3 files changed, 69 insertions, 20 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index ddedbf79a..64ecbd7c8 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -109,10 +109,35 @@ Index: b/misc.c
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
-@@ -642,6 +643,55 @@
+@@ -58,6 +59,7 @@
+ #include "misc.h"
+ #include "log.h"
+ #include "ssh.h"
+#include "platform.h"
+ 
+ /* remove newline at end of string */
+ char *
+@@ -641,6 +643,71 @@
+        return -1;
 }
 
- int
+/*
+ * return 1 if the specified uid is a uid that may own a system directory
+ * otherwise 0.
+ */
+int
+platform_sys_dir_uid(uid_t uid)
+{
+       if (uid == 0)
+               return 1;
+#ifdef PLATFORM_SYS_DIR_UID
+       if (uid == PLATFORM_SYS_DIR_UID)
+               return 1;
+#endif
+       return 0;
+}
+
+int
 +secure_permissions(struct stat *st, uid_t uid)
 +{
 +       if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
@@ -161,10 +186,9 @@ Index: b/misc.c
 +       return 1;
 +}
 +
-+int
+ int
 tun_open(int tun, int mode)
 {
- #if defined(CUSTOM_SYS_TUN_OPEN)
 Index: b/misc.h
 ===================================================================
 --- a/misc.h
@@ -200,3 +224,27 @@ Index: b/auth-rhosts.c
                        logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
                            pw->pw_name, buf);
                        auth_debug_add("Bad file modes for %.200s", buf);
+Index: b/platform.c
+===================================================================
+--- a/platform.c
+++ b/platform.c
+@@ -194,19 +194,3 @@
+        return NULL;
+ #endif
+ }
+-
+-/*
+- * return 1 if the specified uid is a uid that may own a system directory
+- * otherwise 0.
+- */
+-int
+-platform_sys_dir_uid(uid_t uid)
+-{
+-       if (uid == 0)
+-               return 1;
+-#ifdef PLATFORM_SYS_DIR_UID
+-       if (uid == PLATFORM_SYS_DIR_UID)
+-               return 1;
+-#endif
+-       return 0;
+-}
diff --git a/misc.c b/misc.c
index 3938d4053..2adb8c6a8 100644
--- a/misc.c
+++ b/misc.c
@@ -59,6 +59,7 @@
 #include "misc.h"
 #include "log.h"
 #include "ssh.h"
+#include "platform.h"
 /* remove newline at end of string */
 char *
@@ -642,6 +643,22 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
        return -1;
 }
+/*
+ * return 1 if the specified uid is a uid that may own a system directory
+ * otherwise 0.
+ */
+int
+platform_sys_dir_uid(uid_t uid)
+{
+        if (uid == 0)
+                return 1;
+#ifdef PLATFORM_SYS_DIR_UID
+        if (uid == PLATFORM_SYS_DIR_UID)
+                return 1;
+#endif
+        return 0;
+}
 int
 secure_permissions(struct stat *st, uid_t uid)
 {
diff --git a/platform.c b/platform.c
index a962f15b5..0b3bee147 100644
--- a/platform.c
+++ b/platform.c
@@ -194,19 +194,3 @@ platform_krb5_get_principal_name(const char *pw_name)
        return NULL;
 #endif
 }
-/*
- * return 1 if the specified uid is a uid that may own a system directory
- * otherwise 0.
- */
-int
-platform_sys_dir_uid(uid_t uid)
-{
-        if (uid == 0)
-                return 1;
-#ifdef PLATFORM_SYS_DIR_UID
-        if (uid == PLATFORM_SYS_DIR_UID)
-                return 1;
-#endif
-        return 0;
-}

diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index ddedbf79a..64ecbd7c8 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch
@@ -109,10 +109,35 @@ Index: b/misc.c
109	#ifdef SSH_TUN_OPENBSD	109	#ifdef SSH_TUN_OPENBSD
110	#include <net/if.h>	110	#include <net/if.h>
111	#endif	111	#endif
112	@@ -642,6 +643,55 @@	112	@@ -58,6 +59,7 @@
		113	#include "misc.h"
		114	#include "log.h"
		115	#include "ssh.h"
		116	+#include "platform.h"
		117
		118	/* remove newline at end of string */
		119	char *
		120	@@ -641,6 +643,71 @@
		121	return -1;
113	}	122	}
114		123
115	int	124	+/*
		125	+ * return 1 if the specified uid is a uid that may own a system directory
		126	+ * otherwise 0.
		127	+ */
		128	+int
		129	+platform_sys_dir_uid(uid_t uid)
		130	+{
		131	+ if (uid == 0)
		132	+ return 1;
		133	+#ifdef PLATFORM_SYS_DIR_UID
		134	+ if (uid == PLATFORM_SYS_DIR_UID)
		135	+ return 1;
		136	+#endif
		137	+ return 0;
		138	+}
		139	+
		140	+int
116	+secure_permissions(struct stat *st, uid_t uid)	141	+secure_permissions(struct stat *st, uid_t uid)
117	+{	142	+{
118	+ if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)	143	+ if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
@@ -161,10 +186,9 @@ Index: b/misc.c
161	+ return 1;	186	+ return 1;
162	+}	187	+}
163	+	188	+
164	+int	189	int
165	tun_open(int tun, int mode)	190	tun_open(int tun, int mode)
166	{	191	{
167	#if defined(CUSTOM_SYS_TUN_OPEN)
168	Index: b/misc.h	192	Index: b/misc.h
169	===================================================================	193	===================================================================
170	--- a/misc.h	194	--- a/misc.h
@@ -200,3 +224,27 @@ Index: b/auth-rhosts.c
200	logit("Rhosts authentication refused for %.100s: bad modes for %.200s",	224	logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
201	pw->pw_name, buf);	225	pw->pw_name, buf);
202	auth_debug_add("Bad file modes for %.200s", buf);	226	auth_debug_add("Bad file modes for %.200s", buf);
		227	Index: b/platform.c
		228	===================================================================
		229	--- a/platform.c
		230	+++ b/platform.c
		231	@@ -194,19 +194,3 @@
		232	return NULL;
		233	#endif
		234	}
		235	-
		236	-/*
		237	- * return 1 if the specified uid is a uid that may own a system directory
		238	- * otherwise 0.
		239	- */
		240	-int
		241	-platform_sys_dir_uid(uid_t uid)
		242	-{
		243	- if (uid == 0)
		244	- return 1;
		245	-#ifdef PLATFORM_SYS_DIR_UID
		246	- if (uid == PLATFORM_SYS_DIR_UID)
		247	- return 1;
		248	-#endif
		249	- return 0;
		250	-}


diff --git a/misc.c b/misc.c index 3938d4053..2adb8c6a8 100644 --- a/misc.c +++ b/misc.c
@@ -59,6 +59,7 @@
59	#include "misc.h"	59	#include "misc.h"
60	#include "log.h"	60	#include "log.h"
61	#include "ssh.h"	61	#include "ssh.h"
		62	#include "platform.h"
62		63
63	/* remove newline at end of string */	64	/* remove newline at end of string */
64	char *	65	char *
@@ -642,6 +643,22 @@ read_keyfile_line(FILE f, const char filename, char *buf, size_t bufsz,
642	return -1;	643	return -1;
643	}	644	}
644		645
		646	/*
		647	* return 1 if the specified uid is a uid that may own a system directory
		648	* otherwise 0.
		649	*/
		650	int
		651	platform_sys_dir_uid(uid_t uid)
		652	{
		653	if (uid == 0)
		654	return 1;
		655	#ifdef PLATFORM_SYS_DIR_UID
		656	if (uid == PLATFORM_SYS_DIR_UID)
		657	return 1;
		658	#endif
		659	return 0;
		660	}
		661
645	int	662	int
646	secure_permissions(struct stat *st, uid_t uid)	663	secure_permissions(struct stat *st, uid_t uid)
647	{	664	{


diff --git a/platform.c b/platform.c index a962f15b5..0b3bee147 100644 --- a/platform.c +++ b/platform.c
@@ -194,19 +194,3 @@ platform_krb5_get_principal_name(const char *pw_name)
194	return NULL;	194	return NULL;
195	#endif	195	#endif
196	}	196	}
197
198	/*
199	* return 1 if the specified uid is a uid that may own a system directory
200	* otherwise 0.
201	*/
202	int
203	platform_sys_dir_uid(uid_t uid)
204	{
205	if (uid == 0)
206	return 1;
207	#ifdef PLATFORM_SYS_DIR_UID
208	if (uid == PLATFORM_SYS_DIR_UID)
209	return 1;
210	#endif
211	return 0;
212	}