- (stevesk) OpenBSD CVS updates:

   - markus@cvs.openbsd.org 2000/12/13 16:26:53
     [ssh-keyscan.c]
     fatal already adds \n; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2000/12/13 16:25:44
     [ssh-agent.c]
     remove redundant spaces; from stevesk@pobox.com
   - ho@cvs.openbsd.org 2000/12/12 15:50:21
     [pty.c]
     When failing to set tty owner and mode on a read-only filesystem, don't
     abort if the tty already has correct owner and reasonably sane modes.
     Example; permit 'root' to login to a firewall with read-only root fs.
     (markus@ ok)
   - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
     [pty.c]
     KNF

4 files changed, 64 insertions, 20 deletions

diff --git a/ChangeLog b/ChangeLog
index 3252d4214..201aa4283 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,25 @@
+20001215
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/13 16:26:53
+     [ssh-keyscan.c]
+     fatal already adds \n; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2000/12/13 16:25:44
+     [ssh-agent.c]
+     remove redundant spaces; from stevesk@pobox.com
+   - ho@cvs.openbsd.org 2000/12/12 15:50:21
+     [pty.c]
+     When failing to set tty owner and mode on a read-only filesystem, don't
+     abort if the tty already has correct owner and reasonably sane modes.
+     Example; permit 'root' to login to a firewall with read-only root fs.
+     (markus@ ok)
+   - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+     [pty.c]
+     KNF
+
 20001213
  - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
    from Andreas M. Kirchwitz <amk@krell.zikzak.de>
- - (stevesk) OpenSSH CVS update:
+ - (stevesk) OpenBSD CVS update:
    - markus@cvs.openbsd.org 2000/12/12 15:30:02
      [ssh-keyscan.c ssh.c sshd.c]
      consistently use __progname; from stevesk@pobox.com        
@@ -62,7 +80,7 @@
      tweak comment to reflect real location of pid file; ok provos@
  - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
    have it (used in ssh-keyscan).
- - (stevesk) OpenSSH CVS update:
+ - (stevesk) OpenBSD CVS update:
    - markus@cvs.openbsd.org 2000/12/06 19:57:48
      [ssh-keyscan.c]
      err(3) -> internal error(), from stevesk@sweden.hp.com
diff --git a/pty.c b/pty.c
index 40bfd5290..d05cb89a7 100644
--- a/pty.c
+++ b/pty.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: pty.c,v 1.16 2000/09/07 21:13:37 markus Exp $");
+RCSID("$OpenBSD: pty.c,v 1.18 2000/12/13 06:36:05 deraadt Exp $");
 
 #ifdef HAVE_UTIL_H
 # include <util.h>
@@ -291,6 +291,7 @@ pty_setowner(struct passwd *pw, const char *ttyname)
         struct group *grp;
         gid_t gid;
         mode_t mode;
+        struct stat st;
 
         /* Determine the group to make the owner of the tty. */
         grp = getgrnam("tty");
@@ -302,11 +303,36 @@ pty_setowner(struct passwd *pw, const char *ttyname)
                 mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
         }
 
-        /* Change ownership of the tty. */
-        if (chown(ttyname, pw->pw_uid, gid) < 0)
-                fatal("chown(%.100s, %d, %d) failed: %.100s",
-                    ttyname, pw->pw_uid, gid, strerror(errno));
-        if (chmod(ttyname, mode) < 0)
-                fatal("chmod(%.100s, 0%o) failed: %.100s",
-                    ttyname, mode, strerror(errno));
+        /*
+         * Change owner and mode of the tty as required.
+         * Warn but continue if filesystem is read-only and the uids match.
+         */
+        if (stat(ttyname, &st))
+                fatal("stat(%.100s) failed: %.100s", ttyname,
+                    strerror(errno));
+
+        if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+                if (chown(ttyname, pw->pw_uid, gid) < 0) {
+                        if (errno == EROFS && st.st_uid == pw->pw_uid)
+                                error("chown(%.100s, %d, %d) failed: %.100s",
+                                      ttyname, pw->pw_uid, gid, 
+                                      strerror(errno));
+                        else
+                                fatal("chown(%.100s, %d, %d) failed: %.100s",
+                                      ttyname, pw->pw_uid, gid, 
+                                      strerror(errno));
+                }
+        }
+
+        if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
+                if (chmod(ttyname, mode) < 0) {
+                        if (errno == EROFS &&
+                            (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
+                                error("chmod(%.100s, 0%o) failed: %.100s",
+                                      ttyname, mode, strerror(errno));
+                        else
+                                fatal("chmod(%.100s, 0%o) failed: %.100s",
+                                      ttyname, mode, strerror(errno));
+                }
+        }
 }
diff --git a/ssh-agent.c b/ssh-agent.c
index b98d95501..c5e4447c4 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh-agent.c,v 1.42 2000/12/09 14:06:54 markus Exp $   */
+/*      $OpenBSD: ssh-agent.c,v 1.43 2000/12/13 23:25:44 markus Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.42 2000/12/09 14:06:54 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.43 2000/12/13 23:25:44 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"
@@ -242,7 +242,7 @@ process_sign_request2(SocketEntry *e)
         int ok = -1;
 
         datafellows = 0;
-        
+
         blob = buffer_get_string(&e->input, &blen);
         data = buffer_get_string(&e->input, &dlen);
 
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 13f9673b5..60341c9e9 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -329,9 +329,9 @@ conalloc(char *iname, char *oname)
         } while ((s = tcpconnect(name)) < 0);
 
         if (s >= maxfd)
-                fatal("conalloc: fdno %d too high\n", s);
+                fatal("conalloc: fdno %d too high", s);
         if (fdcon[s].c_status)
-                fatal("conalloc: attempt to reuse fdno %d\n", s);
+                fatal("conalloc: attempt to reuse fdno %d", s);
 
         fdcon[s].c_fd = s;
         fdcon[s].c_status = CS_CON;
@@ -355,7 +355,7 @@ confree(int s)
 {
         close(s);
         if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
-                fatal("confree: attempt to free bad fdno %d\n", s);
+                fatal("confree: attempt to free bad fdno %d", s);
         free(fdcon[s].c_namebase);
         free(fdcon[s].c_output_name);
         if (fdcon[s].c_status == CS_KEYS)
@@ -455,7 +455,7 @@ conread(int s)
                         return;
                         break;
                 default:
-                        fatal("conread: invalid status %d\n", c->c_status);
+                        fatal("conread: invalid status %d", c->c_status);
                         break;
                 }
 
@@ -548,7 +548,7 @@ nexthost(int argc, char **argv)
 static void
 usage(void)
 {
-        fatal("usage: %s [-t timeout] { [--] host | -f file } ...\n", __progname);
+        fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
         return;
 }
 
@@ -580,11 +580,11 @@ main(int argc, char **argv)
 
         maxfd = fdlim_get(1);
         if (maxfd < 0)
-                fatal("%s: fdlim_get: bad value\n", __progname);
+                fatal("%s: fdlim_get: bad value", __progname);
         if (maxfd > MAXMAXFD)
                 maxfd = MAXMAXFD;
         if (maxcon <= 0)
-                fatal("%s: not enough file descriptors\n", __progname);
+                fatal("%s: not enough file descriptors", __progname);
         if (maxfd > fdlim_get(0))
                 fdlim_set(maxfd);
         fdcon = xmalloc(maxfd * sizeof(con));