diff options
| -rw-r--r-- | usr.bin/ssh/auth-passwd.c | 173 | ||||
| -rw-r--r-- | usr.bin/ssh/config.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/includes.h | 146 | ||||
| -rw-r--r-- | usr.bin/ssh/login.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 143 | ||||
| -rw-r--r-- | usr.bin/ssh/xmalloc.c | 8 |
8 files changed, 7 insertions, 489 deletions
diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 25e23f239c6..b4873f7f085 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -15,40 +15,13 @@ the password is valid for the user. */ #include "includes.h" -RCSID("$Id: auth-passwd.c,v 1.4 1999/09/29 22:22:16 dugsong Exp $"); +RCSID("$Id: auth-passwd.c,v 1.5 1999/09/30 04:30:03 deraadt Exp $"); -#ifdef HAVE_SCO_ETC_SHADOW -# include <sys/security.h> -# include <sys/audit.h> -# include <prot.h> -#else /* HAVE_SCO_ETC_SHADOW */ -#ifdef HAVE_ETC_SHADOW -#include <shadow.h> -#endif /* HAVE_ETC_SHADOW */ -#endif /* HAVE_SCO_ETC_SHADOW */ -#ifdef HAVE_ETC_SECURITY_PASSWD_ADJUNCT -#include <sys/label.h> -#include <sys/audit.h> -#include <pwdadj.h> -#endif /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */ #include "packet.h" #include "ssh.h" #include "servconf.h" #include "xmalloc.h" -#ifdef HAVE_SECURID -/* Support for Security Dynamics SecurID card. - Contributed by Donald McKillican <dmckilli@qc.bell.ca>. */ -#define SECURID_USERS "/etc/securid.users" -#include "sdi_athd.h" -#include "sdi_size.h" -#include "sdi_type.h" -#include "sdacmvls.h" -#include "sdconf.h" -union config_record configure; -static int securid_initialized = 0; -#endif /* HAVE_SECURID */ - #ifdef KRB4 extern char *ticket; #endif /* KRB4 */ @@ -170,141 +143,9 @@ int auth_password(const char *server_user, const char *password) } #endif /* KRB4 */ -#ifdef HAVE_SECURID - /* Support for Security Dynamics SecurId card. - Contributed by Donald McKillican <dmckilli@qc.bell.ca>. */ - { - /* - * the way we decide if this user is a securid user or not is - * to check to see if they are included in /etc/securid.users - */ - int found = 0; - FILE *securid_users = fopen(SECURID_USERS, "r"); - char *c; - char su_user[257]; - - if (securid_users) - { - while (fgets(su_user, sizeof(su_user), securid_users)) - { - if (c = strchr(su_user, '\n')) - *c = '\0'; - if (strcmp(su_user, server_user) == 0) - { - found = 1; - break; - } - } - } - fclose(securid_users); - - if (found) - { - /* The user has a SecurID card. */ - struct SD_CLIENT sd_dat, *sd; - log("SecurID authentication for %.100s required.", server_user); - - /* - * if no pass code has been supplied, fail immediately: passing - * a null pass code to sd_check causes a core dump - */ - if (*password == '\0') - { - log("No pass code given, authentication rejected."); - return 0; - } - - sd = &sd_dat; - if (!securid_initialized) - { - memset(&sd_dat, 0, sizeof(sd_dat)); /* clear struct */ - creadcfg(); /* accesses sdconf.rec */ - if (sd_init(sd)) - packet_disconnect("Cannot contact securid server."); - securid_initialized = 1; - } - return sd_check(password, server_user, sd) == ACM_OK; - } - } - /* If the user has no SecurID card