From 7d68fbf4c53f9e2c9f16b8cd69bc07c377b114de Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 5 Jun 2001 19:29:20 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2001/05/19 00:36:40 [session.c] Disable X11 forwarding if xauth binary is not found. Patch from Nalin Dahyabhai ; ok markus@ --- ChangeLog | 6 +++++- session.c | 12 ++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 34d4ace83..dc76b405d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c] improved kbd-interactive support. work by per@appgate.com and me + - djm@cvs.openbsd.org 2001/05/19 00:36:40 + [session.c] + Disable X11 forwarding if xauth binary is not found. Patch from Nalin + Dahyabhai ; ok markus@ 20010528 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c @@ -5438,4 +5442,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1228 2001/06/05 18:56:16 mouring Exp $ +$Id: ChangeLog,v 1.1229 2001/06/05 19:29:20 mouring Exp $ diff --git a/session.c b/session.c index 62026c670..9aef6b022 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.75 2001/05/03 15:45:15 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.76 2001/05/19 00:36:40 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -255,6 +255,7 @@ do_authenticated1(Authctxt *authctxt) int success, type, fd, n_bytes, plen, screen_flag, have_pty = 0; int compression_level = 0, enable_compression_after_reply = 0; u_int proto_len, data_len, dlen; + struct stat st; s = session_new(); s->pw = authctxt->pw; @@ -337,7 +338,8 @@ do_authenticated1(Authctxt *authctxt) packet_send_debug("X11 forwarding disabled in server configuration file."); break; } - if (!options.xauth_location) { + if (!options.xauth_location || + (stat(options.xauth_location, &st) == -1)) { packet_send_debug("No xauth program; cannot forward with spoofing."); break; } @@ -1752,6 +1754,7 @@ int session_x11_req(Session *s) { int fd; + struct stat st; if (no_x11_forwarding_flag) { debug("X11 forwarding disabled in user configuration file."); return 0; @@ -1760,6 +1763,11 @@ session_x11_req(Session *s) debug("X11 forwarding disabled in server configuration file."); return 0; } + if (!options.xauth_location || + (stat(options.xauth_location, &st) == -1)) { + packet_send_debug("No xauth program; cannot forward with spoofing."); + return 0; + } if (xauthfile != NULL) { debug("X11 fwd already started."); return 0;