Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Mar 2020 23:15:10 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r529015 - in head/security/openssh-portable: . files
Message-ID:  <202003232315.02NNFAHr020550@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bdrewery
Date: Mon Mar 23 23:15:09 2020
New Revision: 529015
URL: https://svnweb.freebsd.org/changeset/ports/529015

Log:
  - Simplify and refactor login.conf environment handling.

Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-session.c

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Mon Mar 23 22:08:48 2020	(r529014)
+++ head/security/openssh-portable/Makefile	Mon Mar 23 23:15:09 2020	(r529015)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	8.2p1
-PORTREVISION=	0
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable

Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c	Mon Mar 23 22:08:48 2020	(r529014)
+++ head/security/openssh-portable/files/patch-session.c	Mon Mar 23 23:15:09 2020	(r529015)
@@ -1,3 +1,7 @@
+bdrewery:
+ - Refactor and simplify original commit.
+ - Stop setting TERM=su without a term.
+
 ------------------------------------------------------------------------
 r99055 | des | 2002-06-29 04:21:58 -0700 (Sat, 29 Jun 2002) | 6 lines
 Changed paths:
@@ -10,7 +14,7 @@ Reviewed by:    ache
 Sponsored by:   DARPA, NAI Labs
 
 --- session.c.orig	2020-02-13 16:40:54.000000000 -0800
-+++ session.c	2020-03-23 14:50:01.165781000 -0700
++++ session.c	2020-03-23 16:01:07.583958000 -0700
 @@ -946,7 +946,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui
  }
  #endif /* HAVE_ETC_DEFAULT_LOGIN */
@@ -20,71 +24,41 @@ Sponsored by:   DARPA, NAI Labs
  static void
  copy_environment_blacklist(char **source, char ***env, u_int *envsize,
      const char *blacklist)
-@@ -994,6 +994,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- 	struct passwd *pw = s->pw;
- #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
- 	char *path = NULL;
-+#else
-+	extern char **environ;
-+	char **senv, **var;
- #endif
- 
- 	/* Initialize the environment. */
-@@ -1015,6 +1018,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- 	}
- #endif
- 
-+	if (getenv("TZ"))
-+		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-+
- #ifdef GSSAPI
- 	/* Allow any GSSAPI methods that we've used to alter
- 	 * the childs environment as they see fit
-@@ -1032,11 +1038,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- 	child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
- #endif
- 	child_set_env(&env, &envsize, "HOME", pw->pw_dir);
-+	snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
-+	child_set_env(&env, &envsize, "MAIL", buf);
- #ifdef HAVE_LOGIN_CAP
--	if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
--		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
--	else
--		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
-+	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-+	child_set_env(&env, &envsize, "TERM", "su");
-+	senv = environ;
-+	environ = xmalloc(sizeof(char *));
-+	*environ = NULL;
-+	(void) setusercontext(lc, pw, pw->pw_uid,
-+	    LOGIN_SETENV|LOGIN_SETPATH);
-+	copy_environment_blacklist(environ, &env, &envsize, NULL);
-+	for (var = environ; *var != NULL; ++var)
-+		free(*var);
-+	free(environ);
-+	environ = senv;
- #else /* HAVE_LOGIN_CAP */
- # ifndef HAVE_CYGWIN
- 	/*
-@@ -1056,17 +1072,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1056,7 +1056,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  # endif /* HAVE_CYGWIN */
  #endif /* HAVE_LOGIN_CAP */
  
 -	if (!options.use_pam) {
--		snprintf(buf, sizeof buf, "%.200s/%.50s",
--		    _PATH_MAILDIR, pw->pw_name);
--		child_set_env(&env, &envsize, "MAIL", buf);
--	}
--
- 	/* Normal systems set SHELL by default. */
- 	child_set_env(&env, &envsize, "SHELL", shell);
++	/* FreeBSD PAM doesn't set default "MAIL" */
++	if (1 || !options.use_pam) {
+ 		snprintf(buf, sizeof buf, "%.200s/%.50s",
+ 		    _PATH_MAILDIR, pw->pw_name);
+ 		child_set_env(&env, &envsize, "MAIL", buf);
+@@ -1067,6 +1068,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  
--	if (getenv("TZ"))
--		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ 	if (getenv("TZ"))
+ 		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++#ifdef HAVE_LOGIN_CAP
++	/* Load environment from /etc/login.conf setenv directives. */
++	{
++		extern char **environ;
++		char **senv, **var;
++
++		senv = environ;
++		environ = xmalloc(sizeof(char *));
++		*environ = NULL;
++		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV);
++		copy_environment_blacklist(environ, &env, &envsize, NULL);
++		for (var = environ; *var != NULL; ++var)
++			free(*var);
++		free(environ);
++		environ = senv;
++	}
++#endif
  	if (s->term)
  		child_set_env(&env, &envsize, "TERM", s->term);
  	if (s->display)
-@@ -1369,7 +1377,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1369,7 +1387,7 @@ do_setusercontext(struct passwd *pw)
  	if (platform_privileged_uidswap()) {
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid,



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003232315.02NNFAHr020550>