Attachment #1457 for bug #1442

View | Details | Raw Unified | Return to bug 1442
Collapse All | Expand All

Lines 112-117 Link Here

(-)readconf.c (+9 lines)
112	oBadOption,	112	oBadOption,
113	oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,	113	oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
114	oExitOnForwardFailure,	114	oExitOnForwardFailure,
		115	oRequestTempHomedir,
115	oPasswordAuthentication, oRSAAuthentication,	116	oPasswordAuthentication, oRSAAuthentication,
116	oChallengeResponseAuthentication, oXAuthLocation,	117	oChallengeResponseAuthentication, oXAuthLocation,
117	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,	118	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
Lines 143-148 Link Here
143	{ "forwardx11", oForwardX11 },	144	{ "forwardx11", oForwardX11 },
144	{ "forwardx11trusted", oForwardX11Trusted },	145	{ "forwardx11trusted", oForwardX11Trusted },
145	{ "exitonforwardfailure", oExitOnForwardFailure },	146	{ "exitonforwardfailure", oExitOnForwardFailure },
		147	{ "requesttemphomedir", oRequestTempHomedir },
146	{ "xauthlocation", oXAuthLocation },	148	{ "xauthlocation", oXAuthLocation },
147	{ "gatewayports", oGatewayPorts },	149	{ "gatewayports", oGatewayPorts },
148	{ "useprivilegedport", oUsePrivilegedPort },	150	{ "useprivilegedport", oUsePrivilegedPort },
Lines 402-407 Link Here
402	intptr = &options->exit_on_forward_failure;	404	intptr = &options->exit_on_forward_failure;
403	goto parse_flag;	405	goto parse_flag;
404		406
		407	case oRequestTempHomedir:
		408	intptr = &options->request_temp_homedir;
		409	goto parse_flag;
		410
405	case oUsePrivilegedPort:	411	case oUsePrivilegedPort:
406	intptr = &options->use_privileged_port;	412	intptr = &options->use_privileged_port;
407	goto parse_flag;	413	goto parse_flag;
Lines 1003-1008 Link Here
1003	options->forward_x11 = -1;	1009	options->forward_x11 = -1;
1004	options->forward_x11_trusted = -1;	1010	options->forward_x11_trusted = -1;
1005	options->exit_on_forward_failure = -1;	1011	options->exit_on_forward_failure = -1;
		1012	options->request_temp_homedir = -1;
1006	options->xauth_location = NULL;	1013	options->xauth_location = NULL;
1007	options->gateway_ports = -1;	1014	options->gateway_ports = -1;
1008	options->use_privileged_port = -1;	1015	options->use_privileged_port = -1;
Lines 1085-1090 Link Here
1085	options->forward_x11_trusted = 0;	1092	options->forward_x11_trusted = 0;
1086	if (options->exit_on_forward_failure == -1)	1093	if (options->exit_on_forward_failure == -1)
1087	options->exit_on_forward_failure = 0;	1094	options->exit_on_forward_failure = 0;
		1095	if (options->request_temp_homedir == -1)
		1096	options->request_temp_homedir = 0;
1088	if (options->xauth_location == NULL)	1097	if (options->xauth_location == NULL)
1089	options->xauth_location = _PATH_XAUTH;	1098	options->xauth_location = _PATH_XAUTH;
1090	if (options->gateway_ports == -1)	1099	if (options->gateway_ports == -1)

Lines 33-38 Link Here

(-)readconf.h (+1 lines)
33	int forward_x11; /* Forward X11 display. */	33	int forward_x11; /* Forward X11 display. */
34	int forward_x11_trusted; /* Trust Forward X11 display. */	34	int forward_x11_trusted; /* Trust Forward X11 display. */
35	int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */	35	int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */
		36	int request_temp_homedir; /* Override homedir with a temporary one */
36	char xauth_location; / Location for xauth program */	37	char xauth_location; / Location for xauth program */
37	int gateway_ports; /* Allow remote connects to forwarded ports. */	38	int gateway_ports; /* Allow remote connects to forwarded ports. */
38	int use_privileged_port; /* Don't use privileged port if false. */	39	int use_privileged_port; /* Don't use privileged port if false. */

