mirror of git://anongit.mindrot.org/openssh.git
- markus@cvs.openbsd.org 2001/06/04 21:59:43
[channels.c channels.h session.c] switch uid when cleaning up tmp files and sockets; reported by zen-parse@gmx.net on bugtraq
This commit is contained in:
parent
742e89ec5d
commit
983c098311
|
@ -35,6 +35,10 @@
|
|||
the challenge response device decides how to handle non-existing
|
||||
users.
|
||||
-> fake challenges for skey and cryptocard
|
||||
- markus@cvs.openbsd.org 2001/06/04 21:59:43
|
||||
[channels.c channels.h session.c]
|
||||
switch uid when cleaning up tmp files and sockets; reported by
|
||||
zen-parse@gmx.net on bugtraq
|
||||
|
||||
20010606
|
||||
- OpenBSD CVS Sync
|
||||
|
@ -5546,4 +5550,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1257 2001/06/09 01:17:23 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1258 2001/06/09 01:20:06 mouring Exp $
|
||||
|
|
12
channels.c
12
channels.c
|
@ -40,7 +40,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.122 2001/06/03 14:55:38 markus Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.123 2001/06/04 21:59:42 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -2777,12 +2777,16 @@ auth_get_socket_name()
|
|||
/* removes the agent forwarding socket */
|
||||
|
||||
void
|
||||
auth_sock_cleanup_proc(void *ignored)
|
||||
auth_sock_cleanup_proc(void *_pw)
|
||||
{
|
||||
struct passwd *pw = _pw;
|
||||
|
||||
if (auth_sock_name) {
|
||||
temporarily_use_uid(pw);
|
||||
unlink(auth_sock_name);
|
||||
rmdir(auth_sock_dir);
|
||||
auth_sock_name = NULL;
|
||||
restore_uid();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2826,7 +2830,7 @@ auth_input_request_forwarding(struct passwd * pw)
|
|||
auth_sock_dir, (int) getpid());
|
||||
|
||||
/* delete agent socket on fatal() */
|
||||
fatal_add_cleanup(auth_sock_cleanup_proc, NULL);
|
||||
fatal_add_cleanup(auth_sock_cleanup_proc, pw);
|
||||
|
||||
/* Create the socket. */
|
||||
sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
|
@ -2856,7 +2860,7 @@ auth_input_request_forwarding(struct passwd * pw)
|
|||
0, xstrdup("auth socket"), 1);
|
||||
if (nc == NULL) {
|
||||
error("auth_input_request_forwarding: channel_new failed");
|
||||
auth_sock_cleanup_proc(NULL);
|
||||
auth_sock_cleanup_proc(pw);
|
||||
close(sock);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
/* RCSID("$OpenBSD: channels.h,v 1.36 2001/06/03 14:55:39 markus Exp $"); */
|
||||
/* RCSID("$OpenBSD: channels.h,v 1.37 2001/06/04 21:59:42 markus Exp $"); */
|
||||
|
||||
#ifndef CHANNEL_H
|
||||
#define CHANNEL_H
|
||||
|
@ -223,7 +223,7 @@ void deny_input_open(int type, int plen, void *ctxt);
|
|||
|
||||
void auth_request_forwarding(void);
|
||||
char *auth_get_socket_name(void);
|
||||
void auth_sock_cleanup_proc(void *ignored);
|
||||
void auth_sock_cleanup_proc(void *pw);
|
||||
int auth_input_request_forwarding(struct passwd * pw);
|
||||
void auth_input_open_request(int type, int plen, void *ctxt);
|
||||
|
||||
|
|
21
session.c
21
session.c
|
@ -33,7 +33,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.79 2001/06/03 14:55:39 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.80 2001/06/04 21:59:43 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -132,7 +132,7 @@ void do_pre_login(Session *s);
|
|||
void do_child(Session *s, const char *command);
|
||||
void do_motd(void);
|
||||
int check_quietlogin(Session *s, const char *command);
|
||||
void xauthfile_cleanup_proc(void *ignore);
|
||||
void xauthfile_cleanup_proc(void *pw);
|
||||
|
||||
void do_authenticated1(Authctxt *authctxt);
|
||||
void do_authenticated2(Authctxt *authctxt);
|
||||
|
@ -200,21 +200,23 @@ do_authenticated(Authctxt *authctxt)
|
|||
|
||||
/* remote user's local Xauthority file and agent socket */
|
||||
if (xauthfile)
|
||||
xauthfile_cleanup_proc(NULL);
|
||||
xauthfile_cleanup_proc(authctxt->pw);
|
||||
if (auth_get_socket_name())
|
||||
auth_sock_cleanup_proc(NULL);
|
||||
auth_sock_cleanup_proc(authctxt->pw);
|
||||
}
|
||||
|
||||
/*
|
||||
* Remove local Xauthority file.
|
||||
*/
|
||||
void
|
||||
xauthfile_cleanup_proc(void *ignore)
|
||||
xauthfile_cleanup_proc(void *_pw)
|
||||
{
|
||||
debug("xauthfile_cleanup_proc called");
|
||||
struct passwd *pw = _pw;
|
||||
char *p;
|
||||
|
||||
debug("xauthfile_cleanup_proc called");
|
||||
if (xauthfile != NULL) {
|
||||
char *p;
|
||||
temporarily_use_uid(pw);
|
||||
unlink(xauthfile);
|
||||
p = strrchr(xauthfile, '/');
|
||||
if (p != NULL) {
|
||||
|
@ -223,6 +225,7 @@ xauthfile_cleanup_proc(void *ignore)
|
|||
}
|
||||
xfree(xauthfile);
|
||||
xauthfile = NULL;
|
||||
restore_uid();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -399,7 +402,7 @@ do_authenticated1(Authctxt *authctxt)
|
|||
if (fd >= 0)
|
||||
close(fd);
|
||||
restore_uid();
|
||||
fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
|
||||
fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
|
||||
success = 1;
|
||||
break;
|
||||
|
||||
|
@ -1811,7 +1814,7 @@ session_x11_req(Session *s)
|
|||
if (fd >= 0)
|
||||
close(fd);
|
||||
restore_uid();
|
||||
fatal_add_cleanup(xauthfile_cleanup_proc, s);
|
||||
fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue