Mercurial > dropbear
annotate svr-agentfwd.c @ 1788:1fc0012b9c38
Fix handling of replies to global requests (#112)
The current code assumes that all global requests want / need a reply.
This isn't always true and the request itself indicates if it wants a
reply or not.
It causes a specific problem with [email protected] messages.
These are sent by OpenSSH after authentication to inform the client of
potential other host keys for the host. This can be used to add a new
type of host key or to rotate host keys.
The initial information message from the server is sent as a global
request, but with want_reply set to false. This means that the server
doesn't expect an answer to this message. Instead the client needs to
send a prove request as a reply if it wants to receive proof of
ownership for the host keys.
The bug doesn't cause any current problems with due to how OpenSSH
treats receiving the failure message. It instead treats it as a
keepalive message and further ignores it.
Arguably this is a protocol violation though of Dropbear and it is only
accidental that it doesn't cause a problem with OpenSSH.
The bug was found when adding host keys support to libssh, which is more
strict protocol wise and treats the unexpected failure message an error,
also see https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145
for more information.
The fix here is to honor the want_reply flag in the global request and
to only send a reply if the other side expects a reply.
| author | Dirkjan Bussink <d.bussink@gmail.com> |
|---|---|
| date | Thu, 10 Dec 2020 16:13:13 +0100 |
| parents | 592a18dac250 |
| children | a7cc3332d8ab |
| rev | line source |
|---|---|
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 /* This file (agentfwd.c) handles authentication agent forwarding, for OpenSSH |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 * style agents. */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "includes.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1037
diff
changeset
|
30 #if DROPBEAR_SVR_AGENTFWD |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "agentfwd.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "session.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "ssh.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "dbutil.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #include "chansession.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 #include "channel.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 #include "packet.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 #include "buffer.h" |
|
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
617
diff
changeset
|
40 #include "dbrandom.h" |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
41 #include "listener.h" |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
464
diff
changeset
|
42 #include "auth.h" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 #define AGENTDIRPREFIX "/tmp/dropbear-" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 static int send_msg_channel_open_agent(int fd); |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
47 static int bindagent(int fd, struct ChanSess * chansess); |
|
1460
58a74cb829b8
Pointer parameter could be declared as pointing to const (callback)
Francois Perrad <francois.perrad@gadz.org>
parents:
1459
diff
changeset
|
48 static void agentaccept(const struct Listener * listener, int sock); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 /* Handles client requests to start agent forwarding, sets up listening socket. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 560 | 52 int svr_agentreq(struct ChanSess * chansess) { |
|
617
81def6b732c7
Clean up fd on failure. Found by Klocwork
Matt Johnston <matt@ucc.asn.au>
parents:
604
diff
changeset
|
53 int fd = -1; |
| 560 | 54 |
|
475
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
464
diff
changeset
|
55 if (!svr_pubkey_allows_agentfwd()) { |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
464
diff
changeset
|
56 return DROPBEAR_FAILURE; |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
464
diff
changeset
|
57 } |
|
52a644e7b8e1
* Patch from Frédéric Moulins adding options to authorized_keys.
