Attachment #397 for bug #252

Lines 359-364 Link Here

(-)acconfig.h (+3 lines)
359	/* Define in your struct dirent expects you to allocate extra space for d_name */	359	/* Define in your struct dirent expects you to allocate extra space for d_name */
360	#undef BROKEN_ONE_BYTE_DIRENT_D_NAME	360	#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
361		361
		362	/* Define if your system has /etc/default/login */
		363	#undef HAVE_ETC_DEFAULT_LOGIN
		364
362	/* Define if your getopt(3) defines and uses optreset */	365	/* Define if your getopt(3) defines and uses optreset */
363	#undef HAVE_GETOPT_OPTRESET	366	#undef HAVE_GETOPT_OPTRESET
364		367




	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
	AC_DEFINE(SSHD_ACQUIRES_CTTY)
	external_path_file=/etc/default/login
	# hardwire lastlog location (can't detect it on some versions)
	conf_lastlog_location="/var/adm/lastlog"
	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)

	AC_DEFINE(USE_PIPES)
	AC_DEFINE(IP_TOS_IS_BROKEN)
	AC_DEFINE(SSHD_ACQUIRES_CTTY)
	external_path_file=/etc/default/login
	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
	# Attention: always take care to bind libsocket and libnsl before libc,
	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog

	)
fi

# check for /etc/default/login and use it if present.
AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])

if test "x$external_path_file" = "x/etc/default/login"; then
	AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
fi

dnl BSD systems use /etc/login.conf for path, --with-default-path= has no effect
if test $ac_cv_func_login_getcapbool = "yes" -a \
	$ac_cv_header_login_cap_h = "yes" ; then
	external_path_file=/etc/login.conf
fi

# Whether to mess with the default path
SERVER_PATH_MSG="(default)" 
AC_ARG_WITH(default-path,
	[  --with-default-path=    Specify default \$PATH environment for server],
	[
		if ! test -z "$external_path_file" ; then
			AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit $external_path_file instead.])
		elif test "x$withval" != "xno" ; then	
			user_path="$withval"
			SERVER_PATH_MSG="$withval" 
		fi
	],
	[ if test ! -z "$external_path_file" ; then
	AC_MSG_WARN([Make sure the path to scp is in $external_path_file])
	else
	AC_TRY_RUN(
		[

		fi
	fi ]
)
if test -z "$external_path_file" ; then
	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
	AC_SUBST(user_path)
fi

echo "                      Manual pages: $F"
echo "                          PID file: $G"
echo "  Privilege separation chroot path: $H"
if test ! -z "$external_path_file"; then
echo "   At runtime, sshd will use the path defined in $external_path_file"
echo "   Make sure the path to scp is present, otherwise scp will not work"
else
echo "            sshd default user PATH: $I"
fi

Lines 321-326 struct winsize { Link Here

(-)defines.h (+4 lines)
321	# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"	321	# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
322	#endif	322	#endif
323		323
		324	#ifndef SUPERUSER_PATH
		325	# define SUPERUSER_PATH _PATH_STDPATH
		326	#endif
		327
324	#ifndef _PATH_DEVNULL	328	#ifndef _PATH_DEVNULL
325	# define _PATH_DEVNULL "/dev/null"	329	# define _PATH_DEVNULL "/dev/null"
326	#endif	330	#endif

