- Merged changes from OpenBSD CVS

- [sshd.c] session_key_int may be zero
author: Damien Miller <djm@mindrot.org> 1999-11-12 08:49:09 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-12 08:49:09 +1100
commit: 776af5de4f7f2aa938cdd17bf85a9c891ce7dbd9 (patch)
tree: 75fab80e6ef52cfc80bbda3dddd9154b0fc28323
parent: 7c64ba3fc505c14c172d9b2d7695a3104b4c49f5 (diff)
3 files changed, 26 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 4971a4421..2d702dca4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+19991112
+ - Merged changes from OpenBSD CVS
+   - [sshd.c] session_key_int may be zero
 19991111
 - Added (untested) Entropy Gathering Daemon (EGD) support
 - Fixed fd leak
@@ -15,7 +19,12 @@
     [ssh.1 ssh.c ssh.h sshd.8]
     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
     obsoletes QuietMode and FascistLogging in sshd.
-     
+   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+     allow session_key_int != sizeof(session_key)
+     [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+   readability
 19991110
 - Merged several minor fixed:
   - ssh-agent commandline parsing
diff --git a/configure.in b/configure.in
index 244a3ce18..e679df45b 100644
--- a/configure.in
+++ b/configure.in
@@ -59,7 +59,7 @@ AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h)
 dnl Checks for library functions.
 AC_PROG_GCC_TRADITIONAL
-AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle)
+AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle setlogin)
 dnl Check for ut_host field in utmp
 AC_MSG_CHECKING([whether utmp.h has ut_host field])
diff --git a/sshd.c b/sshd.c
index c9c606e85..59526007e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.14 1999/11/11 09:44:05 damien Exp $");
+RCSID("$Id: sshd.c,v 1.15 1999/11/11 21:49:09 damien Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1025,7 +1025,7 @@ void do_connection(int privileged_port)
     key is in the highest bits. */
  BN_mask_bits(session_key_int, sizeof(session_key) * 8);
  len = BN_num_bytes(session_key_int);
-  if (len <= 0 || len > sizeof(session_key))
+  if (len < 0 || len > sizeof(session_key))
    fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
          len, sizeof(session_key));
  memset(session_key, 0, sizeof(session_key));
@@ -1516,11 +1516,11 @@ do_authentication(char *user, int privileged_port)
        packet_disconnect("Too many authentication failures for %.100s from %.200s", 
          pw->pw_name, get_canonical_hostname());
      }
      /* Send a message indicating that the authentication attempt failed. */
      packet_start(SSH_SMSG_FAILURE);
      packet_send();
      packet_write_wait();
    }
  /* Check if the user is logging in as root and root logins are disallowed. */
@@ -2296,7 +2296,13 @@ void do_child(const char *command, struct passwd *pw, const char *term,
      if (pw->pw_uid != 0)
        exit(254);
    }
-#endif
+#endif /* HAVE_LIBPAM */
+#ifdef HAVE_SETLOGIN
+  /* Set login name in the kernel. */
+  if (setlogin(pw->pw_name) < 0)
+    error("setlogin failed: %s", strerror(errno));
+#endif /* HAVE_SETLOGIN */
  /* Set uid, gid, and groups. */
  /* Login(1) does this as well, and it needs uid 0 for the "-h" switch,
@@ -2403,10 +2409,10 @@ void do_child(const char *command, struct passwd *pw, const char *term,
 #ifdef KRB4
  {
-         extern char *ticket;
+    extern char *ticket;
-         
+    
-         if (ticket)
+    if (ticket)
-                child_set_env(&env, &envsize, "KRBTKFILE", ticket);
+      child_set_env(&env, &envsize, "KRBTKFILE", ticket);
  }
 #endif /* KRB4 */
@@ -2440,7 +2446,7 @@ void do_child(const char *command, struct passwd *pw, const char *term,
  if (auth_get_socket_name() != NULL)
      child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 
                    auth_get_socket_name());
-  
  /* Read $HOME/.ssh/environment. */
  if(!options.use_login) {
    snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
@@ -2578,7 +2584,6 @@ void do_child(const char *command, struct passwd *pw, const char *term,
            }
          }
        }
        /* Start the shell.  Set initial character to '-'. */
        buf[0] = '-';
        strncpy(buf + 1, cp, sizeof(buf) - 1);
author	Damien Miller <djm@mindrot.org>	1999-11-12 08:49:09 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-12 08:49:09 +1100
commit	776af5de4f7f2aa938cdd17bf85a9c891ce7dbd9 (patch)
tree	75fab80e6ef52cfc80bbda3dddd9154b0fc28323
parent	7c64ba3fc505c14c172d9b2d7695a3104b4c49f5 (diff)

diff --git a/ChangeLog b/ChangeLog index 4971a4421..2d702dca4 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,7 @@
		1	19991112
		2	- Merged changes from OpenBSD CVS
		3	- [sshd.c] session_key_int may be zero
		4
1	19991111	5	19991111
2	- Added (untested) Entropy Gathering Daemon (EGD) support	6	- Added (untested) Entropy Gathering Daemon (EGD) support
3	- Fixed fd leak	7	- Fixed fd leak
@@ -15,7 +19,12 @@
15	[ssh.1 ssh.c ssh.h sshd.8]	19	[ssh.1 ssh.c ssh.h sshd.8]
16	add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,	20	add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
17	obsoletes QuietMode and FascistLogging in sshd.	21	obsoletes QuietMode and FascistLogging in sshd.
18		22	- [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
		23	allow session_key_int != sizeof(session_key)
		24	[this should fix the pre-assert-removal-core-files]
		25	- Updated default config file to use new LogLevel option and to improve
		26	readability
		27
19	19991110	28	19991110
20	- Merged several minor fixed:	29	- Merged several minor fixed:
21	- ssh-agent commandline parsing	30	- ssh-agent commandline parsing


