Bugzilla – Attachment 1457 Details for
Bug 1442
Feature request: Add ability to override $HOME with a temp location
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Temp homedir patch
openssh-temphomedir.diff (text/plain), 12.27 KB, created by
Niall Sheridan
on 2008-02-27 04:37:29 AEDT
(
hide
)
Description:
Temp homedir patch
Filename:
MIME Type:
Creator:
Niall Sheridan
Created:
2008-02-27 04:37:29 AEDT
Size:
12.27 KB
patch
obsolete
>Index: readconf.c >=================================================================== >RCS file: /cvs/openssh/readconf.c,v >retrieving revision 1.142 >diff -u -r1.142 readconf.c >--- readconf.c 10 Feb 2008 11:25:52 -0000 1.142 >+++ readconf.c 26 Feb 2008 15:59:12 -0000 >@@ -112,6 +112,7 @@ > oBadOption, > oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, > oExitOnForwardFailure, >+ oRequestTempHomedir, > oPasswordAuthentication, oRSAAuthentication, > oChallengeResponseAuthentication, oXAuthLocation, > oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, >@@ -143,6 +144,7 @@ > { "forwardx11", oForwardX11 }, > { "forwardx11trusted", oForwardX11Trusted }, > { "exitonforwardfailure", oExitOnForwardFailure }, >+ { "requesttemphomedir", oRequestTempHomedir }, > { "xauthlocation", oXAuthLocation }, > { "gatewayports", oGatewayPorts }, > { "useprivilegedport", oUsePrivilegedPort }, >@@ -402,6 +404,10 @@ > intptr = &options->exit_on_forward_failure; > goto parse_flag; > >+ case oRequestTempHomedir: >+ intptr = &options->request_temp_homedir; >+ goto parse_flag; >+ > case oUsePrivilegedPort: > intptr = &options->use_privileged_port; > goto parse_flag; >@@ -1003,6 +1009,7 @@ > options->forward_x11 = -1; > options->forward_x11_trusted = -1; > options->exit_on_forward_failure = -1; >+ options->request_temp_homedir = -1; > options->xauth_location = NULL; > options->gateway_ports = -1; > options->use_privileged_port = -1; >@@ -1085,6 +1092,8 @@ > options->forward_x11_trusted = 0; > if (options->exit_on_forward_failure == -1) > options->exit_on_forward_failure = 0; >+ if (options->request_temp_homedir == -1) >+ options->request_temp_homedir = 0; > if (options->xauth_location == NULL) > options->xauth_location = _PATH_XAUTH; > if (options->gateway_ports == -1) >Index: readconf.h >=================================================================== >RCS file: /cvs/openssh/readconf.h,v >retrieving revision 1.64 >diff -u -r1.64 readconf.h >--- readconf.h 10 Feb 2008 11:25:52 -0000 1.64 >+++ readconf.h 26 Feb 2008 15:59:12 -0000 >@@ -33,6 +33,7 @@ > int forward_x11; /* Forward X11 display. */ > int forward_x11_trusted; /* Trust Forward X11 display. */ > int exit_on_forward_failure; /* Exit if bind(2) fails for -L/-R */ >+ int request_temp_homedir; /* Override homedir with a temporary one */ > char *xauth_location; /* Location for xauth program */ > int gateway_ports; /* Allow remote connects to forwarded ports. */ > int use_privileged_port; /* Don't use privileged port if false. */ >Index: servconf.c >=================================================================== >RCS file: /cvs/openssh/servconf.c,v >retrieving revision 1.168 >diff -u -r1.168 servconf.c >--- servconf.c 10 Feb 2008 11:48:55 -0000 1.168 >+++ servconf.c 26 Feb 2008 15:59:12 -0000 >@@ -71,6 +71,7 @@ > options->ignore_rhosts = -1; > options->ignore_user_known_hosts = -1; > options->print_motd = -1; >+ options->permit_temp_home = -1; > options->print_lastlog = -1; > options->x11_forwarding = -1; > options->x11_display_offset = -1; >@@ -167,6 +168,8 @@ > options->ignore_user_known_hosts = 0; > if (options->print_motd == -1) > options->print_motd = 1; >+ if (options->permit_temp_home == -1) >+ options->permit_temp_home = 0; > if (options->print_lastlog == -1) > options->print_lastlog = 1; > if (options->x11_forwarding == -1) >@@ -280,7 +283,7 @@ > sKerberosTgtPassing, sChallengeResponseAuthentication, > sPasswordAuthentication, sKbdInteractiveAuthentication, > sListenAddress, sAddressFamily, >- sPrintMotd, sPrintLastLog, sIgnoreRhosts, >+ sPrintMotd, sPermitTempHome, sPrintLastLog, sIgnoreRhosts, > sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, > sStrictModes, sEmptyPasswd, sTCPKeepAlive, > sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, >@@ -364,6 +367,7 @@ > { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, > { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, > { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, >+ { "permittemphomedir", sPermitTempHome, SSHCFG_ALL }, > { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, > { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, > { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, >@@ -895,6 +899,10 @@ > intptr = &options->print_motd; > goto parse_flag; > >+ case sPermitTempHome: >+ intptr = &options->permit_temp_home; >+ goto parse_flag; >+ > case sPrintLastLog: > intptr = &options->print_lastlog; > goto parse_flag; >@@ -1366,6 +1374,7 @@ > M_CP_INTOPT(hostbased_authentication); > M_CP_INTOPT(kbd_interactive_authentication); > M_CP_INTOPT(permit_root_login); >+ M_CP_INTOPT(permit_temp_home); > > M_CP_INTOPT(allow_tcp_forwarding); > M_CP_INTOPT(gateway_ports); >Index: servconf.h >=================================================================== >RCS file: /cvs/openssh/servconf.h,v >retrieving revision 1.73 >diff -u -r1.73 servconf.h >--- servconf.h 10 Feb 2008 11:40:12 -0000 1.73 >+++ servconf.h 26 Feb 2008 15:59:12 -0000 >@@ -55,6 +55,7 @@ > int ignore_user_known_hosts; /* Ignore ~/.ssh/known_hosts > * for RhostsRsaAuth */ > int print_motd; /* If true, print /etc/motd. */ >+ int permit_temp_home; /* If true, allow client override HOME */ > int print_lastlog; /* If true, print lastlog */ > int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ > int x11_display_offset; /* What DISPLAY number to start >Index: serverloop.c >=================================================================== >RCS file: /cvs/openssh/serverloop.c,v >retrieving revision 1.153 >diff -u -r1.153 serverloop.c >--- serverloop.c 10 Feb 2008 11:27:47 -0000 1.153 >+++ serverloop.c 26 Feb 2008 15:59:13 -0000 >@@ -1136,6 +1136,11 @@ > success = channel_cancel_rport_listener(cancel_address, > cancel_port); > xfree(cancel_address); >+ } else if ((strcmp(rtype, "ssh-tmphomedir@openssh.com")) == 0) { >+ if (options.permit_temp_home) >+ success = tmp_homedir_req(the_authctxt->pw); >+ else >+ packet_send_debug("Server has disabled temp homedirs."); > } > if (want_reply) { > packet_start(success ? >Index: session.c >=================================================================== >RCS file: /cvs/openssh/session.c,v >retrieving revision 1.359 >diff -u -r1.359 session.c >--- session.c 10 Feb 2008 11:48:55 -0000 1.359 >+++ session.c 26 Feb 2008 15:59:13 -0000 >@@ -147,6 +147,47 @@ > > static int is_child = 0; > >+/* tmp homedir handler */ >+static char *tmp_home_dir = NULL; >+ >+int >+tmp_homedir_req(struct passwd *pw) >+{ >+ temporarily_use_uid(pw); >+ tmp_home_dir = xmalloc(MAXPATHLEN); >+ strlcpy(tmp_home_dir, "/tmp/ssh-tmphome-XXXXXXXXXX", MAXPATHLEN); >+ >+ if (mkdtemp(tmp_home_dir) == NULL) { >+ packet_send_debug("Temp homedir request failed: " >+ "mkdtemp() failed: %.100s", strerror(errno)); >+ restore_uid(); >+ xfree(tmp_home_dir); >+ tmp_home_dir = NULL; >+ return 0; >+ } else { >+ if (chmod(tmp_home_dir, (mode_t) 0500) < 0 ) >+ packet_send_debug("chmod %.100s 0500 failed: %.100s", >+ tmp_home_dir, strerror(errno)); >+ pw->pw_dir = tmp_home_dir; >+ restore_uid(); >+ return 1; >+ } >+} >+ >+static void >+tmp_homedir_cleanup(struct passwd *pw) >+{ >+ if (tmp_home_dir != NULL) { >+ temporarily_use_uid(pw); >+ if (rmdir(tmp_home_dir) != 0) >+ debug("Cleanup of tmp homedir: %.100s failed: " >+ "rmdir() failed: %.100s", tmp_home_dir, strerror(errno)); >+ xfree(tmp_home_dir); >+ tmp_home_dir = NULL; >+ restore_uid(); >+ } >+} >+ > /* Name and directory of socket for authentication agent forwarding. */ > static char *auth_sock_name = NULL; > static char *auth_sock_dir = NULL; >@@ -311,6 +352,10 @@ > success = session_pty_req(s); > break; > >+ case SSH_CMSG_TMPHOMEDIR: >+ success = tmp_homedir_req(s->pw); >+ break; >+ > case SSH_CMSG_X11_REQUEST_FORWARDING: > s->auth_proto = packet_get_string(&proto_len); > s->auth_data = packet_get_string(&data_len); >@@ -1049,6 +1094,11 @@ > ssh_gssapi_do_child(&env, &envsize); > #endif > >+ if (tmp_home_dir) { >+ pw->pw_dir = tmp_home_dir; >+ debug("homedir: %s", pw->pw_dir); >+ } >+ > if (!options.use_login) { > /* Set basic environment. */ > for (i = 0; i < s->num_env; i++) >@@ -1690,7 +1740,8 @@ > } > > if (!options.use_login) >- do_rc_files(s, shell); >+ if (!tmp_home_dir) >+ do_rc_files(s, shell); > > /* restore SIGPIPE for child */ > signal(SIGPIPE, SIG_DFL); >@@ -2617,6 +2668,7 @@ > > /* remove agent socket */ > auth_sock_cleanup_proc(authctxt->pw); >+ tmp_homedir_cleanup(authctxt->pw); > > /* > * Cleanup ptys/utmp only if privsep is disabled, >Index: session.h >=================================================================== >RCS file: /cvs/openssh/session.h,v >retrieving revision 1.33 >diff -u -r1.33 session.h >--- session.h 5 Aug 2006 02:39:40 -0000 1.33 >+++ session.h 26 Feb 2008 15:59:13 -0000 >@@ -78,4 +78,5 @@ > void child_set_env(char ***envp, u_int *envsizep, const char *name, > const char *value); > >+int tmp_homedir_req(struct passwd *); > #endif >Index: ssh.c >=================================================================== >RCS file: /cvs/openssh/ssh.c,v >retrieving revision 1.300 >diff -u -r1.300 ssh.c >--- ssh.c 10 Feb 2008 11:23:18 -0000 1.300 >+++ ssh.c 26 Feb 2008 15:59:13 -0000 >@@ -902,6 +902,18 @@ > char *cp; > const char *display; > >+ /* Protocol 1 homedir override */ >+ if (options.request_temp_homedir) { >+ packet_start(SSH_CMSG_TMPHOMEDIR); >+ packet_send(); >+ packet_write_wait(); >+ type = packet_read(); >+ if (type == SSH_SMSG_FAILURE) >+ logit("Warning: Remote host