Lines 71-76 Link Here

(-)servconf.c (-1 / +10 lines)
71	options->ignore_rhosts = -1;	71	options->ignore_rhosts = -1;
72	options->ignore_user_known_hosts = -1;	72	options->ignore_user_known_hosts = -1;
73	options->print_motd = -1;	73	options->print_motd = -1;
		74	options->permit_temp_home = -1;
74	options->print_lastlog = -1;	75	options->print_lastlog = -1;
75	options->x11_forwarding = -1;	76	options->x11_forwarding = -1;
76	options->x11_display_offset = -1;	77	options->x11_display_offset = -1;
Lines 167-172 Link Here
167	options->ignore_user_known_hosts = 0;	168	options->ignore_user_known_hosts = 0;
168	if (options->print_motd == -1)	169	if (options->print_motd == -1)
169	options->print_motd = 1;	170	options->print_motd = 1;
		171	if (options->permit_temp_home == -1)
		172	options->permit_temp_home = 0;
170	if (options->print_lastlog == -1)	173	if (options->print_lastlog == -1)
171	options->print_lastlog = 1;	174	options->print_lastlog = 1;
172	if (options->x11_forwarding == -1)	175	if (options->x11_forwarding == -1)
Lines 280-286 Link Here
280	sKerberosTgtPassing, sChallengeResponseAuthentication,	283	sKerberosTgtPassing, sChallengeResponseAuthentication,
281	sPasswordAuthentication, sKbdInteractiveAuthentication,	284	sPasswordAuthentication, sKbdInteractiveAuthentication,
282	sListenAddress, sAddressFamily,	285	sListenAddress, sAddressFamily,
283	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	286	sPrintMotd, sPermitTempHome, sPrintLastLog, sIgnoreRhosts,
284	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	287	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
285	sStrictModes, sEmptyPasswd, sTCPKeepAlive,	288	sStrictModes, sEmptyPasswd, sTCPKeepAlive,
286	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,	289	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
Lines 364-369 Link Here
364	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },	367	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
365	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },	368	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
366	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },	369	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
		370	{ "permittemphomedir", sPermitTempHome, SSHCFG_ALL },
367	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },	371	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
368	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },	372	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
369	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },	373	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
Lines 895-900 Link Here
895	intptr = &options->print_motd;	899	intptr = &options->print_motd;
896	goto parse_flag;	900	goto parse_flag;
897		901
		902	case sPermitTempHome:
		903	intptr = &options->permit_temp_home;
		904	goto parse_flag;
		905
898	case sPrintLastLog:	906	case sPrintLastLog:
899	intptr = &options->print_lastlog;	907	intptr = &options->print_lastlog;
900	goto parse_flag;	908	goto parse_flag;
Lines 1366-1371 Link Here
1366	M_CP_INTOPT(hostbased_authentication);	1374	M_CP_INTOPT(hostbased_authentication);
1367	M_CP_INTOPT(kbd_interactive_authentication);	1375	M_CP_INTOPT(kbd_interactive_authentication);
1368	M_CP_INTOPT(permit_root_login);	1376	M_CP_INTOPT(permit_root_login);
		1377	M_CP_INTOPT(permit_temp_home);
1369		1378
1370	M_CP_INTOPT(allow_tcp_forwarding);	1379	M_CP_INTOPT(allow_tcp_forwarding);
1371	M_CP_INTOPT(gateway_ports);	1380	M_CP_INTOPT(gateway_ports);

Lines 55-60 Link Here

(-)servconf.h (+1 lines)
55	int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts	55	int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts
56	* for RhostsRsaAuth */	56	* for RhostsRsaAuth */
57	int print_motd; /* If true, print /etc/motd. */	57	int print_motd; /* If true, print /etc/motd. */
		58	int permit_temp_home; /* If true, allow client override HOME */
58	int print_lastlog; /* If true, print lastlog */	59	int print_lastlog; /* If true, print lastlog */
59	int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */	60	int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */
60	int x11_display_offset; /* What DISPLAY number to start	61	int x11_display_offset; /* What DISPLAY number to start

