summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog11
-rw-r--r--configure.in2
-rw-r--r--sshd.c25
3 files changed, 26 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 4971a4421..2d702dca4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
119991112
2 - Merged changes from OpenBSD CVS
3 - [sshd.c] session_key_int may be zero
4
119991111 519991111
2 - Added (untested) Entropy Gathering Daemon (EGD) support 6 - Added (untested) Entropy Gathering Daemon (EGD) support
3 - Fixed fd leak 7 - Fixed fd leak
@@ -15,7 +19,12 @@
15 [ssh.1 ssh.c ssh.h sshd.8] 19 [ssh.1 ssh.c ssh.h sshd.8]
16 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd, 20 add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
17 obsoletes QuietMode and FascistLogging in sshd. 21 obsoletes QuietMode and FascistLogging in sshd.
18 22 - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
23 allow session_key_int != sizeof(session_key)
24 [this should fix the pre-assert-removal-core-files]
25 - Updated default config file to use new LogLevel option and to improve
26 readability
27
1919991110 2819991110
20 - Merged several minor fixed: 29 - Merged several minor fixed:
21 - ssh-agent commandline parsing 30 - ssh-agent commandline parsing
diff --git a/configure.in b/configure.in
index 244a3ce18..e679df45b 100644
--- a/configure.in
+++ b/configure.in
@@ -59,7 +59,7 @@ AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h)
59 59
60dnl Checks for library functions. 60dnl Checks for library functions.
61AC_PROG_GCC_TRADITIONAL 61AC_PROG_GCC_TRADITIONAL
62AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle) 62AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle setlogin)
63 63
64dnl Check for ut_host field in utmp 64dnl Check for ut_host field in utmp
65AC_MSG_CHECKING([whether utmp.h has ut_host field]) 65AC_MSG_CHECKING([whether utmp.h has ut_host field])
diff --git a/sshd.c b/sshd.c
index c9c606e85..59526007e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
18*/ 18*/
19 19
20#include "includes.h" 20#include "includes.h"
21RCSID("$Id: sshd.c,v 1.14 1999/11/11 09:44:05 damien Exp $"); 21RCSID("$Id: sshd.c,v 1.15 1999/11/11 21:49:09 damien Exp $");
22 22
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "rsa.h" 24#include "rsa.h"
@@ -1025,7 +1025,7 @@ void do_connection(int privileged_port)
1025 key is in the highest bits. */ 1025 key is in the highest bits. */
1026 BN_mask_bits(session_key_int, sizeof(session_key) * 8); 1026 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1027 len = BN_num_bytes(session_key_int); 1027 len = BN_num_bytes(session_key_int);
1028 if (len <= 0 || len > sizeof(session_key)) 1028 if (len < 0 || len > sizeof(session_key))
1029 fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d", 1029 fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
1030 len, sizeof(session_key)); 1030 len, sizeof(session_key));
1031 memset(session_key, 0, sizeof(session_key)); 1031 memset(session_key, 0, sizeof(session_key));
@@ -1516,11 +1516,11 @@ do_authentication(char *user, int privileged_port)
1516 packet_disconnect("Too many authentication failures for %.100s from %.200s", 1516 packet_disconnect("Too many authentication failures for %.100s from %.200s",
1517 pw->pw_name, get_canonical_hostname()); 1517 pw->pw_name, get_canonical_hostname());
1518 } 1518 }
1519
1520 /* Send a message indicating that the authentication attempt failed. */ 1519 /* Send a message indicating that the authentication attempt failed. */
1521 packet_start(SSH_SMSG_FAILURE); 1520 packet_start(SSH_SMSG_FAILURE);
1522 packet_send(); 1521 packet_send();
1523 packet_write_wait(); 1522 packet_write_wait();
1523
1524 } 1524 }
1525 1525
1526 /* Check if the user is logging in as root and root logins are disallowed. */ 1526 /* Check if the user is logging in as root and root logins are disallowed. */
@@ -2296,7 +2296,13 @@ void do_child(const char *command, struct passwd *pw, const char *term,
2296 if (pw->pw_uid != 0) 2296 if (pw->pw_uid != 0)
2297 exit(254); 2297 exit(254);
2298 } 2298 }
2299#endif 2299#endif /* HAVE_LIBPAM */
2300
2301#ifdef HAVE_SETLOGIN
2302 /* Set login name in the kernel. */
2303 if (setlogin(pw->pw_name) < 0)
2304 error("setlogin failed: %s", strerror(errno));
2305#endif /* HAVE_SETLOGIN */
2300 2306
2301 /* Set uid, gid, and groups. */ 2307 /* Set uid, gid, and groups. */
2302 /* Login(1) does this as well, and it needs uid 0 for the "-h" switch, 2308 /* Login(1) does this as well, and it needs uid 0 for the "-h" switch,
@@ -2403,10 +2409,10 @@ void do_child(const char *command, struct passwd *pw, const char *term,
2403 2409
2404#ifdef KRB4 2410#ifdef KRB4
2405 { 2411 {
2406 extern char *ticket; 2412 extern char *ticket;
2407 2413
2408 if (ticket) 2414 if (ticket)
2409 child_set_env(&env, &envsize, "KRBTKFILE", ticket); 2415 child_set_env(&env, &envsize, "KRBTKFILE", ticket);
2410 } 2416 }
2411#endif /* KRB4 */ 2417#endif /* KRB4 */
2412 2418
@@ -2440,7 +2446,7 @@ void do_child(const char *command, struct passwd *pw, const char *term,
2440 if (auth_get_socket_name() != NULL) 2446 if (auth_get_socket_name() != NULL)
2441 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 2447 child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
2442 auth_get_socket_name()); 2448 auth_get_socket_name());
2443 2449
2444 /* Read $HOME/.ssh/environment. */ 2450 /* Read $HOME/.ssh/environment. */
2445 if(!options.use_login) { 2451 if(!options.use_login) {
2446 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); 2452 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
@@ -2578,7 +2584,6 @@ void do_child(const char *command, struct passwd *pw, const char *term,
2578 } 2584 }
2579 } 2585 }
2580 } 2586 }
2581
2582 /* Start the shell. Set initial character to '-'. */ 2587 /* Start the shell. Set initial character to '-'. */
2583 buf[0] = '-'; 2588 buf[0] = '-';
2584 strncpy(buf + 1, cp, sizeof(buf) - 1); 2589 strncpy(buf + 1, cp, sizeof(buf) - 1);