|
Lines 63-68
Link Here
|
| 63 |
#include <unistd.h> |
63 |
#include <unistd.h> |
| 64 |
#include <limits.h> |
64 |
#include <limits.h> |
| 65 |
|
65 |
|
|
|
66 |
#ifdef PER_SESSION_XAUTHFILE |
| 67 |
#include <libgen.h> |
| 68 |
#endif |
| 69 |
|
| 66 |
#include "openbsd-compat/sys-queue.h" |
70 |
#include "openbsd-compat/sys-queue.h" |
| 67 |
#include "xmalloc.h" |
71 |
#include "xmalloc.h" |
| 68 |
#include "ssh.h" |
72 |
#include "ssh.h" |
|
Lines 133-138
Link Here
|
| 133 |
|
137 |
|
| 134 |
static int session_pty_req(Session *); |
138 |
static int session_pty_req(Session *); |
| 135 |
|
139 |
|
|
|
140 |
#ifdef PER_SESSION_XAUTHFILE |
| 141 |
void session_xauthfile_cleanup(Session *); |
| 142 |
void cleanup_all_session_xauthfile(); |
| 143 |
#endif |
| 144 |
|
| 136 |
/* import */ |
145 |
/* import */ |
| 137 |
extern ServerOptions options; |
146 |
extern ServerOptions options; |
| 138 |
extern char *__progname; |
147 |
extern char *__progname; |
|
Lines 1242-1247
Link Here
|
| 1242 |
if (getenv("TZ")) |
1251 |
if (getenv("TZ")) |
| 1243 |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
1252 |
child_set_env(&env, &envsize, "TZ", getenv("TZ")); |
| 1244 |
|
1253 |
|
|
|
1254 |
#ifdef PER_SESSION_XAUTHFILE |
| 1255 |
if (s->auth_file != NULL) |
| 1256 |
child_set_env(&env, &envsize, "XAUTHORITY", s->auth_file); |
| 1257 |
#endif |
| 1258 |
|
| 1245 |
/* Set custom environment options from RSA authentication. */ |
1259 |
/* Set custom environment options from RSA authentication. */ |
| 1246 |
if (!options.use_login) { |
1260 |
if (!options.use_login) { |
| 1247 |
while (custom_environment) { |
1261 |
while (custom_environment) { |
|
Lines 2189-2194
Link Here
|
| 2189 |
{ |
2203 |
{ |
| 2190 |
int success; |
2204 |
int success; |
| 2191 |
|
2205 |
|
|
|
2206 |
#ifdef PER_SESSION_XAUTHFILE |
| 2207 |
int fd; |
| 2208 |
char xauthdir[] = "/tmp/ssh-xauth-XXXXXX"; |
| 2209 |
#endif |
| 2210 |
|
| 2192 |
if (s->auth_proto != NULL || s->auth_data != NULL) { |
2211 |
if (s->auth_proto != NULL || s->auth_data != NULL) { |
| 2193 |
error("session_x11_req: session %d: " |
2212 |
error("session_x11_req: session %d: " |
| 2194 |
"x11 forwarding already active", s->self); |
2213 |
"x11 forwarding already active", s->self); |
|
Lines 2213-2218
Link Here
|
| 2213 |
s->auth_proto = NULL; |
2232 |
s->auth_proto = NULL; |
| 2214 |
s->auth_data = NULL; |
2233 |
s->auth_data = NULL; |
| 2215 |
} |
2234 |
} |
|
|
2235 |
|
| 2236 |
#ifdef PER_SESSION_XAUTHFILE |
| 2237 |
/* |
| 2238 |
* Create per session X authority file in the /tmp directory. |
| 2239 |
* |
| 2240 |
* If mkdtemp() or open() fails then s->auth_file remains NULL which |
| 2241 |
* means that we won't set XAUTHORITY variable in child's environment |
| 2242 |
* and xauth(1) will use the default location for the authority file. |
| 2243 |
*/ |
| 2244 |
temporarily_use_uid(s->pw); |
| 2245 |
if (mkdtemp(xauthdir) != NULL) { |
| 2246 |
s->auth_file = xmalloc(MAXPATHLEN); |
| 2247 |
snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile", |
| 2248 |
xauthdir); |
| 2249 |
/* |
| 2250 |
* we don't want that "creating new authority file" message to |
| 2251 |
* be printed by xauth(1) so we must create that file |
| 2252 |
* beforehand. |
| 2253 |
*/ |
| 2254 |
if ((fd = open(s->auth_file, O_CREAT | O_EXCL | O_RDONLY, |
| 2255 |
S_IRUSR | S_IWUSR)) == -1) { |
| 2256 |
error("failed to create the temporary X authority " |
| 2257 |
"file %s: %.100s; will use the default one", |
| 2258 |
s->auth_file, strerror(errno)); |
| 2259 |
