- markus@cvs.openbsd.org 2002/06/10 22:28:41

     [channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.

4 files changed, 98 insertions, 114 deletions

diff --git a/ChangeLog b/ChangeLog
index ecfcf35ba..99448aa9d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,10 @@
      [ssh_config]
      update defaults for RhostsRSAAuthentication and RhostsAuthentication
      here too (all options commented out with default value).
+   - markus@cvs.openbsd.org 2002/06/10 22:28:41
+     [channels.c channels.h session.c]
+     move creation of agent socket to session.c; no need for uidswapping
+     in channel.c.
 
 20020609
  - (bal) OpenBSD CVS Sync
@@ -890,4 +894,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2206 2002/06/11 15:55:01 mouring Exp $
+$Id: ChangeLog,v 1.2207 2002/06/11 15:59:02 mouring Exp $
diff --git a/channels.c b/channels.c
index 7ce1a076a..d34411e18 100644
--- a/channels.c
+++ b/channels.c
@@ -39,14 +39,13 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.174 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
 #include "ssh2.h"
 #include "packet.h"
 #include "xmalloc.h"
-#include "uidswap.h"
 #include "log.h"
 #include "misc.h"
 #include "channels.h"
@@ -129,10 +128,6 @@ static u_int x11_fake_data_len;
 
 #define NUM_SOCKS       10
 
-/* Name and directory of socket for authentication agent forwarding. */
-static char *auth_sock_name = NULL;
-static char *auth_sock_dir = NULL;
-
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 static int IPv4or6 = AF_UNSPEC;
 
@@ -2704,105 +2699,6 @@ auth_request_forwarding(void)
         packet_write_wait();
 }
 
-/*
- * Returns the name of the forwarded authentication socket.  Returns NULL if
- * there is no forwarded authentication socket.  The returned value points to
- * a static buffer.
- */
-
-char *
-auth_get_socket_name(void)
-{
-        return auth_sock_name;
-}
-
-/* removes the agent forwarding socket */
-
-void
-auth_sock_cleanup_proc(void *_pw)
-{
-        struct passwd *pw = _pw;
-
-        if (auth_sock_name) {
-                temporarily_use_uid(pw);
-                unlink(auth_sock_name);
-                rmdir(auth_sock_dir);
-                auth_sock_name = NULL;
-                restore_uid();
-        }
-}
-
-/*
- * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
- * This starts forwarding authentication requests.
- */
-
-int
-auth_input_request_forwarding(struct passwd * pw)
-{
-        Channel *nc;
-        int sock;
-        struct sockaddr_un sunaddr;
-
-        if (auth_get_socket_name() != NULL) {
-                error("authentication forwarding requested twice.");
-                return 0;
-        }
-
-        /* Temporarily drop privileged uid for mkdir/bind. */
-        temporarily_use_uid(pw);
-
-        /* Allocate a buffer for the socket name, and format the name. */
-        auth_sock_name = xmalloc(MAXPATHLEN);
-        auth_sock_dir = xmalloc(MAXPATHLEN);
-        strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
-
-        /* Create private directory for socket */
-        if (mkdtemp(auth_sock_dir) == NULL) {
-                packet_send_debug("Agent forwarding disabled: "
-                    "mkdtemp() failed: %.100s", strerror(errno));
-                restore_uid();
-                xfree(auth_sock_name);
-                xfree(auth_sock_dir);
-                auth_sock_name = NULL;
-                auth_sock_dir = NULL;
-                return 0;
-        }
-        snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d",
-                 auth_sock_dir, (int) getpid());
-
-        /* delete agent socket on fatal() */
-        fatal_add_cleanup(auth_sock_cleanup_proc, pw);
-
-        /* Create the socket. */
-        sock = socket(AF_UNIX, SOCK_STREAM, 0);
-        if (sock < 0)
-                packet_disconnect("socket: %.100s", strerror(errno));
-
-        /* Bind it to the name. */
-        memset(&sunaddr, 0, sizeof(sunaddr));
-        sunaddr.sun_family = AF_UNIX;
-        strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
-
-        if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0)
-                packet_disconnect("bind: %.100s", strerror(errno));
-
-        /* Restore the privileged uid. */
-        restore_uid();
-
-        /* Start listening on the socket. */
-        if (listen(sock, 5) < 0)
-                packet_disconnect("listen: %.100s", strerror(errno));
-
-        /* Allocate a channel for the authentication agent socket. */
-        nc = channel_new("auth socket",
-            SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
-            CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-            0, xstrdup("auth socket"), 1);
-        strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
-        return 1;
-}
-
 /* This is called to process an SSH_SMSG_AGENT_OPEN message. */
 
