754SDag-Erling Smørgrav #endif
1031ec0d754SDag-Erling Smørgrav 
104e146993eSDag-Erling Smørgrav #ifdef WITH_SELINUX
105e146993eSDag-Erling Smørgrav #include <selinux/selinux.h>
106e146993eSDag-Erling Smørgrav #endif
107e146993eSDag-Erling Smørgrav 
108cce7d346SDag-Erling Smørgrav #define IS_INTERNAL_SFTP(c) \
109cce7d346SDag-Erling Smørgrav 	(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
110cce7d346SDag-Erling Smørgrav 	 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
111cce7d346SDag-Erling Smørgrav 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
112cce7d346SDag-Erling Smørgrav 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
113cce7d346SDag-Erling Smørgrav 
114a04a10f8SKris Kennaway /* func */
115a04a10f8SKris Kennaway 
116a04a10f8SKris Kennaway Session *session_new(void);
117*4f52dfbbSDag-Erling Smørgrav void	session_set_fds(struct ssh *, Session *, int, int, int, int, int);
1181ec0d754SDag-Erling Smørgrav void	session_pty_cleanup(Session *);
119af12a3e7SDag-Erling Smørgrav void	session_proctitle(Session *);
120*4f52dfbbSDag-Erling Smørgrav int	session_setup_x11fwd(struct ssh *, Session *);
121*4f52dfbbSDag-Erling Smørgrav int	do_exec_pty(struct ssh *, Session *, const char *);
122*4f52dfbbSDag-Erling Smørgrav int	do_exec_no_pty(struct ssh *, Session *, const char *);
123*4f52dfbbSDag-Erling Smørgrav int	do_exec(struct ssh *, Session *, const char *);
124*4f52dfbbSDag-Erling Smørgrav void	do_login(struct ssh *, Session *, const char *);
125*4f52dfbbSDag-Erling Smørgrav void	do_child(struct ssh *, Session *, const char *);
126989dd127SDag-Erling Smørgrav #ifdef LOGIN_NEEDS_UTMPX
127989dd127SDag-Erling Smørgrav static void	do_pre_login(Session *s);
128989dd127SDag-Erling Smørgrav #endif
129ca3176e7SBrian Feldman void	do_motd(void);
130af12a3e7SDag-Erling Smørgrav int	check_quietlogin(Session *, const char *);
131a04a10f8SKris Kennaway 
132*4f52dfbbSDag-Erling Smørgrav static void do_authenticated2(struct ssh *, Authctxt *);
133af12a3e7SDag-Erling Smørgrav 
134*4f52dfbbSDag-Erling Smørgrav static int session_pty_req(struct ssh *, Session *);
135a04a10f8SKris Kennaway 
136a04a10f8SKris Kennaway /* import */
137a04a10f8SKris Kennaway extern ServerOptions options;
138a04a10f8SKris Kennaway extern char *__progname;
139a04a10f8SKris Kennaway extern int debug_flag;
140ca3176e7SBrian Feldman extern u_int utmp_len;
141c2d3a559SKris Kennaway extern int startup_pipe;
142ca3176e7SBrian Feldman extern void destroy_sensitive_data(void);
143cf2b5f3bSDag-Erling Smørgrav extern Buffer loginmsg;
144a04a10f8SKris Kennaway 
145c2d3a559SKris Kennaway /* original command from peer. */
146af12a3e7SDag-Erling Smørgrav const char *original_command = NULL;
147c2d3a559SKris Kennaway 
148a04a10f8SKris Kennaway /* data */
149d4af9e69SDag-Erling Smørgrav static int sessions_first_unused = -1;
150d4af9e69SDag-Erling Smørgrav static int sessions_nalloc = 0;
151d4af9e69SDag-Erling Smørgrav static Session *sessions = NULL;
152d4af9e69SDag-Erling Smørgrav 
153d4af9e69SDag-Erling Smørgrav #define SUBSYSTEM_NONE			0
154d4af9e69SDag-Erling Smørgrav #define SUBSYSTEM_EXT			1
155d4af9e69SDag-Erling Smørgrav #define SUBSYSTEM_INT_SFTP		2
156b15c8340SDag-Erling Smørgrav #define SUBSYSTEM_INT_SFTP_ERROR	3
157a04a10f8SKris Kennaway 
158c2d3a559SKris Kennaway #ifdef HAVE_LOGIN_CAP
15980628bacSDag-Erling Smørgrav login_cap_t *lc;
160c2d3a559SKris Kennaway #endif
161a04a10f8SKris Kennaway 
1621ec0d754SDag-Erling Smørgrav static int is_child = 0;
163acc1a9efSDag-Erling Smørgrav static int in_chroot = 0;
1641ec0d754SDag-Erling Smørgrav 
165*4f52dfbbSDag-Erling Smørgrav /* File containing userauth info, if ExposeAuthInfo set */
166*4f52dfbbSDag-Erling Smørgrav static char *auth_info_file = NULL;
167*4f52dfbbSDag-Erling Smørgrav 
16880628bacSDag-Erling Smørgrav /* Name and directory of socket for authentication agent forwarding. */
16980628bacSDag-Erling Smørgrav static char *auth_sock_name = NULL;
17080628bacSDag-Erling Smørgrav static char *auth_sock_dir = NULL;
17180628bacSDag-Erling Smørgrav 
17280628bacSDag-Erling Smørgrav /* removes the agent forwarding socket */
17380628bacSDag-Erling Smørgrav 
17480628bacSDag-Erling Smørgrav static void
1751ec0d754SDag-Erling Smørgrav auth_sock_cleanup_proc(struct passwd *pw)
17680628bacSDag-Erling Smørgrav {
17780628bacSDag-Erling Smørgrav 	if (auth_sock_name != NULL) {
17880628bacSDag-Erling Smørgrav 		temporarily_use_uid(pw);
17980628bacSDag-Erling Smørgrav 		unlink(auth_sock_name);
18080628bacSDag-Erling Smørgrav 		rmdir(auth_sock_dir);
18180628bacSDag-Erling Smørgrav 		auth_sock_name = NULL;
18280628bacSDag-Erling Smørgrav 		restore_uid();
18380628bacSDag-Erling Smørgrav 	}
18480628bacSDag-Erling Smørgrav }
18580628bacSDag-Erling Smørgrav 
18680628bacSDag-Erling Smørgrav static int
187*4f52dfbbSDag-Erling Smørgrav auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw)
18880628bacSDag-Erling Smørgrav {
18980628bacSDag-Erling Smørgrav 	Channel *nc;
190d4af9e69SDag-Erling Smørgrav 	int sock = -1;
19180628bacSDag-Erling Smørgrav 
19280628bacSDag-Erling Smørgrav 	if (auth_sock_name != NULL) {
19380628bacSDag-Erling Smørgrav 		error("authentication forwarding requested twice.");
19480628bacSDag-Erling Smørgrav 		return 0;
19580628bacSDag-Erling Smørgrav 	}
19680628bacSDag-Erling Smørgrav 
19780628bacSDag-Erling Smørgrav 	/* Temporarily drop privileged uid for mkdir/bind. */
19880628bacSDag-Erling Smørgrav 	temporarily_use_uid(pw);
19980628bacSDag-Erling Smørgrav 
20080628bacSDag-Erling Smørgrav 	/* Allocate a buffer for the socket name, and format the name. */
201d4af9e69SDag-Erling Smørgrav 	auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
20280628bacSDag-Erling Smørgrav 
20380628bacSDag-Erling Smørgrav 	/* Create private directory for socket */
20480628bacSDag-Erling Smørgrav 	if (mkdtemp(auth_sock_dir) == NULL) {
20580628bacSDag-Erling Smørgrav 		packet_send_debug("Agent forwarding disabled: "
20680628bacSDag-Erling Smørgrav 		    "mkdtemp() failed: %.100s", strerror(errno));
20780628bacSDag-Erling Smørgrav 		restore_uid();
208e4a9863fSDag-Erling Smørgrav 		free(auth_sock_dir);
20980628bacSDag-Erling Smørgrav 		auth_sock_dir = NULL;
210d4af9e69SDag-Erling Smørgrav 		goto authsock_err;
21180628bacSDag-Erling Smørgrav 	}
212d4af9e69SDag-Erling Smørgrav 
213d4af9e69SDag-Erling Smørgrav 	xasprintf(&auth_sock_name, "%s/agent.%ld",
21480628bacSDag-Erling Smørgrav 	    auth_sock_dir, (long) getpid());
21580628bacSDag-Erling Smørgrav 
216a0ee8cc6SDag-Erling Smørgrav 	/* Start a Unix listener on auth_sock_name. */
217a0ee8cc6SDag-Erling Smørgrav 	sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0);
21880628bacSDag-Erling Smørgrav 
21980628bacSDag-Erling Smørgrav 	/* Restore the privileged uid. */
22080628bacSDag-Erling Smørgrav 	restore_uid();
22180628bacSDag-Erling Smørgrav 
222a0ee8cc6SDag-Erling Smørgrav 	/* Check for socket/bind/listen failure. */
223a0ee8cc6SDag-Erling Smørgrav 	if (sock < 0)
224d4af9e69SDag-Erling Smørgrav 		goto authsock_err;
22580628bacSDag-Erling Smørgrav 
22660c59fadSDag-Erling Smørgrav 	/* Allocate a channel for the authentication agent socket. */
227*4f52dfbbSDag-Erling Smørgrav 	nc = channel_new(ssh, "auth socket",
22880628bacSDag-Erling Smørgrav 	    SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
22980628bacSDag-Erling Smørgrav 	    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
230cf2b5f3bSDag-Erling Smørgrav 	    0, "auth socket", 1);
231cce7d346SDag-Erling Smørgrav 	nc->path = xstrdup(auth_sock_name);
23280628bacSDag-Erling Smørgrav 	return 1;
233d4af9e69SDag-Erling Smørgrav 
234d4af9e69SDag-Erling Smørgrav  authsock_err:
235e4a9863fSDag-Erling Smørgrav 	free(auth_sock_name);
236d4af9e69SDag-Erling Smørgrav 	if (auth_sock_dir != NULL) {
237d4af9e69SDag-Erling Smørgrav 		rmdir(auth_sock_dir);
238e4a9863fSDag-Erling Smørgrav 		free(auth_sock_dir);
239d4af9e69SDag-Erling Smørgrav 	}
240d4af9e69SDag-Erling Smørgrav 	if (sock != -1)
241d4af9e69SDag-Erling Smørgrav 		close(sock);
242d4af9e69SDag-Erling Smørgrav 	auth_sock_name = NULL;
243d4af9e69SDag-Erling Smørgrav 	auth_sock_dir = NULL;
244d4af9e69SDag-Erling Smørgrav 	return 0;
24580628bacSDag-Erling Smørgrav }
24680628bacSDag-Erling Smørgrav 
2471ec0d754SDag-Erling Smørgrav static void
2481ec0d754SDag-Erling Smørgrav display_loginmsg(void)
2491ec0d754SDag-Erling Smørgrav {
2501ec0d754SDag-Erling Smørgrav 	if (buffer_len(&loginmsg) > 0) {
2511ec0d754SDag-Erling Smørgrav 		buffer_append(&loginmsg, "\0", 1);
25221e764dfSDag-Erling Smørgrav 		printf("%s", (char *)buffer_ptr(&loginmsg));
2531ec0d754SDag-Erling Smørgrav 		buffer_clear(&loginmsg);
2541ec0d754SDag-Erling Smørgrav 	}
2551ec0d754SDag-Erling Smørgrav }
25680628bacSDag-Erling Smørgrav 
257*4f52dfbbSDag-Erling Smørgrav static void
258*4f52dfbbSDag-Erling Smørgrav prepare_auth_info_file(struct passwd *pw, struct sshbuf *info)
259*4f52dfbbSDag-Erling Smørgrav {
260*4f52dfbbSDag-Erling Smørgrav 	int fd = -1, success = 0;
261*4f52dfbbSDag-Erling Smørgrav 
262*4f52dfbbSDag-Erling Smørgrav 	if (!options.expose_userauth_info || info == NULL)
263*4f52dfbbSDag-Erling Smørgrav 		return;
264*4f52dfbbSDag-Erling Smørgrav 
265*4f52dfbbSDag-Erling Smørgrav 	temporarily_use_uid(pw);
266*4f52dfbbSDag-Erling Smørgrav 	auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX");
267*4f52dfbbSDag-Erling Smørgrav 	if ((fd = mkstemp(auth_info_file)) == -1) {
268*4f52dfbbSDag-Erling Smørgrav 		error("%s: mkstemp: %s", __func__, strerror(errno));
269*4f52dfbbSDag-Erling Smørgrav 		goto out;
270*4f52dfbbSDag-Erling Smørgrav 	}
271*4f52dfbbSDag-Erling Smørgrav 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info),
272*4f52dfbbSDag-Erling Smørgrav 	    sshbuf_len(info)) != sshbuf_len(info)) {
273*4f52dfbbSDag-Erling Smørgrav 		error("%s: write: %s", __func__, strerror(errno));
274*4f52dfbbSDag-Erling Smørgrav 		goto out;
275*4f52dfbbSDag-Erling Smørgrav 	}
276*4f52dfbbSDag-Erling Smørgrav 	if (close(fd) != 0) {
277*4f52dfbbSDag-Erling Smørgrav 		error("%s: close: %s", __func__, strerror(errno));
278*4f52dfbbSDag-Erling Smørgrav 		goto out;
279*4f52dfbbSDag-Erling Smørgrav 	}
280*4f52dfbbSDag-Erling Smørgrav 	success = 1;
281*4f52dfbbSDag-Erling Smørgrav  out:
282*4f52dfbbSDag-Erling Smørgrav 	if (!success) {
283*4f52dfbbSDag-Erling Smørgrav 		if (fd != -1)
284*4f52dfbbSDag-Erling Smørgrav 			close(fd);
285*4f52dfbbSDag-Erling Smørgrav 		free(auth_info_file);
286*4f52dfbbSDag-Erling Smørgrav 		auth_info_file = NULL;
287*4f52dfbbSDag-Erling Smørgrav 	}
288*4f52dfbbSDag-Erling Smørgrav 	restore_uid();
289*4f52dfbbSDag-Erling Smørgrav }
290*4f52dfbbSDag-Erling Smørgrav 
291ca3176e7SBrian Feldman void
292*4f52dfbbSDag-Erling Smørgrav do_authenticated(struct ssh *ssh, Authctxt *authctxt)
293ca3176e7SBrian Feldman {
294e73e9afaSDag-Erling Smørgrav 	setproctitle("%s", authctxt->pw->pw_name);
295e73e9afaSDag-Erling Smørgrav 
296ca3176e7SBrian Feldman 	/* setup the channel layer */
297a0ee8cc6SDag-Erling Smørgrav 	/* XXX - streamlocal? */
298ca86bcf2SDag-Erling Smørgrav 	if (no_port_forwarding_flag || options.disable_forwarding ||
2996888a9beSDag-Erling Smørgrav 	    (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
300*4f52dfbbSDag-Erling Smørgrav 		channel_disable_adm_local_opens(ssh);
3016888a9beSDag-Erling Smørgrav 	else
302*4f52dfbbSDag-Erling Smørgrav 		channel_permit_all_opens(ssh);
303ca3176e7SBrian Feldman 
304b15c8340SDag-Erling Smørgrav 	auth_debug_send();
305b15c8340SDag-Erling Smørgrav 
306*4f52dfbbSDag-Erling Smørgrav 	prepare_auth_info_file(authctxt->pw, authctxt->session_info);
307*4f52dfbbSDag-Erling Smørgrav 
308*4f52dfbbSDag-Erling Smørgrav 	do_authenticated2(ssh, authctxt);
309*4f52dfbbSDag-Erling Smørgrav 
310*4f52dfbbSDag-Erling Smørgrav 	do_cleanup(ssh, authctxt);
311a04a10f8SKris Kennaway }
312a04a10f8SKris Kennaway 
313acc1a9efSDag-Erling Smørgrav /* Check untrusted xauth strings for metacharacters */
314acc1a9efSDag-Erling Smørgrav static int
315acc1a9efSDag-Erling Smørgrav xauth_valid_string(const char *s)
316acc1a9efSDag-Erling Smørgrav {
317acc1a9efSDag-Erling Smørgrav 	size_t i;
318acc1a9efSDag-Erling Smørgrav 
319acc1a9efSDag-Erling Smørgrav 	for (i = 0; s[i] != '\0'; i++) {
320acc1a9efSDag-Erling Smørgrav 		if (!isalnum((u_char)s[i]) &&
321acc1a9efSDag-Erling Smørgrav 		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
322acc1a9efSDag-Erling Smørgrav 		    s[i] != '-' && s[i] != '_')
323acc1a9efSDag-Erling Smørgrav 		return 0;
324acc1a9efSDag-Erling Smørgrav 	}
325acc1a9efSDag-Erling Smørgrav 	return 1;
326acc1a9efSDag-Erling Smørgrav }
327acc1a9efSDag-Erling Smørgrav 
328f7167e0eSDag-Erling Smørgrav #define USE_PIPES 1
329a04a10f8SKris Kennaway /*
330a04a10f8SKris Kennaway  * This is called to fork and execute a command when we have no tty.  This
331a04a10f8SKris Kennaway  * will call do_child from the child, and server_loop from the parent after
332a04a10f8SKris Kennaway  * setting up file descriptors and such.
333a04a10f8SKris Kennaway  */
334d4af9e69SDag-Erling Smørgrav int
335*4f52dfbbSDag-Erling Smørgrav do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
336a04a10f8SKris Kennaway {
33780628bacSDag-Erling Smørgrav 	pid_t pid;
338a04a10f8SKris Kennaway 
339a04a10f8SKris Kennaway #ifdef USE_PIPES
340a04a10f8SKris Kennaway 	int pin[2], pout[2], perr[2];
341d4af9e69SDag-Erling Smørgrav 
342e2f6069cSDag-Erling Smørgrav 	if (s == NULL)
343e2f6069cSDag-Erling Smørgrav 		fatal("do_exec_no_pty: no session");
344e2f6069cSDag-Erling Smørgrav 
345a04a10f8SKris Kennaway 	/* Allocate pipes for communicating with the program. */
346d4af9e69SDag-Erling Smørgrav 	if (pipe(pin) < 0) {
347d4af9e69SDag-Erling Smørgrav 		error("%s: pipe in: %.100s", __func__, strerror(errno));
348d4af9e69SDag-Erling Smørgrav 		return -1;
349d4af9e69SDag-Erling Smørgrav 	}
350d4af9e69SDag-Erling Smørgrav 	if (pipe(pout) < 0) {
351d4af9e69SDag-Erling Smørgrav 		error("%s: pipe out: %.100s", __func__, strerror(errno));
352d4af9e69SDag-Erling Smørgrav 		close(pin[0]);
353d4af9e69SDag-Erling Smørgrav 		close(pin[1]);
354d4af9e69SDag-Erling Smørgrav 		return -1;
355d4af9e69SDag-Erling Smørgrav 	}
356d4af9e69SDag-Erling Smørgrav 	if (pipe(perr) < 0) {
357e2f6069cSDag-Erling Smørgrav 		error("%s: pipe err: %.100s", __func__,
358e2f6069cSDag-Erling Smørgrav 		    strerror(errno));
359d4af9e69SDag-Erling Smørgrav 		close(pin[0]);
360d4af9e69SDag-Erling Smørgrav 		close(pin[1]);
361d4af9e69SDag-Erling Smørgrav 		close(pout[0]);
362d4af9e69SDag-Erling Smørgrav 		close(pout[1]);
363d4af9e69SDag-Erling Smørgrav 		return -1;
364d4af9e69SDag-Erling Smørgrav 	}
365d4af9e69SDag-Erling Smørgrav #else
366a04a10f8SKris Kennaway 	int inout[2], err[2];
367d4af9e69SDag-Erling Smørgrav 
368e2f6069cSDag-Erling Smørgrav 	if (s == NULL)
369e2f6069cSDag-Erling Smørgrav 		fatal("do_exec_no_pty: no session");
370e2f6069cSDag-Erling Smørgrav 
371a04a10f8SKris Kennaway 	/* Uses socket pairs to communicate with the program. */
372d4af9e69SDag-Erling Smørgrav 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
373d4af9e69SDag-Erling Smørgrav 		error("%s: socketpair #1: %.100s", __func__, strerror(errno));
374d4af9e69SDag-Erling Smørgrav 		return -1;
375d4af9e69SDag-Erling Smørgrav 	}
376d4af9e69SDag-Erling Smørgrav 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
377e2f6069cSDag-Erling Smørgrav 		error("%s: socketpair #2: %.100s", __func__,
378e2f6069cSDag-Erling Smørgrav 		    strerror(errno));
379d4af9e69SDag-Erling Smørgrav 		close(inout[0]);
380d4af9e69SDag-Erling Smørgrav 		close(inout[1]);
381d4af9e69SDag-Erling Smørgrav 		return -1;
382d4af9e69SDag-Erling Smørgrav 	}
383d4af9e69SDag-Erling Smørgrav #endif
384d4af9e69SDag-Erling Smørgrav 
385a04a10f8SKris Kennaway 	session_proctitle(s);
386a04a10f8SKris Kennaway 
387a04a10f8SKris Kennaway 	/* Fork the child. */
388d4af9e69SDag-Erling Smørgrav 	switch ((pid = fork())) {
389d4af9e69SDag-Erling Smørgrav 	case -1:
390d4af9e69SDag-Erling Smørgrav 		error("%s: fork: %.100s", __func__, strerror(errno));
391d4af9e69SDag-Erling Smørgrav #ifdef USE_PIPES
392d4af9e69SDag-Erling Smørgrav 		close(pin[0]);
393d4af9e69SDag-Erling Smørgrav 		close(pin[1]);
394d4af9e69SDag-Erling Smørgrav 		close(pout[0]);
395d4af9e69SDag-Erling Smørgrav 		close(pout[1]);
396d4af9e69SDag-Erling Smørgrav 		close(perr[0]);
397d4af9e69SDag-Erling Smørgrav 		close(perr[1]);
398d4af9e69SDag-Erling Smørgrav #else
399d4af9e69SDag-Erling Smørgrav 		close(inout[0]);
400d4af9e69SDag-Erling Smørgrav 		close(inout[1]);
401d4af9e69SDag-Erling Smørgrav 		close(err[0]);
402d4af9e69SDag-Erling Smørgrav 		close(err[1]);
403d4af9e69SDag-Erling Smørgrav #endif
404d4af9e69SDag-Erling Smørgrav 		return -1;
405d4af9e69SDag-Erling Smørgrav 	case 0:
4061ec0d754SDag-Erling Smørgrav 		is_child = 1;
407f388f5efSDag-Erling Smørgrav 
408a04a10f8SKris Kennaway 		/*
409a04a10f8SKris Kennaway 		 * Create a new session and process group since the 4.4BSD
410a04a10f8SKris Kennaway 		 * setlogin() affects the entire process group.
411a04a10f8SKris Kennaway 		 */
412a04a10f8SKris Kennaway 		if (setsid() < 0)
413a04a10f8SKris Kennaway 			error("setsid failed: %.100s", strerror(errno));
414a04a10f8SKris Kennaway 
415a04a10f8SKris Kennaway #ifdef USE_PIPES
416a04a10f8SKris Kennaway 		/*
417a04a10f8SKris Kennaway 		 * Redirect stdin.  We close the parent side of the socket
418a04a10f8SKris Kennaway 		 * pair, and make the child side the standard input.
