mirror of
https://github.com/opnsense/src.git
synced 2026-04-21 14:17:06 -04:00
Import vendor patch originally submitted by the below author: don't
treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com>
This commit is contained in:
Kris Kennaway
parent
830ccf58ce
commit
fcee55a281
3 changed files with 48 additions and 38 deletions
|
|
@ -17,7 +17,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: channels.c,v 1.57 2000/05/08 17:42:24 markus Exp $");
|
||||
RCSID("$Id: channels.c,v 1.59 2000/05/30 17:23:36 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "packet.h"
|
||||
|
|
@ -147,23 +147,6 @@ channel_lookup(int id)
|
|||
return c;
|
||||
}
|
||||
|
||||
void
|
||||
set_nonblock(int fd)
|
||||
{
|
||||
int val;
|
||||
val = fcntl(fd, F_GETFL, 0);
|
||||
if (val < 0) {
|
||||
error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
|
||||
return;
|
||||
}
|
||||
if (val & O_NONBLOCK)
|
||||
return;
|
||||
debug("fd %d setting O_NONBLOCK", fd);
|
||||
val |= O_NONBLOCK;
|
||||
if (fcntl(fd, F_SETFL, val) == -1)
|
||||
error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
|
||||
}
|
||||
|
||||
/*
|
||||
* Register filedescriptors for a channel, used when allocating a channel or
|
||||
* when the channel consumer/producer is ready, e.g. shell exec'd
|
||||
|
|
@ -2074,11 +2057,11 @@ cleanup_socket(void)
|
|||
}
|
||||
|
||||
/*
|
||||
* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
|
||||
* This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
|
||||
* This starts forwarding authentication requests.
|
||||
*/
|
||||
|
||||
void
|
||||
int
|
||||
auth_input_request_forwarding(struct passwd * pw)
|
||||
{
|
||||
int sock, newch;
|
||||
|
|
@ -2096,8 +2079,16 @@ auth_input_request_forwarding(struct passwd * pw)
|
|||
strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME);
|
||||
|
||||
/* Create private directory for socket */
|
||||
if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL)
|
||||
packet_disconnect("mkdtemp: %.100s", strerror(errno));
|
||||
if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) {
|
||||
packet_send_debug("Agent forwarding disabled: mkdtemp() failed: %.100s",
|
||||
strerror(errno));
|
||||
restore_uid();
|
||||
xfree(channel_forwarded_auth_socket_name);
|
||||
xfree(channel_forwarded_auth_socket_dir);
|
||||
channel_forwarded_auth_socket_name = NULL;
|
||||
channel_forwarded_auth_socket_dir = NULL;
|
||||
return 0;
|
||||
}
|
||||
snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
|
||||
channel_forwarded_auth_socket_dir, (int) getpid());
|
||||
|
||||
|
|
@ -2132,6 +2123,7 @@ auth_input_request_forwarding(struct passwd * pw)
|
|||
xstrdup("auth socket"));
|
||||
strlcpy(channels[newch].path, channel_forwarded_auth_socket_name,
|
||||
sizeof(channels[newch].path));
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* RCSID("$Id: channels.h,v 1.12 2000/05/03 18:03:06 markus Exp $"); */
|
||||
/* RCSID("$Id: channels.h,v 1.13 2000/05/30 17:23:37 markus Exp $"); */
|
||||
|
||||
#ifndef CHANNELS_H
|
||||
#define CHANNELS_H
|
||||
|
|
@ -222,10 +222,10 @@ void auth_request_forwarding(void);
|
|||
char *auth_get_socket_name(void);
|
||||
|
||||
/*
|
||||
* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
|
||||
* This is called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
|
||||
* This starts forwarding authentication requests.
