Add LOGIN_CAP abilities

Submitted by: davidn
author: Andrey A. Chernov <ache@FreeBSD.org> 1997-02-27 00:44:35 +0000
committer: Andrey A. Chernov <ache@FreeBSD.org> 1997-02-27 00:44:35 +0000
commit: 96a7483d0d87d40fa1f1630ba9b7e498593eb46f (patch)
tree: bb565cffbe49c50b37d60d2c535f3e29ab71ad16 /security/ssh
parent: Remove symlinks when port is deleted. (diff)
5 files changed, 237 insertions, 37 deletions
diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa
index 25f39d0b7062..468a7fc1e9cd 100644
--- a/security/ssh/files/patch-aa
+++ b/security/ssh/files/patch-aa
@@ -1,7 +1,7 @@
-*** make-ssh-known-hosts.pl.in.orig	Sun Feb 11 22:45:15 1996
---- make-ssh-known-hosts.pl.in	Sat Feb 17 17:55:08 1996
+*** make-ssh-known-hosts.pl.in.orig	Wed Oct 30 15:27:47 1996
+--- make-ssh-known-hosts.pl.in	Thu Jan 30 23:00:02 1997
 ***************
-*** 78,84 ****
+*** 81,87 ****
   $debug = 5;
   $defserver = '';
   $bell='\a';
@@ -9,7 +9,7 @@
   $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
   $timeout = 60;
   $ping_timeout = 3;
---- 78,84 ----
+--- 81,87 ----
   $debug = 5;
   $defserver = '';
   $bell='\a';
diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac
index 9f53e634b394..7c43f51d805e 100644
--- a/security/ssh/files/patch-ac
+++ b/security/ssh/files/patch-ac
@@ -1,7 +1,7 @@
-*** Makefile.in.old	Tue Oct 22 02:26:19 1996
---- Makefile.in	Tue Oct 22 02:30:18 1996
+*** Makefile.in.orig	Wed Oct 30 15:27:56 1996
+--- Makefile.in	Thu Jan 30 23:00:03 1997
 ***************
-*** 159,170 ****
+*** 188,199 ****
   SHELL = /bin/sh
   
   GMPDIR 		= gmp-2.0.2-ssh-2
@@ -14,7 +14,7 @@
   
   RSAREFDIR	= rsaref2
   RSAREFSRCDIR 	= $(RSAREFDIR)/source
---- 159,176 ----
+--- 188,205 ----
   SHELL = /bin/sh
   
   GMPDIR 		= gmp-2.0.2-ssh-2
@@ -34,7 +34,7 @@
   RSAREFDIR	= rsaref2
   RSAREFSRCDIR 	= $(RSAREFDIR)/source
 ***************
-*** 248,254 ****
+*** 275,281 ****
   	$(CC) -o rfc-pg rfc-pg.c
   
   .c.o:
@@ -42,7 +42,7 @@
   
   sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
   	-rm -f sshd
---- 254,260 ----
+--- 281,287 ----
   	$(CC) -o rfc-pg rfc-pg.c
   
   .c.o:
@@ -51,9 +51,9 @@
   sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
   	-rm -f sshd
 ***************
-*** 292,310 ****
-  	./gen_minfd $(USER_SHELLS) > minfd.h~
-  	mv -f minfd.h~ minfd.h
+*** 310,328 ****
+  	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
+  	chmod +x make-ssh-known-hosts
   
 ! GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
 ! 		mpz_mul.c mpz_cmp.c mpz_sqrtrem.c
@@ -71,9 +71,9 @@
   
   $(RSAREFSRCDIR)/librsaref.a:
   	-if test '!' -d $(RSAREFDIR); then \
---- 298,316 ----
-  	./gen_minfd $(USER_SHELLS) > minfd.h~
-  	mv -f minfd.h~ minfd.h
+--- 316,334 ----
+  	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
+  	chmod +x make-ssh-known-hosts
   
 ! #GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
 ! #		mpz_mul.c mpz_cmp.c mpz_sqrtrem.c
@@ -92,7 +92,7 @@
   $(RSAREFSRCDIR)/librsaref.a:
   	-if test '!' -d $(RSAREFDIR); then \
 ***************
-*** 361,367 ****
+*** 379,385 ****
   # (otherwise it can only log in as the user it runs as, and must be
   # bound to a non-privileged port).  Also, password authentication may
   # not be available if non-root and using shadow passwords.
@@ -100,7 +100,7 @@
   	$(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh
   	-if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \
   	  rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \
---- 367,373 ----
+--- 385,391 ----
   # (otherwise it can only log in as the user it runs as, and must be
   # bound to a non-privileged port).  Also, password authentication may
   # not be available if non-root and using shadow passwords.
@@ -109,7 +109,7 @@
   	-if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \
   	  rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \
 ***************
-*** 462,488 ****
+*** 480,506 ****
   
   clean:
   	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -137,7 +137,7 @@
   	tar pcf $(DISTNAME).tar $(DISTNAME)
   	-rm -f $(DISTNAME).tar.gz
   	gzip $(DISTNAME).tar
---- 468,494 ----
+--- 486,512 ----
   
