summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--channels.c12
-rw-r--r--channels.h4
-rw-r--r--session.c21
4 files changed, 27 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index d8d422d16..ba70812f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
35 the challenge response device decides how to handle non-existing 35 the challenge response device decides how to handle non-existing
36 users. 36 users.
37 -> fake challenges for skey and cryptocard 37 -> fake challenges for skey and cryptocard
38 - markus@cvs.openbsd.org 2001/06/04 21:59:43
39 [channels.c channels.h session.c]
40 switch uid when cleaning up tmp files and sockets; reported by
41 zen-parse@gmx.net on bugtraq
38 42
3920010606 4320010606
40 - OpenBSD CVS Sync 44 - OpenBSD CVS Sync
@@ -5546,4 +5550,4 @@
5546 - Wrote replacements for strlcpy and mkdtemp 5550 - Wrote replacements for strlcpy and mkdtemp
5547 - Released 1.0pre1 5551 - Released 1.0pre1
5548 5552
5549$Id: ChangeLog,v 1.1257 2001/06/09 01:17:23 mouring Exp $ 5553$Id: ChangeLog,v 1.1258 2001/06/09 01:20:06 mouring Exp $
diff --git a/channels.c b/channels.c
index 110613896..32c23be1f 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: channels.c,v 1.122 2001/06/03 14:55:38 markus Exp $"); 43RCSID("$OpenBSD: channels.c,v 1.123 2001/06/04 21:59:42 markus Exp $");
44 44
45#include "ssh.h" 45#include "ssh.h"
46#include "ssh1.h" 46#include "ssh1.h"
@@ -2777,12 +2777,16 @@ auth_get_socket_name()
2777/* removes the agent forwarding socket */ 2777/* removes the agent forwarding socket */
2778 2778
2779void 2779void
2780auth_sock_cleanup_proc(void *ignored) 2780auth_sock_cleanup_proc(void *_pw)
2781{ 2781{
2782 struct passwd *pw = _pw;
2783
2782 if (auth_sock_name) { 2784 if (auth_sock_name) {
2785 temporarily_use_uid(pw);
2783 unlink(auth_sock_name); 2786 unlink(auth_sock_name);
2784 rmdir(auth_sock_dir); 2787 rmdir(auth_sock_dir);
2785 auth_sock_name = NULL; 2788 auth_sock_name = NULL;
2789 restore_uid();
2786 } 2790 }
2787} 2791}
2788 2792
@@ -2826,7 +2830,7 @@ auth_input_request_forwarding(struct passwd * pw)
2826 auth_sock_dir, (int) getpid()); 2830 auth_sock_dir, (int) getpid());
2827 2831
2828 /* delete agent socket on fatal() */ 2832 /* delete agent socket on fatal() */
2829 fatal_add_cleanup(auth_sock_cleanup_proc, NULL); 2833 fatal_add_cleanup(auth_sock_cleanup_proc, pw);
2830 2834
2831 /* Create the socket. */ 2835 /* Create the socket. */
2832 sock = socket(AF_UNIX, SOCK_STREAM, 0); 2836 sock = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -2856,7 +2860,7 @@ auth_input_request_forwarding(struct passwd * pw)
2856 0, xstrdup("auth socket"), 1); 2860 0, xstrdup("auth socket"), 1);
2857 if (nc == NULL) { 2861 if (nc == NULL) {
2858 error("auth_input_request_forwarding: channel_new failed"); 2862 error("auth_input_request_forwarding: channel_new failed");
2859 auth_sock_cleanup_proc(NULL); 2863 auth_sock_cleanup_proc(pw);
2860 close(sock); 2864 close(sock);
2861 return 0; 2865 return 0;
2862 } 2866 }
diff --git a/channels.h b/channels.h
index c1815d58d..3de9627ab 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */ 34 */
35/* RCSID("$OpenBSD: channels.h,v 1.36 2001/06/03 14:55:39 markus Exp $"); */ 35/* RCSID("$OpenBSD: channels.h,v 1.37 2001/06/04 21:59:42 markus Exp $"); */
36 36
37#ifndef CHANNEL_H 37#ifndef CHANNEL_H
38#define CHANNEL_H 38#define CHANNEL_H