|
||||
*/
|
||||
void auth_input_request_forwarding(struct passwd * pw);
|
||||
int auth_input_request_forwarding(struct passwd * pw);
|
||||
|
||||
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
|
||||
void auth_input_open_request(int type, int plen);
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
|
|
@ -300,8 +300,7 @@ do_authenticated(struct passwd * pw)
|
|||
break;
|
||||
}
|
||||
debug("Received authentication agent forwarding request.");
|
||||
auth_input_request_forwarding(pw);
|
||||
success = 1;
|
||||
success = auth_input_request_forwarding(pw);
|
||||
break;
|
||||
|
||||
case SSH_CMSG_PORT_FORWARD_REQUEST:
|
||||
|
|
@ -613,7 +612,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
|
|||
}
|
||||
}
|
||||
/* Do common processing for the child, such as execing the command. */
|
||||
do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
|
||||
do_child(command, pw, s->term, s->display, s->auth_proto,
|
||||
s->auth_data, s->tty);
|
||||
/* NOTREACHED */
|
||||
}
|
||||
if (pid < 0)
|
||||
|
|
@ -717,7 +717,10 @@ read_environment_file(char ***env, unsigned int *envsize,
|
|||
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
|
||||
continue;
|
||||
}
|
||||
/* Replace the equals sign by nul, and advance value to the value string. */
|
||||
/*
|
||||
* Replace the equals sign by nul, and advance value to
|
||||
* the value string.
|
||||
*/
|
||||
*value = '\0';
|
||||
value++;
|
||||
child_set_env(env, envsize, cp, value);
|
||||
|
|
@ -862,7 +865,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
|
|||
|
||||
/* read $HOME/.ssh/environment. */
|
||||
if (!options.use_login) {
|
||||
snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
|
||||
snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
|
||||
pw->pw_dir);
|
||||
read_environment_file(&env, &envsize, buf);
|
||||
}
|
||||
if (debug_flag) {
|
||||
|
|
@ -949,16 +953,29 @@ do_child(const char *command, struct passwd * pw, const char *term,
|
|||
else {
|
||||
/* Add authority data to .Xauthority if appropriate. */
|
||||
if (auth_proto != NULL && auth_data != NULL) {
|
||||
if (debug_flag)
|
||||
fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
|
||||
XAUTH_PATH, display, auth_proto, auth_data);
|
||||
|
||||
char *screen = strchr(display, ':');
|
||||
if (debug_flag) {
|
||||
fprintf(stderr,
|
||||
"Running %.100s add %.100s %.100s %.100s\n",
|
||||
XAUTH_PATH, display, auth_proto, auth_data);
|
||||
if (screen != NULL)
|
||||
fprintf(stderr,
|
||||
"Adding %.*s/unix%s %s %s\n",
|
||||
screen-display, display,
|
||||
screen, auth_proto, auth_data);
|
||||
}
|
||||
f = popen(XAUTH_PATH " -q -", "w");
|
||||
if (f) {
|
||||
fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
|
||||
fprintf(f, "add %s %s %s\n", display,
|
||||
auth_proto, auth_data);
|
||||
if (screen != NULL)
|
||||
fprintf(f, "add %.*s/unix%s %s %s\n",
|
||||
screen-display, display,
|
||||
screen, auth_proto, auth_data);
|
||||
pclose(f);
|
||||
} else
|
||||
fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
|
||||
fprintf(stderr, "Could not run %s -q -\n",
|
||||
XAUTH_PATH);
|
||||
}
|
||||
}
|
||||
#endif /* XAUTH_PATH */
|
||||
|
|
@ -988,7 +1005,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
|
|||
struct stat mailstat;
|
||||
mailbox = getenv("MAIL");
|
||||
if (mailbox != NULL) {
|
||||
if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
|
||||
if (stat(mailbox, &mailstat) != 0 ||
|
||||
mailstat.st_size == 0)
|
||||
printf("No mail.\n");
|
||||
else if (mailstat.st_mtime < mailstat.st_atime)
|
||||
printf("You have mail.\n");
|
||||
|
|
|
|||
Loading…
Reference in a new issue