Matt Johnston <matt@ucc.asn.au>
parents:
464
diff
changeset
|
58 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
59 if (chansess->agentlistener != NULL) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 return DROPBEAR_FAILURE; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 /* create listening socket */ |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
64 fd = socket(PF_UNIX, SOCK_STREAM, 0); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
65 if (fd < 0) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 goto fail; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 /* create the unix socket dir and file */ |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
70 if (bindagent(fd, chansess) == DROPBEAR_FAILURE) { |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
71 goto fail; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 /* listen */ |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
75 if (listen(fd, 20) < 0) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 goto fail; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 /* set non-blocking */ |
|
109
2e9d1f29c50f
merge of 50be59810e462f9f44f55e421227d6aa0b31982b
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
80 setnonblocking(fd); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
82 /* pass if off to listener */ |
| 62 | 83 chansess->agentlistener = new_listener( &fd, 1, 0, chansess, |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
84 agentaccept, NULL); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
86 if (chansess->agentlistener == NULL) { |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
87 goto fail; |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
88 } |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 return DROPBEAR_SUCCESS; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 fail: |
|
617
81def6b732c7
Clean up fd on failure. Found by Klocwork
Matt Johnston <matt@ucc.asn.au>
parents:
604
diff
changeset
|
93 m_close(fd); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 /* cleanup */ |
| 560 | 95 svr_agentcleanup(chansess); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 return DROPBEAR_FAILURE; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 /* accepts a connection on the forwarded socket and opens a new channel for it |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 * back to the client */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
|
1460
58a74cb829b8
Pointer parameter could be declared as pointing to const (callback)
Francois Perrad <francois.perrad@gadz.org>
parents:
1459
diff
changeset
|
103 static void agentaccept(const struct Listener *UNUSED(listener), int sock) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 int fd; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 |
| 62 | 107 fd = accept(sock, NULL, NULL); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 if (fd < 0) { |
|
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
109
diff
changeset
|
109 TRACE(("accept failed")) |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
110 return; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 |
|
13
db2c8e6fb284
Fixed stupid agentfwd error (using the listening FD, not the accepted on. gah)
Matt Johnston <matt@ucc.asn.au>
parents:
11
diff
changeset
|
113 if (send_msg_channel_open_agent(fd) != DROPBEAR_SUCCESS) { |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
114 close(fd); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
115 } |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 /* set up the environment variable pointing to the socket. This is called |
|
1037
7c899f24a85b
Some minor typo fixes, found by codespell.
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
858
diff
changeset
|
120 * just before command/shell execution, after dropping privileges */ |
|
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
121 void svr_agentset(const struct ChanSess * chansess) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 char *path = NULL; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 int len; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
126 if (chansess->agentlistener == NULL) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 return; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 /* 2 for "/" and "\0" */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 path = m_malloc(len); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 snprintf(path, len, "%s/%s", chansess->agentdir, chansess->agentfile); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 addnewvar("SSH_AUTH_SOCK", path); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 m_free(path); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 /* close the socket, remove the socket-file */ |
| 560 | 140 void svr_agentcleanup(struct ChanSess * chansess) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 char *path = NULL; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 uid_t uid; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 gid_t gid; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 int len; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
147 if (chansess->agentlistener != NULL) { |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
148 remove_listener(chansess->agentlistener); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
149 chansess->agentlistener = NULL; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 |
|
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
62
diff
changeset
|
152 if (chansess->agentfile != NULL && chansess->agentdir != NULL) { |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
153 |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
154 #if DROPBEAR_SVR_MULTIUSER |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
155 /* Remove the dir as the user. That way they can't cause problems except |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
156 * for themselves */ |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
157 uid = getuid(); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
158 gid = getgid(); |
|
464
4317be8b7cf9
Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
159 if ((setegid(ses.authstate.pw_gid)) < 0 || |
|
4317be8b7cf9
Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
160 (seteuid(ses.authstate.pw_uid)) < 0) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
161 dropbear_exit("Failed to set euid"); |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
162 } |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
163 #endif |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
164 |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
165 /* 2 for "/" and "\0" */ |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
166 len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
168 path = m_malloc(len); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
169 snprintf(path, len, "%s/%s", chansess->agentdir, chansess->agentfile); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
170 unlink(path); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
171 m_free(path); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
172 |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
173 rmdir(chansess->agentdir); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
