From d3a185709dfb8588ae7cacc079312d1fcc450e9c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 7 Jun 2000 19:55:44 +1000 Subject: - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org --- channels.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'channels.c') diff --git a/channels.c b/channels.c index f26b3a65b..bfa025ad7 100644 --- a/channels.c +++ b/channels.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.31 2000/05/17 12:34:23 damien Exp $"); +RCSID("$Id: channels.c,v 1.32 2000/06/07 09:55:44 djm Exp $"); #include "ssh.h" #include "packet.h" @@ -2113,11 +2113,11 @@ cleanup_socket(void) } /* - * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. + * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. * This starts forwarding authentication requests. */ -void +int auth_input_request_forwarding(struct passwd * pw) { int sock, newch; @@ -2135,8 +2135,16 @@ auth_input_request_forwarding(struct passwd * pw) strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME); /* Create private directory for socket */ - if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) - packet_disconnect("mkdtemp: %.100s", strerror(errno)); + if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) { + packet_send_debug("Agent forwarding disabled: mkdtemp() failed: %.100s", + strerror(errno)); + restore_uid(); + xfree(channel_forwarded_auth_socket_name); + xfree(channel_forwarded_auth_socket_dir); + channel_forwarded_auth_socket_name = NULL; + channel_forwarded_auth_socket_dir = NULL; + return 0; + } snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d", channel_forwarded_auth_socket_dir, (int) getpid()); @@ -2171,6 +2179,7 @@ auth_input_request_forwarding(struct passwd * pw) xstrdup("auth socket")); strlcpy(channels[newch].path, channel_forwarded_auth_socket_name, sizeof(channels[newch].path)); + return 1; } /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ -- cgit v1.2.3