forked from Lainports/freebsd-ports
bf0a21e0d5
- convert portname into lowercase - PREFIX support for default sshd_config - security-patch for cookie files obsolete
154 lines
4.3 KiB
Text
154 lines
4.3 KiB
Text
--- session.c.orig Sun Sep 16 16:46:54 2001
|
|
+++ session.c Wed Oct 3 12:50:00 2001
|
|
@@ -57,6 +57,12 @@
|
|
#include "canohost.h"
|
|
#include "session.h"
|
|
|
|
+#ifdef __FreeBSD__
|
|
+#include <libutil.h>
|
|
+#include <syslog.h>
|
|
+#include <time.h>
|
|
+#endif /* __FreeBSD__ */
|
|
+
|
|
/* types */
|
|
|
|
#define TTYSZ 64
|
|
@@ -392,6 +398,13 @@
|
|
log_init(__progname, options.log_level, options.log_facility, log_stderr);
|
|
|
|
/*
|
|
+ * Using login and executing a specific "command" are mutually
|
|
+ * exclusive, so turn off use_login if there's a command.
|
|
+ */
|
|
+ if (command != NULL)
|
|
+ options.use_login = 0;
|
|
+
|
|
+ /*
|
|
* Create a new session and process group since the 4.4BSD
|
|
* setlogin() affects the entire process group.
|
|
*/
|
|
@@ -497,6 +510,14 @@
|
|
|
|
/* Child. Reinitialize the log because the pid has changed. */
|
|
log_init(__progname, options.log_level, options.log_facility, log_stderr);
|
|
+
|
|
+ /*
|
|
+ * Using login and executing a specific "command" are mutually
|
|
+ * exclusive, so turn off use_login if there's a command.
|
|
+ */
|
|
+ if (command != NULL)
|
|
+ options.use_login = 0;
|
|
+
|
|
/* Close the master side of the pseudo tty. */
|
|
close(ptyfd);
|
|
|
|
@@ -591,6 +612,11 @@
|
|
time_t last_login_time;
|
|
struct passwd * pw = s->pw;
|
|
pid_t pid = getpid();
|
|
+#ifdef HAVE_LOGIN_CAP
|
|
+ FILE *f;
|
|
+ char buf[256];
|
|
+ char *fname;
|
|
+#endif /* HAVE_LOGIN_CAP */
|
|
|
|
/*
|
|
* Get IP address of client. If the connection is not a socket, let
|
|
@@ -631,6 +657,21 @@
|
|
printf("Last login: %s from %s\r\n", time_string, hostname);
|
|
}
|
|
|
|
+#ifdef HAVE_LOGIN_CAP
|
|
+ if (!options.use_login) {
|
|
+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
|
|
+ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
|
|
+ while (fgets(buf, sizeof(buf), f) != NULL)
|
|
+ fputs(buf, stdout);
|
|
+ fclose(f);
|
|
+ } else
|
|
+ (void)printf("%s\n\t%s %s\n",
|
|
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
|
|
+ "The Regents of the University of California. ",
|
|
+ "All rights reserved.");
|
|
+ }
|
|
+#endif /* HAVE_LOGIN_CAP */
|
|
+
|
|
do_motd();
|
|
}
|
|
|
|
@@ -857,6 +898,10 @@
|
|
env[0] = NULL;
|
|
|
|
if (!options.use_login) {
|
|
+#ifdef HAVE_LOGIN_CAP
|
|
+ char *var;
|
|
+#endif /* HAVE_LOGIN_CAP */
|
|
+
|
|
/* Set basic environment. */
|
|
child_set_env(&env, &envsize, "USER", pw->pw_name);
|
|
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
|
|
@@ -864,6 +909,12 @@
|
|
#ifdef HAVE_LOGIN_CAP
|
|
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
|
|
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
|
|
+ var= login_getcapstr(lc, "lang", NULL, NULL);
|
|
+ if ( var ) child_set_env(&env, &envsize, "LANG", var);
|
|
+ var= login_getcapstr(lc, "charset", NULL, NULL);
|
|
+ if ( var ) child_set_env(&env, &envsize, "MM_CHARSET", var);
|
|
+ var= login_getcapstr(lc, "timezone", NULL, NULL);
|
|
+ if ( var ) child_set_env(&env, &envsize, "TZ", var);
|
|
#else
|
|
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
|
|
#endif
|
|
@@ -875,8 +926,13 @@
|
|
/* Normal systems set SHELL by default. */
|
|
child_set_env(&env, &envsize, "SHELL", shell);
|
|
}
|
|
+#ifdef HAVE_LOGIN_CAP
|
|
+#else /* HAVE_LOGIN_CAP */
|
|
+ if (getenv("TZ"))
|
|
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
|
if (getenv("TZ"))
|
|
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
|
+#endif /* HAVE_LOGIN_CAP */
|
|
|
|
/* Set custom environment options from RSA authentication. */
|
|
while (custom_environment) {
|
|
@@ -968,7 +1024,7 @@
|
|
* initgroups, because at least on Solaris 2.3 it leaves file
|
|
* descriptors open.
|
|
*/
|
|
- for (i = 3; i < 64; i++)
|
|
+ for (i = 3; i < getdtablesize(); i++)
|
|
close(i);
|
|
|
|
/* Change current directory to the user\'s home directory. */
|
|
@@ -1004,6 +1060,28 @@
|
|
* in this order).
|
|
*/
|
|
if (!options.use_login) {
|
|
+#ifdef __FreeBSD__
|
|
+ /*
|
|
+ * If the password change time is set and has passed, give the
|
|
+ * user a password expiry notice and chance to change it.
|
|
+ */
|
|
+ if (pw->pw_change != 0) {
|
|
+ struct timeval tv;
|
|
+
|
|
+ (void)gettimeofday(&tv, NULL);
|
|
+ if (tv.tv_sec >= pw->pw_change) {
|
|
+ (void)printf(
|
|
+ "Sorry -- your password has expired.\n");
|
|
+ syslog(LOG_INFO,
|
|
+ "%s Password expired - forcing change",
|
|
+ pw->pw_name);
|
|
+ if (system("/usr/bin/passwd") != 0) {
|
|
+ perror("/usr/bin/passwd");
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+#endif /* __FreeBSD__ */
|
|
/* ignore _PATH_SSH_USER_RC for subsystems */
|
|
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
|
|
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
|