diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:59:02 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-11 15:59:02 +0000 |
commit | 8bb6f36c8fab33f7ca59b9c56e11d54caf36f965 (patch) | |
tree | 43640e011ff7a6a2a12f9aab2d728422f4d4b5b9 /session.c | |
parent | 914d03758be46488705950cf6d476855a702a13e (diff) |
- markus@cvs.openbsd.org 2002/06/10 22:28:41
[channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping
in channel.c.
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 95 |
1 files changed, 91 insertions, 4 deletions
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.135 2002/05/16 22:09:59 stevesk Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.136 2002/06/10 22:28:41 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -111,6 +111,93 @@ char *aixloginmsg; | |||
111 | login_cap_t *lc; | 111 | login_cap_t *lc; |
112 | #endif | 112 | #endif |
113 | 113 | ||
114 | /* Name and directory of socket for authentication agent forwarding. */ | ||
115 | static char *auth_sock_name = NULL; | ||
116 | static char *auth_sock_dir = NULL; | ||
117 | |||
118 | /* removes the agent forwarding socket */ | ||
119 | |||
120 | static void | ||
121 | auth_sock_cleanup_proc(void *_pw) | ||
122 | { | ||
123 | struct passwd *pw = _pw; | ||
124 | |||
125 | if (auth_sock_name != NULL) { | ||
126 | temporarily_use_uid(pw); | ||
127 | unlink(auth_sock_name); | ||
128 | rmdir(auth_sock_dir); | ||
129 | auth_sock_name = NULL; | ||
130 | restore_uid(); | ||
131 | } | ||
132 | } | ||
133 | |||
134 | static int | ||
135 | auth_input_request_forwarding(struct passwd * pw) | ||
136 | { | ||
137 | Channel *nc; | ||
138 | int sock; | ||
139 | struct sockaddr_un sunaddr; | ||
140 | |||
141 | if (auth_sock_name != NULL) { | ||
142 | error("authentication forwarding requested twice."); | ||
143 | return 0; | ||
144 | } | ||
145 | |||
146 | /* Temporarily drop privileged uid for mkdir/bind. */ | ||
147 | temporarily_use_uid(pw); | ||
148 | |||
149 | /* Allocate a buffer for the socket name, and format the name. */ | ||
150 | auth_sock_name = xmalloc(MAXPATHLEN); | ||
151 | auth_sock_dir = xmalloc(MAXPATHLEN); | ||
152 | strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); | ||
153 | |||
154 | /* Create private directory for socket */ | ||
155 | if (mkdtemp(auth_sock_dir) == NULL) { | ||
156 | packet_send_debug("Agent forwarding disabled: " | ||
157 | "mkdtemp() failed: %.100s", strerror(errno)); | ||
158 | restore_uid(); | ||
159 | xfree(auth_sock_name); | ||
160 | xfree(auth_sock_dir); | ||
161 | auth_sock_name = NULL; | ||
162 | auth_sock_dir = NULL; | ||
163 | return 0; | ||
164 | } | ||
165 | snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d", | ||
166 | auth_sock_dir, (int) getpid()); | ||
167 | |||
168 | /* delete agent socket on fatal() */ | ||
169 | fatal_add_cleanup(auth_sock_cleanup_proc, pw); | ||
170 | |||
171 | /* Create the socket. */ | ||
172 | sock = socket(AF_UNIX, SOCK_STREAM, 0); | ||
173 | if (sock < 0) | ||
174 | packet_disconnect("socket: %.100s", strerror(errno)); | ||
175 | |||
176 | /* Bind it to the name. */ | ||
177 | memset(&sunaddr, 0, sizeof(sunaddr)); | ||
178 | sunaddr.sun_family = AF_UNIX; | ||
179 | strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path)); | ||
180 | |||
181 | if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) | ||
182 | packet_disconnect("bind: %.100s", strerror(errno)); | ||
183 | |||
184 | /* Restore the privileged uid. */ | ||
185 | restore_uid(); | ||
186 | |||
187 | /* Start listening on the socket. */ | ||
188 | if (listen(sock, 5) < 0) | ||
189 | packet_disconnect("listen: %.100s", strerror(errno)); | ||
190 | |||
191 | /* Allocate a channel for the authentication agent socket. */ | ||
192 | nc = channel_new("auth socket", | ||
193 | SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, | ||
194 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, | ||
195 | 0, xstrdup("auth socket"), 1); | ||
196 | strlcpy(nc->path, auth_sock_name, sizeof(nc->path)); | ||
197 | return 1; | ||
198 | } | ||
199 | |||
200 | |||
114 | void | 201 | void |
115 | do_authenticated(Authctxt *authctxt) | 202 | do_authenticated(Authctxt *authctxt) |
116 | { | 203 | { |
@@ -141,7 +228,7 @@ do_authenticated(Authctxt *authctxt) | |||
141 | do_authenticated1(authctxt); | 228 | do_authenticated1(authctxt); |
142 | 229 | ||
143 | /* remove agent socket */ | 230 | /* remove agent socket */ |
144 | if (auth_get_socket_name()) | 231 | if (auth_sock_name != NULL) |
145 | auth_sock_cleanup_proc(authctxt->pw); | 232 | auth_sock_cleanup_proc(authctxt->pw); |
146 | #ifdef KRB4 | 233 | #ifdef KRB4 |
147 | if (options.kerberos_ticket_cleanup) | 234 | if (options.kerberos_ticket_cleanup) |
@@ -948,9 +1035,9 @@ do_setup_env(Session *s, const char *shell) | |||
948 | copy_environment(fetch_pam_environment(), &env, &envsize); | 1035 | copy_environment(fetch_pam_environment(), &env, &envsize); |
949 | #endif /* USE_PAM */ | 1036 | #endif /* USE_PAM */ |
950 | 1037 | ||
951 | if (auth_get_socket_name() != NULL) | 1038 | if (auth_sock_name != NULL) |
952 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, | 1039 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
953 | auth_get_socket_name()); | 1040 | auth_sock_name); |
954 | 1041 | ||
955 | /* read $HOME/.ssh/environment. */ | 1042 | /* read $HOME/.ssh/environment. */ |
956 | if (!options.use_login) { | 1043 | if (!options.use_login) { |