419a04a10f8SKris Kennaway 		 */
420a04a10f8SKris Kennaway 		close(pin[1]);
421a04a10f8SKris Kennaway 		if (dup2(pin[0], 0) < 0)
422a04a10f8SKris Kennaway 			perror("dup2 stdin");
423a04a10f8SKris Kennaway 		close(pin[0]);
424a04a10f8SKris Kennaway 
425a04a10f8SKris Kennaway 		/* Redirect stdout. */
426a04a10f8SKris Kennaway 		close(pout[0]);
427a04a10f8SKris Kennaway 		if (dup2(pout[1], 1) < 0)
428a04a10f8SKris Kennaway 			perror("dup2 stdout");
429a04a10f8SKris Kennaway 		close(pout[1]);
430a04a10f8SKris Kennaway 
431a04a10f8SKris Kennaway 		/* Redirect stderr. */
432a04a10f8SKris Kennaway 		close(perr[0]);
433a04a10f8SKris Kennaway 		if (dup2(perr[1], 2) < 0)
434a04a10f8SKris Kennaway 			perror("dup2 stderr");
435a04a10f8SKris Kennaway 		close(perr[1]);
436d4af9e69SDag-Erling Smørgrav #else
437a04a10f8SKris Kennaway 		/*
438a04a10f8SKris Kennaway 		 * Redirect stdin, stdout, and stderr.  Stdin and stdout will
439a04a10f8SKris Kennaway 		 * use the same socket, as some programs (particularly rdist)
440a04a10f8SKris Kennaway 		 * seem to depend on it.
441a04a10f8SKris Kennaway 		 */
442a04a10f8SKris Kennaway 		close(inout[1]);
443a04a10f8SKris Kennaway 		close(err[1]);
444a04a10f8SKris Kennaway 		if (dup2(inout[0], 0) < 0)	/* stdin */
445a04a10f8SKris Kennaway 			perror("dup2 stdin");
446d4af9e69SDag-Erling Smørgrav 		if (dup2(inout[0], 1) < 0)	/* stdout (same as stdin) */
447a04a10f8SKris Kennaway 			perror("dup2 stdout");
448d4af9e69SDag-Erling Smørgrav 		close(inout[0]);
449a04a10f8SKris Kennaway 		if (dup2(err[0], 2) < 0)	/* stderr */
450a04a10f8SKris Kennaway 			perror("dup2 stderr");
451d4af9e69SDag-Erling Smørgrav 		close(err[0]);
452d4af9e69SDag-Erling Smørgrav #endif
453d4af9e69SDag-Erling Smørgrav 
454a04a10f8SKris Kennaway 
455f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
456f388f5efSDag-Erling Smørgrav 		cray_init_job(s->pw); /* set up cray jid and tmpdir */
457f388f5efSDag-Erling Smørgrav #endif
458f388f5efSDag-Erling Smørgrav 
459a04a10f8SKris Kennaway 		/* Do processing for the child (exec command etc). */
460*4f52dfbbSDag-Erling Smørgrav 		do_child(ssh, s, command);
461a04a10f8SKris Kennaway 		/* NOTREACHED */
462d4af9e69SDag-Erling Smørgrav 	default:
463d4af9e69SDag-Erling Smørgrav 		break;
464a04a10f8SKris Kennaway 	}
465d4af9e69SDag-Erling Smørgrav 
466f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
467f388f5efSDag-Erling Smørgrav 	signal(WJSIGNAL, cray_job_termination_handler);
468f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */
469989dd127SDag-Erling Smørgrav #ifdef HAVE_CYGWIN
470989dd127SDag-Erling Smørgrav 	cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
471989dd127SDag-Erling Smørgrav #endif
472d4af9e69SDag-Erling Smørgrav 
473a04a10f8SKris Kennaway 	s->pid = pid;
474ca3176e7SBrian Feldman 	/* Set interactive/non-interactive mode. */
4754a421b63SDag-Erling Smørgrav 	packet_set_interactive(s->display != NULL,
4764a421b63SDag-Erling Smørgrav 	    options.ip_qos_interactive, options.ip_qos_bulk);
477d4af9e69SDag-Erling Smørgrav 
478d4af9e69SDag-Erling Smørgrav 	/*
479d4af9e69SDag-Erling Smørgrav 	 * Clear loginmsg, since it's the child's responsibility to display
480d4af9e69SDag-Erling Smørgrav 	 * it to the user, otherwise multiple sessions may accumulate
481d4af9e69SDag-Erling Smørgrav 	 * multiple copies of the login messages.
482d4af9e69SDag-Erling Smørgrav 	 */
483d4af9e69SDag-Erling Smørgrav 	buffer_clear(&loginmsg);
484d4af9e69SDag-Erling Smørgrav 
485a04a10f8SKris Kennaway #ifdef USE_PIPES
486a04a10f8SKris Kennaway 	/* We are the parent.  Close the child sides of the pipes. */
487a04a10f8SKris Kennaway 	close(pin[0]);
488a04a10f8SKris Kennaway 	close(pout[1]);
489a04a10f8SKris Kennaway 	close(perr[1]);
490a04a10f8SKris Kennaway 
491*4f52dfbbSDag-Erling Smørgrav 	session_set_fds(ssh, s, pin[1], pout[0], perr[0],
492e2f6069cSDag-Erling Smørgrav 	    s->is_subsystem, 0);
493d4af9e69SDag-Erling Smørgrav #else
494a04a10f8SKris Kennaway 	/* We are the parent.  Close the child sides of the socket pairs. */
495a04a10f8SKris Kennaway 	close(inout[0]);
496a04a10f8SKris Kennaway 	close(err[0]);
497a04a10f8SKris Kennaway 
498a04a10f8SKris Kennaway 	/*
499a04a10f8SKris Kennaway 	 * Enter the interactive session.  Note: server_loop must be able to
500a04a10f8SKris Kennaway 	 * handle the case that fdin and fdout are the same.
501a04a10f8SKris Kennaway 	 */
502e2f6069cSDag-Erling Smørgrav 	session_set_fds(s, inout[1], inout[1], err[1],
503e2f6069cSDag-Erling Smørgrav 	    s->is_subsystem, 0);
504d4af9e69SDag-Erling Smørgrav #endif
505d4af9e69SDag-Erling Smørgrav 	return 0;
506a04a10f8SKris Kennaway }
507a04a10f8SKris Kennaway 
508a04a10f8SKris Kennaway /*
509a04a10f8SKris Kennaway  * This is called to fork and execute a command when we have a tty.  This
510a04a10f8SKris Kennaway  * will call do_child from the child, and server_loop from the parent after
511a04a10f8SKris Kennaway  * setting up file descriptors, controlling tty, updating wtmp, utmp,
512a04a10f8SKris Kennaway  * lastlog, and other such operations.
513a04a10f8SKris Kennaway  */
514d4af9e69SDag-Erling Smørgrav int
515*4f52dfbbSDag-Erling Smørgrav do_exec_pty(struct ssh *ssh, Session *s, const char *command)
516a04a10f8SKris Kennaway {
517a04a10f8SKris Kennaway 	int fdout, ptyfd, ttyfd, ptymaster;
518a04a10f8SKris Kennaway 	pid_t pid;
519a04a10f8SKris Kennaway 
520a04a10f8SKris Kennaway 	if (s == NULL)
521a04a10f8SKris Kennaway 		fatal("do_exec_pty: no session");
522a04a10f8SKris Kennaway 	ptyfd = s->ptyfd;
523a04a10f8SKris Kennaway 	ttyfd = s->ttyfd;
524a04a10f8SKris Kennaway 
525d4af9e69SDag-Erling Smørgrav 	/*
526d4af9e69SDag-Erling Smørgrav 	 * Create another descriptor of the pty master side for use as the
527d4af9e69SDag-Erling Smørgrav 	 * standard input.  We could use the original descriptor, but this
528d4af9e69SDag-Erling Smørgrav 	 * simplifies code in server_loop.  The descriptor is bidirectional.
529d4af9e69SDag-Erling Smørgrav 	 * Do this before forking (and cleanup in the child) so as to
530d4af9e69SDag-Erling Smørgrav 	 * detect and gracefully fail out-of-fd conditions.
531d4af9e69SDag-Erling Smørgrav 	 */
532d4af9e69SDag-Erling Smørgrav 	if ((fdout = dup(ptyfd)) < 0) {
533d4af9e69SDag-Erling Smørgrav 		error("%s: dup #1: %s", __func__, strerror(errno));
534d4af9e69SDag-Erling Smørgrav 		close(ttyfd);
535d4af9e69SDag-Erling Smørgrav 		close(ptyfd);
536d4af9e69SDag-Erling Smørgrav 		return -1;
537cf2b5f3bSDag-Erling Smørgrav 	}
538d4af9e69SDag-Erling Smørgrav 	/* we keep a reference to the pty master */
539d4af9e69SDag-Erling Smørgrav 	if ((ptymaster = dup(ptyfd)) < 0) {
540d4af9e69SDag-Erling Smørgrav 		error("%s: dup #2: %s", __func__, strerror(errno));
541d4af9e69SDag-Erling Smørgrav 		close(ttyfd);
542d4af9e69SDag-Erling Smørgrav 		close(ptyfd);
543d4af9e69SDag-Erling Smørgrav 		close(fdout);
544d4af9e69SDag-Erling Smørgrav 		return -1;
545d4af9e69SDag-Erling Smørgrav 	}
54609958426SBrian Feldman 
547a04a10f8SKris Kennaway 	/* Fork the child. */
548d4af9e69SDag-Erling Smørgrav 	switch ((pid = fork())) {
549d4af9e69SDag-Erling Smørgrav 	case -1:
550d4af9e69SDag-Erling Smørgrav 		error("%s: fork: %.100s", __func__, strerror(errno));
551d4af9e69SDag-Erling Smørgrav 		close(fdout);
552d4af9e69SDag-Erling Smørgrav 		close(ptymaster);
553d4af9e69SDag-Erling Smørgrav 		close(ttyfd);
554d4af9e69SDag-Erling Smørgrav 		close(ptyfd);
555d4af9e69SDag-Erling Smørgrav 		return -1;
556d4af9e69SDag-Erling Smørgrav 	case 0:
5571ec0d754SDag-Erling Smørgrav 		is_child = 1;
558af12a3e7SDag-Erling Smørgrav 
559d4af9e69SDag-Erling Smørgrav 		close(fdout);
560d4af9e69SDag-Erling Smørgrav 		close(ptymaster);
561d4af9e69SDag-Erling Smørgrav 
562a04a10f8SKris Kennaway 		/* Close the master side of the pseudo tty. */
563a04a10f8SKris Kennaway 		close(ptyfd);
564a04a10f8SKris Kennaway 
565a04a10f8SKris Kennaway 		/* Make the pseudo tty our controlling tty. */
566a04a10f8SKris Kennaway 		pty_make_controlling_tty(&ttyfd, s->tty);
567a04a10f8SKris Kennaway 
568af12a3e7SDag-Erling Smørgrav 		/* Redirect stdin/stdout/stderr from the pseudo tty. */
569af12a3e7SDag-Erling Smørgrav 		if (dup2(ttyfd, 0) < 0)
570af12a3e7SDag-Erling Smørgrav 			error("dup2 stdin: %s", strerror(errno));
571af12a3e7SDag-Erling Smørgrav 		if (dup2(ttyfd, 1) < 0)
572af12a3e7SDag-Erling Smørgrav 			error("dup2 stdout: %s", strerror(errno));
573af12a3e7SDag-Erling Smørgrav 		if (dup2(ttyfd, 2) < 0)
574af12a3e7SDag-Erling Smørgrav 			error("dup2 stderr: %s", strerror(errno));
575a04a10f8SKris Kennaway 
576a04a10f8SKris Kennaway 		/* Close the extra descriptor for the pseudo tty. */
577a04a10f8SKris Kennaway 		close(ttyfd);
578a04a10f8SKris Kennaway 
579c2d3a559SKris Kennaway 		/* record login, etc. similar to login(1) */
580f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
581f388f5efSDag-Erling Smørgrav 		cray_init_job(s->pw); /* set up cray jid and tmpdir */
582f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */
583ca86bcf2SDag-Erling Smørgrav #ifndef HAVE_OSF_SIA
584*4f52dfbbSDag-Erling Smørgrav 		do_login(ssh, s, command);
585989dd127SDag-Erling Smørgrav #endif
586d4af9e69SDag-Erling Smørgrav 		/*
587d4af9e69SDag-Erling Smørgrav 		 * Do common processing for the child, such as execing
588d4af9e69SDag-Erling Smørgrav 		 * the command.
589d4af9e69SDag-Erling Smørgrav 		 */
590*4f52dfbbSDag-Erling Smørgrav 		do_child(ssh, s, command);
591a04a10f8SKris Kennaway 		/* NOTREACHED */
592d4af9e69SDag-Erling Smørgrav 	default:
593d4af9e69SDag-Erling Smørgrav 		break;
594a04a10f8SKris Kennaway 	}
595d4af9e69SDag-Erling Smørgrav 
596f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
597f388f5efSDag-Erling Smørgrav 	signal(WJSIGNAL, cray_job_termination_handler);
598f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */
599989dd127SDag-Erling Smørgrav #ifdef HAVE_CYGWIN
600989dd127SDag-Erling Smørgrav 	cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
601989dd127SDag-Erling Smørgrav #endif
602d4af9e69SDag-Erling Smørgrav 
603a04a10f8SKris Kennaway 	s->pid = pid;
604a04a10f8SKris Kennaway 
605a04a10f8SKris Kennaway 	/* Parent.  Close the slave side of the pseudo tty. */
606a04a10f8SKris Kennaway 	close(ttyfd);
607a04a10f8SKris Kennaway 
608a04a10f8SKris Kennaway 	/* Enter interactive session. */
609d4af9e69SDag-Erling Smørgrav 	s->ptymaster = ptymaster;
6104a421b63SDag-Erling Smørgrav 	packet_set_interactive(1,
6114a421b63SDag-Erling Smørgrav 	    options.ip_qos_interactive, options.ip_qos_bulk);
612*4f52dfbbSDag-Erling Smørgrav 	session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1);
613d4af9e69SDag-Erling Smørgrav 	return 0;
614a04a10f8SKris Kennaway }
615a04a10f8SKris Kennaway 
616989dd127SDag-Erling Smørgrav #ifdef LOGIN_NEEDS_UTMPX
617989dd127SDag-Erling Smørgrav static void
618989dd127SDag-Erling Smørgrav do_pre_login(Session *s)
619989dd127SDag-Erling Smørgrav {
620076ad2f8SDag-Erling Smørgrav 	struct ssh *ssh = active_state;	/* XXX */
621989dd127SDag-Erling Smørgrav 	socklen_t fromlen;
622989dd127SDag-Erling Smørgrav 	struct sockaddr_storage from;
623989dd127SDag-Erling Smørgrav 	pid_t pid = getpid();
624989dd127SDag-Erling Smørgrav 
625989dd127SDag-Erling Smørgrav 	/*
626989dd127SDag-Erling Smørgrav 	 * Get IP address of client. If the connection is not a socket, let
627989dd127SDag-Erling Smørgrav 	 * the address be 0.0.0.0.
628989dd127SDag-Erling Smørgrav 	 */
629989dd127SDag-Erling Smørgrav 	memset(&from, 0, sizeof(from));
630989dd127SDag-Erling Smørgrav 	fromlen = sizeof(from);
6317ac32603SHajimu UMEMOTO 	if (packet_connection_is_on_socket()) {
632989dd127SDag-Erling Smørgrav 		if (getpeername(packet_get_connection_in(),
633989dd127SDag-Erling Smørgrav 		    (struct sockaddr *)&from, &fromlen) < 0) {
634989dd127SDag-Erling Smørgrav 			debug("getpeername: %.100s", strerror(errno));
6351ec0d754SDag-Erling Smørgrav 			cleanup_exit(255);
636989dd127SDag-Erling Smørgrav 		}
637989dd127SDag-Erling Smørgrav 	}
638989dd127SDag-Erling Smørgrav 
639989dd127SDag-Erling Smørgrav 	record_utmp_only(pid, s->tty, s->pw->pw_name,
640076ad2f8SDag-Erling Smørgrav 	    session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
6417ac32603SHajimu UMEMOTO 	    (struct sockaddr *)&from, fromlen);
642989dd127SDag-Erling Smørgrav }
643989dd127SDag-Erling Smørgrav #endif
644989dd127SDag-Erling Smørgrav 
645af12a3e7SDag-Erling Smørgrav /*
646af12a3e7SDag-Erling Smørgrav  * This is called to fork and execute a command.  If another command is
647af12a3e7SDag-Erling Smørgrav  * to be forced, execute that instead.
648af12a3e7SDag-Erling Smørgrav  */
649d4af9e69SDag-Erling Smørgrav int
650*4f52dfbbSDag-Erling Smørgrav do_exec(struct ssh *ssh, Session *s, const char *command)
651af12a3e7SDag-Erling Smørgrav {
652d4af9e69SDag-Erling Smørgrav 	int ret;
653acc1a9efSDag-Erling Smørgrav 	const char *forced = NULL, *tty = NULL;
654acc1a9efSDag-Erling Smørgrav 	char session_type[1024];
655d4af9e69SDag-Erling Smørgrav 
656333ee039SDag-Erling Smørgrav 	if (options.adm_forced_command) {
657333ee039SDag-Erling Smørgrav 		original_command = command;
658333ee039SDag-Erling Smørgrav 		command = options.adm_forced_command;
659f7167e0eSDag-Erling Smørgrav 		forced = "(config)";
660333ee039SDag-Erling Smørgrav 	} else if (forced_command) {
661af12a3e7SDag-Erling Smørgrav 		original_command = command;
662af12a3e7SDag-Erling Smørgrav 		command = forced_command;
663f7167e0eSDag-Erling Smørgrav 		forced = "(key-option)";
664f7167e0eSDag-Erling Smørgrav 	}
665f7167e0eSDag-Erling Smørgrav 	if (forced != NULL) {
666b15c8340SDag-Erling Smørgrav 		if (IS_INTERNAL_SFTP(command)) {
667b15c8340SDag-Erling Smørgrav 			s->is_subsystem = s->is_subsystem ?
668b15c8340SDag-Erling Smørgrav 			    SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
669b15c8340SDag-Erling Smørgrav 		} else if (s->is_subsystem)
670d4af9e69SDag-Erling Smørgrav 			s->is_subsystem = SUBSYSTEM_EXT;
671f7167e0eSDag-Erling Smørgrav 		snprintf(session_type, sizeof(session_type),
672f7167e0eSDag-Erling Smørgrav 		    "forced-command %s '%.900s'", forced, command);
673f7167e0eSDag-Erling Smørgrav 	} else if (s->is_subsystem) {
674f7167e0eSDag-Erling Smørgrav 		snprintf(session_type, sizeof(session_type),
675f7167e0eSDag-Erling Smørgrav 		    "subsystem '%.900s'", s->subsys);
676f7167e0eSDag-Erling Smørgrav 	} else if (command == NULL) {
677f7167e0eSDag-Erling Smørgrav 		snprintf(session_type, sizeof(session_type), "shell");
678f7167e0eSDag-Erling Smørgrav 	} else {
679f7167e0eSDag-Erling Smørgrav 		/* NB. we don't log unforced commands to preserve privacy */
680f7167e0eSDag-Erling Smørgrav 		snprintf(session_type, sizeof(session_type), "command");
681af12a3e7SDag-Erling Smørgrav 	}
682af12a3e7SDag-Erling Smørgrav 
683f7167e0eSDag-Erling Smørgrav 	if (s->ttyfd != -1) {
684f7167e0eSDag-Erling Smørgrav 		tty = s->tty;
685f7167e0eSDag-Erling Smørgrav 		if (strncmp(tty, "/dev/", 5) == 0)
686f7167e0eSDag-Erling Smørgrav 			tty += 5;
687f7167e0eSDag-Erling Smørgrav 	}
688f7167e0eSDag-Erling Smørgrav 
689acc1a9efSDag-Erling Smørgrav 	verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",
690f7167e0eSDag-Erling Smørgrav 	    session_type,
691f7167e0eSDag-Erling Smørgrav 	    tty == NULL ? "" : " on ",
692f7167e0eSDag-Erling Smørgrav 	    tty == NULL ? "" : tty,
693f7167e0eSDag-Erling Smørgrav 	    s->pw->pw_name,
694076ad2f8SDag-Erling Smørgrav 	    ssh_remote_ipaddr(ssh),
695076ad2f8SDag-Erling Smørgrav 	    ssh_remote_port(ssh),
696acc1a9efSDag-Erling Smørgrav 	    s->self);
697f7167e0eSDag-Erling Smørgrav 
698aa49c926SDag-Erling Smørgrav #ifdef SSH_AUDIT_EVENTS
699aa49c926SDag-Erling Smørgrav 	if (command != NULL)
700aa49c926SDag-Erling Smørgrav 		PRIVSEP(audit_run_command(command));
701aa49c926SDag-Erling Smørgrav 	else if (s->ttyfd == -1) {
702aa49c926SDag-Erling Smørgrav 		char *shell = s->pw->pw_shell;
703aa49c926SDag-Erling Smørgrav 
704aa49c926SDag-Erling Smørgrav 		if (shell[0] == '\0')	/* empty shell means /bin/sh */
705aa49c926SDag-Erling Smørgrav 			shell =_PATH_BSHELL;
706aa49c926SDag-Erling Smørgrav 		PRIVSEP(audit_run_command(shell));
707cf2b5f3bSDag-Erling Smørgrav 	}
708cf2b5f3bSDag-Erling Smørgrav #endif
709af12a3e7SDag-Erling Smørgrav 	if (s->ttyfd != -1)
710*4f52dfbbSDag-Erling Smørgrav 		ret = do_exec_pty(ssh, s, command);
711af12a3e7SDag-Erling Smørgrav 	else
712*4f52dfbbSDag-Erling Smørgrav 		ret = do_exec_no_pty(ssh, s, command);
713af12a3e7SDag-Erling Smørgrav 
714af12a3e7SDag-Erling Smørgrav 	original_command = NULL;
715af12a3e7SDag-Erling Smørgrav 
71621e764dfSDag-Erling Smørgrav 	/*
71721e764dfSDag-Erling Smørgrav 	 * Clear loginmsg: it's the child's responsibility to display
71821e764dfSDag-Erling Smørgrav 	 * it to the user, otherwise multiple sessions may accumulate
71921e764dfSDag-Erling Smørgrav 	 * multiple copies of the login messages.
72021e764dfSDag-Erling Smørgrav 	 */
72121e764dfSDag-Erling Smørgrav 	buffer_clear(&loginmsg);
722d4af9e69SDag-Erling Smørgrav 
723d4af9e69SDag-Erling Smørgrav 	return ret;
72421e764dfSDag-Erling Smørgrav }
725af12a3e7SDag-Erling Smørgrav 
726c2d3a559SKris Kennaway /* administrative, login(1)-like work */
727ca3176e7SBrian Feldman void
728*4f52dfbbSDag-Erling Smørgrav do_login(struct ssh *ssh, Session *s, const char *command)
729c2d3a559SKris Kennaway {
730c2d3a559SKris Kennaway 	socklen_t fromlen;
731c2d3a559SKris Kennaway 	struct sockaddr_storage from;
732c2d3a559SKris Kennaway 	struct passwd * pw = s->pw;
733c2d3a559SKris Kennaway 	pid_t pid = getpid();
734c2d3a559SKris Kennaway 
735c2d3a559SKris Kennaway 	/*
736c2d3a559SKris Kennaway 	 * Get IP address of client. If the connection is not a socket, let
737c2d3a559SKris Kennaway 	 * the address be 0.0.0.0.
