summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-06-12 21:21:30 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-06-12 21:21:30 +0000
commit67de2c5f3d2e3db3080a40757fefe2e1a6d5ccaa (patch)
tree4b73369d206a9547cc33b4898611b06124792f7d /usr.bin
parentd621f9b5d50aef543603942228660e2f23e1e031 (diff)
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/session.c57
1 files changed, 4 insertions, 53 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c
index 00d6f48f6de..a7f5cae8459 100644
--- a/usr.bin/ssh/session.c
+++ b/usr.bin/ssh/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.86 2001/06/12 16:10:38 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.87 2001/06/12 21:21:29 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -97,7 +97,6 @@ void do_login(Session *s, const char *command);
void do_child(Session *s, const char *command);
void do_motd(void);
int check_quietlogin(Session *s, const char *command);
-void xauthfile_cleanup_proc(void *pw);
void do_authenticated1(Authctxt *authctxt);
void do_authenticated2(Authctxt *authctxt);
@@ -111,9 +110,6 @@ extern u_int utmp_len;
extern int startup_pipe;
extern void destroy_sensitive_data(void);
-/* Local Xauthority file. */
-static char *xauthfile;
-
/* original command from peer. */
char *original_command = NULL;
@@ -158,38 +154,12 @@ do_authenticated(Authctxt *authctxt)
else
do_authenticated1(authctxt);
- /* remote user's local Xauthority file and agent socket */
- if (xauthfile)
- xauthfile_cleanup_proc(authctxt->pw);
+ /* remove agent socket */
if (auth_get_socket_name())
auth_sock_cleanup_proc(authctxt->pw);
}
/*
- * Remove local Xauthority file.
- */
-void
-xauthfile_cleanup_proc(void *_pw)
-{
- struct passwd *pw = _pw;
- char *p;
-
- debug("xauthfile_cleanup_proc called");
- if (xauthfile != NULL) {
- temporarily_use_uid(pw);
- unlink(xauthfile);
- p = strrchr(xauthfile, '/');
- if (p != NULL) {
- *p = '\0';
- rmdir(xauthfile);
- }
- xfree(xauthfile);
- xauthfile = NULL;
- restore_uid();
- }
-}
-
-/*
* Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
@@ -882,8 +852,6 @@ do_child(Session *s, const char *command)
}
#endif /* KRB4 */
- if (xauthfile)
- child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
@@ -1626,32 +1594,15 @@ session_setup_x11fwd(Session *s)
packet_send_debug("No xauth program; cannot forward with spoofing.");
return 0;
}
- if (s->display != NULL || xauthfile != NULL) {
+ if (s->display != NULL) {
debug("X11 display already set.");
return 0;
}
- xauthfile = xmalloc(MAXPATHLEN);
- strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
- temporarily_use_uid(s->pw);
- if (mkdtemp(xauthfile) == NULL) {
- error("private X11 dir: mkdtemp %s failed: %s",
- xauthfile, strerror(errno));
- restore_uid();
- xfree(xauthfile);
- xauthfile = NULL;
- return 0;
- }
- strlcat(xauthfile, "/cookies", MAXPATHLEN);
- fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd >= 0)
- close(fd);
- restore_uid();
s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
if (s->display == NULL) {
- xauthfile_cleanup_proc(s->pw);
+ debug("x11_create_display_inet failed.");
return 0;
}
- fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
return 1;
}