diff options
author | kris <kris@FreeBSD.org> | 2000-06-03 07:06:14 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-06-03 07:06:14 +0000 |
commit | 10badcd8c786a973fe56a5b4fe4ea468245231e8 (patch) | |
tree | 0dae7ebcdaa0cc2475d9c1dbaf5bb589411d7caa /crypto/openssh | |
parent | e1e1f536513ded16af2c57b02bb321a8459808e3 (diff) | |
download | FreeBSD-src-10badcd8c786a973fe56a5b4fe4ea468245231e8.zip FreeBSD-src-10badcd8c786a973fe56a5b4fe4ea468245231e8.tar.gz |
Import vendor patch originally submitted by the below author: don't
treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.
Submitted by: Jan Koum <jkb@yahoo-inc.com>
Diffstat (limited to 'crypto/openssh')
-rw-r--r-- | crypto/openssh/channels.c | 36 | ||||
-rw-r--r-- | crypto/openssh/channels.h | 6 | ||||
-rw-r--r-- | crypto/openssh/session.c | 44 |
3 files changed, 48 insertions, 38 deletions
diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c index 5bf1e5b..871dcb8 100644 --- a/crypto/openssh/channels.c +++ b/crypto/openssh/channels.c @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.57 2000/05/08 17:42:24 markus Exp $"); +RCSID("$Id: channels.c,v 1.59 2000/05/30 17:23:36 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -147,23 +147,6 @@ channel_lookup(int id) return c; } -void -set_nonblock(int fd) -{ - int val; - val = fcntl(fd, F_GETFL, 0); - if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return; - } - if (val & O_NONBLOCK) - return; - debug("fd %d setting O_NONBLOCK", fd); - val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) - error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno)); -} - /* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd @@ -2074,11 +2057,11 @@ cleanup_socket(void) } /* - * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. + * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. * This starts forwarding authentication requests. */ -void +int auth_input_request_forwarding(struct passwd * pw) { int sock, newch; @@ -2096,8 +2079,16 @@ auth_input_request_forwarding(struct passwd * pw) strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME); /* Create private directory for socket */ - if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) - packet_disconnect("mkdtemp: %.100s", strerror(errno)); + if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) { + packet_send_debug("Agent forwarding disabled: mkdtemp() failed: %.100s", + strerror(errno)); + restore_uid(); + xfree(channel_forwarded_auth_socket_name); + xfree(channel_forwarded_auth_socket_dir); + channel_forwarded_auth_socket_name = NULL; + channel_forwarded_auth_socket_dir = NULL; + return 0; + } snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d", channel_forwarded_auth_socket_dir, (int) getpid()); @@ -2132,6 +2123,7 @@ auth_input_request_forwarding(struct passwd * pw) xstrdup("auth socket")); strlcpy(channels[newch].path, channel_forwarded_auth_socket_name, sizeof(channels[newch].path)); + return 1; } /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h index 24ae2b82..4cafdb9 100644 --- a/crypto/openssh/channels.h +++ b/crypto/openssh/channels.h @@ -1,4 +1,4 @@ -/* RCSID("$Id: channels.h,v 1.12 2000/05/03 18:03:06 markus Exp $"); */ +/* RCSID("$Id: channels.h,v 1.13 2000/05/30 17:23:37 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -222,10 +222,10 @@ void auth_request_forwarding(void); char *auth_get_socket_name(void); /* - * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. + * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. * This starts forwarding authentication requests. */ -void auth_input_request_forwarding(struct passwd * pw); +int auth_input_request_forwarding(struct passwd * pw); /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ void auth_input_open_request(int type, int plen); diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index 53d20c5..ce46f1d 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -300,8 +300,7 @@ do_authenticated(struct passwd * pw) break; } debug("Received authentication agent forwarding request."); - auth_input_request_forwarding(pw); - success = 1; + success = auth_input_request_forwarding(pw); break; case SSH_CMSG_PORT_FORWARD_REQUEST: @@ -613,7 +612,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) } } /* Do common processing for the child, such as execing the command. */ - do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty); + do_child(command, pw, s->term, s->display, s->auth_proto, + s->auth_data, s->tty); /* NOTREACHED */ } if (pid < 0) @@ -717,7 +717,10 @@ read_environment_file(char ***env, unsigned int *envsize, fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); continue; } - /* Replace the equals sign by nul, and advance value to the value string. */ + /* + * Replace the equals sign by nul, and advance value to + * the value string. + */ *value = '\0'; value++; child_set_env(env, envsize, cp, value); @@ -862,7 +865,8 @@ do_child(const char *command, struct passwd * pw, const char *term, /* read $HOME/.ssh/environment. */ if (!options.use_login) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); + snprintf(buf, sizeof buf, "%.200s/.ssh/environment", + pw->pw_dir); read_environment_file(&env, &envsize, buf); } if (debug_flag) { @@ -949,16 +953,29 @@ do_child(const char *command, struct passwd * pw, const char *term, else { /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { - if (debug_flag) - fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n", - XAUTH_PATH, display, auth_proto, auth_data); - + char *screen = strchr(display, ':'); + if (debug_flag) { + fprintf(stderr, + "Running %.100s add %.100s %.100s %.100s\n", + XAUTH_PATH, display, auth_proto, auth_data); + if (screen != NULL) + fprintf(stderr, + "Adding %.*s/unix%s %s %s\n", + screen-display, display, + screen, auth_proto, auth_data); + } f = popen(XAUTH_PATH " -q -", "w"); if (f) { - fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data); + fprintf(f, "add %s %s %s\n", display, + auth_proto, auth_data); + if (screen != NULL) + fprintf(f, "add %.*s/unix%s %s %s\n", + screen-display, display, + screen, auth_proto, auth_data); pclose(f); } else - fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH); + fprintf(stderr, "Could not run %s -q -\n", + XAUTH_PATH); } } #endif /* XAUTH_PATH */ @@ -988,7 +1005,8 @@ do_child(const char *command, struct passwd * pw, const char *term, struct stat mailstat; mailbox = getenv("MAIL"); if (mailbox != NULL) { - if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0) + if (stat(mailbox, &mailstat) != 0 || + mailstat.st_size == 0) printf("No mail.\n"); else if (mailstat.st_mtime < mailstat.st_atime) printf("You have mail.\n"); |