[Patch] Xauthority file in /tmp
Scott Howard
scott at doc.net.au
Tue Feb 12 14:57:29 EST 2002
This issue has been discussed here and elsewhere a fair bit in the past
year or so, but to re-address the issue...
As of OpenSSH 2.9.something the ability to have an Xauthority located in
/tmp was removed, with the following description in the ChangeLog :
- markus at cvs.openbsd.org 2001/06/12 21:21:29
[session.c]
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
we do already trust $HOME/.ssh
you can use .ssh/sshrc and .ssh/environment if you want to customize
the location of the xauth cookies
Whilst this reasoning does make sense, it presumes one thing - that the users
home directory exists on the machine. On a workstation this will generally
be the case, but it's not unusual for users/admins not to have home
directories on servers, which means that since this patch xforwarding has
been broken in such cases.
The attached patch (also available at
http://www.docbert.org/outgoing/xauthority-in-tmp.patch ) re-introduces
this feature via a configuration option "XauthorityInTmp". The default
value of this variable is "no" (ie, the default behaviour is unchanged).
The majority of the code had been copied from 2.9p1 (The last general
releases which put xauthority in /tmp), with a few minor modification,
including security improvements for removing the files in /tmp, which
I believe were what lead (at least in part) to the original removal
of this code.
Scott.
-------------- next part --------------
diff -r --unified openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c
--- openssh-3.0.2p1.orig/servconf.c Wed Nov 14 00:03:15 2001
+++ openssh-3.0.2p1/servconf.c Tue Feb 12 14:21:14 2002
@@ -64,6 +64,7 @@
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->xauth_location = NULL;
+ options->xauthority_in_tmp = -1;
options->strict_modes = -1;
options->keepalives = -1;
options->log_facility = (SyslogFacility) - 1;
@@ -258,7 +259,7 @@
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
- sBanner, sReverseMappingCheck, sHostbasedAuthentication,
+ sBanner, sReverseMappingCheck, sHostbasedAuthentication, sXAuthorityInTmp,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sDeprecated
@@ -313,6 +314,7 @@
{ "x11forwarding", sX11Forwarding },
{ "x11displayoffset", sX11DisplayOffset },
{ "xauthlocation", sXAuthLocation },
+ { "xauthorityintmp", sXAuthorityInTmp },
{ "strictmodes", sStrictModes },
{ "permitemptypasswords", sEmptyPasswd },
{ "uselogin", sUseLogin },
@@ -669,6 +671,10 @@
case sXAuthLocation:
charptr = &options->xauth_location;
goto parse_filename;
+
+ case sXAuthorityInTmp:
+ intptr = &options->xauthority_in_tmp;
+ goto parse_flag;
case sStrictModes:
intptr = &options->strict_modes;
diff -r --unified openssh-3.0.2p1.orig/servconf.h openssh-3.0.2p1/servconf.h
--- openssh-3.0.2p1.orig/servconf.h Thu Sep 13 02:40:06 2001
+++ openssh-3.0.2p1/servconf.h Tue Feb 12 14:12:51 2002
@@ -56,6 +56,7 @@
int x11_display_offset; /* What DISPLAY number to start
* searching at */
char *xauth_location; /* Location of xauth program */
+ int xauthority_in_tmp; /* If true, put .Xauthority file in /tmp/ssh-xxxxxx */
int strict_modes; /* If true, require string home dir modes. */
int keepalives; /* If true, set SO_KEEPALIVE. */
char *ciphers; /* Supported SSH2 ciphers. */
diff -r --unified openssh-3.0.2p1.orig/session.c openssh-3.0.2p1/session.c
--- openssh-3.0.2p1.orig/session.c Sun Dec 2 10:37:08 2001
+++ openssh-3.0.2p1/session.c Tue Feb 12 12:01:51 2002
@@ -151,6 +151,9 @@
extern int startup_pipe;
extern void destroy_sensitive_data(void);
+/* Local Xauthority file. */
+static char *xauthfile = NULL;
+
/* original command from peer. */
const char *original_command = NULL;
@@ -220,6 +223,28 @@
#endif
}
+xauthfile_cleanup_proc(void *_pw)
+{
+ struct passwd *pw = _pw;
+
+ debug("xauthfile_cleanup_proc called");
+
+ if (xauthfile != NULL) {
+ char *p;
+ temporarily_use_uid(pw);
+ unlink(xauthfile);
+ p = strrchr(xauthfile, '/');
+ if (p != NULL) {
+ *p = '\0';
+ rmdir(xauthfile);
+ }
+ xfree(xauthfile);
+ xauthfile = NULL;
+ restore_uid();
+ }
+}
+
+
/*
* Prepares for an interactive session. This is called after the user has
* been successfully authenticated. During this message exchange, pseudo
@@ -1300,6 +1325,8 @@
do_pam_environment(&env, &envsize);
#endif /* USE_PAM */
+ if (xauthfile)
+ child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
@@ -2039,6 +2066,7 @@
session_setup_x11fwd(Session *s)
{
struct stat st;
+ int fd;
if (no_x11_forwarding_flag) {
packet_send_debug("X11 forwarding disabled in user configuration file.");
@@ -2067,6 +2095,28 @@
debug("x11_create_display_inet failed.");
return 0;
}
+
+ if (options.xauthority_in_tmp && (xauthfile == NULL)) {
+ /* If required, setup a temp .Xauthority file in /tmp */
+ xauthfile = xmalloc(MAXPATHLEN);
+ strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
+ temporarily_use_uid(s->pw);
+ if (mkdtemp(xauthfile) == NULL) {
+ restore_uid();
+ error("private X11 dir: mkdtemp %s failed: %s",
+ xauthfile, strerror(errno));
+ xfree(xauthfile);
+ xauthfile = NULL;
+ } else {
+ strlcat(xauthfile, "/cookies", MAXPATHLEN);
+ fd = open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
+ if (fd >= 0)
+ close(fd);
+ restore_uid();
+ fatal_add_cleanup((void (*) (void *)) xauthfile_cleanup_proc, s->pw);
+ }
+ }
+
return 1;
}
@@ -2074,4 +2124,6 @@
do_authenticated2(Authctxt *authctxt)
{
server_loop2(authctxt);
+ if (xauthfile)
+ xauthfile_cleanup_proc(authctxt->pw);
}
More information about the openssh-unix-dev
mailing list