--- channels.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/channels.c b/channels.c index a84b487..396e192 100644 --- a/channels.c +++ b/channels.c @@ -3014,10 +3014,14 @@ channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, debug3("%s: type %d path %s", __func__, type, fwd->listen_path); + /* Expand home directory if necessary */ + char *expanded_path = tilde_expand_filename(fwd->listen_path, getuid()); + /* Start a Unix domain listener. */ omask = umask(fwd_opts->streamlocal_bind_mask); - sock = unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG, + sock = unix_listener(expanded_path, SSH_LISTEN_BACKLOG, fwd_opts->streamlocal_bind_unlink); + free(expanded_path); umask(omask); if (sock < 0) return 0; -- 1.9.1
Todd C. Miller
2015-Aug-17 19:14 UTC
[PATCH] Expand tilde for UNIX domain socket forwards.
I like the idea but tilde_expand_filename() calls fatal() if it cannot resolve ~foo. This is not terrible when using -L and -R on the normal command line but it seems pretty harsh to exit when -L or -R are used via the ~C escape or the streamlocal-forward at openssh.com request. Message-Id: <aea6cdc1d1b42d07 at courtesan.com> Perhaps we just need a non-fatal version of tilde_expand_filename(). Message-Id: <aea6cdc2c787751c at courtesan.com> - todd
On Mon, 17 Aug 2015, Todd C. Miller wrote:> I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at courtesan.com> > > Perhaps we just need a non-fatal version of tilde_expand_filename().Yeah, we should refactor it into a version that returns a ssherr.h code and (perhaps) leave the existing tilde_expand_filename() as a wrapper. -d
Possibly Parallel Threads
- [Bug 2737] New: function identity_sign() assume private key's pub part as same as the .pub key.
- [PATCH] Expand tilde for UNIX domain socket forwards.
- [RFC 0/2] add engine based keys
- certificates keys on pkcs11 devices
- [PATCH v2 0/2] Add openssl engine keys with provider upgrade path