- markus@cvs.openbsd.org 2001/06/12 21:21:29

[session.c]
     remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
     we do already trust $HOME/.ssh
     you can use .ssh/sshrc and .ssh/environment if you want to customize
     the location of the xauth cookies

ChangeLog

@@ -10,6 +10,12 @@
    - markus@cvs.openbsd.org 2001/06/12 16:11:26
      [packet.c]
      do not log() packet_set_maxsize
+   - markus@cvs.openbsd.org 2001/06/12 21:21:29
+     [session.c]
+     remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
+     we do already trust $HOME/.ssh
+     you can use .ssh/sshrc and .ssh/environment if you want to customize
+     the location of the xauth cookies
 
 20010612
  - scp.c ID update (upstream synced vfsprintf() from us)
@@ -5629,4 +5635,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1283 2001/06/13 04:39:18 mouring Exp $
+$Id: ChangeLog,v 1.1284 2001/06/13 04:41:41 mouring Exp $

session.c

@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.86 2001/06/12 16:10:38 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.87 2001/06/12 21:21:29 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -135,7 +135,6 @@ void	do_pre_login(Session *s);
 void	do_child(Session *s, const char *command);
 void	do_motd(void);
 int	check_quietlogin(Session *s, const char *command);
-void	xauthfile_cleanup_proc(void *pw);
 
 void	do_authenticated1(Authctxt *authctxt);
 void	do_authenticated2(Authctxt *authctxt);
@@ -149,9 +148,6 @@ extern u_int utmp_len;
 extern int startup_pipe;
 extern void destroy_sensitive_data(void);
 
-/* Local Xauthority file. */
-static char *xauthfile;
-
 /* original command from peer. */
 char *original_command = NULL;
 
@@ -201,37 +197,11 @@ do_authenticated(Authctxt *authctxt)
 	else
 		do_authenticated1(authctxt);
 
-	/* remote user's local Xauthority file and agent socket */
-	if (xauthfile)
-		xauthfile_cleanup_proc(authctxt->pw);
+	/* remove agent socket */
 	if (auth_get_socket_name())
 		auth_sock_cleanup_proc(authctxt->pw);
 }
 
-/*
- * Remove local Xauthority file.
- */
-void
-xauthfile_cleanup_proc(void *_pw)
-{
-	struct passwd *pw = _pw;
-	char *p;
-
-	debug("xauthfile_cleanup_proc called");
-	if (xauthfile != NULL) {
-		temporarily_use_uid(pw);
-		unlink(xauthfile);
-		p = strrchr(xauthfile, '/');
-		if (p != NULL) {
-			*p = '\0';
-			rmdir(xauthfile);
-		}
-		xfree(xauthfile);
-		xauthfile = NULL;
-		restore_uid();
-	}
-}
-
 /*
  * Prepares for an interactive session.  This is called after the user has
  * been successfully authenticated.  During this message exchange, pseudo
@@ -1257,8 +1227,6 @@ do_child(Session *s, const char *command)
 	do_pam_environment(&env, &envsize);
 #endif /* USE_PAM */
 
-	if (xauthfile)
-		child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
 	if (auth_get_socket_name() != NULL)
 		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
 			      auth_get_socket_name());
@@ -2008,32 +1976,15 @@ session_setup_x11fwd(Session *s)
 		packet_send_debug("No xauth program; cannot forward with spoofing.");
 		return 0;
 	}
-	if (s->display != NULL || xauthfile != NULL) {
+	if (s->display != NULL) {
 		debug("X11 display already set.");
 		return 0;
 	}
-	xauthfile = xmalloc(MAXPATHLEN);
-	strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
-	temporarily_use_uid(s->pw);
-	if (mkdtemp(xauthfile) == NULL) {
-		error("private X11 dir: mkdtemp %s failed: %s",
-		    xauthfile, strerror(errno));
-		restore_uid();
-		xfree(xauthfile);
-		xauthfile = NULL;
-		return 0;
-	}
-	strlcat(xauthfile, "/cookies", MAXPATHLEN);
-	fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
-	if (fd >= 0)
-		close(fd);
-	restore_uid();
 	s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
 	if (s->display == NULL) {
-		xauthfile_cleanup_proc(s->pw);
+		debug("x11_create_display_inet failed.");
 		return 0;
 	}
-	fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
 	return 1;
 }