   clean:
   	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -162,11 +162,11 @@
   #	cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
 ! #       tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -)
 ! #       cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a
-  	tar cf $(DISTNAME).tar $(DISTNAME)
+  	tar pcf $(DISTNAME).tar $(DISTNAME)
   	-rm -f $(DISTNAME).tar.gz
   	gzip $(DISTNAME).tar
 ***************
-*** 494,500 ****
+*** 512,518 ****
   	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null
   
   depend:
@@ -174,7 +174,7 @@
   
   tags:
   	find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a
---- 500,506 ----
+--- 518,524 ----
   	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null
   
   depend:
diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae
index 25506705b2ef..2529b300e864 100644
--- a/security/ssh/files/patch-ae
+++ b/security/ssh/files/patch-ae
@@ -1,5 +1,5 @@
-*** server_config.sample.bak	Fri Oct  4 17:00:43 1996
---- server_config.sample	Sat Nov  2 03:15:57 1996
+*** server_config.sample.orig	Wed Oct 30 15:27:55 1996
+--- server_config.sample	Thu Jan 30 23:00:04 1997
 ***************
 *** 15,21 ****
   FascistLogging no
diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af
index c5ae4062d8f1..cd99b4fcd418 100644
--- a/security/ssh/files/patch-af
+++ b/security/ssh/files/patch-af
@@ -1,8 +1,21 @@
-*** sshd.c.orig	Fri Oct  4 17:00:42 1996
---- sshd.c	Tue Nov 12 04:23:15 1996
+*** sshd.c.orig	Wed Oct 30 15:27:55 1996
+--- sshd.c	Fri Jan 31 00:36:15 1997
 ***************
-*** 2083,2088 ****
---- 2083,2098 ----
+*** 298,303 ****
+--- 298,307 ----
+  extern char *setlimits();
+  #endif
+  
++ #ifdef HAVE_LOGIN_CAP_H
++ #include <login_cap.h>
++ #endif
++ 
+  #ifdef _PATH_BSHELL
+  #define DEFAULT_SHELL		_PATH_BSHELL
+  #else
+***************
+*** 2108,2113 ****
+--- 2112,2127 ----
   	    printf("Last login: %s from %s\r\n", time_string, buf);
   	}
   
@@ -20,8 +33,8 @@
   	 disabled in server options.  Note that some machines appear to
   	 print it in /etc/profile or similar. */
 ***************
-*** 2099,2104 ****
---- 2109,2123 ----
+*** 2124,2129 ****
+--- 2138,2152 ----
   	      fclose(f);
   	    }
   	}
@@ -37,3 +50,190 @@
   
