diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-05-17 02:30:23 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-05-17 06:41:35 +0200 |
| commit | 03e3de416ed7c34faeb692967737be4a7bbe2eb5 (patch) | |
| tree | 6794217dbc0a1369e9d6e1b0a9f40534596a6648 /session.c | |
| parent | upstream: simplify exit message handling, which was more complicated (diff) | |
| download | openssh-03e3de416ed7c34faeb692967737be4a7bbe2eb5.tar.xz openssh-03e3de416ed7c34faeb692967737be4a7bbe2eb5.zip | |
upstream: Start the process of splitting sshd into separate
binaries. This step splits sshd into a listener and a session binary. More
splits are planned.
After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.
This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.
OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 36 |
1 files changed, 5 insertions, 31 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.337 2024/02/01 02:37:33 djm Exp $ */ +/* $OpenBSD: session.c,v 1.338 2024/05/17 00:30:24 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -738,8 +738,6 @@ do_login(struct ssh *ssh, Session *s, const char *command) { socklen_t fromlen; struct sockaddr_storage from; - struct passwd * pw = s->pw; - pid_t pid = getpid(); /* * Get IP address of client. If the connection is not a socket, let @@ -755,26 +753,6 @@ do_login(struct ssh *ssh, Session *s, const char *command) } } - /* Record that there was a login on that tty from the remote host. */ - if (!use_privsep) - record_login(pid, s->tty, pw->pw_name, pw->pw_uid, - session_get_remote_name_or_ip(ssh, utmp_len, - options.use_dns), - (struct sockaddr *)&from, fromlen); - -#ifdef USE_PAM - /* - * If password change is needed, do it now. - * This needs to occur before the ~/.hushlogin check. - */ - if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) { - display_loginmsg(); - do_pam_chauthtok(); - s->authctxt->force_pwchange = 0; - /* XXX - signal [net] parent to enable forwardings */ - } -#endif - if (check_quietlogin(s, command)) return; @@ -1924,8 +1902,7 @@ session_pty_req(struct ssh *ssh, Session *s) /* Allocate a pty and open it. */ debug("Allocating pty."); - if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, - sizeof(s->tty)))) { + if (!mm_pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) { free(s->term); s->term = NULL; s->ptyfd = -1; @@ -1940,9 +1917,6 @@ session_pty_req(struct ssh *ssh, Session *s) if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - if (!use_privsep) - pty_setowner(s->pw, s->tty); - /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); @@ -2160,7 +2134,7 @@ session_signal_req(struct ssh *ssh, Session *s) signame, s->forced ? "forced-command" : "subsystem"); goto out; } - if (!use_privsep || mm_is_monitor()) { + if (mm_is_monitor()) { error_f("session signalling requires privilege separation"); goto out; } @@ -2303,7 +2277,7 @@ session_pty_cleanup2(Session *s) void session_pty_cleanup(Session *s) { - PRIVSEP(session_pty_cleanup2(s)); + mm_session_pty_cleanup2(s); } static char * @@ -2712,7 +2686,7 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) * Cleanup ptys/utmp only if privsep is disabled, * or if running in monitor. */ - if (!use_privsep || mm_is_monitor()) + if (mm_is_monitor()) session_destroy_all(ssh, session_pty_cleanup2); } |