tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2002/06/10 22:28:41

Browse Source 
[channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.
This commit is contained in:
Ben Lindstrom 2002-06-11 15:59:02 +00:00
parent 914d03758b
commit 8bb6f36c8f
4 changed files with 98 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -25,6 +25,10 @@
[ssh_config] [ssh_config]
update defaults for RhostsRSAAuthentication and RhostsAuthentication update defaults for RhostsRSAAuthentication and RhostsAuthentication
here too (all options commented out with default value). here too (all options commented out with default value).
- markus@cvs.openbsd.org 2002/06/10 22:28:41
[channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping
in channel.c.
20020609 20020609
- (bal) OpenBSD CVS Sync - (bal) OpenBSD CVS Sync
@ -890,4 +894,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2206 2002/06/11 15:55:01 mouring Exp $ $Id: ChangeLog,v 1.2207 2002/06/11 15:59:02 mouring Exp $

106
channels.c
View File

@ -39,14 +39,13 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.174 2002/06/09 13:32:01 markus Exp $"); RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "ssh1.h" #include "ssh1.h"
#include "ssh2.h" #include "ssh2.h"
#include "packet.h" #include "packet.h"
#include "xmalloc.h" #include "xmalloc.h"
#include "uidswap.h"
#include "log.h" #include "log.h"
#include "misc.h" #include "misc.h"
#include "channels.h" #include "channels.h"
@ -129,10 +128,6 @@ static u_int x11_fake_data_len;
#define NUM_SOCKS 10 #define NUM_SOCKS 10
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;
/* AF_UNSPEC or AF_INET or AF_INET6 */ /* AF_UNSPEC or AF_INET or AF_INET6 */
static int IPv4or6 = AF_UNSPEC; static int IPv4or6 = AF_UNSPEC;
@ -2704,105 +2699,6 @@ auth_request_forwarding(void)
packet_write_wait(); packet_write_wait();
} }
/*
* Returns the name of the forwarded authentication socket. Returns NULL if
* there is no forwarded authentication socket. The returned value points to
* a static buffer.
*/
char *
auth_get_socket_name(void)
{
return auth_sock_name;
}
/* removes the agent forwarding socket */
void
auth_sock_cleanup_proc(void *_pw)
{
struct passwd *pw = _pw;
if (auth_sock_name) {
temporarily_use_uid(pw);
unlink(auth_sock_name);
rmdir(auth_sock_dir);
auth_sock_name = NULL;
restore_uid();
}
}
/*
* This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
* This starts forwarding authentication requests.
*/
int
auth_input_request_forwarding(struct passwd * pw)
{
Channel *nc;
int sock;
struct sockaddr_un sunaddr;
if (auth_get_socket_name() != NULL) {
error("authentication forwarding requested twice.");
return 0;
}
/* Temporarily drop privileged uid for mkdir/bind. */
temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
auth_sock_name = xmalloc(MAXPATHLEN);
auth_sock_dir = xmalloc(MAXPATHLEN);
strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
/* Create private directory for socket */
if (mkdtemp(auth_sock_dir) == NULL) {
packet_send_debug("Agent forwarding disabled: "
"mkdtemp() failed: %.100s", strerror(errno));
restore_uid();
xfree(auth_sock_name);
xfree(auth_sock_dir);
auth_sock_name = NULL;
auth_sock_dir = NULL;
return 0;
}
snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d",
auth_sock_dir, (int) getpid());
/* delete agent socket on fatal() */
fatal_add_cleanup(auth_sock_cleanup_proc, pw);
/* Create the socket. */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0)
packet_disconnect("socket: %.100s", strerror(errno));
/* Bind it to the name. */
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0)
packet_disconnect("bind: %.100s", strerror(errno));
/* Restore the privileged uid. */
restore_uid();
/* Start listening on the socket. */
if (listen(sock, 5) < 0)
packet_disconnect("listen: %.100s", strerror(errno));
/* Allocate a channel for the authentication agent socket. */
nc = channel_new("auth socket",
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, xstrdup("auth socket"), 1);
strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
return 1;
}
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */ /* This is called to process an SSH_SMSG_AGENT_OPEN message. */
void void

