diff options
| -rw-r--r-- | usr.bin/ssh/authfd.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.c | 55 | ||||
| -rw-r--r-- | usr.bin/ssh/deattack.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 52 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.h | 16 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 8 |
6 files changed, 67 insertions, 71 deletions
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index 90bf07aaaeb..6fc51c347b6 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -14,7 +14,7 @@ Functions for connecting the local authentication agent. */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.6 1999/10/04 20:45:01 markus Exp $"); +RCSID("$Id: authfd.c,v 1.7 1999/10/05 22:18:52 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -31,7 +31,7 @@ RCSID("$Id: authfd.c,v 1.6 1999/10/04 20:45:01 markus Exp $"); int ssh_get_authentication_fd() { - const char *authfd, *authsocket; + const char *authsocket; int sock; struct sockaddr_un sunaddr; diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 2ca092fe480..7b70f115df9 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection. */ #include "includes.h" -RCSID("$Id: channels.c,v 1.11 1999/10/04 20:45:01 markus Exp $"); +RCSID("$Id: channels.c,v 1.12 1999/10/05 22:18:52 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -43,6 +43,9 @@ RCSID("$Id: channels.c,v 1.11 1999/10/04 20:45:01 markus Exp $"); #define SSH_CHANNEL_INPUT_DRAINING 10 /* sending remaining data to conn */ #define SSH_CHANNEL_OUTPUT_DRAINING 11 /* sending remaining data to app */ +/* Max len of agent socket */ +#define MAX_SOCKET_NAME 100 + /* Data structure for channel data. This is iniailized in channel_allocate and cleared in channel_free. */ @@ -72,9 +75,9 @@ static int channels_alloc = 0; in channel_allocate. */ static int channel_max_fd_value = 0; -/* These two variables are for authentication agent forwarding. */ -static int channel_forwarded_auth_fd = -1; +/* Name and directory of socket for authentication agent forwarding. */ static char *channel_forwarded_auth_socket_name = NULL; +static char *channel_forwarded_auth_socket_dir = NULL; /* Saved X11 authentication protocol name. */ char *x11_saved_proto = NULL; @@ -906,7 +909,6 @@ void channel_input_port_forward_request(int is_root) /* Port numbers are 16 bit quantities. */ if ((port & 0xffff) != port) packet_disconnect("Requested forwarding of nonexistent port %d.", port); - /* Check that an unprivileged user is not trying to forward a privileged port. */ @@ -1357,15 +1359,6 @@ void auth_request_forwarding() packet_write_wait(); } -/* Returns the number of the file descriptor to pass to child programs as - the authentication fd. Returns -1 if there is no forwarded authentication - fd. */ - -int auth_get_fd() -{ - return channel_forwarded_auth_fd; -} - /* Returns the name of the forwarded authentication socket. Returns NULL if there is no forwarded authentication socket. The returned value points to a static buffer. */ @@ -1375,22 +1368,43 @@ char *auth_get_socket_name() return channel_forwarded_auth_socket_name; } +/* removes the agent forwarding socket */ + +void cleanup_socket(void) { + remove(channel_forwarded_auth_socket_name); + rmdir(channel_forwarded_auth_socket_dir); +} + /* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. This starts forwarding authentication requests. */ void auth_input_request_forwarding(struct passwd *pw) { - mode_t savedumask; int sock, newch; struct sockaddr_un sunaddr; if (auth_get_socket_name() != NULL) fatal("Protocol error: authentication forwarding requested twice."); + /* Temporarily drop privileged uid for mkdir/bind. */ + temporarily_use_uid(pw->pw_uid); + /* Allocate a buffer for the socket name, and format the name. */ - channel_forwarded_auth_socket_name = xmalloc(100); - sprintf(channel_forwarded_auth_socket_name, SSH_AGENT_SOCKET, - (int)getpid()); + channel_forwarded_auth_socket_name = xmalloc(MAX_SOCKET_NAME); + channel_forwarded_auth_socket_dir = xmalloc(MAX_SOCKET_NAME); + strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME); + + /* Create private directory for socket */ + if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL) + packet_disconnect("mkdtemp: %.100s", strerror(errno)); + snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, + "%s/agent.%d", channel_forwarded_auth_socket_dir, (int)getpid()); + + if (atexit(cleanup_socket) < 0) { + int saved=errno; + cleanup_socket(); + packet_disconnect("socket: %.100s", strerror(saved)); + } /* Create the socket. */ sock = socket(AF_UNIX, SOCK_STREAM, 0); @@ -1403,19 +1417,12 @@ void auth_input_request_forwarding(struct passwd *pw) strncpy(sunaddr.sun_path, channel_forwarded_auth_socket_name, sizeof(sunaddr.sun_path)); - savedumask = umask(0077); - - /* Temporarily use a privileged uid. */ - temporarily_use_uid(pw->pw_uid); - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) packet_disconnect("bind: %.100s", strerror(errno)); /* Restore the privileged uid. */ restore_uid(); - umask(savedumask); - /* Start listening on the socket. */ if (listen(sock, 5) < 0) packet_disconnect("listen: %.100s", strerror(errno)); diff --git a/usr.bin/ssh/deattack.c b/usr.bin/ssh/deattack.c index f05980afb33..f961e8feb02 