1 /* $OpenBSD: session.c,v 1.293 2017/10/23 05:08:00 djm Exp $ */ 2 /* 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * 6 * As far as I am concerned, the code I have written for this software 7 * can be used freely for any purpose. Any derived versions of this 8 * software must be clearly marked as such, and if the derived work is 9 * incompatible with the protocol description in the RFC file, it must be 10 * called by a name other than "ssh" or "Secure Shell". 11 * 12 * SSH2 support by Markus Friedl. 13 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 #include <sys/types.h> 37 #include <sys/wait.h> 38 #include <sys/un.h> 39 #include <sys/stat.h> 40 #include <sys/socket.h> 41 #include <sys/queue.h> 42 43 #include <ctype.h> 44 #include <errno.h> 45 #include <fcntl.h> 46 #include <grp.h> 47 #include <login_cap.h> 48 #include <netdb.h> 49 #include <paths.h> 50 #include <pwd.h> 51 #include <signal.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 #include <unistd.h> 56 #include <limits.h> 57 58 #include "xmalloc.h" 59 #include "ssh.h" 60 #include "ssh2.h" 61 #include "sshpty.h" 62 #include "packet.h" 63 #include "buffer.h" 64 #include "match.h" 65 #include "uidswap.h" 66 #include "compat.h" 67 #include "channels.h" 68 #include "key.h" 69 #include "cipher.h" 70 #include "kex.h" 71 #include "hostfile.h" 72 #include "auth.h" 73 #include "auth-options.h" 74 #include "authfd.h" 75 #include "pathnames.h" 76 #include "log.h" 77 #include "misc.h" 78 #include "servconf.h" 79 #include "sshlogin.h" 80 #include "serverloop.h" 81 #include "canohost.h" 82 #include "session.h" 83 #ifdef GSSAPI 84 #include "ssh-gss.h" 85 #endif 86 #include "monitor_wrap.h" 87 #include "sftp.h" 88 #include "atomicio.h" 89 90 #ifdef KRB5 91 #include <kafs.h> 92 #endif 93 94 #define IS_INTERNAL_SFTP(c) \ 95 (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ 96 (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ 97 c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \ 98 c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t')) 99 100 /* func */ 101 102 Session *session_new(void); 103 void session_set_fds(struct ssh *, Session *, int, int, int, int, int); 104 void session_pty_cleanup(Session *); 105 void session_proctitle(Session *); 106 int session_setup_x11fwd(struct ssh *, Session *); 107 int do_exec_pty(struct ssh *, Session *, const char *); 108 int do_exec_no_pty(struct ssh *, Session *, const char *); 109 int do_exec(struct ssh *, Session *, const char *); 110 void do_login(struct ssh *, Session *, const char *); 111 void do_child(struct ssh *, Session *, const char *); 112 void do_motd(void); 113 int check_quietlogin(Session *, const char *); 114 115 static void do_authenticated2(struct ssh *, Authctxt *); 116 117 static int session_pty_req(struct ssh *, Session *); 118 119 /* import */ 120 extern ServerOptions options; 121 extern char *__progname; 122 extern int debug_flag; 123 extern u_int utmp_len; 124 extern int startup_pipe; 125 extern void destroy_sensitive_data(void); 126 extern Buffer loginmsg; 127 char *tun_fwd_ifnames; /* serverloop.c */ 128 129 /* original command from peer. */ 130 const char *original_command = NULL; 131 132 /* data */ 133 static int sessions_first_unused = -1; 134 static int sessions_nalloc = 0; 135 static Session *sessions = NULL; 136 137 #define SUBSYSTEM_NONE 0 138 #define SUBSYSTEM_EXT 1 139 #define SUBSYSTEM_INT_SFTP 2 140 #define SUBSYSTEM_INT_SFTP_ERROR 3 141 142 login_cap_t *lc; 143 144 static int is_child = 0; 145 static int in_chroot = 0; 146 147 /* File containing userauth info, if ExposeAuthInfo set */ 148 static char *auth_info_file = NULL; 149 150 /* Name and directory of socket for authentication agent forwarding. */ 151 static char *auth_sock_name = NULL; 152 static char *auth_sock_dir = NULL; 153 154 /* removes the agent forwarding socket */ 155 156 static void 157 auth_sock_cleanup_proc(struct passwd *pw) 158 { 159 if (auth_sock_name != NULL) { 160 temporarily_use_uid(pw); 161 unlink(auth_sock_name); 162 rmdir(auth_sock_dir); 163 auth_sock_name = NULL; 164 restore_uid(); 165 } 166 } 167 168 static int 169 auth_input_request_forwarding(struct ssh *ssh, struct passwd * pw) 170 { 171 Channel *nc; 172 int sock = -1; 173 174 if (auth_sock_name != NULL) { 175 error("authentication forwarding requested twice."); 176 return 0; 177 } 178 179 /* Temporarily drop privileged uid for mkdir/bind. */ 180 temporarily_use_uid(pw); 181 182 /* Allocate a buffer for the socket name, and format the name. */ 183 auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); 184 185 /* Create private directory for socket */ 186 if (mkdtemp(auth_sock_dir) == NULL) { 187 packet_send_debug("Agent forwarding disabled: " 188 "mkdtemp() failed: %.100s", strerror(errno)); 189 restore_uid(); 190 free(auth_sock_dir); 191 auth_sock_dir = NULL; 192 goto authsock_err; 193 } 194 195 xasprintf(&auth_sock_name, "%s/agent.%ld", 196 auth_sock_dir, (long) getpid()); 197 198 /* Start a Unix listener on auth_sock_name. */ 199 sock = unix_listener(auth_sock_name, SSH_LISTEN_BACKLOG, 0); 200 201 /* Restore the privileged uid. */ 202 restore_uid(); 203 204 /* Check for socket/bind/listen failure. */ 205 if (sock < 0) 206 goto authsock_err; 207 208 /* Allocate a channel for the authentication agent socket. */ 209 nc = channel_new(ssh, "auth socket", 210 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, 211 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 212 0, "auth socket", 1); 213 nc->path = xstrdup(auth_sock_name); 214 return 1; 215 216 authsock_err: 217 free(auth_sock_name); 218 if (auth_sock_dir != NULL) { 219 rmdir(auth_sock_dir); 220 free(auth_sock_dir); 221 } 222 if (sock != -1) 223 close(sock); 224 auth_sock_name = NULL; 225 auth_sock_dir = NULL; 226 return 0; 227 } 228 229 static void 230 display_loginmsg(void) 231 { 232 if (buffer_len(&loginmsg) > 0) { 233 buffer_append(&loginmsg, "\0", 1); 234 printf("%s", (char *)buffer_ptr(&loginmsg)); 235 buffer_clear(&loginmsg); 236 } 237 } 238 239 static void 240 prepare_auth_info_file(struct passwd *pw, struct sshbuf *info) 241 { 242 int fd = -1, success = 0; 243 244 if (!options.expose_userauth_info || info == NULL) 245 return; 246 247 temporarily_use_uid(pw); 248 auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX"); 249 if ((fd = mkstemp(auth_info_file)) == -1) { 250 error("%s: mkstemp: %s", __func__, strerror(errno)); 251 goto out; 252 } 253 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info), 254 sshbuf_len(info)) != sshbuf_len(info)) { 255 error("%s: write: %s", __func__, strerror(errno)); 256 goto out; 257 } 258 if (close(fd) != 0) { 259 error("%s: close: %s", __func__, strerror(errno)); 260 goto out; 261 } 262 success = 1; 263 out: 264 if (!success) { 265 if (fd != -1) 266 close(fd); 267 free(auth_info_file); 268 auth_info_file = NULL; 269 } 270 restore_uid(); 271 } 272 273 void 274 do_authenticated(struct ssh *ssh, Authctxt *authctxt) 275 { 276 setproctitle("%s", authctxt->pw->pw_name); 277 278 /* setup the channel layer */ 279 /* XXX - streamlocal? */ 280 if (no_port_forwarding_flag || options.disable_forwarding || 281 (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) 282 channel_disable_adm_local_opens(ssh); 283 else 284 channel_permit_all_opens(ssh); 285 286 auth_debug_send(); 287 288 prepare_auth_info_file(authctxt->pw, authctxt->session_info); 