Lines 1136-1141 Link Here

(-)serverloop.c (+5 lines)
1136	success = channel_cancel_rport_listener(cancel_address,	1136	success = channel_cancel_rport_listener(cancel_address,
1137	cancel_port);	1137	cancel_port);
1138	xfree(cancel_address);	1138	xfree(cancel_address);
		1139	} else if ((strcmp(rtype, "ssh-tmphomedir@openssh.com")) == 0) {
		1140	if (options.permit_temp_home)
		1141	success = tmp_homedir_req(the_authctxt->pw);
		1142	else
		1143	packet_send_debug("Server has disabled temp homedirs.");
1139	}	1144	}
1140	if (want_reply) {	1145	if (want_reply) {
1141	packet_start(success ?	1146	packet_start(success ?





static int is_child = 0;

/* tmp homedir handler */
static char *tmp_home_dir = NULL;

int
tmp_homedir_req(struct passwd *pw)
{
	temporarily_use_uid(pw);
	tmp_home_dir = xmalloc(MAXPATHLEN);
	strlcpy(tmp_home_dir, "/tmp/ssh-tmphome-XXXXXXXXXX", MAXPATHLEN);

	if (mkdtemp(tmp_home_dir) == NULL) {
		packet_send_debug("Temp homedir request failed: "
				"mkdtemp() failed: %.100s", strerror(errno));
		restore_uid();
		xfree(tmp_home_dir);
		tmp_home_dir = NULL;
		return 0;
	} else {
		if (chmod(tmp_home_dir, (mode_t) 0500) < 0 )
			packet_send_debug("chmod %.100s 0500 failed: %.100s",
					tmp_home_dir, strerror(errno));
		pw->pw_dir = tmp_home_dir;
		restore_uid();
		return 1;
	}
}

static void
tmp_homedir_cleanup(struct passwd *pw)
{
	if (tmp_home_dir != NULL) {
		temporarily_use_uid(pw);
		if (rmdir(tmp_home_dir) != 0)
			debug("Cleanup of tmp homedir: %.100s failed: "
					"rmdir() failed: %.100s", tmp_home_dir, strerror(errno));
		xfree(tmp_home_dir);
		tmp_home_dir = NULL;
		restore_uid();
	}
}

/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;

			success = session_pty_req(s);
			break;

		case SSH_CMSG_TMPHOMEDIR:
			success = tmp_homedir_req(s->pw);
			break;

		case SSH_CMSG_X11_REQUEST_FORWARDING:
			s->auth_proto = packet_get_string(&proto_len);
			s->auth_data = packet_get_string(&data_len);

	ssh_gssapi_do_child(&env, &envsize);
#endif

	if (tmp_home_dir) {
		pw->pw_dir = tmp_home_dir;
		debug("homedir: %s", pw->pw_dir);
	}

	if (!options.use_login) {
		/* Set basic environment. */
		for (i = 0; i < s->num_env; i++)

	}

	if (!options.use_login)
		if (!tmp_home_dir)
			do_rc_files(s, shell);

	/* restore SIGPIPE for child */
	signal(SIGPIPE, SIG_DFL);


	/* remove agent socket */
	auth_sock_cleanup_proc(authctxt->pw);
	tmp_homedir_cleanup(authctxt->pw);

	/*
	 * Cleanup ptys/utmp only if privsep is disabled,

Lines 78-81 Link Here

(-)session.h (+1 lines)
78	void child_set_env(char **envp, u_int envsizep, const char *name,	78	void child_set_env(char **envp, u_int envsizep, const char *name,
79	const char *value);	79	const char *value);
80		80
		81	int tmp_homedir_req(struct passwd *);
81	#endif	82	#endif

