search for: do_xauth

...f /* WITH_IRIX_PROJECT */ -#ifdef WITH_IRIX_JOBS -#include <sys/resource.h> -#endif -#ifdef WITH_IRIX_AUDIT -#include <sat.h> -#endif /* WITH_IRIX_AUDIT */ - #if defined(HAVE_USERSEC_H) #include <usersec.h> #endif @@ -1038,16 +1028,6 @@ struct stat st; char *argv[10]; int do_xauth; -#ifdef WITH_IRIX_PROJECT - prid_t projid; -#endif /* WITH_IRIX_PROJECT */ -#ifdef WITH_IRIX_JOBS - jid_t jid = 0; -#else -#ifdef WITH_IRIX_ARRAY - int jid = 0; -#endif /* WITH_IRIX_ARRAY */ -#endif /* WITH_IRIX_JOBS */ do_xauth = s->display != NULL && s->auth_proto != NULL...

...* first in this order). + * + * A properly-implemented restricted shell doesn't need the + * restriction tests, but they're useful for reducing the + * amount of noise in the process accounting logs. */ static void do_rc_files(Session *s, const char *shell) @@ -1111,11 +1113,12 @@ int do_xauth; struct stat st; - do_xauth = + do_xauth = !auth_restricted(RESTRICT_X11, s->pw) && s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_S...

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

...3 2001 @@ -93,6 +93,9 @@ # include <uinfo.h> #endif +/* support /./ in homedir */ +#define DOT_CHROOT + /* types */ #define TTYSZ 64 @@ -1037,6 +1040,10 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef DOT_CHROOT + char *user_dir; + char *new_root; +#endif int do_xauth = s->auth_proto != NULL && s->auth_data != NULL; #ifdef WITH_IRIX_PROJECT prid_t projid; @@ -1093,6 +1100,25 @@ # ifdef HAVE_GETUSERATTR set_limits_from_userattr(pw->pw_name); # endif /* HAVE_GETUSERATTR */ +# ifdef DOT_CHROOT + user_dir = xstrdup(pw->pw_dir); + new...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...ched Sat Oct 6 11:23:19 2001 @@ -92,6 +92,8 @@ # include <uinfo.h> #endif +#define CHROOT + /* types */ #define TTYSZ 64 @@ -1028,6 +1030,11 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef CHROOT + char *user_dir; + char *new_root; +#endif /* CHROOT */ + int do_xauth; #ifdef WITH_IRIX_PROJECT prid_t projid; @@ -1102,6 +1109,28 @@ if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); + +#ifdef CHROOT + user_dir = xstrdup(pw->pw_dir); + new_root = user_dir + 1; + + while((new_root = strc...

...2:38 @@ -108,8 +108,10 @@ int row, col, xpixel, ypixel; char tty[TTYSZ]; /* X11 */ + int display_number; char *display; int screen; + char *auth_display[2]; char *auth_proto; char *auth_data; int single_connection; @@ -1415,32 +1417,28 @@ _PATH_SSH_SYSTEM_RC); } else if (do_xauth && options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ - char *screen = strchr(s->display, ':'); - if (debug_flag) { fprintf(stderr, "Running %.100s add " "%.100s %.100s %.100s\n", -...

...pr 20 15:45:09 2001 @@ -93,6 +93,8 @@ # include <uinfo.h> #endif +#define CHROOT + /* types */ #define TTYSZ 64 @@ -1012,6 +1014,10 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef CHROOT + char *user_dir; + char *new_root; +#endif /* CHROOT */ int do_xauth = s->auth_proto != NULL && s->auth_data != NULL; #ifdef WITH_IRIX_PROJECT prid_t projid; @@ -1085,6 +1091,28 @@ if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); + +#ifdef CHROOT + user_dir = xstrdup(pw->pw_dir); +...