289 290 do_authenticated2(ssh, authctxt); 291 292 do_cleanup(ssh, authctxt); 293 } 294 295 /* Check untrusted xauth strings for metacharacters */ 296 static int 297 xauth_valid_string(const char *s) 298 { 299 size_t i; 300 301 for (i = 0; s[i] != '\0'; i++) { 302 if (!isalnum((u_char)s[i]) && 303 s[i] != '.' && s[i] != ':' && s[i] != '/' && 304 s[i] != '-' && s[i] != '_') 305 return 0; 306 } 307 return 1; 308 } 309 310 #define USE_PIPES 1 311 /* 312 * This is called to fork and execute a command when we have no tty. This 313 * will call do_child from the child, and server_loop from the parent after 314 * setting up file descriptors and such. 315 */ 316 int 317 do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) 318 { 319 pid_t pid; 320 #ifdef USE_PIPES 321 int pin[2], pout[2], perr[2]; 322 323 if (s == NULL) 324 fatal("do_exec_no_pty: no session"); 325 326 /* Allocate pipes for communicating with the program. */ 327 if (pipe(pin) < 0) { 328 error("%s: pipe in: %.100s", __func__, strerror(errno)); 329 return -1; 330 } 331 if (pipe(pout) < 0) { 332 error("%s: pipe out: %.100s", __func__, strerror(errno)); 333 close(pin[0]); 334 close(pin[1]); 335 return -1; 336 } 337 if (pipe(perr) < 0) { 338 error("%s: pipe err: %.100s", __func__, 339 strerror(errno)); 340 close(pin[0]); 341 close(pin[1]); 342 close(pout[0]); 343 close(pout[1]); 344 return -1; 345 } 346 #else 347 int inout[2], err[2]; 348 349 if (s == NULL) 350 fatal("do_exec_no_pty: no session"); 351 352 /* Uses socket pairs to communicate with the program. */ 353 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { 354 error("%s: socketpair #1: %.100s", __func__, strerror(errno)); 355 return -1; 356 } 357 if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { 358 error("%s: socketpair #2: %.100s", __func__, 359 strerror(errno)); 360 close(inout[0]); 361 close(inout[1]); 362 return -1; 363 } 364 #endif 365 366 session_proctitle(s); 367 368 /* Fork the child. */ 369 switch ((pid = fork())) { 370 case -1: 371 error("%s: fork: %.100s", __func__, strerror(errno)); 372 #ifdef USE_PIPES 373 close(pin[0]); 374 close(pin[1]); 375 close(pout[0]); 376 close(pout[1]); 377 close(perr[0]); 378 close(perr[1]); 379 #else 380 close(inout[0]); 381 close(inout[1]); 382 close(err[0]); 383 close(err[1]); 384 #endif 385 return -1; 386 case 0: 387 is_child = 1; 388 389 /* 390 * Create a new session and process group since the 4.4BSD 391 * setlogin() affects the entire process group. 392 */ 393 if (setsid() < 0) 394 error("setsid failed: %.100s", strerror(errno)); 395 396 #ifdef USE_PIPES 397 /* 398 * Redirect stdin. We close the parent side of the socket 399 * pair, and make the child side the standard input. 400 */ 401 close(pin[1]); 402 if (dup2(pin[0], 0) < 0) 403 perror("dup2 stdin"); 404 close(pin[0]); 405 406 /* Redirect stdout. */ 407 close(pout[0]); 408 if (dup2(pout[1], 1) < 0) 409 perror("dup2 stdout"); 410 close(pout[1]); 411 412 /* Redirect stderr. */ 413 close(perr[0]); 414 if (dup2(perr[1], 2) < 0) 415 perror("dup2 stderr"); 416 close(perr[1]); 417 #else 418 /* 419 * Redirect stdin, stdout, and stderr. Stdin and stdout will 420 * use the same socket, as some programs (particularly rdist) 421 * seem to depend on it. 422 */ 423 close(inout[1]); 424 close(err[1]); 425 if (dup2(inout[0], 0) < 0) /* stdin */ 426 perror("dup2 stdin"); 427 if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ 428 perror("dup2 stdout"); 429 close(inout[0]); 430 if (dup2(err[0], 2) < 0) /* stderr */ 431 perror("dup2 stderr"); 432 close(err[0]); 433 #endif 434 435 /* Do processing for the child (exec command etc). */ 436 do_child(ssh, s, command); 437 /* NOTREACHED */ 438 default: 439 break; 440 } 441 442 s->pid = pid; 443 /* Set interactive/non-interactive mode. */ 444 packet_set_interactive(s->display != NULL, 445 options.ip_qos_interactive, options.ip_qos_bulk); 446 447 #ifdef USE_PIPES 448 /* We are the parent. Close the child sides of the pipes. */ 449 close(pin[0]); 450 close(pout[1]); 451 close(perr[1]); 452 453 session_set_fds(ssh, s, pin[1], pout[0], perr[0], 454 s->is_subsystem, 0); 455 #else 456 /* We are the parent. Close the child sides of the socket pairs. */ 457 close(inout[0]); 458 close(err[0]); 459 460 /* 461 * Enter the interactive session. Note: server_loop must be able to 462 * handle the case that fdin and fdout are the same. 463 */ 464 session_set_fds(s, inout[1], inout[1], err[1], 465 s->is_subsystem, 0); 466 #endif 467 return 0; 468 } 469 470 /* 471 * This is called to fork and execute a command when we have a tty. This 472 * will call do_child from the child, and server_loop from the parent after 473 * setting up file descriptors, controlling tty, updating wtmp, utmp, 474 * lastlog, and other such operations. 475 */ 476 int 477 do_exec_pty(struct ssh *ssh, Session *s, const char *command) 478 { 479 int fdout, ptyfd, ttyfd, ptymaster; 480 pid_t pid; 481 482 if (s == NULL) 483 fatal("do_exec_pty: no session"); 484 ptyfd = s->ptyfd; 485 ttyfd = s->ttyfd; 486 487 /* 488 * Create another descriptor of the pty master side for use as the 489 * standard input. We could use the original descriptor, but this 490 * simplifies code in server_loop. The descriptor is bidirectional. 491 * Do this before forking (and cleanup in the child) so as to 492 * detect and gracefully fail out-of-fd conditions. 493 */ 494 if ((fdout = dup(ptyfd)) < 0) { 495 error("%s: dup #1: %s", __func__, strerror(errno)); 496 close(ttyfd); 497 close(ptyfd); 498 return -1; 499 } 500 /* we keep a reference to the pty master */ 501 if ((ptymaster = dup(ptyfd)) < 0) { 502 error("%s: dup #2: %s", __func__, strerror(errno)); 503 close(ttyfd); 504 close(ptyfd); 505 close(fdout); 506 return -1; 507 } 508 509 /* Fork the child. */ 510 switch ((pid = fork())) { 511 case -1: 512 error("%s: fork: %.100s", __func__, strerror(errno)); 513 close(fdout); 514 close(ptymaster); 515 close(ttyfd); 516 close(ptyfd); 517 return -1; 518 case 0: 519 is_child = 1; 520 521 close(fdout); 522 close(ptymaster); 523 524 /* Close the master side of the pseudo tty. */ 525 close(ptyfd); 526 527 /* Make the pseudo tty our controlling tty. */ 528 pty_make_controlling_tty(&ttyfd, s->tty); 529 530 /* Redirect stdin/stdout/stderr from the pseudo tty. */ 531 if (dup2(ttyfd, 0) < 0) 532 error("dup2 stdin: %s", strerror(errno)); 533 if (dup2(ttyfd, 1) < 0) 534 error("dup2 stdout: %s", strerror(errno)); 535 if (dup2(ttyfd, 2) < 0) 536 error("dup2 stderr: %s", strerror(errno)); 537 538 /* Close the extra descriptor for the pseudo tty. */ 539 close(ttyfd); 540 541 /* record login, etc. similar to login(1) */ 542 do_login(ssh, s, command); 543 544 /* 545 * Do common processing for the child, such as execing 546 * the command. 547 */ 548 do_child(ssh, s, command); 549 /* NOTREACHED */ 550 default: 551 break; 552 } 553 s->pid = pid; 554 555 /* Parent. Close the slave side of the pseudo tty. */ 556 close(ttyfd); 557 558 /* Enter interactive session. */ 559 s->ptymaster = ptymaster; 560 packet_set_interactive(1, 561 options.ip_qos_interactive, options.ip_qos_bulk); 562 session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1); 563 return 0; 564 } 565 566 /* 567 * This is called to fork and execute a command. If another command is 568 * to be forced, execute that instead. 