Lines 902-907 Link Here

(-)ssh.c (+20 lines)
902	char *cp;	902	char *cp;
903	const char *display;	903	const char *display;
904		904
		905	/* Protocol 1 homedir override */
		906	if (options.request_temp_homedir) {
		907	packet_start(SSH_CMSG_TMPHOMEDIR);
		908	packet_send();
		909	packet_write_wait();
		910	type = packet_read();
		911	if (type == SSH_SMSG_FAILURE)
		912	logit("Warning: Remote host refused tmphomedir.");
		913	else if (type != SSH_SMSG_SUCCESS)
		914	packet_disconnect("Protocol error waiting for tmphomedir response.");
		915	}
		916
905	/* Enable compression if requested. */	917	/* Enable compression if requested. */
906	if (options.compression) {	918	if (options.compression) {
907	debug("Requesting compression at level %d.", options.compression_level);	919	debug("Requesting compression at level %d.", options.compression_level);
Lines 1144-1149 Link Here
1144	if (options.forward_agent) {	1156	if (options.forward_agent) {
1145	debug("Requesting authentication agent forwarding.");	1157	debug("Requesting authentication agent forwarding.");
1146	channel_request_start(id, "auth-agent-req@openssh.com", 0);	1158	channel_request_start(id, "auth-agent-req@openssh.com", 0);
		1159	packet_send();
		1160	}
		1161
		1162	if (options.request_temp_homedir) {
		1163	debug("Requesting temp homedir.");
		1164	packet_start(SSH2_MSG_GLOBAL_REQUEST);
		1165	packet_put_cstring("ssh-tmphomedir@openssh.com");
		1166	packet_put_char(0);
1147	packet_send();	1167	packet_send();
1148	}	1168	}
1149		1169

Lines 68-73 Link Here

(-)ssh1.h (+1 lines)
68	#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */	68	#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
69	#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */	69	#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
70	#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */	70	#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
		71	#define SSH_CMSG_TMPHOMEDIR 68 /* tmphomedir flag */
71		72
72	/* protocol version 1.5 overloads some version 1.3 message types */	73	/* protocol version 1.5 overloads some version 1.3 message types */
73	#define SSH_MSG_CHANNEL_INPUT_EOF SSH_MSG_CHANNEL_CLOSE	74	#define SSH_MSG_CHANNEL_INPUT_EOF SSH_MSG_CHANNEL_CLOSE

Lines 812-817 Link Here

(-)ssh_config.5 (+4 lines)
812	.Cm GatewayPorts	812	.Cm GatewayPorts
813	option is enabled (see	813	option is enabled (see
814	.Xr sshd_config 5 ) .	814	.Xr sshd_config 5 ) .
		815	.It Cm RequestTempHomedir
		816	Specifies whether the server should override the user home directory with a temporary one. The server must support this option.
		817	The default is
		818	.Dq no .
815	.It Cm RhostsRSAAuthentication	819	.It Cm RhostsRSAAuthentication
816	Specifies whether to try rhosts based authentication with RSA host	820	Specifies whether to try rhosts based authentication with RSA host
817	authentication.	821	authentication.

Lines 102-107 Link Here

(-)sshd_config (+1 lines)
102	#PidFile /var/run/sshd.pid	102	#PidFile /var/run/sshd.pid
103	#MaxStartups 10	103	#MaxStartups 10
104	#PermitTunnel no	104	#PermitTunnel no
		105	#PermitTempHome no
105	#ChrootDirectory none	106	#ChrootDirectory none
106		107
107	# no default banner path	108	# no default banner path

Lines 569-574 Link Here

(-)sshd_config.5 (+5 lines)
569	.Cm PasswordAuthentication ,	569	.Cm PasswordAuthentication ,
570	.Cm PermitOpen ,	570	.Cm PermitOpen ,
571	.Cm PermitRootLogin ,	571	.Cm PermitRootLogin ,
		572	.Cm PermitTempHomedir ,
572	.Cm RhostsRSAAuthentication ,	573	.Cm RhostsRSAAuthentication ,
573	.Cm RSAAuthentication ,	574	.Cm RSAAuthentication ,
574	.Cm X11DisplayOffset ,	575	.Cm X11DisplayOffset ,
Lines 670-675 Link Here
670	If this option is set to	671	If this option is set to
671	.Dq no ,	672	.Dq no ,
672	root is not allowed to log in.	673	root is not allowed to log in.
		674	.It Cm PermitTempHomedir
		675	Specifies whether clients can request a temp homedir on the server.
		676	The default is
		677	.Dq no
673	.It Cm PermitTunnel	678	.It Cm PermitTunnel
674	Specifies whether	679	Specifies whether
675	.Xr tun 4	680	.Xr tun 4

