Bugzilla – Attachment 378 Details for
Bug 252
Patch for use of /etc/default/login
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Rework based on comments.
openssh-deflogin4.patch (text/plain), 7.48 KB, created by
Darren Tucker
on 2003-09-05 10:21:37 AEST
(
hide
)
Description:
Rework based on comments.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2003-09-05 10:21:37 AEST
Size:
7.48 KB
patch
obsolete
>Index: acconfig.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/acconfig.h,v >retrieving revision 1.162 >diff -u -p -r1.162 acconfig.h >--- acconfig.h 26 Aug 2003 01:58:16 -0000 1.162 >+++ acconfig.h 26 Aug 2003 03:49:50 -0000 >@@ -353,6 +353,9 @@ > /* Define in your struct dirent expects you to allocate extra space for d_name */ > #undef BROKEN_ONE_BYTE_DIRENT_D_NAME > >+/* Define if your system has /etc/default/login */ >+#undef HAVE_ETC_DEFAULT_LOGIN >+ > /* Define if your getopt(3) defines and uses optreset */ > #undef HAVE_GETOPT_OPTRESET > >Index: configure.ac >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v >retrieving revision 1.143 >diff -u -p -r1.143 configure.ac >--- configure.ac 26 Aug 2003 01:58:16 -0000 1.143 >+++ configure.ac 4 Sep 2003 12:41:27 -0000 >@@ -246,6 +246,7 @@ mips-sony-bsd|mips-sony-newsos4) > AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") > # Pushing STREAMS modules will cause sshd to acquire a controlling tty. > AC_DEFINE(SSHD_ACQUIRES_CTTY) >+ external_path_file=/etc/default/login > # hardwire lastlog location (can't detect it on some versions) > conf_lastlog_location="/var/adm/lastlog" > AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) >@@ -282,6 +283,7 @@ mips-sony-bsd|mips-sony-newsos4) > AC_DEFINE(USE_PIPES) > AC_DEFINE(IP_TOS_IS_BROKEN) > AC_DEFINE(SSHD_ACQUIRES_CTTY) >+ external_path_file=/etc/default/login > # /usr/ucblib/libucb.a no longer needed on ReliantUNIX > # Attention: always take care to bind libsocket and libnsl before libc, > # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog >@@ -2146,27 +2148,35 @@ else > ) > fi > >-dnl BSD systems use /etc/login.conf so --with-default-path= has no effect >+# check for /etc/default/login and use it if present. >+AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) >+ >+if test "x$external_path_file" = "x/etc/default/login"; then >+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) >+fi >+ >+dnl BSD systems use /etc/login.conf for path, --with-default-path= has no effect > if test $ac_cv_func_login_getcapbool = "yes" -a \ > $ac_cv_header_login_cap_h = "yes" ; then >- USES_LOGIN_CONF=yes >+ external_path_file=/etc/login.conf > fi >+ > # Whether to mess with the default path > SERVER_PATH_MSG="(default)" > AC_ARG_WITH(default-path, > [ --with-default-path= Specify default \$PATH environment for server], > [ >- if test "$USES_LOGIN_CONF" = "yes" ; then >+ if ! test -z "$external_path_file" ; then > AC_MSG_WARN([ > --with-default-path=PATH has no effect on this system. >-Edit /etc/login.conf instead.]) >+Edit $external_path_file instead.]) > elif test "x$withval" != "xno" ; then > user_path="$withval" > SERVER_PATH_MSG="$withval" > fi > ], >- [ if test "$USES_LOGIN_CONF" = "yes" ; then >- AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) >+ [ if test ! -z "$external_path_file" ; then >+ AC_MSG_WARN([Make sure the path to scp is in $external_path_file]) > else > AC_TRY_RUN( > [ >@@ -2223,7 +2233,7 @@ main() > fi > fi ] > ) >-if test "$USES_LOGIN_CONF" != "yes" ; then >+if test ! -z "$external_path_file" ; then > AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") > AC_SUBST(user_path) > fi >@@ -2593,8 +2603,9 @@ echo " Askpass program > echo " Manual pages: $F" > echo " PID file: $G" > echo " Privilege separation chroot path: $H" >-if test "$USES_LOGIN_CONF" = "yes" ; then >-echo " At runtime, sshd will use the path defined in /etc/login.conf" >+if test ! -z "$external_path_file"; then >+echo " At runtime, sshd will use the path defined in $external_path_file" >+echo " Make sure the path to scp is present, otherwise scp will not work" > else > echo " sshd default user PATH: $I" > fi >Index: defines.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/defines.h,v >retrieving revision 1.102 >diff -u -p -r1.102 defines.h >--- defines.h 26 Aug 2003 01:58:16 -0000 1.102 >+++ defines.h 4 Sep 2003 13:40:10 -0000 >@@ -321,6 +321,10 @@ struct winsize { > # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" > #endif > >+#ifndef SUPERUSER_PATH >+# define SUPERUSER_PATH _PATH_STDPATH >+#endif >+ > #ifndef _PATH_DEVNULL > # define _PATH_DEVNULL "/dev/null" > #endif >Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.252 >diff -u -p -r1.252 session.c >--- session.c 2 Sep 2003 13:18:53 -0000 1.252 >+++ session.c 5 Sep 2003 00:02:55 -0000 >@@ -801,6 +801,12 @@ child_set_env(char ***envp, u_int *envsi > u_int i, namelen; > char **env; > >+ if (*envp == NULL && *envsizep == 0) { >+ *envp = xmalloc(sizeof(char *)); >+ *envp[0] = NULL; >+ *envsizep = 1; >+ } >+ > /* > * Find the slot where the value should be stored. If the variable > * already exists, we reuse the slot; otherwise we append a new slot >@@ -877,6 +883,54 @@ read_environment_file(char ***env, u_int > fclose(f); > } > >+#ifdef HAVE_ETC_DEFAULT_LOGIN >+/* >+ * Read /etc/default/login. >+ * We pick up the PATH (or SUPATH for root) and UMASK. >+ */ >+static void >+read_etc_default_login(char ***env, u_int *envsize, uid_t uid) >+{ >+ char **edf_env = NULL, *edf; >+ u_int i, edf_envsize = 0; >+ mode_t mask; >+ >+ /* >+ * We don't want to copy the whole file to the childs environment, >+ * so we use our own temporary environment here. >+ */ >+ read_environment_file(&edf_env, &edf_envsize, "/etc/default/login"); >+ >+ if (uid == 0) >+ edf = child_get_env(edf_env, "SUPATH"); >+ else >+ edf = child_get_env(edf_env, "PATH"); >+ if (edf != NULL) >+ child_set_env(env, envsize, "PATH", edf); >+ >+ if ((edf = child_get_env(edf_env, "UMASK")) != NULL) >+ if (sscanf(edf, "%5lo", &mask) == 1) >+ umask(mask); >+ >+ for (i = 0; edf_env[i] != NULL; i++) >+ xfree(edf_env[i]); >+ xfree(edf_env); >+} >+ >+char * >+child_get_env(char **env, const char *name) >+{ >+ int i; >+ size_t len; >+ >+ len = strlen(name); >+ for (i=0; env[i] != NULL; i++) >+ if (env[i][len] == '=' && strncmp(name, env[i], len) == 0) >+ return(env[i] + len + 1); >+ return NULL; >+} >+#endif /* HAVE_ETC_DEFAULT_LOGIN */ >+ > void copy_environment(char **source, char ***env, u_int *envsize) > { > char *var_name, *var_val; >@@ -949,12 +1003,14 @@ do_setup_env(Session *s, const char *she > * needed for loading shared libraries. So the path better > * remains intact here. > */ >-# ifdef SUPERUSER_PATH >- child_set_env(&env, &envsize, "PATH", >- s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); >-# else >- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); >-# endif /* SUPERUSER_PATH */ >+# ifdef HAVE_ETC_DEFAULT_LOGIN >+ read_etc_default_login(&env, &envsize, pw->pw_uid); >+# endif /* HAVE_ETC_DEFAULT_LOGIN */ >+ if (child_get_env(env, "PATH") == NULL) { >+ child_set_env(&env, &envsize, "PATH", >+ s->pw->pw_uid == 0 ? >+ SUPERUSER_PATH : _PATH_STDPATH); >+ } > # endif /* HAVE_CYGWIN */ > #endif /* HAVE_LOGIN_CAP */ > >Index: session.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.h,v >retrieving revision 1.24 >diff -u -p -r1.24 session.h >--- session.h 26 Aug 2003 01:49:56 -0000 1.24 >+++ session.h 4 Sep 2003 13:32:56 -0000 >@@ -70,5 +70,6 @@ void session_close(Session *); > void do_setusercontext(struct passwd *); > void child_set_env(char ***envp, u_int *envsizep, const char *name, > const char *value); >+char *child_get_env(char **, const char *); > > #endif
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 252
:
98
|
212
|
367
|
378
|
397
|
398