diff options
| author | Andrey A. Chernov <ache@FreeBSD.org> | 1997-03-28 23:30:39 +0000 |
|---|---|---|
| committer | Andrey A. Chernov <ache@FreeBSD.org> | 1997-03-28 23:30:39 +0000 |
| commit | 797920ff495ca74bc81dfdeeba311a7815d669f3 (patch) | |
| tree | c40578853dc42c17bf228e976d0e8f37cc5bbef9 /security/ssh/files | |
| parent | 3a3bd81f8a763504dd2a69161412c15d6b70587b (diff) | |
| download | ports-797920ff495ca74bc81dfdeeba311a7815d669f3.tar.gz ports-797920ff495ca74bc81dfdeeba311a7815d669f3.zip | |
Upgrade to 1.2.18
Notes
Notes:
svn path=/head/; revision=6051
Diffstat (limited to 'security/ssh/files')
| -rw-r--r-- | security/ssh/files/patch-aa | 8 | ||||
| -rw-r--r-- | security/ssh/files/patch-ac | 90 | ||||
| -rw-r--r-- | security/ssh/files/patch-ad | 32 | ||||
| -rw-r--r-- | security/ssh/files/patch-ae | 8 | ||||
| -rw-r--r-- | security/ssh/files/patch-af | 223 | ||||
| -rw-r--r-- | security/ssh/files/patch-al | 12 |
6 files changed, 187 insertions, 186 deletions
diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa index 468a7fc1e9cd..3ef8ce98cc1e 100644 --- a/security/ssh/files/patch-aa +++ b/security/ssh/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Wed Oct 30 15:27:47 1996 ---- make-ssh-known-hosts.pl.in Thu Jan 30 23:00:02 1997 +*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997 +--- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997 *************** -*** 81,87 **** +*** 84,90 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 81,87 ---- +--- 84,90 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac index 7c43f51d805e..31084324b943 100644 --- a/security/ssh/files/patch-ac +++ b/security/ssh/files/patch-ac @@ -1,57 +1,57 @@ -*** Makefile.in.orig Wed Oct 30 15:27:56 1996 ---- Makefile.in Thu Jan 30 23:00:03 1997 +*** Makefile.in.orig Thu Mar 27 09:04:06 1997 +--- Makefile.in Fri Mar 28 15:36:08 1997 *************** -*** 188,199 **** +*** 225,236 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 ! GMPLIBS = -L$(GMPDIR) -lgmp ! GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a - ZLIBDIR = zlib-1.0.3 + ZLIBDIR = zlib-1.0.4 ! ZLIBDEP = $(ZLIBDIR)/libz.a ! ZLIBLIBS = -L$(ZLIBDIR) -lz RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 188,205 ---- +--- 225,242 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 ! # We have the same libgmp in the system, so use it instead ! GMPINCDIR = /usr/include ! GMPLIBDIR = /usr/lib -! GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a -! GMPLIBS = -L$(GMPLIBDIR) -lgmp +! GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a +! GMPLIBS = -L$(GMPLIBDIR) -lgmp - ZLIBDIR = zlib-1.0.3 -! # We have newer libz in the system, so use it instead -! ZLIBINCDIR = /usr/include -! ZLIBLIBDIR = /usr/lib -! ZLIBDEP = $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a -! ZLIBLIBS = -L$(ZLIBLIBDIR) -lz + ZLIBDIR = zlib-1.0.4 +! # We have the same libz in the system, so use it instead +! ZLIBINCDIR = /usr/include +! ZLIBLIBDIR = /usr/lib +! ZLIBDEP = $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a +! ZLIBLIBS = -L$(ZLIBLIBDIR) -lz RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 275,281 **** - $(CC) -o rfc-pg rfc-pg.c +*** 324,330 **** + $(CC) -o rfc-pg rfc-pg.o .c.o: -! $(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $< +! $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 281,287 ---- - $(CC) -o rfc-pg rfc-pg.c +--- 330,336 ---- + $(CC) -o rfc-pg rfc-pg.o .c.o: -! $(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $< +! $(CC) -c -I. $(KERBEROS_INCS) -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 310,328 **** +*** 361,379 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 316,334 ---- +--- 367,385 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,24 +92,24 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 379,385 **** +*** 430,436 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs generate-host-key install-configs - $(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ ---- 385,391 ---- +--- 436,442 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs install-configs - $(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ *************** -*** 480,506 **** +*** 531,557 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -127,58 +127,58 @@ -rm -rf $(DISTNAME) -mkdir $(DISTNAME) cp $(DISTFILES) $(DISTNAME) - -rm $(DISTNAME)/config.h -! tar pcf - $(GMPDIR) | (cd $(DISTNAME); tar pxf -) -! cd $(DISTNAME)/$(GMPDIR); $(MAKE) distclean + for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done +! (cd $(GMPDIR); make dist) +! gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -! tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -) -! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a +! (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 486,512 ---- +--- 537,563 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg -! # cd $(GMPDIR); $(MAKE) clean +! # cd $(GMPDIR); $(MAKE) clean # cd $(RSAREFSRCDIR); rm -f *.o *.a ! # cd $(ZLIBDIR); $(MAKE) clean distclean: clean -rm -f Makefile config.status config.cache config.log config.h -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 -! # cd $(GMPDIR); $(MAKE) distclean +! # cd $(GMPDIR); $(MAKE) distclean ! # cd $(ZLIBDIR); $(MAKE) distclean dist: -rm -rf $(DISTNAME) -mkdir $(DISTNAME) cp $(DISTFILES) $(DISTNAME) - -rm $(DISTNAME)/config.h -! # tar pcf - $(GMPDIR) | (cd $(DISTNAME); tar pxf -) -! # cd $(DISTNAME)/$(GMPDIR); $(MAKE) distclean + for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done +! # (cd $(GMPDIR); make dist) +! # gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -! # tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -) -! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a +! # (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 512,518 **** - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null +*** 563,569 **** + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: ! $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) tags: - find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a ---- 518,524 ---- - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null + -rm -f TAGS +--- 569,575 ---- + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: ! $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) tags: - find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a + -rm -f TAGS diff --git a/security/ssh/files/patch-ad b/security/ssh/files/patch-ad deleted file mode 100644 index 5eeb34a2e22e..000000000000 --- a/security/ssh/files/patch-ad +++ /dev/null @@ -1,32 +0,0 @@ -*** sshconnect.c.orig Wed Oct 16 10:10:26 1996 ---- sshconnect.c Wed Oct 16 10:23:49 1996 -*************** -*** 797,802 **** ---- 797,803 ---- - char buf[256], remote_version[256]; /* must be same size! */ - int remote_major, remote_minor, i; - int my_major, my_minor; -+ int len; - int connection_in = packet_get_connection_in(); - int connection_out = packet_get_connection_out(); - -*************** -*** 803,809 **** - /* Read other side\'s version identification. */ - for (i = 0; i < sizeof(buf) - 1; i++) - { -! if (read(connection_in, &buf[i], 1) != 1) - fatal("read: %.100s", strerror(errno)); - if (buf[i] == '\r') - { ---- 804,813 ---- - /* Read other side\'s version identification. */ - for (i = 0; i < sizeof(buf) - 1; i++) - { -! len = read(connection_in, &buf[i], 1); -! if (len == 0) -! fatal("Connection closed by foreign host."); -! else if (len < 0) - fatal("read: %.100s", strerror(errno)); - if (buf[i] == '\r') - {
\ No newline at end of file diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae index 2529b300e864..6c0ffecd0ddd 100644 --- a/security/ssh/files/patch-ae +++ b/security/ssh/files/patch-ae @@ -1,7 +1,7 @@ -*** server_config.sample.orig Wed Oct 30 15:27:55 1996 ---- server_config.sample Thu Jan 30 23:00:04 1997 +*** server_config.sample.orig Thu Mar 27 09:04:06 1997 +--- server_config.sample Fri Mar 28 15:45:53 1997 *************** -*** 15,21 **** +*** 16,22 **** FascistLogging no PrintMotd yes KeepAlive yes @@ -9,7 +9,7 @@ RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes ---- 15,21 ---- +--- 16,22 ---- FascistLogging no PrintMotd yes KeepAlive yes diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af index cd99b4fcd418..bd1982e6e60a 100644 --- a/security/ssh/files/patch-af +++ b/security/ssh/files/patch-af @@ -1,9 +1,9 @@ -*** sshd.c.orig Wed Oct 30 15:27:55 1996 ---- sshd.c Fri Jan 31 00:36:15 1997 +*** sshd.c.orig Thu Mar 27 09:04:08 1997 +--- sshd.c Sat Mar 29 02:11:03 1997 *************** -*** 298,303 **** ---- 298,307 ---- - extern char *setlimits(); +*** 370,375 **** +--- 370,379 ---- + #include "firewall.h" /* TIS authsrv authentication */ #endif + #ifdef HAVE_LOGIN_CAP_H @@ -14,8 +14,8 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2108,2113 **** ---- 2112,2127 ---- +*** 2697,2702 **** +--- 2701,2716 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -33,8 +33,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2124,2129 **** ---- 2138,2152 ---- +*** 2714,2719 **** +--- 2728,2742 ---- fclose(f); } } @@ -51,7 +51,7 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2376,2382 **** +*** 2969,2975 **** char *user_shell; char *remote_ip; int remote_port; @@ -59,13 +59,12 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 2399,2412 ---- +--- 2992,3004 ---- char *user_shell; char *remote_ip; int remote_port; ! #ifdef HAVE_LOGIN_CAP_H ! login_cap_t *lc; -! char **tmpenv; ! char *real_shell; ! ! lc = login_getuserclass(pw); @@ -75,9 +74,9 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 2390,2395 **** ---- 2420,2426 ---- - if (pw->pw_uid != 0) +*** 2983,2988 **** +--- 3012,3018 ---- + if (pw->pw_uid != UID_ROOT) exit(254); } + #endif /* HAVE_LOGIN_CAP_H */ @@ -85,7 +84,7 @@ if (command != NULL) { *************** -*** 2402,2408 **** +*** 2995,3001 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -93,7 +92,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 2433,2440 ---- +--- 3025,3032 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -103,83 +102,101 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 2417,2422 **** ---- 2449,2455 ---- +*** 3016,3021 **** +--- 3047,3053 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ -+ #endif /* HAVE_LOGIN_CAP_H */ ++ #endif /* !HAVE_LOGIN_CAP_H */ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 2474,2479 **** ---- 2507,2553 ---- - close(i); - } - +*** 3086,3091 **** +--- 3118,3181 ---- + if (command != NULL || !options.use_login) + #endif /* USELOGIN */ + { + #ifdef HAVE_LOGIN_CAP_H -+ /* Save previous environment array -+ */ -+ tmpenv = environ; -+ /* Initialize the new environment. -+ */ -+ envsize = 64; -+ environ = env = xmalloc(envsize * sizeof(char *)); -+ env[0] = NULL; ++ char *p, *s, **tmpenv; + -+ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); ++ /* Save previous environment array ++ */ ++ tmpenv = environ; ++ /* Initialize the new environment. ++ */ ++ envsize = 64; ++ environ = env = xmalloc(envsize * sizeof(char *)); ++ env[0] = NULL; + -+ /* Let it inherit timezone if we have one. */ -+ if (getenv("TZ")) -+ child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH); + + #ifdef MAIL_SPOOL_DIRECTORY -+ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name); -+ child_set_env(&env, &envsize, "MAIL", buf); ++ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name); ++ child_set_env(&env, &envsize, "MAIL", buf); + #else /* MAIL_SPOOL_DIRECTORY */ + #ifdef MAIL_SPOOL_FILE -+ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE); -+ child_set_env(&env, &envsize, "MAIL", buf); ++ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE); ++ child_set_env(&env, &envsize, "MAIL", buf); + #endif /* MAIL_SPOOL_FILE */ + #endif /* MAIL_SPOOL_DIRECTORY */ + -+ /* Set the user's login environment -+ */ -+ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0) -+ { -+ perror("setgid"); -+ exit(1); -+ } -+ env = environ; -+ environ = tmpenv; /* Restore parent environment */ -+ for (envsize = 0; env[envsize] != NULL; ++envsize) -+ ; -+ /* Reallocate this to what is expected */ -+ envsize = (envsize < 100) ? 100 : envsize + 16; -+ env = xrealloc(env, envsize * sizeof(char *)); ++ /* Let it inherit timezone if we have one. */ ++ if (getenv("TZ")) ++ child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ ++ /* Set the user's login environment ++ */ ++ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0) ++ { ++ perror("setusercontext"); ++ exit(1); ++ } ++ ++ p = getenv("PATH"); ++ s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR)); ++ *s = '\0'; ++ if (p != NULL) ++ { ++ strcat(s, p); ++ strcat(s, ":"); ++ } ++ strcat(s, SSH_BINDIR); ++ ++ env = environ; ++ environ = tmpenv; /* Restore parent environment */ ++ for (envsize = 0; env[envsize] != NULL; ++envsize) ++ ; ++ /* Reallocate this to what is expected */ ++ envsize = (envsize < 100) ? 