Return to bug 1442

Lines 147-152 Link Here

(-)session.c (-1 / +53 lines)
147		147
148	static int is_child = 0;	148	static int is_child = 0;
149		149
		150	/* tmp homedir handler */
		151	static char *tmp_home_dir = NULL;
		152
		153	int
		154	tmp_homedir_req(struct passwd *pw)
		155	{
		156	temporarily_use_uid(pw);
		157	tmp_home_dir = xmalloc(MAXPATHLEN);
		158	strlcpy(tmp_home_dir, "/tmp/ssh-tmphome-XXXXXXXXXX", MAXPATHLEN);
		159
		160	if (mkdtemp(tmp_home_dir) == NULL) {
		161	packet_send_debug("Temp homedir request failed: "
		162	"mkdtemp() failed: %.100s", strerror(errno));
		163	restore_uid();
		164	xfree(tmp_home_dir);
		165	tmp_home_dir = NULL;
		166	return 0;
		167	} else {
		168	if (chmod(tmp_home_dir, (mode_t) 0500) < 0 )
		169	packet_send_debug("chmod %.100s 0500 failed: %.100s",
		170	tmp_home_dir, strerror(errno));
		171	pw->pw_dir = tmp_home_dir;
		172	restore_uid();
		173	return 1;
		174	}
		175	}
		176
		177	static void
		178	tmp_homedir_cleanup(struct passwd *pw)
		179	{
		180	if (tmp_home_dir != NULL) {
		181	temporarily_use_uid(pw);
		182	if (rmdir(tmp_home_dir) != 0)
		183	debug("Cleanup of tmp homedir: %.100s failed: "
		184	"rmdir() failed: %.100s", tmp_home_dir, strerror(errno));
		185	xfree(tmp_home_dir);
		186	tmp_home_dir = NULL;
		187	restore_uid();
		188	}
		189	}
		190
150	/* Name and directory of socket for authentication agent forwarding. */	191	/* Name and directory of socket for authentication agent forwarding. */
151	static char *auth_sock_name = NULL;	192	static char *auth_sock_name = NULL;
152	static char *auth_sock_dir = NULL;	193	static char *auth_sock_dir = NULL;
Lines 311-316 Link Here
311	success = session_pty_req(s);	352	success = session_pty_req(s);
312	break;	353	break;
313		354
		355	case SSH_CMSG_TMPHOMEDIR:
		356	success = tmp_homedir_req(s->pw);
		357	break;
		358
314	case SSH_CMSG_X11_REQUEST_FORWARDING:	359	case SSH_CMSG_X11_REQUEST_FORWARDING:
315	s->auth_proto = packet_get_string(&proto_len);	360	s->auth_proto = packet_get_string(&proto_len);
316	s->auth_data = packet_get_string(&data_len);	361	s->auth_data = packet_get_string(&data_len);
Lines 1049-1054 Link Here
1049	ssh_gssapi_do_child(&env, &envsize);	1094	ssh_gssapi_do_child(&env, &envsize);
1050	#endif	1095	#endif
1051		1096
		1097	if (tmp_home_dir) {
		1098	pw->pw_dir = tmp_home_dir;
		1099	debug("homedir: %s", pw->pw_dir);
		1100	}
		1101
1052	if (!options.use_login) {	1102	if (!options.use_login) {
1053	/* Set basic environment. */	1103	/* Set basic environment. */
1054	for (i = 0; i < s->num_env; i++)	1104	for (i = 0; i < s->num_env; i++)
Lines 1690-1696 Link Here
1690	}	1740	}
1691		1741
1692	if (!options.use_login)	1742	if (!options.use_login)
1693	do_rc_files(s, shell);	1743	if (!tmp_home_dir)
		1744	do_rc_files(s, shell);
1694		1745
1695	/* restore SIGPIPE for child */	1746	/* restore SIGPIPE for child */
1696	signal(SIGPIPE, SIG_DFL);	1747	signal(SIGPIPE, SIG_DFL);
Lines 2617-2622 Link Here
2617		2668
2618	/* remove agent socket */	2669	/* remove agent socket */
2619	auth_sock_cleanup_proc(authctxt->pw);	2670	auth_sock_cleanup_proc(authctxt->pw);
		2671	tmp_homedir_cleanup(authctxt->pw);
2620		2672
2621	/*	2673	/*
2622	* Cleanup ptys/utmp only if privsep is disabled,	2674	* Cleanup ptys/utmp only if privsep is disabled,