Use setusercontext() now to set all sort of login things including env.

variables and priority! Enable light debugging for compatibility with -v option Don't print "No mail." - not in BSD login style.
svn path=/head/; revision=16549
1999-02-06 01:40:35 +00:00 · 1999-02-06 01:40:35 +00:00 · 7a7ea0c942 · 2021-03-31 03:12:20 +00:00
commit 7a7ea0c942
parent b9e75f42f6
3 changed files with 138 additions and 5 deletions
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@ -3,7 +3,7 @@
 # Date created:		5 Oct 1998
 # Whom:			Issei Suzuki <issei@jp.FreeBSD.ORG>
 #
-# $Id: Makefile,v 1.76 1999/02/05 06:11:31 ache Exp $
+# $Id: Makefile,v 1.75 1998/12/01 11:10:33 obrien Exp $
 #
 # Maximal ssh2 package requires YES values for
 # USE_SSH1, USE_TCPWRAP
@ -20,7 +20,7 @@ RESTRICTED=	"Crypto; export-controlled"

 GNU_CONFIGURE=	YES

-CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
+CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc --enable-debug
 #Uncomment if all your users are in their own group and their homedir
 #is writeable by that group.  Beware the security implications!
 #CONFIGURE_ARGS+= --enable-group-writeability
--- a/security/ssh2/files/patch-ah
+++ b/security/ssh2/files/patch-ah
@ -1,6 +1,81 @@
--- apps/ssh/sshchsession.c.bak	Mon Jan 18 13:32:24 1999
-+++ apps/ssh/sshchsession.c	Fri Feb  5 08:49:14 1999
-@@ -628,12 +628,20 @@
+--- apps/ssh/sshchsession.c.orig	Mon Jan 18 13:32:24 1999
+++ apps/ssh/sshchsession.c	Sat Feb  6 04:20:26 1999
+@@ -80,6 +80,11 @@
+ #include <ulimit.h>
+ #endif /* ULIMIT_H */
+ 
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+extern char **environ;
+#endif
+
+ #define SSH_DEBUG_MODULE "Ssh2ChannelSession"
+ 
+ #define SSH_SESSION_INTERACTIVE_WINDOW                 10000
+@@ -405,6 +410,62 @@
+   if (getenv("TZ"))
+     ssh_child_set_env(envp, envsizep, "TZ", getenv("TZ"));
+ 
+#ifdef HAVE_LOGIN_CAP_H
+   {
+    char *p, *s, **tmpenv;
+    struct passwd *pwd;
+
+    pwd = getpwnam(user_name);
+    if (!pwd)
+      {
+	ssh_warning("Can't getpwnam %s: %s", user_name, strerror(errno));
+      }
+    else
+      {
+      /* Save previous environment array
+       */
+      tmpenv = environ;
+      environ = *envp;
+
+      /* Set the user's login environment
+       */
+      if (setusercontext(NULL, pwd,
+			 ssh_user_uid(session->common->user_data),
+			 LOGIN_SETPATH|LOGIN_SETENV) == 0)
+	{
+	  p = getenv("PATH");
+	  s = ssh_xmalloc((p != NULL ? strlen(p) + 1 : 0)
+			  + sizeof(SSH_BINDIR));
+	  *s = '\0';
+	  if (p != NULL)
+	    {
+	      strcat(s, p);
+	      strcat(s, ":");
+	    }
+	  strcat(s, SSH_BINDIR);
+
+	  *envp = environ;
+	  environ = tmpenv; /* Restore parent environment */
+	  for (*envsizep = 0; (*envp)[*envsizep] != NULL; (*envsizep)++)
+	    ;
+	  (*envsizep)++;
+          (*envsizep) += 50;
+	  (*envp) = ssh_xrealloc(*envp, (*envsizep) * sizeof(char *));
+
+	  ssh_child_set_env(envp, envsizep, "PATH", s);
+	  ssh_xfree(s);
+	}
+      else
+	{
+	  *envp = environ;
+	  environ = tmpenv; /* Restore parent environment */
+	  ssh_warning("Can't setusercontext env. variables: %s", strerror(errno));
+	}
+      }
+    endpwent();
+  }
+#endif /* HAVE_LOGIN_CAP_H */
+
+   /* Set SSH_CLIENT. */
+   snprintf(buf, sizeof(buf), "%s %s %s %s",
+            session->common->remote_ip, session->common->remote_port,
+@@ -628,12 +689,20 @@
   char buff[100], *time_string;
   
   /* Check /etc/nologin. */
@ -21,3 +96,15 @@
       while (fgets(buf, sizeof(buf), f))
         fputs(buf, stderr);
       fclose(f);
+@@ -754,7 +823,11 @@
+           {
+             struct stat mailbuf;
+             if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
+#ifndef __FreeBSD__
+               printf("No mail.\n");
+#else
+	      ;
+#endif
+             else if (mailbuf.st_atime > mailbuf.st_mtime)
+               printf("You have mail.\n");
+             else
--- a/security/ssh2/files/patch-ai
+++ b/security/ssh2/files/patch-ai
@ -0,0 +1,46 @@
+--- lib/sshsession/sshunixuser.c.orig	Fri Jan 29 12:06:07 1999
+++ lib/sshsession/sshunixuser.c	Sat Feb  6 03:00:28 1999
+@@ -55,6 +55,10 @@
+ #include "tcbc2.h"
+ #endif /* HAVE_OSF1_C2_SECURITY */
+ 
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif /* HAVE_LOGIN_CAP_H */
+
+ extern char *crypt(const char *key, const char *salt);
+ 
+ /* Data type to hold machine-specific user data. */
+@@ -713,6 +717,24 @@
+   /* Set uid, gid, and groups. */
+   if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
+     { 
+#ifdef HAVE_LOGIN_CAP_H
+    struct passwd *pwd;
+
+    pwd = getpwnam(ssh_user_name(uc));
+    if (!pwd)
+      {
+	ssh_debug("ssh_user_become: getpwnam: %s", strerror(errno));
+	return FALSE;
+      }
+    if (setusercontext(NULL, pwd, ssh_user_uid(uc),
+	LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) != 0)
+      {
+	    ssh_debug("ssh_user_become: setusercontext: %s", strerror(errno));
+	    return FALSE;
+      }
+    endpwent();
+    endgrent();
+#else
+       if (setgid(ssh_user_gid(uc)) < 0)
+         {
+           ssh_debug("ssh_user_become: setgid: %s", strerror(errno));
+@@ -745,6 +767,7 @@
+                     (int)ssh_user_uid(uc), strerror(errno));
+           return FALSE;
+         }
+#endif /* HAVE_LOGIN_CAP_H */
+     }
+   
+   if (getuid() != ssh_user_uid(uc) || geteuid() != ssh_user_uid(uc))