summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/channels.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh/channels.c')
-rw-r--r--usr.bin/ssh/channels.c55
1 files changed, 31 insertions, 24 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 2ca092fe480..7b70f115df9 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.11 1999/10/04 20:45:01 markus Exp $");
+RCSID("$Id: channels.c,v 1.12 1999/10/05 22:18:52 markus Exp $");
#include "ssh.h"
#include "packet.h"
@@ -43,6 +43,9 @@ RCSID("$Id: channels.c,v 1.11 1999/10/04 20:45:01 markus Exp $");
#define SSH_CHANNEL_INPUT_DRAINING 10 /* sending remaining data to conn */
#define SSH_CHANNEL_OUTPUT_DRAINING 11 /* sending remaining data to app */
+/* Max len of agent socket */
+#define MAX_SOCKET_NAME 100
+
/* Data structure for channel data. This is iniailized in channel_allocate
and cleared in channel_free. */
@@ -72,9 +75,9 @@ static int channels_alloc = 0;
in channel_allocate. */
static int channel_max_fd_value = 0;
-/* These two variables are for authentication agent forwarding. */
-static int channel_forwarded_auth_fd = -1;
+/* Name and directory of socket for authentication agent forwarding. */
static char *channel_forwarded_auth_socket_name = NULL;
+static char *channel_forwarded_auth_socket_dir = NULL;
/* Saved X11 authentication protocol name. */
char *x11_saved_proto = NULL;
@@ -906,7 +909,6 @@ void channel_input_port_forward_request(int is_root)
/* Port numbers are 16 bit quantities. */
if ((port & 0xffff) != port)
packet_disconnect("Requested forwarding of nonexistent port %d.", port);
-
/* Check that an unprivileged user is not trying to forward a privileged
port. */
@@ -1357,15 +1359,6 @@ void auth_request_forwarding()
packet_write_wait();
}
-/* Returns the number of the file descriptor to pass to child programs as
- the authentication fd. Returns -1 if there is no forwarded authentication
- fd. */
-
-int auth_get_fd()
-{
- return channel_forwarded_auth_fd;
-}
-
/* Returns the name of the forwarded authentication socket. Returns NULL
if there is no forwarded authentication socket. The returned value
points to a static buffer. */
@@ -1375,22 +1368,43 @@ char *auth_get_socket_name()
return channel_forwarded_auth_socket_name;
}
+/* removes the agent forwarding socket */
+
+void cleanup_socket(void) {
+ remove(channel_forwarded_auth_socket_name);
+ rmdir(channel_forwarded_auth_socket_dir);
+}
+
/* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.
This starts forwarding authentication requests. */
void auth_input_request_forwarding(struct passwd *pw)
{
- mode_t savedumask;
int sock, newch;
struct sockaddr_un sunaddr;
if (auth_get_socket_name() != NULL)
fatal("Protocol error: authentication forwarding requested twice.");
+ /* Temporarily drop privileged uid for mkdir/bind. */
+ temporarily_use_uid(pw->pw_uid);
+
/* Allocate a buffer for the socket name, and format the name. */
- channel_forwarded_auth_socket_name = xmalloc(100);
- sprintf(channel_forwarded_auth_socket_name, SSH_AGENT_SOCKET,
- (int)getpid());
+ channel_forwarded_auth_socket_name = xmalloc(MAX_SOCKET_NAME);
+ channel_forwarded_auth_socket_dir = xmalloc(MAX_SOCKET_NAME);
+ strlcpy(channel_forwarded_auth_socket_dir, "/tmp/ssh-XXXXXXXX", MAX_SOCKET_NAME);
+
+ /* Create private directory for socket */
+ if (mkdtemp(channel_forwarded_auth_socket_dir) == NULL)
+ packet_disconnect("mkdtemp: %.100s", strerror(errno));
+ snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME,
+ "%s/agent.%d", channel_forwarded_auth_socket_dir, (int)getpid());
+
+ if (atexit(cleanup_socket) < 0) {
+ int saved=errno;
+ cleanup_socket();
+ packet_disconnect("socket: %.100s", strerror(saved));
+ }
/* Create the socket. */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -1403,19 +1417,12 @@ void auth_input_request_forwarding(struct passwd *pw)
strncpy(sunaddr.sun_path, channel_forwarded_auth_socket_name,
sizeof(sunaddr.sun_path));
- savedumask = umask(0077);
-
- /* Temporarily use a privileged uid. */
- temporarily_use_uid(pw->pw_uid);
-
if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
packet_disconnect("bind: %.100s", strerror(errno));
/* Restore the privileged uid. */
restore_uid();
- umask(savedumask);
-
/* Start listening on the socket. */
if (listen(sock, 5) < 0)
packet_disconnect("listen: %.100s", strerror(errno));