Attachment #367 for bug #252

Lines 350-355 Link Here

(-)acconfig.h (+3 lines)
350	/* Define in your struct dirent expects you to allocate extra space for d_name */	350	/* Define in your struct dirent expects you to allocate extra space for d_name */
351	#undef BROKEN_ONE_BYTE_DIRENT_D_NAME	351	#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
352		352
		353	/* Define if your system has /etc/default/login */
		354	#undef HAVE_ETC_DEFAULT_LOGIN
		355
353	/* Define if your getopt(3) defines and uses optreset */	356	/* Define if your getopt(3) defines and uses optreset */
354	#undef HAVE_GETOPT_OPTRESET	357	#undef HAVE_GETOPT_OPTRESET
355		358




	AC_DEFINE(PAM_TTY_KLUDGE)
	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
	AC_DEFINE(SSHD_ACQUIRES_CTTY)
	external_path_file=/etc/default/login
	# hardwire lastlog location (can't detect it on some versions)
	conf_lastlog_location="/var/adm/lastlog"
	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)

	AC_DEFINE(USE_PIPES)
	AC_DEFINE(IP_TOS_IS_BROKEN)
	AC_DEFINE(SSHD_ACQUIRES_CTTY)
	external_path_file=/etc/default/login
	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
	# Attention: always take care to bind libsocket and libnsl before libc,
	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog

	)
fi

# check for /etc/default/login and use it if present.
AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])

if test "x$external_path_file" = "x/etc/default/login"; then
	AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
fi

dnl BSD systems use /etc/login.conf for path, --with-default-path= has no effect
if test $ac_cv_func_login_getcapbool = "yes" -a \
	$ac_cv_header_login_cap_h = "yes" ; then
	external_path_file=/etc/login.conf
fi

# Whether to mess with the default path
SERVER_PATH_MSG="(default)" 
AC_ARG_WITH(default-path,
	[  --with-default-path=    Specify default \$PATH environment for server],
	[
		if ! test -z "$external_path_file" ; then
			AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit $external_path_file instead.])
		elif test "x$withval" != "xno" ; then	
			user_path="$withval"
			SERVER_PATH_MSG="$withval" 
		fi
	],
	[ if test ! -z "$external_path_file" ; then
	AC_MSG_WARN([Make sure the path to scp is in $external_path_file])
	else
	AC_TRY_RUN(
		[

		fi
	fi ]
)
if test ! -z "$external_path_file" ; then
	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
	AC_SUBST(user_path)
fi

echo "                      Manual pages: $F"
echo "                          PID file: $G"
echo "  Privilege separation chroot path: $H"
if test ! -z "$external_path_file"; then
echo "   At runtime, sshd will use the path defined in $external_path_file"
else
echo "            sshd default user PATH: $I"
fi




}

/*
 * Returns the value of the given variable from the environment.
 * Returns NULL, if the variable is not found.
 */
static char *
child_get_env(char **envp, const char *name)
{
	u_int i, namelen;

	namelen = strlen(name);
	for (i = 0; envp[i]; i++) {
		if (strncmp(envp[i], name, namelen) == 0 &&
		    envp[i][namelen] == '=')
			break;
	}
	if (envp[i])
		return &envp[i][namelen + 1];
	
	return NULL;
}

/*
 * Reads environment variables from the given file and adds/overrides them
 * into the environment.  If the file does not exist, this does nothing.
 * Otherwise, it must consist of empty lines, comments (line starts with '#')

	fclose(f);
}

#ifdef HAVE_ETC_DEFAULT_LOGIN
/*
 * Read /etc/default/login
 * This file is found and processed by login(1) at least on Solaris
 * and ReliantUNIX.
 *
 * Get PATH environment variable from:
 *	PATH (for mere mortals)
 *	SUPATH (for root)
 * Get umask setting from UMASK
 *
 * XXX  There are other reasonable things to process in this file:
 *	i.e. ALTSHELL, CONSOLE, DISABLE_RHOSTS, HZ, IDLEWEEKS, ULIMIT
 *
 */
static void
read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
{
	char **edf_env, *edf;
	u_int i, edf_envsize;
	mode_t mask;

