From e629722c72a9f0c815946d25a7cf6d686463021e Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 13 Jun 2001 19:18:04 +0000 Subject: - (bal) Applied X11 Cookie Patch. X11 Cookie behavior has changed to no longer use /tmp/ssh-XXXXX/ --- ChangeLog | 6 ++++- channels.c | 21 ++++++++++------- channels.h | 2 ++ session.c | 80 ++++---------------------------------------------------------- 4 files changed, 24 insertions(+), 85 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9fd0cc2c..9895d1ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20010614 + - (bal) Applied X11 Cookie Patch. X11 Cookie behavior has changed to + no longer use /tmp/ssh-XXXXX/ + 20010528 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c Patch by Corinna Vinschen @@ -5306,4 +5310,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1179.2.15 2001/05/28 17:21:43 tim Exp $ +$Id: ChangeLog,v 1.1179.2.16 2001/06/13 19:18:04 mouring Exp $ diff --git a/channels.c b/channels.c index 57890aec..23ee899a 100644 --- a/channels.c +++ b/channels.c @@ -2581,10 +2581,17 @@ auth_get_socket_name() /* removes the agent forwarding socket */ void -cleanup_socket(void) +auth_sock_cleanup_proc(void *_pw) { - unlink(channel_forwarded_auth_socket_name); - rmdir(channel_forwarded_auth_socket_dir); + struct passwd *pw = _pw; + + if (channel_forwarded_auth_socket_name) { + temporarily_use_uid(pw); + unlink(channel_forwarded_auth_socket_name); + rmdir(channel_forwarded_auth_socket_dir); + channel_forwarded_auth_socket_name = NULL; + restore_uid(); + } } /* @@ -2623,11 +2630,9 @@ auth_input_request_forwarding(struct passwd * pw) snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d", channel_forwarded_auth_socket_dir, (int) getpid()); - if (atexit(cleanup_socket) < 0) { - int saved = errno; - cleanup_socket(); - packet_disconnect("socket: %.100s", strerror(saved)); - } + /* delete agent socket on fatal() */ + fatal_add_cleanup(auth_sock_cleanup_proc, pw); + /* Create the socket. */ sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) diff --git a/channels.h b/channels.h index bf70a8f2..25c0e83c 100644 --- a/channels.h +++ b/channels.h @@ -293,6 +293,8 @@ void auth_request_forwarding(void); */ char *auth_get_socket_name(void); +void auth_sock_cleanup_proc(void *_pw); + /* * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. * This starts forwarding authentication requests. diff --git a/session.c b/session.c index 71ed304e..9c761537 100644 --- a/session.c +++ b/session.c @@ -146,9 +146,6 @@ extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); -/* Local Xauthority file. */ -static char *xauthfile; - /* original command from peer. */ char *original_command = NULL; @@ -197,27 +194,10 @@ do_authenticated(Authctxt *authctxt) do_authenticated2(authctxt); else do_authenticated1(authctxt); -} -/* - * Remove local Xauthority file. - */ -void -xauthfile_cleanup_proc(void *ignore) -{ - debug("xauthfile_cleanup_proc called"); - - if (xauthfile != NULL) { - char *p; - unlink(xauthfile); - p = strrchr(xauthfile, '/'); - if (p != NULL) { - *p = '\0'; - rmdir(xauthfile); - } - xfree(xauthfile); - xauthfile = NULL; - } + /* remove agent socket */ + if (auth_get_socket_name()) + auth_sock_cleanup_proc(authctxt->pw); } /* @@ -252,7 +232,7 @@ do_authenticated1(Authctxt *authctxt) { Session *s; char *command; - int success, type, fd, n_bytes, plen, screen_flag, have_pty = 0; + int success, type, n_bytes, plen, screen_flag, have_pty = 0; int compression_level = 0, enable_compression_after_reply = 0; u_int proto_len, data_len, dlen; @@ -373,25 +353,6 @@ do_authenticated1(Authctxt *authctxt) if (s->display == NULL) break; - /* Setup to always have a local .Xauthority. */ - xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); - temporarily_use_uid(s->pw); - if (mkdtemp(xauthfile) == NULL) { - restore_uid(); - error("private X11 dir: mkdtemp %s failed: %s", - xauthfile, strerror(errno)); - xfree(xauthfile); - xauthfile = NULL; - /* XXXX remove listening channels */ - break; - } - strlcat(xauthfile, "/cookies", MAXPATHLEN); - fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600); - if (fd >= 0) - close(fd); - restore_uid(); - fatal_add_cleanup(xauthfile_cleanup_proc, NULL); success = 1; break; @@ -445,9 +406,6 @@ do_authenticated1(Authctxt *authctxt) if (command != NULL) xfree(command); - /* Cleanup user's local Xauthority file. */ - if (xauthfile) - xauthfile_cleanup_proc(NULL); return; default: @@ -1348,8 +1306,6 @@ do_child(Session *s, const char *command) do_pam_environment(&env, &envsize); #endif /* USE_PAM */ - if (xauthfile) - child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_get_socket_name()); @@ -1751,7 +1707,6 @@ session_subsystem_req(Session *s) int session_x11_req(Session *s) { - int fd; if (no_x11_forwarding_flag) { debug("X11 forwarding disabled in user configuration file."); return 0; @@ -1760,11 +1715,6 @@ session_x11_req(Session *s) debug("X11 forwarding disabled in server configuration file."); return 0; } - if (xauthfile != NULL) { - debug("X11 fwd already started."); - return 0; - } - debug("Received request for X11 forwarding with auth spoofing."); if (s->display != NULL) packet_disconnect("Protocol error: X11 display already set."); @@ -1781,26 +1731,6 @@ session_x11_req(Session *s) xfree(s->auth_data); return 0; } - xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); - temporarily_use_uid(s->pw); - if (mkdtemp(xauthfile) == NULL) { - restore_uid(); - error("private X11 dir: mkdtemp %s failed: %s", - xauthfile, strerror(errno)); - xfree(xauthfile); - xauthfile = NULL; - xfree(s->auth_proto); - xfree(s->auth_data); - /* XXXX remove listening channels */ - return 0; - } - strlcat(xauthfile, "/cookies", MAXPATHLEN); - fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600); - if (fd >= 0) - close(fd); - restore_uid(); - fatal_add_cleanup(xauthfile_cleanup_proc, s); return 1; } @@ -2098,6 +2028,4 @@ do_authenticated2(Authctxt *authctxt) { server_loop2(); - if (xauthfile) - xauthfile_cleanup_proc(NULL); } -- cgit v1.2.3