summaryrefslogtreecommitdiff
path: root/security/ssh/files/patch-af
diff options
context:
space:
mode:
Diffstat (limited to 'security/ssh/files/patch-af')
-rw-r--r--security/ssh/files/patch-af223
1 files changed, 128 insertions, 95 deletions
diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af
index cd99b4fcd418..bd1982e6e60a 100644
--- a/security/ssh/files/patch-af
+++ b/security/ssh/files/patch-af
@@ -1,9 +1,9 @@
-*** sshd.c.orig Wed Oct 30 15:27:55 1996
---- sshd.c Fri Jan 31 00:36:15 1997
+*** sshd.c.orig Thu Mar 27 09:04:08 1997
+--- sshd.c Sat Mar 29 02:11:03 1997
***************
-*** 298,303 ****
---- 298,307 ----
- extern char *setlimits();
+*** 370,375 ****
+--- 370,379 ----
+ #include "firewall.h" /* TIS authsrv authentication */
#endif
+ #ifdef HAVE_LOGIN_CAP_H
@@ -14,8 +14,8 @@
#define DEFAULT_SHELL _PATH_BSHELL
#else
***************
-*** 2108,2113 ****
---- 2112,2127 ----
+*** 2697,2702 ****
+--- 2701,2716 ----
printf("Last login: %s from %s\r\n", time_string, buf);
}
@@ -33,8 +33,8 @@
disabled in server options. Note that some machines appear to
print it in /etc/profile or similar. */
***************
-*** 2124,2129 ****
---- 2138,2152 ----
+*** 2714,2719 ****
+--- 2728,2742 ----
fclose(f);
}
}
@@ -51,7 +51,7 @@
/* Do common processing for the child, such as execing the command. */
do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
***************
-*** 2376,2382 ****
+*** 2969,2975 ****
char *user_shell;
char *remote_ip;
int remote_port;
@@ -59,13 +59,12 @@
/* Check /etc/nologin. */
f = fopen("/etc/nologin", "r");
if (f)
---- 2399,2412 ----
+--- 2992,3004 ----
char *user_shell;
char *remote_ip;
int remote_port;
! #ifdef HAVE_LOGIN_CAP_H
! login_cap_t *lc;
-! char **tmpenv;
! char *real_shell;
!
! lc = login_getuserclass(pw);
@@ -75,9 +74,9 @@
f = fopen("/etc/nologin", "r");
if (f)
***************
-*** 2390,2395 ****
---- 2420,2426 ----
- if (pw->pw_uid != 0)
+*** 2983,2988 ****
+--- 3012,3018 ----
+ if (pw->pw_uid != UID_ROOT)
exit(254);
}
+ #endif /* HAVE_LOGIN_CAP_H */
@@ -85,7 +84,7 @@
if (command != NULL)
{
***************
-*** 2402,2408 ****
+*** 2995,3001 ****
else
log_msg("executing remote command as user %.200s", pw->pw_name);
}
@@ -93,7 +92,7 @@
#ifdef HAVE_SETLOGIN
/* Set login name in the kernel. Warning: setsid() must be called before
this. */
---- 2433,2440 ----
+--- 3025,3032 ----
else
log_msg("executing remote command as user %.200s", pw->pw_name);
}
@@ -103,83 +102,101 @@
/* Set login name in the kernel. Warning: setsid() must be called before
this. */
***************
-*** 2417,2422 ****
---- 2449,2455 ----
+*** 3016,3021 ****
+--- 3047,3053 ----
if (setpcred((char *)pw->pw_name, NULL))
log_msg("setpcred %.100s: %.100s", strerror(errno));
#endif /* HAVE_USERSEC_H */
-+ #endif /* HAVE_LOGIN_CAP_H */
++ #endif /* !HAVE_LOGIN_CAP_H */
/* Save some data that will be needed so that we can do certain cleanups
before we switch to user's uid. (We must clear all sensitive data
***************
-*** 2474,2479 ****
---- 2507,2553 ----
- close(i);
- }
-
+*** 3086,3091 ****
+--- 3118,3181 ----
+ if (command != NULL || !options.use_login)
+ #endif /* USELOGIN */
+ {
+ #ifdef HAVE_LOGIN_CAP_H
-+ /* Save previous environment array
-+ */
-+ tmpenv = environ;
-+ /* Initialize the new environment.
-+ */
-+ envsize = 64;
-+ environ = env = xmalloc(envsize * sizeof(char *));
-+ env[0] = NULL;
++ char *p, *s, **tmpenv;
+
-+ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
++ /* Save previous environment array
++ */
++ tmpenv = environ;
++ /* Initialize the new environment.