	/*
	 * We don't want to copy the whole file to the childs environment,
	 * so we use our own temporary environment here.
	 * envsize=10 should be large enough, but child_set_env will expand
	 * the array if necessary.
	 */
	edf_envsize = 10;
	edf_env = xmalloc(edf_envsize * sizeof(char *));
	edf_env[0] = NULL;

	read_environment_file(&edf_env, &edf_envsize, "/etc/default/login");

	if (uid == 0)
		edf = child_get_env(edf_env, "SUPATH");
	else
		edf = child_get_env(edf_env, "PATH");
	if (edf != NULL)
		child_set_env(env, envsize, "PATH", edf);
	
	if ((edf = child_get_env(edf_env, "UMASK")) != NULL)
		if (sscanf(edf, "%5lo", &mask) == 1)
			umask(mask);
	
	for (i = 0; edf_env[i] != NULL; i++)
		xfree(edf_env[i]);
	xfree(edf_env);
}
#endif /* HAVE_ETC_DEFAULT_LOGIN */

void copy_environment(char **source, char ***env, u_int *envsize)
{
	char *var_name, *var_val;

		 * needed for loading shared libraries. So the path better
		 * remains intact here.
		 */
#  ifdef HAVE_ETC_DEFAULT_LOGIN
		read_etc_default_login(&env, &envsize, pw->pw_uid);
#  endif /* HAVE_ETC_DEFAULT_LOGIN */
#  else 
		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
#  endif /* SUPERUSER_PATH */
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */

		/*
		 * Paranoia check: set at least a standard path
		 * if none is set yet.
		 */
		if (child_get_env(env, "PATH") == NULL) {
#ifdef SUPERUSER_PATH
			child_set_env(&env, &envsize, "PATH", 
			    s->pw->pw_uid == 0 ?
				SUPERUSER_PATH : _PATH_STDPATH);
#else 
			child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
#endif /* SUPERUSER_PATH */
		}
		snprintf(buf, sizeof buf, "%.200s/%.50s",
			 _PATH_MAILDIR, pw->pw_name);
		child_set_env(&env, &envsize, "MAIL", buf);

Return to bug 252

Lines 239-244 mips-sony-bsd\|mips-sony-newsos4) Link Here

(-)configure.ac (-9 / +19 lines)
239	AC_DEFINE(PAM_TTY_KLUDGE)	239	AC_DEFINE(PAM_TTY_KLUDGE)
240	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.	240	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
241	AC_DEFINE(SSHD_ACQUIRES_CTTY)	241	AC_DEFINE(SSHD_ACQUIRES_CTTY)
		242	external_path_file=/etc/default/login
242	# hardwire lastlog location (can't detect it on some versions)	243	# hardwire lastlog location (can't detect it on some versions)
243	conf_lastlog_location="/var/adm/lastlog"	244	conf_lastlog_location="/var/adm/lastlog"
244	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)	245	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
Lines 275-280 mips-sony-bsd\|mips-sony-newsos4) Link Here
275	AC_DEFINE(USE_PIPES)	276	AC_DEFINE(USE_PIPES)
276	AC_DEFINE(IP_TOS_IS_BROKEN)	277	AC_DEFINE(IP_TOS_IS_BROKEN)
277	AC_DEFINE(SSHD_ACQUIRES_CTTY)	278	AC_DEFINE(SSHD_ACQUIRES_CTTY)
		279	external_path_file=/etc/default/login
278	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX	280	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
279	# Attention: always take care to bind libsocket and libnsl before libc,	281	# Attention: always take care to bind libsocket and libnsl before libc,
280	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog	282	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
Lines 2111-2137 else Link Here
2111	)	2113	)
2112	fi	2114	fi
2113		2115
2114	dnl BSD systems use /etc/login.conf so --with-default-path= has no effect	2116	# check for /etc/default/login and use it if present.
		2117	AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
		2118
		2119	if test "x$external_path_file" = "x/etc/default/login"; then
		2120	AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
		2121	fi
		2122
		2123	dnl BSD systems use /etc/login.conf for path, --with-default-path= has no effect
2115	if test $ac_cv_func_login_getcapbool = "yes" -a \	2124	if test $ac_cv_func_login_getcapbool = "yes" -a \
2116	$ac_cv_header_login_cap_h = "yes" ; then	2125	$ac_cv_header_login_cap_h = "yes" ; then
2117	USES_LOGIN_CONF=yes	2126	external_path_file=/etc/login.conf
2118	fi	2127	fi
		2128
2119	# Whether to mess with the default path	2129	# Whether to mess with the default path
2120	SERVER_PATH_MSG="(default)"	2130	SERVER_PATH_MSG="(default)"
2121	AC_ARG_WITH(default-path,	2131	AC_ARG_WITH(default-path,
2122	[ --with-default-path= Specify default \$PATH environment for server],	2132	[ --with-default-path= Specify default \$PATH environment for server],
2123	[	2133	[
2124	if test "$USES_LOGIN_CONF" = "yes" ; then	2134	if ! test -z "$external_path_file" ; then
2125	AC_MSG_WARN([	2135	AC_MSG_WARN([
2126	--with-default-path=PATH has no effect on this system.	2136	--with-default-path=PATH has no effect on this system.
2127	Edit /etc/login.conf instead.])	2137	Edit $external_path_file instead.])
2128	elif test "x$withval" != "xno" ; then	2138	elif test "x$withval" != "xno" ; then
2129	user_path="$withval"	2139	user_path="$withval"
2130	SERVER_PATH_MSG="$withval"	2140	SERVER_PATH_MSG="$withval"
2131	fi	2141	fi
2132	],	2142	],
2133	[ if test "$USES_LOGIN_CONF" = "yes" ; then	2143	[ if test ! -z "$external_path_file" ; then
2134	AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])	2144	AC_MSG_WARN([Make sure the path to scp is in $external_path_file])
2135	else	2145	else
2136	AC_TRY_RUN(	2146	AC_TRY_RUN(
2137	[	2147	[
Lines 2188-2194 main() Link Here
2188	fi	2198	fi
2189	fi ]	2199	fi ]
2190	)	2200	)
2191	if test "$USES_LOGIN_CONF" != "yes" ; then	2201	if test ! -z "$external_path_file" ; then
2192	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")	2202	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2193	AC_SUBST(user_path)	2203	AC_SUBST(user_path)
2194	fi	2204	fi
Lines 2558-2565 echo " Askpass program Link Here
2558	echo " Manual pages: $F"	2568	echo " Manual pages: $F"
2559	echo " PID file: $G"	2569	echo " PID file: $G"
2560	echo " Privilege separation chroot path: $H"	2570	echo " Privilege separation chroot path: $H"
2561	if test "$USES_LOGIN_CONF" = "yes" ; then	2571	if test ! -z "$external_path_file"; then
2562	echo " At runtime, sshd will use the path defined in /etc/login.conf"	2572	echo " At runtime, sshd will use the path defined in $external_path_file"
2563	else	2573	else
2564	echo " sshd default user PATH: $I"	2574	echo " sshd default user PATH: $I"
2565	fi	2575	fi