738c2d3a559SKris Kennaway 	 */
739c2d3a559SKris Kennaway 	memset(&from, 0, sizeof(from));
740c2d3a559SKris Kennaway 	fromlen = sizeof(from);
7417ac32603SHajimu UMEMOTO 	if (packet_connection_is_on_socket()) {
742c2d3a559SKris Kennaway 		if (getpeername(packet_get_connection_in(),
743c2d3a559SKris Kennaway 		    (struct sockaddr *)&from, &fromlen) < 0) {
744c2d3a559SKris Kennaway 			debug("getpeername: %.100s", strerror(errno));
7451ec0d754SDag-Erling Smørgrav 			cleanup_exit(255);
746c2d3a559SKris Kennaway 		}
747c2d3a559SKris Kennaway 	}
748c2d3a559SKris Kennaway 
74980628bacSDag-Erling Smørgrav 	/* Record that there was a login on that tty from the remote host. */
75080628bacSDag-Erling Smørgrav 	if (!use_privsep)
75180628bacSDag-Erling Smørgrav 		record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
752076ad2f8SDag-Erling Smørgrav 		    session_get_remote_name_or_ip(ssh, utmp_len,
753cf2b5f3bSDag-Erling Smørgrav 		    options.use_dns),
7547ac32603SHajimu UMEMOTO 		    (struct sockaddr *)&from, fromlen);
75580628bacSDag-Erling Smørgrav 
756098de0c1SAndrey A. Chernov #ifdef USE_PAM
757c2d3a559SKris Kennaway 	/*
758989dd127SDag-Erling Smørgrav 	 * If password change is needed, do it now.
759989dd127SDag-Erling Smørgrav 	 * This needs to occur before the ~/.hushlogin check.
760c2d3a559SKris Kennaway 	 */
7611ec0d754SDag-Erling Smørgrav 	if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) {
7621ec0d754SDag-Erling Smørgrav 		display_loginmsg();
763989dd127SDag-Erling Smørgrav 		do_pam_chauthtok();
7641ec0d754SDag-Erling Smørgrav 		s->authctxt->force_pwchange = 0;
765cf2b5f3bSDag-Erling Smørgrav 		/* XXX - signal [net] parent to enable forwardings */
766989dd127SDag-Erling Smørgrav 	}
767989dd127SDag-Erling Smørgrav #endif
768af12a3e7SDag-Erling Smørgrav 
769989dd127SDag-Erling Smørgrav 	if (check_quietlogin(s, command))
770989dd127SDag-Erling Smørgrav 		return;
771989dd127SDag-Erling Smørgrav 
7721ec0d754SDag-Erling Smørgrav 	display_loginmsg();
773f388f5efSDag-Erling Smørgrav 
774ca3176e7SBrian Feldman 	do_motd();
775ca3176e7SBrian Feldman }
776ca3176e7SBrian Feldman 
777ca3176e7SBrian Feldman /*
778ca3176e7SBrian Feldman  * Display the message of the day.
779ca3176e7SBrian Feldman  */
780ca3176e7SBrian Feldman void
781ca3176e7SBrian Feldman do_motd(void)
782ca3176e7SBrian Feldman {
783ca3176e7SBrian Feldman 	FILE *f;
784ca3176e7SBrian Feldman 	char buf[256];
785ca3176e7SBrian Feldman 
786ca3176e7SBrian Feldman 	if (options.print_motd) {
787c2d3a559SKris Kennaway #ifdef HAVE_LOGIN_CAP
788c2d3a559SKris Kennaway 		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
789c2d3a559SKris Kennaway 		    "/etc/motd"), "r");
790af12a3e7SDag-Erling Smørgrav #else
791c2d3a559SKris Kennaway 		f = fopen("/etc/motd", "r");
792af12a3e7SDag-Erling Smørgrav #endif
793c2d3a559SKris Kennaway 		if (f) {
794c2d3a559SKris Kennaway 			while (fgets(buf, sizeof(buf), f))
795c2d3a559SKris Kennaway 				fputs(buf, stdout);
796c2d3a559SKris Kennaway 			fclose(f);
797c2d3a559SKris Kennaway 		}
798c2d3a559SKris Kennaway 	}
799ca3176e7SBrian Feldman }
800c2d3a559SKris Kennaway 
801af12a3e7SDag-Erling Smørgrav 
802ca3176e7SBrian Feldman /*
803ca3176e7SBrian Feldman  * Check for quiet login, either .hushlogin or command given.
804ca3176e7SBrian Feldman  */
805ca3176e7SBrian Feldman int
806ca3176e7SBrian Feldman check_quietlogin(Session *s, const char *command)
807ca3176e7SBrian Feldman {
808ca3176e7SBrian Feldman 	char buf[256];
809ca3176e7SBrian Feldman 	struct passwd *pw = s->pw;
810ca3176e7SBrian Feldman 	struct stat st;
811ca3176e7SBrian Feldman 
812ca3176e7SBrian Feldman 	/* Return 1 if .hushlogin exists or a command given. */
813ca3176e7SBrian Feldman 	if (command != NULL)
814ca3176e7SBrian Feldman 		return 1;
815ca3176e7SBrian Feldman 	snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
816c2d3a559SKris Kennaway #ifdef HAVE_LOGIN_CAP
817ca3176e7SBrian Feldman 	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
818ca3176e7SBrian Feldman 		return 1;
819ca3176e7SBrian Feldman #else
820ca3176e7SBrian Feldman 	if (stat(buf, &st) >= 0)
821ca3176e7SBrian Feldman 		return 1;
822ca3176e7SBrian Feldman #endif
823ca3176e7SBrian Feldman 	return 0;
824c2d3a559SKris Kennaway }
825c2d3a559SKris Kennaway 
826a04a10f8SKris Kennaway /*
827a04a10f8SKris Kennaway  * Reads environment variables from the given file and adds/overrides them
828a04a10f8SKris Kennaway  * into the environment.  If the file does not exist, this does nothing.
829a04a10f8SKris Kennaway  * Otherwise, it must consist of empty lines, comments (line starts with '#')
830a04a10f8SKris Kennaway  * and assignments of the form name=value.  No other forms are allowed.
831a04a10f8SKris Kennaway  */
832af12a3e7SDag-Erling Smørgrav static void
833ca3176e7SBrian Feldman read_environment_file(char ***env, u_int *envsize,
834a04a10f8SKris Kennaway 	const char *filename)
835a04a10f8SKris Kennaway {
836a04a10f8SKris Kennaway 	FILE *f;
837a04a10f8SKris Kennaway 	char buf[4096];
838a04a10f8SKris Kennaway 	char *cp, *value;
839a82e551fSDag-Erling Smørgrav 	u_int lineno = 0;
840a04a10f8SKris Kennaway 
841a04a10f8SKris Kennaway 	f = fopen(filename, "r");
842a04a10f8SKris Kennaway 	if (!f)
843a04a10f8SKris Kennaway 		return;
844a04a10f8SKris Kennaway 
845a04a10f8SKris Kennaway 	while (fgets(buf, sizeof(buf), f)) {
846a82e551fSDag-Erling Smørgrav 		if (++lineno > 1000)
847a82e551fSDag-Erling Smørgrav 			fatal("Too many lines in environment file %s", filename);
848a04a10f8SKris Kennaway 		for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
849a04a10f8SKris Kennaway 			;
850a04a10f8SKris Kennaway 		if (!*cp || *cp == '#' || *cp == '\n')
851a04a10f8SKris Kennaway 			continue;
852d4af9e69SDag-Erling Smørgrav 
853d4af9e69SDag-Erling Smørgrav 		cp[strcspn(cp, "\n")] = '\0';
854d4af9e69SDag-Erling Smørgrav 
855a04a10f8SKris Kennaway 		value = strchr(cp, '=');
856a04a10f8SKris Kennaway 		if (value == NULL) {
857a82e551fSDag-Erling Smørgrav 			fprintf(stderr, "Bad line %u in %.100s\n", lineno,
858a82e551fSDag-Erling Smørgrav 			    filename);
859a04a10f8SKris Kennaway 			continue;
860a04a10f8SKris Kennaway 		}
861db1cb46cSKris Kennaway 		/*
862db1cb46cSKris Kennaway 		 * Replace the equals sign by nul, and advance value to
863db1cb46cSKris Kennaway 		 * the value string.
864db1cb46cSKris Kennaway 		 */
865a04a10f8SKris Kennaway 		*value = '\0';
866a04a10f8SKris Kennaway 		value++;
867a04a10f8SKris Kennaway 		child_set_env(env, envsize, cp, value);
868a04a10f8SKris Kennaway 	}
869a04a10f8SKris Kennaway 	fclose(f);
870a04a10f8SKris Kennaway }
871a04a10f8SKris Kennaway 
872cf2b5f3bSDag-Erling Smørgrav #ifdef HAVE_ETC_DEFAULT_LOGIN
873cf2b5f3bSDag-Erling Smørgrav /*
874cf2b5f3bSDag-Erling Smørgrav  * Return named variable from specified environment, or NULL if not present.
875cf2b5f3bSDag-Erling Smørgrav  */
876cf2b5f3bSDag-Erling Smørgrav static char *
877cf2b5f3bSDag-Erling Smørgrav child_get_env(char **env, const char *name)
878cf2b5f3bSDag-Erling Smørgrav {
879cf2b5f3bSDag-Erling Smørgrav 	int i;
880cf2b5f3bSDag-Erling Smørgrav 	size_t len;
881cf2b5f3bSDag-Erling Smørgrav 
882cf2b5f3bSDag-Erling Smørgrav 	len = strlen(name);
883cf2b5f3bSDag-Erling Smørgrav 	for (i=0; env[i] != NULL; i++)
884cf2b5f3bSDag-Erling Smørgrav 		if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
885cf2b5f3bSDag-Erling Smørgrav 			return(env[i] + len + 1);
886cf2b5f3bSDag-Erling Smørgrav 	return NULL;
887cf2b5f3bSDag-Erling Smørgrav }
888cf2b5f3bSDag-Erling Smørgrav 
889cf2b5f3bSDag-Erling Smørgrav /*
890cf2b5f3bSDag-Erling Smørgrav  * Read /etc/default/login.
891cf2b5f3bSDag-Erling Smørgrav  * We pick up the PATH (or SUPATH for root) and UMASK.
892cf2b5f3bSDag-Erling Smørgrav  */
893cf2b5f3bSDag-Erling Smørgrav static void
894cf2b5f3bSDag-Erling Smørgrav read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
895cf2b5f3bSDag-Erling Smørgrav {
896cf2b5f3bSDag-Erling Smørgrav 	char **tmpenv = NULL, *var;
897cf2b5f3bSDag-Erling Smørgrav 	u_int i, tmpenvsize = 0;
8981ec0d754SDag-Erling Smørgrav 	u_long mask;
899cf2b5f3bSDag-Erling Smørgrav 
900cf2b5f3bSDag-Erling Smørgrav 	/*
901cf2b5f3bSDag-Erling Smørgrav 	 * We don't want to copy the whole file to the child's environment,
902cf2b5f3bSDag-Erling Smørgrav 	 * so we use a temporary environment and copy the variables we're
903cf2b5f3bSDag-Erling Smørgrav 	 * interested in.
904cf2b5f3bSDag-Erling Smørgrav 	 */
905cf2b5f3bSDag-Erling Smørgrav 	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
906cf2b5f3bSDag-Erling Smørgrav 
907cf2b5f3bSDag-Erling Smørgrav 	if (tmpenv == NULL)
908cf2b5f3bSDag-Erling Smørgrav 		return;
909cf2b5f3bSDag-Erling Smørgrav 
910cf2b5f3bSDag-Erling Smørgrav 	if (uid == 0)
911cf2b5f3bSDag-Erling Smørgrav 		var = child_get_env(tmpenv, "SUPATH");
912cf2b5f3bSDag-Erling Smørgrav 	else
913cf2b5f3bSDag-Erling Smørgrav 		var = child_get_env(tmpenv, "PATH");
914cf2b5f3bSDag-Erling Smørgrav 	if (var != NULL)
915cf2b5f3bSDag-Erling Smørgrav 		child_set_env(env, envsize, "PATH", var);
916cf2b5f3bSDag-Erling Smørgrav 
917cf2b5f3bSDag-Erling Smørgrav 	if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
918cf2b5f3bSDag-Erling Smørgrav 		if (sscanf(var, "%5lo", &mask) == 1)
9191ec0d754SDag-Erling Smørgrav 			umask((mode_t)mask);
920cf2b5f3bSDag-Erling Smørgrav 
921cf2b5f3bSDag-Erling Smørgrav 	for (i = 0; tmpenv[i] != NULL; i++)
922e4a9863fSDag-Erling Smørgrav 		free(tmpenv[i]);
923e4a9863fSDag-Erling Smørgrav 	free(tmpenv);
924cf2b5f3bSDag-Erling Smørgrav }
925cf2b5f3bSDag-Erling Smørgrav #endif /* HAVE_ETC_DEFAULT_LOGIN */
926cf2b5f3bSDag-Erling Smørgrav 
927*4f52dfbbSDag-Erling Smørgrav static void
928*4f52dfbbSDag-Erling Smørgrav copy_environment_blacklist(char **source, char ***env, u_int *envsize,
929*4f52dfbbSDag-Erling Smørgrav     const char *blacklist)
93009958426SBrian Feldman {
931989dd127SDag-Erling Smørgrav 	char *var_name, *var_val;
93209958426SBrian Feldman 	int i;
93309958426SBrian Feldman 
934989dd127SDag-Erling Smørgrav 	if (source == NULL)
93509958426SBrian Feldman 		return;
93609958426SBrian Feldman 
937989dd127SDag-Erling Smørgrav 	for(i = 0; source[i] != NULL; i++) {
938989dd127SDag-Erling Smørgrav 		var_name = xstrdup(source[i]);
939989dd127SDag-Erling Smørgrav 		if ((var_val = strstr(var_name, "=")) == NULL) {
940e4a9863fSDag-Erling Smørgrav 			free(var_name);
94109958426SBrian Feldman 			continue;
942989dd127SDag-Erling Smørgrav 		}
943989dd127SDag-Erling Smørgrav 		*var_val++ = '\0';
94409958426SBrian Feldman 
945*4f52dfbbSDag-Erling Smørgrav 		if (blacklist == NULL ||
946*4f52dfbbSDag-Erling Smørgrav 		    match_pattern_list(var_name, blacklist, 0) != 1) {
947989dd127SDag-Erling Smørgrav 			debug3("Copy environment: %s=%s", var_name, var_val);
94809958426SBrian Feldman 			child_set_env(env, envsize, var_name, var_val);
949*4f52dfbbSDag-Erling Smørgrav 		}
950989dd127SDag-Erling Smørgrav 
951e4a9863fSDag-Erling Smørgrav 		free(var_name);
95209958426SBrian Feldman 	}
95309958426SBrian Feldman }
95409958426SBrian Feldman 
955*4f52dfbbSDag-Erling Smørgrav void
956*4f52dfbbSDag-Erling Smørgrav copy_environment(char **source, char ***env, u_int *envsize)
957a04a10f8SKris Kennaway {
958*4f52dfbbSDag-Erling Smørgrav 	copy_environment_blacklist(source, env, envsize, NULL);
959*4f52dfbbSDag-Erling Smørgrav }
960*4f52dfbbSDag-Erling Smørgrav 
961*4f52dfbbSDag-Erling Smørgrav static char **
962*4f52dfbbSDag-Erling Smørgrav do_setup_env(struct ssh *ssh, Session *s, const char *shell)
963*4f52dfbbSDag-Erling Smørgrav {
964a04a10f8SKris Kennaway 	char buf[256];
965af12a3e7SDag-Erling Smørgrav 	u_int i, envsize;
966333ee039SDag-Erling Smørgrav 	char **env, *laddr;
967333ee039SDag-Erling Smørgrav 	struct passwd *pw = s->pw;
9687aee6ffeSDag-Erling Smørgrav #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
969333ee039SDag-Erling Smørgrav 	char *path = NULL;
970333ee039SDag-Erling Smørgrav #else
971c62005fcSDag-Erling Smørgrav 	extern char **environ;
972ca86bcf2SDag-Erling Smørgrav 	char **senv, **var, *val;
973c62005fcSDag-Erling Smørgrav #endif
974a04a10f8SKris Kennaway 
975a04a10f8SKris Kennaway 	/* Initialize the environment. */
976a04a10f8SKris Kennaway 	envsize = 100;
977333ee039SDag-Erling Smørgrav 	env = xcalloc(envsize, sizeof(char *));
978a04a10f8SKris Kennaway 	env[0] = NULL;
979989dd127SDag-Erling Smørgrav 
980989dd127SDag-Erling Smørgrav #ifdef HAVE_CYGWIN
981989dd127SDag-Erling Smørgrav 	/*
982989dd127SDag-Erling Smørgrav 	 * The Windows environment contains some setting which are
983989dd127SDag-Erling Smørgrav 	 * important for a running system. They must not be dropped.
984989dd127SDag-Erling Smørgrav 	 */
985aa49c926SDag-Erling Smørgrav 	{
986aa49c926SDag-Erling Smørgrav 		char **p;
987aa49c926SDag-Erling Smørgrav 
988aa49c926SDag-Erling Smørgrav 		p = fetch_windows_environment();
989aa49c926SDag-Erling Smørgrav 		copy_environment(p, &env, &envsize);
990aa49c926SDag-Erling Smørgrav 		free_windows_environment(p);
991aa49c926SDag-Erling Smørgrav 	}
992989dd127SDag-Erling Smørgrav #endif
993a04a10f8SKris Kennaway 
994c62005fcSDag-Erling Smørgrav 	if (getenv("TZ"))
995c62005fcSDag-Erling Smørgrav 		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
996cf2b5f3bSDag-Erling Smørgrav 
997cf2b5f3bSDag-Erling Smørgrav #ifdef GSSAPI
998cf2b5f3bSDag-Erling Smørgrav 	/* Allow any GSSAPI methods that we've used to alter
999cf2b5f3bSDag-Erling Smørgrav 	 * the childs environment as they see fit
1000cf2b5f3bSDag-Erling Smørgrav 	 */
1001cf2b5f3bSDag-Erling Smørgrav 	ssh_gssapi_do_child(&env, &envsize);
1002cf2b5f3bSDag-Erling Smørgrav #endif
1003cf2b5f3bSDag-Erling Smørgrav 
1004a04a10f8SKris Kennaway 	/* Set basic environment. */
100521e764dfSDag-Erling Smørgrav 	for (i = 0; i < s->num_env; i++)
1006ca86bcf2SDag-Erling Smørgrav 		child_set_env(&env, &envsize, s->env[i].name, s->env[i].val);
100721e764dfSDag-Erling Smørgrav 
1008a04a10f8SKris Kennaway 	child_set_env(&env, &envsize, "USER", pw->pw_name);
1009a04a10f8SKris Kennaway 	child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
1010e73e9afaSDag-Erling Smørgrav #ifdef _AIX
1011e73e9afaSDag-Erling Smørgrav 	child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
1012e73e9afaSDag-Erling Smørgrav #endif
1013a04a10f8SKris Kennaway 	child_set_env(&env, &envsize, "HOME", pw->pw_dir);
1014ca86bcf2SDag-Erling Smørgrav 	snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
1015c62005fcSDag-Erling Smørgrav 	child_set_env(&env, &envsize, "MAIL", buf);
1016989dd127SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1017c62005fcSDag-Erling Smørgrav 	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
1018c62005fcSDag-Erling Smørgrav 	child_set_env(&env, &envsize, "TERM", "su");
1019ca86bcf2SDag-Erling Smørgrav 	/*
1020ca86bcf2SDag-Erling Smørgrav 	 * Temporarily swap out our real environment with an empty one,
1021ca86bcf2SDag-Erling Smørgrav 	 * let setusercontext() apply any environment variables defined
1022ca86bcf2SDag-Erling Smørgrav 	 * for the user's login class, copy those variables to the child,
1023ca86bcf2SDag-Erling Smørgrav 	 * free the temporary environment, and restore the original.
1024ca86bcf2SDag-Erling Smørgrav 	 */
1025c62005fcSDag-Erling Smørgrav 	senv = environ;
1026ca86bcf2SDag-Erling Smørgrav 	environ = xmalloc(sizeof(*environ));
1027c62005fcSDag-Erling Smørgrav 	*environ = NULL;
1028ca86bcf2SDag-Erling Smørgrav 	(void)setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV|LOGIN_SETPATH);
1029ca86bcf2SDag-Erling Smørgrav 	for (var = environ; *var != NULL; ++var) {
1030ca86bcf2SDag-Erling Smørgrav 		if ((val = strchr(*var, '=')) != NULL) {
1031ca86bcf2SDag-Erling Smørgrav 			*val++ = '\0';
1032ca86bcf2SDag-Erling Smørgrav 			child_set_env(&env, &envsize, *var, val);
1033ca86bcf2SDag-Erling Smørgrav 		}
1034e4a9863fSDag-Erling Smørgrav 		free(*var);
1035ca86bcf2SDag-Erling Smørgrav 	}
1036e4a9863fSDag-Erling Smørgrav 	free(environ);
1037c62005fcSDag-Erling Smørgrav 	environ = senv;
1038989dd127SDag-Erling Smørgrav #else /* HAVE_LOGIN_CAP */
1039989dd127SDag-Erling Smørgrav # ifndef HAVE_CYGWIN
1040989dd127SDag-Erling Smørgrav 	/*
1041989dd127SDag-Erling Smørgrav 	 * There's no standard path on Windows. The path contains
1042989dd127SDag-Erling Smørgrav 	 * important components pointing to the system directories,
1043989dd127SDag-Erling Smørgrav 	 * needed for loading shared libraries. So the path better
1044989dd127SDag-Erling Smørgrav 	 * remains intact here.
