Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/session.c,v rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/session.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.24 retrieving revision 1.24.2.1 diff -u -p -r1.24 -r1.24.2.1 --- src/crypto/external/bsd/openssh/dist/session.c 2018/04/06 18:59:00 1.24 +++ src/crypto/external/bsd/openssh/dist/session.c 2019/06/10 21:41:12 1.24.2.1 @@ -1,5 +1,5 @@ -/* $NetBSD: session.c,v 1.24 2018/04/06 18:59:00 christos Exp $ */ -/* $OpenBSD: session.c,v 1.294 2018/03/03 03:15:51 djm Exp $ */ +/* $NetBSD: session.c,v 1.24.2.1 2019/06/10 21:41:12 christos Exp $ */ +/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -35,7 +35,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.24 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: session.c,v 1.24.2.1 2019/06/10 21:41:12 christos Exp $"); #include #include #include @@ -63,12 +63,13 @@ __RCSID("$NetBSD: session.c,v 1.24 2018/ #include "ssh2.h" #include "sshpty.h" #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "match.h" #include "uidswap.h" #include "compat.h" #include "channels.h" -#include "key.h" +#include "sshkey.h" #include "cipher.h" #include "kex.h" #include "hostfile.h" @@ -126,9 +127,9 @@ extern int debug_flag; extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; -char *tun_fwd_ifnames; /* serverloop.c */ +extern char *tun_fwd_ifnames; /* serverloop.c */ /* original command from peer. */ const char *original_command = NULL; @@ -190,7 +191,7 @@ auth_input_request_forwarding(struct ssh /* Create private directory for socket */ if (mkdtemp(auth_sock_dir) == NULL) { - packet_send_debug("Agent forwarding disabled: " + ssh_packet_send_debug(ssh, "Agent forwarding disabled: " "mkdtemp() failed: %.100s", strerror(errno)); restore_uid(); free(auth_sock_dir); @@ -223,7 +224,9 @@ auth_input_request_forwarding(struct ssh authsock_err: free(auth_sock_name); if (auth_sock_dir != NULL) { + temporarily_use_uid(pw); rmdir(auth_sock_dir); + restore_uid(); free(auth_sock_dir); } if (sock != -1) @@ -236,11 +239,14 @@ auth_input_request_forwarding(struct ssh static void display_loginmsg(void) { - if (buffer_len(&loginmsg) > 0) { - buffer_append(&loginmsg, "\0", 1); - printf("%s", (char *)buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); - } + int r; + + if (sshbuf_len(loginmsg) == 0) + return; + if ((r = sshbuf_put_u8(loginmsg, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + printf("%s", (const char *)sshbuf_ptr(loginmsg)); + sshbuf_reset(loginmsg); } static void @@ -278,26 +284,43 @@ prepare_auth_info_file(struct passwd *pw } static void -set_permitopen_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) +set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts) { char *tmp, *cp, *host; int port; size_t i; - if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) - return; - channel_clear_permitted_opens(ssh); - for (i = 0; i < auth_opts->npermitopen; i++) { - tmp = cp = xstrdup(auth_opts->permitopen[i]); - /* This shouldn't fail as it has already been checked */ - if ((host = hpdelim(&cp)) == NULL) - fatal("%s: internal error: hpdelim", __func__); - host = cleanhostname(host); - if (cp == NULL || (port = permitopen_port(cp)) < 0) - fatal("%s: internal error: permitopen port", - __func__); - channel_add_permitted_opens(ssh, host, port); - free(tmp); + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) { + channel_clear_permission(ssh, FORWARD_USER, FORWARD_LOCAL); + for (i = 0; i < auth_opts->npermitopen; i++) { + tmp = cp = xstrdup(auth_opts->permitopen[i]); + /* This shouldn't fail as it has already been checked */ + if ((host = hpdelim(&cp)) == NULL) + fatal("%s: internal error: hpdelim", __func__); + host = cleanhostname(host); + if (cp == NULL || (port = permitopen_port(cp)) < 0) + fatal("%s: internal error: permitopen port", + __func__); + channel_add_permission(ssh, + FORWARD_USER, FORWARD_LOCAL, host, port); + free(tmp); + } + } + if ((options.allow_tcp_forwarding & FORWARD_REMOTE) != 0) { + channel_clear_permission(ssh, FORWARD_USER, FORWARD_REMOTE); + for (i = 0; i < auth_opts->npermitlisten; i++) { + tmp = cp = xstrdup(auth_opts->permitlisten[i]); + /* This shouldn't fail as it has already been checked */ + if ((host = hpdelim(&cp)) == NULL) + fatal("%s: internal error: hpdelim", __func__); + host = cleanhostname(host); + if (cp == NULL || (port = permitopen_port(cp)) < 0) + fatal("%s: internal error: permitlisten port", + __func__); + channel_add_permission(ssh, + FORWARD_USER, FORWARD_REMOTE, host, port); + free(tmp); + } } } @@ -310,15 +333,23 @@ do_authenticated(struct ssh *ssh, Authct /* setup the channel layer */ /* XXX - streamlocal? */ - set_permitopen_from_authopts(ssh, auth_opts); - if (!auth_opts->permit_port_forwarding_flag || - options.disable_forwarding || - (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) - channel_disable_adm_local_opens(ssh); - else - channel_permit_all_opens(ssh); + set_fwdpermit_from_authopts(ssh, auth_opts); - auth_debug_send(); + if (!auth_opts->permit_port_forwarding_flag || + options.disable_forwarding) { + channel_disable_admin(ssh, FORWARD_LOCAL); + channel_disable_admin(ssh, FORWARD_REMOTE); + } else { + if ((options.allow_tcp_forwarding & FORWARD_LOCAL) == 0) + channel_disable_admin(ssh, FORWARD_LOCAL); + else + channel_permit_all(ssh, FORWARD_LOCAL); + if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0) + channel_disable_admin(ssh, FORWARD_REMOTE); + else + channel_permit_all(ssh, FORWARD_REMOTE); + } + auth_debug_send(ssh); prepare_auth_info_file(authctxt->pw, authctxt->session_info); @@ -337,7 +368,7 @@ xauth_valid_string(const char *s) if (!isalnum((u_char)s[i]) && s[i] != '.' && s[i] != ':' && s[i] != '/' && s[i] != '-' && s[i] != '_') - return 0; + return 0; } return 1; } @@ -483,7 +514,7 @@ do_exec_no_pty(struct ssh *ssh, Session s->pid = pid; /* Set interactive/non-interactive mode. */ - packet_set_interactive(s->display != NULL, + ssh_packet_set_interactive(ssh, s->display != NULL, options.ip_qos_interactive, options.ip_qos_bulk); #ifdef USE_PIPES @@ -503,7 +534,7 @@ do_exec_no_pty(struct ssh *ssh, Session * Enter the interactive session. Note: server_loop must be able to * handle the case that fdin and fdout are the same. */ - session_set_fds(s, inout[1], inout[1], err[1], + session_set_fds(ssh, s, inout[1], inout[1], err[1], s->is_subsystem, 0); #endif return 0; @@ -606,7 +637,7 @@ do_exec_pty(struct ssh *ssh, Session *s, /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1, + ssh_packet_set_interactive(ssh, 1, options.ip_qos_interactive, options.ip_qos_bulk); session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1); return 0; @@ -632,7 +663,9 @@ do_exec(struct ssh *ssh, Session *s, con command = auth_opts->force_command; forced = "(key-option)"; } + s->forced = 0; if (forced != NULL) { + s->forced = 1; if (IS_INTERNAL_SFTP(command)) { s->is_subsystem = s->is_subsystem ? SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR; @@ -684,7 +717,7 @@ do_exec(struct ssh *ssh, Session *s, con * it to the user, otherwise multiple sessions may accumulate * multiple copies of the login messages. */ - buffer_clear(&loginmsg); + sshbuf_reset(loginmsg); return ret; } @@ -705,11 +738,11 @@ do_login(struct ssh *ssh, Session *s, co */ memset(&from, 0, sizeof(from)); fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), + if (ssh_packet_connection_is_on_socket(ssh)) { + if (getpeername(ssh_packet_get_connection_in(ssh), (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); - cleanup_exit(255); + cleanup_exit(254); } } @@ -795,24 +828,26 @@ check_quietlogin(Session *s, const char * into the environment. If the file does not exist, this does nothing. * Otherwise, it must consist of empty lines, comments (line starts with '#') * and assignments of the form name=value. No other forms are allowed. + * If whitelist is not NULL, then it is interpreted as a pattern list and + * only variable names