100 : envsize + 16; ++ env = xrealloc(env, envsize * sizeof(char *)); ++ ++ child_set_env(&env, &envsize, "PATH", s); ++ xfree(s); ++ + #else /* !HAVE_LOGIN_CAP_H */ - /* At this point, this process should no longer be holding any confidential - information, as changing uid below will permit the user to attach with - a debugger on some machines. */ + /* Set uid, gid, and groups. */ + if (getuid() == UID_ROOT || geteuid() == UID_ROOT) + { *************** -*** 2514,2519 **** ---- 2588,2594 ---- - - if (getuid() != user_uid || geteuid() != user_uid) - fatal("Failed to set uids to %d.", (int)user_uid); +*** 3117,3122 **** +--- 3207,3213 ---- + + if (getuid() != user_uid || geteuid() != user_uid) + fatal("Failed to set uids to %d.", (int)user_uid); + #endif /* HAVE_LOGIN_CAP_H */ - + } + /* Reset signals to their default settings before starting the user - process. */ *************** -*** 2523,2538 **** ---- 2598,2621 ---- +*** 3127,3137 **** +--- 3218,3233 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; + #ifdef HAVE_LOGIN_CAP_H + real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); ++ login_close(lc); + #else /* !HAVE_LOGIN_CAP_H */ /* Initialize the environment. In the first part we allocate space for all environment variables. */ @@ -188,44 +205,60 @@ env[0] = NULL; + #endif /* HAVE_LOGIN_CAP_H */ - /* Set basic environment. */ - child_set_env(&env, &envsize, "USER", user_name); - child_set_env(&env, &envsize, "LOGNAME", user_name); - child_set_env(&env, &envsize, "HOME", user_dir); + #ifdef USELOGIN + if (command != NULL || !options.use_login) +*************** +*** 3141,3146 **** +--- 3237,3244 ---- + child_set_env(&env, &envsize, "HOME", user_dir); + child_set_env(&env, &envsize, "USER", user_name); + child_set_env(&env, &envsize, "LOGNAME", user_name); + -+ #ifdef HAVE_LOGIN_CAP_H -+ login_close(lc); -+ #else /* !HAVE_LOGIN_CAP_H */ - child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); - - /* Let it inherit timezone if we have one. */ ++ #ifndef HAVE_LOGIN_CAP_H + child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); + + #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 2548,2553 **** ---- 2631,2637 ---- - child_set_env(&env, &envsize, "MAIL", buf); +*** 3152,3157 **** +--- 3250,3256 ---- + child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ -+ #endif /* HAVE_LOGIN_CAP_H */ - ++ #endif /* !HAVE_LOGIN_CAP_H */ + #ifdef HAVE_ETC_DEFAULT_LOGIN - /* Read /etc/default/login; this exists at least on Solaris 2.x. Note + /* Read /etc/default/login; this exists at least on Solaris 2.x. Note +*************** +*** 3167,3175 **** +--- 3266,3276 ---- + child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", + original_command); + ++ #ifndef HAVE_LOGIN_CAP_H + /* Let it inherit timezone if we have one. */ + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ #endif /* !HAVE_LOGIN_CAP_H */ + + /* Set custom environment options from RSA authentication. */ + while (custom_environment) *************** -*** 2710,2716 **** ---- 2794,2804 ---- - /* Execute the shell. */ - argv[0] = buf; - argv[1] = NULL; +*** 3389,3395 **** +--- 3490,3500 ---- + /* Execute the shell. */ + argv[0] = buf; + argv[1] = NULL; + #ifdef HAVE_LOGIN_CAP_H -+ execve(real_shell, argv, env); ++ execve(real_shell, argv, env); + #else - execve(shell, argv, env); + execve(shell, argv, env); + #endif /* HAVE_LOGIN_CAP_H */ - /* Executing the shell failed. */ - perror(shell); - exit(1); + /* Executing the shell failed. */ + perror(shell); + exit(1); *************** -*** 2722,2728 **** ---- 2810,2820 ---- +*** 3410,3416 **** +--- 3515,3525 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al index 9fd18168138a..7ca297bc9ea7 100644 --- a/security/ssh/files/patch-al +++ b/security/ssh/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Thu Jan 30 23:00:03 1997 ---- sshconnect.c Thu Jan 30 23:00:04 1997 +*** sshconnect.c.orig Thu Mar 27 09:04:10 1997 +--- sshconnect.c Sat Mar 29 01:16:51 1997 *************** -*** 239,244 **** ---- 239,250 ---- +*** 298,303 **** +--- 298,309 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 266,271 **** ---- 272,278 ---- +*** 325,330 **** +--- 331,337 ---- } fatal("bind: %.100s", strerror(errno)); } |