569 */ 570 int 571 do_exec(struct ssh *ssh, Session *s, const char *command) 572 { 573 int ret; 574 const char *forced = NULL, *tty = NULL; 575 char session_type[1024]; 576 577 if (options.adm_forced_command) { 578 original_command = command; 579 command = options.adm_forced_command; 580 forced = "(config)"; 581 } else if (forced_command) { 582 original_command = command; 583 command = forced_command; 584 forced = "(key-option)"; 585 } 586 if (forced != NULL) { 587 if (IS_INTERNAL_SFTP(command)) { 588 s->is_subsystem = s->is_subsystem ? 589 SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; 590 } else if (s->is_subsystem) 591 s->is_subsystem = SUBSYSTEM_EXT; 592 snprintf(session_type, sizeof(session_type), 593 "forced-command %s '%.900s'", forced, command); 594 } else if (s->is_subsystem) { 595 snprintf(session_type, sizeof(session_type), 596 "subsystem '%.900s'", s->subsys); 597 } else if (command == NULL) { 598 snprintf(session_type, sizeof(session_type), "shell"); 599 } else { 600 /* NB. we don't log unforced commands to preserve privacy */ 601 snprintf(session_type, sizeof(session_type), "command"); 602 } 603 604 if (s->ttyfd != -1) { 605 tty = s->tty; 606 if (strncmp(tty, "/dev/", 5) == 0) 607 tty += 5; 608 } 609 610 verbose("Starting session: %s%s%s for %s from %.200s port %d id %d", 611 session_type, 612 tty == NULL ? "" : " on ", 613 tty == NULL ? "" : tty, 614 s->pw->pw_name, 615 ssh_remote_ipaddr(ssh), 616 ssh_remote_port(ssh), 617 s->self); 618 619 #ifdef GSSAPI 620 if (options.gss_authentication) { 621 temporarily_use_uid(s->pw); 622 ssh_gssapi_storecreds(); 623 restore_uid(); 624 } 625 #endif 626 if (s->ttyfd != -1) 627 ret = do_exec_pty(ssh, s, command); 628 else 629 ret = do_exec_no_pty(ssh, s, command); 630 631 original_command = NULL; 632 633 /* 634 * Clear loginmsg: it's the child's responsibility to display 635 * it to the user, otherwise multiple sessions may accumulate 636 * multiple copies of the login messages. 637 */ 638 buffer_clear(&loginmsg); 639 640 return ret; 641 } 642 643 644 /* administrative, login(1)-like work */ 645 void 646 do_login(struct ssh *ssh, Session *s, const char *command) 647 { 648 socklen_t fromlen; 649 struct sockaddr_storage from; 650 struct passwd * pw = s->pw; 651 pid_t pid = getpid(); 652 653 /* 654 * Get IP address of client. If the connection is not a socket, let 655 * the address be 0.0.0.0. 656 */ 657 memset(&from, 0, sizeof(from)); 658 fromlen = sizeof(from); 659 if (packet_connection_is_on_socket()) { 660 if (getpeername(packet_get_connection_in(), 661 (struct sockaddr *)&from, &fromlen) < 0) { 662 debug("getpeername: %.100s", strerror(errno)); 663 cleanup_exit(255); 664 } 665 } 666 667 /* Record that there was a login on that tty from the remote host. */ 668 if (!use_privsep) 669 record_login(pid, s->tty, pw->pw_name, pw->pw_uid, 670 session_get_remote_name_or_ip(ssh, utmp_len, 671 options.use_dns), 672 (struct sockaddr *)&from, fromlen); 673 674 if (check_quietlogin(s, command)) 675 return; 676 677 display_loginmsg(); 678 679 do_motd(); 680 } 681 682 /* 683 * Display the message of the day. 684 */ 685 void 686 do_motd(void) 687 { 688 FILE *f; 689 char buf[256]; 690 691 if (options.print_motd) { 692 f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", 693 "/etc/motd"), "r"); 694 if (f) { 695 while (fgets(buf, sizeof(buf), f)) 696 fputs(buf, stdout); 697 fclose(f); 698 } 699 } 700 } 701 702 703 /* 704 * Check for quiet login, either .hushlogin or command given. 705 */ 706 int 707 check_quietlogin(Session *s, const char *command) 708 { 709 char buf[256]; 710 struct passwd *pw = s->pw; 711 struct stat st; 712 713 /* Return 1 if .hushlogin exists or a command given. */ 714 if (command != NULL) 715 return 1; 716 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); 717 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) 718 return 1; 719 return 0; 720 } 721 722 /* 723 * Reads environment variables from the given file and adds/overrides them 724 * into the environment. If the file does not exist, this does nothing. 725 * Otherwise, it must consist of empty lines, comments (line starts with '#') 726 * and assignments of the form name=value. No other forms are allowed. 727 */ 728 static void 729 read_environment_file(char ***env, u_int *envsize, 730 const char *filename) 731 { 732 FILE *f; 733 char buf[4096]; 734 char *cp, *value; 735 u_int lineno = 0; 736 737 f = fopen(filename, "r"); 738 if (!f) 739 return; 740 741 while (fgets(buf, sizeof(buf), f)) { 742 if (++lineno > 1000) 743 fatal("Too many lines in environment file %s", filename); 744 for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) 745 ; 746 if (!*cp || *cp == '#' || *cp == '\n') 747 continue; 748 749 cp[strcspn(cp, "\n")] = '\0'; 750 751 value = strchr(cp, '='); 752 if (value == NULL) { 753 fprintf(stderr, "Bad line %u in %.100s\n", lineno, 754 filename); 755 continue; 756 } 757 /* 758 * Replace the equals sign by nul, and advance value to 759 * the value string. 760 */ 761 *value = '\0'; 762 value++; 763 child_set_env(env, envsize, cp, value); 764 } 765 fclose(f); 766 } 767 768 static char ** 769 do_setup_env(struct ssh *ssh, Session *s, const char *shell) 770 { 771 char buf[256]; 772 u_int i, envsize; 773 char **env, *laddr; 774 struct passwd *pw = s->pw; 775 776 /* Initialize the environment. */ 777 envsize = 100; 778 env = xcalloc(envsize, sizeof(char *)); 779 env[0] = NULL; 780 781 #ifdef GSSAPI 782 /* Allow any GSSAPI methods that we've used to alter 783 * the childs environment as they see fit 784 */ 785 ssh_gssapi_do_child(&env, &envsize); 786 #endif 787 788 /* Set basic environment. */ 789 for (i = 0; i < s->num_env; i++) 790 child_set_env(&env, &envsize, s->env[i].name, s->env[i].val); 791 792 child_set_env(&env, &envsize, "USER", pw->pw_name); 793 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); 794 child_set_env(&env, &envsize, "HOME", pw->pw_dir); 795 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) 796 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); 797 else 798 child_set_env(&env, &envsize, "PATH", getenv("PATH")); 799 800 snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); 801 child_set_env(&env, &envsize, "MAIL", buf); 802 803 /* Normal systems set SHELL by default. */ 804 child_set_env(&env, &envsize, "SHELL", shell); 805 806 if (getenv("TZ")) 807 child_set_env(&env, &envsize, "TZ", getenv("TZ")); 808 809 /* Set custom environment options from RSA authentication. */ 810 while (custom_environment) { 811 struct envstring *ce = custom_environment; 812 char *str = ce->s; 813 814 for (i = 0; str[i] != '=' && str[i]; i++) 815 ; 816 if (str[i] == '=') { 817 str[i] = 0; 818 child_set_env(&env, &envsize, str, str + i + 1); 819 } 820 custom_environment = ce->next; 821 free(ce->s); 822 free(ce); 823 } 824 825 /* SSH_CLIENT deprecated */ 826 snprintf(buf, sizeof buf, "%.50s %d %d", 827 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), 828 ssh_local_port(ssh)); 829 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 830 831 laddr = get_local_ipaddr(packet_get_connection_in()); 832 snprintf(buf, sizeof buf, "%.50s %d %.50s %d", 833 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), 834 laddr, ssh_local_port(ssh)); 835 free(laddr); 836 child_set_env(&env, &envsize, "SSH_CONNECTION", buf); 837 838 if (tun_fwd_ifnames != NULL) 839 child_set_env(&env, &envsize, "SSH_TUNNEL", tun_fwd_ifnames); 840 if (auth_info_file != NULL) 841 