Bug#619760: openssh-server: sshd should honour TMPDIR to set up auth_sock_dir (forwarding)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
please find in attachment a refined version of the patch.
Note that umask(0177) is also applied to the agent socket
(as for ssh-agent).
Let me know if you are interested by a more refined version.
Thanks.
Best wishes,
Jerome
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJR20MVAAoJEIC/w4IMSybjI0QH/AxduwMqkmjn4uVyXvxsviB+
7BRryUjbBe6SSNYw01llaHufsQsMmHVOwZbwuMMccTcH8sUfNxBdexcScbFPkS9i
iBaZXwxUBk3PXref43aFA59VTNg641QJR0xRs63Vt4MPKGl4Hx9HvK7dMouNBz7M
TOCB1NxGUJOu5XV84UAIkH2xZPxS98tMPCOt+C6kabvNR8FychXLrwivRZnUJ5rG
5nleCCc8a+qfkRzbnQxjSttCXI+Corccs8vxj9fHwZw8skJith/jGoEPjG02ZW3p
dlblBiaL1+rBj1TkvQOBTbGjUmH7HP8UMK6V+7g3s3oZgvFqYPPf/wU2bAmyK1E=
=WgP/
-----END PGP SIGNATURE-----
--- a/session.c
+++ b/session.c
@@ -129,6 +129,8 @@
static int session_pty_req(Session *);
+static const char *do_get_env_tmpdir(struct passwd *);
+
/* import */
extern ServerOptions options;
extern char *__progname;
@@ -180,8 +182,10 @@
auth_input_request_forwarding(struct passwd * pw)
{
Channel *nc;
+ const char *tmpdir;
int sock = -1;
struct sockaddr_un sunaddr;
+ int prev_mask;
if (auth_sock_name != NULL) {
error("authentication forwarding requested twice.");
@@ -192,7 +196,10 @@
temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
- auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
+ if ((tmpdir = do_get_env_tmpdir(pw)) != NULL)
+ xasprintf(&auth_sock_dir, "%s/ssh-XXXXXXXXXXXX", tmpdir);
+ else
+ auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXXXX");
/* Create private directory for socket */
if (mkdtemp(auth_sock_dir) == NULL) {
@@ -219,12 +226,14 @@
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
-
+ prev_mask = umask(0177);
if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
error("bind: %.100s", strerror(errno));
+ umask(prev_mask);
restore_uid();
goto authsock_err;
}
+ umask(prev_mask);
/* Restore the privileged uid. */
restore_uid();
@@ -1314,6 +1323,30 @@
}
/*
+ * do_get_env_tmpdir is meant to mimic do_setup_env
+ * to retrieve TMPDIR
+ */
+
+static const char *
+do_get_env_tmpdir(struct passwd * pw)
+{
+ const char *tmpdir;
+ const char *candidate;
+
+ tmpdir = getenv("TMPDIR");
+
+#ifdef USE_PAM
+ if (options.use_pam) {
+ if ((candidate = do_pam_getenv("TMPDIR")) != NULL) {
+ tmpdir = candidate;
+ }
+ }
+#endif /* USE_PAM */
+
+ return tmpdir;
+}
+
+/*
* Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
* first in this order).
*/
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -1087,6 +1087,17 @@
return (ret);
}
+
+const char *
+do_pam_getenv(const char *name)
+{
+#ifdef HAVE_PAM_GETENV
+ return (pam_getenv(sshpam_handle, name));
+#else
+ return NULL;
+#endif
+}
+
char **
fetch_pam_child_environment(void)
{
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -39,6 +39,7 @@
void do_pam_setcred(int );
void do_pam_chauthtok(void);
int do_pam_putenv(char *, char *);
+const char * do_pam_getenv(const char *);
char ** fetch_pam_environment(void);
char ** fetch_pam_child_environment(void);
void free_pam_environment(char **);
--- a/configure.ac
+++ b/configure.ac
@@ -2581,6 +2581,7 @@
AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
AC_CHECK_FUNCS([pam_getenvlist])
AC_CHECK_FUNCS([pam_putenv])
+ AC_CHECK_FUNCS([pam_getenv])
LIBS="$saved_LIBS"
PAM_MSG="yes"
Reply to: