summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-06-13 04:41:41 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-06-13 04:41:41 +0000
commit2bcdf064d8e1cefb2b5ae14ee939427422862cf8 (patch)
tree1f24489774f738ac1f9743ccaf2cf34ded3a734a
parent16d45b3952e051a864d05faa343a4ec88ca0bcfa (diff)
- markus@cvs.openbsd.org 2001/06/12 21:21:29
[session.c] remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies
-rw-r--r--ChangeLog8
-rw-r--r--session.c57
2 files changed, 11 insertions, 54 deletions
diff --git a/ChangeLog b/ChangeLog
index 48a8284ea..13a82b507 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@
10 - markus@cvs.openbsd.org 2001/06/12 16:11:26 10 - markus@cvs.openbsd.org 2001/06/12 16:11:26
11 [packet.c] 11 [packet.c]
12 do not log() packet_set_maxsize 12 do not log() packet_set_maxsize
13 - markus@cvs.openbsd.org 2001/06/12 21:21:29
14 [session.c]
15 remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
16 we do already trust $HOME/.ssh
17 you can use .ssh/sshrc and .ssh/environment if you want to customize
18 the location of the xauth cookies
13 19
1420010612 2020010612
15 - scp.c ID update (upstream synced vfsprintf() from us) 21 - scp.c ID update (upstream synced vfsprintf() from us)
@@ -5629,4 +5635,4 @@
5629 - Wrote replacements for strlcpy and mkdtemp 5635 - Wrote replacements for strlcpy and mkdtemp
5630 - Released 1.0pre1 5636 - Released 1.0pre1
5631 5637
5632$Id: ChangeLog,v 1.1283 2001/06/13 04:39:18 mouring Exp $ 5638$Id: ChangeLog,v 1.1284 2001/06/13 04:41:41 mouring Exp $
diff --git a/session.c b/session.c
index 0d7b8fa36..49db53d1d 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.86 2001/06/12 16:10:38 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.87 2001/06/12 21:21:29 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -135,7 +135,6 @@ void do_pre_login(Session *s);
135void do_child(Session *s, const char *command); 135void do_child(Session *s, const char *command);
136void do_motd(void); 136void do_motd(void);
137int check_quietlogin(Session *s, const char *command); 137int check_quietlogin(Session *s, const char *command);
138void xauthfile_cleanup_proc(void *pw);
139 138
140void do_authenticated1(Authctxt *authctxt); 139void do_authenticated1(Authctxt *authctxt);
141void do_authenticated2(Authctxt *authctxt); 140void do_authenticated2(Authctxt *authctxt);
@@ -149,9 +148,6 @@ extern u_int utmp_len;
149extern int startup_pipe; 148extern int startup_pipe;
150extern void destroy_sensitive_data(void); 149extern void destroy_sensitive_data(void);
151 150
152/* Local Xauthority file. */
153static char *xauthfile;
154
155/* original command from peer. */ 151/* original command from peer. */
156char *original_command = NULL; 152char *original_command = NULL;
157 153
@@ -201,38 +197,12 @@ do_authenticated(Authctxt *authctxt)
201 else 197 else
202 do_authenticated1(authctxt); 198 do_authenticated1(authctxt);
203 199
204 /* remote user's local Xauthority file and agent socket */ 200 /* remove agent socket */
205 if (xauthfile)
206 xauthfile_cleanup_proc(authctxt->pw);
207 if (auth_get_socket_name()) 201 if (auth_get_socket_name())
208 auth_sock_cleanup_proc(authctxt->pw); 202 auth_sock_cleanup_proc(authctxt->pw);
209} 203}
210 204
211/* 205/*
212 * Remove local Xauthority file.
213 */
214void
215xauthfile_cleanup_proc(void *_pw)
216{
217 struct passwd *pw = _pw;
218 char *p;
219
220 debug("xauthfile_cleanup_proc called");
221 if (xauthfile != NULL) {
222 temporarily_use_uid(pw);
223 unlink(xauthfile);
224 p = strrchr(xauthfile, '/');
225 if (p != NULL) {
226 *p = '\0';
227 rmdir(xauthfile);
228 }
229 xfree(xauthfile);
230 xauthfile = NULL;
231 restore_uid();
232 }
233}
234
235/*
236 * Prepares for an interactive session. This is called after the user has 206 * Prepares for an interactive session. This is called after the user has
237 * been successfully authenticated. During this message exchange, pseudo 207 * been successfully authenticated. During this message exchange, pseudo
238 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings 208 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
@@ -1257,8 +1227,6 @@ do_child(Session *s, const char *command)
1257 do_pam_environment(&env, &envsize); 1227 do_pam_environment(&env, &envsize);
1258#endif /* USE_PAM */ 1228#endif /* USE_PAM */
1259 1229
1260 if (xauthfile)
1261 child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
1262 if (auth_get_socket_name() != NULL) 1230 if (auth_get_socket_name() != NULL)
1263 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 1231 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
1264 auth_get_socket_name()); 1232 auth_get_socket_name());
@@ -2008,32 +1976,15 @@ session_setup_x11fwd(Session *s)
2008 packet_send_debug("No xauth program; cannot forward with spoofing."); 1976 packet_send_debug("No xauth program; cannot forward with spoofing.");
2009 return 0; 1977 return 0;
2010 } 1978 }
2011 if (s->display != NULL || xauthfile != NULL) { 1979 if (s->display != NULL) {
2012 debug("X11 display already set."); 1980 debug("X11 display already set.");
2013 return 0; 1981 return 0;
2014 } 1982 }
2015 xauthfile = xmalloc(MAXPATHLEN);
2016 strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
2017 temporarily_use_uid(s->pw);
2018 if (mkdtemp(xauthfile) == NULL) {
2019 error("private X11 dir: mkdtemp %s failed: %s",
2020 xauthfile, strerror(errno));
2021 restore_uid();
2022 xfree(xauthfile);
2023 xauthfile = NULL;
2024 return 0;
2025 }
2026 strlcat(xauthfile, "/cookies", MAXPATHLEN);
2027 fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
2028 if (fd >= 0)
2029 close(fd);
2030 restore_uid();
2031 s->display = x11_create_display_inet(s->screen, options.x11_display_offset); 1983 s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
2032 if (s->display == NULL) { 1984 if (s->display == NULL) {
2033 xauthfile_cleanup_proc(s->pw); 1985 debug("x11_create_display_inet failed.");
2034 return 0; 1986 return 0;
2035 } 1987 }
2036 fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
2037 return 1; 1988 return 1;
2038} 1989}
2039 1990