- markus@cvs.openbsd.org 2001/06/04 21:59:43
[channels.c channels.h session.c]
switch uid when cleaning up tmp files and sockets; reported by
zen-parse@gmx.net on bugtraq
This commit is contained in:
Ben Lindstrom
parent
742e89ec5d
commit
983c098311
|
|
@ -35,6 +35,10 @@
|
||||||
the challenge response device decides how to handle non-existing
|
the challenge response device decides how to handle non-existing
|
||||||
users.
|
users.
|
||||||
-> fake challenges for skey and cryptocard
|
-> fake challenges for skey and cryptocard
|
||||||
|
- markus@cvs.openbsd.org 2001/06/04 21:59:43
|
||||||
|
[channels.c channels.h session.c]
|
||||||
|
switch uid when cleaning up tmp files and sockets; reported by
|
||||||
|
zen-parse@gmx.net on bugtraq
|
||||||
|
|
||||||
20010606
|
20010606
|
||||||
- OpenBSD CVS Sync
|
- OpenBSD CVS Sync
|
||||||
|
|
@ -5546,4 +5550,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1257 2001/06/09 01:17:23 mouring Exp $
|
$Id: ChangeLog,v 1.1258 2001/06/09 01:20:06 mouring Exp $
|
||||||
|
|
|
||||||
12
channels.c
12
channels.c
|
|
@ -40,7 +40,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: channels.c,v 1.122 2001/06/03 14:55:38 markus Exp $");
|
RCSID("$OpenBSD: channels.c,v 1.123 2001/06/04 21:59:42 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "ssh1.h"
|
#include "ssh1.h"
|
||||||
|
|
@ -2777,12 +2777,16 @@ auth_get_socket_name()
|
||||||
/* removes the agent forwarding socket */
|
/* removes the agent forwarding socket */
|
||||||
|
|
||||||
void
|
void
|
||||||
auth_sock_cleanup_proc(void *ignored)
|
auth_sock_cleanup_proc(void *_pw)
|
||||||
{
|
{
|
||||||
|
struct passwd *pw = _pw;
|
||||||
|
|
||||||
if (auth_sock_name) {
|
if (auth_sock_name) {
|
||||||
|
temporarily_use_uid(pw);
|
||||||
unlink(auth_sock_name);
|
unlink(auth_sock_name);
|
||||||
rmdir(auth_sock_dir);
|
rmdir(auth_sock_dir);
|
||||||
auth_sock_name = NULL;
|
auth_sock_name = NULL;
|
||||||
|
restore_uid();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2826,7 +2830,7 @@ auth_input_request_forwarding(struct passwd * pw)
|
||||||
auth_sock_dir, (int) getpid());
|
auth_sock_dir, (int) getpid());
|
||||||
|
|
||||||
/* delete agent socket on fatal() */
|
/* delete agent socket on fatal() */
|
||||||
fatal_add_cleanup(auth_sock_cleanup_proc, NULL);
|
fatal_add_cleanup(auth_sock_cleanup_proc, pw);
|
||||||
|
|
||||||
/* Create the socket. */
|
/* Create the socket. */
|
||||||
sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||||
|
|
@ -2856,7 +2860,7 @@ auth_input_request_forwarding(struct passwd * pw)
|
||||||
0, xstrdup("auth socket"), 1);
|
0, xstrdup("auth socket"), 1);
|
||||||
if (nc == NULL) {
|
if (nc == NULL) {
|
||||||
error("auth_input_request_forwarding: channel_new failed");
|
error("auth_input_request_forwarding: channel_new failed");
|
||||||
auth_sock_cleanup_proc(NULL);
|
auth_sock_cleanup_proc(pw);
|
||||||
close(sock);
|
close(sock);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
/* RCSID("$OpenBSD: channels.h,v 1.36 2001/06/03 14:55:39 markus Exp $"); */
|
/* RCSID("$OpenBSD: channels.h,v 1.37 2001/06/04 21:59:42 markus Exp $"); */
|
||||||
|
|
||||||
#ifndef CHANNEL_H
|
#ifndef CHANNEL_H
|
||||||
#define CHANNEL_H
|
#define CHANNEL_H
|
||||||
|
|
@ -223,7 +223,7 @@ void deny_input_open(int type, int plen, void *ctxt);
|
||||||
|
|
||||||
void auth_request_forwarding(void);
|
void auth_request_forwarding(void);
|
||||||
char *auth_get_socket_name(void);