child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file); 842 if (s->ttyfd != -1) 843 child_set_env(&env, &envsize, "SSH_TTY", s->tty); 844 if (s->term) 845 child_set_env(&env, &envsize, "TERM", s->term); 846 if (s->display) 847 child_set_env(&env, &envsize, "DISPLAY", s->display); 848 if (original_command) 849 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", 850 original_command); 851 #ifdef KRB5 852 if (s->authctxt->krb5_ticket_file) 853 child_set_env(&env, &envsize, "KRB5CCNAME", 854 s->authctxt->krb5_ticket_file); 855 #endif 856 if (auth_sock_name != NULL) 857 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 858 auth_sock_name); 859 860 /* read $HOME/.ssh/environment. */ 861 if (options.permit_user_env) { 862 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", 863 pw->pw_dir); 864 read_environment_file(&env, &envsize, buf); 865 } 866 if (debug_flag) { 867 /* dump the environment */ 868 fprintf(stderr, "Environment:\n"); 869 for (i = 0; env[i]; i++) 870 fprintf(stderr, " %.200s\n", env[i]); 871 } 872 return env; 873 } 874 875 /* 876 * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found 877 * first in this order). 878 */ 879 static void 880 do_rc_files(Session *s, const char *shell) 881 { 882 FILE *f = NULL; 883 char cmd[1024]; 884 int do_xauth; 885 struct stat st; 886 887 do_xauth = 888 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; 889 890 /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ 891 if (!s->is_subsystem && options.adm_forced_command == NULL && 892 !no_user_rc && options.permit_user_rc && 893 stat(_PATH_SSH_USER_RC, &st) >= 0) { 894 snprintf(cmd, sizeof cmd, "%s -c '%s %s'", 895 shell, _PATH_BSHELL, _PATH_SSH_USER_RC); 896 if (debug_flag) 897 fprintf(stderr, "Running %s\n", cmd); 898 f = popen(cmd, "w"); 899 if (f) { 900 if (do_xauth) 901 fprintf(f, "%s %s\n", s->auth_proto, 902 s->auth_data); 903 pclose(f); 904 } else 905 fprintf(stderr, "Could not run %s\n", 906 _PATH_SSH_USER_RC); 907 } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { 908 if (debug_flag) 909 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, 910 _PATH_SSH_SYSTEM_RC); 911 f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w"); 912 if (f) { 913 if (do_xauth) 914 fprintf(f, "%s %s\n", s->auth_proto, 915 s->auth_data); 916 pclose(f); 917 } else 918 fprintf(stderr, "Could not run %s\n", 919 _PATH_SSH_SYSTEM_RC); 920 } else if (do_xauth && options.xauth_location != NULL) { 921 /* Add authority data to .Xauthority if appropriate. */ 922 if (debug_flag) { 923 fprintf(stderr, 924 "Running %.500s remove %.100s\n", 925 options.xauth_location, s->auth_display); 926 fprintf(stderr, 927 "%.500s add %.100s %.100s %.100s\n", 928 options.xauth_location, s->auth_display, 929 s->auth_proto, s->auth_data); 930 } 931 snprintf(cmd, sizeof cmd, "%s -q -", 932 options.xauth_location); 933 f = popen(cmd, "w"); 934 if (f) { 935 fprintf(f, "remove %s\n", 936 s->auth_display); 937 fprintf(f, "add %s %s %s\n", 938 s->auth_display, s->auth_proto, 939 s->auth_data); 940 pclose(f); 941 } else { 942 fprintf(stderr, "Could not run %s\n", 943 cmd); 944 } 945 } 946 } 947 948 static void 949 do_nologin(struct passwd *pw) 950 { 951 FILE *f = NULL; 952 char buf[1024], *nl, *def_nl = _PATH_NOLOGIN; 953 struct stat sb; 954 955 if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) 956 return; 957 nl = login_getcapstr(lc, "nologin", def_nl, def_nl); 958 959 if (stat(nl, &sb) == -1) { 960 if (nl != def_nl) 961 free(nl); 962 return; 963 } 964 965 /* /etc/nologin exists. Print its contents if we can and exit. */ 966 logit("User %.100s not allowed because %s exists", pw->pw_name, nl); 967 if ((f = fopen(nl, "r")) != NULL) { 968 while (fgets(buf, sizeof(buf), f)) 969 fputs(buf, stderr); 970 fclose(f); 971 } 972 exit(254); 973 } 974 975 /* 976 * Chroot into a directory after checking it for safety: all path components 977 * must be root-owned directories with strict permissions. 978 */ 979 static void 980 safely_chroot(const char *path, uid_t uid) 981 { 982 const char *cp; 983 char component[PATH_MAX]; 984 struct stat st; 985 986 if (*path != '/') 987 fatal("chroot path does not begin at root"); 988 if (strlen(path) >= sizeof(component)) 989 fatal("chroot path too long"); 990 991 /* 992 * Descend the path, checking that each component is a 993 * root-owned directory with strict permissions. 994 */ 995 for (cp = path; cp != NULL;) { 996 if ((cp = strchr(cp, '/')) == NULL) 997 strlcpy(component, path, sizeof(component)); 998 else { 999 cp++; 1000 memcpy(component, path, cp - path); 1001 component[cp - path] = '\0'; 1002 } 1003 1004 debug3("%s: checking '%s'", __func__, component); 1005 1006 if (stat(component, &st) != 0) 1007 fatal("%s: stat(\"%s\"): %s", __func__, 1008 component, strerror(errno)); 1009 if (st.st_uid != 0 || (st.st_mode & 022) != 0) 1010 fatal("bad ownership or modes for chroot " 1011 "directory %s\"%s\"", 1012 cp == NULL ? "" : "component ", component); 1013 if (!S_ISDIR(st.st_mode)) 1014 fatal("chroot path %s\"%s\" is not a directory", 1015 cp == NULL ? "" : "component ", component); 1016 1017 } 1018 1019 if (chdir(path) == -1) 1020 fatal("Unable to chdir to chroot path \"%s\": " 1021 "%s", path, strerror(errno)); 1022 if (chroot(path) == -1) 1023 fatal("chroot(\"%s\"): %s", path, strerror(errno)); 1024 if (chdir("/") == -1) 1025 fatal("%s: chdir(/) after chroot: %s", 1026 __func__, strerror(errno)); 1027 verbose("Changed root directory to \"%s\"", path); 1028 } 1029 1030 /* Set login name, uid, gid, and groups. */ 1031 void 1032 do_setusercontext(struct passwd *pw) 1033 { 1034 char *chroot_path, *tmp; 1035 1036 if (getuid() == 0 || geteuid() == 0) { 1037 /* Prepare groups */ 1038 if (setusercontext(lc, pw, pw->pw_uid, 1039 (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { 1040 perror("unable to set user context"); 1041 exit(1); 1042 } 1043 1044 if (!in_chroot && options.chroot_directory != NULL && 1045 strcasecmp(options.chroot_directory, "none") != 0) { 1046 tmp = tilde_expand_filename(options.chroot_directory, 1047 pw->pw_uid); 1048 chroot_path = percent_expand(tmp, "h", pw->pw_dir, 1049 "u", pw->pw_name, (char *)NULL); 1050 safely_chroot(chroot_path, pw->pw_uid); 1051 free(tmp); 1052 free(chroot_path); 1053 /* Make sure we don't attempt to chroot again */ 1054 free(options.chroot_directory); 1055 options.chroot_directory = NULL; 1056 in_chroot = 1; 1057 } 1058 1059 /* Set UID */ 1060 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { 1061 perror("unable to set user context (setuser)"); 1062 exit(1); 1063 } 1064 } else if (options.chroot_directory != NULL && 1065 strcasecmp(options.chroot_directory, "none") != 0) { 1066 fatal("server lacks privileges to chroot to ChrootDirectory"); 1067 } 1068 1069 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1070 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); 1071 } 1072 1073 static void 1074 do_pwchange(Session *s) 1075 { 1076 fflush(NULL); 1077 fprintf(stderr, "WARNING: Your password has expired.\n"); 1078 if (s->ttyfd != -1) { 1079 fprintf(stderr, 1080 "You must change your password now and login again!\n"); 1081 execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); 1082 perror("passwd"); 1083 } else { 1084 fprintf(stderr, 1085 "Password change required but no TTY available.