|
Lines 62-67
Link Here
|
| 62 |
#include <unistd.h> |
62 |
#include <unistd.h> |
| 63 |
#include <limits.h> |
63 |
#include <limits.h> |
| 64 |
|
64 |
|
|
|
65 |
#ifdef PER_SESSION_XAUTHFILE |
| 66 |
#include <libgen.h> |
| 67 |
#endif |
| 68 |
|
| 65 |
#include "openbsd-compat/sys-queue.h" |
69 |
#include "openbsd-compat/sys-queue.h" |
| 66 |
#include "xmalloc.h" |
70 |
#include "xmalloc.h" |
| 67 |
#include "ssh.h" |
71 |
#include "ssh.h" |
|
Lines 132-137
Link Here
|
| 132 |
|
136 |
|
| 133 |
static int session_pty_req(Session *); |
137 |
static int session_pty_req(Session *); |
| 134 |
|
138 |
|
|
|
139 |
#ifdef PER_SESSION_XAUTHFILE |
| 140 |
void session_xauthfile_cleanup(Session *); |
| 141 |
void cleanup_all_session_xauthfile(); |
| 142 |
#endif |
| 143 |
|
| 135 |
/* import */ |
144 |
/* import */ |
| 136 |
extern ServerOptions options; |
145 |
extern ServerOptions options; |
| 137 |
extern char *__progname; |
146 |
extern char *__progname; |
|
Lines 1218-1223
Link Here
|
| 1218 |
if (getenv("TZ")) |
1227 |
if (getenv("TZ")) |
| 1219 |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
1228 |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
| 1220 |
|
1229 |
|
|
|
1230 |
#ifdef PER_SESSION_XAUTHFILE |
| 1231 |
if (s->auth_file != NULL) |
| 1232 |
child_set_env(&env, &envsize, "XAUTHORITY", s->auth_file); |
| 1233 |
#endif |
| 1234 |
|
| 1221 |
/* Set custom environment options from RSA authentication. */ |
1235 |
/* Set custom environment options from RSA authentication. */ |
| 1222 |
if (!options.use_login) { |
1236 |
if (!options.use_login) { |
| 1223 |
while (custom_environment) { |
1237 |
while (custom_environment) { |
|
Lines 2170-2175
Link Here
|
| 2170 |
{ |
2184 |
{ |
| 2171 |
int success; |
2185 |
int success; |
| 2172 |
|
2186 |
|
|
|
2187 |
#ifdef PER_SESSION_XAUTHFILE |
| 2188 |
int fd; |
| 2189 |
char xauthdir[] = "/tmp/ssh-xauth-XXXXXX"; |
| 2190 |
#endif |
| 2191 |
|
| 2173 |
if (s->auth_proto != NULL || s->auth_data != NULL) { |
2192 |
if (s->auth_proto != NULL || s->auth_data != NULL) { |
| 2174 |
error("session_x11_req: session %d: " |
2193 |
error("session_x11_req: session %d: " |
| 2175 |
"x11 forwarding already active", s->self); |
2194 |
"x11 forwarding already active", s->self); |
|
Lines 2188-2193
Link Here
|
| 2188 |
s->auth_proto = NULL; |
2207 |
s->auth_proto = NULL; |
| 2189 |
s->auth_data = NULL; |
2208 |
s->auth_data = NULL; |
| 2190 |
} |
2209 |
} |
|
|
2210 |
|
| 2211 |
#ifdef PER_SESSION_XAUTHFILE |
| 2212 |
/* |
| 2213 |
* Create per session X authority file in the /tmp directory. |
| 2214 |
* |
| 2215 |
* If mkdtemp() or open() fails then s->auth_file remains NULL which |
| 2216 |
* means that we won't set XAUTHORITY variable in child's environment |
| 2217 |
* and xauth(1) will use the default location for the authority file. |
| 2218 |
*/ |
| 2219 |
if (mkdtemp(xauthdir) != NULL) { |
| 2220 |
s->auth_file = xmalloc(MAXPATHLEN); |
| 2221 |
snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile", |
| 2222 |
xauthdir); |
| 2223 |
/* |
| 2224 |
* we don't want that "creating new authority file" message to |
| 2225 |
* be printed by xauth(1) so we must create that file |
| 2226 |
* beforehand. |
| 2227 |
*/ |
| 2228 |
if ((fd = open(s->auth_file, O_CREAT | O_EXCL | O_RDONLY, |
| 2229 |
S_IRUSR | S_IWUSR)) == -1) { |
| 2230 |
error("failed to create the temporary X authority " |
| 2231 |
"file %s: %.100s; will use the default one", |
| 2232 |
s->auth_file, strerror(errno)); |
| 2233 |
