summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2009-11-19 23:39:51 +0000
committerDamien Miller <djm@cvs.openbsd.org>2009-11-19 23:39:51 +0000
commitbb42b7e937487b4963164cd22daec59530b2a2de (patch)
treec24dbe56dbb051a4fb83c9e5779e6c5c49a4b852
parent6279f0e454c58952697eaaef20230dac555d0988 (diff)
bz#1606: error when an attempt is made to connect to a server
with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@
-rw-r--r--usr.bin/ssh/session.c29
1 files changed, 18 insertions, 11 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 52f26632de0..6dc55c64e40 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.247 2009/10/06 04:46:40 djm Exp $ */
+/* $OpenBSD: session.c,v 1.248 2009/11/19 23:39:50 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -131,9 +131,10 @@ static int sessions_first_unused = -1;
static int sessions_nalloc = 0;
static Session *sessions = NULL;
-#define SUBSYSTEM_NONE 0
-#define SUBSYSTEM_EXT 1
-#define SUBSYSTEM_INT_SFTP 2
+#define SUBSYSTEM_NONE 0
+#define SUBSYSTEM_EXT 1
+#define SUBSYSTEM_INT_SFTP 2
+#define SUBSYSTEM_INT_SFTP_ERROR 3
login_cap_t *lc;
@@ -707,17 +708,19 @@ do_exec(Session *s, const char *command)
if (options.adm_forced_command) {
original_command = command;
command = options.adm_forced_command;
- if (IS_INTERNAL_SFTP(command))
- s->is_subsystem = SUBSYSTEM_INT_SFTP;
- else if (s->is_subsystem)
+ if (IS_INTERNAL_SFTP(command)) {
+ s->is_subsystem = s->is_subsystem ?
+ SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
+ } else if (s->is_subsystem)
s->is_subsystem = SUBSYSTEM_EXT;
debug("Forced command (config) '%.900s'", command);
} else if (forced_command) {
original_command = command;
command = forced_command;
- if (IS_INTERNAL_SFTP(command))
- s->is_subsystem = SUBSYSTEM_INT_SFTP;
- else if (s->is_subsystem)
+ if (IS_INTERNAL_SFTP(command)) {
+ s->is_subsystem = s->is_subsystem ?
+ SUBSYSTEM_INT_SFTP : SUBSYSTEM_INT_SFTP_ERROR;
+ } else if (s->is_subsystem)
s->is_subsystem = SUBSYSTEM_EXT;
debug("Forced command (key option) '%.900s'", command);
}
@@ -1387,7 +1390,11 @@ do_child(Session *s, const char *command)
/* restore SIGPIPE for child */
signal(SIGPIPE, SIG_DFL);
- if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
+ if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
+ printf("This service allows sftp connections only.\n");
+ fflush(NULL);
+ exit(1);
+ } else if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
extern int optind, optreset;
int i;
char *p, *args;