Lines 801-806 child_set_env(char **envp, u_int envsi Link Here

(-)session.c (-7 / +68 lines)
801	u_int i, namelen;	801	u_int i, namelen;
802	char **env;	802	char **env;
803		803
		804	/* If we're passed an uninitialized list, allocate a single null
		805	* entry before continuing */
		806	if (envp == NULL && envsizep == 0) {
		807	envp = xmalloc(sizeof(char ));
		808	*envp[0] = NULL;
		809	*envsizep = 1;
		810	}
		811
804	/*	812	/*
805	* Find the slot where the value should be stored. If the variable	813	* Find the slot where the value should be stored. If the variable
806	* already exists, we reuse the slot; otherwise we append a new slot	814	* already exists, we reuse the slot; otherwise we append a new slot
Lines 877-882 read_environment_file(char ***env, u_int Link Here
877	fclose(f);	885	fclose(f);
878	}	886	}
879		887
		888	#ifdef HAVE_ETC_DEFAULT_LOGIN
		889	/*
		890	* Read /etc/default/login.
		891	* We pick up the PATH (or SUPATH for root) and UMASK.
		892	*/
		893	void
		894	read_etc_default_login(char **env, u_int envsize, uid_t uid)
		895	{
		896	char *tmpenv = NULL, var;
		897	u_int i;
		898	size_t tmpenvsize = 0;
		899	mode_t mask;
		900
		901	/*
		902	* We don't want to copy the whole file to the child's environment,
		903	* so we use a temporary environment and copy the variables we're
		904	* interested in.
		905	*/
		906	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
		907
		908	if (uid == 0)
		909	var = child_get_env(tmpenv, "SUPATH");
		910	else
		911	var = child_get_env(tmpenv, "PATH");
		912	if (var != NULL)
		913	child_set_env(env, envsize, "PATH", var);
		914
		915	if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
		916	if (sscanf(var, "%5lo", &mask) == 1)
		917	umask(mask);
		918
		919	for (i = 0; tmpenv[i] != NULL; i++)
		920	xfree(tmpenv[i]);
		921	xfree(tmpenv);
		922	}
		923
		924	char *
		925	child_get_env(char *env, const char name)
		926	{
		927	int i;
		928	size_t len;
		929
		930	len = strlen(name);
		931	for (i=0; env[i] != NULL; i++)
		932	if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
		933	return(env[i] + len + 1);
		934	return NULL;
		935	}
		936	#endif /* HAVE_ETC_DEFAULT_LOGIN */
		937
880	void copy_environment(char source, char env, u_int envsize)	938	void copy_environment(char source, char env, u_int envsize)
881	{	939	{
882	char var_name, var_val;	940	char var_name, var_val;
Lines 905-911 do_setup_env(Session s, const char she Link Here
905	{	963	{
906	char buf[256];	964	char buf[256];
907	u_int i, envsize;	965	u_int i, envsize;
908	char *env, laddr;	966	char *env, laddr, *path = NULL;
909	struct passwd *pw = s->pw;	967	struct passwd *pw = s->pw;
910		968
911	/* Initialize the environment. */	969	/* Initialize the environment. */
Lines 949-960 do_setup_env(Session s, const char she Link Here
949	* needed for loading shared libraries. So the path better	1007	* needed for loading shared libraries. So the path better
950	* remains intact here.	1008	* remains intact here.
951	*/	1009	*/
952	# ifdef SUPERUSER_PATH	1010	# ifdef HAVE_ETC_DEFAULT_LOGIN
953	child_set_env(&env, &envsize, "PATH",	1011	read_etc_default_login(&env, &envsize, pw->pw_uid);
954	s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);	1012	path = child_get_env(env, "PATH");
955	# else	1013	# endif /* HAVE_ETC_DEFAULT_LOGIN */
956	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);	1014	if (path == NULL \|\| *path == '\0') {
957	# endif /* SUPERUSER_PATH */	1015	child_set_env(&env, &envsize, "PATH",
		1016	s->pw->pw_uid == 0 ?
		1017	SUPERUSER_PATH : _PATH_STDPATH);
		1018	}
958	# endif /* HAVE_CYGWIN */	1019	# endif /* HAVE_CYGWIN */
959	#endif /* HAVE_LOGIN_CAP */	1020	#endif /* HAVE_LOGIN_CAP */
960		1021

Lines 71-74 void do_setusercontext(struct passwd *) Link Here

(-)session.h (+5 lines)
71	void child_set_env(char **envp, u_int envsizep, const char *name,	71	void child_set_env(char **envp, u_int envsizep, const char *name,
72	const char *value);	72	const char *value);
73		73
		74	#ifdef HAVE_ETC_DEFAULT_LOGIN
		75	void read_etc_default_login(char **, u_int , uid_t);
		76	char child_get_env(char , const char );
		77	#endif
		78
74	#endif	79	#endif