\n"); 1086 } 1087 exit(1); 1088 } 1089 1090 static void 1091 child_close_fds(struct ssh *ssh) 1092 { 1093 extern int auth_sock; 1094 1095 if (auth_sock != -1) { 1096 close(auth_sock); 1097 auth_sock = -1; 1098 } 1099 1100 if (packet_get_connection_in() == packet_get_connection_out()) 1101 close(packet_get_connection_in()); 1102 else { 1103 close(packet_get_connection_in()); 1104 close(packet_get_connection_out()); 1105 } 1106 /* 1107 * Close all descriptors related to channels. They will still remain 1108 * open in the parent. 1109 */ 1110 /* XXX better use close-on-exec? -markus */ 1111 channel_close_all(ssh); 1112 1113 /* 1114 * Close any extra file descriptors. Note that there may still be 1115 * descriptors left by system functions. They will be closed later. 1116 */ 1117 endpwent(); 1118 1119 /* 1120 * Close any extra open file descriptors so that we don't have them 1121 * hanging around in clients. Note that we want to do this after 1122 * initgroups, because at least on Solaris 2.3 it leaves file 1123 * descriptors open. 1124 */ 1125 closefrom(STDERR_FILENO + 1); 1126 } 1127 1128 /* 1129 * Performs common processing for the child, such as setting up the 1130 * environment, closing extra file descriptors, setting the user and group 1131 * ids, and executing the command or shell. 1132 */ 1133 #define ARGV_MAX 10 1134 void 1135 do_child(struct ssh *ssh, Session *s, const char *command) 1136 { 1137 extern char **environ; 1138 char **env; 1139 char *argv[ARGV_MAX]; 1140 const char *shell, *shell0; 1141 struct passwd *pw = s->pw; 1142 int r = 0; 1143 1144 /* remove hostkey from the child's memory */ 1145 destroy_sensitive_data(); 1146 packet_clear_keys(); 1147 1148 /* Force a password change */ 1149 if (s->authctxt->force_pwchange) { 1150 do_setusercontext(pw); 1151 child_close_fds(ssh); 1152 do_pwchange(s); 1153 exit(1); 1154 } 1155 1156 /* 1157 * Login(1) does this as well, and it needs uid 0 for the "-h" 1158 * switch, so we let login(1) to this for us. 1159 */ 1160 do_nologin(pw); 1161 do_setusercontext(pw); 1162 1163 /* 1164 * Get the shell from the password data. An empty shell field is 1165 * legal, and means /bin/sh. 1166 */ 1167 shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; 1168 1169 /* 1170 * Make sure $SHELL points to the shell from the password file, 1171 * even if shell is overridden from login.conf 1172 */ 1173 env = do_setup_env(ssh, s, shell); 1174 1175 shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); 1176 1177 /* 1178 * Close the connection descriptors; note that this is the child, and 1179 * the server will still have the socket open, and it is important 1180 * that we do not shutdown it. Note that the descriptors cannot be 1181 * closed before building the environment, as we call 1182 * ssh_remote_ipaddr there. 1183 */ 1184 child_close_fds(ssh); 1185 1186 /* 1187 * Must take new environment into use so that .ssh/rc, 1188 * /etc/ssh/sshrc and xauth are run in the proper environment. 1189 */ 1190 environ = env; 1191 1192 #ifdef KRB5 1193 /* 1194 * At this point, we check to see if AFS is active and if we have 1195 * a valid Kerberos 5 TGT. If so, it seems like a good idea to see 1196 * if we can (and need to) extend the ticket into an AFS token. If 1197 * we don't do this, we run into potential problems if the user's 1198 * home directory is in AFS and it's not world-readable. 1199 */ 1200 1201 if (options.kerberos_get_afs_token && k_hasafs() && 1202 (s->authctxt->krb5_ctx != NULL)) { 1203 char cell[64]; 1204 1205 debug("Getting AFS token"); 1206 1207 k_setpag(); 1208 1209 if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) 1210 krb5_afslog(s->authctxt->krb5_ctx, 1211 s->authctxt->krb5_fwd_ccache, cell, NULL); 1212 1213 krb5_afslog_home(s->authctxt->krb5_ctx, 1214 s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir); 1215 } 1216 #endif 1217 1218 /* Change current directory to the user's home directory. */ 1219 if (chdir(pw->pw_dir) < 0) { 1220 /* Suppress missing homedir warning for chroot case */ 1221 r = login_getcapbool(lc, "requirehome", 0); 1222 if (r || !in_chroot) { 1223 fprintf(stderr, "Could not chdir to home " 1224 "directory %s: %s\n", pw->pw_dir, 1225 strerror(errno)); 1226 } 1227 if (r) 1228 exit(1); 1229 } 1230 1231 closefrom(STDERR_FILENO + 1); 1232 1233 do_rc_files(s, shell); 1234 1235 /* restore SIGPIPE for child */ 1236 signal(SIGPIPE, SIG_DFL); 1237 1238 if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { 1239 printf("This service allows sftp connections only.\n"); 1240 fflush(NULL); 1241 exit(1); 1242 } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) { 1243 extern int optind, optreset; 1244 int i; 1245 char *p, *args; 1246 1247 setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME); 1248 args = xstrdup(command ? command : "sftp-server"); 1249 for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " "))) 1250 if (i < ARGV_MAX - 1) 1251 argv[i++] = p; 1252 argv[i] = NULL; 1253 optind = optreset = 1; 1254 __progname = argv[0]; 1255 exit(sftp_server_main(i, argv, s->pw)); 1256 } 1257 1258 fflush(NULL); 1259 1260 /* Get the last component of the shell name. */ 1261 if ((shell0 = strrchr(shell, '/')) != NULL) 1262 shell0++; 1263 else 1264 shell0 = shell; 1265 1266 /* 1267 * If we have no command, execute the shell. In this case, the shell 1268 * name to be passed in argv[0] is preceded by '-' to indicate that 1269 * this is a login shell. 1270 */ 1271 if (!command) { 1272 char argv0[256]; 1273 1274 /* Start the shell. Set initial character to '-'. */ 1275 argv0[0] = '-'; 1276 1277 if (strlcpy(argv0 + 1, shell0, sizeof(argv0) - 1) 1278 >= sizeof(argv0) - 1) { 1279 errno = EINVAL; 1280 perror(shell); 1281 exit(1); 1282 } 1283 1284 /* Execute the shell. */ 1285 argv[0] = argv0; 1286 argv[1] = NULL; 1287 execve(shell, argv, env); 1288 1289 /* Executing the shell failed. */ 1290 perror(shell); 1291 exit(1); 1292 } 1293 /* 1294 * Execute the command using the user's shell. This uses the -c 1295 * option to execute the command. 1296 */ 1297 argv[0] = (char *) shell0; 1298 argv[1] = "-c"; 1299 argv[2] = (char *) command; 1300 argv[3] = NULL; 1301 execve(shell, argv, env); 1302 perror(shell); 1303 exit(1); 1304 } 1305 1306 void 1307 session_unused(int id) 1308 { 1309 debug3("%s: session id %d unused", __func__, id); 1310 if (id >= options.max_sessions || 1311 id >= sessions_nalloc) { 1312 fatal("%s: insane session id %d (max %d nalloc %d)", 1313 __func__, id, options.max_sessions, sessions_nalloc); 1314 } 1315 memset(&sessions[id], 0, sizeof(*sessions)); 1316 sessions[id].self = id; 1317 sessions[id].used = 0; 1318 sessions[id].chanid = -1; 1319 sessions[id].ptyfd = -1; 1320 sessions[id].ttyfd = -1; 1321 sessions[id].ptymaster = -1; 1322 sessions[id].x11_chanids = NULL; 1323 sessions[id].next_unused = sessions_first_unused; 1324 sessions_first_unused = id; 1325 } 1326 1327 Session * 1328 session_new(void) 1329 { 1330 Session *s, *tmp; 1331 1332 if (sessions_first_unused == -1) { 1333 if (sessions_nalloc >= options.max_sessions) 1334 return NULL; 1335 debug2("%s: allocate (allocated %d max %d)", 1336 __func__, sessions_nalloc, options.max_sessions); 1337 tmp = xrecallocarray(sessions, sessions_nalloc, 1338 sessions_nalloc + 1, sizeof(*sessions)); 1339 if (tmp == NULL) { 1340 error("%s: cannot allocate %d sessions", 1341 __func__, sessions_nalloc + 1); 1342 return NULL; 1343 } 1344 sessions = tmp; 1345 session_unused(sessions_nalloc++); 