From 7a7ea0c942ff782a12a7ba0d5a534c8e4a6f85ab Mon Sep 17 00:00:00 2001 From: "Andrey A. Chernov" Date: Sat, 6 Feb 1999 01:40:35 +0000 Subject: Use setusercontext() now to set all sort of login things including env. variables and priority! Enable light debugging for compatibility with -v option Don't print "No mail." - not in BSD login style. --- security/ssh2/Makefile | 4 +- security/ssh2/files/patch-ah | 93 ++++++++++++++++++++++++++++++++++++++++++-- security/ssh2/files/patch-ai | 46 ++++++++++++++++++++++ 3 files changed, 138 insertions(+), 5 deletions(-) create mode 100644 security/ssh2/files/patch-ai (limited to 'security') diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index c1f48e7c10fb..e8965b12fdfe 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -3,7 +3,7 @@ # Date created: 5 Oct 1998 # Whom: Issei Suzuki # -# $Id: Makefile,v 1.76 1999/02/05 06:11:31 ache Exp $ +# $Id: Makefile,v 1.75 1998/12/01 11:10:33 obrien Exp $ # # Maximal ssh2 package requires YES values for # USE_SSH1, USE_TCPWRAP @@ -20,7 +20,7 @@ RESTRICTED= "Crypto; export-controlled" GNU_CONFIGURE= YES -CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc +CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc --enable-debug #Uncomment if all your users are in their own group and their homedir #is writeable by that group. Beware the security implications! #CONFIGURE_ARGS+= --enable-group-writeability diff --git a/security/ssh2/files/patch-ah b/security/ssh2/files/patch-ah index 61bf08524171..91287aefae82 100644 --- a/security/ssh2/files/patch-ah +++ b/security/ssh2/files/patch-ah @@ -1,6 +1,81 @@ ---- apps/ssh/sshchsession.c.bak Mon Jan 18 13:32:24 1999 -+++ apps/ssh/sshchsession.c Fri Feb 5 08:49:14 1999 -@@ -628,12 +628,20 @@ +--- apps/ssh/sshchsession.c.orig Mon Jan 18 13:32:24 1999 ++++ apps/ssh/sshchsession.c Sat Feb 6 04:20:26 1999 +@@ -80,6 +80,11 @@ + #include + #endif /* ULIMIT_H */ + ++#ifdef HAVE_LOGIN_CAP_H ++#include ++extern char **environ; ++#endif ++ + #define SSH_DEBUG_MODULE "Ssh2ChannelSession" + + #define SSH_SESSION_INTERACTIVE_WINDOW 10000 +@@ -405,6 +410,62 @@ + if (getenv("TZ")) + ssh_child_set_env(envp, envsizep, "TZ", getenv("TZ")); + ++#ifdef HAVE_LOGIN_CAP_H ++ { ++ char *p, *s, **tmpenv; ++ struct passwd *pwd; ++ ++ pwd = getpwnam(user_name); ++ if (!pwd) ++ { ++ ssh_warning("Can't getpwnam %s: %s", user_name, strerror(errno)); ++ } ++ else ++ { ++ /* Save previous environment array ++ */ ++ tmpenv = environ; ++ environ = *envp; ++ ++ /* Set the user's login environment ++ */ ++ if (setusercontext(NULL, pwd, ++ ssh_user_uid(session->common->user_data), ++ LOGIN_SETPATH|LOGIN_SETENV) == 0) ++ { ++ p = getenv("PATH"); ++ s = ssh_xmalloc((p != NULL ? strlen(p) + 1 : 0) ++ + sizeof(SSH_BINDIR)); ++ *s = '\0'; ++ if (p != NULL) ++ { ++ strcat(s, p); ++ strcat(s, ":"); ++ } ++ strcat(s, SSH_BINDIR); ++ ++ *envp = environ; ++ environ = tmpenv; /* Restore parent environment */ ++ for (*envsizep = 0; (*envp)[*envsizep] != NULL; (*envsizep)++) ++ ; ++ (*envsizep)++; ++ (*envsizep) += 50; ++ (*envp) = ssh_xrealloc(*envp, (*envsizep) * sizeof(char *)); ++ ++ ssh_child_set_env(envp, envsizep, "PATH", s); ++ ssh_xfree(s); ++ } ++ else ++ { ++ *envp = environ; ++ environ = tmpenv; /* Restore parent environment */ ++ ssh_warning("Can't setusercontext env. variables: %s", strerror(errno)); ++ } ++ } ++ endpwent(); ++ } ++#endif /* HAVE_LOGIN_CAP_H */ ++ + /* Set SSH_CLIENT. */ + snprintf(buf, sizeof(buf), "%s %s %s %s", + session->common->remote_ip, session->common->remote_port, +@@ -628,12 +689,20 @@ char buff[100], *time_string; /* Check /etc/nologin. */ @@ -21,3 +96,15 @@ while (fgets(buf, sizeof(buf), f)) fputs(buf, stderr); fclose(f); +@@ -754,7 +823,11 @@ + { + struct stat mailbuf; + if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) ++#ifndef __FreeBSD__ + printf("No mail.\n"); ++#else ++ ; ++#endif + else if (mailbuf.st_atime > mailbuf.st_mtime) + printf("You have mail.\n"); + else diff --git a/security/ssh2/files/patch-ai b/security/ssh2/files/patch-ai new file mode 100644 index 000000000000..600c48ead9c8 --- /dev/null +++ b/security/ssh2/files/patch-ai @@ -0,0 +1,46 @@ +--- lib/sshsession/sshunixuser.c.orig Fri Jan 29 12:06:07 1999 ++++ lib/sshsession/sshunixuser.c Sat Feb 6 03:00:28 1999 +@@ -55,6 +55,10 @@ + #include "tcbc2.h" + #endif /* HAVE_OSF1_C2_SECURITY */ + ++#ifdef HAVE_LOGIN_CAP_H ++#include ++#endif /* HAVE_LOGIN_CAP_H */ ++ + extern char *crypt(const char *key, const char *salt); + + /* Data type to hold machine-specific user data. */ +@@ -713,6 +717,24 @@ + /* Set uid, gid, and groups. */ + if (getuid() == UID_ROOT || geteuid() == UID_ROOT) + { ++#ifdef HAVE_LOGIN_CAP_H ++ struct passwd *pwd; ++ ++ pwd = getpwnam(ssh_user_name(uc)); ++ if (!pwd) ++ { ++ ssh_debug("ssh_user_become: getpwnam: %s", strerror(errno)); ++ return FALSE; ++ } ++ if (setusercontext(NULL, pwd, ssh_user_uid(uc), ++ LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) != 0) ++ { ++ ssh_debug("ssh_user_become: setusercontext: %s", strerror(errno)); ++ return FALSE; ++ } ++ endpwent(); ++ endgrent(); ++#else + if (setgid(ssh_user_gid(uc)) < 0) + { + ssh_debug("ssh_user_become: setgid: %s", strerror(errno)); +@@ -745,6 +767,7 @@ + (int)ssh_user_uid(uc), strerror(errno)); + return FALSE; + } ++#endif /* HAVE_LOGIN_CAP_H */ + } + + if (getuid() != ssh_user_uid(uc) || geteuid() != ssh_user_uid(uc)) -- cgit v1.2.3