Return to bug 252

Lines 250-255 mips-sony-bsd\|mips-sony-newsos4) Link Here

(-)configure.ac (-9 / +20 lines)
250	AC_DEFINE(LOCKED_PASSWD_STRING, "LK")	250	AC_DEFINE(LOCKED_PASSWD_STRING, "LK")
251	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.	251	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
252	AC_DEFINE(SSHD_ACQUIRES_CTTY)	252	AC_DEFINE(SSHD_ACQUIRES_CTTY)
		253	external_path_file=/etc/default/login
253	# hardwire lastlog location (can't detect it on some versions)	254	# hardwire lastlog location (can't detect it on some versions)
254	conf_lastlog_location="/var/adm/lastlog"	255	conf_lastlog_location="/var/adm/lastlog"
255	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)	256	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
Lines 286-291 mips-sony-bsd\|mips-sony-newsos4) Link Here
286	AC_DEFINE(USE_PIPES)	287	AC_DEFINE(USE_PIPES)
287	AC_DEFINE(IP_TOS_IS_BROKEN)	288	AC_DEFINE(IP_TOS_IS_BROKEN)
288	AC_DEFINE(SSHD_ACQUIRES_CTTY)	289	AC_DEFINE(SSHD_ACQUIRES_CTTY)
		290	external_path_file=/etc/default/login
289	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX	291	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
290	# Attention: always take care to bind libsocket and libnsl before libc,	292	# Attention: always take care to bind libsocket and libnsl before libc,
291	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog	293	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
Lines 2180-2206 else Link Here
2180	)	2182	)
2181	fi	2183	fi
2182		2184
2183	dnl BSD systems use /etc/login.conf so --with-default-path= has no effect	2185	# check for /etc/default/login and use it if present.
		2186	AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
		2187
		2188	if test "x$external_path_file" = "x/etc/default/login"; then
		2189	AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
		2190	fi
		2191
		2192	dnl BSD systems use /etc/login.conf for path, --with-default-path= has no effect
2184	if test $ac_cv_func_login_getcapbool = "yes" -a \	2193	if test $ac_cv_func_login_getcapbool = "yes" -a \
2185	$ac_cv_header_login_cap_h = "yes" ; then	2194	$ac_cv_header_login_cap_h = "yes" ; then
2186	USES_LOGIN_CONF=yes	2195	external_path_file=/etc/login.conf
2187	fi	2196	fi
		2197
2188	# Whether to mess with the default path	2198	# Whether to mess with the default path
2189	SERVER_PATH_MSG="(default)"	2199	SERVER_PATH_MSG="(default)"
2190	AC_ARG_WITH(default-path,	2200	AC_ARG_WITH(default-path,
2191	[ --with-default-path= Specify default \$PATH environment for server],	2201	[ --with-default-path= Specify default \$PATH environment for server],
2192	[	2202	[
2193	if test "$USES_LOGIN_CONF" = "yes" ; then	2203	if ! test -z "$external_path_file" ; then
2194	AC_MSG_WARN([	2204	AC_MSG_WARN([
2195	--with-default-path=PATH has no effect on this system.	2205	--with-default-path=PATH has no effect on this system.
2196	Edit /etc/login.conf instead.])	2206	Edit $external_path_file instead.])
2197	elif test "x$withval" != "xno" ; then	2207	elif test "x$withval" != "xno" ; then
2198	user_path="$withval"	2208	user_path="$withval"
2199	SERVER_PATH_MSG="$withval"	2209	SERVER_PATH_MSG="$withval"
2200	fi	2210	fi
2201	],	2211	],
2202	[ if test "$USES_LOGIN_CONF" = "yes" ; then	2212	[ if test ! -z "$external_path_file" ; then
2203	AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])	2213	AC_MSG_WARN([Make sure the path to scp is in $external_path_file])
2204	else	2214	else
2205	AC_TRY_RUN(	2215	AC_TRY_RUN(
2206	[	2216	[
Lines 2257-2263 main() Link Here
2257	fi	2267	fi
2258	fi ]	2268	fi ]
2259	)	2269	)
2260	if test "$USES_LOGIN_CONF" != "yes" ; then	2270	if test -z "$external_path_file" ; then
2261	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")	2271	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2262	AC_SUBST(user_path)	2272	AC_SUBST(user_path)
2263	fi	2273	fi
Lines 2627-2634 echo " Askpass program Link Here
2627	echo " Manual pages: $F"	2637	echo " Manual pages: $F"
2628	echo " PID file: $G"	2638	echo " PID file: $G"
2629	echo " Privilege separation chroot path: $H"	2639	echo " Privilege separation chroot path: $H"
2630	if test "$USES_LOGIN_CONF" = "yes" ; then	2640	if test ! -z "$external_path_file"; then
2631	echo " At runtime, sshd will use the path defined in /etc/login.conf"	2641	echo " At runtime, sshd will use the path defined in $external_path_file"
		2642	echo " Make sure the path to scp is present, otherwise scp will not work"
2632	else	2643	else
2633	echo " sshd default user PATH: $I"	2644	echo " sshd default user PATH: $I"
2634	fi	2645	fi