|
Lines 152-157
static char *private_temp_dir = NULL;
Link Here
|
| 152 |
/* Path for authentication agent forwarding socket. */ |
152 |
/* Path for authentication agent forwarding socket. */ |
| 153 |
static char *auth_sock_name = NULL; |
153 |
static char *auth_sock_name = NULL; |
| 154 |
|
154 |
|
|
|
155 |
/* Path for XAUTHORITY file */ |
| 156 |
static char *xauthority_path = NULL; |
| 157 |
|
| 155 |
/* removes the per-session temporary directory */ |
158 |
/* removes the per-session temporary directory */ |
| 156 |
static void |
159 |
static void |
| 157 |
cleanup_private_temp_dir(struct passwd *pw) |
160 |
cleanup_private_temp_dir(struct passwd *pw) |
|
Lines 254-259
auth_input_request_forwarding(struct passwd * pw)
Link Here
|
| 254 |
return 0; |
257 |
return 0; |
| 255 |
} |
258 |
} |
| 256 |
|
259 |
|
|
|
260 |
/* removes the xauthority file */ |
| 261 |
static void |
| 262 |
xauthority_cleanup_proc(struct passwd *pw) |
| 263 |
{ |
| 264 |
if (xauthority_path != NULL) { |
| 265 |
temporarily_use_uid(pw); |
| 266 |
unlink(xauthority_path); |
| 267 |
free(xauthority_path); |
| 268 |
xauthority_path = NULL; |
| 269 |
restore_uid(); |
| 270 |
} |
| 271 |
} |
| 272 |
|
| 273 |
static void |
| 274 |
prepare_xauthority_file(struct passwd *pw) |
| 275 |
{ |
| 276 |
char *path; |
| 277 |
int fd; |
| 278 |
|
| 279 |
/* |
| 280 |
* Failures here are mostly-harmless: if we don't create the |
| 281 |
* file or directory then XAUTHORITY won't be get set later and |
| 282 |
* xauth should fall back to its default location. |
| 283 |
*/ |
| 284 |
|
| 285 |
if (make_private_temp_dir(pw) != 0) { |
| 286 |
debug("Failed to create directory for xauth data"); |
| 287 |
return; |
| 288 |
} |
| 289 |
|
| 290 |
xasprintf(&path, "%s/xauth.XXXXXXXXXX", private_temp_dir); |
| 291 |
temporarily_use_uid(pw); |
| 292 |
fd = mkstemp(path); |
| 293 |
restore_uid(); |
| 294 |
|
| 295 |
if (fd == -1) { |
| 296 |
debug("%s: mkstemp: %s", __func__, strerror(errno)); |
| 297 |
free(path); |
| 298 |
return; |
| 299 |
} |
| 300 |
debug3("%s: xauthority file at %s", __func__, path); |
| 301 |
close(fd); /* just wanted to create it */ |
| 302 |
xauthority_path = path; |
| 303 |
} |
| 304 |
|
| 257 |
static void |
305 |
static void |
| 258 |
display_loginmsg(void) |
306 |
display_loginmsg(void) |
| 259 |
{ |
307 |
{ |
|
Lines 843-848
do_setup_env(Session *s, const char *shell)
Link Here
|
| 843 |
if (getenv("TZ")) |
891 |
if (getenv("TZ")) |
| 844 |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
892 |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
| 845 |
|
893 |
|
|
|
894 |
if (xauthority_path != NULL) |
| 895 |
child_set_env(&env, &envsize, "XAUTHORITY", xauthority_path); |
| 896 |
|
| 846 |
/* Set custom environment options from RSA authentication. */ |
897 |
/* Set custom environment options from RSA authentication. */ |
| 847 |
while (custom_environment) { |
898 |
while (custom_environment) { |
| 848 |
struct envstring *ce = custom_environment; |
899 |
struct envstring *ce = custom_environment; |
|
Lines 1635-1641
session_x11_req(Session *s)
Link Here
|
| 1635 |
success = 0; |
1686 |
success = 0; |
| 1636 |
error("Invalid X11 forwarding data"); |
1687 |
error("Invalid X11 forwarding data"); |
| 1637 |
} |
1688 |
} |
| 1638 |
if (!success) { |
1689 |
if (success) |
|
|
1690 |
prepare_xauthority_file(s->pw); |
| 1691 |
else { |
| 1639 |
free(s->auth_proto); |
1692 |
free(s->auth_proto); |
| 1640 |
free(s->auth_data); |
1693 |
free(s->auth_data); |
| 1641 |
s->auth_proto = NULL; |
1694 |
s->auth_proto = NULL; |
|
Lines 2185-2190
do_cleanup(Authctxt *authctxt)
Link Here
|
| 2185 |
auth_info_file = NULL; |
2238 |
auth_info_file = NULL; |
| 2186 |
} |
2239 |
} |
| 2187 |
|
2240 |
|
|
|
2241 |
xauthority_cleanup_proc(authctxt->pw); |
| 2242 |
|
| 2188 |
/* |
2243 |
/* |
| 2189 |
* Cleanup ptys/utmp only if privsep is disabled, |
2244 |
* Cleanup ptys/utmp only if privsep is disabled, |
| 2190 |
* or if running in monitor. |
2245 |
* or if running in monitor. |