Use setusercontext() now to set all sort of login things including env.

variables and priority!
Enable light debugging for compatibility with -v option
Don't print "No mail." - not in BSD login style.

3 files changed, 138 insertions, 5 deletions

diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index c1f48e7c10fb..e8965b12fdfe 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -3,7 +3,7 @@
 # Date created:		5 Oct 1998
 # Whom:			Issei Suzuki <issei@jp.FreeBSD.ORG>
 #
-# $Id: Makefile,v 1.76 1999/02/05 06:11:31 ache Exp $
+# $Id: Makefile,v 1.75 1998/12/01 11:10:33 obrien Exp $
 #
 # Maximal ssh2 package requires YES values for
 # USE_SSH1, USE_TCPWRAP
@@ -20,7 +20,7 @@ RESTRICTED=	"Crypto; export-controlled"
 
 GNU_CONFIGURE=	YES
 
-CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
+CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc --enable-debug
 #Uncomment if all your users are in their own group and their homedir
 #is writeable by that group.  Beware the security implications!
 #CONFIGURE_ARGS+= --enable-group-writeability
diff --git a/security/ssh2/files/patch-ah b/security/ssh2/files/patch-ah
index 61bf08524171..91287aefae82 100644
--- a/security/ssh2/files/patch-ah
+++ b/security/ssh2/files/patch-ah
@@ -1,6 +1,81 @@
---- apps/ssh/sshchsession.c.bak	Mon Jan 18 13:32:24 1999
-+++ apps/ssh/sshchsession.c	Fri Feb  5 08:49:14 1999
-@@ -628,12 +628,20 @@
+--- apps/ssh/sshchsession.c.orig	Mon Jan 18 13:32:24 1999
++++ apps/ssh/sshchsession.c	Sat Feb  6 04:20:26 1999
+@@ -80,6 +80,11 @@
+ #include <ulimit.h>
+ #endif /* ULIMIT_H */
+ 
++#ifdef HAVE_LOGIN_CAP_H
++#include <login_cap.h>
++extern char **environ;
++#endif
++
+ #define SSH_DEBUG_MODULE "Ssh2ChannelSession"
+ 
+ #define SSH_SESSION_INTERACTIVE_WINDOW                 10000
+@@ -405,6 +410,62 @@
+   if (getenv("TZ"))
+     ssh_child_set_env(envp, envsizep, "TZ", getenv("TZ"));
+ 
++#ifdef HAVE_LOGIN_CAP_H
++   {
++    char *p, *s, **tmpenv;
++    struct passwd *pwd;
++
++    pwd = getpwnam(user_name);
++    if (!pwd)
++      {
++	ssh_warning("Can't getpwnam %s: %s", user_name, strerror(errno));
++      }
++    else
++      {
++      /* Save previous environment array
++       */
++      tmpenv = environ;
++      environ = *envp;
++
++      /* Set the user's login environment
++       */
++      if (setusercontext(NULL, pwd,
++			 ssh_user_uid(session->common->user_data),
++			 LOGIN_SETPATH|LOGIN_SETENV) == 0)
++	{
++	  p = getenv("PATH");
++	  s = ssh_xmalloc((p != NULL ? strlen(p) + 1 : 0)
++			  + sizeof(SSH_BINDIR));
++	  *s = '\0';
++	  if (p != NULL)
++	    {
++	      strcat(s, p);
++	      strcat(s, ":");
++	    }
++	  strcat(s, SSH_BINDIR);
++
++	  *envp = environ;
++	  environ = tmpenv; /* Restore parent environment */
++	  for (*envsizep = 0; (*envp)[*envsizep] != NULL; (*envsizep)++)
++	    ;
++	  (*envsizep)++;
++          (*envsizep) += 50;
++	  (*envp) = ssh_xrealloc(*envp, (*envsizep) * sizeof(char *));
++
++	  ssh_child_set_env(envp, envsizep, "PATH", s);
++	  ssh_xfree(s);
++	}
++      else
++	{
++	  *envp = environ;
++	  environ = tmpenv; /* Restore parent environment */
++	  ssh_warning("Can't setusercontext env. variables: %s", strerror(errno));
++	}
++      }
++    endpwent();
++  }
++#endif /* HAVE_LOGIN_CAP_H */
++
+   /* Set SSH_CLIENT. */
+   snprintf(buf, sizeof(buf), "%s %s %s %s",
+            session->common->remote_ip, session->common->remote_port,
+@@ -628,12 +689,20 @@
    char buff[100], *time_string;
    
    /* Check /etc/nologin. */
@@ -21,3 +96,15 @@
        while (fgets(buf, sizeof(buf), f))
          fputs(buf, stderr);
        fclose(f);
+@@ -754,7 +823,11 @@
+           {
+             struct stat mailbuf;
+             if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
++#ifndef __FreeBSD__
+               printf("No mail.\n");
++#else
++	      ;
++#endif
+             else if (mailbuf.st_atime > mailbuf.st_mtime)
+               printf("You have mail.\n");
+             else
diff --git a/security/ssh2/files/patch-ai b/security/ssh2/files/patch-ai
new file mode 100644
index 000000000000..600c48ead9c8
--- /dev/null
+++ b/security/ssh2/files/patch-ai
@@ -0,0 +1,46 @@
+--- lib/sshsession/sshunixuser.c.orig	Fri Jan 29 12:06:07 1999
++++ lib/sshsession/sshunixuser.c	Sat Feb  6 03:00:28 1999
+@@ -55,6 +55,10 @@
+ #include "tcbc2.h"
+ #endif /* HAVE_OSF1_C2_SECURITY */
+ 
++#ifdef HAVE_LOGIN_CAP_H
++#include <login_cap.h>
++#endif /* HAVE_LOGIN_CAP_H */
++
+ extern char *crypt(const char *key, const char *salt);
+ 
+ /* Data type to hold machine-specific user data. */
+@@ -713,6 +717,24 @@
+   /* Set uid, gid, and groups. */
+   if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
+     { 
++#ifdef HAVE_LOGIN_CAP_H
++    struct passwd *pwd;
++
++    pwd = getpwnam(ssh_user_name(uc));
++    if (!pwd)
++      {
++	ssh_debug("ssh_user_become: getpwnam: %s", strerror(errno));
++	return FALSE;
++      }
++    if (setusercontext(NULL, pwd, ssh_user_uid(uc),
++	LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) != 0)
++      {
++	    ssh_debug("ssh_user_become: setusercontext: %s", strerror(errno));
++	    return FALSE;
++      }
++    endpwent();
++    endgrent();
++#else
+       if (setgid(ssh_user_gid(uc)) < 0)
+         {
+           ssh_debug("ssh_user_become: setgid: %s", strerror(errno));
+@@ -745,6 +767,7 @@
+                     (int)ssh_user_uid(uc), strerror(errno));
+           return FALSE;
+         }
++#endif /* HAVE_LOGIN_CAP_H */
+     }
+   
+   if (getuid() != ssh_user_uid(uc) || geteuid() != ssh_user_uid(uc))