1346 } 1347 1348 if (sessions_first_unused >= sessions_nalloc || 1349 sessions_first_unused < 0) { 1350 fatal("%s: insane first_unused %d max %d nalloc %d", 1351 __func__, sessions_first_unused, options.max_sessions, 1352 sessions_nalloc); 1353 } 1354 1355 s = &sessions[sessions_first_unused]; 1356 if (s->used) { 1357 fatal("%s: session %d already used", 1358 __func__, sessions_first_unused); 1359 } 1360 sessions_first_unused = s->next_unused; 1361 s->used = 1; 1362 s->next_unused = -1; 1363 debug("session_new: session %d", s->self); 1364 1365 return s; 1366 } 1367 1368 static void 1369 session_dump(void) 1370 { 1371 int i; 1372 for (i = 0; i < sessions_nalloc; i++) { 1373 Session *s = &sessions[i]; 1374 1375 debug("dump: used %d next_unused %d session %d %p " 1376 "channel %d pid %ld", 1377 s->used, 1378 s->next_unused, 1379 s->self, 1380 s, 1381 s->chanid, 1382 (long)s->pid); 1383 } 1384 } 1385 1386 int 1387 session_open(Authctxt *authctxt, int chanid) 1388 { 1389 Session *s = session_new(); 1390 debug("session_open: channel %d", chanid); 1391 if (s == NULL) { 1392 error("no more sessions"); 1393 return 0; 1394 } 1395 s->authctxt = authctxt; 1396 s->pw = authctxt->pw; 1397 if (s->pw == NULL || !authctxt->valid) 1398 fatal("no user for session %d", s->self); 1399 debug("session_open: session %d: link with channel %d", s->self, chanid); 1400 s->chanid = chanid; 1401 return 1; 1402 } 1403 1404 Session * 1405 session_by_tty(char *tty) 1406 { 1407 int i; 1408 for (i = 0; i < sessions_nalloc; i++) { 1409 Session *s = &sessions[i]; 1410 if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) { 1411 debug("session_by_tty: session %d tty %s", i, tty); 1412 return s; 1413 } 1414 } 1415 debug("session_by_tty: unknown tty %.100s", tty); 1416 session_dump(); 1417 return NULL; 1418 } 1419 1420 static Session * 1421 session_by_channel(int id) 1422 { 1423 int i; 1424 for (i = 0; i < sessions_nalloc; i++) { 1425 Session *s = &sessions[i]; 1426 if (s->used && s->chanid == id) { 1427 debug("session_by_channel: session %d channel %d", 1428 i, id); 1429 return s; 1430 } 1431 } 1432 debug("session_by_channel: unknown channel %d", id); 1433 session_dump(); 1434 return NULL; 1435 } 1436 1437 static Session * 1438 session_by_x11_channel(int id) 1439 { 1440 int i, j; 1441 1442 for (i = 0; i < sessions_nalloc; i++) { 1443 Session *s = &sessions[i]; 1444 1445 if (s->x11_chanids == NULL || !s->used) 1446 continue; 1447 for (j = 0; s->x11_chanids[j] != -1; j++) { 1448 if (s->x11_chanids[j] == id) { 1449 debug("session_by_x11_channel: session %d " 1450 "channel %d", s->self, id); 1451 return s; 1452 } 1453 } 1454 } 1455 debug("session_by_x11_channel: unknown channel %d", id); 1456 session_dump(); 1457 return NULL; 1458 } 1459 1460 static Session * 1461 session_by_pid(pid_t pid) 1462 { 1463 int i; 1464 debug("session_by_pid: pid %ld", (long)pid); 1465 for (i = 0; i < sessions_nalloc; i++) { 1466 Session *s = &sessions[i]; 1467 if (s->used && s->pid == pid) 1468 return s; 1469 } 1470 error("session_by_pid: unknown pid %ld", (long)pid); 1471 session_dump(); 1472 return NULL; 1473 } 1474 1475 static int 1476 session_window_change_req(struct ssh *ssh, Session *s) 1477 { 1478 s->col = packet_get_int(); 1479 s->row = packet_get_int(); 1480 s->xpixel = packet_get_int(); 1481 s->ypixel = packet_get_int(); 1482 packet_check_eom(); 1483 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1484 return 1; 1485 } 1486 1487 static int 1488 session_pty_req(struct ssh *ssh, Session *s) 1489 { 1490 u_int len; 1491 int n_bytes; 1492 1493 if (no_pty_flag || !options.permit_tty) { 1494 debug("Allocating a pty not permitted for this authentication."); 1495 return 0; 1496 } 1497 if (s->ttyfd != -1) { 1498 packet_disconnect("Protocol error: you already have a pty."); 1499 return 0; 1500 } 1501 1502 s->term = packet_get_string(&len); 1503 s->col = packet_get_int(); 1504 s->row = packet_get_int(); 1505 s->xpixel = packet_get_int(); 1506 s->ypixel = packet_get_int(); 1507 1508 if (strcmp(s->term, "") == 0) { 1509 free(s->term); 1510 s->term = NULL; 1511 } 1512 1513 /* Allocate a pty and open it. */ 1514 debug("Allocating pty."); 1515 if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, 1516 sizeof(s->tty)))) { 1517 free(s->term); 1518 s->term = NULL; 1519 s->ptyfd = -1; 1520 s->ttyfd = -1; 1521 error("session_pty_req: session %d alloc failed", s->self); 1522 return 0; 1523 } 1524 debug("session_pty_req: session %d alloc %s", s->self, s->tty); 1525 1526 n_bytes = packet_remaining(); 1527 tty_parse_modes(s->ttyfd, &n_bytes); 1528 1529 if (!use_privsep) 1530 pty_setowner(s->pw, s->tty); 1531 1532 /* Set window size from the packet. */ 1533 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 1534 1535 packet_check_eom(); 1536 session_proctitle(s); 1537 return 1; 1538 } 1539 1540 static int 1541 session_subsystem_req(struct ssh *ssh, Session *s) 1542 { 1543 struct stat st; 1544 u_int len; 1545 int success = 0; 1546 char *prog, *cmd; 1547 u_int i; 1548 1549 s->subsys = packet_get_string(&len); 1550 packet_check_eom(); 1551 debug2("subsystem request for %.100s by user %s", s->subsys, 1552 s->pw->pw_name); 1553 1554 for (i = 0; i < options.num_subsystems; i++) { 1555 if (strcmp(s->subsys, options.subsystem_name[i]) == 0) { 1556 prog = options.subsystem_command[i]; 1557 cmd = options.subsystem_args[i]; 1558 if (strcmp(INTERNAL_SFTP_NAME, prog) == 0) { 1559 s->is_subsystem = SUBSYSTEM_INT_SFTP; 1560 debug("subsystem: %s", prog); 1561 } else { 1562 if (stat(prog, &st) < 0) 1563 debug("subsystem: cannot stat %s: %s", 1564 prog, strerror(errno)); 1565 s->is_subsystem = SUBSYSTEM_EXT; 1566 debug("subsystem: exec() %s", cmd); 1567 } 1568 success = do_exec(ssh, s, cmd) == 0; 1569 break; 1570 } 1571 } 1572 1573 if (!success) 1574 logit("subsystem request for %.100s by user %s failed, " 1575 "subsystem not found", s->subsys, s->pw->pw_name); 1576 1577 return success; 1578 } 1579 1580 static int 1581 session_x11_req(struct ssh *ssh, Session *s) 1582 { 1583 int success; 1584 1585 if (s->auth_proto != NULL || s->auth_data != NULL) { 1586 error("session_x11_req: session %d: " 1587 "x11 forwarding already active", s->self); 1588 return 0; 1589 } 1590 s->single_connection = packet_get_char(); 1591 s->auth_proto = packet_get_string(NULL); 1592 s->auth_data = packet_get_string(NULL); 1593 s->screen = packet_get_int(); 1594 packet_check_eom(); 1595 1596 if (xauth_valid_string(s->auth_proto) && 1597 xauth_valid_string(s->auth_data)) 1598 success = session_setup_x11fwd(ssh, s); 1599 else { 1600 success = 0; 1601 error("Invalid X11 forwarding data"); 1602 } 1603 if (!success) { 1604 free(s->auth_proto); 1605 free(s->auth_data); 1606 s->auth_proto = NULL; 1607 s->auth_data = NULL; 1608 } 1609 return success; 1610 } 1611 1612 static int 1613 session_shell_req(struct ssh *ssh, Session *s) 1614 { 1615 packet_check_eom(); 1616 return do_exec(ssh, s, NULL) == 0; 1617 } 1618 1619 static int 1620 session_exec_req(struct ssh *ssh, Session *s) 1621 { 1622 u_int len, success; 1623 1624 char *command = packet_get_string(&len); 1625 packet_check_eom(); 1626 success = do_exec(ssh, s, command) == 0; 1627 free(command); 1628 return success; 1629 } 1630 1631 static int 1632 session_break_req(struct ssh *ssh, Session *s) 1633 { 1634 1635 packet_get_int(); /* ignored */ 1636 packet_check_eom(); 1637 1638 