free(s->auth_file); |
| 2260 |
s->auth_file = NULL; |
| 2261 |
if (rmdir(xauthdir) == -1) { |
| 2262 |
error("cannot remove xauth directory " |
| 2263 |
"%s: %.100s", xauthdir, strerror(errno)); |
| 2264 |
} |
| 2265 |
} else { |
| 2266 |
close(fd); |
| 2267 |
debug("temporary X authority file %s created", |
| 2268 |
s->auth_file); |
| 2269 |
debug("session number = %d", s->self); |
| 2270 |
} |
| 2271 |
} |
| 2272 |
else { |
| 2273 |
error("failed to create a directory for the temporary X " |
| 2274 |
"authority file: %.100s; will use the default xauth file", |
| 2275 |
strerror(errno)); |
| 2276 |
} |
| 2277 |
restore_uid(); |
| 2278 |
#endif |
| 2216 |
return success; |
2279 |
return success; |
| 2217 |
} |
2280 |
} |
| 2218 |
|
2281 |
|
|
Lines 2403-2408
Link Here
|
| 2403 |
PRIVSEP(session_pty_cleanup2(s)); |
2466 |
PRIVSEP(session_pty_cleanup2(s)); |
| 2404 |
} |
2467 |
} |
| 2405 |
|
2468 |
|
|
|
2469 |
#ifdef PER_SESSION_XAUTHFILE |
| 2470 |
/* |
| 2471 |
* We use a different temporary X authority file per session so we should |
| 2472 |
* remove those files when cleanup_exit() is called. |
| 2473 |
*/ |
| 2474 |
void |
| 2475 |
session_xauthfile_cleanup(Session *s) |
| 2476 |
{ |
| 2477 |
if (s == NULL || s->auth_file == NULL) { |
| 2478 |
return; |
| 2479 |
} |
| 2480 |
|
| 2481 |
debug("session_xauthfile_cleanup: session %d removing %s", s->self, |
| 2482 |
s->auth_file); |
| 2483 |
|
| 2484 |
if (unlink(s->auth_file) == -1) { |
| 2485 |
error("session_xauthfile_cleanup: cannot remove xauth file: " |
| 2486 |
"%.100s", strerror(errno)); |
| 2487 |
return; |
| 2488 |
} |
| 2489 |
|
| 2490 |
/* dirname() will modify s->auth_file but that's ok */ |
| 2491 |
if (rmdir(dirname(s->auth_file)) == -1) { |
| 2492 |
error("session_xauthfile_cleanup: " |
| 2493 |
"cannot remove xauth directory: %.100s", strerror(errno)); |
| 2494 |
return; |
| 2495 |
} |
| 2496 |
free(s->auth_file); |
| 2497 |
s->auth_file = NULL; |
| 2498 |
} |
| 2499 |
|
| 2500 |
/* |
| 2501 |
* This is called by do_cleanup() when cleanup_exit() is called. |
| 2502 |
*/ |
| 2503 |
void |
| 2504 |
cleanup_all_session_xauthfile() |
| 2505 |
{ |
| 2506 |
int i; |
| 2507 |
for (i = 0; i < sessions_nalloc; i++) { |
| 2508 |
session_xauthfile_cleanup(&sessions[i]); |
| 2509 |
} |
| 2510 |
} |
| 2511 |
#endif /* PER_SESSION_XAUTHFILE */ |
| 2512 |
|
| 2406 |
static char * |
2513 |
static char * |
| 2407 |
sig2name(int sig) |
2514 |
sig2name(int sig) |
| 2408 |
{ |
2515 |
{ |
|
Lines 2542-2547
Link Here
|
| 2542 |
free(s->auth_display); |
2649 |
free(s->auth_display); |
| 2543 |
free(s->auth_data); |
2650 |
free(s->auth_data); |
| 2544 |
free(s->auth_proto); |
2651 |
free(s->auth_proto); |
|
|
2652 |
#ifdef PER_SESSION_XAUTHFILE |
| 2653 |
session_xauthfile_cleanup(s); |
| 2654 |
#endif |
| 2545 |
free(s->subsys); |
2655 |
free(s->subsys); |
| 2546 |
if (s->env != NULL) { |
2656 |
if (s->env != NULL) { |
| 2547 |
for (i = 0; i < s->num_env; i++) { |
2657 |
for (i = 0; i < s->num_env; i++) { |
|
Lines 2793-2798
Link Here
|
| 2793 |
/* remove agent socket */ |
2903 |
/* remove agent socket */ |
| 2794 |
auth_sock_cleanup_proc(authctxt->pw); |
2904 |
auth_sock_cleanup_proc(authctxt->pw); |
| 2795 |
|
2905 |
|
|
|
2906 |
#ifdef PER_SESSION_XAUTHFILE |
| 2907 |
cleanup_all_session_xauthfile(); |
| 2908 |
#endif |
| 2909 |
|
| 2796 |
/* |
2910 |
/* |
| 2797 |
* Cleanup ptys/utmp only if privsep is disabled, |
2911 |
* Cleanup ptys/utmp only if privsep is disabled, |
| 2798 |
* or if running in monitor. |
2912 |
* or if running in monitor. |