diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-13 04:41:41 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-13 04:41:41 +0000 |
| commit | 2bcdf064d8e1cefb2b5ae14ee939427422862cf8 (patch) | |
| tree | 1f24489774f738ac1f9743ccaf2cf34ded3a734a | |
| parent | 16d45b3952e051a864d05faa343a4ec88ca0bcfa (diff) | |
- markus@cvs.openbsd.org 2001/06/12 21:21:29
[session.c]
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
we do already trust $HOME/.ssh
you can use .ssh/sshrc and .ssh/environment if you want to customize
the location of the xauth cookies
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | session.c | 57 |
2 files changed, 11 insertions, 54 deletions
| @@ -10,6 +10,12 @@ | |||
| 10 | - markus@cvs.openbsd.org 2001/06/12 16:11:26 | 10 | - markus@cvs.openbsd.org 2001/06/12 16:11:26 |
| 11 | [packet.c] | 11 | [packet.c] |
| 12 | do not log() packet_set_maxsize | 12 | do not log() packet_set_maxsize |
| 13 | - markus@cvs.openbsd.org 2001/06/12 21:21:29 | ||
| 14 | [session.c] | ||
| 15 | remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since | ||
| 16 | we do already trust $HOME/.ssh | ||
| 17 | you can use .ssh/sshrc and .ssh/environment if you want to customize | ||
| 18 | the location of the xauth cookies | ||
| 13 | 19 | ||
| 14 | 20010612 | 20 | 20010612 |
| 15 | - scp.c ID update (upstream synced vfsprintf() from us) | 21 | - scp.c ID update (upstream synced vfsprintf() from us) |
| @@ -5629,4 +5635,4 @@ | |||
| 5629 | - Wrote replacements for strlcpy and mkdtemp | 5635 | - Wrote replacements for strlcpy and mkdtemp |
| 5630 | - Released 1.0pre1 | 5636 | - Released 1.0pre1 |
| 5631 | 5637 | ||
| 5632 | $Id: ChangeLog,v 1.1283 2001/06/13 04:39:18 mouring Exp $ | 5638 | $Id: ChangeLog,v 1.1284 2001/06/13 04:41:41 mouring Exp $ |
| @@ -33,7 +33,7 @@ | |||
| 33 | */ | 33 | */ |
| 34 | 34 | ||
| 35 | #include "includes.h" | 35 | #include "includes.h" |
| 36 | RCSID("$OpenBSD: session.c,v 1.86 2001/06/12 16:10:38 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.87 2001/06/12 21:21:29 markus Exp $"); |
| 37 | 37 | ||
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
| @@ -135,7 +135,6 @@ void do_pre_login(Session *s); | |||
| 135 | void do_child(Session *s, const char *command); | 135 | void do_child(Session *s, const char *command); |
| 136 | void do_motd(void); | 136 | void do_motd(void); |
| 137 | int check_quietlogin(Session *s, const char *command); | 137 | int check_quietlogin(Session *s, const char *command); |
| 138 | void xauthfile_cleanup_proc(void *pw); | ||
| 139 | 138 | ||
| 140 | void do_authenticated1(Authctxt *authctxt); | 139 | void do_authenticated1(Authctxt *authctxt); |
| 141 | void do_authenticated2(Authctxt *authctxt); | 140 | void do_authenticated2(Authctxt *authctxt); |
| @@ -149,9 +148,6 @@ extern u_int utmp_len; | |||
| 149 | extern int startup_pipe; | 148 | extern int startup_pipe; |
| 150 | extern void destroy_sensitive_data(void); | 149 | extern void destroy_sensitive_data(void); |
| 151 | 150 | ||
| 152 | /* Local Xauthority file. */ | ||
| 153 | static char *xauthfile; | ||
| 154 | |||
| 155 | /* original command from peer. */ | 151 | /* original command from peer. */ |
| 156 | char *original_command = NULL; | 152 | char *original_command = NULL; |
| 157 | 153 | ||
| @@ -201,38 +197,12 @@ do_authenticated(Authctxt *authctxt) | |||
| 201 | else | 197 | else |
| 202 | do_authenticated1(authctxt); | 198 | do_authenticated1(authctxt); |
| 203 | 199 | ||
| 204 | /* remote user's local Xauthority file and agent socket */ | 200 | /* remove agent socket */ |
| 205 | if (xauthfile) | ||
| 206 | xauthfile_cleanup_proc(authctxt->pw); | ||
| 207 | if (auth_get_socket_name()) | 201 | if (auth_get_socket_name()) |
