- markus@cvs.openbsd.org 2001/06/12 21:21:29
[session.c]
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
we do already trust $HOME/.ssh
you can use .ssh/sshrc and .ssh/environment if you want to customize
the location of the xauth cookies
diff --git a/ChangeLog b/ChangeLog
index 48a8284..13a82b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@
- markus@cvs.openbsd.org 2001/06/12 16:11:26
[packet.c]
do not log() packet_set_maxsize
+ - markus@cvs.openbsd.org 2001/06/12 21:21:29
+ [session.c]
+ remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
+ we do already trust $HOME/.ssh
+ you can use .ssh/sshrc and .ssh/environment if you want to customize
+ the location of the xauth cookies
20010612
- scp.c ID update (upstream synced vfsprintf() from us)
@@ -5629,4 +5635,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1283 2001/06/13 04:39:18 mouring Exp $
+$Id: ChangeLog,v 1.1284 2001/06/13 04:41:41 mouring Exp $
diff --git a/session.c b/session.c
index 0d7b8fa..49db53d 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.86 2001/06/12 16:10:38 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.87 2001/06/12 21:21:29 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -135,7 +135,6 @@
void do_child(Session *s, const char *command);
void do_motd(void);
int check_quietlogin(Session *s, const char *command);
-void xauthfile_cleanup_proc(void *pw);
void do_authenticated1(Authctxt *authctxt);
void do_authenticated2(Authctxt *authctxt);
@@ -149,9 +148,6 @@
extern int startup_pipe;
extern void destroy_sensitive_data(void);
-/* Local Xauthority file. */
-static char *xauthfile;
-
/* original command from peer. */
char *original_command = NULL;
@@ -201,38 +197,12 @@
else
do_authenticated1(authctxt);
- /* remote user's local Xauthority file and agent socket */
- if (xauthfile)
- xauthfile_cleanup_proc(authctxt->pw);
+ /* remove agent socket */
if (auth_get_socket_name())
auth_sock_cleanup_proc(authctxt->pw);
}
/*
- * Remove local Xauthority file.
- */
-void
-xauthfile_cleanup_proc(void *_pw)
-{
- struct passwd *pw = _pw;
- char *p;
-
- debug("xauthfile_cleanup_proc called");
- if (xauthfile != NULL) {
- temporarily_use_uid(pw);
- unlink(xauthfile);
- p = strrchr(xauthfile, '/');
- if (p != NULL) {
- *p = '\0';
- rmdir(xauthfile);
- }
- xfree(xauthfile);
- xauthfile = NULL;
- restore_uid();
- }
-}
-
-/*
* Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
@@ -1257,8 +1227,6 @@
do_pam_environment(&env, &envsize);
#endif /* USE_PAM */
- if (xauthfile)
- child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
@@ -2008,32 +1976,15 @@
packet_send_debug("No xauth program; cannot forward with spoofing.");
return 0;
}
- if (s->display != NULL || xauthfile != NULL) {
+ if (s->display != NULL) {
debug("X11 display already set.");
return 0;
}
- xauthfile = xmalloc(MAXPATHLEN);
- strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
- temporarily_use_uid(s->pw);
- if (mkdtemp(xauthfile) == NULL) {
- error("private X11 dir: mkdtemp %s failed: %s",
- xauthfile, strerror(errno));
- restore_uid();
- xfree(xauthfile);
- xauthfile = NULL;
- return 0;
- }
- strlcat(xauthfile, "/cookies", MAXPATHLEN);
- fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd >= 0)
- close(fd);
- restore_uid();
s->display = x11_create_display_inet(s->screen, options.x11_display_offset);
if (s->display == NULL) {
- xauthfile_cleanup_proc(s->pw);
+ debug("x11_create_display_inet failed.");
return 0;
}
- fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
return 1;
}