diff options
Diffstat (limited to 'security/ssh2/files/patch-af')
| -rw-r--r-- | security/ssh2/files/patch-af | 156 |
1 files changed, 121 insertions, 35 deletions
diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index bd1982e6e60a..81068869685f 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Thu Mar 27 09:04:08 1997 ---- sshd.c Sat Mar 29 02:11:03 1997 +*** sshd.c.orig Sun Apr 6 03:57:00 1997 +--- sshd.c Wed Apr 16 23:27:28 1997 *************** -*** 370,375 **** ---- 370,379 ---- +*** 379,384 **** +--- 379,388 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,18 +14,76 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2697,2702 **** ---- 2701,2716 ---- +*** 2617,2622 **** +--- 2621,2629 ---- + struct sockaddr_in from; + int fromlen; + struct pty_cleanup_context cleanup_context; ++ #ifdef HAVE_LOGIN_CAP_H ++ login_cap_t *lc; ++ #endif + + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +*************** +*** 2688,2698 **** + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, + &from); + + /* Check if .hushlogin exists. Note that we cannot use userfile + here because we are in the child. */ + sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; +! + /* If the user has logged in before, display the time of last login. + However, don't display anything extra if a command has been + specified (so that ssh can be used to execute commands on a remote +--- 2695,2713 ---- + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, + &from); + ++ #ifdef HAVE_LOGIN_CAP_H ++ lc = login_getclass(pw); ++ #endif ++ + /* Check if .hushlogin exists. Note that we cannot use userfile + here because we are in the child. */ + sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; +! +! #ifdef HAVE_LOGIN_CAP_H +! quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); +! #endif +! + /* If the user has logged in before, display the time of last login. + However, don't display anything extra if a command has been + specified (so that ssh can be used to execute commands on a remote +*************** +*** 2712,2717 **** +--- 2727,2755 ---- printf("Last login: %s from %s\r\n", time_string, buf); } + #ifdef __FreeBSD__ + if (command == NULL && !quiet_login) + { -+ printf("%s\n\t%s %s\n\n", ++ #ifdef HAVE_LOGIN_CAP_H ++ char *cw; ++ FILE *f; ++ ++ cw = login_getcapstr(lc, "copyright", NULL, NULL); ++ if (cw != NULL && (f = fopen(cw, "r")) != NULL) ++ { ++ while (fgets(line, sizeof(line), f)) ++ fputs(line, stdout); ++ fclose(f); ++ } ++ else ++ #endif ++ printf("%s\n\t%s %s\n\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", -+ "The Regents of the University of California. ", -+ "All rights reserved."); ++ "The Regents of the University of California. ", ++ "All rights reserved."); + } + #endif + @@ -33,25 +91,53 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2714,2719 **** ---- 2728,2742 ---- +*** 2721,2727 **** +--- 2759,2769 ---- + FILE *f; + + /* Print /etc/motd if it exists. */ ++ #ifdef HAVE_LOGIN_CAP_H ++ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); ++ #else + f = fopen("/etc/motd", "r"); ++ #endif + if (f) + { + while (fgets(line, sizeof(line), f)) +*************** +*** 2729,2734 **** +--- 2771,2799 ---- fclose(f); } } + #ifdef __FreeBSD__ + if (command == NULL && !quiet_login) + { ++ #ifdef HAVE_LOGIN_CAP_H ++ char *mp = getenv("MAIL"); ++ ++ if (mp != NULL) ++ { ++ strncpy(line, mp, sizeof line); ++ line[sizeof line - 1] = '\0'; ++ } ++ else ++ #endif + sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name); + if (stat(line, &st) == 0 && st.st_size != 0) + printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); + } + #endif ++ ++ #ifdef HAVE_LOGIN_CAP_H ++ login_close(lc); ++ #endif /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2969,2975 **** +*** 2986,2992 **** char *user_shell; char *remote_ip; int remote_port; @@ -59,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 2992,3004 ---- +--- 3051,3063 ---- char *user_shell; char *remote_ip; int remote_port; @@ -74,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 2983,2988 **** ---- 3012,3018 ---- +*** 3000,3005 **** +--- 3071,3077 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -84,7 +170,7 @@ if (command != NULL) { *************** -*** 2995,3001 **** +*** 3012,3018 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -92,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3025,3032 ---- +--- 3084,3091 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -102,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3016,3021 **** ---- 3047,3053 ---- +*** 3033,3038 **** +--- 3106,3112 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -112,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3086,3091 **** ---- 3118,3181 ---- +*** 3103,3108 **** +--- 3177,3240 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -179,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3117,3122 **** ---- 3207,3213 ---- +*** 3134,3139 **** +--- 3266,3272 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -189,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3127,3137 **** ---- 3218,3233 ---- +*** 3144,3154 **** +--- 3277,3292 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -208,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3141,3146 **** ---- 3237,3244 ---- +*** 3158,3163 **** +--- 3296,3303 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -219,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3152,3157 **** ---- 3250,3256 ---- +*** 3169,3174 **** +--- 3309,3315 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -229,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3167,3175 **** ---- 3266,3276 ---- +*** 3184,3192 **** +--- 3325,3335 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -243,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3389,3395 **** ---- 3490,3500 ---- +*** 3406,3412 **** +--- 3549,3559 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -257,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3410,3416 **** ---- 3515,3525 ---- +*** 3427,3433 **** +--- 3574,3584 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; |