diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2017-01-04 05:37:41 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2017-01-04 05:37:41 +0000 |
commit | ac1f25ffef1e2e29a69a62a241f0f0ba5cf81191 (patch) | |
tree | 6b8e6b2de21405a631cc95fc3cfc8ac7595aafe9 /usr.bin/ssh | |
parent | beab8c69754e88c96fcb84ede811a67bad31ce62 (diff) |
unbreak Unix domain socket forwarding for root; ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/serverloop.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 3c413e5bb10..87130fe5943 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.189 2016/12/14 00:36:34 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.190 2017/01/04 05:37:40 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -461,6 +461,10 @@ server_request_direct_streamlocal(void) Channel *c = NULL; char *target, *originator; u_short originator_port; + struct passwd *pw = the_authctxt->pw; + + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); target = packet_get_string(NULL); originator = packet_get_string(NULL); @@ -473,7 +477,7 @@ server_request_direct_streamlocal(void) /* XXX fine grained permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding && - use_privsep) { + (pw->pw_uid == 0 || use_privsep)) { c = channel_connect_to_path(target, "direct-streamlocal@openssh.com", "direct-streamlocal"); } else { @@ -690,6 +694,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) int want_reply; int r, success = 0, allocated_listen_port = 0; struct sshbuf *resp = NULL; + struct passwd *pw = the_authctxt->pw; + + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); rtype = packet_get_string(NULL); want_reply = packet_get_char(); @@ -697,12 +705,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* -R style forwarding */ if (strcmp(rtype, "tcpip-forward") == 0) { - struct passwd *pw; struct Forward fwd; - pw = the_authctxt->pw; - if (pw == NULL || !the_authctxt->valid) - fatal("server_input_global_request: no/invalid user"); memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); @@ -750,9 +754,10 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || options.disable_forwarding || - !use_privsep) { + (pw->pw_uid != 0 && !use_privsep)) { success = 0; - packet_send_debug("Server has disabled port forwarding."); + packet_send_debug("Server has disabled " + "streamlocal forwarding."); } else { /* Start listening on the socket */ success = channel_setup_remote_fwd_listener( |