diff options
Diffstat (limited to '')
-rw-r--r-- | session.c | 51 |
1 files changed, 18 insertions, 33 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.337 2024/02/01 02:37:33 djm Exp $ */ +/* $OpenBSD: session.c,v 1.338 2024/05/17 00:30:24 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -103,6 +103,17 @@ #include <selinux/selinux.h> #endif +/* + * Hack for systems that do not support FD passing: allocate PTYs directly + * without calling into the monitor. This requires either the post-auth + * privsep process retain root privileges (see the comment in + * sshd-session.c:privsep_postauth) or that PTY allocation doesn't require + * privileges to begin with (e.g. Cygwin). + */ +#ifdef DISABLE_FD_PASSING +#define mm_pty_allocate pty_allocate +#endif + #define IS_INTERNAL_SFTP(c) \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ @@ -706,13 +717,13 @@ do_exec(struct ssh *ssh, Session *s, const char *command) #ifdef SSH_AUDIT_EVENTS if (command != NULL) - PRIVSEP(audit_run_command(command)); + mm_audit_run_command(command); else if (s->ttyfd == -1) { char *shell = s->pw->pw_shell; if (shell[0] == '\0') /* empty shell means /bin/sh */ shell =_PATH_BSHELL; - PRIVSEP(audit_run_command(shell)); + mm_audit_run_command(shell); } #endif if (s->ttyfd != -1) @@ -738,8 +749,6 @@ do_login(struct ssh *ssh, Session *s, const char *command) { socklen_t fromlen; struct sockaddr_storage from; - struct passwd * pw = s->pw; - pid_t pid = getpid(); /* * Get IP address of client. If the connection is not a socket, let @@ -755,26 +764,6 @@ do_login(struct ssh *ssh, Session *s, const char *command) } } - /* Record that there was a login on that tty from the remote host. */ - if (!use_privsep) - record_login(pid, s->tty, pw->pw_name, pw->pw_uid, - session_get_remote_name_or_ip(ssh, utmp_len, - options.use_dns), - (struct sockaddr *)&from, fromlen); - -#ifdef USE_PAM - /* - * If password change is needed, do it now. - * This needs to occur before the ~/.hushlogin check. - */ - if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) { - display_loginmsg(); - do_pam_chauthtok(); - s->authctxt->force_pwchange = 0; - /* XXX - signal [net] parent to enable forwardings */ - } -#endif - if (check_quietlogin(s, command)) return; @@ -1924,8 +1913,7 @@ session_pty_req(struct ssh *ssh, Session *s) /* Allocate a pty and open it. */ debug("Allocating pty."); - if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, - sizeof(s->tty)))) { + if (!mm_pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) { free(s->term); s->term = NULL; s->ptyfd = -1; @@ -1940,9 +1928,6 @@ session_pty_req(struct ssh *ssh, Session *s) if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - if (!use_privsep) - pty_setowner(s->pw, s->tty); - /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); @@ -2160,7 +2145,7 @@ session_signal_req(struct ssh *ssh, Session *s) signame, s->forced ? "forced-command" : "subsystem"); goto out; } - if (!use_privsep || mm_is_monitor()) { + if (mm_is_monitor()) { error_f("session signalling requires privilege separation"); goto out; } @@ -2303,7 +2288,7 @@ session_pty_cleanup2(Session *s) void session_pty_cleanup(Session *s) { - PRIVSEP(session_pty_cleanup2(s)); + mm_session_pty_cleanup2(s); } static char * @@ -2712,7 +2697,7 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) * Cleanup ptys/utmp only if privsep is disabled, * or if running in monitor. */ - if (!use_privsep || mm_is_monitor()) + if (mm_is_monitor()) session_destroy_all(ssh, session_pty_cleanup2); } |