diff --git a/configure.in b/configure.in index 244a3ce18..e679df45b 100644 --- a/configure.in +++ b/configure.in
@@ -59,7 +59,7 @@ AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h)
59		59
60	dnl Checks for library functions.	60	dnl Checks for library functions.
61	AC_PROG_GCC_TRADITIONAL	61	AC_PROG_GCC_TRADITIONAL
62	AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle)	62	AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle setlogin)
63		63
64	dnl Check for ut_host field in utmp	64	dnl Check for ut_host field in utmp
65	AC_MSG_CHECKING([whether utmp.h has ut_host field])	65	AC_MSG_CHECKING([whether utmp.h has ut_host field])


diff --git a/sshd.c b/sshd.c index c9c606e85..59526007e 100644 --- a/sshd.c +++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
18	*/	18	*/
19		19
20	#include "includes.h"	20	#include "includes.h"
21	RCSID("$Id: sshd.c,v 1.14 1999/11/11 09:44:05 damien Exp $");	21	RCSID("$Id: sshd.c,v 1.15 1999/11/11 21:49:09 damien Exp $");
22		22
23	#include "xmalloc.h"	23	#include "xmalloc.h"
24	#include "rsa.h"	24	#include "rsa.h"
@@ -1025,7 +1025,7 @@ void do_connection(int privileged_port)
1025	key is in the highest bits. */	1025	key is in the highest bits. */
1026	BN_mask_bits(session_key_int, sizeof(session_key) * 8);	1026	BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1027	len = BN_num_bytes(session_key_int);	1027	len = BN_num_bytes(session_key_int);
1028	if (len <= 0 \|\| len > sizeof(session_key))	1028	if (len < 0 \|\| len > sizeof(session_key))
1029	fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",	1029	fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
1030	len, sizeof(session_key));	1030	len, sizeof(session_key));
1031	memset(session_key, 0, sizeof(session_key));	1031	memset(session_key, 0, sizeof(session_key));
@@ -1516,11 +1516,11 @@ do_authentication(char *user, int privileged_port)
1516	packet_disconnect("Too many authentication failures for %.100s from %.200s",	1516	packet_disconnect("Too many authentication failures for %.100s from %.200s",
1517	pw->pw_name, get_canonical_hostname());	1517	pw->pw_name, get_canonical_hostname());
1518	}	1518	}
1519
1520	/* Send a message indicating that the authentication attempt failed. */	1519	/* Send a message indicating that the authentication attempt failed. */
1521	packet_start(SSH_SMSG_FAILURE);	1520	packet_start(SSH_SMSG_FAILURE);
1522	packet_send();	1521	packet_send();
1523	packet_write_wait();	1522	packet_write_wait();
		1523
1524	}	1524	}
1525		1525
1526	/* Check if the user is logging in as root and root logins are disallowed. */	1526	/* Check if the user is logging in as root and root logins are disallowed. */
@@ -2296,7 +2296,13 @@ void do_child(const char command, struct passwd pw, const char *term,
2296	if (pw->pw_uid != 0)	2296	if (pw->pw_uid != 0)
2297	exit(254);	2297	exit(254);
2298	}	2298	}
2299	#endif	2299	#endif /* HAVE_LIBPAM */
		2300
		2301	#ifdef HAVE_SETLOGIN
		2302	/* Set login name in the kernel. */
		2303	if (setlogin(pw->pw_name) < 0)
		2304	error("setlogin failed: %s", strerror(errno));
		2305	#endif /* HAVE_SETLOGIN */
2300		2306
2301	/* Set uid, gid, and groups. */	2307	/* Set uid, gid, and groups. */
2302	/* Login(1) does this as well, and it needs uid 0 for the "-h" switch,	2308	/* Login(1) does this as well, and it needs uid 0 for the "-h" switch,
@@ -2403,10 +2409,10 @@ void do_child(const char command, struct passwd pw, const char *term,
2403		2409
2404	#ifdef KRB4	2410	#ifdef KRB4
2405	{	2411	{
2406	extern char *ticket;	2412	extern char *ticket;
2407		2413
2408	if (ticket)	2414	if (ticket)
2409	child_set_env(&env, &envsize, "KRBTKFILE", ticket);	2415	child_set_env(&env, &envsize, "KRBTKFILE", ticket);
2410	}	2416	}
2411	#endif /* KRB4 */	2417	#endif /* KRB4 */
2412		2418
@@ -2440,7 +2446,7 @@ void do_child(const char command, struct passwd pw, const char *term,
2440	if (auth_get_socket_name() != NULL)	2446	if (auth_get_socket_name() != NULL)
2441	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,	2447	child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
2442	auth_get_socket_name());	2448	auth_get_socket_name());
2443		2449
2444	/* Read $HOME/.ssh/environment. */	2450	/* Read $HOME/.ssh/environment. */
2445	if(!options.use_login) {	2451	if(!options.use_login) {
2446	snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);	2452	snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
@@ -2578,7 +2584,6 @@ void do_child(const char command, struct passwd pw, const char *term,
2578	}	2584	}
2579	}	2585	}
2580	}	2586	}
2581
2582	/* Start the shell. Set initial character to '-'. */	2587	/* Start the shell. Set initial character to '-'. */
2583	buf[0] = '-';	2588	buf[0] = '-';
2584	strncpy(buf + 1, cp, sizeof(buf) - 1);	2589	strncpy(buf + 1, cp, sizeof(buf) - 1);