         /* Do common processing for the child, such as execing the command. */
         do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
+***************
+*** 2376,2382 ****
+    char *user_shell;
+    char *remote_ip;
+    int remote_port;
+!   
+    /* Check /etc/nologin. */
+    f = fopen("/etc/nologin", "r");
+    if (f)
+--- 2399,2412 ----
+    char *user_shell;
+    char *remote_ip;
+    int remote_port;
+! #ifdef HAVE_LOGIN_CAP_H
+!   login_cap_t *lc;
+!   char **tmpenv;
+!   char *real_shell;
+!   
+!   lc = login_getuserclass(pw);
+!   auth_checknologin(lc);
+! #else /* !HAVE_LOGIN_CAP_H */
+    /* Check /etc/nologin. */
+    f = fopen("/etc/nologin", "r");
+    if (f)
+***************
+*** 2390,2395 ****
+--- 2420,2426 ----
+        if (pw->pw_uid != 0)
+  	exit(254);
+      }
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+    if (command != NULL)
+      {
+***************
+*** 2402,2408 ****
+        else
+  	log_msg("executing remote command as user %.200s", pw->pw_name);
+      }
+!   
+  #ifdef HAVE_SETLOGIN
+    /* Set login name in the kernel.  Warning: setsid() must be called before
+       this. */
+--- 2433,2440 ----
+        else
+  	log_msg("executing remote command as user %.200s", pw->pw_name);
+      }
+! 
+! #ifndef HAVE_LOGIN_CAP_H
+  #ifdef HAVE_SETLOGIN
+    /* Set login name in the kernel.  Warning: setsid() must be called before
+       this. */
+***************
+*** 2417,2422 ****
+--- 2449,2455 ----
+    if (setpcred((char *)pw->pw_name, NULL))
+      log_msg("setpcred %.100s: %.100s", strerror(errno));
+  #endif /* HAVE_USERSEC_H */
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+    /* Save some data that will be needed so that we can do certain cleanups
+       before we switch to user's uid.  (We must clear all sensitive data 
+***************
+*** 2474,2479 ****
+--- 2507,2553 ----
+        close(i);
+      }
+  
++ #ifdef HAVE_LOGIN_CAP_H
++   /* Save previous environment array
++    */
++   tmpenv = environ;
++   /* Initialize the new environment.
++    */
++   envsize = 64;
++   environ = env = xmalloc(envsize * sizeof(char *));
++   env[0] = NULL;
++ 
++   child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
++ 
++   /* Let it inherit timezone if we have one. */
++   if (getenv("TZ"))
++     child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++ 
++ #ifdef MAIL_SPOOL_DIRECTORY
++   sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
++   child_set_env(&env, &envsize, "MAIL", buf);
++ #else /* MAIL_SPOOL_DIRECTORY */
++ #ifdef MAIL_SPOOL_FILE
++   sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
++   child_set_env(&env, &envsize, "MAIL", buf);
++ #endif /* MAIL_SPOOL_FILE */
++ #endif /* MAIL_SPOOL_DIRECTORY */
++ 
++   /* Set the user's login environment
++    */
++   if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
++     {
++       perror("setgid");
++       exit(1);
++     }
++   env = environ;
++   environ = tmpenv; /* Restore parent environment */
++   for (envsize = 0; env[envsize] != NULL; ++envsize)
++     ;
++   /* Reallocate this to what is expected */
++   envsize = (envsize < 100) ? 100 : envsize + 16;
++   env = xrealloc(env, envsize * sizeof(char *));
++ #else /* !HAVE_LOGIN_CAP_H */
+    /* At this point, this process should no longer be holding any confidential
+       information, as changing uid below will permit the user to attach with
+       a debugger on some machines. */
+***************
+*** 2514,2519 ****
+--- 2588,2594 ----
+  
+    if (getuid() != user_uid || geteuid() != user_uid)
+      fatal("Failed to set uids to %d.", (int)user_uid);
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+    /* Reset signals to their default settings before starting the user
+       process. */
+***************
+*** 2523,2538 ****
+--- 2598,2621 ----
+       and means /bin/sh. */
+    shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
+  
++ #ifdef HAVE_LOGIN_CAP_H
++   real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
++ #else /* !HAVE_LOGIN_CAP_H */
+    /* Initialize the environment.  In the first part we allocate space for
+       all environment variables. */
+    envsize = 100;
+    env = xmalloc(envsize * sizeof(char *));
+    env[0] = NULL;
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+    /* Set basic environment. */
+    child_set_env(&env, &envsize, "USER", user_name);
+    child_set_env(&env, &envsize, "LOGNAME", user_name);
+    child_set_env(&env, &envsize, "HOME", user_dir);
++ 
++ #ifdef HAVE_LOGIN_CAP_H
++   login_close(lc);
++ #else /* !HAVE_LOGIN_CAP_H */
+    child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
+  
+    /* Let it inherit timezone if we have one. */
+***************
+*** 2548,2553 ****
+--- 2631,2637 ----
+    child_set_env(&env, &envsize, "MAIL", buf);
+  #endif /* MAIL_SPOOL_FILE */
+  #endif /* MAIL_SPOOL_DIRECTORY */
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+  #ifdef HAVE_ETC_DEFAULT_LOGIN
+    /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
+***************
+*** 2710,2716 ****
+--- 2794,2804 ----
+        /* Execute the shell. */
+        argv[0] = buf;
+        argv[1] = NULL;
++ #ifdef HAVE_LOGIN_CAP_H
++       execve(real_shell, argv, env);
++ #else
+        execve(shell, argv, env);
++ #endif /* HAVE_LOGIN_CAP_H */
+        /* Executing the shell failed. */
+        perror(shell);
+        exit(1);
+***************
+*** 2722,2728 ****
+--- 2810,2820 ----
+    argv[1] = "-c";
+    argv[2] = (char *)command;
+    argv[3] = NULL;
++ #ifdef HAVE_LOGIN_CAP_H
++   execve(real_shell, argv, env);
++ #else
+    execve(shell, argv, env);
++ #endif /* HAVE_LOGIN_CAP_H */
+    perror(shell);
+    exit(1);
+  }
diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al
index cdda2b13b478..9fd18168138a 100644
--- a/security/ssh/files/patch-al
+++ b/security/ssh/files/patch-al
@@ -1,8 +1,8 @@
-*** sshconnect.c.dist	Thu Jun  6 21:47:06 1996
---- sshconnect.c	Mon Aug 12 13:26:46 1996
+*** sshconnect.c.orig	Thu Jan 30 23:00:03 1997
+--- sshconnect.c	Thu Jan 30 23:00:04 1997
 ***************
-*** 235,240 ****
---- 235,246 ----
+*** 239,244 ****
+--- 239,250 ----
       {
         struct sockaddr_in sin;
         int p;
@@ -16,8 +16,8 @@
   	{
   	  sock = socket(AF_INET, SOCK_STREAM, 0);
 ***************
-*** 262,267 ****
---- 267,273 ----
+*** 266,271 ****
+--- 272,278 ----
   	    }
   	  fatal("bind: %.100s", strerror(errno));
   	}
author	Andrey A. Chernov <ache@FreeBSD.org>	1997-02-27 00:44:35 +0000
committer	Andrey A. Chernov <ache@FreeBSD.org>	1997-02-27 00:44:35 +0000
commit	96a7483d0d87d40fa1f1630ba9b7e498593eb46f (patch)
tree	bb565cffbe49c50b37d60d2c535f3e29ab71ad16 /security/ssh
parent	Remove symlinks when port is deleted. (diff)