 void
diff --git a/channels.h b/channels.h
index bd31c4558..9ceff3e73 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: channels.h,v 1.67 2002/03/26 22:50:39 markus Exp $    */
+/*      $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $    */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -213,9 +213,6 @@ void	 deny_input_open(int, u_int32_t, void *);
 /* agent forwarding */
 
 void     auth_request_forwarding(void);
-char    *auth_get_socket_name(void);
-void     auth_sock_cleanup_proc(void *);
-int      auth_input_request_forwarding(struct passwd *);
 void     auth_input_open_request(int, u_int32_t, void *);
 
 /* channel close */
diff --git a/session.c b/session.c
index dcecf1ae3..d2a460f89 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.135 2002/05/16 22:09:59 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.136 2002/06/10 22:28:41 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -111,6 +111,93 @@ char *aixloginmsg;
 login_cap_t *lc;
 #endif
 
+/* Name and directory of socket for authentication agent forwarding. */
+static char *auth_sock_name = NULL;
+static char *auth_sock_dir = NULL;
+
+/* removes the agent forwarding socket */
+
+static void
+auth_sock_cleanup_proc(void *_pw)
+{
+        struct passwd *pw = _pw;
+
+        if (auth_sock_name != NULL) {
+                temporarily_use_uid(pw);
+                unlink(auth_sock_name);
+                rmdir(auth_sock_dir);
+                auth_sock_name = NULL;
+                restore_uid();
+        }
+}
+
+static int
+auth_input_request_forwarding(struct passwd * pw)
+{
+        Channel *nc;
+        int sock;
+        struct sockaddr_un sunaddr;
+
+        if (auth_sock_name != NULL) {
+                error("authentication forwarding requested twice.");
+                return 0;
+        }
+
+        /* Temporarily drop privileged uid for mkdir/bind. */
+        temporarily_use_uid(pw);
+
+        /* Allocate a buffer for the socket name, and format the name. */
+        auth_sock_name = xmalloc(MAXPATHLEN);
+        auth_sock_dir = xmalloc(MAXPATHLEN);
+        strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
+
+        /* Create private directory for socket */
+        if (mkdtemp(auth_sock_dir) == NULL) {
+                packet_send_debug("Agent forwarding disabled: "
+                    "mkdtemp() failed: %.100s", strerror(errno));
+                restore_uid();
+                xfree(auth_sock_name);
+                xfree(auth_sock_dir);
+                auth_sock_name = NULL;
+                auth_sock_dir = NULL;
+                return 0;
+        }
+        snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d",
+                 auth_sock_dir, (int) getpid());
+
+        /* delete agent socket on fatal() */
+        fatal_add_cleanup(auth_sock_cleanup_proc, pw);
+
+        /* Create the socket. */
+        sock = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (sock < 0)
+                packet_disconnect("socket: %.100s", strerror(errno));
+
+        /* Bind it to the name. */
+        memset(&sunaddr, 0, sizeof(sunaddr));
+        sunaddr.sun_family = AF_UNIX;
+        strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
+
+        if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0)
+                packet_disconnect("bind: %.100s", strerror(errno));
+
+        /* Restore the privileged uid. */
+        restore_uid();
+
+        /* Start listening on the socket. */
+        if (listen(sock, 5) < 0)
+                packet_disconnect("listen: %.100s", strerror(errno));
+
+        /* Allocate a channel for the authentication agent socket. */
+        nc = channel_new("auth socket",
+            SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
+            CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+            0, xstrdup("auth socket"), 1);
+        strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
+        return 1;
+}
+
+
 void
 do_authenticated(Authctxt *authctxt)
 {
@@ -141,7 +228,7 @@ do_authenticated(Authctxt *authctxt)
                 do_authenticated1(authctxt);
 
         /* remove agent socket */
-        if (auth_get_socket_name())
+        if (auth_sock_name != NULL)
                 auth_sock_cleanup_proc(authctxt->pw);
 #ifdef KRB4
         if (options.kerberos_ticket_cleanup)
@@ -948,9 +1035,9 @@ do_setup_env(Session *s, const char *shell)
         copy_environment(fetch_pam_environment(), &env, &envsize);
 #endif /* USE_PAM */
 
-        if (auth_get_socket_name() != NULL)
+        if (auth_sock_name != NULL)
                 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
-                    auth_get_socket_name());
+                    auth_sock_name);
 
         /* read $HOME/.ssh/environment. */
         if (!options.use_login) {