openssh unix dev - Jun 2002 - BSD/OS with privsep

I need this for BSD/OS 4.2 + privsep

perhaps we should not call do_setusercontext() after
chroot().

--- sshd.c.orig	Fri Jun 21 03:09:47 2002
+++ sshd.c	Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
 	/* Change our root directory*/
 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
 		    strerror(errno));
 	if (chdir("/") == -1)
 		fatal("chdir(\"/\"): %s", strerror(errno));
 
 	/* Drop our privileges */
 	debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
+#if 0
+	/* XXX not ready, to heavy after chroot */
 	do_setusercontext(pw);
+#else
+	{
+		gid_t gidset[2];
+
+		gidset[0] = pw->pw_gid;
+		if (setgid(pw->pw_gid) < 0)
+			fatal("setgid failed for %u", pw->pw_gid );
+		if (setgroups(1, gidset) < 0)
+			fatal("setgroups: %.100s", strerror(errno));
+		permanently_set_uid(pw);
+	}
+#endif
 }
 
 static Authctxt*
 privsep_preauth(void)
 {
 	Authctxt *authctxt = NULL;
 	int status;
 	pid_t pid;
 
 	/* Set up unprivileged child process to deal with network data */
--- session.c.orig	Tue Jun 25 13:28:07 2002
+++ session.c	Tue Jun 25 13:33:16 2002
@@ -1154,22 +1154,26 @@
 {
 #ifdef HAVE_CYGWIN
 	if (is_winnt) {
 #else /* HAVE_CYGWIN */
 	if (getuid() == 0 || geteuid() == 0) {
 #endif /* HAVE_CYGWIN */
 #ifdef HAVE_SETPCRED
 		setpcred(pw->pw_name);
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
-		if (setusercontext(lc, pw, pw->pw_uid,
-		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
+		int flags = LOGIN_SETALL & ~LOGIN_SETPATH;
+#ifdef __bsdi__
+		if (getpid() != getpgrp())
+			flags &= ~LOGIN_SETLOGIN;
+#endif
+		if (setusercontext(lc, pw, pw->pw_uid, flags) < 0) {
 			perror("unable to set user context");
 			exit(1);
 		}
 #else
 # if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
 		/* Sets login uid for accounting */
 		if (getluid() == -1 && setluid(pw->pw_uid) == -1)
 			error("setluid: %s", strerror(errno));
 # endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */

On Tue, Jun 25, 2002 at 12:40:24PM +0200, Markus Friedl
wrote:
> perhaps we should not call do_setusercontext() after
> chroot().
Your suggestion of a more light-weight function seemed fine to me.
Any reasons why the below should not work everywhere else?

Niels.

On Tue, Jun 25, 2002 at 12:40:24PM +0200, Markus Friedl
wrote:
> +#if 0
> +	/* XXX not ready, to heavy after chroot */
>  	do_setusercontext(pw);
> +#else
> +	{
> +		gid_t gidset[2];
> +
> +		gidset[0] = pw->pw_gid;
> +		if (setgid(pw->pw_gid) < 0)
> +			fatal("setgid failed for %u", pw->pw_gid );
> +		if (setgroups(1, gidset) < 0)
> +			fatal("setgroups: %.100s", strerror(errno));
> +		permanently_set_uid(pw);
> +	}
> +#endif
this looks fine to me.
> --- session.c.orig	Tue Jun 25 13:28:07 2002
> +++ session.c	Tue Jun 25 13:33:16 2002
> @@ -1154,22 +1154,26 @@
>  {
>  #ifdef HAVE_CYGWIN
>  	if (is_winnt) {
>  #else /* HAVE_CYGWIN */
>  	if (getuid() == 0 || geteuid() == 0) {
>  #endif /* HAVE_CYGWIN */
>  #ifdef HAVE_SETPCRED
>  		setpcred(pw->pw_name);
>  #endif /* HAVE_SETPCRED */
>  #ifdef HAVE_LOGIN_CAP
> -		if (setusercontext(lc, pw, pw->pw_uid,
> -		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
> +		int flags = LOGIN_SETALL & ~LOGIN_SETPATH;
> +#ifdef __bsdi__
> +		if (getpid() != getpgrp())
> +			flags &= ~LOGIN_SETLOGIN;
> +#endif
> +		if (setusercontext(lc, pw, pw->pw_uid, flags) < 0) {
>  			perror("unable to set user context");
>  			exit(1);
>  		}
i don't understand the reasons for setlogin() differences between
bsdi !bsdi.

[This email is either empty or too large to be displayed at this time]