1045989dd127SDag-Erling Smørgrav 	 */
1046cf2b5f3bSDag-Erling Smørgrav #  ifdef HAVE_ETC_DEFAULT_LOGIN
1047cf2b5f3bSDag-Erling Smørgrav 	read_etc_default_login(&env, &envsize, pw->pw_uid);
1048cf2b5f3bSDag-Erling Smørgrav 	path = child_get_env(env, "PATH");
1049cf2b5f3bSDag-Erling Smørgrav #  endif /* HAVE_ETC_DEFAULT_LOGIN */
1050cf2b5f3bSDag-Erling Smørgrav 	if (path == NULL || *path == '\0') {
1051989dd127SDag-Erling Smørgrav 		child_set_env(&env, &envsize, "PATH",
1052ca86bcf2SDag-Erling Smørgrav 		    s->pw->pw_uid == 0 ?  SUPERUSER_PATH : _PATH_STDPATH);
1053cf2b5f3bSDag-Erling Smørgrav 	}
1054989dd127SDag-Erling Smørgrav # endif /* HAVE_CYGWIN */
1055989dd127SDag-Erling Smørgrav #endif /* HAVE_LOGIN_CAP */
1056a04a10f8SKris Kennaway 
1057a04a10f8SKris Kennaway 	/* Normal systems set SHELL by default. */
1058a04a10f8SKris Kennaway 	child_set_env(&env, &envsize, "SHELL", shell);
1059ca86bcf2SDag-Erling Smørgrav 
1060a04a10f8SKris Kennaway 
1061a04a10f8SKris Kennaway 	/* Set custom environment options from RSA authentication. */
1062a04a10f8SKris Kennaway 	while (custom_environment) {
1063a04a10f8SKris Kennaway 		struct envstring *ce = custom_environment;
1064f388f5efSDag-Erling Smørgrav 		char *str = ce->s;
1065af12a3e7SDag-Erling Smørgrav 
1066f388f5efSDag-Erling Smørgrav 		for (i = 0; str[i] != '=' && str[i]; i++)
1067af12a3e7SDag-Erling Smørgrav 			;
1068f388f5efSDag-Erling Smørgrav 		if (str[i] == '=') {
1069f388f5efSDag-Erling Smørgrav 			str[i] = 0;
1070f388f5efSDag-Erling Smørgrav 			child_set_env(&env, &envsize, str, str + i + 1);
1071a04a10f8SKris Kennaway 		}
1072a04a10f8SKris Kennaway 		custom_environment = ce->next;
1073e4a9863fSDag-Erling Smørgrav 		free(ce->s);
1074e4a9863fSDag-Erling Smørgrav 		free(ce);
1075a04a10f8SKris Kennaway 	}
1076a04a10f8SKris Kennaway 
1077f388f5efSDag-Erling Smørgrav 	/* SSH_CLIENT deprecated */
1078a04a10f8SKris Kennaway 	snprintf(buf, sizeof buf, "%.50s %d %d",
1079076ad2f8SDag-Erling Smørgrav 	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1080076ad2f8SDag-Erling Smørgrav 	    ssh_local_port(ssh));
1081a04a10f8SKris Kennaway 	child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1082a04a10f8SKris Kennaway 
1083e73e9afaSDag-Erling Smørgrav 	laddr = get_local_ipaddr(packet_get_connection_in());
1084f388f5efSDag-Erling Smørgrav 	snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1085076ad2f8SDag-Erling Smørgrav 	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
1086076ad2f8SDag-Erling Smørgrav 	    laddr, ssh_local_port(ssh));
1087e4a9863fSDag-Erling Smørgrav 	free(laddr);
1088f388f5efSDag-Erling Smørgrav 	child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1089f388f5efSDag-Erling Smørgrav 
1090*4f52dfbbSDag-Erling Smørgrav 	if (auth_info_file != NULL)
1091*4f52dfbbSDag-Erling Smørgrav 		child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file);
1092ca3176e7SBrian Feldman 	if (s->ttyfd != -1)
1093ca3176e7SBrian Feldman 		child_set_env(&env, &envsize, "SSH_TTY", s->tty);
1094ca3176e7SBrian Feldman 	if (s->term)
1095ca3176e7SBrian Feldman 		child_set_env(&env, &envsize, "TERM", s->term);
1096ca3176e7SBrian Feldman 	if (s->display)
1097ca3176e7SBrian Feldman 		child_set_env(&env, &envsize, "DISPLAY", s->display);
1098c2d3a559SKris Kennaway 	if (original_command)
1099c2d3a559SKris Kennaway 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
1100c2d3a559SKris Kennaway 		    original_command);
1101989dd127SDag-Erling Smørgrav 
1102f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
1103f388f5efSDag-Erling Smørgrav 	if (cray_tmpdir[0] != '\0')
1104f388f5efSDag-Erling Smørgrav 		child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
1105f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */
1106f388f5efSDag-Erling Smørgrav 
1107aa49c926SDag-Erling Smørgrav 	/*
1108aa49c926SDag-Erling Smørgrav 	 * Since we clear KRB5CCNAME at startup, if it's set now then it
1109aa49c926SDag-Erling Smørgrav 	 * must have been set by a native authentication method (eg AIX or
1110aa49c926SDag-Erling Smørgrav 	 * SIA), so copy it to the child.
1111aa49c926SDag-Erling Smørgrav 	 */
1112aa49c926SDag-Erling Smørgrav 	{
1113aa49c926SDag-Erling Smørgrav 		char *cp;
1114aa49c926SDag-Erling Smørgrav 
1115aa49c926SDag-Erling Smørgrav 		if ((cp = getenv("KRB5CCNAME")) != NULL)
1116aa49c926SDag-Erling Smørgrav 			child_set_env(&env, &envsize, "KRB5CCNAME", cp);
1117aa49c926SDag-Erling Smørgrav 	}
1118aa49c926SDag-Erling Smørgrav 
1119989dd127SDag-Erling Smørgrav #ifdef _AIX
1120989dd127SDag-Erling Smørgrav 	{
1121989dd127SDag-Erling Smørgrav 		char *cp;
1122989dd127SDag-Erling Smørgrav 
1123989dd127SDag-Erling Smørgrav 		if ((cp = getenv("AUTHSTATE")) != NULL)
1124989dd127SDag-Erling Smørgrav 			child_set_env(&env, &envsize, "AUTHSTATE", cp);
1125989dd127SDag-Erling Smørgrav 		read_environment_file(&env, &envsize, "/etc/environment");
1126989dd127SDag-Erling Smørgrav 	}
1127989dd127SDag-Erling Smørgrav #endif
1128e8aafc91SKris Kennaway #ifdef KRB5
11295962c0e9SDag-Erling Smørgrav 	if (s->authctxt->krb5_ccname)
1130af12a3e7SDag-Erling Smørgrav 		child_set_env(&env, &envsize, "KRB5CCNAME",
11315962c0e9SDag-Erling Smørgrav 		    s->authctxt->krb5_ccname);
1132af12a3e7SDag-Erling Smørgrav #endif
113309958426SBrian Feldman #ifdef USE_PAM
1134f388f5efSDag-Erling Smørgrav 	/*
1135f388f5efSDag-Erling Smørgrav 	 * Pull in any environment variables that may have
1136f388f5efSDag-Erling Smørgrav 	 * been set by PAM.
1137f388f5efSDag-Erling Smørgrav 	 */
1138ca86bcf2SDag-Erling Smørgrav 	if (options.use_pam) {
11391ec0d754SDag-Erling Smørgrav 		char **p;
1140f388f5efSDag-Erling Smørgrav 
1141*4f52dfbbSDag-Erling Smørgrav 		/*
1142*4f52dfbbSDag-Erling Smørgrav 		 * Don't allow SSH_AUTH_INFO variables posted to PAM to leak
1143*4f52dfbbSDag-Erling Smørgrav 		 * back into the environment.
1144*4f52dfbbSDag-Erling Smørgrav 		 */
11451ec0d754SDag-Erling Smørgrav 		p = fetch_pam_child_environment();
1146*4f52dfbbSDag-Erling Smørgrav 		copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
11471ec0d754SDag-Erling Smørgrav 		free_pam_environment(p);
11481ec0d754SDag-Erling Smørgrav 
11491ec0d754SDag-Erling Smørgrav 		p = fetch_pam_environment();
1150*4f52dfbbSDag-Erling Smørgrav 		copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
1151f388f5efSDag-Erling Smørgrav 		free_pam_environment(p);
1152f388f5efSDag-Erling Smørgrav 	}
115309958426SBrian Feldman #endif /* USE_PAM */
115409958426SBrian Feldman 
115580628bacSDag-Erling Smørgrav 	if (auth_sock_name != NULL)
1156a04a10f8SKris Kennaway 		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
115780628bacSDag-Erling Smørgrav 		    auth_sock_name);
1158a04a10f8SKris Kennaway 
1159a04a10f8SKris Kennaway 	/* read $HOME/.ssh/environment. */
1160ca86bcf2SDag-Erling Smørgrav 	if (options.permit_user_env) {
1161db1cb46cSKris Kennaway 		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
1162f388f5efSDag-Erling Smørgrav 		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1163a04a10f8SKris Kennaway 		read_environment_file(&env, &envsize, buf);
1164a04a10f8SKris Kennaway 	}
1165a04a10f8SKris Kennaway 	if (debug_flag) {
1166a04a10f8SKris Kennaway 		/* dump the environment */
1167a04a10f8SKris Kennaway 		fprintf(stderr, "Environment:\n");
1168a04a10f8SKris Kennaway 		for (i = 0; env[i]; i++)
1169a04a10f8SKris Kennaway 			fprintf(stderr, "  %.200s\n", env[i]);
1170a04a10f8SKris Kennaway 	}
1171af12a3e7SDag-Erling Smørgrav 	return env;
1172e8aafc91SKris Kennaway }
1173ca3176e7SBrian Feldman 
1174ca3176e7SBrian Feldman /*
1175af12a3e7SDag-Erling Smørgrav  * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
1176af12a3e7SDag-Erling Smørgrav  * first in this order).
1177ca3176e7SBrian Feldman  */
1178af12a3e7SDag-Erling Smørgrav static void
1179af12a3e7SDag-Erling Smørgrav do_rc_files(Session *s, const char *shell)
1180af12a3e7SDag-Erling Smørgrav {
1181af12a3e7SDag-Erling Smørgrav 	FILE *f = NULL;
1182af12a3e7SDag-Erling Smørgrav 	char cmd[1024];
1183af12a3e7SDag-Erling Smørgrav 	int do_xauth;
1184af12a3e7SDag-Erling Smørgrav 	struct stat st;
1185a04a10f8SKris Kennaway 
1186af12a3e7SDag-Erling Smørgrav 	do_xauth =
1187af12a3e7SDag-Erling Smørgrav 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
1188a04a10f8SKris Kennaway 
1189d4af9e69SDag-Erling Smørgrav 	/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
1190d4af9e69SDag-Erling Smørgrav 	if (!s->is_subsystem && options.adm_forced_command == NULL &&
1191a0ee8cc6SDag-Erling Smørgrav 	    !no_user_rc && options.permit_user_rc &&
1192a0ee8cc6SDag-Erling Smørgrav 	    stat(_PATH_SSH_USER_RC, &st) >= 0) {
1193e9fd63dfSBrian Feldman 		snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
1194e9fd63dfSBrian Feldman 		    shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
1195a04a10f8SKris Kennaway 		if (debug_flag)
1196e9fd63dfSBrian Feldman 			fprintf(stderr, "Running %s\n", cmd);
1197e9fd63dfSBrian Feldman 		f = popen(cmd, "w");
1198a04a10f8SKris Kennaway 		if (f) {
1199ca3176e7SBrian Feldman 			if (do_xauth)
1200ca3176e7SBrian Feldman 				fprintf(f, "%s %s\n", s->auth_proto,
1201ca3176e7SBrian Feldman 				    s->auth_data);
1202a04a10f8SKris Kennaway 			pclose(f);
1203a04a10f8SKris Kennaway 		} else
1204ca3176e7SBrian Feldman 			fprintf(stderr, "Could not run %s\n",
1205ca3176e7SBrian Feldman 			    _PATH_SSH_USER_RC);
1206ca3176e7SBrian Feldman 	} else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
1207a04a10f8SKris Kennaway 		if (debug_flag)
1208ca3176e7SBrian Feldman 			fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
1209ca3176e7SBrian Feldman 			    _PATH_SSH_SYSTEM_RC);
1210ca3176e7SBrian Feldman 		f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
1211a04a10f8SKris Kennaway 		if (f) {
1212ca3176e7SBrian Feldman 			if (do_xauth)
1213ca3176e7SBrian Feldman 				fprintf(f, "%s %s\n", s->auth_proto,
1214ca3176e7SBrian Feldman 				    s->auth_data);
1215a04a10f8SKris Kennaway 			pclose(f);
1216a04a10f8SKris Kennaway 		} else
1217ca3176e7SBrian Feldman 			fprintf(stderr, "Could not run %s\n",
1218ca3176e7SBrian Feldman 			    _PATH_SSH_SYSTEM_RC);
1219ca3176e7SBrian Feldman 	} else if (do_xauth && options.xauth_location != NULL) {
1220a04a10f8SKris Kennaway 		/* Add authority data to .Xauthority if appropriate. */
1221db1cb46cSKris Kennaway 		if (debug_flag) {
1222db1cb46cSKris Kennaway 			fprintf(stderr,
1223e73e9afaSDag-Erling Smørgrav 			    "Running %.500s remove %.100s\n",
1224e73e9afaSDag-Erling Smørgrav 			    options.xauth_location, s->auth_display);
1225e73e9afaSDag-Erling Smørgrav 			fprintf(stderr,
1226e73e9afaSDag-Erling Smørgrav 			    "%.500s add %.100s %.100s %.100s\n",
1227af12a3e7SDag-Erling Smørgrav 			    options.xauth_location, s->auth_display,
1228ca3176e7SBrian Feldman 			    s->auth_proto, s->auth_data);
1229db1cb46cSKris Kennaway 		}
1230c2d3a559SKris Kennaway 		snprintf(cmd, sizeof cmd, "%s -q -",
1231c2d3a559SKris Kennaway 		    options.xauth_location);
1232c2d3a559SKris Kennaway 		f = popen(cmd, "w");
1233a04a10f8SKris Kennaway 		if (f) {
1234e73e9afaSDag-Erling Smørgrav 			fprintf(f, "remove %s\n",
1235e73e9afaSDag-Erling Smørgrav 			    s->auth_display);
1236af12a3e7SDag-Erling Smørgrav 			fprintf(f, "add %s %s %s\n",
1237af12a3e7SDag-Erling Smørgrav 			    s->auth_display, s->auth_proto,
1238ca3176e7SBrian Feldman 			    s->auth_data);
1239a04a10f8SKris Kennaway 			pclose(f);
1240c2d3a559SKris Kennaway 		} else {
1241c2d3a559SKris Kennaway 			fprintf(stderr, "Could not run %s\n",
1242c2d3a559SKris Kennaway 			    cmd);
1243a04a10f8SKris Kennaway 		}
1244a04a10f8SKris Kennaway 	}
1245a04a10f8SKris Kennaway }
1246ca3176e7SBrian Feldman 
1247af12a3e7SDag-Erling Smørgrav static void
1248af12a3e7SDag-Erling Smørgrav do_nologin(struct passwd *pw)
1249af12a3e7SDag-Erling Smørgrav {
1250af12a3e7SDag-Erling Smørgrav 	FILE *f = NULL;
1251d93a896eSDag-Erling Smørgrav 	const char *nl;
1252d93a896eSDag-Erling Smørgrav 	char buf[1024], *def_nl = _PATH_NOLOGIN;
1253b15c8340SDag-Erling Smørgrav 	struct stat sb;
1254af12a3e7SDag-Erling Smørgrav 
1255af12a3e7SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1256462c32cbSDag-Erling Smørgrav 	if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
1257b15c8340SDag-Erling Smørgrav 		return;
1258b15c8340SDag-Erling Smørgrav 	nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
1259af12a3e7SDag-Erling Smørgrav #else
1260b15c8340SDag-Erling Smørgrav 	if (pw->pw_uid == 0)
1261b15c8340SDag-Erling Smørgrav 		return;
1262b15c8340SDag-Erling Smørgrav 	nl = def_nl;
1263af12a3e7SDag-Erling Smørgrav #endif
1264d93a896eSDag-Erling Smørgrav 	if (stat(nl, &sb) == -1)
1265b15c8340SDag-Erling Smørgrav 		return;
1266b15c8340SDag-Erling Smørgrav 
1267b15c8340SDag-Erling Smørgrav 	/* /etc/nologin exists.  Print its contents if we can and exit. */
1268b15c8340SDag-Erling Smørgrav 	logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
1269b15c8340SDag-Erling Smørgrav 	if ((f = fopen(nl, "r")) != NULL) {
1270af12a3e7SDag-Erling Smørgrav  		while (fgets(buf, sizeof(buf), f))
1271af12a3e7SDag-Erling Smørgrav  			fputs(buf, stderr);
1272af12a3e7SDag-Erling Smørgrav  		fclose(f);
1273af12a3e7SDag-Erling Smørgrav  	}
1274b15c8340SDag-Erling Smørgrav 	exit(254);
1275af12a3e7SDag-Erling Smørgrav }
1276af12a3e7SDag-Erling Smørgrav 
1277d4af9e69SDag-Erling Smørgrav /*
1278d4af9e69SDag-Erling Smørgrav  * Chroot into a directory after checking it for safety: all path components
1279d4af9e69SDag-Erling Smørgrav  * must be root-owned directories with strict permissions.
1280d4af9e69SDag-Erling Smørgrav  */
1281d4af9e69SDag-Erling Smørgrav static void
1282d4af9e69SDag-Erling Smørgrav safely_chroot(const char *path, uid_t uid)
1283d4af9e69SDag-Erling Smørgrav {
1284d4af9e69SDag-Erling Smørgrav 	const char *cp;
1285bc5531deSDag-Erling Smørgrav 	char component[PATH_MAX];
1286d4af9e69SDag-Erling Smørgrav 	struct stat st;
1287d4af9e69SDag-Erling Smørgrav 
1288d4af9e69SDag-Erling Smørgrav 	if (*path != '/')
1289d4af9e69SDag-Erling Smørgrav 		fatal("chroot path does not begin at root");
1290d4af9e69SDag-Erling Smørgrav 	if (strlen(path) >= sizeof(component))
1291d4af9e69SDag-Erling Smørgrav 		fatal("chroot path too long");
1292d4af9e69SDag-Erling Smørgrav 
1293d4af9e69SDag-Erling Smørgrav 	/*
1294d4af9e69SDag-Erling Smørgrav 	 * Descend the path, checking that each component is a
1295d4af9e69SDag-Erling Smørgrav 	 * root-owned directory with strict permissions.
1296d4af9e69SDag-Erling Smørgrav 	 */
1297d4af9e69SDag-Erling Smørgrav 	for (cp = path; cp != NULL;) {
1298d4af9e69SDag-Erling Smørgrav 		if ((cp = strchr(cp, '/')) == NULL)
1299d4af9e69SDag-Erling Smørgrav 			strlcpy(component, path, sizeof(component));
1300d4af9e69SDag-Erling Smørgrav 		else {
1301d4af9e69SDag-Erling Smørgrav 			cp++;
1302d4af9e69SDag-Erling Smørgrav 			memcpy(component, path, cp - path);
1303d4af9e69SDag-Erling Smørgrav 			component[cp - path] = '\0';
1304d4af9e69SDag-Erling Smørgrav 		}
1305d4af9e69SDag-Erling Smørgrav 
1306d4af9e69SDag-Erling Smørgrav 		debug3("%s: checking '%s'", __func__, component);
1307d4af9e69SDag-Erling Smørgrav 
1308d4af9e69SDag-Erling Smørgrav 		if (stat(component, &st) != 0)
1309d4af9e69SDag-Erling Smørgrav 			fatal("%s: stat(\"%s\"): %s", __func__,
1310d4af9e69SDag-Erling Smørgrav 			    component, strerror(errno));
1311d4af9e69SDag-Erling Smørgrav 		if (st.st_uid != 0 || (st.st_mode & 022) != 0)
1312d4af9e69SDag-Erling Smørgrav 			fatal("bad ownership or modes for chroot "
1313d4af9e69SDag-Erling Smørgrav 			    "directory %s\"%s\"",
1314d4af9e69SDag-Erling Smørgrav 			    cp == NULL ? "" : "component ", component);
1315d4af9e69SDag-Erling Smørgrav 		if (!S_ISDIR(st.st_mode))
1316d4af9e69SDag-Erling Smørgrav 			fatal("chroot path %s\"%s\" is not a directory",
1317d4af9e69SDag-Erling Smørgrav 			    cp == NULL ? "" : "component ", component);
1318d4af9e69SDag-Erling Smørgrav 
1319d4af9e69SDag-Erling Smørgrav 	}
1320d4af9e69SDag-Erling Smørgrav 
1321d4af9e69SDag-Erling Smørgrav 	if (chdir(path) == -1)
1322d4af9e69SDag-Erling Smørgrav 		fatal("Unable to chdir to chroot path \"%s\": "
1323d4af9e69SDag-Erling Smørgrav 		    "%s", path, strerror(errno));
1324d4af9e69SDag-Erling Smørgrav 	if (chroot(path) == -1)
1325d4af9e69SDag-Erling Smørgrav 		fatal("chroot(\"%s\"): %s", path, strerror(errno));
1326d4af9e69SDag-Erling Smørgrav 	if (chdir("/") == -1)
1327d4af9e69SDag-Erling Smørgrav 		fatal("%s: chdir(/) after chroot: %s",
1328d4af9e69SDag-Erling Smørgrav 		    __func__, strerror(errno));
1329d4af9e69SDag-Erling Smørgrav 	verbose("Changed root directory to \"%s\"", path);
1330d4af9e69SDag-Erling Smørgrav }
1331d4af9e69SDag-Erling Smørgrav 
1332af12a3e7SDag-Erling Smørgrav /* Set login name, uid, gid, and groups. */
1333989dd127SDag-Erling Smørgrav void
133480628bacSDag-Erling Smørgrav do_setusercontext(struct passwd *pw)
1335af12a3e7SDag-Erling Smørgrav {
1336d4af9e69SDag-Erling Smørgrav 	char *chroot_path, *tmp;
1337d4af9e69SDag-Erling Smørgrav 
13384a421b63SDag-Erling Smørgrav 	platform_setusercontext(pw);
1339d4af9e69SDag-Erling Smørgrav 
13404a421b63SDag-Erling Smørgrav 	if (platform_privileged_uidswap()) {
1341989dd127SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1342989dd127SDag-Erling Smørgrav 		if (setusercontext(lc, pw, pw->pw_uid,
1343d4af9e69SDag-Erling Smørgrav 		    (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
1344989dd127SDag-Erling Smørgrav 			perror("unable to set user context");
1345989dd127SDag-Erling Smørgrav 			exit(1);
1346989dd127SDag-Erling Smørgrav 		}
1347989dd127SDag-Erling Smørgrav #else
1348af12a3e7SDag-Erling Smørgrav 		if (setlogin(pw->pw_name) < 0)
1349af12a3e7SDag-Erling Smørgrav 			error("setlogin failed: %s", strerror(errno));
1350af12a3e7SDag-Erling Smørgrav 		if (setgid(pw->pw_gid) < 0) {
1351af12a3e7SDag-Erling Smørgrav 			perror("setgid");
1352af12a3e7SDag-Erling Smørgrav 			exit(1);
1353af12a3e7SDag-Erling Smørgrav 		}
1354af12a3e7SDag-Erling Smørgrav 		/* Initialize the group list. */
1355af12a3e7SDag-Erling Smørgrav 		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
1356af12a3e7SDag-Erling Smørgrav 			perror("initgroups");
1357af12a3e7SDag-Erling Smørgrav 			exit(1);
1358af12a3e7SDag-Erling Smørgrav 		}
1359af12a3e7SDag-Erling Smørgrav 		endgrent();
1360d4af9e69SDag-Erling Smørgrav #endif
1361b15c8340SDag-Erling Smørgrav 
13624a421b63SDag-Erling Smørgrav 		platform_setusercontext_post_groups(pw);
13638ad9b54aSDag-Erling Smørgrav 
1364acc1a9efSDag-Erling Smørgrav 		if (!in_chroot && options.chroot_directory != NULL &&
1365d4af9e69SDag-Erling Smørgrav 		    strcasecmp(options.chroot_directory, "none") != 0) {
1366d4af9e69SDag-Erling Smørgrav                         tmp = tilde_expand_filename(options.chroot_directory,
1367d4af9e69SDag-Erling Smørgrav 			    pw->pw_uid);
1368d4af9e69SDag-Erling Smørgrav 			chroot_path = percent_expand(tmp, "h", pw->pw_dir,
1369d4af9e69SDag-Erling Smørgrav 			    "u", pw->pw_name, (char *)NULL);
1370d4af9e69SDag-Erling Smørgrav 			safely_chroot(chroot_path, pw->pw_uid);
1371d4af9e69SDag-Erling Smørgrav 			free(tmp);
1372d4af9e69SDag-Erling Smørgrav 			free(chroot_path);
1373e4a9863fSDag-Erling Smørgrav 			/* Make sure we don't attempt to chroot again */
1374e4a9863fSDag-Erling Smørgrav 			free(options.chroot_directory);
1375e4a9863fSDag-Erling Smørgrav 			options.chroot_directory = NULL;
1376acc1a9efSDag-Erling Smørgrav 			in_chroot = 1;
1377d4af9e69SDag-Erling Smørgrav 		}
1378d4af9e69SDag-Erling Smørgrav 
1379d4af9e69SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1380d4af9e69SDag-Erling Smørgrav 		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
1381d4af9e69SDag-Erling Smørgrav 			perror("unable to set user context (setuser)");
1382d4af9e69SDag-Erling Smørgrav 			exit(1);
1383d4af9e69SDag-Erling Smørgrav 		}
13842ec88e9dSDag-Erling Smørgrav 		/*
13852ec88e9dSDag-Erling Smørgrav 		 * FreeBSD's setusercontext() will not apply the user's
13862ec88e9dSDag-Erling Smørgrav 		 * own umask setting unless running with the user's UID.
