freebsd-ports/security/openssh-portable/files/patch-session.c
Florian Smeets 9b3fe7c2f4 - update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]

PR:		ports/161818 [1], ports/144597 [2], ports/160389 [3]
		ports/150493, ports/156926 [4], ports/155456 [5]

Submitted by:	"Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
		pluknet [3]
Reported by:	Jonathan <lordsith49@hotmail.com> [2]
		Kevin Thompson <antiduh@csh.rit.edu> [4]
		Alexey Remizov <alexey@remizov.org> [5]
2011-10-21 16:18:56 +00:00

148 lines
4.1 KiB
C

--- session.c.orig 2011-07-21 18:55:33.883559116 +0200
+++ session.c 2011-07-21 19:02:17.789294035 +0200
@@ -896,6 +896,24 @@
{
FILE *f;
char buf[256];
+#ifdef HAVE_LOGIN_CAP
+ const char *fname;
+#endif
+
+#ifdef HAVE_LOGIN_CAP
+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
+ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
+ while (fgets(buf, sizeof(buf), f) != NULL)
+ fputs(buf, stdout);
+ fclose(f);
+ } else
+#endif /* HAVE_LOGIN_CAP */
+ (void)printf("%s\n\t%s %s\n",
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+
+ (void)printf("\n");
if (options.print_motd) {
#ifdef HAVE_LOGIN_CAP
@@ -1125,6 +1143,9 @@
struct passwd *pw = s->pw;
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
char *path = NULL;
+#else
+ extern char **environ;
+ char **senv, **var;
#endif
/* Initialize the environment. */
@@ -1146,6 +1167,9 @@
}
#endif
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+
#ifdef GSSAPI
/* Allow any GSSAPI methods that we've used to alter
* the childs environment as they see fit
@@ -1165,11 +1189,22 @@
child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
#endif
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
+ snprintf(buf, sizeof buf, "%.200s/%.50s",
+ _PATH_MAILDIR, pw->pw_name);
+ child_set_env(&env, &envsize, "MAIL", buf);
#ifdef HAVE_LOGIN_CAP
- if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
- else
- child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+ child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+ child_set_env(&env, &envsize, "TERM", "su");
+ senv = environ;
+ environ = xmalloc(sizeof(char *));
+ *environ = NULL;
+ (void) setusercontext(lc, pw, pw->pw_uid,
+ LOGIN_SETENV|LOGIN_SETPATH);
+ copy_environment(environ, &env, &envsize);
+ for (var = environ; *var != NULL; ++var)
+ xfree(*var);
+ xfree(environ);
+ environ = senv;
#else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN
/*
@@ -1190,15 +1225,9 @@
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
- snprintf(buf, sizeof buf, "%.200s/%.50s",
- _PATH_MAILDIR, pw->pw_name);
- child_set_env(&env, &envsize, "MAIL", buf);
-
/* Normal systems set SHELL by default. */
child_set_env(&env, &envsize, "SHELL", shell);
}
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
/* Set custom environment options from RSA authentication. */
if (!options.use_login) {
@@ -1470,14 +1499,35 @@
void
do_setusercontext(struct passwd *pw)
{
+#ifdef CHROOT
+ char *user_dir, *new_root;
+#endif /* CHROOT */
char *chroot_path, *tmp;
+ #ifdef CHROOT
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+ while((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
+ if(strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+ if(chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s. %s", user_dir, strerror(errno));
+ pw->pw_dir = new_root;
+ break;
+ }
+ new_root += 2;
+ }
+ #endif /* CHROOT */
+
platform_setusercontext(pw);
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
+ (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER|LOGIN_SETENV))) < 0) {
perror("unable to set user context");
exit(1);
}
@@ -1700,6 +1750,10 @@
*/
environ = env;
+#ifdef HAVE_LOGIN_CAP
+ r = login_getcapbool(lc, "requirehome", 0);
+ login_close(lc);
+#endif
#if defined(KRB5) && defined(USE_AFS)
/*
* At this point, we check to see if AFS is active and if we have
@@ -1729,9 +1783,6 @@
/* Change current directory to the user's home directory. */
if (chdir(pw->pw_dir) < 0) {
/* Suppress missing homedir warning for chroot case */
-#ifdef HAVE_LOGIN_CAP
- r = login_getcapbool(lc, "requirehome", 0);
-#endif
if (r || options.chroot_directory == NULL ||
strcasecmp(options.chroot_directory, "none") == 0)
fprintf(stderr, "Could not chdir to home "