5
channels.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: channels.h,v 1.67 2002/03/26 22:50:39 markus Exp $ */ /* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -213,9 +213,6 @@ void deny_input_open(int, u_int32_t, void *);
/* agent forwarding */ /* agent forwarding */
void auth_request_forwarding(void); void auth_request_forwarding(void);
char *auth_get_socket_name(void);
void auth_sock_cleanup_proc(void *);
int auth_input_request_forwarding(struct passwd *);
void auth_input_open_request(int, u_int32_t, void *); void auth_input_open_request(int, u_int32_t, void *);
/* channel close */ /* channel close */

95
session.c
View File

@ -33,7 +33,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: session.c,v 1.135 2002/05/16 22:09:59 stevesk Exp $"); RCSID("$OpenBSD: session.c,v 1.136 2002/06/10 22:28:41 markus Exp $");
#include "ssh.h" #include "ssh.h"
#include "ssh1.h" #include "ssh1.h"
@ -111,6 +111,93 @@ char *aixloginmsg;
login_cap_t *lc; login_cap_t *lc;
#endif #endif
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;
/* removes the agent forwarding socket */
static void
auth_sock_cleanup_proc(void *_pw)
{
struct passwd *pw = _pw;
if (auth_sock_name != NULL) {
temporarily_use_uid(pw);
unlink(auth_sock_name);
rmdir(auth_sock_dir);
auth_sock_name = NULL;
restore_uid();
}
}
static int
auth_input_request_forwarding(struct passwd * pw)
{
Channel *nc;
int sock;
struct sockaddr_un sunaddr;
if (auth_sock_name != NULL) {
error("authentication forwarding requested twice.");
return 0;
}
/* Temporarily drop privileged uid for mkdir/bind. */
temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
auth_sock_name = xmalloc(MAXPATHLEN);
auth_sock_dir = xmalloc(MAXPATHLEN);
strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
/* Create private directory for socket */
if (mkdtemp(auth_sock_dir) == NULL) {
packet_send_debug("Agent forwarding disabled: "
"mkdtemp() failed: %.100s", strerror(errno));
restore_uid();
xfree(auth_sock_name);
xfree(auth_sock_dir);
auth_sock_name = NULL;
auth_sock_dir = NULL;
return 0;
}
snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%d",
auth_sock_dir, (int) getpid());
/* delete agent socket on fatal() */
fatal_add_cleanup(auth_sock_cleanup_proc, pw);
/* Create the socket. */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0)
packet_disconnect("socket: %.100s", strerror(errno));
/* Bind it to the name. */
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0)
packet_disconnect("bind: %.100s", strerror(errno));
/* Restore the privileged uid. */
restore_uid();
/* Start listening on the socket. */
if (listen(sock, 5) < 0)
packet_disconnect("listen: %.100s", strerror(errno));
/* Allocate a channel for the authentication agent socket. */
nc = channel_new("auth socket",
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
0, xstrdup("auth socket"), 1);
strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
return 1;
}
void void
do_authenticated(Authctxt *authctxt) do_authenticated(Authctxt *authctxt)
{ {
@ -141,7 +228,7 @@ do_authenticated(Authctxt *authctxt)
do_authenticated1(authctxt); do_authenticated1(authctxt);
/* remove agent socket */ /* remove agent socket */
if (auth_get_socket_name()) if (auth_sock_name != NULL)
auth_sock_cleanup_proc(authctxt->pw); auth_sock_cleanup_proc(authctxt->pw);
#ifdef KRB4 #ifdef KRB4
if (options.kerberos_ticket_cleanup) if (options.kerberos_ticket_cleanup)
@ -948,9 +1035,9 @@ do_setup_env(Session *s, const char *shell)
copy_environment(fetch_pam_environment(), &env, &envsize); copy_environment(fetch_pam_environment(), &env, &envsize);
#endif /* USE_PAM */ #endif /* USE_PAM */
if (auth_get_socket_name() != NULL) if (auth_sock_name != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name()); auth_sock_name);
/* read $HOME/.ssh/environment. */ /* read $HOME/.ssh/environment. */
if (!options.use_login) { if (!options.use_login) {