13872ec88e9dSDag-Erling Smørgrav 		 */
13886888a9beSDag-Erling Smørgrav 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
1389d4af9e69SDag-Erling Smørgrav #else
1390f7167e0eSDag-Erling Smørgrav # ifdef USE_LIBIAF
1391acc1a9efSDag-Erling Smørgrav 		/*
1392acc1a9efSDag-Erling Smørgrav 		 * In a chroot environment, the set_id() will always fail;
1393acc1a9efSDag-Erling Smørgrav 		 * typically because of the lack of necessary authentication
1394acc1a9efSDag-Erling Smørgrav 		 * services and runtime such as ./usr/lib/libiaf.so,
1395acc1a9efSDag-Erling Smørgrav 		 * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the
1396acc1a9efSDag-Erling Smørgrav 		 * internal sftp chroot case.  We'll lose auditing and ACLs but
1397acc1a9efSDag-Erling Smørgrav 		 * permanently_set_uid will take care of the rest.
1398a0ee8cc6SDag-Erling Smørgrav 		 */
1399acc1a9efSDag-Erling Smørgrav 		if (!in_chroot && set_id(pw->pw_name) != 0)
1400f7167e0eSDag-Erling Smørgrav 			fatal("set_id(%s) Failed", pw->pw_name);
1401f7167e0eSDag-Erling Smørgrav # endif /* USE_LIBIAF */
1402af12a3e7SDag-Erling Smørgrav 		/* Permanently switch to the desired uid. */
1403af12a3e7SDag-Erling Smørgrav 		permanently_set_uid(pw);
1404989dd127SDag-Erling Smørgrav #endif
1405e4a9863fSDag-Erling Smørgrav 	} else if (options.chroot_directory != NULL &&
1406e4a9863fSDag-Erling Smørgrav 	    strcasecmp(options.chroot_directory, "none") != 0) {
1407e4a9863fSDag-Erling Smørgrav 		fatal("server lacks privileges to chroot to ChrootDirectory");
1408af12a3e7SDag-Erling Smørgrav 	}
1409e73e9afaSDag-Erling Smørgrav 
1410af12a3e7SDag-Erling Smørgrav 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
1411af12a3e7SDag-Erling Smørgrav 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
141280628bacSDag-Erling Smørgrav }
141380628bacSDag-Erling Smørgrav 
141480628bacSDag-Erling Smørgrav static void
14151ec0d754SDag-Erling Smørgrav do_pwchange(Session *s)
14161ec0d754SDag-Erling Smørgrav {
141721e764dfSDag-Erling Smørgrav 	fflush(NULL);
14181ec0d754SDag-Erling Smørgrav 	fprintf(stderr, "WARNING: Your password has expired.\n");
14191ec0d754SDag-Erling Smørgrav 	if (s->ttyfd != -1) {
14201ec0d754SDag-Erling Smørgrav 		fprintf(stderr,
14211ec0d754SDag-Erling Smørgrav 		    "You must change your password now and login again!\n");
1422e146993eSDag-Erling Smørgrav #ifdef WITH_SELINUX
1423e146993eSDag-Erling Smørgrav 		setexeccon(NULL);
1424e146993eSDag-Erling Smørgrav #endif
1425aa49c926SDag-Erling Smørgrav #ifdef PASSWD_NEEDS_USERNAME
1426aa49c926SDag-Erling Smørgrav 		execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
1427aa49c926SDag-Erling Smørgrav 		    (char *)NULL);
1428aa49c926SDag-Erling Smørgrav #else
14291ec0d754SDag-Erling Smørgrav 		execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
1430aa49c926SDag-Erling Smørgrav #endif
14311ec0d754SDag-Erling Smørgrav 		perror("passwd");
14321ec0d754SDag-Erling Smørgrav 	} else {
14331ec0d754SDag-Erling Smørgrav 		fprintf(stderr,
14341ec0d754SDag-Erling Smørgrav 		    "Password change required but no TTY available.\n");
14351ec0d754SDag-Erling Smørgrav 	}
14361ec0d754SDag-Erling Smørgrav 	exit(1);
14371ec0d754SDag-Erling Smørgrav }
14381ec0d754SDag-Erling Smørgrav 
14391ec0d754SDag-Erling Smørgrav static void
1440*4f52dfbbSDag-Erling Smørgrav child_close_fds(struct ssh *ssh)
14411ec0d754SDag-Erling Smørgrav {
1442bc5531deSDag-Erling Smørgrav 	extern int auth_sock;
1443e4a9863fSDag-Erling Smørgrav 
1444bc5531deSDag-Erling Smørgrav 	if (auth_sock != -1) {
1445bc5531deSDag-Erling Smørgrav 		close(auth_sock);
1446bc5531deSDag-Erling Smørgrav 		auth_sock = -1;
1447e4a9863fSDag-Erling Smørgrav 	}
1448e4a9863fSDag-Erling Smørgrav 
14491ec0d754SDag-Erling Smørgrav 	if (packet_get_connection_in() == packet_get_connection_out())
14501ec0d754SDag-Erling Smørgrav 		close(packet_get_connection_in());
14511ec0d754SDag-Erling Smørgrav 	else {
14521ec0d754SDag-Erling Smørgrav 		close(packet_get_connection_in());
14531ec0d754SDag-Erling Smørgrav 		close(packet_get_connection_out());
14541ec0d754SDag-Erling Smørgrav 	}
14551ec0d754SDag-Erling Smørgrav 	/*
14561ec0d754SDag-Erling Smørgrav 	 * Close all descriptors related to channels.  They will still remain
14571ec0d754SDag-Erling Smørgrav 	 * open in the parent.
14581ec0d754SDag-Erling Smørgrav 	 */
14591ec0d754SDag-Erling Smørgrav 	/* XXX better use close-on-exec? -markus */
1460*4f52dfbbSDag-Erling Smørgrav 	channel_close_all(ssh);
14611ec0d754SDag-Erling Smørgrav 
14621ec0d754SDag-Erling Smørgrav 	/*
14631ec0d754SDag-Erling Smørgrav 	 * Close any extra file descriptors.  Note that there may still be
14641ec0d754SDag-Erling Smørgrav 	 * descriptors left by system functions.  They will be closed later.
14651ec0d754SDag-Erling Smørgrav 	 */
14661ec0d754SDag-Erling Smørgrav 	endpwent();
14671ec0d754SDag-Erling Smørgrav 
14681ec0d754SDag-Erling Smørgrav 	/*
1469b74df5b2SDag-Erling Smørgrav 	 * Close any extra open file descriptors so that we don't have them
14701ec0d754SDag-Erling Smørgrav 	 * hanging around in clients.  Note that we want to do this after
14711ec0d754SDag-Erling Smørgrav 	 * initgroups, because at least on Solaris 2.3 it leaves file
14721ec0d754SDag-Erling Smørgrav 	 * descriptors open.
14731ec0d754SDag-Erling Smørgrav 	 */
14744a421b63SDag-Erling Smørgrav 	closefrom(STDERR_FILENO + 1);
14751ec0d754SDag-Erling Smørgrav }
14761ec0d754SDag-Erling Smørgrav 
1477af12a3e7SDag-Erling Smørgrav /*
1478af12a3e7SDag-Erling Smørgrav  * Performs common processing for the child, such as setting up the
1479af12a3e7SDag-Erling Smørgrav  * environment, closing extra file descriptors, setting the user and group
1480af12a3e7SDag-Erling Smørgrav  * ids, and executing the command or shell.
1481af12a3e7SDag-Erling Smørgrav  */
1482d4af9e69SDag-Erling Smørgrav #define ARGV_MAX 10
1483af12a3e7SDag-Erling Smørgrav void
1484*4f52dfbbSDag-Erling Smørgrav do_child(struct ssh *ssh, Session *s, const char *command)
1485af12a3e7SDag-Erling Smørgrav {
1486af12a3e7SDag-Erling Smørgrav 	extern char **environ;
1487989dd127SDag-Erling Smørgrav 	char **env;
1488d4af9e69SDag-Erling Smørgrav 	char *argv[ARGV_MAX];
1489ca86bcf2SDag-Erling Smørgrav 	const char *shell, *shell0;
1490af12a3e7SDag-Erling Smørgrav 	struct passwd *pw = s->pw;
1491d4af9e69SDag-Erling Smørgrav 	int r = 0;
1492af12a3e7SDag-Erling Smørgrav 
1493af12a3e7SDag-Erling Smørgrav 	/* remove hostkey from the child's memory */
1494af12a3e7SDag-Erling Smørgrav 	destroy_sensitive_data();
1495*4f52dfbbSDag-Erling Smørgrav 	packet_clear_keys();
1496af12a3e7SDag-Erling Smørgrav 
14971ec0d754SDag-Erling Smørgrav 	/* Force a password change */
14981ec0d754SDag-Erling Smørgrav 	if (s->authctxt->force_pwchange) {
14991ec0d754SDag-Erling Smørgrav 		do_setusercontext(pw);
1500*4f52dfbbSDag-Erling Smørgrav 		child_close_fds(ssh);
15011ec0d754SDag-Erling Smørgrav 		do_pwchange(s);
15021ec0d754SDag-Erling Smørgrav 		exit(1);
15031ec0d754SDag-Erling Smørgrav 	}
15041ec0d754SDag-Erling Smørgrav 
1505f388f5efSDag-Erling Smørgrav #ifdef _UNICOS
1506f388f5efSDag-Erling Smørgrav 	cray_setup(pw->pw_uid, pw->pw_name, command);
1507f388f5efSDag-Erling Smørgrav #endif /* _UNICOS */
1508f388f5efSDag-Erling Smørgrav 
1509af12a3e7SDag-Erling Smørgrav 	/*
1510af12a3e7SDag-Erling Smørgrav 	 * Login(1) does this as well, and it needs uid 0 for the "-h"
1511af12a3e7SDag-Erling Smørgrav 	 * switch, so we let login(1) to this for us.
1512af12a3e7SDag-Erling Smørgrav 	 */
1513989dd127SDag-Erling Smørgrav #ifdef HAVE_OSF_SIA
1514e73e9afaSDag-Erling Smørgrav 	session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
1515989dd127SDag-Erling Smørgrav 	if (!check_quietlogin(s, command))
1516989dd127SDag-Erling Smørgrav 		do_motd();
1517989dd127SDag-Erling Smørgrav #else /* HAVE_OSF_SIA */
1518b74df5b2SDag-Erling Smørgrav 	/* When PAM is enabled we rely on it to do the nologin check */
1519b74df5b2SDag-Erling Smørgrav 	if (!options.use_pam)
1520af12a3e7SDag-Erling Smørgrav 		do_nologin(pw);
1521989dd127SDag-Erling Smørgrav 	do_setusercontext(pw);
152221e764dfSDag-Erling Smørgrav 	/*
152321e764dfSDag-Erling Smørgrav 	 * PAM session modules in do_setusercontext may have
152421e764dfSDag-Erling Smørgrav 	 * generated messages, so if this in an interactive
152521e764dfSDag-Erling Smørgrav 	 * login then display them too.
152621e764dfSDag-Erling Smørgrav 	 */
1527aa49c926SDag-Erling Smørgrav 	if (!check_quietlogin(s, command))
152821e764dfSDag-Erling Smørgrav 		display_loginmsg();
1529989dd127SDag-Erling Smørgrav #endif /* HAVE_OSF_SIA */
1530af12a3e7SDag-Erling Smørgrav 
1531aa49c926SDag-Erling Smørgrav #ifdef USE_PAM
1532ca86bcf2SDag-Erling Smørgrav 	if (options.use_pam && !is_pam_session_open()) {
1533aa49c926SDag-Erling Smørgrav 		debug3("PAM session not opened, exiting");
1534aa49c926SDag-Erling Smørgrav 		display_loginmsg();
1535aa49c926SDag-Erling Smørgrav 		exit(254);
1536aa49c926SDag-Erling Smørgrav 	}
1537aa49c926SDag-Erling Smørgrav #endif
1538aa49c926SDag-Erling Smørgrav 
1539af12a3e7SDag-Erling Smørgrav 	/*
1540af12a3e7SDag-Erling Smørgrav 	 * Get the shell from the password data.  An empty shell field is
1541af12a3e7SDag-Erling Smørgrav 	 * legal, and means /bin/sh.
1542af12a3e7SDag-Erling Smørgrav 	 */
1543af12a3e7SDag-Erling Smørgrav 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
1544e73e9afaSDag-Erling Smørgrav 
1545e73e9afaSDag-Erling Smørgrav 	/*
1546e73e9afaSDag-Erling Smørgrav 	 * Make sure $SHELL points to the shell from the password file,
1547e73e9afaSDag-Erling Smørgrav 	 * even if shell is overridden from login.conf
1548e73e9afaSDag-Erling Smørgrav 	 */
1549*4f52dfbbSDag-Erling Smørgrav 	env = do_setup_env(ssh, s, shell);
1550e73e9afaSDag-Erling Smørgrav 
1551af12a3e7SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1552af12a3e7SDag-Erling Smørgrav 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
1553af12a3e7SDag-Erling Smørgrav #endif
1554af12a3e7SDag-Erling Smørgrav 
1555af12a3e7SDag-Erling Smørgrav 	/*
1556af12a3e7SDag-Erling Smørgrav 	 * Close the connection descriptors; note that this is the child, and
1557af12a3e7SDag-Erling Smørgrav 	 * the server will still have the socket open, and it is important
1558af12a3e7SDag-Erling Smørgrav 	 * that we do not shutdown it.  Note that the descriptors cannot be
1559af12a3e7SDag-Erling Smørgrav 	 * closed before building the environment, as we call
1560076ad2f8SDag-Erling Smørgrav 	 * ssh_remote_ipaddr there.
1561af12a3e7SDag-Erling Smørgrav 	 */
1562*4f52dfbbSDag-Erling Smørgrav 	child_close_fds(ssh);
1563af12a3e7SDag-Erling Smørgrav 
1564af12a3e7SDag-Erling Smørgrav 	/*
1565af12a3e7SDag-Erling Smørgrav 	 * Must take new environment into use so that .ssh/rc,
1566af12a3e7SDag-Erling Smørgrav 	 * /etc/ssh/sshrc and xauth are run in the proper environment.
1567af12a3e7SDag-Erling Smørgrav 	 */
1568af12a3e7SDag-Erling Smørgrav 	environ = env;
1569af12a3e7SDag-Erling Smørgrav 
15701ec0d754SDag-Erling Smørgrav #if defined(KRB5) && defined(USE_AFS)
15711ec0d754SDag-Erling Smørgrav 	/*
15721ec0d754SDag-Erling Smørgrav 	 * At this point, we check to see if AFS is active and if we have
15731ec0d754SDag-Erling Smørgrav 	 * a valid Kerberos 5 TGT. If so, it seems like a good idea to see
15741ec0d754SDag-Erling Smørgrav 	 * if we can (and need to) extend the ticket into an AFS token. If
15751ec0d754SDag-Erling Smørgrav 	 * we don't do this, we run into potential problems if the user's
15761ec0d754SDag-Erling Smørgrav 	 * home directory is in AFS and it's not world-readable.
15771ec0d754SDag-Erling Smørgrav 	 */
15781ec0d754SDag-Erling Smørgrav 
15791ec0d754SDag-Erling Smørgrav 	if (options.kerberos_get_afs_token && k_hasafs() &&
15801ec0d754SDag-Erling Smørgrav 	    (s->authctxt->krb5_ctx != NULL)) {
15811ec0d754SDag-Erling Smørgrav 		char cell[64];
15821ec0d754SDag-Erling Smørgrav 
15831ec0d754SDag-Erling Smørgrav 		debug("Getting AFS token");
15841ec0d754SDag-Erling Smørgrav 
15851ec0d754SDag-Erling Smørgrav 		k_setpag();
15861ec0d754SDag-Erling Smørgrav 
15871ec0d754SDag-Erling Smørgrav 		if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
15881ec0d754SDag-Erling Smørgrav 			krb5_afslog(s->authctxt->krb5_ctx,
15891ec0d754SDag-Erling Smørgrav 			    s->authctxt->krb5_fwd_ccache, cell, NULL);
15901ec0d754SDag-Erling Smørgrav 
15911ec0d754SDag-Erling Smørgrav 		krb5_afslog_home(s->authctxt->krb5_ctx,
15921ec0d754SDag-Erling Smørgrav 		    s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir);
15931ec0d754SDag-Erling Smørgrav 	}
15941ec0d754SDag-Erling Smørgrav #endif
15951ec0d754SDag-Erling Smørgrav 
1596b74df5b2SDag-Erling Smørgrav 	/* Change current directory to the user's home directory. */
1597af12a3e7SDag-Erling Smørgrav 	if (chdir(pw->pw_dir) < 0) {
1598d4af9e69SDag-Erling Smørgrav 		/* Suppress missing homedir warning for chroot case */
1599af12a3e7SDag-Erling Smørgrav #ifdef HAVE_LOGIN_CAP
1600d4af9e69SDag-Erling Smørgrav 		r = login_getcapbool(lc, "requirehome", 0);
1601af12a3e7SDag-Erling Smørgrav #endif
1602acc1a9efSDag-Erling Smørgrav 		if (r || !in_chroot) {
1603d4af9e69SDag-Erling Smørgrav 			fprintf(stderr, "Could not chdir to home "
1604d4af9e69SDag-Erling Smørgrav 			    "directory %s: %s\n", pw->pw_dir,
1605d4af9e69SDag-Erling Smørgrav 			    strerror(errno));
1606acc1a9efSDag-Erling Smørgrav 		}
1607d4af9e69SDag-Erling Smørgrav 		if (r)
1608d4af9e69SDag-Erling Smørgrav 			exit(1);
1609af12a3e7SDag-Erling Smørgrav 	}
1610af12a3e7SDag-Erling Smørgrav 
1611d4af9e69SDag-Erling Smørgrav 	closefrom(STDERR_FILENO + 1);
1612d4af9e69SDag-Erling Smørgrav 
1613af12a3e7SDag-Erling Smørgrav 	do_rc_files(s, shell);
1614af12a3e7SDag-Erling Smørgrav 
1615ca3176e7SBrian Feldman 	/* restore SIGPIPE for child */
1616ca3176e7SBrian Feldman 	signal(SIGPIPE, SIG_DFL);
1617ca3176e7SBrian Feldman 
1618b15c8340SDag-Erling Smørgrav 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
1619b15c8340SDag-Erling Smørgrav 		printf("This service allows sftp connections only.\n");
1620b15c8340SDag-Erling Smørgrav 		fflush(NULL);
1621b15c8340SDag-Erling Smørgrav 		exit(1);
1622b15c8340SDag-Erling Smørgrav 	} else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
1623d4af9e69SDag-Erling Smørgrav 		extern int optind, optreset;
1624d4af9e69SDag-Erling Smørgrav 		int i;
1625d4af9e69SDag-Erling Smørgrav 		char *p, *args;
1626d4af9e69SDag-Erling Smørgrav 
16277aee6ffeSDag-Erling Smørgrav 		setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
1628cce7d346SDag-Erling Smørgrav 		args = xstrdup(command ? command : "sftp-server");
1629d4af9e69SDag-Erling Smørgrav 		for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
1630d4af9e69SDag-Erling Smørgrav 			if (i < ARGV_MAX - 1)
1631d4af9e69SDag-Erling Smørgrav 				argv[i++] = p;
1632d4af9e69SDag-Erling Smørgrav 		argv[i] = NULL;
1633d4af9e69SDag-Erling Smørgrav 		optind = optreset = 1;
1634d4af9e69SDag-Erling Smørgrav 		__progname = argv[0];
1635b15c8340SDag-Erling Smørgrav #ifdef WITH_SELINUX
1636b15c8340SDag-Erling Smørgrav 		ssh_selinux_change_context("sftpd_t");
1637b15c8340SDag-Erling Smørgrav #endif
1638d4af9e69SDag-Erling Smørgrav 		exit(sftp_server_main(i, argv, s->pw));
1639d4af9e69SDag-Erling Smørgrav 	}
1640d4af9e69SDag-Erling Smørgrav 
1641b15c8340SDag-Erling Smørgrav 	fflush(NULL);
1642b15c8340SDag-Erling Smørgrav 
1643af12a3e7SDag-Erling Smørgrav 	/* Get the last component of the shell name. */
1644af12a3e7SDag-Erling Smørgrav 	if ((shell0 = strrchr(shell, '/')) != NULL)
1645af12a3e7SDag-Erling Smørgrav 		shell0++;
1646af12a3e7SDag-Erling Smørgrav 	else
1647af12a3e7SDag-Erling Smørgrav 		shell0 = shell;
1648af12a3e7SDag-Erling Smørgrav 
1649a04a10f8SKris Kennaway 	/*
1650a04a10f8SKris Kennaway 	 * If we have no command, execute the shell.  In this case, the shell
1651a04a10f8SKris Kennaway 	 * name to be passed in argv[0] is preceded by '-' to indicate that
1652a04a10f8SKris Kennaway 	 * this is a login shell.