100644 --- a/usr.bin/ssh/deattack.c +++ b/usr.bin/ssh/deattack.c @@ -1,5 +1,5 @@ /* - * $Id: deattack.c,v 1.2 1999/10/05 02:35:57 dugsong Exp $ + * $Id: deattack.c,v 1.3 1999/10/05 22:18:52 markus Exp $ * Cryptographic attack detector for ssh - source code * * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. @@ -20,6 +20,7 @@ #include "includes.h" #include "deattack.h" #include "ssh.h" +#include "crc32.h" #include "getput.h" #include "xmalloc.h" diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 6698afb1ebc..1ab53eee1af 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -14,7 +14,7 @@ The authentication agent program. */ #include "includes.h" -RCSID("$Id: ssh-agent.c,v 1.9 1999/10/04 20:45:01 markus Exp $"); +RCSID("$Id: ssh-agent.c,v 1.10 1999/10/05 22:18:52 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -51,6 +51,13 @@ Identity *identities = NULL; int max_fd = 0; +/* pid of agent == parent of shell */ +int parent_pid = -1; + +/* pathname and directory for AUTH_SOCKET */ +char socket_name[1024]; +char socket_dir[1024]; + void process_request_identity(SocketEntry *e) { @@ -507,15 +514,11 @@ void after_select(fd_set *readset, fd_set *writeset) } } -int parent_pid = -1; -char socket_name[1024]; - void check_parent_exists(int sig) { if (kill(parent_pid, 0) < 0) { - remove(socket_name); /* printf("Parent has died - Authentication agent exiting.\n"); */ exit(1); } @@ -523,22 +526,21 @@ check_parent_exists(int sig) alarm(10); } +void cleanup_socket(void) { + remove(socket_name); + rmdir(socket_dir); +} + int main(int ac, char **av) { fd_set readset, writeset; - char buf[1024]; - int pfd; int sock; struct sockaddr_un sunaddr; - int sockets[2], i; - int *dups; - /* check if RSA support exists */ if (rsa_alive() == 0) { extern char *__progname; - fprintf(stderr, "%s: no RSA support in libssl and libcrypto. See ssl(8).\n", __progname); @@ -552,23 +554,32 @@ main(int ac, char **av) exit(1); } - /* The agent uses SSH_AUTHENTICATION_SOCKET. */ - parent_pid = getpid(); - - snprintf(socket_name, sizeof socket_name, SSH_AGENT_SOCKET, parent_pid); + + /* Create private directory for agent socket */ + strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir); + if (mkdtemp(socket_dir) == NULL) { + perror("mkdtemp: private socket dir"); + exit(1); + } + snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir, parent_pid); /* Fork, and have the parent execute the command. The child continues as the authentication agent. */ if (fork() != 0) { /* Parent - execute the given command. */ - snprintf(buf, sizeof buf, "SSH_AUTHENTICATION_SOCKET=%s", socket_name); - putenv(buf); + setenv("SSH_AUTHENTICATION_SOCKET", socket_name, 1); execvp(av[1], av + 1); perror(av[1]); exit(1); } - + + if (atexit(cleanup_socket) < 0) { + perror("atexit"); + cleanup_socket(); + exit(1); + } + sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { @@ -583,11 +594,6 @@ main(int ac, char **av) perror("bind"); exit(1); } - if (chmod(socket_name, 0700) < 0) - { - perror("chmod"); - exit(1); - } if (listen(sock, 5) < 0) { perror("listen"); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 21b670fb4f6..1586ace8b22 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.7 1999/10/04 20:45:02 markus Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.8 1999/10/05 22:18:52 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -116,20 +116,6 @@ only by root, whereas ssh_config should be world-readable. */ /* Additionally, the daemon may use ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. */ -/* Socket for connecting the authentication agent. Normally the connection - to the authentication agent is passed in a file descriptor; however, - on some systems, commonly used shells close all open file descriptors. - To make the agent usable on those systems, configure checks whether - the shells close all descriptors, and if so, defines AGENT_USES_SOCKET. - That socket is an unix-domain socket and will be stored with this name - in the user\'s home directory. The socket must not be accessible by - anyone but the user him/herself. The number at the end of the name - is the pid of the agent or the forwarding daemon. Note that this - socket is stored in /tmp, which is supposedly on the local machine. If - this were in the user\'s home directory, the daemon (running as root) - might not be able to create and chown the file to the user\'s uid. */ -#define SSH_AGENT_SOCKET "/tmp/ssh_agent.%d" - /* Name of the environment variable containing the pathname of the authentication socket. */ #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTHENTICATION_SOCKET" diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 7b768093cc2..913de8201df 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.21 1999/10/05 18:34:55 dugsong Exp $"); +RCSID("$Id: sshd.c,v 1.22 1999/10/05 22:18:52 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -2102,11 +2102,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, initgroups, because at least on Solaris 2.3 it leaves file descriptors open. */ for (i = 3; i < 64; i++) - { - if (i == auth_get_fd()) - continue; - close(i); - } + close(i); /* Change current directory to the user\'s home directory. */ if (chdir(pw->pw_dir) < 0) |