From 91bf45c5977d090adb03b8cabb4293203341f34c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 4 Mar 2004 22:59:36 +1100 Subject: - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when configured --with-osfsia. ok djm@ --- openbsd-compat/xcrypt.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'openbsd-compat') diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index a0fe6c620..c3cea3c86 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -24,8 +24,6 @@ #include "includes.h" -#if !defined(HAVE_OSF_SIA) - # ifdef HAVE_CRYPT_H # include # endif @@ -108,5 +106,3 @@ shadow_pw(struct passwd *pw) return pw_password; } - -#endif /* !defined(HAVE_OSF_SIA) */ -- cgit v1.2.3 From 86c093d2895989d1258459b797ce3630eaa47d1a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 8 Mar 2004 22:59:03 +1100 Subject: - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being inherited by the child. ok djm@ --- configure.ac | 4 ++-- openbsd-compat/bsd-misc.h | 6 +++++- openbsd-compat/setenv.c | 8 ++++++-- sshd.c | 7 +++++++ 4 files changed, 20 insertions(+), 5 deletions(-) (limited to 'openbsd-compat') diff --git a/configure.ac b/configure.ac index fc765b472..8eea75589 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.204 2004/03/03 00:08:59 djm Exp $ +# $Id: configure.ac,v 1.205 2004/03/08 11:59:03 dtucker Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -802,7 +802,7 @@ AC_CHECK_FUNCS(\ setproctitle setregid setreuid setrlimit \ setsid setvbuf sigaction sigvec snprintf socketpair strerror \ strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ - truncate updwtmpx utimes vhangup vsnprintf waitpid \ + truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ ) # IRIX has a const char return value for gai_strerror() diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index c8073942c..009739b14 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.14 2004/02/17 05:49:55 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.15 2004/03/08 11:59:03 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -89,6 +89,10 @@ pid_t tcgetpgrp(int); int tcsendbreak(int, int); #endif +#ifndef HAVE_UNSETENV +void unsetenv(const char *); +#endif + /* wrapper for signal interface */ typedef void (*mysig_t)(int); mysig_t mysignal(int sig, mysig_t act); diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index b7ba0ce83..c3a86c651 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -30,7 +30,7 @@ */ #include "includes.h" -#ifndef HAVE_SETENV +#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) #if defined(LIBC_SCCS) && !defined(lint) static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $"; @@ -77,6 +77,7 @@ __findenv(name, offset) return (NULL); } +#ifndef HAVE_SETENV /* * setenv -- * Set the value of the environmental variable "name" to be @@ -138,7 +139,9 @@ setenv(name, value, rewrite) ; return (0); } +#endif /* HAVE_SETENV */ +#ifndef HAVE_UNSETENV /* * unsetenv(name) -- * Delete environmental variable "name". @@ -157,5 +160,6 @@ unsetenv(name) if (!(*P = *(P + 1))) break; } +#endif /* HAVE_UNSETENV */ -#endif /* HAVE_SETENV */ +#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */ diff --git a/sshd.c b/sshd.c index 2c224b9c3..3247091a4 100644 --- a/sshd.c +++ b/sshd.c @@ -939,6 +939,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); +#ifdef _AIX + /* + * Unset KRB5CCNAME, otherwise the user's session may inherit it from + * root's environment + */ + unsetenv("KRB5CCNAME"); +#endif /* _AIX */ #ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! -- cgit v1.2.3 From 7c991ab1e1ea69125de51fc650369ff14c1d6fd7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 10 Mar 2004 21:06:32 +1100 Subject: - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo before redefining it, silences warnings on Tru64. --- ChangeLog | 6 +++++- openbsd-compat/fake-rfc2553.h | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index 11c3419a3..a18f49221 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040310 + - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo + before redefining it, silences warnings on Tru64. + 20040308 - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@ @@ -891,4 +895,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3286 2004/03/08 20:12:18 tim Exp $ +$Id: ChangeLog,v 1.3287 2004/03/10 10:06:32 dtucker Exp $ diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h index eb88605fa..baea07038 100644 --- a/openbsd-compat/fake-rfc2553.h +++ b/openbsd-compat/fake-rfc2553.h @@ -1,4 +1,4 @@ -/* $Id: fake-rfc2553.h,v 1.8 2004/02/10 02:05:41 dtucker Exp $ */ +/* $Id: fake-rfc2553.h,v 1.9 2004/03/10 10:06:33 dtucker Exp $ */ /* * Copyright (C) 2000-2003 Damien Miller. All rights reserved. @@ -133,6 +133,9 @@ struct addrinfo { #endif /* !HAVE_STRUCT_ADDRINFO */ #ifndef HAVE_GETADDRINFO +#ifdef getaddrinfo +# undef getaddrinfo +#endif #define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) int getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); -- cgit v1.2.3 From 2eb4236d86c657dadd2dc782efd5c0857a673c4f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 18 Apr 2004 21:15:43 +1000 Subject: - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow change of user context without a password, so relax auth method restrictions; from vinschen AT redhat.com; ok dtucker@ --- ChangeLog | 5 ++++- openbsd-compat/bsd-cygwin_util.c | 12 ++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) (limited to 'openbsd-compat') diff --git a/ChangeLog b/ChangeLog index f34b6b381..fab3f923e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20040418 - (dtucker) [auth-pam.c] Log username and source host for failed PAM authentication attempts. With & ok djm@ + - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow + change of user context without a password, so relax auth method + restrictions; from vinschen AT redhat.com; ok dtucker@ 20040416 - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since @@ -979,4 +982,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3315 2004/04/18 01:00:26 dtucker Exp $ +$Id: ChangeLog,v 1.3316 2004/04/18 11:15:43 djm Exp $ diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index a87cf3c97..92cdba6e0 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -29,7 +29,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.11 2003/08/07 06:23:43 dtucker Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $"); #ifdef HAVE_CYGWIN @@ -77,6 +77,7 @@ binary_pipe(int fd[2]) #define HAS_CREATE_TOKEN 1 #define HAS_NTSEC_BY_DEFAULT 2 +#define HAS_CREATE_TOKEN_WO_NTSEC 3 static int has_capability(int what) @@ -84,6 +85,7 @@ has_capability(int what) static int inited; static int has_create_token; static int has_ntsec_by_default; + static int has_create_token_wo_ntsec; /* * has_capability() basically calls uname() and checks if @@ -113,6 +115,9 @@ has_capability(int what) has_create_token = 1; if (api_major_version > 0 || api_minor_version >= 56) has_ntsec_by_default = 1; + if (major_high > 1 || + (major_high == 1 && major_low >= 5)) + has_create_token_wo_ntsec = 1; inited = 1; } } @@ -121,6 +126,8 @@ has_capability(int what) return (has_create_token); case HAS_NTSEC_BY_DEFAULT: return (has_ntsec_by_default); + case HAS_CREATE_TOKEN_WO_NTSEC: + return (has_create_token_wo_ntsec); } return (0); } @@ -151,7 +158,8 @@ check_nt_auth(int pwd_authenticated, struct passwd *pw) if (has_capability(HAS_CREATE_TOKEN) && (ntsec_on(cygwin) || (has_capability(HAS_NTSEC_BY_DEFAULT) && - !ntsec_off(cygwin)))) + !ntsec_off(cygwin)) || + has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) has_create_token = 1; } if (has_create_token < 1 && -- cgit v1.2.3