1653a04a10f8SKris Kennaway 	 */
1654a04a10f8SKris Kennaway 	if (!command) {
1655af12a3e7SDag-Erling Smørgrav 		char argv0[256];
1656a04a10f8SKris Kennaway 
1657a04a10f8SKris Kennaway 		/* Start the shell.  Set initial character to '-'. */
1658af12a3e7SDag-Erling Smørgrav 		argv0[0] = '-';
1659af12a3e7SDag-Erling Smørgrav 
1660af12a3e7SDag-Erling Smørgrav 		if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1)
1661af12a3e7SDag-Erling Smørgrav 		    >= sizeof(argv0) - 1) {
1662af12a3e7SDag-Erling Smørgrav 			errno = EINVAL;
1663af12a3e7SDag-Erling Smørgrav 			perror(shell);
1664af12a3e7SDag-Erling Smørgrav 			exit(1);
1665af12a3e7SDag-Erling Smørgrav 		}
1666a04a10f8SKris Kennaway 
1667a04a10f8SKris Kennaway 		/* Execute the shell. */
1668af12a3e7SDag-Erling Smørgrav 		argv[0] = argv0;
1669a04a10f8SKris Kennaway 		argv[1] = NULL;
1670a04a10f8SKris Kennaway 		execve(shell, argv, env);
1671a04a10f8SKris Kennaway 
1672a04a10f8SKris Kennaway 		/* Executing the shell failed. */
1673a04a10f8SKris Kennaway 		perror(shell);
1674a04a10f8SKris Kennaway 		exit(1);
1675a04a10f8SKris Kennaway 	}
1676a04a10f8SKris Kennaway 	/*
1677a04a10f8SKris Kennaway 	 * Execute the command using the user's shell.  This uses the -c
1678a04a10f8SKris Kennaway 	 * option to execute the command.
1679a04a10f8SKris Kennaway 	 */
1680af12a3e7SDag-Erling Smørgrav 	argv[0] = (char *) shell0;
1681a04a10f8SKris Kennaway 	argv[1] = "-c";
1682a04a10f8SKris Kennaway 	argv[2] = (char *) command;
1683a04a10f8SKris Kennaway 	argv[3] = NULL;
1684a04a10f8SKris Kennaway 	execve(shell, argv, env);
1685a04a10f8SKris Kennaway 	perror(shell);
1686a04a10f8SKris Kennaway 	exit(1);
1687a04a10f8SKris Kennaway }
1688a04a10f8SKris Kennaway 
1689d4af9e69SDag-Erling Smørgrav void
1690d4af9e69SDag-Erling Smørgrav session_unused(int id)
1691d4af9e69SDag-Erling Smørgrav {
1692d4af9e69SDag-Erling Smørgrav 	debug3("%s: session id %d unused", __func__, id);
1693d4af9e69SDag-Erling Smørgrav 	if (id >= options.max_sessions ||
1694d4af9e69SDag-Erling Smørgrav 	    id >= sessions_nalloc) {
1695d4af9e69SDag-Erling Smørgrav 		fatal("%s: insane session id %d (max %d nalloc %d)",
1696d4af9e69SDag-Erling Smørgrav 		    __func__, id, options.max_sessions, sessions_nalloc);
1697d4af9e69SDag-Erling Smørgrav 	}
1698b83788ffSDag-Erling Smørgrav 	memset(&sessions[id], 0, sizeof(*sessions));
1699d4af9e69SDag-Erling Smørgrav 	sessions[id].self = id;
1700d4af9e69SDag-Erling Smørgrav 	sessions[id].used = 0;
1701d4af9e69SDag-Erling Smørgrav 	sessions[id].chanid = -1;
1702d4af9e69SDag-Erling Smørgrav 	sessions[id].ptyfd = -1;
1703d4af9e69SDag-Erling Smørgrav 	sessions[id].ttyfd = -1;
1704d4af9e69SDag-Erling Smørgrav 	sessions[id].ptymaster = -1;
1705d4af9e69SDag-Erling Smørgrav 	sessions[id].x11_chanids = NULL;
1706d4af9e69SDag-Erling Smørgrav 	sessions[id].next_unused = sessions_first_unused;
1707d4af9e69SDag-Erling Smørgrav 	sessions_first_unused = id;
1708d4af9e69SDag-Erling Smørgrav }
1709d4af9e69SDag-Erling Smørgrav 
1710a04a10f8SKris Kennaway Session *
1711a04a10f8SKris Kennaway session_new(void)
1712a04a10f8SKris Kennaway {
1713d4af9e69SDag-Erling Smørgrav 	Session *s, *tmp;
1714d4af9e69SDag-Erling Smørgrav 
1715d4af9e69SDag-Erling Smørgrav 	if (sessions_first_unused == -1) {
1716d4af9e69SDag-Erling Smørgrav 		if (sessions_nalloc >= options.max_sessions)
1717a04a10f8SKris Kennaway 			return NULL;
1718d4af9e69SDag-Erling Smørgrav 		debug2("%s: allocate (allocated %d max %d)",
1719d4af9e69SDag-Erling Smørgrav 		    __func__, sessions_nalloc, options.max_sessions);
1720*4f52dfbbSDag-Erling Smørgrav 		tmp = xrecallocarray(sessions, sessions_nalloc,
1721*4f52dfbbSDag-Erling Smørgrav 		    sessions_nalloc + 1, sizeof(*sessions));
1722d4af9e69SDag-Erling Smørgrav 		if (tmp == NULL) {
1723d4af9e69SDag-Erling Smørgrav 			error("%s: cannot allocate %d sessions",
1724d4af9e69SDag-Erling Smørgrav 			    __func__, sessions_nalloc + 1);
1725d4af9e69SDag-Erling Smørgrav 			return NULL;
1726d4af9e69SDag-Erling Smørgrav 		}
1727d4af9e69SDag-Erling Smørgrav 		sessions = tmp;
1728d4af9e69SDag-Erling Smørgrav 		session_unused(sessions_nalloc++);
1729d4af9e69SDag-Erling Smørgrav 	}
1730d4af9e69SDag-Erling Smørgrav 
1731d4af9e69SDag-Erling Smørgrav 	if (sessions_first_unused >= sessions_nalloc ||
1732d4af9e69SDag-Erling Smørgrav 	    sessions_first_unused < 0) {
1733d4af9e69SDag-Erling Smørgrav 		fatal("%s: insane first_unused %d max %d nalloc %d",
1734d4af9e69SDag-Erling Smørgrav 		    __func__, sessions_first_unused, options.max_sessions,
1735d4af9e69SDag-Erling Smørgrav 		    sessions_nalloc);
1736d4af9e69SDag-Erling Smørgrav 	}
1737d4af9e69SDag-Erling Smørgrav 
1738d4af9e69SDag-Erling Smørgrav 	s = &sessions[sessions_first_unused];
1739d4af9e69SDag-Erling Smørgrav 	if (s->used) {
1740d4af9e69SDag-Erling Smørgrav 		fatal("%s: session %d already used",
1741d4af9e69SDag-Erling Smørgrav 		    __func__, sessions_first_unused);
1742d4af9e69SDag-Erling Smørgrav 	}
1743d4af9e69SDag-Erling Smørgrav 	sessions_first_unused = s->next_unused;
1744d4af9e69SDag-Erling Smørgrav 	s->used = 1;
1745d4af9e69SDag-Erling Smørgrav 	s->next_unused = -1;
1746d4af9e69SDag-Erling Smørgrav 	debug("session_new: session %d", s->self);
1747d4af9e69SDag-Erling Smørgrav 
1748d4af9e69SDag-Erling Smørgrav 	return s;
1749a04a10f8SKris Kennaway }
1750a04a10f8SKris Kennaway 
1751af12a3e7SDag-Erling Smørgrav static void
1752a04a10f8SKris Kennaway session_dump(void)
1753a04a10f8SKris Kennaway {
1754a04a10f8SKris Kennaway 	int i;
1755d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
1756a04a10f8SKris Kennaway 		Session *s = &sessions[i];
1757d4af9e69SDag-Erling Smørgrav 
1758d4af9e69SDag-Erling Smørgrav 		debug("dump: used %d next_unused %d session %d %p "
1759d4af9e69SDag-Erling Smørgrav 		    "channel %d pid %ld",
1760a04a10f8SKris Kennaway 		    s->used,
1761d4af9e69SDag-Erling Smørgrav 		    s->next_unused,
1762a04a10f8SKris Kennaway 		    s->self,
1763a04a10f8SKris Kennaway 		    s,
1764a04a10f8SKris Kennaway 		    s->chanid,
176580628bacSDag-Erling Smørgrav 		    (long)s->pid);
1766a04a10f8SKris Kennaway 	}
1767a04a10f8SKris Kennaway }
1768a04a10f8SKris Kennaway 
1769a04a10f8SKris Kennaway int
1770af12a3e7SDag-Erling Smørgrav session_open(Authctxt *authctxt, int chanid)
1771a04a10f8SKris Kennaway {
1772a04a10f8SKris Kennaway 	Session *s = session_new();
1773a04a10f8SKris Kennaway 	debug("session_open: channel %d", chanid);
1774a04a10f8SKris Kennaway 	if (s == NULL) {
1775a04a10f8SKris Kennaway 		error("no more sessions");
1776a04a10f8SKris Kennaway 		return 0;
1777a04a10f8SKris Kennaway 	}
1778af12a3e7SDag-Erling Smørgrav 	s->authctxt = authctxt;
1779af12a3e7SDag-Erling Smørgrav 	s->pw = authctxt->pw;
17801ec0d754SDag-Erling Smørgrav 	if (s->pw == NULL || !authctxt->valid)
1781ca3176e7SBrian Feldman 		fatal("no user for session %d", s->self);
1782a04a10f8SKris Kennaway 	debug("session_open: session %d: link with channel %d", s->self, chanid);
1783a04a10f8SKris Kennaway 	s->chanid = chanid;
1784a04a10f8SKris Kennaway 	return 1;
1785a04a10f8SKris Kennaway }
1786a04a10f8SKris Kennaway 
178780628bacSDag-Erling Smørgrav Session *
178880628bacSDag-Erling Smørgrav session_by_tty(char *tty)
178980628bacSDag-Erling Smørgrav {
179080628bacSDag-Erling Smørgrav 	int i;
1791d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
179280628bacSDag-Erling Smørgrav 		Session *s = &sessions[i];
179380628bacSDag-Erling Smørgrav 		if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
179480628bacSDag-Erling Smørgrav 			debug("session_by_tty: session %d tty %s", i, tty);
179580628bacSDag-Erling Smørgrav 			return s;
179680628bacSDag-Erling Smørgrav 		}
179780628bacSDag-Erling Smørgrav 	}
179880628bacSDag-Erling Smørgrav 	debug("session_by_tty: unknown tty %.100s", tty);
179980628bacSDag-Erling Smørgrav 	session_dump();
180080628bacSDag-Erling Smørgrav 	return NULL;
180180628bacSDag-Erling Smørgrav }
180280628bacSDag-Erling Smørgrav 
1803af12a3e7SDag-Erling Smørgrav static Session *
1804a04a10f8SKris Kennaway session_by_channel(int id)
1805a04a10f8SKris Kennaway {
1806a04a10f8SKris Kennaway 	int i;
1807d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
1808a04a10f8SKris Kennaway 		Session *s = &sessions[i];
1809a04a10f8SKris Kennaway 		if (s->used && s->chanid == id) {
1810d4af9e69SDag-Erling Smørgrav 			debug("session_by_channel: session %d channel %d",
1811d4af9e69SDag-Erling Smørgrav 			    i, id);
1812a04a10f8SKris Kennaway 			return s;
1813a04a10f8SKris Kennaway 		}
1814a04a10f8SKris Kennaway 	}
1815a04a10f8SKris Kennaway 	debug("session_by_channel: unknown channel %d", id);
1816a04a10f8SKris Kennaway 	session_dump();
1817a04a10f8SKris Kennaway 	return NULL;
1818a04a10f8SKris Kennaway }
1819a04a10f8SKris Kennaway 
1820af12a3e7SDag-Erling Smørgrav static Session *
1821d4ecd108SDag-Erling Smørgrav session_by_x11_channel(int id)
1822d4ecd108SDag-Erling Smørgrav {
1823d4ecd108SDag-Erling Smørgrav 	int i, j;
1824d4ecd108SDag-Erling Smørgrav 
1825d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
1826d4ecd108SDag-Erling Smørgrav 		Session *s = &sessions[i];
1827d4ecd108SDag-Erling Smørgrav 
1828d4ecd108SDag-Erling Smørgrav 		if (s->x11_chanids == NULL || !s->used)
1829d4ecd108SDag-Erling Smørgrav 			continue;
1830d4ecd108SDag-Erling Smørgrav 		for (j = 0; s->x11_chanids[j] != -1; j++) {
1831d4ecd108SDag-Erling Smørgrav 			if (s->x11_chanids[j] == id) {
1832d4ecd108SDag-Erling Smørgrav 				debug("session_by_x11_channel: session %d "
1833d4ecd108SDag-Erling Smørgrav 				    "channel %d", s->self, id);
1834d4ecd108SDag-Erling Smørgrav 				return s;
1835d4ecd108SDag-Erling Smørgrav 			}
1836d4ecd108SDag-Erling Smørgrav 		}
1837d4ecd108SDag-Erling Smørgrav 	}
1838d4ecd108SDag-Erling Smørgrav 	debug("session_by_x11_channel: unknown channel %d", id);
1839d4ecd108SDag-Erling Smørgrav 	session_dump();
1840d4ecd108SDag-Erling Smørgrav 	return NULL;
1841d4ecd108SDag-Erling Smørgrav }
1842d4ecd108SDag-Erling Smørgrav 
1843d4ecd108SDag-Erling Smørgrav static Session *
1844a04a10f8SKris Kennaway session_by_pid(pid_t pid)
1845a04a10f8SKris Kennaway {
1846a04a10f8SKris Kennaway 	int i;
184780628bacSDag-Erling Smørgrav 	debug("session_by_pid: pid %ld", (long)pid);
1848d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
1849a04a10f8SKris Kennaway 		Session *s = &sessions[i];
1850a04a10f8SKris Kennaway 		if (s->used && s->pid == pid)
1851a04a10f8SKris Kennaway 			return s;
1852a04a10f8SKris Kennaway 	}
185380628bacSDag-Erling Smørgrav 	error("session_by_pid: unknown pid %ld", (long)pid);
1854a04a10f8SKris Kennaway 	session_dump();
1855a04a10f8SKris Kennaway 	return NULL;
1856a04a10f8SKris Kennaway }
1857a04a10f8SKris Kennaway 
1858af12a3e7SDag-Erling Smørgrav static int
1859*4f52dfbbSDag-Erling Smørgrav session_window_change_req(struct ssh *ssh, Session *s)
1860a04a10f8SKris Kennaway {
1861a04a10f8SKris Kennaway 	s->col = packet_get_int();
1862a04a10f8SKris Kennaway 	s->row = packet_get_int();
1863a04a10f8SKris Kennaway 	s->xpixel = packet_get_int();
1864a04a10f8SKris Kennaway 	s->ypixel = packet_get_int();
1865af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
1866a04a10f8SKris Kennaway 	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1867a04a10f8SKris Kennaway 	return 1;
1868a04a10f8SKris Kennaway }
1869a04a10f8SKris Kennaway 
1870af12a3e7SDag-Erling Smørgrav static int
1871*4f52dfbbSDag-Erling Smørgrav session_pty_req(struct ssh *ssh, Session *s)
1872a04a10f8SKris Kennaway {
1873ca3176e7SBrian Feldman 	u_int len;
1874ca3176e7SBrian Feldman 	int n_bytes;
1875a04a10f8SKris Kennaway 
1876f7167e0eSDag-Erling Smørgrav 	if (no_pty_flag || !options.permit_tty) {
1877af12a3e7SDag-Erling Smørgrav 		debug("Allocating a pty not permitted for this authentication.");
1878c2d3a559SKris Kennaway 		return 0;
1879af12a3e7SDag-Erling Smørgrav 	}
1880af12a3e7SDag-Erling Smørgrav 	if (s->ttyfd != -1) {
1881af12a3e7SDag-Erling Smørgrav 		packet_disconnect("Protocol error: you already have a pty.");
1882a04a10f8SKris Kennaway 		return 0;
1883af12a3e7SDag-Erling Smørgrav 	}
1884af12a3e7SDag-Erling Smørgrav 
1885a04a10f8SKris Kennaway 	s->term = packet_get_string(&len);
1886a04a10f8SKris Kennaway 	s->col = packet_get_int();
1887a04a10f8SKris Kennaway 	s->row = packet_get_int();
1888a04a10f8SKris Kennaway 	s->xpixel = packet_get_int();
1889a04a10f8SKris Kennaway 	s->ypixel = packet_get_int();
1890a04a10f8SKris Kennaway 
1891a04a10f8SKris Kennaway 	if (strcmp(s->term, "") == 0) {
1892e4a9863fSDag-Erling Smørgrav 		free(s->term);
1893a04a10f8SKris Kennaway 		s->term = NULL;
1894a04a10f8SKris Kennaway 	}
1895af12a3e7SDag-Erling Smørgrav 
1896a04a10f8SKris Kennaway 	/* Allocate a pty and open it. */
1897af12a3e7SDag-Erling Smørgrav 	debug("Allocating pty.");
1898d4af9e69SDag-Erling Smørgrav 	if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
1899d4af9e69SDag-Erling Smørgrav 	    sizeof(s->tty)))) {
1900e4a9863fSDag-Erling Smørgrav 		free(s->term);
1901a04a10f8SKris Kennaway 		s->term = NULL;
1902a04a10f8SKris Kennaway 		s->ptyfd = -1;
1903a04a10f8SKris Kennaway 		s->ttyfd = -1;
1904a04a10f8SKris Kennaway 		error("session_pty_req: session %d alloc failed", s->self);
1905a04a10f8SKris Kennaway 		return 0;
1906a04a10f8SKris Kennaway 	}
1907a04a10f8SKris Kennaway 	debug("session_pty_req: session %d alloc %s", s->self, s->tty);
1908af12a3e7SDag-Erling Smørgrav 
1909af12a3e7SDag-Erling Smørgrav 	n_bytes = packet_remaining();
1910af12a3e7SDag-Erling Smørgrav 	tty_parse_modes(s->ttyfd, &n_bytes);
1911af12a3e7SDag-Erling Smørgrav 
191280628bacSDag-Erling Smørgrav 	if (!use_privsep)
1913a04a10f8SKris Kennaway 		pty_setowner(s->pw, s->tty);
1914af12a3e7SDag-Erling Smørgrav 
1915af12a3e7SDag-Erling Smørgrav 	/* Set window size from the packet. */
1916a04a10f8SKris Kennaway 	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
1917a04a10f8SKris Kennaway 
1918af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
1919a04a10f8SKris Kennaway 	session_proctitle(s);
1920a04a10f8SKris Kennaway 	return 1;
1921a04a10f8SKris Kennaway }
1922a04a10f8SKris Kennaway 
1923af12a3e7SDag-Erling Smørgrav static int
1924*4f52dfbbSDag-Erling Smørgrav session_subsystem_req(struct ssh *ssh, Session *s)
1925a04a10f8SKris Kennaway {
1926af12a3e7SDag-Erling Smørgrav 	struct stat st;
1927ca3176e7SBrian Feldman 	u_int len;
1928a04a10f8SKris Kennaway 	int success = 0;
1929f7167e0eSDag-Erling Smørgrav 	char *prog, *cmd;
1930d4ecd108SDag-Erling Smørgrav 	u_int i;
1931a04a10f8SKris Kennaway 
1932f7167e0eSDag-Erling Smørgrav 	s->subsys = packet_get_string(&len);
1933af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
1934f7167e0eSDag-Erling Smørgrav 	debug2("subsystem request for %.100s by user %s", s->subsys,
1935e2f6069cSDag-Erling Smørgrav 	    s->pw->pw_name);
1936a04a10f8SKris Kennaway 
1937c2d3a559SKris Kennaway 	for (i = 0; i < options.num_subsystems; i++) {
1938f7167e0eSDag-Erling Smørgrav 		if (strcmp(s->subsys, options.subsystem_name[i]) == 0) {
1939333ee039SDag-Erling Smørgrav 			prog = options.subsystem_command[i];
1940333ee039SDag-Erling Smørgrav 			cmd = options.subsystem_args[i];
1941b15c8340SDag-Erling Smørgrav 			if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) {
1942d4af9e69SDag-Erling Smørgrav 				s->is_subsystem = SUBSYSTEM_INT_SFTP;
1943b15c8340SDag-Erling Smørgrav 				debug("subsystem: %s", prog);
1944d4af9e69SDag-Erling Smørgrav 			} else {
1945b15c8340SDag-Erling Smørgrav 				if (stat(prog, &st) < 0)
1946b15c8340SDag-Erling Smørgrav 					debug("subsystem: cannot stat %s: %s",
1947b15c8340SDag-Erling Smørgrav 					    prog, strerror(errno));
1948d4af9e69SDag-Erling Smørgrav 				s->is_subsystem = SUBSYSTEM_EXT;
1949af12a3e7SDag-Erling Smørgrav 				debug("subsystem: exec() %s", cmd);
1950b15c8340SDag-Erling Smørgrav 			}
1951*4f52dfbbSDag-Erling Smørgrav 			success = do_exec(ssh, s, cmd) == 0;
1952af12a3e7SDag-Erling Smørgrav 			break;
1953c2d3a559SKris Kennaway 		}
1954c2d3a559SKris Kennaway 	}
1955c2d3a559SKris Kennaway 
1956c2d3a559SKris Kennaway 	if (!success)
1957f7167e0eSDag-Erling Smørgrav 		logit("subsystem request for %.100s by user %s failed, "
1958f7167e0eSDag-Erling Smørgrav 		    "subsystem not found", s->subsys, s->pw->pw_name);
1959c2d3a559SKris Kennaway 
1960a04a10f8SKris Kennaway 	return success;
1961a04a10f8SKris Kennaway }
1962a04a10f8SKris Kennaway 
1963af12a3e7SDag-Erling Smørgrav static int
1964*4f52dfbbSDag-Erling Smørgrav session_x11_req(struct ssh *ssh, Session *s)
1965a04a10f8SKris Kennaway {
1966af12a3e7SDag-Erling Smørgrav 	int success;
1967a04a10f8SKris Kennaway 
1968d4ecd108SDag-Erling Smørgrav 	if (s->auth_proto != NULL || s->auth_data != NULL) {
1969d4ecd108SDag-Erling Smørgrav 		error("session_x11_req: session %d: "
1970b74df5b2SDag-Erling Smørgrav 		    "x11 forwarding already active", s->self);
1971d4ecd108SDag-Erling Smørgrav 		return 0;
1972d4ecd108SDag-Erling Smørgrav 	}
1973a04a10f8SKris Kennaway 	s->single_connection = packet_get_char();
1974a04a10f8SKris Kennaway 	s->auth_proto = packet_get_string(NULL);
1975a04a10f8SKris Kennaway 	s->auth_data = packet_get_string(NULL);
1976a04a10f8SKris Kennaway 	s->screen = packet_get_int();