++ */
++ envsize = 64;
++ environ = env = xmalloc(envsize * sizeof(char *));
++ env[0] = NULL;
+
-+ /* Let it inherit timezone if we have one. */
-+ if (getenv("TZ"))
-+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH);
+
+ #ifdef MAIL_SPOOL_DIRECTORY
-+ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
-+ child_set_env(&env, &envsize, "MAIL", buf);
++ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
++ child_set_env(&env, &envsize, "MAIL", buf);
+ #else /* MAIL_SPOOL_DIRECTORY */
+ #ifdef MAIL_SPOOL_FILE
-+ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
-+ child_set_env(&env, &envsize, "MAIL", buf);
++ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
++ child_set_env(&env, &envsize, "MAIL", buf);
+ #endif /* MAIL_SPOOL_FILE */
+ #endif /* MAIL_SPOOL_DIRECTORY */
+
-+ /* Set the user's login environment
-+ */
-+ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
-+ {
-+ perror("setgid");
-+ exit(1);
-+ }
-+ env = environ;
-+ environ = tmpenv; /* Restore parent environment */
-+ for (envsize = 0; env[envsize] != NULL; ++envsize)
-+ ;
-+ /* Reallocate this to what is expected */
-+ envsize = (envsize < 100) ? 100 : envsize + 16;
-+ env = xrealloc(env, envsize * sizeof(char *));
++ /* Let it inherit timezone if we have one. */
++ if (getenv("TZ"))
++ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++
++ /* Set the user's login environment
++ */
++ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
++ {
++ perror("setusercontext");
++ exit(1);
++ }
++
++ p = getenv("PATH");
++ s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR));
++ *s = '\0';
++ if (p != NULL)
++ {
++ strcat(s, p);
++ strcat(s, ":");
++ }
++ strcat(s, SSH_BINDIR);
++
++ env = environ;
++ environ = tmpenv; /* Restore parent environment */
++ for (envsize = 0; env[envsize] != NULL; ++envsize)
++ ;
++ /* Reallocate this to what is expected */
++ envsize = (envsize < 100) ? 100 : envsize + 16;
++ env = xrealloc(env, envsize * sizeof(char *));
++
++ child_set_env(&env, &envsize, "PATH", s);
++ xfree(s);
++
+ #else /* !HAVE_LOGIN_CAP_H */
- /* At this point, this process should no longer be holding any confidential
- information, as changing uid below will permit the user to attach with
- a debugger on some machines. */
+ /* Set uid, gid, and groups. */
+ if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
+ {
***************
-*** 2514,2519 ****
---- 2588,2594 ----
-
- if (getuid() != user_uid || geteuid() != user_uid)
- fatal("Failed to set uids to %d.", (int)user_uid);
+*** 3117,3122 ****
+--- 3207,3213 ----
+
+ if (getuid() != user_uid || geteuid() != user_uid)
+ fatal("Failed to set uids to %d.", (int)user_uid);
+ #endif /* HAVE_LOGIN_CAP_H */
-
+ }
+
/* Reset signals to their default settings before starting the user
- process. */
***************
-*** 2523,2538 ****
---- 2598,2621 ----
+*** 3127,3137 ****
+--- 3218,3233 ----
and means /bin/sh. */
shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
+ #ifdef HAVE_LOGIN_CAP_H
+ real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
++ login_close(lc);
+ #else /* !HAVE_LOGIN_CAP_H */
/* Initialize the environment. In the first part we allocate space for
all environment variables. */
@@ -188,44 +205,60 @@
env[0] = NULL;
+ #endif /* HAVE_LOGIN_CAP_H */
- /* Set basic environment. */
- child_set_env(&env, &envsize, "USER", user_name);
- child_set_env(&env, &envsize, "LOGNAME", user_name);
- child_set_env(&env, &envsize, "HOME", user_dir);
+ #ifdef USELOGIN
+ if (command != NULL || !options.use_login)
+***************
+*** 3141,3146 ****
+--- 3237,3244 ----
+ child_set_env(&env, &envsize, "HOME", user_dir);
+ child_set_env(&env, &envsize, "USER", user_name);
+ child_set_env(&env, &envsize, "LOGNAME", user_name);
+
-+ #ifdef HAVE_LOGIN_CAP_H
-+ login_close(lc);
-+ #else /* !HAVE_LOGIN_CAP_H */
- child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
-
- /* Let it inherit timezone if we have one. */
++ #ifndef HAVE_LOGIN_CAP_H
+ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
+
+ #ifdef MAIL_SPOOL_DIRECTORY
***************
-*** 2548,2553 ****
---- 2631,2637 ----
- child_set_env(&env, &envsize, "MAIL", buf);
+*** 3152,3157 ****
+--- 3250,3256 ----
+ child_set_env(&env, &envsize, "MAIL", buf);
#endif /* MAIL_SPOOL_FILE */
#endif /* MAIL_SPOOL_DIRECTORY */
-+ #endif /* HAVE_LOGIN_CAP_H */
-
++ #endif /* !HAVE_LOGIN_CAP_H */
+
#ifdef HAVE_ETC_DEFAULT_LOGIN
- /* Read /etc/default/login; this exists at least on Solaris 2.x. Note
+ /* Read /etc/default/login; this exists at least on Solaris 2.x. Note
+***************
+*** 3167,3175 ****
+--- 3266,3276 ----
+ child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
+ original_command);
+
++ #ifndef HAVE_LOGIN_CAP_H
+ /* Let it inherit timezone if we have one. */
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++ #endif /* !HAVE_LOGIN_CAP_H */
+
+ /* Set custom environment options from RSA authentication. */
+ while (custom_environment)
***************
-*** 2710,2716 ****
---- 2794,2804 ----
- /* Execute the shell. */
- argv[0] = buf;
- argv[1] = NULL;
+*** 3389,3395 ****
+--- 3490,3500 ----
+ /* Execute the shell. */
+ argv[0] = buf;
+ argv[1] = NULL;
+ #ifdef HAVE_LOGIN_CAP_H
-+ execve(real_shell, argv, env);
++ execve(real_shell, argv, env);
+ #else
- execve(shell, argv, env);
+ execve(shell, argv, env);
+ #endif /* HAVE_LOGIN_CAP_H */
- /* Executing the shell failed. */
- perror(shell);
- exit(1);
+ /* Executing the shell failed. */
+ perror(shell);
+ exit(1);
***************
-*** 2722,2728 ****
---- 2810,2820 ----
+*** 3410,3416 ****
+--- 3515,3525 ----
argv[1] = "-c";
argv[2] = (char *)command;
argv[3] = NULL;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-03 15:30:32 +0000