Date: Mon, 23 Mar 2020 23:15:10 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r529015 - in head/security/openssh-portable: . files Message-ID: <202003232315.02NNFAHr020550@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Mar 23 23:15:09 2020 New Revision: 529015 URL: https://svnweb.freebsd.org/changeset/ports/529015 Log: - Simplify and refactor login.conf environment handling. Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/files/patch-session.c Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Mar 23 22:08:48 2020 (r529014) +++ head/security/openssh-portable/Makefile Mon Mar 23 23:15:09 2020 (r529015) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 8.2p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable Modified: head/security/openssh-portable/files/patch-session.c ============================================================================== --- head/security/openssh-portable/files/patch-session.c Mon Mar 23 22:08:48 2020 (r529014) +++ head/security/openssh-portable/files/patch-session.c Mon Mar 23 23:15:09 2020 (r529015) @@ -1,3 +1,7 @@ +bdrewery: + - Refactor and simplify original commit. + - Stop setting TERM=su without a term. + ------------------------------------------------------------------------ r99055 | des | 2002-06-29 04:21:58 -0700 (Sat, 29 Jun 2002) | 6 lines Changed paths: @@ -10,7 +14,7 @@ Reviewed by: ache Sponsored by: DARPA, NAI Labs --- session.c.orig 2020-02-13 16:40:54.000000000 -0800 -+++ session.c 2020-03-23 14:50:01.165781000 -0700 ++++ session.c 2020-03-23 16:01:07.583958000 -0700 @@ -946,7 +946,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui } #endif /* HAVE_ETC_DEFAULT_LOGIN */ @@ -20,71 +24,41 @@ Sponsored by: DARPA, NAI Labs static void copy_environment_blacklist(char **source, char ***env, u_int *envsize, const char *blacklist) -@@ -994,6 +994,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * - struct passwd *pw = s->pw; - #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) - char *path = NULL; -+#else -+ extern char **environ; -+ char **senv, **var; - #endif - - /* Initialize the environment. */ -@@ -1015,6 +1018,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * - } - #endif - -+ if (getenv("TZ")) -+ child_set_env(&env, &envsize, "TZ", getenv("TZ")); -+ - #ifdef GSSAPI - /* Allow any GSSAPI methods that we've used to alter - * the childs environment as they see fit -@@ -1032,11 +1038,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char * - child_set_env(&env, &envsize, "LOGIN", pw->pw_name); - #endif - child_set_env(&env, &envsize, "HOME", pw->pw_dir); -+ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); -+ child_set_env(&env, &envsize, "MAIL", buf); - #ifdef HAVE_LOGIN_CAP -- if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) -- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); -- else -- child_set_env(&env, &envsize, "PATH", getenv("PATH")); -+ child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); -+ child_set_env(&env, &envsize, "TERM", "su"); -+ senv = environ; -+ environ = xmalloc(sizeof(char *)); -+ *environ = NULL; -+ (void) setusercontext(lc, pw, pw->pw_uid, -+ LOGIN_SETENV|LOGIN_SETPATH); -+ copy_environment_blacklist(environ, &env, &envsize, NULL); -+ for (var = environ; *var != NULL; ++var) -+ free(*var); -+ free(environ); -+ environ = senv; - #else /* HAVE_LOGIN_CAP */ - # ifndef HAVE_CYGWIN - /* -@@ -1056,17 +1072,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * +@@ -1056,7 +1056,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char * # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ - if (!options.use_pam) { -- snprintf(buf, sizeof buf, "%.200s/%.50s", -- _PATH_MAILDIR, pw->pw_name); -- child_set_env(&env, &envsize, "MAIL", buf); -- } -- - /* Normal systems set SHELL by default. */ - child_set_env(&env, &envsize, "SHELL", shell); ++ /* FreeBSD PAM doesn't set default "MAIL" */ ++ if (1 || !options.use_pam) { + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); +@@ -1067,6 +1068,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char * -- if (getenv("TZ")) -- child_set_env(&env, &envsize, "TZ", getenv("TZ")); + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++#ifdef HAVE_LOGIN_CAP ++ /* Load environment from /etc/login.conf setenv directives. */ ++ { ++ extern char **environ; ++ char **senv, **var; ++ ++ senv = environ; ++ environ = xmalloc(sizeof(char *)); ++ *environ = NULL; ++ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV); ++ copy_environment_blacklist(environ, &env, &envsize, NULL); ++ for (var = environ; *var != NULL; ++var) ++ free(*var); ++ free(environ); ++ environ = senv; ++ } ++#endif if (s->term) child_set_env(&env, &envsize, "TERM", s->term); if (s->display) -@@ -1369,7 +1377,7 @@ do_setusercontext(struct passwd *pw) +@@ -1369,7 +1387,7 @@ do_setusercontext(struct passwd *pw) if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003232315.02NNFAHr020550>