specified, we fall to normal - password code. */ -#endif /* HAVE_SECURID */ - /* Save the encrypted password. */ strlcpy(correct_passwd, saved_pw_passwd, sizeof(correct_passwd)); -#ifdef HAVE_OSF1_C2_SECURITY - osf1c2_getprpwent(correct_passwd, saved_pw_name, sizeof(correct_passwd)); -#else /* HAVE_OSF1_C2_SECURITY */ - /* If we have shadow passwords, lookup the real encrypted password from - the shadow file, and replace the saved encrypted password with the - real encrypted password. */ -#ifdef HAVE_SCO_ETC_SHADOW - { - struct pr_passwd *pr = getprpwnam(saved_pw_name); - pr = getprpwnam(saved_pw_name); - if (pr) - strlcpy(correct_passwd, pr->ufld.fd_encrypt, sizeof(correct_passwd)); - endprpwent(); - } -#else /* HAVE_SCO_ETC_SHADOW */ -#ifdef HAVE_ETC_SHADOW - { - struct spwd *sp = getspnam(saved_pw_name); - if (sp) - strlcpy(correct_passwd, sp->sp_pwdp, sizeof(correct_passwd)); - endspent(); - } -#else /* HAVE_ETC_SHADOW */ -#ifdef HAVE_ETC_SECURITY_PASSWD_ADJUNCT - { - struct passwd_adjunct *sp = getpwanam(saved_pw_name); - if (sp) - strnlpy(correct_passwd, sp->pwa_passwd, sizeof(correct_passwd)); - endpwaent(); - } -#else /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */ -#ifdef HAVE_ETC_SECURITY_PASSWD - { - FILE *f; - char line[1024], looking_for_user[200], *cp; - int found_user = 0; - f = fopen("/etc/security/passwd", "r"); - if (f) - { - snprintf(looking_for_user, sizeof looking_for_user, "%.190s:", - server_user); - while (fgets(line, sizeof(line), f)) - { - if (strchr(line, '\n')) - *strchr(line, '\n') = 0; - if (strcmp(line, looking_for_user) == 0) - found_user = 1; - else - if (line[0] != '\t' && line[0] != ' ') - found_user = 0; - else - if (found_user) - { - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) - ; - if (strncmp(cp, "password = ", strlen("password = ")) == 0) - { - strlcpy(correct_passwd, cp + strlen("password = "), - sizeof(correct_passwd)); - break; - } - } - } - fclose(f); - } - } -#endif /* HAVE_ETC_SECURITY_PASSWD */ -#endif /* HAVE_ETC_SECURITY_PASSWD_ADJUNCT */ -#endif /* HAVE_ETC_SHADOW */ -#endif /* HAVE_SCO_ETC_SHADOW */ -#endif /* HAVE_OSF1_C2_SECURITY */ - /* Check for users with no password. */ if (strcmp(password, "") == 0 && strcmp(correct_passwd, "") == 0) { @@ -316,21 +157,9 @@ int auth_password(const char *server_user, const char *password) xfree(saved_pw_passwd); /* Encrypt the candidate password using the proper salt. */ -#ifdef HAVE_OSF1_C2_SECURITY - encrypted_password = (char *)osf1c2crypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); -#else /* HAVE_OSF1_C2_SECURITY */ -#ifdef HAVE_SCO_ETC_SHADOW - encrypted_password = bigcrypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); -#else /* HAVE_SCO_ETC_SHADOW */ encrypted_password = crypt(password, (correct_passwd[0] && correct_passwd[1]) ? correct_passwd : "xx"); -#endif /* HAVE_SCO_ETC_SHADOW */ -#endif /* HAVE_OSF1_C2_SECURITY */ /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, correct_passwd) == 0); diff --git a/usr.bin/ssh/config.h b/usr.bin/ssh/config.h index a31e7e0052b..e0cf9136505 100644 --- a/usr.bin/ssh/config.h +++ b/usr.bin/ssh/config.h @@ -135,9 +135,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } /* Location of system mail spool directory. */ #define MAIL_SPOOL_DIRECTORY "/var/mail" -/* Defined if mail goes to $HOME/newmail instead of a global mail spool. */ -/* #undef HAVE_TILDE_NEWMAIL */ - /* Define this if O_NONBLOCK does not work on your system (e.g., Ultrix). */ /* #undef O_NONBLOCK_BROKEN */ diff --git a/usr.bin/ssh/includes.h b/usr.bin/ssh/includes.h index bf125e2430e..bb573dbc797 100644 --- a/usr.bin/ssh/includes.h +++ b/usr.bin/ssh/includes.h @@ -13,7 +13,7 @@ This file includes most of the needed system headers. */ -/* RCSID("$Id: includes.h,v 1.3 1999/09/29 18:16:19 dugsong Exp $"); */ +/* RCSID("$Id: includes.h,v 1.4 1999/09/30 04:30:03 deraadt Exp $"); */ #ifndef INCLUDES_H #define INCLUDES_H @@ -39,28 +39,9 @@ YOU_LOSE #endif #endif -#ifdef SCO -/* this is defined so that winsize gets ifdef'd in termio.h */ -#define _IBCS2 -#endif - -#if defined(__mips) -/* Mach3 on MIPS defines conflicting garbage. */ -#define uint32 hidden_uint32 -#endif /* __mips */ -#include <sys/types.h> -#if defined(__mips) -#undef uint32 -#endif /* __mips */ - -#if defined(bsd_44) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__PARAGON__) #include <sys/param.h> #include <machine/endian.h> #include <netgroup.h> -#endif -#if defined(linux) -#include <endian.h> -#endif #include <stdio.h> #include <ctype.h> @@ -70,124 +51,37 @@ YOU_LOSE #include <assert.h> #include <signal.h> -#ifdef HAVE_SYS_IOCTL_H #include <sys/ioctl.h> -#endif /* HAVE_SYS_IOCTL_H */ -#ifdef HAVE_TERMIOS_H #include <termios.h> #define USING_TERMIOS -#endif /* HAVE_TERMIOS_H */ - -#if defined(HAVE_SGTTY_H) && !defined(USING_TERMIOS) -#include <sgtty.h> -#define USING_SGTTY -#endif -#if !defined(USING_SGTTY) && !defined(USING_TERMIOS) - ERROR_NO_TERMIOS_OR_SGTTY -#endif - -#ifdef STDC_HEADERS #include <stdlib.h> #include <string.h> #include <stdarg.h> -#else /* STDC_HEADERS */ -/* stdarg.h is present almost everywhere, and comes with gcc; I am too lazy - to make things work with both it and varargs. */ -#include <stdarg.h> -#ifndef HAVE_STRCHR -#define strchr index -#define strrchr rindex -#endif -char *strchr(), *strrchr(); -#ifndef HAVE_MEMCPY -#define memcpy(d, s, n) bcopy((s), (d), (n)) -#define memmove(d, s, n) bcopy((s), (d), (n)) -#define memset(d, ch, n) bzero((d), (n)) /* We only memset to 0. */ -#define memcmp(a, b, n) bcmp((a), (b), (n)) -#endif -#endif /* STDC_HEADERS */ #include <sys/socket.h> #include <netinet/in.h> -#ifdef HAVE_NETINET_IN_SYSTM_H #include <netinet/in_systm.h> -#else /* Some old linux systems at least have in_system.h instead. */ -#include <netinet/in_system.h> -#endif /* HAVE_NETINET_IN_SYSTM_H */ -#ifdef SCO -/* SCO does not have a un.h and there is no appropriate substitute. */ -/* Latest news: it doesn't have AF_UNIX at all, but this allows - it to compile, and outgoing forwarded connections appear to work. */ -struct sockaddr_un { - short sun_family; /* AF_UNIX */ - char sun_path[108]; /* path name (gag) */ -}; -/* SCO needs sys/stream.h and sys/ptem.h */ -#include <sys/stream.h> -#include <sys/ptem.h> -#else /* SCO */ #include <sys/un.h> -#endif /* SCO */ -#if !defined(__PARAGON__) -#include <netinet/ip.h> -#endif /* !