summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-06-05 19:29:20 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-06-05 19:29:20 +0000
commit7d68fbf4c53f9e2c9f16b8cd69bc07c377b114de (patch)
tree184309eaf4d90eba2ffdad8e157e2f790e751f83
parent551ea37576333968c760f3f080a8dfe51ca9b06a (diff)
- djm@cvs.openbsd.org 2001/05/19 00:36:40
[session.c] Disable X11 forwarding if xauth binary is not found. Patch from Nalin Dahyabhai <nalin@redhat.com>; ok markus@
-rw-r--r--ChangeLog6
-rw-r--r--session.c12
2 files changed, 15 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 34d4ace8..dc76b405 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
+ - djm@cvs.openbsd.org 2001/05/19 00:36:40
+ [session.c]
+ Disable X11 forwarding if xauth binary is not found. Patch from Nalin
+ Dahyabhai <nalin@redhat.com>; ok markus@
20010528
- (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
@@ -5438,4 +5442,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1228 2001/06/05 18:56:16 mouring Exp $
+$Id: ChangeLog,v 1.1229 2001/06/05 19:29:20 mouring Exp $
diff --git a/session.c b/session.c
index 62026c67..9aef6b02 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.75 2001/05/03 15:45:15 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.76 2001/05/19 00:36:40 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -255,6 +255,7 @@ do_authenticated1(Authctxt *authctxt)
int success, type, fd, n_bytes, plen, screen_flag, have_pty = 0;
int compression_level = 0, enable_compression_after_reply = 0;
u_int proto_len, data_len, dlen;
+ struct stat st;
s = session_new();
s->pw = authctxt->pw;
@@ -337,7 +338,8 @@ do_authenticated1(Authctxt *authctxt)
packet_send_debug("X11 forwarding disabled in server configuration file.");
break;
}
- if (!options.xauth_location) {
+ if (!options.xauth_location ||
+ (stat(options.xauth_location, &st) == -1)) {
packet_send_debug("No xauth program; cannot forward with spoofing.");
break;
}
@@ -1752,6 +1754,7 @@ int
session_x11_req(Session *s)
{
int fd;
+ struct stat st;
if (no_x11_forwarding_flag) {
debug("X11 forwarding disabled in user configuration file.");
return 0;
@@ -1760,6 +1763,11 @@ session_x11_req(Session *s)
debug("X11 forwarding disabled in server configuration file.");
return 0;
}
+ if (!options.xauth_location ||
+ (stat(options.xauth_location, &st) == -1)) {
+ packet_send_debug("No xauth program; cannot forward with spoofing.");
+ return 0;
+ }
if (xauthfile != NULL) {
debug("X11 fwd already started.");
return 0;