nuke genminfd/AUTH_FD

6 files changed, 81 insertions, 204 deletions

diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc
index 806b1e50cf8..369896bf5bf 100644
--- a/usr.bin/ssh/Makefile.inc
+++ b/usr.bin/ssh/Makefile.inc
@@ -1,7 +1,5 @@
 CFLAGS+=	-I${.OBJDIR} -I${.CURDIR}/..
 
-CLEANFILES=	gen_minfd minfd.h
-
 .include <bsd.own.mk> # for KERBEROS and AFS
 
 .if (${KERBEROS} == "yes")
@@ -14,5 +12,3 @@ LDADD+=  -lkafs
 DPADD+=  ${LIBKRBAFS}
 .endif # AFS
 .endif # KERBEROS
-
-USER_SHELLS = sh jsh ksh csh tcsh bash zsh ash
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index 3b112ee631f..90bf07aaaeb 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -14,7 +14,7 @@ Functions for connecting the local authentication agent.
 */
 
 #include "includes.h"
-RCSID("$Id: authfd.c,v 1.5 1999/10/03 19:22:38 deraadt Exp $");
+RCSID("$Id: authfd.c,v 1.6 1999/10/04 20:45:01 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -35,13 +35,6 @@ ssh_get_authentication_fd()
   int sock;
   struct sockaddr_un sunaddr;
 
-  /* Get the file descriptor number from environment. */
-  authfd = getenv(SSH_AUTHFD_ENV_NAME);
-
-  /* Convert the value to an integer and return it if we got a value. */
-  if (authfd)
-    return atoi(authfd);
-
   authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
   if (!authsocket)
     return -1;
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 32674ce47aa..2ca092fe480 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
 */
 
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.10 1999/10/03 19:22:38 deraadt Exp $");
+RCSID("$Id: channels.c,v 1.11 1999/10/04 20:45:01 markus Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -1380,98 +1380,50 @@ char *auth_get_socket_name()
 
 void auth_input_request_forwarding(struct passwd *pw)
 {
-  int pfd = get_permanent_fd(pw->pw_shell);
   mode_t savedumask;
+  int sock, newch;
+  struct sockaddr_un sunaddr;
   
-  if (pfd < 0) 
-    {
-      int sock, newch;
-      struct sockaddr_un sunaddr;
-      
-      if (auth_get_socket_name() != NULL)
-	fatal("Protocol error: authentication forwarding requested twice.");
-    
-      /* Allocate a buffer for the socket name, and format the name. */
-      channel_forwarded_auth_socket_name = xmalloc(100);
-      sprintf(channel_forwarded_auth_socket_name, SSH_AGENT_SOCKET, 
-	      (int)getpid());
-    
-      /* Create the socket. */
-      sock = socket(AF_UNIX, SOCK_STREAM, 0);
-      if (sock < 0)
-	packet_disconnect("socket: %.100s", strerror(errno));
+  if (auth_get_socket_name() != NULL)
+    fatal("Protocol error: authentication forwarding requested twice.");
 
-      /* Bind it to the name. */
-      memset(&sunaddr, 0, sizeof(sunaddr));
-      sunaddr.sun_family = AF_UNIX;
-      strncpy(sunaddr.sun_path, channel_forwarded_auth_socket_name, 
-	      sizeof(sunaddr.sun_path));
+  /* Allocate a buffer for the socket name, and format the name. */
+  channel_forwarded_auth_socket_name = xmalloc(100);
+  sprintf(channel_forwarded_auth_socket_name, SSH_AGENT_SOCKET, 
+          (int)getpid());
 
-      savedumask = umask(0077);
+  /* Create the socket. */
+  sock = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (sock < 0)
+    packet_disconnect("socket: %.100s", strerror(errno));
 
-      /* Temporarily use a privileged uid. */
-      temporarily_use_uid(pw->pw_uid);
+  /* Bind it to the name. */
+  memset(&sunaddr, 0, sizeof(sunaddr));
+  sunaddr.sun_family = AF_UNIX;
+  strncpy(sunaddr.sun_path, channel_forwarded_auth_socket_name, 
+          sizeof(sunaddr.sun_path));
 
-      if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
-	packet_disconnect("bind: %.100s", strerror(errno));
+  savedumask = umask(0077);
 
-      /* Restore the privileged uid. */
-      restore_uid();
+  /* Temporarily use a privileged uid. */
+  temporarily_use_uid(pw->pw_uid);
 
-      umask(savedumask);
+  if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
+    packet_disconnect("bind: %.100s", strerror(errno));
 
-      /* Start listening on the socket. */
-      if (listen(sock, 5) < 0)
-	packet_disconnect("listen: %.100s", strerror(errno));
+  /* Restore the privileged uid. */
+  restore_uid();
 
-      /* Allocate a channel for the authentication agent socket. */
-      newch = channel_allocate(SSH_CHANNEL_AUTH_SOCKET, sock,
-			       xstrdup("auth socket"));
-      strcpy(channels[newch].path, channel_forwarded_auth_socket_name);
-    }
-  else 
-    {
-      int sockets[2], i, cnt, newfd;
-      int *dups = xmalloc(sizeof (int) * (pfd + 1));
-      
-      if (auth_get_fd() != -1)
-	fatal("Protocol error: authentication forwarding requested twice.");
+  umask(savedumask);
 
-      /* Create a socket pair. */
-      if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0)
-	packet_disconnect("socketpair: %.100s", strerror(errno));
-    
-      /* Dup some descriptors to get the authentication fd to pfd,
-	 because some shells arbitrarily close descriptors below that.
-	 Don't use dup2 because maybe some systems don't have it?? */
-      for (cnt = 0;; cnt++) 
-	{
-	  if ((dups[cnt] = dup(packet_get_connection_in())) < 0)
-	    fatal("auth_input_request_forwarding: dup failed");
-	  if (dups[cnt] == pfd)
-	    break;
-	}
-      close(dups[cnt]);
-      
-      /* Move the file descriptor we pass to children up high where
-	 the shell won't close it. */
-      newfd = dup(sockets[1]);
-      if (newfd != pfd)
-	fatal ("auth_input_request_forwarding: dup didn't return %d.", pfd);
-      close(sockets[1]);
-      sockets[1] = newfd;
-      /* Close duped descriptors. */
-      for (i = 0; i < cnt; i++)
-	close(dups[i]);
-      free(dups);
-    
-      /* Record the file descriptor to be passed to children. */
-      channel_forwarded_auth_fd = sockets[1];
-    
-      /* Allcate a channel for the authentication fd. */
-      (void)channel_allocate(SSH_CHANNEL_AUTH_FD, sockets[0],
-			     xstrdup("auth fd"));
-    }
+  /* Start listening on the socket. */
+  if (listen(sock, 5) < 0)
+    packet_disconnect("listen: %.100s", strerror(errno));
+
+  /* Allocate a channel for the authentication agent socket. */
+  newch = channel_allocate(SSH_CHANNEL_AUTH_SOCKET, sock,
+    		       xstrdup("auth socket"));
+  strcpy(channels[newch].path, channel_forwarded_auth_socket_name);
 }
 
 /* This is called to process an SSH_SMSG_AGENT_OPEN message. */
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 963b70c6890..6698afb1ebc 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -14,7 +14,7 @@ The authentication agent program.
 */
 
 #include "includes.h"
-RCSID("$Id: ssh-agent.c,v 1.8 1999/10/03 19:22:38 deraadt Exp $");
+RCSID("$Id: ssh-agent.c,v 1.9 1999/10/04 20:45:01 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -552,102 +552,50 @@ main(int ac, char **av)
       exit(1);
     }
 
-  pfd = get_permanent_fd(NULL);
-  if (pfd < 0) 
+  /* The agent uses SSH_AUTHENTICATION_SOCKET. */
+  
+  parent_pid = getpid();
+  
+  snprintf(socket_name, sizeof socket_name, SSH_AGENT_SOCKET, parent_pid);
+  
+  /* Fork, and have the parent execute the command.  The child continues as
+     the authentication agent. */
+  if (fork() != 0)
+    { /* Parent - execute the given command. */
+      snprintf(buf, sizeof buf, "SSH_AUTHENTICATION_SOCKET=%s", socket_name);
+      putenv(buf);
+      execvp(av[1], av + 1);
+      perror(av[1]);
+      exit(1);
+    }
+  
+  sock = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (sock < 0)
     {
-      /* The agent uses SSH_AUTHENTICATION_SOCKET. */
-      
-      parent_pid = getpid();
-      
-      snprintf(socket_name, sizeof socket_name, SSH_AGENT_SOCKET, parent_pid);
-      
-      /* Fork, and have the parent execute the command.  The child continues as
-	 the authentication agent. */
-      if (fork() != 0)
-	{ /* Parent - execute the given command. */
-	  snprintf(buf, sizeof buf, "SSH_AUTHENTICATION_SOCKET=%s", socket_name);
-	  putenv(buf);
-	  execvp(av[1], av + 1);
-	  perror(av[1]);
-	  exit(1);
-	}
-      
-      sock = socket(AF_UNIX, SOCK_STREAM, 0);
-      if (sock < 0)
-	{
-	  perror("socket");
-	  exit(1);
-	}
-      memset(&sunaddr, 0, sizeof(sunaddr));
-      sunaddr.sun_family = AF_UNIX;
-      strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
-      if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
-	{
-	  perror("bind");
-	  exit(1);
-	}
-      if (chmod(socket_name, 0700) < 0)
-	{
-	  perror("chmod");
-	  exit(1);
-	}
-      if (listen(sock, 5) < 0)
-	{
-	  perror("listen");
-	  exit(1);
-	}
-      new_socket(AUTH_SOCKET, sock);
-      signal(SIGALRM, check_parent_exists);
-      alarm(10);
+      perror("socket");
+      exit(1);
     }
-  else 
+  memset(&sunaddr, 0, sizeof(sunaddr));
+  sunaddr.sun_family = AF_UNIX;
+  strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
+  if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
     {
-      /* The agent uses SSH_AUTHENTICATION_FD. */
-      int cnt, newfd;
-      
-      dups = xmalloc(sizeof (int) * (1 + pfd));
-      
-      if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0)
-	{
-	  perror("socketpair");
-	  exit(1);
-	}
-
-      /* Dup some descriptors to get the authentication fd to pfd,
-	 because some shells arbitrarily close descriptors below that.
-	 Don't use dup2 because maybe some systems don't have it?? */
-      for (cnt = 0;; cnt++) {
-	if ((dups[cnt] = dup(0)) < 0)
-	  fatal("auth_input_request_forwarding: dup failed");
-	if (dups[cnt] == pfd)
-	  break;
-      }
-      close(dups[cnt]);
-      
-      /* Move the file descriptor we pass to children up high where
-	 the shell won't close it. */
-      newfd = dup(sockets[1]);
-      if (newfd != pfd)
-	fatal("auth_input_request_forwarding: dup didn't return %d.", pfd);
-      close(sockets[1]);
-      sockets[1] = newfd;
-      /* Close duped descriptors. */
-      for (i = 0; i < cnt; i++)
-	close(dups[i]);
-      free(dups);
-      
-      if (fork() != 0)
-	{ /* Parent - execute the given command. */
-	  close(sockets[0]);
-	  snprintf(buf, sizeof buf, "SSH_AUTHENTICATION_FD=%d", sockets[1]);
-	  putenv(buf);
-	  execvp(av[1], av + 1);
-	  perror(av[1]);
-	  exit(1);
-	}
-      close(sockets[1]);
-      new_socket(AUTH_FD, sockets[0]);
+      perror("bind");
+      exit(1);
     }
+  if (chmod(socket_name, 0700) < 0)
+    {
+      perror("chmod");
+      exit(1);
+    }
+  if (listen(sock, 5) < 0)
+    {
+      perror("listen");
+      exit(1);
+    }
+  new_socket(AUTH_SOCKET, sock);
+  signal(SIGALRM, check_parent_exists);
+  alarm(10);
 
   signal(SIGINT, SIG_IGN);
   while (1)
diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h
index 10b04bfb213..21b670fb4f6 100644
--- a/usr.bin/ssh/ssh.h
+++ b/usr.bin/ssh/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
 
 */
 
-/* RCSID("$Id: ssh.h,v 1.6 1999/10/03 21:50:04 provos Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.7 1999/10/04 20:45:02 markus Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -130,9 +130,6 @@ only by root, whereas ssh_config should be world-readable. */
    might not be able to create and chown the file to the user\'s uid. */
 #define SSH_AGENT_SOCKET	"/tmp/ssh_agent.%d"
 
-/* Name of the environment variable containing the authentication fd. */
-#define SSH_AUTHFD_ENV_NAME	"SSH_AUTHENTICATION_FD"
-
 /* Name of the environment variable containing the pathname of the
    authentication socket. */
 #define SSH_AUTHSOCKET_ENV_NAME	"SSH_AUTHENTICATION_SOCKET"
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 5099513cdf4..1715b6b286a 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.18 1999/10/03 21:02:12 deraadt Exp $");
+RCSID("$Id: sshd.c,v 1.19 1999/10/04 20:45:02 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -2054,18 +2054,9 @@ void do_child(const char *command, struct passwd *pw, const char *term,
       child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
 
   /* Set variable for forwarded authentication connection, if we have one. */
-  if (get_permanent_fd(pw->pw_shell) < 0)
-    {
-      if (auth_get_socket_name() != NULL)
-	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 
-		      auth_get_socket_name());
-    }
-  else
-    if (auth_get_fd() >= 0)
-      {
-	snprintf(buf, sizeof buf, "%d", auth_get_fd());
-	child_set_env(&env, &envsize, SSH_AUTHFD_ENV_NAME, buf);
-      }
+  if (auth_get_socket_name() != NULL)
+      child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 
+		    auth_get_socket_name());
 
   /* Read $HOME/.ssh/environment. */
   snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);