summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-06-03 07:06:14 +0000
committerkris <kris@FreeBSD.org>2000-06-03 07:06:14 +0000
commit10badcd8c786a973fe56a5b4fe4ea468245231e8 (patch)
tree0dae7ebcdaa0cc2475d9c1dbaf5bb589411d7caa /crypto/openssh
parente1e1f536513ded16af2c57b02bb321a8459808e3 (diff)
downloadFreeBSD-src-10badcd8c786a973fe56a5b4fe4ea468245231e8.zip
FreeBSD-src-10badcd8c786a973fe56a5b4fe4ea468245231e8.tar.gz
Import vendor patch originally submitted by the below author: don't
treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com>
Diffstat (limited to 'crypto/openssh')
-rw-r--r--crypto/openssh/channels.c36
-rw-r--r--crypto/openssh/channels.h6
-rw-r--r--crypto/openssh/session.c44
3 files changed, 48 insertions, 38 deletions
diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c
index 5bf1e5b..871dcb8 100644
--- a/crypto/openssh/channels.c
+++ b/crypto/openssh/channels.c
@@ -17,7 +17,7 @@
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.57 2000/05/08 17:42:24 markus Exp $");
+RCSID("$Id: channels.c,v 1.59 2000/05/30 17:23:36 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -147,23 +147,6 @@ channel_lookup(int id)
return c;
}
-void
-set_nonblock(int fd)
-{
- int val;
- val = fcntl(fd, F_GETFL, 0);
- if (val < 0) {
- error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
- return;
- }
- if (val & O_NONBLOCK)
- return;
- debug("fd %d setting O_NONBLOCK", fd);
- val |= O_NONBLOCK;
- if (fcntl(fd, F_SETFL, val) == -1)
- error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
-}
-
/*
* Register filedescriptors for a channel, used when allocating a channel or
* when the channel consumer/producer is ready, e.g. shell exec'd
@@ -2074,11 +2057,11 @@ cleanup_socket(void)
}
/*
- * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
+ * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
* This starts forwarding authentication requests.
*/
-void
+int
auth_input_request_forwarding(struct passwd * pw)
{
int sock, newch;
@@ -2096,8 +2079,16 @@ auth_input_request_forwarding(struct passwd * pw)
strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME);
/* Create private directory for socket */
- if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL)
- packet_disconnect("mkdtemp: %.100s", strerror(errno));
+ if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) {
+ packet_send_debug("Agent forwarding disabled: mkdtemp() failed: %.100s",
+ strerror(errno));
+ restore_uid();
+ xfree(channel_forwarded_auth_socket_name);
+ xfree(channel_forwarded_auth_socket_dir);
+ channel_forwarded_auth_socket_name = NULL;
+ channel_forwarded_auth_socket_dir = NULL;
+ return 0;
+ }
snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
channel_forwarded_auth_socket_dir, (int) getpid());
@@ -2132,6 +2123,7 @@ auth_input_request_forwarding(struct passwd * pw)
xstrdup("auth socket"));
strlcpy(channels[newch].path, channel_forwarded_auth_socket_name,
sizeof(channels[newch].path));
+ return 1;
}
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h
index 24ae2b82..4cafdb9 100644
--- a/crypto/openssh/channels.h
+++ b/crypto/openssh/channels.h
@@ -1,4 +1,4 @@
-/* RCSID("$Id: channels.h,v 1.12 2000/05/03 18:03:06 markus Exp $"); */
+/* RCSID("$Id: channels.h,v 1.13 2000/05/30 17:23:37 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
@@ -222,10 +222,10 @@ void auth_request_forwarding(void);
char *auth_get_socket_name(void);
/*
- * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
+ * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
* This starts forwarding authentication requests.
*/
-void auth_input_request_forwarding(struct passwd * pw);
+int auth_input_request_forwarding(struct passwd * pw);
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
void auth_input_open_request(int type, int plen);
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 53d20c5..ce46f1d 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -300,8 +300,7 @@ do_authenticated(struct passwd * pw)
break;
}
debug("Received authentication agent forwarding request.");
- auth_input_request_forwarding(pw);
- success = 1;
+ success = auth_input_request_forwarding(pw);
break;
case SSH_CMSG_PORT_FORWARD_REQUEST:
@@ -613,7 +612,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
}
}
/* Do common processing for the child, such as execing the command. */
- do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
+ do_child(command, pw, s->term, s->display, s->auth_proto,
+ s->auth_data, s->tty);
/* NOTREACHED */
}
if (pid < 0)
@@ -717,7 +717,10 @@ read_environment_file(char ***env, unsigned int *envsize,
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
continue;
}
- /* Replace the equals sign by nul, and advance value to the value string. */
+ /*
+ * Replace the equals sign by nul, and advance value to
+ * the value string.
+ */
*value = '\0';
value++;
child_set_env(env, envsize, cp, value);
@@ -862,7 +865,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
- snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
+ snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
+ pw->pw_dir);
read_environment_file(&env, &envsize, buf);
}
if (debug_flag) {
@@ -949,16 +953,29 @@ do_child(const char *command, struct passwd * pw, const char *term,
else {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
- if (debug_flag)
- fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
- XAUTH_PATH, display, auth_proto, auth_data);
-
+ char *screen = strchr(display, ':');
+ if (debug_flag) {
+ fprintf(stderr,
+ "Running %.100s add %.100s %.100s %.100s\n",
+ XAUTH_PATH, display, auth_proto, auth_data);
+ if (screen != NULL)
+ fprintf(stderr,
+ "Adding %.*s/unix%s %s %s\n",
+ screen-display, display,
+ screen, auth_proto, auth_data);
+ }
f = popen(XAUTH_PATH " -q -", "w");
if (f) {
- fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
+ fprintf(f, "add %s %s %s\n", display,
+ auth_proto, auth_data);
+ if (screen != NULL)
+ fprintf(f, "add %.*s/unix%s %s %s\n",
+ screen-display, display,
+ screen, auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
+ fprintf(stderr, "Could not run %s -q -\n",
+ XAUTH_PATH);
}
}
#endif /* XAUTH_PATH */
@@ -988,7 +1005,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
struct stat mailstat;
mailbox = getenv("MAIL");
if (mailbox != NULL) {
- if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
+ if (stat(mailbox, &mailstat) != 0 ||
+ mailstat.st_size == 0)
printf("No mail.\n");
else if (mailstat.st_mtime < mailstat.st_atime)
printf("You have mail.\n");
OpenPOWER on IntegriCloud