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) 1639 return 0; 1640 return 1; 1641 } 1642 1643 static int 1644 session_env_req(struct ssh *ssh, Session *s) 1645 { 1646 char *name, *val; 1647 u_int name_len, val_len, i; 1648 1649 name = packet_get_cstring(&name_len); 1650 val = packet_get_cstring(&val_len); 1651 packet_check_eom(); 1652 1653 /* Don't set too many environment variables */ 1654 if (s->num_env > 128) { 1655 debug2("Ignoring env request %s: too many env vars", name); 1656 goto fail; 1657 } 1658 1659 for (i = 0; i < options.num_accept_env; i++) { 1660 if (match_pattern(name, options.accept_env[i])) { 1661 debug2("Setting env %d: %s=%s", s->num_env, name, val); 1662 s->env = xrecallocarray(s->env, s->num_env, 1663 s->num_env + 1, sizeof(*s->env)); 1664 s->env[s->num_env].name = name; 1665 s->env[s->num_env].val = val; 1666 s->num_env++; 1667 return (1); 1668 } 1669 } 1670 debug2("Ignoring env request %s: disallowed name", name); 1671 1672 fail: 1673 free(name); 1674 free(val); 1675 return (0); 1676 } 1677 1678 static int 1679 session_auth_agent_req(struct ssh *ssh, Session *s) 1680 { 1681 static int called = 0; 1682 packet_check_eom(); 1683 if (no_agent_forwarding_flag || !options.allow_agent_forwarding) { 1684 debug("session_auth_agent_req: no_agent_forwarding_flag"); 1685 return 0; 1686 } 1687 if (called) { 1688 return 0; 1689 } else { 1690 called = 1; 1691 return auth_input_request_forwarding(ssh, s->pw); 1692 } 1693 } 1694 1695 int 1696 session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype) 1697 { 1698 int success = 0; 1699 Session *s; 1700 1701 if ((s = session_by_channel(c->self)) == NULL) { 1702 logit("%s: no session %d req %.100s", __func__, c->self, rtype); 1703 return 0; 1704 } 1705 debug("%s: session %d req %s", __func__, s->self, rtype); 1706 1707 /* 1708 * a session is in LARVAL state until a shell, a command 1709 * or a subsystem is executed 1710 */ 1711 if (c->type == SSH_CHANNEL_LARVAL) { 1712 if (strcmp(rtype, "shell") == 0) { 1713 success = session_shell_req(ssh, s); 1714 } else if (strcmp(rtype, "exec") == 0) { 1715 success = session_exec_req(ssh, s); 1716 } else if (strcmp(rtype, "pty-req") == 0) { 1717 success = session_pty_req(ssh, s); 1718 } else if (strcmp(rtype, "x11-req") == 0) { 1719 success = session_x11_req(ssh, s); 1720 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) { 1721 success = session_auth_agent_req(ssh, s); 1722 } else if (strcmp(rtype, "subsystem") == 0) { 1723 success = session_subsystem_req(ssh, s); 1724 } else if (strcmp(rtype, "env") == 0) { 1725 success = session_env_req(ssh, s); 1726 } 1727 } 1728 if (strcmp(rtype, "window-change") == 0) { 1729 success = session_window_change_req(ssh, s); 1730 } else if (strcmp(rtype, "break") == 0) { 1731 success = session_break_req(ssh, s); 1732 } 1733 1734 return success; 1735 } 1736 1737 void 1738 session_set_fds(struct ssh *ssh, Session *s, 1739 int fdin, int fdout, int fderr, int ignore_fderr, int is_tty) 1740 { 1741 /* 1742 * now that have a child and a pipe to the child, 1743 * we can activate our channel and register the fd's 1744 */ 1745 if (s->chanid == -1) 1746 fatal("no channel for session %d", s->self); 1747 channel_set_fds(ssh, s->chanid, 1748 fdout, fdin, fderr, 1749 ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, 1750 1, is_tty, CHAN_SES_WINDOW_DEFAULT); 1751 } 1752 1753 /* 1754 * Function to perform pty cleanup. Also called if we get aborted abnormally 1755 * (e.g., due to a dropped connection). 1756 */ 1757 void 1758 session_pty_cleanup2(Session *s) 1759 { 1760 if (s == NULL) { 1761 error("session_pty_cleanup: no session"); 1762 return; 1763 } 1764 if (s->ttyfd == -1) 1765 return; 1766 1767 debug("session_pty_cleanup: session %d release %s", s->self, s->tty); 1768 1769 /* Record that the user has logged out. */ 1770 if (s->pid != 0) 1771 record_logout(s->pid, s->tty); 1772 1773 /* Release the pseudo-tty. */ 1774 if (getuid() == 0) 1775 pty_release(s->tty); 1776 1777 /* 1778 * Close the server side of the socket pairs. We must do this after 1779 * the pty cleanup, so that another process doesn't get this pty 1780 * while we're still cleaning up. 1781 */ 1782 if (s->ptymaster != -1 && close(s->ptymaster) < 0) 1783 error("close(s->ptymaster/%d): %s", 1784 s->ptymaster, strerror(errno)); 1785 1786 /* unlink pty from session */ 1787 s->ttyfd = -1; 1788 } 1789 1790 void 1791 session_pty_cleanup(Session *s) 1792 { 1793 PRIVSEP(session_pty_cleanup2(s)); 1794 } 1795 1796 static char * 1797 sig2name(int sig) 1798 { 1799 #define SSH_SIG(x) if (sig == SIG ## x) return #x 1800 SSH_SIG(ABRT); 1801 SSH_SIG(ALRM); 1802 SSH_SIG(FPE); 1803 SSH_SIG(HUP); 1804 SSH_SIG(ILL); 1805 SSH_SIG(INT); 1806 SSH_SIG(KILL); 1807 SSH_SIG(PIPE); 1808 SSH_SIG(QUIT); 1809 SSH_SIG(SEGV); 1810 SSH_SIG(TERM); 1811 SSH_SIG(USR1); 1812 SSH_SIG(USR2); 1813 #undef SSH_SIG 1814 return "SIG@openssh.com"; 1815 } 1816 1817 static void 1818 session_close_x11(struct ssh *ssh, int id) 1819 { 1820 Channel *c; 1821 1822 if ((c = channel_by_id(ssh, id)) == NULL) { 1823 debug("%s: x11 channel %d missing", __func__, id); 1824 } else { 1825 /* Detach X11 listener */ 1826 debug("%s: detach x11 channel %d", __func__, id); 1827 channel_cancel_cleanup(ssh, id); 1828 if (c->ostate != CHAN_OUTPUT_CLOSED) 1829 chan_mark_dead(ssh, c); 1830 } 1831 } 1832 1833 static void 1834 session_close_single_x11(struct ssh *ssh, int id, void *arg) 1835 { 1836 Session *s; 1837 u_int i; 1838 1839 debug3("%s: channel %d", __func__, id); 1840 channel_cancel_cleanup(ssh, id); 1841 if ((s = session_by_x11_channel(id)) == NULL) 1842 fatal("%s: no x11 channel %d", __func__, id); 1843 for (i = 0; s->x11_chanids[i] != -1; i++) { 1844 debug("%s: session %d: closing channel %d", 1845 __func__, s->self, s->x11_chanids[i]); 1846 /* 1847 * The channel "id" is already closing, but make sure we 1848 * close all of its siblings. 1849 */ 1850 if (s->x11_chanids[i] != id) 1851 session_close_x11(ssh, s->x11_chanids[i]); 1852 } 1853 free(s->x11_chanids); 1854 s->x11_chanids = NULL; 1855 free(s->display); 1856 s->display = NULL; 1857 free(s->auth_proto); 1858 s->auth_proto = NULL; 1859 free(s->auth_data); 1860 s->auth_data = NULL; 1861 free(s->auth_display); 1862 s->auth_display = NULL; 1863 } 1864 1865 static void 1866 session_exit_message(struct ssh *ssh, Session *s, int status) 1867 { 1868 Channel *c; 1869 1870 if ((c = channel_lookup(ssh, s->chanid)) == NULL) 1871 fatal("%s: session %d: no channel %d", 1872 __func__, s->self, s->chanid); 1873 debug("%s: session %d channel %d pid %ld", 1874 __func__, s->self, s->chanid, (long)s->pid); 1875 1876 if (WIFEXITED(status)) { 1877 channel_request_start(ssh, s->chanid, "exit-status", 0); 1878 packet_put_int(WEXITSTATUS(status)); 1879 packet_send(); 1880 } else if (WIFSIGNALED(status)) { 1881 channel_request_start(ssh, s->chanid, "exit-signal", 0); 1882 packet_put_cstring(sig2name(WTERMSIG(status))); 1883 packet_put_char(WCOREDUMP(status)? 1 : 0); 1884 packet_put_cstring(""); 1885 packet_put_cstring(""); 1886 packet_send(); 1887 } else { 1888 /* Some weird exit cause. Just exit. */ 1889 packet_disconnect("wait returned status %04x.", status); 1890 } 1891 1892 /* disconnect channel */ 1893 debug("%s: release channel %d", __func__, s->chanid); 1894 1895 /* 1896 * Adjust cleanup callback attachment to send close messages when 1897 * the channel gets EOF. The session will be then be closed 1898 * by session_close_by_channel when the childs close their fds. 1899 */ 1900 channel_register_cleanup(ssh, c->self, session_close_by_channel, 1); 1901 1902 /* 1903 * emulate a write failure with 'chan_write_failed', nobody will be 1904 * interested in data we write. 