1977af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
1978a04a10f8SKris Kennaway 
1979acc1a9efSDag-Erling Smørgrav 	if (xauth_valid_string(s->auth_proto) &&
1980acc1a9efSDag-Erling Smørgrav 	    xauth_valid_string(s->auth_data))
1981*4f52dfbbSDag-Erling Smørgrav 		success = session_setup_x11fwd(ssh, s);
1982acc1a9efSDag-Erling Smørgrav 	else {
1983acc1a9efSDag-Erling Smørgrav 		success = 0;
1984acc1a9efSDag-Erling Smørgrav 		error("Invalid X11 forwarding data");
1985acc1a9efSDag-Erling Smørgrav 	}
1986af12a3e7SDag-Erling Smørgrav 	if (!success) {
1987e4a9863fSDag-Erling Smørgrav 		free(s->auth_proto);
1988e4a9863fSDag-Erling Smørgrav 		free(s->auth_data);
1989af12a3e7SDag-Erling Smørgrav 		s->auth_proto = NULL;
1990af12a3e7SDag-Erling Smørgrav 		s->auth_data = NULL;
1991a04a10f8SKris Kennaway 	}
1992af12a3e7SDag-Erling Smørgrav 	return success;
1993a04a10f8SKris Kennaway }
1994a04a10f8SKris Kennaway 
1995af12a3e7SDag-Erling Smørgrav static int
1996*4f52dfbbSDag-Erling Smørgrav session_shell_req(struct ssh *ssh, Session *s)
1997c2d3a559SKris Kennaway {
1998af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
1999*4f52dfbbSDag-Erling Smørgrav 	return do_exec(ssh, s, NULL) == 0;
2000c2d3a559SKris Kennaway }
2001c2d3a559SKris Kennaway 
2002af12a3e7SDag-Erling Smørgrav static int
2003*4f52dfbbSDag-Erling Smørgrav session_exec_req(struct ssh *ssh, Session *s)
2004c2d3a559SKris Kennaway {
2005d4af9e69SDag-Erling Smørgrav 	u_int len, success;
2006d4af9e69SDag-Erling Smørgrav 
2007c2d3a559SKris Kennaway 	char *command = packet_get_string(&len);
2008af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
2009*4f52dfbbSDag-Erling Smørgrav 	success = do_exec(ssh, s, command) == 0;
2010e4a9863fSDag-Erling Smørgrav 	free(command);
2011d4af9e69SDag-Erling Smørgrav 	return success;
2012c2d3a559SKris Kennaway }
2013c2d3a559SKris Kennaway 
2014af12a3e7SDag-Erling Smørgrav static int
2015*4f52dfbbSDag-Erling Smørgrav session_break_req(struct ssh *ssh, Session *s)
2016cf2b5f3bSDag-Erling Smørgrav {
2017cf2b5f3bSDag-Erling Smørgrav 
201821e764dfSDag-Erling Smørgrav 	packet_get_int();	/* ignored */
2019cf2b5f3bSDag-Erling Smørgrav 	packet_check_eom();
2020cf2b5f3bSDag-Erling Smørgrav 
2021462c32cbSDag-Erling Smørgrav 	if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
2022cf2b5f3bSDag-Erling Smørgrav 		return 0;
2023cf2b5f3bSDag-Erling Smørgrav 	return 1;
2024cf2b5f3bSDag-Erling Smørgrav }
2025cf2b5f3bSDag-Erling Smørgrav 
2026cf2b5f3bSDag-Erling Smørgrav static int
2027*4f52dfbbSDag-Erling Smørgrav session_env_req(struct ssh *ssh, Session *s)
202821e764dfSDag-Erling Smørgrav {
202921e764dfSDag-Erling Smørgrav 	char *name, *val;
203021e764dfSDag-Erling Smørgrav 	u_int name_len, val_len, i;
203121e764dfSDag-Erling Smørgrav 
2032b83788ffSDag-Erling Smørgrav 	name = packet_get_cstring(&name_len);
2033b83788ffSDag-Erling Smørgrav 	val = packet_get_cstring(&val_len);
203421e764dfSDag-Erling Smørgrav 	packet_check_eom();
203521e764dfSDag-Erling Smørgrav 
203621e764dfSDag-Erling Smørgrav 	/* Don't set too many environment variables */
203721e764dfSDag-Erling Smørgrav 	if (s->num_env > 128) {
203821e764dfSDag-Erling Smørgrav 		debug2("Ignoring env request %s: too many env vars", name);
203921e764dfSDag-Erling Smørgrav 		goto fail;
204021e764dfSDag-Erling Smørgrav 	}
204121e764dfSDag-Erling Smørgrav 
204221e764dfSDag-Erling Smørgrav 	for (i = 0; i < options.num_accept_env; i++) {
204321e764dfSDag-Erling Smørgrav 		if (match_pattern(name, options.accept_env[i])) {
204421e764dfSDag-Erling Smørgrav 			debug2("Setting env %d: %s=%s", s->num_env, name, val);
2045*4f52dfbbSDag-Erling Smørgrav 			s->env = xrecallocarray(s->env, s->num_env,
2046*4f52dfbbSDag-Erling Smørgrav 			    s->num_env + 1, sizeof(*s->env));
204721e764dfSDag-Erling Smørgrav 			s->env[s->num_env].name = name;
204821e764dfSDag-Erling Smørgrav 			s->env[s->num_env].val = val;
204921e764dfSDag-Erling Smørgrav 			s->num_env++;
205021e764dfSDag-Erling Smørgrav 			return (1);
205121e764dfSDag-Erling Smørgrav 		}
205221e764dfSDag-Erling Smørgrav 	}
205321e764dfSDag-Erling Smørgrav 	debug2("Ignoring env request %s: disallowed name", name);
205421e764dfSDag-Erling Smørgrav 
205521e764dfSDag-Erling Smørgrav  fail:
2056e4a9863fSDag-Erling Smørgrav 	free(name);
2057e4a9863fSDag-Erling Smørgrav 	free(val);
205821e764dfSDag-Erling Smørgrav 	return (0);
205921e764dfSDag-Erling Smørgrav }
206021e764dfSDag-Erling Smørgrav 
206121e764dfSDag-Erling Smørgrav static int
2062*4f52dfbbSDag-Erling Smørgrav session_auth_agent_req(struct ssh *ssh, Session *s)
2063ca3176e7SBrian Feldman {
2064ca3176e7SBrian Feldman 	static int called = 0;
2065af12a3e7SDag-Erling Smørgrav 	packet_check_eom();
2066d4af9e69SDag-Erling Smørgrav 	if (no_agent_forwarding_flag || !options.allow_agent_forwarding) {
2067ca3176e7SBrian Feldman 		debug("session_auth_agent_req: no_agent_forwarding_flag");
2068ca3176e7SBrian Feldman 		return 0;
2069ca3176e7SBrian Feldman 	}
2070ca3176e7SBrian Feldman 	if (called) {
2071ca3176e7SBrian Feldman 		return 0;
2072ca3176e7SBrian Feldman 	} else {
2073ca3176e7SBrian Feldman 		called = 1;
2074*4f52dfbbSDag-Erling Smørgrav 		return auth_input_request_forwarding(ssh, s->pw);
2075ca3176e7SBrian Feldman 	}
2076ca3176e7SBrian Feldman }
2077ca3176e7SBrian Feldman 
2078af12a3e7SDag-Erling Smørgrav int
2079*4f52dfbbSDag-Erling Smørgrav session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype)
2080a04a10f8SKris Kennaway {
2081a04a10f8SKris Kennaway 	int success = 0;
2082a04a10f8SKris Kennaway 	Session *s;
2083a04a10f8SKris Kennaway 
2084af12a3e7SDag-Erling Smørgrav 	if ((s = session_by_channel(c->self)) == NULL) {
2085*4f52dfbbSDag-Erling Smørgrav 		logit("%s: no session %d req %.100s", __func__, c->self, rtype);
2086af12a3e7SDag-Erling Smørgrav 		return 0;
2087af12a3e7SDag-Erling Smørgrav 	}
2088*4f52dfbbSDag-Erling Smørgrav 	debug("%s: session %d req %s", __func__, s->self, rtype);
2089a04a10f8SKris Kennaway 
2090a04a10f8SKris Kennaway 	/*
2091ca3176e7SBrian Feldman 	 * a session is in LARVAL state until a shell, a command
2092ca3176e7SBrian Feldman 	 * or a subsystem is executed
2093a04a10f8SKris Kennaway 	 */
2094a04a10f8SKris Kennaway 	if (c->type == SSH_CHANNEL_LARVAL) {
2095a04a10f8SKris Kennaway 		if (strcmp(rtype, "shell") == 0) {
2096*4f52dfbbSDag-Erling Smørgrav 			success = session_shell_req(ssh, s);
2097a04a10f8SKris Kennaway 		} else if (strcmp(rtype, "exec") == 0) {
2098*4f52dfbbSDag-Erling Smørgrav 			success = session_exec_req(ssh, s);
2099a04a10f8SKris Kennaway 		} else if (strcmp(rtype, "pty-req") == 0) {
2100*4f52dfbbSDag-Erling Smørgrav 			success = session_pty_req(ssh, s);
2101a04a10f8SKris Kennaway 		} else if (strcmp(rtype, "x11-req") == 0) {
2102*4f52dfbbSDag-Erling Smørgrav 			success = session_x11_req(ssh, s);
2103ca3176e7SBrian Feldman 		} else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
2104*4f52dfbbSDag-Erling Smørgrav 			success = session_auth_agent_req(ssh, s);
2105a04a10f8SKris Kennaway 		} else if (strcmp(rtype, "subsystem") == 0) {
2106*4f52dfbbSDag-Erling Smørgrav 			success = session_subsystem_req(ssh, s);
210721e764dfSDag-Erling Smørgrav 		} else if (strcmp(rtype, "env") == 0) {
2108*4f52dfbbSDag-Erling Smørgrav 			success = session_env_req(ssh, s);
2109a04a10f8SKris Kennaway 		}
2110a04a10f8SKris Kennaway 	}
2111a04a10f8SKris Kennaway 	if (strcmp(rtype, "window-change") == 0) {
2112*4f52dfbbSDag-Erling Smørgrav 		success = session_window_change_req(ssh, s);
211321e764dfSDag-Erling Smørgrav 	} else if (strcmp(rtype, "break") == 0) {
2114*4f52dfbbSDag-Erling Smørgrav 		success = session_break_req(ssh, s);
2115a04a10f8SKris Kennaway 	}
211621e764dfSDag-Erling Smørgrav 
2117af12a3e7SDag-Erling Smørgrav 	return success;
2118a04a10f8SKris Kennaway }
2119a04a10f8SKris Kennaway 
2120a04a10f8SKris Kennaway void
2121*4f52dfbbSDag-Erling Smørgrav session_set_fds(struct ssh *ssh, Session *s,
2122*4f52dfbbSDag-Erling Smørgrav     int fdin, int fdout, int fderr, int ignore_fderr, int is_tty)
2123a04a10f8SKris Kennaway {
2124a04a10f8SKris Kennaway 	/*
2125a04a10f8SKris Kennaway 	 * now that have a child and a pipe to the child,
2126a04a10f8SKris Kennaway 	 * we can activate our channel and register the fd's
2127a04a10f8SKris Kennaway 	 */
2128a04a10f8SKris Kennaway 	if (s->chanid == -1)
2129a04a10f8SKris Kennaway 		fatal("no channel for session %d", s->self);
2130*4f52dfbbSDag-Erling Smørgrav 	channel_set_fds(ssh, s->chanid,
213160c59fadSDag-Erling Smørgrav 	    fdout, fdin, fderr,
2132e2f6069cSDag-Erling Smørgrav 	    ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
2133d4af9e69SDag-Erling Smørgrav 	    1, is_tty, CHAN_SES_WINDOW_DEFAULT);
2134a04a10f8SKris Kennaway }
2135a04a10f8SKris Kennaway 
2136af12a3e7SDag-Erling Smørgrav /*
2137af12a3e7SDag-Erling Smørgrav  * Function to perform pty cleanup. Also called if we get aborted abnormally
2138af12a3e7SDag-Erling Smørgrav  * (e.g., due to a dropped connection).
2139af12a3e7SDag-Erling Smørgrav  */
214080628bacSDag-Erling Smørgrav void
21411ec0d754SDag-Erling Smørgrav session_pty_cleanup2(Session *s)
2142a04a10f8SKris Kennaway {
2143af12a3e7SDag-Erling Smørgrav 	if (s == NULL) {
2144af12a3e7SDag-Erling Smørgrav 		error("session_pty_cleanup: no session");
2145af12a3e7SDag-Erling Smørgrav 		return;
2146af12a3e7SDag-Erling Smørgrav 	}
2147af12a3e7SDag-Erling Smørgrav 	if (s->ttyfd == -1)
2148a04a10f8SKris Kennaway 		return;
2149a04a10f8SKris Kennaway 
2150ca3176e7SBrian Feldman 	debug("session_pty_cleanup: session %d release %s", s->self, s->tty);
2151a04a10f8SKris Kennaway 
2152a04a10f8SKris Kennaway 	/* Record that the user has logged out. */
2153af12a3e7SDag-Erling Smørgrav 	if (s->pid != 0)
2154989dd127SDag-Erling Smørgrav 		record_logout(s->pid, s->tty, s->pw->pw_name);
2155a04a10f8SKris Kennaway 
2156a04a10f8SKris Kennaway 	/* Release the pseudo-tty. */
215780628bacSDag-Erling Smørgrav 	if (getuid() == 0)
2158a04a10f8SKris Kennaway 		pty_release(s->tty);
2159a04a10f8SKris Kennaway 
2160a04a10f8SKris Kennaway 	/*
2161a04a10f8SKris Kennaway 	 * Close the server side of the socket pairs.  We must do this after
2162a04a10f8SKris Kennaway 	 * the pty cleanup, so that another process doesn't get this pty
2163a04a10f8SKris Kennaway 	 * while we're still cleaning up.
2164a04a10f8SKris Kennaway 	 */
2165d4af9e69SDag-Erling Smørgrav 	if (s->ptymaster != -1 && close(s->ptymaster) < 0)
2166d4af9e69SDag-Erling Smørgrav 		error("close(s->ptymaster/%d): %s",
2167d4af9e69SDag-Erling Smørgrav 		    s->ptymaster, strerror(errno));
2168af12a3e7SDag-Erling Smørgrav 
2169af12a3e7SDag-Erling Smørgrav 	/* unlink pty from session */
2170af12a3e7SDag-Erling Smørgrav 	s->ttyfd = -1;
2171a04a10f8SKris Kennaway }
2172a04a10f8SKris Kennaway 
217380628bacSDag-Erling Smørgrav void
21741ec0d754SDag-Erling Smørgrav session_pty_cleanup(Session *s)
217580628bacSDag-Erling Smørgrav {
21761ec0d754SDag-Erling Smørgrav 	PRIVSEP(session_pty_cleanup2(s));
217780628bacSDag-Erling Smørgrav }
217880628bacSDag-Erling Smørgrav 
2179f388f5efSDag-Erling Smørgrav static char *
2180f388f5efSDag-Erling Smørgrav sig2name(int sig)
2181f388f5efSDag-Erling Smørgrav {
2182f388f5efSDag-Erling Smørgrav #define SSH_SIG(x) if (sig == SIG ## x) return #x
2183f388f5efSDag-Erling Smørgrav 	SSH_SIG(ABRT);
2184f388f5efSDag-Erling Smørgrav 	SSH_SIG(ALRM);
2185f388f5efSDag-Erling Smørgrav 	SSH_SIG(FPE);
2186f388f5efSDag-Erling Smørgrav 	SSH_SIG(HUP);
2187f388f5efSDag-Erling Smørgrav 	SSH_SIG(ILL);
2188f388f5efSDag-Erling Smørgrav 	SSH_SIG(INT);
2189f388f5efSDag-Erling Smørgrav 	SSH_SIG(KILL);
2190f388f5efSDag-Erling Smørgrav 	SSH_SIG(PIPE);
2191f388f5efSDag-Erling Smørgrav 	SSH_SIG(QUIT);
2192f388f5efSDag-Erling Smørgrav 	SSH_SIG(SEGV);
2193f388f5efSDag-Erling Smørgrav 	SSH_SIG(TERM);
2194f388f5efSDag-Erling Smørgrav 	SSH_SIG(USR1);
2195f388f5efSDag-Erling Smørgrav 	SSH_SIG(USR2);
2196f388f5efSDag-Erling Smørgrav #undef	SSH_SIG
2197f388f5efSDag-Erling Smørgrav 	return "SIG@openssh.com";
2198f388f5efSDag-Erling Smørgrav }
2199f388f5efSDag-Erling Smørgrav 
2200af12a3e7SDag-Erling Smørgrav static void
2201*4f52dfbbSDag-Erling Smørgrav session_close_x11(struct ssh *ssh, int id)
2202d4ecd108SDag-Erling Smørgrav {
2203d4ecd108SDag-Erling Smørgrav 	Channel *c;
2204d4ecd108SDag-Erling Smørgrav 
2205*4f52dfbbSDag-Erling Smørgrav 	if ((c = channel_by_id(ssh, id)) == NULL) {
2206*4f52dfbbSDag-Erling Smørgrav 		debug("%s: x11 channel %d missing", __func__, id);
2207d4ecd108SDag-Erling Smørgrav 	} else {
2208d4ecd108SDag-Erling Smørgrav 		/* Detach X11 listener */
2209*4f52dfbbSDag-Erling Smørgrav 		debug("%s: detach x11 channel %d", __func__, id);
2210*4f52dfbbSDag-Erling Smørgrav 		channel_cancel_cleanup(ssh, id);
2211d4ecd108SDag-Erling Smørgrav 		if (c->ostate != CHAN_OUTPUT_CLOSED)
2212*4f52dfbbSDag-Erling Smørgrav 			chan_mark_dead(ssh, c);
2213d4ecd108SDag-Erling Smørgrav 	}
2214d4ecd108SDag-Erling Smørgrav }
2215d4ecd108SDag-Erling Smørgrav 
2216d4ecd108SDag-Erling Smørgrav static void
2217*4f52dfbbSDag-Erling Smørgrav session_close_single_x11(struct ssh *ssh, int id, void *arg)
2218d4ecd108SDag-Erling Smørgrav {
2219d4ecd108SDag-Erling Smørgrav 	Session *s;
2220d4ecd108SDag-Erling Smørgrav 	u_int i;
2221d4ecd108SDag-Erling Smørgrav 
2222*4f52dfbbSDag-Erling Smørgrav 	debug3("%s: channel %d", __func__, id);
2223*4f52dfbbSDag-Erling Smørgrav 	channel_cancel_cleanup(ssh, id);
2224d4ecd108SDag-Erling Smørgrav 	if ((s = session_by_x11_channel(id)) == NULL)
2225*4f52dfbbSDag-Erling Smørgrav 		fatal("%s: no x11 channel %d", __func__, id);
2226d4ecd108SDag-Erling Smørgrav 	for (i = 0; s->x11_chanids[i] != -1; i++) {
2227*4f52dfbbSDag-Erling Smørgrav 		debug("%s: session %d: closing channel %d",
2228*4f52dfbbSDag-Erling Smørgrav 		    __func__, s->self, s->x11_chanids[i]);
2229d4ecd108SDag-Erling Smørgrav 		/*
2230d4ecd108SDag-Erling Smørgrav 		 * The channel "id" is already closing, but make sure we
2231d4ecd108SDag-Erling Smørgrav 		 * close all of its siblings.
2232d4ecd108SDag-Erling Smørgrav 		 */
2233d4ecd108SDag-Erling Smørgrav 		if (s->x11_chanids[i] != id)
2234*4f52dfbbSDag-Erling Smørgrav 			session_close_x11(ssh, s->x11_chanids[i]);
2235d4ecd108SDag-Erling Smørgrav 	}
2236e4a9863fSDag-Erling Smørgrav 	free(s->x11_chanids);
2237d4ecd108SDag-Erling Smørgrav 	s->x11_chanids = NULL;
2238e4a9863fSDag-Erling Smørgrav 	free(s->display);
2239d4ecd108SDag-Erling Smørgrav 	s->display = NULL;
2240e4a9863fSDag-Erling Smørgrav 	free(s->auth_proto);
2241d4ecd108SDag-Erling Smørgrav 	s->auth_proto = NULL;
2242e4a9863fSDag-Erling Smørgrav 	free(s->auth_data);
2243d4ecd108SDag-Erling Smørgrav 	s->auth_data = NULL;
2244e4a9863fSDag-Erling Smørgrav 	free(s->auth_display);
2245d4ecd108SDag-Erling Smørgrav 	s->auth_display = NULL;
2246d4ecd108SDag-Erling Smørgrav }
2247d4ecd108SDag-Erling Smørgrav 
2248d4ecd108SDag-Erling Smørgrav static void
2249*4f52dfbbSDag-Erling Smørgrav session_exit_message(struct ssh *ssh, Session *s, int status)
2250a04a10f8SKris Kennaway {
2251a04a10f8SKris Kennaway 	Channel *c;
2252af12a3e7SDag-Erling Smørgrav 
2253*4f52dfbbSDag-Erling Smørgrav 	if ((c = channel_lookup(ssh, s->chanid)) == NULL)
2254*4f52dfbbSDag-Erling Smørgrav 		fatal("%s: session %d: no channel %d",
2255*4f52dfbbSDag-Erling Smørgrav 		    __func__, s->self, s->chanid);
2256*4f52dfbbSDag-Erling Smørgrav 	debug("%s: session %d channel %d pid %ld",
2257*4f52dfbbSDag-Erling Smørgrav 	    __func__, s->self, s->chanid, (long)s->pid);
2258a04a10f8SKris Kennaway 
2259a04a10f8SKris Kennaway 	if (WIFEXITED(status)) {
2260*4f52dfbbSDag-Erling Smørgrav 		channel_request_start(ssh, s->chanid, "exit-status", 0);
2261a04a10f8SKris Kennaway 		packet_put_int(WEXITSTATUS(status));
2262a04a10f8SKris Kennaway 		packet_send();
2263a04a10f8SKris Kennaway 	} else if (WIFSIGNALED(status)) {
2264*4f52dfbbSDag-Erling Smørgrav 		channel_request_start(ssh, s->chanid, "exit-signal", 0);
2265f388f5efSDag-Erling Smørgrav 		packet_put_cstring(sig2name(WTERMSIG(status)));
2266989dd127SDag-Erling Smørgrav #ifdef WCOREDUMP
2267d4af9e69SDag-Erling Smørgrav 		packet_put_char(WCOREDUMP(status)? 1 : 0);
2268989dd127SDag-Erling Smørgrav #else /* WCOREDUMP */
2269989dd127SDag-Erling Smørgrav 		packet_put_char(0);
2270989dd127SDag-Erling Smørgrav #endif /* WCOREDUMP */
2271a04a10f8SKris Kennaway 		packet_put_cstring("");
2272a04a10f8SKris Kennaway 		packet_put_cstring("");
2273a04a10f8SKris Kennaway 		packet_send();
2274a04a10f8SKris Kennaway 	} else {
2275a04a10f8SKris Kennaway 		/* Some weird exit cause.  Just exit. */
2276a04a10f8SKris Kennaway 		packet_disconnect("wait returned status %04x.", status);
2277a04a10f8SKris Kennaway 	}
2278a04a10f8SKris Kennaway 
2279a04a10f8SKris Kennaway 	/* disconnect channel */
2280*4f52dfbbSDag-Erling Smørgrav 	debug("%s: release channel %d", __func__, s->chanid);
2281b74df5b2SDag-Erling Smørgrav 
2282b74df5b2SDag-Erling Smørgrav 	/*
2283b74df5b2SDag-Erling Smørgrav 	 * Adjust cleanup callback attachment to send close messages when
2284b74df5b2SDag-Erling Smørgrav 	 * the channel gets EOF. The session will be then be closed
2285b74df5b2SDag-Erling Smørgrav 	 * by session_close_by_channel when the childs close their fds.