@@ -223,7 +223,7 @@ void deny_input_open(int type, int plen, void *ctxt);
223 223
224void auth_request_forwarding(void); 224void auth_request_forwarding(void);
225char *auth_get_socket_name(void); 225char *auth_get_socket_name(void);
226void auth_sock_cleanup_proc(void *ignored); 226void auth_sock_cleanup_proc(void *pw);
227int auth_input_request_forwarding(struct passwd * pw); 227int auth_input_request_forwarding(struct passwd * pw);
228void auth_input_open_request(int type, int plen, void *ctxt); 228void auth_input_open_request(int type, int plen, void *ctxt);
229 229
diff --git a/session.c b/session.c
index ce9b2002b..c65c7e663 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.79 2001/06/03 14:55:39 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.80 2001/06/04 21:59:43 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -132,7 +132,7 @@ void do_pre_login(Session *s);
132void do_child(Session *s, const char *command); 132void do_child(Session *s, const char *command);
133void do_motd(void); 133void do_motd(void);
134int check_quietlogin(Session *s, const char *command); 134int check_quietlogin(Session *s, const char *command);
135void xauthfile_cleanup_proc(void *ignore); 135void xauthfile_cleanup_proc(void *pw);
136 136
137void do_authenticated1(Authctxt *authctxt); 137void do_authenticated1(Authctxt *authctxt);
138void do_authenticated2(Authctxt *authctxt); 138void do_authenticated2(Authctxt *authctxt);
@@ -200,21 +200,23 @@ do_authenticated(Authctxt *authctxt)
200 200
201 /* remote user's local Xauthority file and agent socket */ 201 /* remote user's local Xauthority file and agent socket */
202 if (xauthfile) 202 if (xauthfile)
203 xauthfile_cleanup_proc(NULL); 203 xauthfile_cleanup_proc(authctxt->pw);
204 if (auth_get_socket_name()) 204 if (auth_get_socket_name())
205 auth_sock_cleanup_proc(NULL); 205 auth_sock_cleanup_proc(authctxt->pw);
206} 206}
207 207
208/* 208/*
209 * Remove local Xauthority file. 209 * Remove local Xauthority file.
210 */ 210 */
211void 211void
212xauthfile_cleanup_proc(void *ignore) 212xauthfile_cleanup_proc(void *_pw)
213{ 213{
214 debug("xauthfile_cleanup_proc called"); 214 struct passwd *pw = _pw;
215 char *p;
215 216
217 debug("xauthfile_cleanup_proc called");
216 if (xauthfile != NULL) { 218 if (xauthfile != NULL) {
217 char *p; 219 temporarily_use_uid(pw);
218 unlink(xauthfile); 220 unlink(xauthfile);
219 p = strrchr(xauthfile, '/'); 221 p = strrchr(xauthfile, '/');
220 if (p != NULL) { 222 if (p != NULL) {
@@ -223,6 +225,7 @@ xauthfile_cleanup_proc(void *ignore)
223 } 225 }
224 xfree(xauthfile); 226 xfree(xauthfile);
225 xauthfile = NULL; 227 xauthfile = NULL;
228 restore_uid();
226 } 229 }
227} 230}
228 231
@@ -399,7 +402,7 @@ do_authenticated1(Authctxt *authctxt)
399 if (fd >= 0) 402 if (fd >= 0)
400 close(fd); 403 close(fd);
401 restore_uid(); 404 restore_uid();
402 fatal_add_cleanup(xauthfile_cleanup_proc, NULL); 405 fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
403 success = 1; 406 success = 1;
404 break; 407 break;
405 408
@@ -1811,7 +1814,7 @@ session_x11_req(Session *s)
1811 if (fd >= 0) 1814 if (fd >= 0)
1812 close(fd); 1815 close(fd);
1813 restore_uid(); 1816 restore_uid();
1814 fatal_add_cleanup(xauthfile_cleanup_proc, s); 1817 fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
1815 return 1; 1818 return 1;
1816} 1819}
1817 1820