1905 * Note that we must not call 'chan_read_failed', since there could 1906 * be some more data waiting in the pipe. 1907 */ 1908 if (c->ostate != CHAN_OUTPUT_CLOSED) 1909 chan_write_failed(ssh, c); 1910 } 1911 1912 void 1913 session_close(struct ssh *ssh, Session *s) 1914 { 1915 u_int i; 1916 1917 verbose("Close session: user %s from %.200s port %d id %d", 1918 s->pw->pw_name, 1919 ssh_remote_ipaddr(ssh), 1920 ssh_remote_port(ssh), 1921 s->self); 1922 1923 if (s->ttyfd != -1) 1924 session_pty_cleanup(s); 1925 free(s->term); 1926 free(s->display); 1927 free(s->x11_chanids); 1928 free(s->auth_display); 1929 free(s->auth_data); 1930 free(s->auth_proto); 1931 free(s->subsys); 1932 if (s->env != NULL) { 1933 for (i = 0; i < s->num_env; i++) { 1934 free(s->env[i].name); 1935 free(s->env[i].val); 1936 } 1937 free(s->env); 1938 } 1939 session_proctitle(s); 1940 session_unused(s->self); 1941 } 1942 1943 void 1944 session_close_by_pid(struct ssh *ssh, pid_t pid, int status) 1945 { 1946 Session *s = session_by_pid(pid); 1947 if (s == NULL) { 1948 debug("%s: no session for pid %ld", __func__, (long)pid); 1949 return; 1950 } 1951 if (s->chanid != -1) 1952 session_exit_message(ssh, s, status); 1953 if (s->ttyfd != -1) 1954 session_pty_cleanup(s); 1955 s->pid = 0; 1956 } 1957 1958 /* 1959 * this is called when a channel dies before 1960 * the session 'child' itself dies 1961 */ 1962 void 1963 session_close_by_channel(struct ssh *ssh, int id, void *arg) 1964 { 1965 Session *s = session_by_channel(id); 1966 u_int i; 1967 1968 if (s == NULL) { 1969 debug("%s: no session for id %d", __func__, id); 1970 return; 1971 } 1972 debug("%s: channel %d child %ld", __func__, id, (long)s->pid); 1973 if (s->pid != 0) { 1974 debug("%s: channel %d: has child", __func__, id); 1975 /* 1976 * delay detach of session, but release pty, since 1977 * the fd's to the child are already closed 1978 */ 1979 if (s->ttyfd != -1) 1980 session_pty_cleanup(s); 1981 return; 1982 } 1983 /* detach by removing callback */ 1984 channel_cancel_cleanup(ssh, s->chanid); 1985 1986 /* Close any X11 listeners associated with this session */ 1987 if (s->x11_chanids != NULL) { 1988 for (i = 0; s->x11_chanids[i] != -1; i++) { 1989 session_close_x11(ssh, s->x11_chanids[i]); 1990 s->x11_chanids[i] = -1; 1991 } 1992 } 1993 1994 s->chanid = -1; 1995 session_close(ssh, s); 1996 } 1997 1998 void 1999 session_destroy_all(struct ssh *ssh, void (*closefunc)(Session *)) 2000 { 2001 int i; 2002 for (i = 0; i < sessions_nalloc; i++) { 2003 Session *s = &sessions[i]; 2004 if (s->used) { 2005 if (closefunc != NULL) 2006 closefunc(s); 2007 else 2008 session_close(ssh, s); 2009 } 2010 } 2011 } 2012 2013 static char * 2014 session_tty_list(void) 2015 { 2016 static char buf[1024]; 2017 int i; 2018 buf[0] = '\0'; 2019 for (i = 0; i < sessions_nalloc; i++) { 2020 Session *s = &sessions[i]; 2021 if (s->used && s->ttyfd != -1) { 2022 if (buf[0] != '\0') 2023 strlcat(buf, ",", sizeof buf); 2024 strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf); 2025 } 2026 } 2027 if (buf[0] == '\0') 2028 strlcpy(buf, "notty", sizeof buf); 2029 return buf; 2030 } 2031 2032 void 2033 session_proctitle(Session *s) 2034 { 2035 if (s->pw == NULL) 2036 error("no user for session %d", s->self); 2037 else 2038 setproctitle("%s@%s", s->pw->pw_name, session_tty_list()); 2039 } 2040 2041 int 2042 session_setup_x11fwd(struct ssh *ssh, Session *s) 2043 { 2044 struct stat st; 2045 char display[512], auth_display[512]; 2046 char hostname[NI_MAXHOST]; 2047 u_int i; 2048 2049 if (no_x11_forwarding_flag) { 2050 packet_send_debug("X11 forwarding disabled in user configuration file."); 2051 return 0; 2052 } 2053 if (!options.x11_forwarding) { 2054 debug("X11 forwarding disabled in server configuration file."); 2055 return 0; 2056 } 2057 if (options.xauth_location == NULL || 2058 (stat(options.xauth_location, &st) == -1)) { 2059 packet_send_debug("No xauth program; cannot forward with spoofing."); 2060 return 0; 2061 } 2062 if (s->display != NULL) { 2063 debug("X11 display already set."); 2064 return 0; 2065 } 2066 if (x11_create_display_inet(ssh, options.x11_display_offset, 2067 options.x11_use_localhost, s->single_connection, 2068 &s->display_number, &s->x11_chanids) == -1) { 2069 debug("x11_create_display_inet failed."); 2070 return 0; 2071 } 2072 for (i = 0; s->x11_chanids[i] != -1; i++) { 2073 channel_register_cleanup(ssh, s->x11_chanids[i], 2074 session_close_single_x11, 0); 2075 } 2076 2077 /* Set up a suitable value for the DISPLAY variable. */ 2078 if (gethostname(hostname, sizeof(hostname)) < 0) 2079 fatal("gethostname: %.100s", strerror(errno)); 2080 /* 2081 * auth_display must be used as the displayname when the 2082 * authorization entry is added with xauth(1). This will be 2083 * different than the DISPLAY string for localhost displays. 2084 */ 2085 if (options.x11_use_localhost) { 2086 snprintf(display, sizeof display, "localhost:%u.%u", 2087 s->display_number, s->screen); 2088 snprintf(auth_display, sizeof auth_display, "unix:%u.%u", 2089 s->display_number, s->screen); 2090 s->display = xstrdup(display); 2091 s->auth_display = xstrdup(auth_display); 2092 } else { 2093 snprintf(display, sizeof display, "%.400s:%u.%u", hostname, 2094 s->display_number, s->screen); 2095 s->display = xstrdup(display); 2096 s->auth_display = xstrdup(display); 2097 } 2098 2099 return 1; 2100 } 2101 2102 static void 2103 do_authenticated2(struct ssh *ssh, Authctxt *authctxt) 2104 { 2105 server_loop2(ssh, authctxt); 2106 } 2107 2108 void 2109 do_cleanup(struct ssh *ssh, Authctxt *authctxt) 2110 { 2111 static int called = 0; 2112 2113 debug("do_cleanup"); 2114 2115 /* no cleanup if we're in the child for login shell */ 2116 if (is_child) 2117 return; 2118 2119 /* avoid double cleanup */ 2120 if (called) 2121 return; 2122 called = 1; 2123 2124 if (authctxt == NULL || !authctxt->authenticated) 2125 return; 2126 #ifdef KRB5 2127 if (options.kerberos_ticket_cleanup && 2128 authctxt->krb5_ctx) 2129 krb5_cleanup_proc(authctxt); 2130 #endif 2131 2132 #ifdef GSSAPI 2133 if (options.gss_cleanup_creds) 2134 ssh_gssapi_cleanup_creds(); 2135 #endif 2136 2137 /* remove agent socket */ 2138 auth_sock_cleanup_proc(authctxt->pw); 2139 2140 /* remove userauth info */ 2141 if (auth_info_file != NULL) { 2142 temporarily_use_uid(authctxt->pw); 2143 unlink(auth_info_file); 2144 restore_uid(); 2145 free(auth_info_file); 2146 auth_info_file = NULL; 2147 } 2148 2149 /* 2150 * Cleanup ptys/utmp only if privsep is disabled, 2151 * or if running in monitor. 2152 */ 2153 if (!use_privsep || mm_is_monitor()) 2154 session_destroy_all(ssh, session_pty_cleanup2); 2155 } 2156 2157 /* Return a name for the remote host that fits inside utmp_size */ 2158 2159 const char * 2160 session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns) 2161 { 2162 const char *remote = ""; 2163 2164 if (utmp_size > 0) 2165 remote = auth_get_canonical_hostname(ssh, use_dns); 2166 if (utmp_size == 0 || strlen(remote) > utmp_size) 2167 remote = ssh_remote_ipaddr(ssh); 2168 return remote; 2169 } 2170 2171