Lines 845-850 child_set_env(char **envp, u_int envsi Link Here

(-)session.c (-6 / +88 lines)
845	}	845	}
846		846
847	/*	847	/*
		848	* Returns the value of the given variable from the environment.
		849	* Returns NULL, if the variable is not found.
		850	*/
		851	static char *
		852	child_get_env(char *envp, const char name)
		853	{
		854	u_int i, namelen;
		855
		856	namelen = strlen(name);
		857	for (i = 0; envp[i]; i++) {
		858	if (strncmp(envp[i], name, namelen) == 0 &&
		859	envp[i][namelen] == '=')
		860	break;
		861	}
		862	if (envp[i])
		863	return &envp[i][namelen + 1];
		864
		865	return NULL;
		866	}
		867
		868	/*
848	* Reads environment variables from the given file and adds/overrides them	869	* Reads environment variables from the given file and adds/overrides them
849	* into the environment. If the file does not exist, this does nothing.	870	* into the environment. If the file does not exist, this does nothing.
850	* Otherwise, it must consist of empty lines, comments (line starts with '#')	871	* Otherwise, it must consist of empty lines, comments (line starts with '#')
Lines 889-894 read_environment_file(char ***env, u_int Link Here
889	fclose(f);	910	fclose(f);
890	}	911	}
891		912
		913	#ifdef HAVE_ETC_DEFAULT_LOGIN
		914	/*
		915	* Read /etc/default/login
		916	* This file is found and processed by login(1) at least on Solaris
		917	* and ReliantUNIX.
		918	*
		919	* Get PATH environment variable from:
		920	* PATH (for mere mortals)
		921	* SUPATH (for root)
		922	* Get umask setting from UMASK
		923	*
		924	* XXX There are other reasonable things to process in this file:
		925	* i.e. ALTSHELL, CONSOLE, DISABLE_RHOSTS, HZ, IDLEWEEKS, ULIMIT
		926	*
		927	*/
		928	static void
		929	read_etc_default_login(char **env, u_int envsize, uid_t uid)
		930	{
		931	char *edf_env, edf;
		932	u_int i, edf_envsize;
		933	mode_t mask;
		934
		935	/*
		936	* We don't want to copy the whole file to the childs environment,
		937	* so we use our own temporary environment here.
		938	* envsize=10 should be large enough, but child_set_env will expand
		939	* the array if necessary.
		940	*/
		941	edf_envsize = 10;
		942	edf_env = xmalloc(edf_envsize * sizeof(char *));
		943	edf_env[0] = NULL;
		944
		945	read_environment_file(&edf_env, &edf_envsize, "/etc/default/login");
		946
		947	if (uid == 0)
		948	edf = child_get_env(edf_env, "SUPATH");
		949	else
		950	edf = child_get_env(edf_env, "PATH");
		951	if (edf != NULL)
		952	child_set_env(env, envsize, "PATH", edf);
		953
		954	if ((edf = child_get_env(edf_env, "UMASK")) != NULL)
		955	if (sscanf(edf, "%5lo", &mask) == 1)
		956	umask(mask);
		957
		958	for (i = 0; edf_env[i] != NULL; i++)
		959	xfree(edf_env[i]);
		960	xfree(edf_env);
		961	}
		962	#endif /* HAVE_ETC_DEFAULT_LOGIN */
		963
892	void copy_environment(char source, char env, u_int envsize)	964	void copy_environment(char source, char env, u_int envsize)
893	{	965	{
894	char var_name, var_val;	966	char var_name, var_val;
Lines 954-968 do_setup_env(Session s, const char she Link Here
954	* needed for loading shared libraries. So the path better	1026	* needed for loading shared libraries. So the path better
955	* remains intact here.	1027	* remains intact here.
956	*/	1028	*/
957	# ifdef SUPERUSER_PATH	1029	# ifdef HAVE_ETC_DEFAULT_LOGIN
958	child_set_env(&env, &envsize, "PATH",	1030	read_etc_default_login(&env, &envsize, pw->pw_uid);
959	s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);	1031	# endif /* HAVE_ETC_DEFAULT_LOGIN */
960	# else
961	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
962	# endif /* SUPERUSER_PATH */
963	# endif /* HAVE_CYGWIN */	1032	# endif /* HAVE_CYGWIN */
964	#endif /* HAVE_LOGIN_CAP */	1033	#endif /* HAVE_LOGIN_CAP */
965		1034
		1035	/*
		1036	* Paranoia check: set at least a standard path
		1037	* if none is set yet.
		1038	*/
		1039	if (child_get_env(env, "PATH") == NULL) {
		1040	#ifdef SUPERUSER_PATH
		1041	child_set_env(&env, &envsize, "PATH",
		1042	s->pw->pw_uid == 0 ?
		1043	SUPERUSER_PATH : _PATH_STDPATH);
		1044	#else
		1045	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
		1046	#endif /* SUPERUSER_PATH */
		1047	}
966	snprintf(buf, sizeof buf, "%.200s/%.50s",	1048	snprintf(buf, sizeof buf, "%.200s/%.50s",
967	_PATH_MAILDIR, pw->pw_name);	1049	_PATH_MAILDIR, pw->pw_name);
968	child_set_env(&env, &envsize, "MAIL", buf);	1050	child_set_env(&env, &envsize, "MAIL", buf);