diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2010-11-21 01:01:14 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2010-11-21 01:01:14 +0000 |
commit | d920e81f8b61240b4c4500a543ed992904bd455f (patch) | |
tree | 211b9cd50c4cb35dc9632d329cb7f552c40fdbae /usr.bin/ssh | |
parent | 187945920f2a2ebfaf65ab8fc74d156249fba822 (diff) |
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/clientloop.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/misc.c | 19 | ||||
-rw-r--r-- | usr.bin/ssh/misc.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-agent.1 | 8 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 4 |
5 files changed, 28 insertions, 10 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index ee12c8f0444..c1dea5364bc 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.224 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.225 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -317,7 +317,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, if (trusted == 0) { xauthdir = xmalloc(MAXPATHLEN); xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); + mktemp_proto(xauthdir, MAXPATHLEN); if (mkdtemp(xauthdir) != NULL) { do_unlink = 1; snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index fadf839517d..ae096cb5bda 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.83 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.84 2010/11/21 01:01:13 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -896,6 +896,23 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) gettimeofday(&bw->bwstart, NULL); } +/* Make a template filename for mk[sd]temp() */ +void +mktemp_proto(char *s, size_t len) +{ + const char *tmpdir; + int r; + + if ((tmpdir = getenv("TMPDIR")) != NULL) { + r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); + if (r > 0 && (size_t)r < len) + return; + } + r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); + if (r < 0 || (size_t)r >= len) + fatal("%s: template string too short", __func__); +} + static const struct { const char *name; int value; diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index 4571d9bf4b7..5827d3612dc 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.46 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.47 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -88,6 +88,7 @@ void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); void bandwidth_limit(struct bwlimit *, size_t); int parse_ipqos(const char *); +void mktemp_proto(char *, size_t); /* readpass.c */ diff --git a/usr.bin/ssh/ssh-agent.1 b/usr.bin/ssh/ssh-agent.1 index 134b93ae91f..bb801c902a9 100644 --- a/usr.bin/ssh/ssh-agent.1 +++ b/usr.bin/ssh/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.52 2010/08/31 17:40:54 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.53 2010/11/21 01:01:13 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2010 $ +.Dd $Mdocdate: November 21 2010 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -72,7 +72,7 @@ Bind the agent to the socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . +.Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . .It Fl c Generate C-shell commands on .Dv stdout . @@ -192,7 +192,7 @@ Contains the protocol version 2 DSA authentication identity of the user. Contains the protocol version 2 ECDSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt +.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .Ux Ns -domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 8b49b418ebb..4768c9c3cc2 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.170 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1199,7 +1199,7 @@ main(int ac, char **av) if (agentsocket == NULL) { /* Create private directory for agent socket */ - strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); + mktemp_proto(socket_dir, sizeof(socket_dir)); if (mkdtemp(socket_dir) == NULL) { perror("mkdtemp: private socket dir"); exit(1); |