refused tmphomedir."); >+ else if (type != SSH_SMSG_SUCCESS) >+ packet_disconnect("Protocol error waiting for tmphomedir response."); >+ } >+ > /* Enable compression if requested. */ > if (options.compression) { > debug("Requesting compression at level %d.", options.compression_level); >@@ -1144,6 +1156,14 @@ > if (options.forward_agent) { > debug("Requesting authentication agent forwarding."); > channel_request_start(id, "auth-agent-req@openssh.com", 0); >+ packet_send(); >+ } >+ >+ if (options.request_temp_homedir) { >+ debug("Requesting temp homedir."); >+ packet_start(SSH2_MSG_GLOBAL_REQUEST); >+ packet_put_cstring("ssh-tmphomedir@openssh.com"); >+ packet_put_char(0); > packet_send(); > } > >Index: ssh1.h >=================================================================== >RCS file: /cvs/openssh/ssh1.h,v >retrieving revision 1.6 >diff -u -r1.6 ssh1.h >--- ssh1.h 26 Mar 2006 03:30:02 -0000 1.6 >+++ ssh1.h 26 Feb 2008 15:59:13 -0000 >@@ -68,6 +68,7 @@ > #define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ > #define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ > #define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ >+#define SSH_CMSG_TMPHOMEDIR 68 /* tmphomedir flag */ > > /* protocol version 1.5 overloads some version 1.3 message types */ > #define SSH_MSG_CHANNEL_INPUT_EOF SSH_MSG_CHANNEL_CLOSE >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/openssh/ssh_config.5,v >retrieving revision 1.105 >diff -u -r1.105 ssh_config.5 >--- ssh_config.5 2 Dec 2007 12:09:30 -0000 1.105 >+++ ssh_config.5 26 Feb 2008 15:59:13 -0000 >@@ -812,6 +812,10 @@ > .Cm GatewayPorts > option is enabled (see > .Xr sshd_config 5 ) . >+.It Cm RequestTempHomedir >+Specifies whether the server should override the user home directory with a temporary one. The server must support this option. >+The default is >+.Dq no . > .It Cm RhostsRSAAuthentication > Specifies whether to try rhosts based authentication with RSA host > authentication. >Index: sshd_config >=================================================================== >RCS file: /cvs/openssh/sshd_config,v >retrieving revision 1.79 >diff -u -r1.79 sshd_config >--- sshd_config 10 Feb 2008 11:40:12 -0000 1.79 >+++ sshd_config 26 Feb 2008 15:59:13 -0000 >@@ -102,6 +102,7 @@ > #PidFile /var/run/sshd.pid > #MaxStartups 10 > #PermitTunnel no >+#PermitTempHome no > #ChrootDirectory none > > # no default banner path >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/openssh/sshd_config.5,v >retrieving revision 1.88 >diff -u -r1.88 sshd_config.5 >--- sshd_config.5 10 Feb 2008 11:47:24 -0000 1.88 >+++ sshd_config.5 26 Feb 2008 15:59:13 -0000 >@@ -569,6 +569,7 @@ > .Cm PasswordAuthentication , > .Cm PermitOpen , > .Cm PermitRootLogin , >+.Cm PermitTempHomedir , > .Cm RhostsRSAAuthentication , > .Cm RSAAuthentication , > .Cm X11DisplayOffset , >@@ -670,6 +671,10 @@ > If this option is set to > .Dq no , > root is not allowed to log in. >+.It Cm PermitTempHomedir >+Specifies whether clients can request a temp homedir on the server. >+The default is >+.Dq no > .It Cm PermitTunnel > Specifies whether > .Xr tun 4
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1457">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
tylercashea33
:
ok+
Actions:
View
|
Diff
Attachments on
bug 1442
:
1457