2286b74df5b2SDag-Erling Smørgrav 	 */
2287*4f52dfbbSDag-Erling Smørgrav 	channel_register_cleanup(ssh, c->self, session_close_by_channel, 1);
2288b74df5b2SDag-Erling Smørgrav 
2289a04a10f8SKris Kennaway 	/*
2290a04a10f8SKris Kennaway 	 * emulate a write failure with 'chan_write_failed', nobody will be
2291a04a10f8SKris Kennaway 	 * interested in data we write.
2292a04a10f8SKris Kennaway 	 * Note that we must not call 'chan_read_failed', since there could
2293a04a10f8SKris Kennaway 	 * be some more data waiting in the pipe.
2294a04a10f8SKris Kennaway 	 */
2295a04a10f8SKris Kennaway 	if (c->ostate != CHAN_OUTPUT_CLOSED)
2296*4f52dfbbSDag-Erling Smørgrav 		chan_write_failed(ssh, c);
2297a04a10f8SKris Kennaway }
2298a04a10f8SKris Kennaway 
229980628bacSDag-Erling Smørgrav void
2300*4f52dfbbSDag-Erling Smørgrav session_close(struct ssh *ssh, Session *s)
2301a04a10f8SKris Kennaway {
2302d4ecd108SDag-Erling Smørgrav 	u_int i;
230321e764dfSDag-Erling Smørgrav 
2304acc1a9efSDag-Erling Smørgrav 	verbose("Close session: user %s from %.200s port %d id %d",
2305acc1a9efSDag-Erling Smørgrav 	    s->pw->pw_name,
2306076ad2f8SDag-Erling Smørgrav 	    ssh_remote_ipaddr(ssh),
2307076ad2f8SDag-Erling Smørgrav 	    ssh_remote_port(ssh),
2308acc1a9efSDag-Erling Smørgrav 	    s->self);
2309acc1a9efSDag-Erling Smørgrav 
23101ec0d754SDag-Erling Smørgrav 	if (s->ttyfd != -1)
2311af12a3e7SDag-Erling Smørgrav 		session_pty_cleanup(s);
2312e4a9863fSDag-Erling Smørgrav 	free(s->term);
2313e4a9863fSDag-Erling Smørgrav 	free(s->display);
2314e4a9863fSDag-Erling Smørgrav 	free(s->x11_chanids);
2315e4a9863fSDag-Erling Smørgrav 	free(s->auth_display);
2316e4a9863fSDag-Erling Smørgrav 	free(s->auth_data);
2317e4a9863fSDag-Erling Smørgrav 	free(s->auth_proto);
2318f7167e0eSDag-Erling Smørgrav 	free(s->subsys);
2319333ee039SDag-Erling Smørgrav 	if (s->env != NULL) {
232021e764dfSDag-Erling Smørgrav 		for (i = 0; i < s->num_env; i++) {
2321e4a9863fSDag-Erling Smørgrav 			free(s->env[i].name);
2322e4a9863fSDag-Erling Smørgrav 			free(s->env[i].val);
232321e764dfSDag-Erling Smørgrav 		}
2324e4a9863fSDag-Erling Smørgrav 		free(s->env);
2325333ee039SDag-Erling Smørgrav 	}
2326a04a10f8SKris Kennaway 	session_proctitle(s);
2327d4af9e69SDag-Erling Smørgrav 	session_unused(s->self);
2328a04a10f8SKris Kennaway }
2329a04a10f8SKris Kennaway 
2330a04a10f8SKris Kennaway void
2331*4f52dfbbSDag-Erling Smørgrav session_close_by_pid(struct ssh *ssh, pid_t pid, int status)
2332a04a10f8SKris Kennaway {
2333a04a10f8SKris Kennaway 	Session *s = session_by_pid(pid);
2334a04a10f8SKris Kennaway 	if (s == NULL) {
2335*4f52dfbbSDag-Erling Smørgrav 		debug("%s: no session for pid %ld", __func__, (long)pid);
2336a04a10f8SKris Kennaway 		return;
2337a04a10f8SKris Kennaway 	}
2338a04a10f8SKris Kennaway 	if (s->chanid != -1)
2339*4f52dfbbSDag-Erling Smørgrav 		session_exit_message(ssh, s, status);
2340b74df5b2SDag-Erling Smørgrav 	if (s->ttyfd != -1)
2341b74df5b2SDag-Erling Smørgrav 		session_pty_cleanup(s);
2342333ee039SDag-Erling Smørgrav 	s->pid = 0;
2343a04a10f8SKris Kennaway }
2344a04a10f8SKris Kennaway 
2345a04a10f8SKris Kennaway /*
2346a04a10f8SKris Kennaway  * this is called when a channel dies before
2347a04a10f8SKris Kennaway  * the session 'child' itself dies
2348a04a10f8SKris Kennaway  */
2349a04a10f8SKris Kennaway void
2350*4f52dfbbSDag-Erling Smørgrav session_close_by_channel(struct ssh *ssh, int id, void *arg)
2351a04a10f8SKris Kennaway {
2352a04a10f8SKris Kennaway 	Session *s = session_by_channel(id);
2353b74df5b2SDag-Erling Smørgrav 	u_int i;
2354d4ecd108SDag-Erling Smørgrav 
2355a04a10f8SKris Kennaway 	if (s == NULL) {
2356*4f52dfbbSDag-Erling Smørgrav 		debug("%s: no session for id %d", __func__, id);
2357a04a10f8SKris Kennaway 		return;
2358a04a10f8SKris Kennaway 	}
2359*4f52dfbbSDag-Erling Smørgrav 	debug("%s: channel %d child %ld", __func__, id, (long)s->pid);
2360af12a3e7SDag-Erling Smørgrav 	if (s->pid != 0) {
2361*4f52dfbbSDag-Erling Smørgrav 		debug("%s: channel %d: has child", __func__, id);
2362af12a3e7SDag-Erling Smørgrav 		/*
2363af12a3e7SDag-Erling Smørgrav 		 * delay detach of session, but release pty, since
2364af12a3e7SDag-Erling Smørgrav 		 * the fd's to the child are already closed
2365af12a3e7SDag-Erling Smørgrav 		 */
23661ec0d754SDag-Erling Smørgrav 		if (s->ttyfd != -1)
2367af12a3e7SDag-Erling Smørgrav 			session_pty_cleanup(s);
2368af12a3e7SDag-Erling Smørgrav 		return;
2369af12a3e7SDag-Erling Smørgrav 	}
2370af12a3e7SDag-Erling Smørgrav 	/* detach by removing callback */
2371*4f52dfbbSDag-Erling Smørgrav 	channel_cancel_cleanup(ssh, s->chanid);
2372b74df5b2SDag-Erling Smørgrav 
2373b74df5b2SDag-Erling Smørgrav 	/* Close any X11 listeners associated with this session */
2374b74df5b2SDag-Erling Smørgrav 	if (s->x11_chanids != NULL) {
2375b74df5b2SDag-Erling Smørgrav 		for (i = 0; s->x11_chanids[i] != -1; i++) {
2376*4f52dfbbSDag-Erling Smørgrav 			session_close_x11(ssh, s->x11_chanids[i]);
2377b74df5b2SDag-Erling Smørgrav 			s->x11_chanids[i] = -1;
2378b74df5b2SDag-Erling Smørgrav 		}
2379b74df5b2SDag-Erling Smørgrav 	}
2380b74df5b2SDag-Erling Smørgrav 
2381a04a10f8SKris Kennaway 	s->chanid = -1;
2382*4f52dfbbSDag-Erling Smørgrav 	session_close(ssh, s);
2383af12a3e7SDag-Erling Smørgrav }
2384af12a3e7SDag-Erling Smørgrav 
2385af12a3e7SDag-Erling Smørgrav void
2386*4f52dfbbSDag-Erling Smørgrav session_destroy_all(struct ssh *ssh, void (*closefunc)(Session *))
2387af12a3e7SDag-Erling Smørgrav {
2388af12a3e7SDag-Erling Smørgrav 	int i;
2389d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
2390af12a3e7SDag-Erling Smørgrav 		Session *s = &sessions[i];
239180628bacSDag-Erling Smørgrav 		if (s->used) {
239280628bacSDag-Erling Smørgrav 			if (closefunc != NULL)
239380628bacSDag-Erling Smørgrav 				closefunc(s);
239480628bacSDag-Erling Smørgrav 			else
2395*4f52dfbbSDag-Erling Smørgrav 				session_close(ssh, s);
2396a04a10f8SKris Kennaway 		}
2397a04a10f8SKris Kennaway 	}
239880628bacSDag-Erling Smørgrav }
2399a04a10f8SKris Kennaway 
2400af12a3e7SDag-Erling Smørgrav static char *
2401a04a10f8SKris Kennaway session_tty_list(void)
2402a04a10f8SKris Kennaway {
2403a04a10f8SKris Kennaway 	static char buf[1024];
2404a04a10f8SKris Kennaway 	int i;
2405e73e9afaSDag-Erling Smørgrav 	char *cp;
2406e73e9afaSDag-Erling Smørgrav 
2407a04a10f8SKris Kennaway 	buf[0] = '\0';
2408d4af9e69SDag-Erling Smørgrav 	for (i = 0; i < sessions_nalloc; i++) {
2409a04a10f8SKris Kennaway 		Session *s = &sessions[i];
2410a04a10f8SKris Kennaway 		if (s->used && s->ttyfd != -1) {
2411e73e9afaSDag-Erling Smørgrav 
2412e73e9afaSDag-Erling Smørgrav 			if (strncmp(s->tty, "/dev/", 5) != 0) {
2413e73e9afaSDag-Erling Smørgrav 				cp = strrchr(s->tty, '/');
2414e73e9afaSDag-Erling Smørgrav 				cp = (cp == NULL) ? s->tty : cp + 1;
2415e73e9afaSDag-Erling Smørgrav 			} else
2416e73e9afaSDag-Erling Smørgrav 				cp = s->tty + 5;
2417e73e9afaSDag-Erling Smørgrav 
2418a04a10f8SKris Kennaway 			if (buf[0] != '\0')
2419a04a10f8SKris Kennaway 				strlcat(buf, ",", sizeof buf);
2420e73e9afaSDag-Erling Smørgrav 			strlcat(buf, cp, sizeof buf);
2421a04a10f8SKris Kennaway 		}
2422a04a10f8SKris Kennaway 	}
2423a04a10f8SKris Kennaway 	if (buf[0] == '\0')
2424a04a10f8SKris Kennaway 		strlcpy(buf, "notty", sizeof buf);
2425a04a10f8SKris Kennaway 	return buf;
2426a04a10f8SKris Kennaway }
2427a04a10f8SKris Kennaway 
2428a04a10f8SKris Kennaway void
2429a04a10f8SKris Kennaway session_proctitle(Session *s)
2430a04a10f8SKris Kennaway {
2431a04a10f8SKris Kennaway 	if (s->pw == NULL)
2432a04a10f8SKris Kennaway 		error("no user for session %d", s->self);
2433a04a10f8SKris Kennaway 	else
2434a04a10f8SKris Kennaway 		setproctitle("%s@%s", s->pw->pw_name, session_tty_list());
2435a04a10f8SKris Kennaway }
2436a04a10f8SKris Kennaway 
2437af12a3e7SDag-Erling Smørgrav int
2438*4f52dfbbSDag-Erling Smørgrav session_setup_x11fwd(struct ssh *ssh, Session *s)
2439af12a3e7SDag-Erling Smørgrav {
2440af12a3e7SDag-Erling Smørgrav 	struct stat st;
2441af12a3e7SDag-Erling Smørgrav 	char display[512], auth_display[512];
2442a0ee8cc6SDag-Erling Smørgrav 	char hostname[NI_MAXHOST];
2443d4ecd108SDag-Erling Smørgrav 	u_int i;
2444af12a3e7SDag-Erling Smørgrav 
2445af12a3e7SDag-Erling Smørgrav 	if (no_x11_forwarding_flag) {
2446af12a3e7SDag-Erling Smørgrav 		packet_send_debug("X11 forwarding disabled in user configuration file.");
2447af12a3e7SDag-Erling Smørgrav 		return 0;
2448af12a3e7SDag-Erling Smørgrav 	}
2449af12a3e7SDag-Erling Smørgrav 	if (!options.x11_forwarding) {
2450af12a3e7SDag-Erling Smørgrav 		debug("X11 forwarding disabled in server configuration file.");
2451af12a3e7SDag-Erling Smørgrav 		return 0;
2452af12a3e7SDag-Erling Smørgrav 	}
2453bc5531deSDag-Erling Smørgrav 	if (options.xauth_location == NULL ||
2454af12a3e7SDag-Erling Smørgrav 	    (stat(options.xauth_location, &st) == -1)) {
2455af12a3e7SDag-Erling Smørgrav 		packet_send_debug("No xauth program; cannot forward with spoofing.");
2456af12a3e7SDag-Erling Smørgrav 		return 0;
2457af12a3e7SDag-Erling Smørgrav 	}
2458af12a3e7SDag-Erling Smørgrav 	if (s->display != NULL) {
2459af12a3e7SDag-Erling Smørgrav 		debug("X11 display already set.");
2460af12a3e7SDag-Erling Smørgrav 		return 0;
2461af12a3e7SDag-Erling Smørgrav 	}
2462*4f52dfbbSDag-Erling Smørgrav 	if (x11_create_display_inet(ssh, options.x11_display_offset,
2463a82e551fSDag-Erling Smørgrav 	    options.x11_use_localhost, s->single_connection,
2464d4ecd108SDag-Erling Smørgrav 	    &s->display_number, &s->x11_chanids) == -1) {
2465af12a3e7SDag-Erling Smørgrav 		debug("x11_create_display_inet failed.");
2466af12a3e7SDag-Erling Smørgrav 		return 0;
2467af12a3e7SDag-Erling Smørgrav 	}
2468d4ecd108SDag-Erling Smørgrav 	for (i = 0; s->x11_chanids[i] != -1; i++) {
2469*4f52dfbbSDag-Erling Smørgrav 		channel_register_cleanup(ssh, s->x11_chanids[i],
2470b74df5b2SDag-Erling Smørgrav 		    session_close_single_x11, 0);
2471d4ecd108SDag-Erling Smørgrav 	}
2472af12a3e7SDag-Erling Smørgrav 
2473af12a3e7SDag-Erling Smørgrav 	/* Set up a suitable value for the DISPLAY variable. */
2474af12a3e7SDag-Erling Smørgrav 	if (gethostname(hostname, sizeof(hostname)) < 0)
2475af12a3e7SDag-Erling Smørgrav 		fatal("gethostname: %.100s", strerror(errno));
2476af12a3e7SDag-Erling Smørgrav 	/*
2477af12a3e7SDag-Erling Smørgrav 	 * auth_display must be used as the displayname when the
2478af12a3e7SDag-Erling Smørgrav 	 * authorization entry is added with xauth(1).  This will be
2479af12a3e7SDag-Erling Smørgrav 	 * different than the DISPLAY string for localhost displays.
2480af12a3e7SDag-Erling Smørgrav 	 */
2481af12a3e7SDag-Erling Smørgrav 	if (options.x11_use_localhost) {
2482a82e551fSDag-Erling Smørgrav 		snprintf(display, sizeof display, "localhost:%u.%u",
2483af12a3e7SDag-Erling Smørgrav 		    s->display_number, s->screen);
2484a82e551fSDag-Erling Smørgrav 		snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
2485af12a3e7SDag-Erling Smørgrav 		    s->display_number, s->screen);
2486af12a3e7SDag-Erling Smørgrav 		s->display = xstrdup(display);
2487af12a3e7SDag-Erling Smørgrav 		s->auth_display = xstrdup(auth_display);
2488af12a3e7SDag-Erling Smørgrav 	} else {
2489989dd127SDag-Erling Smørgrav #ifdef IPADDR_IN_DISPLAY
2490989dd127SDag-Erling Smørgrav 		struct hostent *he;
2491989dd127SDag-Erling Smørgrav 		struct in_addr my_addr;
2492989dd127SDag-Erling Smørgrav 
2493989dd127SDag-Erling Smørgrav 		he = gethostbyname(hostname);
2494989dd127SDag-Erling Smørgrav 		if (he == NULL) {
2495989dd127SDag-Erling Smørgrav 			error("Can't get IP address for X11 DISPLAY.");
2496989dd127SDag-Erling Smørgrav 			packet_send_debug("Can't get IP address for X11 DISPLAY.");
2497989dd127SDag-Erling Smørgrav 			return 0;
2498989dd127SDag-Erling Smørgrav 		}
2499989dd127SDag-Erling Smørgrav 		memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
2500a82e551fSDag-Erling Smørgrav 		snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
2501989dd127SDag-Erling Smørgrav 		    s->display_number, s->screen);
2502989dd127SDag-Erling Smørgrav #else
2503a82e551fSDag-Erling Smørgrav 		snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
2504af12a3e7SDag-Erling Smørgrav 		    s->display_number, s->screen);
2505989dd127SDag-Erling Smørgrav #endif
2506af12a3e7SDag-Erling Smørgrav 		s->display = xstrdup(display);
2507af12a3e7SDag-Erling Smørgrav 		s->auth_display = xstrdup(display);
2508af12a3e7SDag-Erling Smørgrav 	}
2509af12a3e7SDag-Erling Smørgrav 
2510af12a3e7SDag-Erling Smørgrav 	return 1;
2511af12a3e7SDag-Erling Smørgrav }
2512af12a3e7SDag-Erling Smørgrav 
2513af12a3e7SDag-Erling Smørgrav static void
2514*4f52dfbbSDag-Erling Smørgrav do_authenticated2(struct ssh *ssh, Authctxt *authctxt)
2515a04a10f8SKris Kennaway {
2516*4f52dfbbSDag-Erling Smørgrav 	server_loop2(ssh, authctxt);
25171ec0d754SDag-Erling Smørgrav }
25181ec0d754SDag-Erling Smørgrav 
25191ec0d754SDag-Erling Smørgrav void
2520*4f52dfbbSDag-Erling Smørgrav do_cleanup(struct ssh *ssh, Authctxt *authctxt)
25211ec0d754SDag-Erling Smørgrav {
25221ec0d754SDag-Erling Smørgrav 	static int called = 0;
25231ec0d754SDag-Erling Smørgrav 
25241ec0d754SDag-Erling Smørgrav 	debug("do_cleanup");
25251ec0d754SDag-Erling Smørgrav 
25261ec0d754SDag-Erling Smørgrav 	/* no cleanup if we're in the child for login shell */
25271ec0d754SDag-Erling Smørgrav 	if (is_child)
25281ec0d754SDag-Erling Smørgrav 		return;
25291ec0d754SDag-Erling Smørgrav 
25301ec0d754SDag-Erling Smørgrav 	/* avoid double cleanup */
25311ec0d754SDag-Erling Smørgrav 	if (called)
25321ec0d754SDag-Erling Smørgrav 		return;
25331ec0d754SDag-Erling Smørgrav 	called = 1;
25341ec0d754SDag-Erling Smørgrav 
2535d4af9e69SDag-Erling Smørgrav 	if (authctxt == NULL)
25361ec0d754SDag-Erling Smørgrav 		return;
2537d4af9e69SDag-Erling Smørgrav 
2538d4af9e69SDag-Erling Smørgrav #ifdef USE_PAM
2539d4af9e69SDag-Erling Smørgrav 	if (options.use_pam) {
2540d4af9e69SDag-Erling Smørgrav 		sshpam_cleanup();
2541d4af9e69SDag-Erling Smørgrav 		sshpam_thread_cleanup();
2542d4af9e69SDag-Erling Smørgrav 	}
2543d4af9e69SDag-Erling Smørgrav #endif
2544d4af9e69SDag-Erling Smørgrav 
2545d4af9e69SDag-Erling Smørgrav 	if (!authctxt->authenticated)
2546d4af9e69SDag-Erling Smørgrav 		return;
2547d4af9e69SDag-Erling Smørgrav 
25481ec0d754SDag-Erling Smørgrav #ifdef KRB5
25491ec0d754SDag-Erling Smørgrav 	if (options.kerberos_ticket_cleanup &&
25501ec0d754SDag-Erling Smørgrav 	    authctxt->krb5_ctx)
25511ec0d754SDag-Erling Smørgrav 		krb5_cleanup_proc(authctxt);
2552cf2b5f3bSDag-Erling Smørgrav #endif
25531ec0d754SDag-Erling Smørgrav 
25541ec0d754SDag-Erling Smørgrav #ifdef GSSAPI
2555ca86bcf2SDag-Erling Smørgrav 	if (options.gss_cleanup_creds)
25561ec0d754SDag-Erling Smørgrav 		ssh_gssapi_cleanup_creds();
25571ec0d754SDag-Erling Smørgrav #endif
25581ec0d754SDag-Erling Smørgrav 
25591ec0d754SDag-Erling Smørgrav 	/* remove agent socket */
25601ec0d754SDag-Erling Smørgrav 	auth_sock_cleanup_proc(authctxt->pw);
25611ec0d754SDag-Erling Smørgrav 
2562*4f52dfbbSDag-Erling Smørgrav 	/* remove userauth info */
2563*4f52dfbbSDag-Erling Smørgrav 	if (auth_info_file != NULL) {
2564*4f52dfbbSDag-Erling Smørgrav 		temporarily_use_uid(authctxt->pw);
2565*4f52dfbbSDag-Erling Smørgrav 		unlink(auth_info_file);
2566*4f52dfbbSDag-Erling Smørgrav 		restore_uid();
2567*4f52dfbbSDag-Erling Smørgrav 		free(auth_info_file);
2568*4f52dfbbSDag-Erling Smørgrav 		auth_info_file = NULL;
2569*4f52dfbbSDag-Erling Smørgrav 	}
2570*4f52dfbbSDag-Erling Smørgrav 
25711ec0d754SDag-Erling Smørgrav 	/*
25721ec0d754SDag-Erling Smørgrav 	 * Cleanup ptys/utmp only if privsep is disabled,
25731ec0d754SDag-Erling Smørgrav 	 * or if running in monitor.
25741ec0d754SDag-Erling Smørgrav 	 */
25751ec0d754SDag-Erling Smørgrav 	if (!use_privsep || mm_is_monitor())
2576*4f52dfbbSDag-Erling Smørgrav 		session_destroy_all(ssh, session_pty_cleanup2);
2577a04a10f8SKris Kennaway }
2578076ad2f8SDag-Erling Smørgrav 
2579076ad2f8SDag-Erling Smørgrav /* Return a name for the remote host that fits inside utmp_size */
2580076ad2f8SDag-Erling Smørgrav 
2581076ad2f8SDag-Erling Smørgrav const char *
2582076ad2f8SDag-Erling Smørgrav session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns)
2583076ad2f8SDag-Erling Smørgrav {
2584076ad2f8SDag-Erling Smørgrav 	const char *remote = "";
2585076ad2f8SDag-Erling Smørgrav 
2586076ad2f8SDag-Erling Smørgrav 	if (utmp_size > 0)
2587076ad2f8SDag-Erling Smørgrav 		remote = auth_get_canonical_hostname(ssh, use_dns);
2588076ad2f8SDag-Erling Smørgrav 	if (utmp_size == 0 || strlen(remote) > utmp_size)
2589076ad2f8SDag-Erling Smørgrav 		remote = ssh_remote_ipaddr(ssh);
2590076ad2f8SDag-Erling Smørgrav 	return remote;
2591076ad2f8SDag-Erling Smørgrav }
2592076ad2f8SDag-Erling Smørgrav 
2593