free(s->auth_file); |
| 2234 |
s->auth_file = NULL; |
| 2235 |
if (rmdir(xauthdir) == -1) { |
| 2236 |
error("cannot remove xauth directory " |
| 2237 |
"%s: %.100s", xauthdir, strerror(errno)); |
| 2238 |
} |
| 2239 |
} else { |
| 2240 |
close(fd); |
| 2241 |
debug("temporary X authority file %s created", |
| 2242 |
s->auth_file); |
| 2243 |
debug("session number = %d", s->self); |
| 2244 |
} |
| 2245 |
} |
| 2246 |
else { |
| 2247 |
error("failed to create a directory for the temporary X " |
| 2248 |
"authority file: %.100s; will use the default xauth file", |
| 2249 |
strerror(errno)); |
| 2250 |
} |
| 2251 |
#endif |
| 2191 |
return success; |
2252 |
return success; |
| 2192 |
} |
2253 |
} |
| 2193 |
|
2254 |
|
|
Lines 2378-2383
Link Here
|
| 2378 |
PRIVSEP(session_pty_cleanup2(s)); |
2439 |
PRIVSEP(session_pty_cleanup2(s)); |
| 2379 |
} |
2440 |
} |
| 2380 |
|
2441 |
|
|
|
2442 |
#ifdef PER_SESSION_XAUTHFILE |
| 2443 |
/* |
| 2444 |
* We use a different temporary X authority file per session so we should |
| 2445 |
* remove those files when cleanup_exit() is called. |
| 2446 |
*/ |
| 2447 |
void |
| 2448 |
session_xauthfile_cleanup(Session *s) |
| 2449 |
{ |
| 2450 |
if (s == NULL || s->auth_file == NULL) { |
| 2451 |
return; |
| 2452 |
} |
| 2453 |
|
| 2454 |
debug("session_xauthfile_cleanup: session %d removing %s", s->self, |
| 2455 |
s->auth_file); |
| 2456 |
|
| 2457 |
if (unlink(s->auth_file) == -1) { |
| 2458 |
error("session_xauthfile_cleanup: cannot remove xauth file: " |
| 2459 |
"%.100s", strerror(errno)); |
| 2460 |
return; |
| 2461 |
} |
| 2462 |
|
| 2463 |
/* dirname() will modify s->auth_file but that's ok */ |
| 2464 |
if (rmdir(dirname(s->auth_file)) == -1) { |
| 2465 |
error("session_xauthfile_cleanup: " |
| 2466 |
"cannot remove xauth directory: %.100s", strerror(errno)); |
| 2467 |
return; |
| 2468 |
} |
| 2469 |
free(s->auth_file); |
| 2470 |
s->auth_file = NULL; |
| 2471 |
} |
| 2472 |
|
| 2473 |
/* |
| 2474 |
* This is called by do_cleanup() when cleanup_exit() is called. |
| 2475 |
*/ |
| 2476 |
void |
| 2477 |
cleanup_all_session_xauthfile() |
| 2478 |
{ |
| 2479 |
int i; |
| 2480 |
for (i = 0; i < sessions_nalloc; i++) { |
| 2481 |
session_xauthfile_cleanup(&sessions[i]); |
| 2482 |
} |
| 2483 |
} |
| 2484 |
#endif |
| 2485 |
|
| 2381 |
static char * |
2486 |
static char * |
| 2382 |
sig2name(int sig) |
2487 |
sig2name(int sig) |
| 2383 |
{ |
2488 |
{ |
|
Lines 2512-2517
Link Here
|
| 2512 |
free(s->auth_display); |
2617 |
free(s->auth_display); |
| 2513 |
free(s->auth_data); |
2618 |
free(s->auth_data); |
| 2514 |
free(s->auth_proto); |
2619 |
free(s->auth_proto); |
|
|
2620 |
#ifdef PER_SESSION_XAUTHFILE |
| 2621 |
session_xauthfile_cleanup(s); |
| 2622 |
#endif |
| 2515 |
free(s->subsys); |
2623 |
free(s->subsys); |
| 2516 |
if (s->env != NULL) { |
2624 |
if (s->env != NULL) { |
| 2517 |
for (i = 0; i < s->num_env; i++) { |
2625 |
for (i = 0; i < s->num_env; i++) { |
|
Lines 2763-2768
Link Here
|
| 2763 |
/* remove agent socket */ |
2871 |
/* remove agent socket */ |
| 2764 |
auth_sock_cleanup_proc(authctxt->pw); |
2872 |
auth_sock_cleanup_proc(authctxt->pw); |
| 2765 |
|
2873 |
|
|
|
2874 |
#ifdef PER_SESSION_XAUTHFILE |
| 2875 |
cleanup_all_session_xauthfile(); |
| 2876 |
#endif |
| 2877 |
|
| 2766 |
/* |
2878 |
/* |
| 2767 |
* Cleanup ptys/utmp only if privsep is disabled, |
2879 |
* Cleanup ptys/utmp only if privsep is disabled, |
| 2768 |
* or if running in monitor. |
2880 |
* or if running in monitor. |