Import vendor patch originally submitted by the below author: don't

treat failure to create the authentication agent directory in /tmp as
a fatal error, but disable agent forwarding.

Submitted by:	Jan Koum <jkb@yahoo-inc.com>

3 files changed, 48 insertions, 38 deletions

diff --git a/crypto/openssh/channels.c b/crypto/openssh/channels.c
index 5bf1e5b..871dcb8 100644
--- a/crypto/openssh/channels.c
+++ b/crypto/openssh/channels.c
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.57 2000/05/08 17:42:24 markus Exp $");
+RCSID("$Id: channels.c,v 1.59 2000/05/30 17:23:36 markus Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -147,23 +147,6 @@ channel_lookup(int id)
 	return c;
 }
 
-void
-set_nonblock(int fd)
-{
-	int val;
-	val = fcntl(fd, F_GETFL, 0);
-	if (val < 0) {
-		error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
-		return;
-	}
-	if (val & O_NONBLOCK)
-		return;
-	debug("fd %d setting O_NONBLOCK", fd);
-	val |= O_NONBLOCK;
-	if (fcntl(fd, F_SETFL, val) == -1)
-		error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
-}
-
 /*
  * Register filedescriptors for a channel, used when allocating a channel or
  * when the channel consumer/producer is ready, e.g. shell exec'd
@@ -2074,11 +2057,11 @@ cleanup_socket(void)
 }
 
 /*
- * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
+ * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
  * This starts forwarding authentication requests.
  */
 
-void
+int
 auth_input_request_forwarding(struct passwd * pw)
 {
 	int sock, newch;
@@ -2096,8 +2079,16 @@ auth_input_request_forwarding(struct passwd * pw)
 	strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME);
 
 	/* Create private directory for socket */
-	if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL)
-		packet_disconnect("mkdtemp: %.100s", strerror(errno));
+	if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) {
+		packet_send_debug("Agent forwarding disabled: mkdtemp() failed: %.100s",
+		    strerror(errno));
+		restore_uid();
+		xfree(channel_forwarded_auth_socket_name);
+		xfree(channel_forwarded_auth_socket_dir);
+		channel_forwarded_auth_socket_name = NULL;
+		channel_forwarded_auth_socket_dir = NULL;
+		return 0;
+	}
 	snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
 		 channel_forwarded_auth_socket_dir, (int) getpid());
 
@@ -2132,6 +2123,7 @@ auth_input_request_forwarding(struct passwd * pw)
 				 xstrdup("auth socket"));
 	strlcpy(channels[newch].path, channel_forwarded_auth_socket_name,
 	    sizeof(channels[newch].path));
+	return 1;
 }
 
 /* This is called to process an SSH_SMSG_AGENT_OPEN message. */
diff --git a/crypto/openssh/channels.h b/crypto/openssh/channels.h
index 24ae2b82..4cafdb9 100644
--- a/crypto/openssh/channels.h
+++ b/crypto/openssh/channels.h
@@ -1,4 +1,4 @@
-/* RCSID("$Id: channels.h,v 1.12 2000/05/03 18:03:06 markus Exp $"); */
+/* RCSID("$Id: channels.h,v 1.13 2000/05/30 17:23:37 markus Exp $"); */
 
 #ifndef CHANNELS_H
 #define CHANNELS_H
@@ -222,10 +222,10 @@ void    auth_request_forwarding(void);
 char   *auth_get_socket_name(void);
 
 /*
- * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
+ * This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
  * This starts forwarding authentication requests.
  */
-void    auth_input_request_forwarding(struct passwd * pw);
+int     auth_input_request_forwarding(struct passwd * pw);
 
 /* This is called to process an SSH_SMSG_AGENT_OPEN message. */
 void    auth_input_open_request(int type, int plen);
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index 53d20c5..ce46f1d 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -8,7 +8,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -300,8 +300,7 @@ do_authenticated(struct passwd * pw)
 				break;
 			}
 			debug("Received authentication agent forwarding request.");
-			auth_input_request_forwarding(pw);
-			success = 1;
+			success = auth_input_request_forwarding(pw);
 			break;
 
 		case SSH_CMSG_PORT_FORWARD_REQUEST:
@@ -613,7 +612,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
 			}
 		}
 		/* Do common processing for the child, such as execing the command. */
-		do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
+		do_child(command, pw, s->term, s->display, s->auth_proto,
+		    s->auth_data, s->tty);
 		/* NOTREACHED */
 	}
 	if (pid < 0)
@@ -717,7 +717,10 @@ read_environment_file(char ***env, unsigned int *envsize,
 			fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
 			continue;
 		}
-		/* Replace the equals sign by nul, and advance value to the value string. */
+		/*
+		 * Replace the equals sign by nul, and advance value to
+		 * the value string.
+		 */
 		*value = '\0';
 		value++;
 		child_set_env(env, envsize, cp, value);
@@ -862,7 +865,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
 
 	/* read $HOME/.ssh/environment. */
 	if (!options.use_login) {
-		snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
+		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
+		    pw->pw_dir);
 		read_environment_file(&env, &envsize, buf);
 	}
 	if (debug_flag) {
@@ -949,16 +953,29 @@ do_child(const char *command, struct passwd * pw, const char *term,
 		else {
 			/* Add authority data to .Xauthority if appropriate. */
 			if (auth_proto != NULL && auth_data != NULL) {
-				if (debug_flag)
-					fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
-						XAUTH_PATH, display, auth_proto, auth_data);
-
+				char *screen = strchr(display, ':');
+				if (debug_flag) {
+					fprintf(stderr,
+					    "Running %.100s add %.100s %.100s %.100s\n",
+					    XAUTH_PATH, display, auth_proto, auth_data);
+					if (screen != NULL)
+						fprintf(stderr,
+						    "Adding %.*s/unix%s %s %s\n",
+						    screen-display, display,
+						    screen, auth_proto, auth_data);
+				}
 				f = popen(XAUTH_PATH " -q -", "w");
 				if (f) {
-					fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
+					fprintf(f, "add %s %s %s\n", display,
+					    auth_proto, auth_data);
+					if (screen != NULL) 
+						fprintf(f, "add %.*s/unix%s %s %s\n",
+						    screen-display, display,
+						    screen, auth_proto, auth_data);
 					pclose(f);
 				} else
-					fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
+					fprintf(stderr, "Could not run %s -q -\n",
+					    XAUTH_PATH);
 			}
 		}
 #endif /* XAUTH_PATH */
@@ -988,7 +1005,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
 				struct stat mailstat;
 				mailbox = getenv("MAIL");
 				if (mailbox != NULL) {
-					if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
+					if (stat(mailbox, &mailstat) != 0 ||
+					    mailstat.st_size == 0)
 						printf("No mail.\n");
 					else if (mailstat.st_mtime < mailstat.st_atime)
 						printf("You have mail.\n");