__PARAGON__ */ #include <netinet/tcp.h> #include <arpa/inet.h> #include <netdb.h> -#ifdef HAVE_SYS_SELECT_H #include <sys/select.h> -#endif /* HAVE_SYS_SELECT_H */ #include <pwd.h> #include <grp.h> -#ifdef HAVE_GETSPNAM -#include <shadow.h> -#endif /* HAVE_GETSPNAM */ -#ifdef HAVE_SYS_WAIT_H #include <sys/wait.h> -#else /* HAVE_SYS_WAIT_H */ -#if !defined(WNOHANG) /* && (defined(bsd43) || defined(vax)) */ -#define WNOHANG 1 -#endif -#ifndef WEXITSTATUS -#define WEXITSTATUS(X) ((unsigned)(X) >> 8) -#endif -#ifndef WIFEXITED -#define WIFEXITED(X) (((X) & 255) == 0) -#endif -#ifndef WIFSIGNALED -#define WIFSIGNALED(X) ((((X) & 255) != 0x255 && ((X) & 255) != 0)) -#endif -#ifndef WTERMSIG -#define WTERMSIG(X) ((X) & 255) -#endif -#endif /* HAVE_SYS_WAIT_H */ #ifdef HAVE_UNISTD_H #include <unistd.h> #endif /* HAVE_UNISTD_H */ -#ifdef TIME_WITH_SYS_TIME -#ifndef SCO -/* I excluded <sys/time.h> to avoid redefinition of timeval - which SCO puts in both <sys/select.h> and <sys/time.h> */ #include <sys/time.h> -#endif /* SCO */ #include <time.h> -#else /* TIME_WITH_SYS_TIME */ -#ifdef HAVE_SYS_TIME_H -#include <sys/time.h> -#else /* HAVE_SYS_TIME_H */ -#include <time.h> -#endif /* HAVE_SYS_TIME_H */ -#endif /* TIME_WITH_SYS_TIME */ -#ifdef HAVE_PATHS_H #include <paths.h> -#endif #if HAVE_DIRENT_H #include <dirent.h> @@ -206,45 +100,7 @@ struct sockaddr_un { #endif #endif -#ifdef HAVE_SETRLIMIT #include <sys/resource.h> -#endif - -/* These POSIX macros are not defined in every system. */ - -#ifndef S_IRWXU -#define S_IRWXU 00700 /* read, write, execute: owner */ -#define S_IRUSR 00400 /* read permission: owner */ -#define S_IWUSR 00200 /* write permission: owner */ -#define S_IXUSR 00100 /* execute permission: owner */ -#define S_IRWXG 00070 /* read, write, execute: group */ -#define S_IRGRP 00040 /* read permission: group */ -#define S_IWGRP 00020 /* write permission: group */ -#define S_IXGRP 00010 /* execute permission: group */ -#define S_IRWXO 00007 /* read, write, execute: other */ -#define S_IROTH 00004 /* read permission: other */ -#define S_IWOTH 00002 /* write permission: other */ -#define S_IXOTH 00001 /* execute permission: other */ -#endif /* S_IRWXU */ - -#ifndef S_ISUID -#define S_ISUID 0x800 -#endif /* S_ISUID */ -#ifndef S_ISGID -#define S_ISGID 0x400 -#endif /* S_ISGID */ - -#ifndef S_ISDIR -/* NextStep apparently fails to define this. */ -#define S_ISDIR(mode) (((mode)&(_S_IFMT))==(_S_IFDIR)) -#endif - -#ifdef STAT_MACROS_BROKEN -/* Some systems have broken S_ISDIR etc. macros in sys/stat.h. Please ask - your vendor to fix them. You can then remove the line below, but only - after you have sent a complaint to your vendor. */ -WARNING_MACROS_IN_SYS_STAT_H_ARE_BROKEN_ON_YOUR_SYSTEM_READ_INCLUDES_H -#endif /* STAT_MACROS_BROKEN */ #if USE_STRLEN_FOR_AF_UNIX #define AF_UNIX_SIZE(unaddr) \ diff --git a/usr.bin/ssh/login.c b/usr.bin/ssh/login.c index 29d98bc5d6c..dc6e8e7ca17 100644 --- a/usr.bin/ssh/login.c +++ b/usr.bin/ssh/login.c @@ -18,7 +18,7 @@ on a tty. */ #include "includes.h" -RCSID("$Id: login.c,v 1.4 1999/09/30 04:10:28 deraadt Exp $"); +RCSID("$Id: login.c,v 1.5 1999/09/30 04:30:03 deraadt Exp $"); #ifdef HAVE_LIBUTIL_LOGIN #include <util.h> @@ -177,14 +177,10 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, u.ut_pid = pid; #endif /* PID_IN_UTMP */ #ifdef HAVE_ID_IN_UTMP -#ifdef __sgi - strncpy(u.ut_id, ttyname + 8, sizeof(u.ut_id)); /* /dev/ttyq99 -> q99 */ -#else /* __sgi */ if (sizeof(u.ut_id) > 4) strncpy(u.ut_id, ttyname + 5, sizeof(u.ut_id)); else strncpy(u.ut_id, ttyname + strlen(ttyname) - 2, sizeof(u.ut_id)); -#endif /* __sgi */ #endif /* HAVE_ID_IN_UTMP */ strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line)); u.ut_time = time(NULL); @@ -258,14 +254,10 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, if (uxp) ux = *uxp; strncpy(ux.ut_user, user, sizeof(ux.ut_user)); -#ifdef __sgi - strncpy(ux.ut_id, ttyname + 8, sizeof(ux.ut_id)); /* /dev/ttyq99 -> q99 */ -#else /* __sgi */ if (sizeof(ux.ut_id) > 4) strncpy(ux.ut_id, ttyname + 5, sizeof(ux.ut_id)); else strncpy(ux.ut_id, ttyname + strlen(ttyname) - 2, sizeof(ux.ut_id)); -#endif /* __sgi */ ux.ut_pid = pid; if (strcmp(user, "") == 0) ux.ut_type = DEAD_PROCESS; diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 65a9a3e1af2..346da57d5dc 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.13 1999/09/30 04:10:28 deraadt Exp $"); +RCSID("$Id: ssh.c,v 1.14 1999/09/30 04:30:03 deraadt Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -218,11 +218,6 @@ main(int ac, char **av) /* Save our own name. */ av0 = av[0]; -#ifdef SOCKS - /* Initialize SOCKS (the firewall traversal library). */ - SOCKSinit(av0); -#endif /* SOCKS */ - /* Initialize option structure to indicate that no values have been set. */ initialize_options(&options); diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index e1ee8b2455a..4c40a21d4f2 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -15,7 +15,7 @@ login (authentication) dialog. */ #include "includes.h" -RCSID("$Id: sshconnect.c,v 1.6 1999/09/29 21:14:16 deraadt Exp $"); +RCSID("$Id: sshconnect.c,v 1.7 1999/09/30 04:30:03 deraadt Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -221,11 +221,7 @@ int ssh_connect(const char *host, int port, int connection_attempts, memset(&hostaddr, 0, sizeof(hostaddr)); hostaddr.sin_family = AF_INET; hostaddr.sin_port = htons(port); -#ifdef BROKEN_INET_ADDR - hostaddr.sin_addr.s_addr = inet_network(host); -#else /* BROKEN_INET_ADDR */ hostaddr.sin_addr.s_addr = inet_addr(host); -#endif /* BROKEN_INET_ADDR */ if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) { /* Valid numeric IP address */ diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 600c4879fb0..7d1b9dce27c 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -18,7 +18,7 @@ agent connections. */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.9 1999/09/30 04:10:29 deraadt Exp $"); +RCSID("$Id: sshd.c,v 1.10 1999/09/30 04:30:03 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -30,19 +30,11 @@ RCSID("$Id: sshd.c,v 1.9 1999/09/30 04:10:29 deraadt Exp $"); #include "mpaux.h" #include "servconf.h" #include "uidswap.h" -#ifdef HAVE_USERSEC_H -#include <usersec.h> -#endif /* HAVE_USERSEC_H */ -#ifdef HAVE_ULIMIT_H -#include <ulimit.h> -#endif /* HAVE_ULIMIT_H */ #ifdef LIBWRAP #include <tcpd.h> #include <syslog.h> -#ifdef NEED_SYS_SYSLOG_H #include <sys/syslog.h> -#endif /* NEED_SYS_SYSLOG_H */ int allow_severity = LOG_INFO; int deny_severity = LOG_WARNING; #endif /* LIBWRAP */ @@ -361,14 +353,6 @@ main(int ac, char **av) } xfree(comment); -#ifdef SCO - (void) set_auth_parameters(ac, av); -#endif - -#ifdef HAVE_OSF1_C2_SECURITY - initialize_osf_security(ac, av); -#endif /* HAVE_OSF1_C2_SECURITY */ - /* If not in debugging mode, and not started from inetd, disconnect from the controlling terminal, and fork. The original process exits. */ if (!debug_flag && !inetd_flag) @@ -1938,100 +1922,6 @@ void read_environment_file(char ***env, unsigned int *envsize, fclose(f); } - -#ifdef HAVE_ETC_DEFAULT_LOGIN - -/* Gets the value of the given variable in the environment. If the - variable does not exist, returns NULL. */ - -char *child_get_env(char **env, const char *name) -{ - unsigned int i, namelen; - - namelen = strlen(name); - - for (i = 0; env[i]; i++) - if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') - break; - if (env[i]) - return &env[i][namelen + 1]; - else - return NULL; -} - -/* Processes /etc/default/login; this involves things like environment - settings, ulimit, etc. This file exists at least on Solaris 2.x. */ - -void read_etc_default_login(char ***env, unsigned int *envsize, - struct passwd *pw) -{ - unsigned int defenvsize; - char **defenv, *def; - int i; - - /* Read /etc/default/login into a separate temporary environment. */ - defenvsize = 10; - defenv = xmalloc(defenvsize * sizeof(char *)); - defenv[0] = NULL; - read_environment_file(&defenv, &defenvsize, "/etc/default/login"); - - /* Set SHELL if ALTSHELL is YES. */ - def = child_get_env(defenv, "ALTSHELL"); - if (def != NULL && strcmp(def, "YES") == 0) - child_set_env(env, envsize, "SHELL", pw->pw_shell); - - /* Set PATH from SUPATH if we are logging in as root, and PATH - otherwise. If neither of these exists, we use the default ssh - path. */ - if (pw->pw_uid == 0) - def = child_get_env(defenv, "SUPATH"); - else - def = child_get_env(defenv, "PATH"); - if (def != NULL) - child_set_env(env, envsize, "PATH", def); - else - child_set_env(env, envsize, "PATH", _PATH_STDPATH); - - /* Set TZ if TIMEZONE is defined and we haven't inherited a value - for TZ. */ - def = getenv("TZ"); - if (def == NULL) - def = child_get_env(defenv, "TIMEZONE"); - if (def != NULL) - child_set_env(env, envsize, "TZ", def); - - /* Set HZ if defined. */ - def = child_get_env(defenv, "HZ"); - if (def != NULL) - child_set_env(env, envsize, "HZ", def); - - /* Set up the default umask if UMASK is defined. */ - def = child_get_env(defenv, "UMASK"); - if (def != NULL) - { - int i, value; - - for (value = i = 0; - def[i] && isdigit(def[i]) && def[i] != '8' && def[i] != '9'; - i++) - value = value * 8 + def[i] - '0'; - - umask(value); - } - - /* Set up the file size ulimit if ULIMIT is set. */ - def = child_get_env(defenv, "ULIMIT"); - if (def != NULL && atoi(def) > 0) - ulimit(UL_SETFSIZE, atoi(def)); - - /* Free the temporary environment. */ - for (i = 0; defenv[i]; i++) - xfree(defenv[i]); - xfree(defenv); -} - -#endif /* HAVE_ETC_DEFAULT_LOGIN */ - /* Performs common processing for the child, such as setting up the environment, closing extra file descriptors, setting the user and group ids, and executing the command or shell. */ @@ -2065,14 +1955,6 @@ void do_child(const char *command, struct passwd *pw, const char *term, setlogin(pw->pw_name); #endif /* HAVE_SETLOGIN */ -#ifdef HAVE_USERSEC_H - /* On AIX, this "sets process credentials". I am not sure what this - includes, but it seems to be important. This also does setuid - (but we do it below as well just in case). */ - if (setpcred((char *)pw->pw_name, NULL)) - log("setpcred %.100s: %.100s", strerror(errno)); -#endif /* HAVE_USERSEC_H */ - /* Set uid, gid, and groups. */ if (getuid() == 0 || geteuid() == 0) { @@ -2081,25 +1963,14 @@ void do_child(const char *command, struct passwd *pw, const char *term, perror("setgid"); exit(1); } -#ifdef HAVE_INITGROUPS /* Initialize the group list. */ if (initgroups(pw->pw_name, pw->pw_gid) < 0) { perror("initgroups"); exit(1); } -#endif /* HAVE_INITGROUPS */ endgrent(); -#ifdef HAVE_SETLUID - /* Initialize login UID. */ - if (setluid(user_uid) < 0) - { - perror("setluid"); - exit(1); - } -#endif /* HAVE_SETLUID */ - /* Permanently switch to the desired uid. */ permanently_set_uid(pw->pw_uid); } @@ -2139,24 +2010,12 @@ void do_child(const char *command, struct passwd *pw, const char *term, if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); -#ifdef MAIL_SPOOL_DIRECTORY snprintf(buf, sizeof buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, pw->pw_name); child_set_env(&env, &envsize, "MAIL", buf); -#else /* MAIL_SPOOL_DIRECTORY */ -#ifdef HAVE_TILDE_NEWMAIL - snprintf(buf, sizeof buf, "%.200s/newmail", pw->pw_dir); - child_set_env(&env, &envsize, "MAIL", buf); -#endif /* HAVE_TILDE_NEWMAIL */ -#endif /* MAIL_SPOOL_DIRECTORY */ -#ifdef HAVE_ETC_DEFAULT_LOGIN - /* Read /etc/default/login; this exists at least on Solaris 2.x. */ - read_etc_default_login(&env, &envsize, pw); -#else /* HAVE_ETC_DEFAULT_LOGIN */ /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); -#endif /* HAVE_ETC_DEFAULT_LOGIN */ /* Set custom environment options from RSA authentication. */ while (custom_environment) diff --git a/usr.bin/ssh/xmalloc.c b/usr.bin/ssh/xmalloc.c index 0203843c6ee..a74c19ff026 100644 --- a/usr.bin/ssh/xmalloc.c +++ b/usr.bin/ssh/xmalloc.c @@ -15,16 +15,10 @@ failure (they call fatal if they encounter an error). */ #include "includes.h" -RCSID("$Id: xmalloc.c,v 1.2 1999/09/29 21:14:16 deraadt Exp $"); +RCSID("$Id: xmalloc.c,v 1.3 1999/09/30 04:30:03 deraadt Exp $"); #include "ssh.h" -#if 0 -void *malloc(size_t size); -void *realloc(void *ptr, size_t size); -void free(void *ptr); -#endif - void *xmalloc(size_t size) { void *ptr = malloc(size); |