===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.109
retrieving revision 1.109.2.2
diff -u -r1.109 -r1.109.2.2
--- src/usr.bin/ssh/channels.c	2001/04/17 12:55:03	1.109
+++ src/usr.bin/ssh/channels.c	2001/06/21 23:45:23	1.109.2.2
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.109 2001/04/17 12:55:03 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.109.2.2 2001/06/21 23:45:23 jason Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -773,8 +773,9 @@
 
 		rtype = (c->type == SSH_CHANNEL_RPORT_LISTENER) ?
 		    "forwarded-tcpip" : "direct-tcpip";
-		nextstate = (c->host_port == 0) ? SSH_CHANNEL_DYNAMIC :
-		    SSH_CHANNEL_OPENING;
+		nextstate = (c->host_port == 0 &&
+		    c->type != SSH_CHANNEL_RPORT_LISTENER) ?
+		    SSH_CHANNEL_DYNAMIC : SSH_CHANNEL_OPENING;
 
 		addrlen = sizeof(addr);
 		newsock = accept(c->sock, &addr, &addrlen);
@@ -2524,10 +2525,17 @@
 /* removes the agent forwarding socket */
 
 void
-cleanup_socket(void)
+auth_sock_cleanup_proc(void *_pw)
 {
-	unlink(channel_forwarded_auth_socket_name);
-	rmdir(channel_forwarded_auth_socket_dir);
+	struct passwd *pw = _pw;
+
+	if (channel_forwarded_auth_socket_name) {
+		temporarily_use_uid(pw);
+		unlink(channel_forwarded_auth_socket_name);
+		rmdir(channel_forwarded_auth_socket_dir);
+		channel_forwarded_auth_socket_name = NULL;
+		restore_uid();
+	}
 }
 
 /*
@@ -2566,11 +2574,9 @@
 	snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
 		 channel_forwarded_auth_socket_dir, (int) getpid());
 
-	if (atexit(cleanup_socket) < 0) {
-		int saved = errno;
-		cleanup_socket();
-		packet_disconnect("socket: %.100s", strerror(saved));
-	}
+	/* delete agent socket on fatal() */
+	fatal_add_cleanup(auth_sock_cleanup_proc, pw);
+
 	/* Create the socket. */
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (sock < 0)