that match it will be accepted. */ static void read_environment_file(char ***env, u_int *envsize, - const char *filename) + const char *filename, const char *whitelist) { FILE *f; - char buf[4096]; - char *cp, *value; + char *line = NULL, *cp, *value; + size_t linesize = 0; u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; - while (fgets(buf, sizeof(buf), f)) { + while (getline(&line, &linesize, f) != -1) { if (++lineno > 1000) fatal("Too many lines in environment file %s", filename); - for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') continue; @@ -831,8 +866,12 @@ read_environment_file(char ***env, u_int */ *value = '\0'; value++; + if (whitelist != NULL && + match_pattern_list(cp, whitelist, 0) != 1) + continue; child_set_env(env, envsize, cp, value); } + free(line); fclose(f); } @@ -868,7 +907,7 @@ do_setup_env(struct ssh *ssh, Session *s char buf[256]; size_t n; u_int i, envsize; - char *ocp, *cp, **env, *laddr; + char *ocp, *cp, *value, **env, *laddr; struct passwd *pw = s->pw; /* Initialize the environment. */ @@ -903,6 +942,19 @@ do_setup_env(struct ssh *ssh, Session *s if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); + if (s->term) + child_set_env(&env, &envsize, "TERM", s->term); + if (s->display) + child_set_env(&env, &envsize, "DISPLAY", s->display); +#ifdef KRB5 + if (s->authctxt->krb5_ticket_file) + child_set_env(&env, &envsize, "KRB5CCNAME", + s->authctxt->krb5_ticket_file); +#endif + if (auth_sock_name != NULL) + child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, + auth_sock_name); + /* Set custom environment options from pubkey authentication. */ if (options.permit_user_env) { @@ -911,19 +963,43 @@ do_setup_env(struct ssh *ssh, Session *s cp = strchr(ocp, '='); if (*cp == '=') { *cp = '\0'; - child_set_env(&env, &envsize, ocp, cp + 1); + /* Apply PermitUserEnvironment whitelist */ + if (options.permit_user_env_whitelist == NULL || + match_pattern_list(ocp, + options.permit_user_env_whitelist, 0) == 1) + child_set_env(&env, &envsize, + ocp, cp + 1); } free(ocp); } } + /* read $HOME/.ssh/environment. */ + if (options.permit_user_env) { + snprintf(buf, sizeof buf, "%.200s/.ssh/environment", + pw->pw_dir); + read_environment_file(&env, &envsize, buf, + options.permit_user_env_whitelist); + } + + /* Environment specified by admin */ + for (i = 0; i < options.num_setenv; i++) { + cp = xstrdup(options.setenv[i]); + if ((value = strchr(cp, '=')) == NULL) { + /* shouldn't happen; vars are checked in servconf.c */ + fatal("Invalid config SetEnv: %s", options.setenv[i]); + } + *value++ = '\0'; + child_set_env(&env, &envsize, cp, value); + } + /* SSH_CLIENT deprecated */ snprintf(buf, sizeof buf, "%.50s %d %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_local_port(ssh)); child_set_env(&env, &envsize, "SSH_CLIENT", buf); - laddr = get_local_ipaddr(packet_get_connection_in()); + laddr = get_local_ipaddr(ssh_packet_get_connection_in(ssh)); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), laddr, ssh_local_port(ssh)); @@ -936,10 +1012,6 @@ do_setup_env(struct ssh *ssh, Session *s child_set_env(&env, &envsize, "SSH_USER_AUTH", auth_info_file); if (s->ttyfd != -1) child_set_env(&env, &envsize, "SSH_TTY", s->tty); - if (s->term) - child_set_env(&env, &envsize, "TERM", s->term); - if (s->display) - child_set_env(&env, &envsize, "DISPLAY", s->display); if (original_command) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -971,16 +1043,6 @@ do_setup_env(struct ssh *ssh, Session *s } #endif /* USE_PAM */ - if (auth_sock_name != NULL) - child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_sock_name); - - /* read $HOME/.ssh/environment. */ - if (options.permit_user_env) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", - pw->pw_dir); - read_environment_file(&env, &envsize, buf); - } if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); @@ -1106,7 +1168,7 @@ safely_chroot(const char *path, uid_t ui char component[PATH_MAX]; struct stat st; - if (*path != '/') + if (!path_absolute(path)) fatal("chroot path does not begin at root"); if (strlen(path) >= sizeof(component)) fatal("chroot path too long"); @@ -1131,7 +1193,7 @@ safely_chroot(const char *path, uid_t ui component, strerror(errno)); if (st.st_uid != 0 || (st.st_mode & 022) != 0) fatal("bad ownership or modes for chroot " - "directory %s\"%s\"", + "directory %s\"%s\"", cp == NULL ? "" : "component ", component); if (!S_ISDIR(st.st_mode)) fatal("chroot path %s\"%s\" is not a directory", @@ -1154,7 +1216,7 @@ safely_chroot(const char *path, uid_t ui void do_setusercontext(struct passwd *pw) { - char *chroot_path, *tmp; + char uidstr[32], *chroot_path, *tmp; if (getuid() == 0 || geteuid() == 0) { #ifdef HAVE_LOGIN_CAP @@ -1198,8 +1260,10 @@ do_setusercontext(struct passwd *pw) strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); chroot_path = percent_expand(tmp, "h", pw->pw_dir, - "u", pw->pw_name, (char *)NULL); + "u", pw->pw_name, "U", uidstr, (char *)NULL); safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); @@ -1255,11 +1319,12 @@ child_close_fds(struct ssh *ssh) auth_sock = -1; } - if (packet_get_connection_in() == packet_get_connection_out()) - close(packet_get_connection_in()); + if (ssh_packet_get_connection_in(ssh) == + ssh_packet_get_connection_out(ssh)) + close(ssh_packet_get_connection_in(ssh)); else { - close(packet_get_connection_in()); - close(packet_get_connection_out()); + close(ssh_packet_get_connection_in(ssh)); + close(ssh_packet_get_connection_out(ssh)); } /* * Close all descriptors related to channels. They will still remain @@ -1293,15 +1358,16 @@ void do_child(struct ssh *ssh, Session *s, const char *command) { extern char **environ; - char **env; - char *argv[ARGV_MAX]; + char **env, *argv[ARGV_MAX], remote_id[512]; const char *shell, *shell0; struct passwd *pw = s->pw; int r = 0; + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + /* remove hostkey from the child's memory */ destroy_sensitive_data(); - packet_clear_keys(); + ssh_packet_clear_keys(ssh); /* Force a password change */ if (s->authctxt->force_pwchange) { @@ -1403,6 +1469,8 @@ do_child(struct ssh *ssh, Session *s, co signal(SIGPIPE, SIG_DFL); if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) { + error("Connection from %s: refusing non-sftp session", + remote_id); printf("This service allows sftp connections only.\n"); fflush(NULL); exit(1); @@ -1642,11 +1710,14 @@ session_by_pid(pid_t pid) static int session_window_change_req(struct ssh *ssh, Session *s) { - s->col = packet_get_int(); - s->row = packet_get_int(); - s->xpixel = packet_get_int(); - s->ypixel = packet_get_int(); - packet_check_eom(); + int r; + + if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 || + (r = sshpkt_get_u32(ssh, &s->row)) != 0 || + (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || + (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); return 1; } @@ -1654,23 +1725,23 @@ session_window_change_req(struct ssh *ss static int session_pty_req(struct ssh *ssh, Session *s) { - u_int len; - int n_bytes; + int r; if (!auth_opts->permit_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this connection."); return 0; } if (s->ttyfd != -1) { - packet_disconnect("Protocol error: you already have a pty."); + ssh_packet_disconnect(ssh, "Protocol error: you already have a pty."); return 0; } - s->term = packet_get_string(&len); - s->col = packet_get_int(); - s->row = packet_get_int(); - s->xpixel = packet_get_int(); - s->ypixel = packet_get_int(); + if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &s->col)) != 0 || + (r = sshpkt_get_u32(ssh, &s->row)) != 0 || + (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 || + (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (strcmp(s->term, "") == 0) { free(s->term); @@ -1690,8 +1761,10 @@ session_pty_req(struct ssh *ssh, Session } debug("session_pty_req: session %d alloc %s", s->self, s->tty); - n_bytes = packet_remaining(); - tty_parse_modes(s->ttyfd, &n_bytes); + ssh_tty_parse_modes(ssh, s->ttyfd); + + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!use_privsep) pty_setowner(s->pw, s->tty); @@ -1699,7 +1772,6 @@ session_pty_req(struct ssh *ssh, Session /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); - packet_check_eom(); session_proctitle(s); return 1; } @@ -1708,13 +1780,13 @@ static int session_subsystem_req(struct ssh *ssh, Session *s) { struct stat st; - u_int len; - int success = 0; + int r, success = 0; char *prog, *cmd; u_int i; - s->subsys = packet_get_string(&len); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); debug2("subsystem request for %.100s by user %s", s->subsys, s->pw->pw_name); @@ -1747,18 +1819,22 @@ session_subsystem_req(struct ssh *ssh, S static int session_x11_req(struct ssh *ssh, Session *s) { - int success; + int r, success; + u_char single_connection = 0; if (s->auth_proto != NULL || s->auth_data != NULL) { error("session_x11_req: session %d: " "x11 forwarding already active", s->self); return 0; } - s->single_connection = packet_get_char(); - s->auth_proto = packet_get_string(NULL); - s->auth_data = packet_get_string(NULL); - s->screen = packet_get_int(); - packet_check_eom(); + if ((r = sshpkt_get_u8(ssh, &single_connection)) != 0 || + (r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 || + (r = sshpkt_get_u32(ssh, &s->screen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + + s->single_connection = single_connection; if (xauth_valid_string(s->auth_proto) && xauth_valid_string(s->auth_data)) @@ -1779,17 +1855,24 @@ session_x11_req(struct ssh *ssh, Session static int session_shell_req(struct ssh *ssh, Session *s) { - packet_check_eom(); + int r; + + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); return do_exec(ssh, s, NULL) == 0; } static int session_exec_req(struct ssh *ssh, Session *s) { - u_int len, success; + u_int success; + int r; + char *command = NULL; + + if ((r = sshpkt_get_cstring(ssh, &command, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - char *command = packet_get_string(&len); - packet_check_eom(); success = do_exec(ssh, s, command) == 0; free(command); return success; @@ -1798,9 +1881,11 @@ session_exec_req(struct ssh *ssh, Sessio static int session_break_req(struct ssh *ssh, Session *s) { + int r; - packet_get_int(); /* ignored */ - packet_check_eom(); + if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* ignore */ + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) return 0; @@ -1811,11 +1896,13 @@ static int session_env_req(struct ssh *ssh, Session *s) { char *name, *val; - u_int name_len, val_len, i; + u_int i; + int r; - name = packet_get_cstring(&name_len); - val = packet_get_cstring(&val_len); - packet_check_eom(); + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 || + (r = sshpkt_get_cstring(ssh, &val, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); /* Don't set too many environment variables */ if (s->num_env > 128) { @@ -1842,12 +1929,84 @@ session_env_req(struct ssh *ssh, Session return (0); } +/* + * Conversion of signals from ssh channel request names. + * Subset of signals from RFC 4254 section 6.10C, with SIGINFO as + * local extension. + */ +static int +name2sig(char *name) +{ +#define SSH_SIG(x) if (strcmp(name, #x) == 0) return SIG ## x + SSH_SIG(HUP); + SSH_SIG(INT); + SSH_SIG(KILL); + SSH_SIG(QUIT); + SSH_SIG(TERM); + SSH_SIG(USR1); + SSH_SIG(USR2); +#undef SSH_SIG + if (strcmp(name, "INFO@openssh.com") == 0) + return SIGINFO; + return -1; +} + +static int +session_signal_req(struct ssh *ssh, Session *s) +{ + char *signame = NULL; + int r, sig, success = 0; + + if ((r = sshpkt_get_cstring(ssh, &signame, NULL)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) { + error("%s: parse packet: %s", __func__, ssh_err(r)); + goto out; + } + if ((sig = name2sig(signame)) == -1) { + error("%s: unsupported signal \"%s\"", __func__, signame); + goto out; + } + if (s->pid <= 0) { + error("%s: no pid for session %d", __func__, s->self); + goto out; + } + if (s->forced || s->is_subsystem) { + error("%s: refusing to send signal %s to %s session", __func__, + signame, s->forced ? "forced-command" : "subsystem"); + goto out; + } + if (!use_privsep || mm_is_monitor()) { + error("%s: session signalling requires privilege separation", + __func__); + goto out; + } + + debug("%s: signal %s, killpg(%ld, %d)", __func__, signame, + (long)s->pid, sig); + temporarily_use_uid(s->pw); + r = killpg(s->pid, sig); + restore_uid(); + if (r != 0) { + error("%s: killpg(%ld, %d): %s", __func__, (long)s->pid, + sig, strerror(errno)); + goto out; + } + + /* success */ + success = 1; + out: + free(signame); + return success; +} + static int session_auth_agent_req(struct ssh *ssh, Session *s) { static int called = 0; + int r; - packet_check_eom(); + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); if (!auth_opts->permit_agent_forwarding_flag || !options.allow_agent_forwarding) { debug("%s: agent forwarding disabled", __func__); @@ -1898,6 +2057,8 @@ session_input_channel_req(struct ssh *ss success = session_window_change_req(ssh, s); } else if (strcmp(rtype, "break") == 0) { success = session_break_req(ssh, s); + } else if (strcmp(rtype, "signal") == 0) { + success = session_signal_req(ssh, s); } return success; @@ -1933,13 +2094,13 @@ void session_pty_cleanup2(Session *s) { if (s == NULL) { - error("session_pty_cleanup: no session"); + error("%s: no session", __func__); return; } if (s->ttyfd == -1) return; - debug("session_pty_cleanup: session %d release %s", s->self, s->tty); + debug("%s: session %d release %s", __func__, s->self, s->tty); /* Record that the user has logged out. */ if (s->pid != 0) @@ -2041,6 +2202,7 @@ static void session_exit_message(struct ssh *ssh, Session *s, int status) { Channel *c; + int r; if ((c = channel_lookup(ssh, s->chanid)) == NULL) fatal("%s: session %d: no channel %d", @@ -2050,18 +2212,20 @@ session_exit_message(struct ssh *ssh, Se if (WIFEXITED(status)) { channel_request_start(ssh, s->chanid, "exit-status", 0); - packet_put_int(WEXITSTATUS(status)); - packet_send(); + if ((r = sshpkt_put_u32(ssh, WEXITSTATUS(status))) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: exit reply", __func__); } else if (WIFSIGNALED(status)) { channel_request_start(ssh, s->chanid, "exit-signal", 0); - packet_put_cstring(sig2name(WTERMSIG(status))); - packet_put_char(WCOREDUMP(status)? 1 : 0); - packet_put_cstring(""); - packet_put_cstring(""); - packet_send(); + if ((r = sshpkt_put_cstring(ssh, sig2name(WTERMSIG(status)))) != 0 || + (r = sshpkt_put_u8(ssh, WCOREDUMP(status)? 1 : 0)) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_put_cstring(ssh, "")) != 0 || + (r = sshpkt_send(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: exit reply", __func__); } else { /* Some weird exit cause. Just exit. */ - packet_disconnect("wait returned status %04x.", status); + ssh_packet_disconnect(ssh, "wait returned status %04x.", status); } /* disconnect channel */ @@ -2146,7 +2310,8 @@ session_close_by_channel(struct ssh *ssh } debug("%s: channel %d child %ld", __func__, id, (long)s->pid); if (s->pid != 0) { - debug("%s: channel %d: has child", __func__, id); + debug("%s: channel %d: has child, ttyfd %d", + __func__, id, s->ttyfd); /* * delay detach of session, but release pty, since * the fd's to the child are already closed @@ -2231,7 +2396,7 @@ session_setup_x11fwd(struct ssh *ssh, Se u_int i; if (!auth_opts->permit_x11_forwarding_flag) { - packet_send_debug("X11 forwarding disabled by key options."); + ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); return 0; } if (!options.x11_forwarding) { @@ -2240,7 +2405,7 @@ session_setup_x11fwd(struct ssh *ssh, Se } if (options.xauth_location == NULL || (stat(options.xauth_location, &st) == -1)) { - packet_send_debug("No xauth program; cannot forward X11."); + ssh_packet_send_debug(ssh, "No xauth program; cannot forward X11."); return 0; } if (s->display != NULL) {