|
Lines 99-104
Link Here
|
| 99 |
extern void destroy_sensitive_data(void); |
99 |
extern void destroy_sensitive_data(void); |
| 100 |
extern Buffer loginmsg; |
100 |
extern Buffer loginmsg; |
| 101 |
|
101 |
|
|
|
102 |
/* Local Xauthority file. */ |
| 103 |
static char *xauthfile; |
| 104 |
extern void xauthfile_cleanup_proc(void *); |
| 105 |
|
| 102 |
/* original command from peer. */ |
106 |
/* original command from peer. */ |
| 103 |
const char *original_command = NULL; |
107 |
const char *original_command = NULL; |
| 104 |
|
108 |
|
|
Lines 230-235
Link Here
|
| 230 |
} |
234 |
} |
| 231 |
|
235 |
|
| 232 |
/* |
236 |
/* |
|
|
237 |
* Remove local Xauthority file. |
| 238 |
*/ |
| 239 |
void |
| 240 |
xauthfile_cleanup_proc(void *_pw) |
| 241 |
{ |
| 242 |
struct passwd *pw = _pw; |
| 243 |
char *p; |
| 244 |
|
| 245 |
debug("xauthfile_cleanup_proc called"); |
| 246 |
if (xauthfile != NULL) { |
| 247 |
temporarily_use_uid(pw); |
| 248 |
unlink(xauthfile); |
| 249 |
p = strrchr(xauthfile, '/'); |
| 250 |
if (p != NULL) { |
| 251 |
*p = '\0'; |
| 252 |
rmdir(xauthfile); |
| 253 |
} |
| 254 |
xfree(xauthfile); |
| 255 |
xauthfile = NULL; |
| 256 |
restore_uid(); |
| 257 |
} |
| 258 |
} |
| 259 |
|
| 260 |
/* |
| 233 |
* Prepares for an interactive session. This is called after the user has |
261 |
* Prepares for an interactive session. This is called after the user has |
| 234 |
* been successfully authenticated. During this message exchange, pseudo |
262 |
* been successfully authenticated. During this message exchange, pseudo |
| 235 |
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings |
263 |
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings |
|
Lines 1114-1119
Link Here
|
| 1114 |
} |
1142 |
} |
| 1115 |
#endif /* USE_PAM */ |
1143 |
#endif /* USE_PAM */ |
| 1116 |
|
1144 |
|
|
|
1145 |
if (xauthfile) |
| 1146 |
child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); |
| 1147 |
|
| 1117 |
if (auth_sock_name != NULL) |
1148 |
if (auth_sock_name != NULL) |
| 1118 |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
1149 |
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
| 1119 |
auth_sock_name); |
1150 |
auth_sock_name); |
|
Lines 2182-2187
Link Here
|
| 2182 |
struct stat st; |
2213 |
struct stat st; |
| 2183 |
char display[512], auth_display[512]; |
2214 |
char display[512], auth_display[512]; |
| 2184 |
char hostname[MAXHOSTNAMELEN]; |
2215 |
char hostname[MAXHOSTNAMELEN]; |
|
|
2216 |
int fd = -1; |
| 2185 |
|
2217 |
|
| 2186 |
if (no_x11_forwarding_flag) { |
2218 |
if (no_x11_forwarding_flag) { |
| 2187 |
packet_send_debug("X11 forwarding disabled in user configuration file."); |
2219 |
packet_send_debug("X11 forwarding disabled in user configuration file."); |
|
Lines 2201-2213
Link Here
|
| 2201 |
"not compatible with UseLogin=yes."); |
2233 |
"not compatible with UseLogin=yes."); |
| 2202 |
return 0; |
2234 |
return 0; |
| 2203 |
} |
2235 |
} |
| 2204 |
if (s->display != NULL) { |
2236 |
if (s->display != NULL || xauthfile != NULL) { |
| 2205 |
debug("X11 display already set."); |
2237 |
debug("X11 display already set."); |
| 2206 |
return 0; |
2238 |
return 0; |
| 2207 |
} |
2239 |
} |
|
|
2240 |
xauthfile = xmalloc(MAXPATHLEN); |
| 2241 |
strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); |
| 2242 |
temporarily_use_uid(s->pw); |
| 2243 |
if (mkdtemp(xauthfile) == NULL) { |
| 2244 |
error("private X11 dir: mkdtemp %s failed: %s", |
| 2245 |
xauthfile, strerror(errno)); |
| 2246 |
restore_uid(); |
| 2247 |
xfree(xauthfile); |
| 2248 |
xauthfile = NULL; |
| 2249 |
return 0; |
| 2250 |
} |
| 2251 |
strlcat(xauthfile, "/cookies", MAXPATHLEN); |
| 2252 |
fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600); |
| 2253 |
if (fd >= 0) |
| 2254 |
close(fd); |
| 2255 |
restore_uid(); |
| 2256 |
|
| 2208 |
if (x11_create_display_inet(options.x11_display_offset, |
2257 |
if (x11_create_display_inet(options.x11_display_offset, |
| 2209 |
options.x11_use_localhost, s->single_connection, |
2258 |
options.x11_use_localhost, s->single_connection, |
| 2210 |
&s->display_number) == -1) { |
2259 |
&s->display_number) == -1) { |
|
|
2260 |
xauthfile_cleanup_proc(s->pw); |
| 2211 |
debug("x11_create_display_inet failed."); |
2261 |
debug("x11_create_display_inet failed."); |
| 2212 |
return 0; |
2262 |
return 0; |
| 2213 |
} |
2263 |
} |
|
Lines 2294-2299
Link Here
|
| 2294 |
} |
2346 |
} |
| 2295 |
#endif |
2347 |
#endif |
| 2296 |
|
2348 |
|
|
|
2349 |
/* remove user's local Xauthority file */ |
| 2350 |
if (xauthfile) |
| 2351 |
xauthfile_cleanup_proc(authctxt->pw); |
| 2352 |
|
| 2297 |
/* remove agent socket */ |
2353 |
/* remove agent socket */ |
| 2298 |
auth_sock_cleanup_proc(authctxt->pw); |
2354 |
auth_sock_cleanup_proc(authctxt->pw); |
| 2299 |
|
2355 |
|