From 9d86e5d5704092072822336af6d0bee468c25966 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 8 Mar 2009 11:40:27 +1100 Subject: - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com. --- session.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index f2549e0cd..8e0c54faa 100644 --- a/session.c +++ b/session.c @@ -571,8 +571,7 @@ do_exec_no_pty(Session *s, const char *command) signal(WJSIGNAL, cray_job_termination_handler); #endif /* _UNICOS */ #ifdef HAVE_CYGWIN - if (is_winnt) - cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); + cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif s->pid = pid; @@ -726,8 +725,7 @@ do_exec_pty(Session *s, const char *command) signal(WJSIGNAL, cray_job_termination_handler); #endif /* _UNICOS */ #ifdef HAVE_CYGWIN - if (is_winnt) - cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); + cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif s->pid = pid; @@ -1116,7 +1114,7 @@ do_setup_env(Session *s, const char *shell) u_int i, envsize; char **env, *laddr; struct passwd *pw = s->pw; -#ifndef HAVE_LOGIN_CAP +#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) char *path = NULL; #endif @@ -1551,9 +1549,6 @@ do_setusercontext(struct passwd *pw) #endif } -#ifdef HAVE_CYGWIN - if (is_winnt) -#endif if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); -- cgit v1.2.3 From ac46a915e83c6a69237d683a136bc919049b22d5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 17:55:23 +1000 Subject: - stevesk@cvs.openbsd.org 2009/04/17 19:23:06 [session.c] use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; ok djm@ markus@ --- ChangeLog | 4 ++++ session.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 3c799fbaf..4d6051053 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ [servconf.c] Fixed a few the-the misspellings in comments. Skipped a bunch in binutils,gcc and so on. ok jmc@ + - stevesk@cvs.openbsd.org 2009/04/17 19:23:06 + [session.c] + use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; + ok djm@ markus@ 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/session.c b/session.c index 8e0c54faa..f04266f78 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.245 2009/01/22 09:46:01 djm Exp $ */ +/* $OpenBSD: session.c,v 1.246 2009/04/17 19:23:06 stevesk Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1789,7 +1789,7 @@ do_child(Session *s, const char *command) int i; char *p, *args; - setproctitle("%s@internal-sftp-server", s->pw->pw_name); + setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME); args = xstrdup(command ? command : "sftp-server"); for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " "))) if (i < ARGV_MAX - 1) -- cgit v1.2.3 From 43e7a358ff9476fb77bc1b475530ce4c6b152ccc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 21 Jun 2009 19:50:08 +1000 Subject: - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and header-order changes to reduce diff vs OpenBSD. --- ChangeLog | 2 ++ auth2-jpake.c | 2 +- auth2.c | 2 +- canohost.h | 2 +- session.c | 6 +++--- 5 files changed, 8 insertions(+), 6 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index c816276cc..629c482df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -105,6 +105,8 @@ [roaming.h roaming_common.c roaming_dummy.c] Add tags for the benefit of the sync scripts Also: pull in the changes for 1.1->1.2 missed in the previous sync. + - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and + header-order changes to reduce diff vs OpenBSD. 20090616 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t diff --git a/auth2-jpake.c b/auth2-jpake.c index 6092e31c0..5de5506a6 100644 --- a/auth2-jpake.c +++ b/auth2-jpake.c @@ -42,8 +42,8 @@ #include "ssh2.h" #include "key.h" #include "hostfile.h" -#include "buffer.h" #include "auth.h" +#include "buffer.h" #include "packet.h" #include "dispatch.h" #include "log.h" diff --git a/auth2.c b/auth2.c index ecf857052..92e6f5842 100644 --- a/auth2.c +++ b/auth2.c @@ -35,8 +35,8 @@ #include #include -#include "xmalloc.h" #include "atomicio.h" +#include "xmalloc.h" #include "ssh2.h" #include "packet.h" #include "log.h" diff --git a/canohost.h b/canohost.h index 64000f5eb..4c8636f42 100644 --- a/canohost.h +++ b/canohost.h @@ -24,6 +24,6 @@ char *get_local_name(int); int get_remote_port(void); int get_local_port(void); int get_sock_port(int, int); -void clear_cached_addr(void); +void clear_cached_addr(void); void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/session.c b/session.c index f04266f78..cdbf88ab7 100644 --- a/session.c +++ b/session.c @@ -715,8 +715,8 @@ do_exec_pty(Session *s, const char *command) * Do common processing for the child, such as execing * the command. */ - do_child(s, command); - /* NOTREACHED */ + do_child(s, command); + /* NOTREACHED */ default: break; } @@ -845,7 +845,7 @@ do_login(Session *s, const char *command) fromlen = sizeof(from); if (packet_connection_is_on_socket()) { if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } -- cgit v1.2.3 From 82edf23fffc4accf7686da08367e9fd5b5baa487 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Aug 2009 16:20:50 +1000 Subject: - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move the setpcred call on AIX to immediately before the permanently_set_uid(). Ensures that we still have privileges when we call chroot and pam_open_sesson. Based on a patch from David Leonard. --- ChangeLog | 4 ++++ openbsd-compat/port-aix.h | 7 ++++++- session.c | 9 ++++----- 3 files changed, 14 insertions(+), 6 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 056240f39..58cb16454 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,10 @@ - (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not using it since the type conflicts can cause problems on FreeBSD. Patch from Jonathan Chen. + - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move + the setpcred call on AIX to immediately before the permanently_set_uid(). + Ensures that we still have privileges when we call chroot and + pam_open_sesson. Based on a patch from David Leonard. 20090817 - (dtucker) [configure.ac] Check for headers before libraries for openssl an diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 967bc7235..3ac76ae15 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.30 2009/08/16 23:40:00 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */ /* * @@ -71,6 +71,11 @@ int passwdexpired(char *, char **); # include #endif +/* for setpcred and friends */ +#ifdef HAVE_USERSEC_H +# include +#endif + /* * According to the setauthdb man page, AIX password registries must be 15 * chars or less plus terminating NUL. diff --git a/session.c b/session.c index cdbf88ab7..f4a363543 100644 --- a/session.c +++ b/session.c @@ -1466,11 +1466,6 @@ do_setusercontext(struct passwd *pw) if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ { - -#ifdef HAVE_SETPCRED - if (setpcred(pw->pw_name, (char **)NULL) == -1) - fatal("Failed to set process credentials"); -#endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP # ifdef __bsdi__ setpgid(0, 0); @@ -1538,6 +1533,10 @@ do_setusercontext(struct passwd *pw) free(chroot_path); } +#ifdef HAVE_SETPCRED + if (setpcred(pw->pw_name, (char **)NULL) == -1) + fatal("Failed to set process credentials"); +#endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { perror("unable to set user context (setuser)"); -- cgit v1.2.3