5 # We have contributed back this fix to the OpenSSH upstream community. For |
5 # We have contributed back this fix to the OpenSSH upstream community. For |
6 # more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2440 |
6 # more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2440 |
7 # In the future, if this fix is accepted by the upsteam in a later release, we |
7 # In the future, if this fix is accepted by the upsteam in a later release, we |
8 # will remove this patch when we upgrade to that release. |
8 # will remove this patch when we upgrade to that release. |
9 # |
9 # |
10 --- orig/session.c Thu Jul 30 10:35:15 2015 |
10 diff -pur old/session.c new/session.c |
11 +++ new/session.c Tue Aug 4 11:29:22 2015 |
11 --- old/session.c |
|
12 +++ new/session.c |
12 @@ -62,6 +62,10 @@ |
13 @@ -62,6 +62,10 @@ |
13 #include <unistd.h> |
14 #include <unistd.h> |
14 #include <limits.h> |
15 #include <limits.h> |
15 |
16 |
16 +#ifdef PER_SESSION_XAUTHFILE |
17 +#ifdef PER_SESSION_XAUTHFILE |
54 +#endif |
55 +#endif |
55 + |
56 + |
56 if (s->auth_proto != NULL || s->auth_data != NULL) { |
57 if (s->auth_proto != NULL || s->auth_data != NULL) { |
57 error("session_x11_req: session %d: " |
58 error("session_x11_req: session %d: " |
58 "x11 forwarding already active", s->self); |
59 "x11 forwarding already active", s->self); |
59 @@ -2188,6 +2207,48 @@ |
60 @@ -2188,6 +2207,50 @@ |
60 s->auth_proto = NULL; |
61 s->auth_proto = NULL; |
61 s->auth_data = NULL; |
62 s->auth_data = NULL; |
62 } |
63 } |
63 + |
64 + |
64 +#ifdef PER_SESSION_XAUTHFILE |
65 +#ifdef PER_SESSION_XAUTHFILE |
67 + * |
68 + * |
68 + * If mkdtemp() or open() fails then s->auth_file remains NULL which |
69 + * If mkdtemp() or open() fails then s->auth_file remains NULL which |
69 + * means that we won't set XAUTHORITY variable in child's environment |
70 + * means that we won't set XAUTHORITY variable in child's environment |
70 + * and xauth(1) will use the default location for the authority file. |
71 + * and xauth(1) will use the default location for the authority file. |
71 + */ |
72 + */ |
|
73 + temporarily_use_uid(s->pw); |
72 + if (mkdtemp(xauthdir) != NULL) { |
74 + if (mkdtemp(xauthdir) != NULL) { |
73 + s->auth_file = xmalloc(MAXPATHLEN); |
75 + s->auth_file = xmalloc(MAXPATHLEN); |
74 + snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile", |
76 + snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile", |
75 + xauthdir); |
77 + xauthdir); |
76 + /* |
78 + /* |
99 + else { |
101 + else { |
100 + error("failed to create a directory for the temporary X " |
102 + error("failed to create a directory for the temporary X " |
101 + "authority file: %.100s; will use the default xauth file", |
103 + "authority file: %.100s; will use the default xauth file", |
102 + strerror(errno)); |
104 + strerror(errno)); |
103 + } |
105 + } |
|
106 + restore_uid(); |
104 +#endif |
107 +#endif |
105 return success; |
108 return success; |
106 } |
109 } |
107 |
110 |
108 @@ -2378,6 +2439,50 @@ |
111 @@ -2378,6 +2441,50 @@ |
109 PRIVSEP(session_pty_cleanup2(s)); |
112 PRIVSEP(session_pty_cleanup2(s)); |
110 } |
113 } |
111 |
114 |
112 +#ifdef PER_SESSION_XAUTHFILE |
115 +#ifdef PER_SESSION_XAUTHFILE |
113 +/* |
116 +/* |
154 +#endif |
157 +#endif |
155 + |
158 + |
156 static char * |
159 static char * |
157 sig2name(int sig) |
160 sig2name(int sig) |
158 { |
161 { |
159 @@ -2512,6 +2617,9 @@ |
162 @@ -2512,6 +2619,9 @@ |
160 free(s->auth_display); |
163 free(s->auth_display); |
161 free(s->auth_data); |
164 free(s->auth_data); |
162 free(s->auth_proto); |
165 free(s->auth_proto); |
163 +#ifdef PER_SESSION_XAUTHFILE |
166 +#ifdef PER_SESSION_XAUTHFILE |
164 + session_xauthfile_cleanup(s); |
167 + session_xauthfile_cleanup(s); |
165 +#endif |
168 +#endif |
166 free(s->subsys); |
169 free(s->subsys); |
167 if (s->env != NULL) { |
170 if (s->env != NULL) { |
168 for (i = 0; i < s->num_env; i++) { |
171 for (i = 0; i < s->num_env; i++) { |
169 @@ -2763,6 +2871,10 @@ |
172 @@ -2763,6 +2873,10 @@ |
170 /* remove agent socket */ |
173 /* remove agent socket */ |
171 auth_sock_cleanup_proc(authctxt->pw); |
174 auth_sock_cleanup_proc(authctxt->pw); |
172 |
175 |
173 +#ifdef PER_SESSION_XAUTHFILE |
176 +#ifdef PER_SESSION_XAUTHFILE |
174 + cleanup_all_session_xauthfile(); |
177 + cleanup_all_session_xauthfile(); |
175 +#endif |
178 +#endif |
176 + |
179 + |
177 /* |
180 /* |
178 * Cleanup ptys/utmp only if privsep is disabled, |
181 * Cleanup ptys/utmp only if privsep is disabled, |
179 * or if running in monitor. |
182 * or if running in monitor. |
180 --- orig/session.h Thu Jul 30 10:35:12 2015 |
183 diff -pur old/session.h new/session.h |
181 +++ new/session.h Tue Aug 4 11:30:04 2015 |
184 --- old/session.h |
|
185 +++ new/session.h |
182 @@ -49,6 +49,9 @@ |
186 @@ -49,6 +49,9 @@ |
183 char *auth_display; |
187 char *auth_display; |
184 char *auth_proto; |
188 char *auth_proto; |
185 char *auth_data; |
189 char *auth_data; |
186 +#ifdef PER_SESSION_XAUTHFILE |
190 +#ifdef PER_SESSION_XAUTHFILE |