|
char *auth_get_socket_name(void);
|
||||||
void auth_sock_cleanup_proc(void *ignored);
|
void auth_sock_cleanup_proc(void *pw);
|
||||||
int auth_input_request_forwarding(struct passwd * pw);
|
int auth_input_request_forwarding(struct passwd * pw);
|
||||||
void auth_input_open_request(int type, int plen, void *ctxt);
|
void auth_input_open_request(int type, int plen, void *ctxt);
|
||||||
|
|
||||||
|
|
|
||||||
23
session.c
23
session.c
|
|
@ -33,7 +33,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: session.c,v 1.79 2001/06/03 14:55:39 markus Exp $");
|
RCSID("$OpenBSD: session.c,v 1.80 2001/06/04 21:59:43 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "ssh1.h"
|
#include "ssh1.h"
|
||||||
|
|
@ -132,7 +132,7 @@ void do_pre_login(Session *s);
|
||||||
void do_child(Session *s, const char *command);
|
void do_child(Session *s, const char *command);
|
||||||
void do_motd(void);
|
void do_motd(void);
|
||||||
int check_quietlogin(Session *s, const char *command);
|
int check_quietlogin(Session *s, const char *command);
|
||||||
void xauthfile_cleanup_proc(void *ignore);
|
void xauthfile_cleanup_proc(void *pw);
|
||||||
|
|
||||||
void do_authenticated1(Authctxt *authctxt);
|
void do_authenticated1(Authctxt *authctxt);
|
||||||
void do_authenticated2(Authctxt *authctxt);
|
void do_authenticated2(Authctxt *authctxt);
|
||||||
|
|
@ -200,21 +200,23 @@ do_authenticated(Authctxt *authctxt)
|
||||||
|
|
||||||
/* remote user's local Xauthority file and agent socket */
|
/* remote user's local Xauthority file and agent socket */
|
||||||
if (xauthfile)
|
if (xauthfile)
|
||||||
xauthfile_cleanup_proc(NULL);
|
xauthfile_cleanup_proc(authctxt->pw);
|
||||||
if (auth_get_socket_name())
|
if (auth_get_socket_name())
|
||||||
auth_sock_cleanup_proc(NULL);
|
auth_sock_cleanup_proc(authctxt->pw);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Remove local Xauthority file.
|
* Remove local Xauthority file.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
xauthfile_cleanup_proc(void *ignore)
|
xauthfile_cleanup_proc(void *_pw)
|
||||||
{
|
{
|
||||||
debug("xauthfile_cleanup_proc called");
|
struct passwd *pw = _pw;
|
||||||
|
|
||||||
if (xauthfile != NULL) {
|
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
|
debug("xauthfile_cleanup_proc called");
|
||||||
|
if (xauthfile != NULL) {
|
||||||
|
temporarily_use_uid(pw);
|
||||||
unlink(xauthfile);
|
unlink(xauthfile);
|
||||||
p = strrchr(xauthfile, '/');
|
p = strrchr(xauthfile, '/');
|
||||||
if (p != NULL) {
|
if (p != NULL) {
|
||||||
|
|
@ -223,6 +225,7 @@ xauthfile_cleanup_proc(void *ignore)
|
||||||
}
|
}
|
||||||
xfree(xauthfile);
|
xfree(xauthfile);
|
||||||
xauthfile = NULL;
|
xauthfile = NULL;
|
||||||
|
restore_uid();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -399,7 +402,7 @@ do_authenticated1(Authctxt *authctxt)
|
||||||
if (fd >= 0)
|
if (fd >= 0)
|
||||||
close(fd);
|
close(fd);
|
||||||
restore_uid();
|
restore_uid();
|
||||||
fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
|
fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
|
||||||
success = 1;
|
success = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
@ -1811,7 +1814,7 @@ session_x11_req(Session *s)
|
||||||
if (fd >= 0)
|
if (fd >= 0)
|
||||||
close(fd);
|
close(fd);
|
||||||
restore_uid();
|
restore_uid();
|
||||||
fatal_add_cleanup(xauthfile_cleanup_proc, s);
|
fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue