security/ssh/patches/patch-aq


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

$NetBSD: patch-aq,v 1.3 1999/08/17 15:24:42 sommerfeld Exp $

--- newchannels.c.orig	Wed May 12 07:19:27 1999
+++ newchannels.c	Tue Aug 17 10:49:25 1999
@@ -274,7 +274,7 @@
 #include "authfd.h"
 #include "emulate.h"
 #include "servconf.h"
-#ifdef LIBWRAP
+#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
 #include <tcpd.h>
 #include <syslog.h>
 #ifdef NEED_SYS_SYSLOG_H
@@ -922,6 +922,7 @@
           /* This is our fake X11 server socket. */
           if (FD_ISSET(ch->sock, readset))
             {
+              int on = 1;
               debug("X11 connection requested.");
               addrlen = sizeof(addr);
               newsock = accept(ch->sock, &addr, &addrlen);
@@ -930,11 +931,12 @@
                   error("accept: %.100s", strerror(errno));
                   break;
                 }
+              setsockopt(newsock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
               remote_hostname = get_remote_hostname(newsock);
               snprintf(buf, sizeof(buf), "X11 connection from %.200s port %d",
                       remote_hostname, get_peer_port(newsock));
               xfree(remote_hostname);
-#ifdef LIBWRAP
+#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
               {
                 struct request_info req;
                 struct servent *serv;
@@ -986,7 +988,7 @@
                        ch->listening_port, remote_hostname,
                        get_peer_port(newsock));
               xfree(remote_hostname);
-#ifdef LIBWRAP
+#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
               {
                 struct request_info req;
                 struct servent *serv;
@@ -1919,6 +1921,7 @@
   struct sockaddr_in sin;
   char buf[255], *cp, *remote_host;
   struct hostent *hp;
+  int on = 1;
 
   /* Get remote channel number. */
   remote_channel = packet_get_int();
@@ -2110,6 +2113,7 @@
 
  success:
   /* We have successfully obtained a connection to the real X display. */
+  setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
 
 #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN)
       (void)fcntl(sock, F_SETFL, O_NONBLOCK);
@@ -2412,6 +2416,10 @@
      ssh-agent connections on your system */
   old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
   
+  /* Make sure the socket doesn't already exist, left over from a system
+     crash perhaps. */
+  unlink(channel_forwarded_auth_socket_name);
+
   if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
     packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));