175 #if DROPBEAR_SVR_MULTIUSER |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
176 if ((seteuid(uid)) < 0 || |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
177 (setegid(gid)) < 0) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
178 dropbear_exit("Failed to revert euid"); |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
179 } |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
180 #endif |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
182 m_free(chansess->agentfile); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
183 m_free(chansess->agentdir); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
186 } |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 |
|
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
188 static const struct ChanType chan_svr_agent = { |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
189 0, /* sepfds */ |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
190 "[email protected]", |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
191 NULL, |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
192 NULL, |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
193 NULL, |
|
1625
79eef94ccea9
Split ChanType closehandler() and cleanup() so that dbclient doesn't
Matt Johnston <matt@ucc.asn.au>
parents:
1460
diff
changeset
|
194 NULL, |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
195 NULL |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
196 }; |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
197 |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 /* helper for accepting an agent request */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 static int send_msg_channel_open_agent(int fd) { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
|
225
ca7e76d981d9
- progress towards client agent forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
202 if (send_msg_channel_open_init(fd, &chan_svr_agent) == DROPBEAR_SUCCESS) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 encrypt_packet(); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 return DROPBEAR_SUCCESS; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 } else { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 return DROPBEAR_FAILURE; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 /* helper for creating the agent socket-file |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
212 static int bindagent(int fd, struct ChanSess * chansess) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 struct sockaddr_un addr; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 unsigned int prefix; |
|
1631
292f79307600
fix some gcc warnings (#73)
François Perrad <francois.perrad@gadz.org>
parents:
1625
diff
changeset
|
216 char path[(sizeof(addr.sun_path)-1)/2], sockfile[(sizeof(addr.sun_path)-1)/2]; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 mode_t mode; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 int i; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 uid_t uid; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 gid_t gid; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 int ret = DROPBEAR_FAILURE; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
223 #if DROPBEAR_SVR_MULTIUSER |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 /* drop to user privs to make the dir/file */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 uid = getuid(); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 gid = getgid(); |
|
464
4317be8b7cf9
Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
227 if ((setegid(ses.authstate.pw_gid)) < 0 || |
|
4317be8b7cf9
Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
228 (seteuid(ses.authstate.pw_uid)) < 0) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
229 dropbear_exit("Failed to set euid"); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 } |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
231 #endif |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 memset((void*)&addr, 0x0, sizeof(addr)); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 addr.sun_family = AF_UNIX; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 mode = S_IRWXU; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 for (i = 0; i < 20; i++) { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 genrandom((unsigned char*)&prefix, sizeof(prefix)); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 /* we want 32 bits (8 hex digits) - "/tmp/dropbear-f19c62c0" */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 snprintf(path, sizeof(path), AGENTDIRPREFIX "%.8x", prefix); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 if (mkdir(path, mode) == 0) { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 goto bindsocket; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 if (errno != EEXIST) { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 break; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 /* couldn't make a dir */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 goto out; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 bindsocket: |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 /* Format is "/tmp/dropbear-0246dead/auth-d00f7654-23". |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 * The "23" is the file desc, the random data is to avoid collisions |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 * between subsequent user processes reusing socket fds (odds are now |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 * 1/(2^64) */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
258 genrandom((unsigned char*)&prefix, sizeof(prefix)); |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
259 snprintf(sockfile, sizeof(sockfile), "auth-%.8x-%d", prefix, fd); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
260 |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
261 snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s", path, sockfile); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 |
|
11
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
263 if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == 0) { |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
264 chansess->agentdir = m_strdup(path); |
|
f76c9389e9e0
Mostly done with the listener changeover
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
265 chansess->agentfile = m_strdup(sockfile); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 ret = DROPBEAR_SUCCESS; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
269 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
270 out: |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
271 #if DROPBEAR_SVR_MULTIUSER |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 if ((seteuid(uid)) < 0 || |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 (setegid(gid)) < 0) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
274 dropbear_exit("Failed to revert euid"); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
275 } |
|
1633
592a18dac250
Support servers without multiple user support (#76)
Patrick Stewart <patstew@gmail.com>
parents:
1631
diff
changeset
|
276 #endif |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 return ret; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
278 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
279 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
280 #endif |