| 208 | auth_sock_cleanup_proc(authctxt->pw); | 202 | auth_sock_cleanup_proc(authctxt->pw); |
| 209 | } | 203 | } |
| 210 | 204 | ||
| 211 | /* | 205 | /* |
| 212 | * Remove local Xauthority file. | ||
| 213 | */ | ||
| 214 | void | ||
| 215 | xauthfile_cleanup_proc(void *_pw) | ||
| 216 | { | ||
| 217 | struct passwd *pw = _pw; | ||
| 218 | char *p; | ||
| 219 | |||
| 220 | debug("xauthfile_cleanup_proc called"); | ||
| 221 | if (xauthfile != NULL) { | ||
| 222 | temporarily_use_uid(pw); | ||
| 223 | unlink(xauthfile); | ||
| 224 | p = strrchr(xauthfile, '/'); | ||
| 225 | if (p != NULL) { | ||
| 226 | *p = '\0'; | ||
| 227 | rmdir(xauthfile); | ||
| 228 | } | ||
| 229 | xfree(xauthfile); | ||
| 230 | xauthfile = NULL; | ||
| 231 | restore_uid(); | ||
| 232 | } | ||
| 233 | } | ||
| 234 | |||
| 235 | /* | ||
| 236 | * Prepares for an interactive session. This is called after the user has | 206 | * Prepares for an interactive session. This is called after the user has |
| 237 | * been successfully authenticated. During this message exchange, pseudo | 207 | * been successfully authenticated. During this message exchange, pseudo |
| 238 | * terminals are allocated, X11, TCP/IP, and authentication agent forwardings | 208 | * terminals are allocated, X11, TCP/IP, and authentication agent forwardings |
| @@ -1257,8 +1227,6 @@ do_child(Session *s, const char *command) | |||
| 1257 | do_pam_environment(&env, &envsize); | 1227 | do_pam_environment(&env, &envsize); |
| 1258 | #endif /* USE_PAM */ | 1228 | #endif /* USE_PAM */ |
| 1259 | 1229 | ||
| 1260 | if (xauthfile) | ||
| 1261 | child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); | ||
| 1262 | if (auth_get_socket_name() != NULL) | 1230 | if (auth_get_socket_name() != NULL) |
| 1263 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, | 1231 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
| 1264 | auth_get_socket_name()); | 1232 | auth_get_socket_name()); |
| @@ -2008,32 +1976,15 @@ session_setup_x11fwd(Session *s) | |||
| 2008 | packet_send_debug("No xauth program; cannot forward with spoofing."); | 1976 | packet_send_debug("No xauth program; cannot forward with spoofing."); |
| 2009 | return 0; | 1977 | return 0; |
| 2010 | } | 1978 | } |
| 2011 | if (s->display != NULL || xauthfile != NULL) { | 1979 | if (s->display != NULL) { |
| 2012 | debug("X11 display already set."); | 1980 | debug("X11 display already set."); |
| 2013 | return 0; | 1981 | return 0; |
| 2014 | } | 1982 | } |
| 2015 | xauthfile = xmalloc(MAXPATHLEN); | ||
| 2016 | strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); | ||
| 2017 | temporarily_use_uid(s->pw); | ||
| 2018 | if (mkdtemp(xauthfile) == NULL) { | ||
| 2019 | error("private X11 dir: mkdtemp %s failed: %s", | ||
| 2020 | xauthfile, strerror(errno)); | ||
| 2021 | restore_uid(); | ||
| 2022 | xfree(xauthfile); | ||
| 2023 | xauthfile = NULL; | ||
| 2024 | return 0; | ||
| 2025 | } | ||
| 2026 | strlcat(xauthfile, "/cookies", MAXPATHLEN); | ||
| 2027 | fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600); | ||
| 2028 | if (fd >= 0) | ||
| 2029 | close(fd); | ||
| 2030 | restore_uid(); | ||
| 2031 | s->display = x11_create_display_inet(s->screen, options.x11_display_offset); | 1983 | s->display = x11_create_display_inet(s->screen, options.x11_display_offset); |
| 2032 | if (s->display == NULL) { | 1984 | if (s->display == NULL) { |
| 2033 | xauthfile_cleanup_proc(s->pw); | 1985 | debug("x11_create_display_inet failed."); |
| 2034 | return 0; | 1986 | return 0; |
| 2035 | } | 1987 | } |
| 2036 | fatal_add_cleanup(xauthfile_cleanup_proc, s->pw); | ||
| 2037 | return 1; | 1988 | return 1; |
| 2038 | } | 1989 | } |
| 2039 | 1990 | ||