Update openssh to 7.2.2 (7.2p2). Changes since OpenSSH 7.2p1 =========================== This release fixes a security bug: * sshd(8): sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled. Full details of the vulnerability are available at: http://www.openssh.com/txt/x11fwd.advdiff -r1.242 -r1.243 pkgsrc/security/openssh/Makefile
(bsiegert)
@@ -1,18 +1,17 @@ | @@ -1,18 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.242 2016/03/05 11:29:23 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.243 2016/03/15 20:54:07 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= openssh-7.1p1 | 3 | DISTNAME= openssh-7.2p2 | |
4 | PKGNAME= ${DISTNAME:S/p1/.1/} | 4 | PKGNAME= ${DISTNAME:S/p2/.2/} | |
5 | PKGREVISION= 4 | |||
6 | CATEGORIES= security | 5 | CATEGORIES= security | |
7 | MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} | 6 | MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} | |
8 | 7 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.openssh.com/ | 9 | HOMEPAGE= http://www.openssh.com/ | |
11 | COMMENT= Open Source Secure shell client and server (remote login program) | 10 | COMMENT= Open Source Secure shell client and server (remote login program) | |
12 | 11 | |||
13 | CONFLICTS= sftp-[0-9]* | 12 | CONFLICTS= sftp-[0-9]* | |
14 | CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* | 13 | CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* | |
15 | CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]* | 14 | CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]* | |
16 | CONFLICTS+= openssh+gssapi-[0-9]* | 15 | CONFLICTS+= openssh+gssapi-[0-9]* | |
17 | CONFLICTS+= lsh>2.0 | 16 | CONFLICTS+= lsh>2.0 | |
18 | BROKEN_FOR_PLATFORM+= OpenBSD-*-* | 17 | BROKEN_FOR_PLATFORM+= OpenBSD-*-* |
@@ -1,29 +1,27 @@ | @@ -1,29 +1,27 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.17 2015/08/14 08:57:00 jperkin Exp $ | 1 | @comment $NetBSD: PLIST,v 1.18 2016/03/15 20:54:07 bsiegert Exp $ | |
2 | bin/scp | 2 | bin/scp | |
3 | bin/sftp | 3 | bin/sftp | |
4 | bin/slogin | |||
5 | bin/ssh | 4 | bin/ssh | |
6 | bin/ssh-add | 5 | bin/ssh-add | |
7 | bin/ssh-agent | 6 | bin/ssh-agent | |
8 | bin/ssh-keygen | 7 | bin/ssh-keygen | |
9 | bin/ssh-keyscan | 8 | bin/ssh-keyscan | |
10 | libexec/sftp-server | 9 | libexec/sftp-server | |
11 | libexec/ssh-keysign | 10 | libexec/ssh-keysign | |
12 | libexec/ssh-pkcs11-helper | 11 | libexec/ssh-pkcs11-helper | |
13 | ${PLIST.prng}libexec/ssh-rand-helper | 12 | ${PLIST.prng}libexec/ssh-rand-helper | |
14 | man/man1/scp.1 | 13 | man/man1/scp.1 | |
15 | man/man1/sftp.1 | 14 | man/man1/sftp.1 | |
16 | man/man1/slogin.1 | |||
17 | man/man1/ssh-add.1 | 15 | man/man1/ssh-add.1 | |
18 | man/man1/ssh-agent.1 | 16 | man/man1/ssh-agent.1 | |
19 | man/man1/ssh-keygen.1 | 17 | man/man1/ssh-keygen.1 | |
20 | man/man1/ssh-keyscan.1 | 18 | man/man1/ssh-keyscan.1 | |
21 | man/man1/ssh.1 | 19 | man/man1/ssh.1 | |
22 | man/man5/moduli.5 | 20 | man/man5/moduli.5 | |
23 | man/man5/ssh_config.5 | 21 | man/man5/ssh_config.5 | |
24 | man/man5/sshd_config.5 | 22 | man/man5/sshd_config.5 | |
25 | man/man8/sftp-server.8 | 23 | man/man8/sftp-server.8 | |
26 | man/man8/ssh-keysign.8 | 24 | man/man8/ssh-keysign.8 | |
27 | man/man8/ssh-pkcs11-helper.8 | 25 | man/man8/ssh-pkcs11-helper.8 | |
28 | man/man8/sshd.8 | 26 | man/man8/sshd.8 | |
29 | sbin/sshd | 27 | sbin/sshd |
@@ -1,37 +1,32 @@ | @@ -1,37 +1,32 @@ | |||
1 | $NetBSD: distinfo,v 1.99 2016/02/26 21:06:38 tez Exp $ | 1 | $NetBSD: distinfo,v 1.100 2016/03/15 20:54:07 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (openssh-7.1p1-hpn-20150822.diff.bz2) = 444a2fbd80d57ff93b53ade84ec162e2a2f3aa67 | 3 | SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38 | |
4 | RMD160 (openssh-7.1p1-hpn-20150822.diff.bz2) = 87fb6887d9ccb4b305ff3c25fd5f67847d9996d1 | 4 | RMD160 (openssh-7.2p2.tar.gz) = d18d73719ceeefa5116b5b741124f3604d7ddb99 | |
5 | Size (openssh-7.1p1-hpn-20150822.diff.bz2) = 12173 bytes | 5 | SHA512 (openssh-7.2p2.tar.gz) = 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b | |
6 | SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6 | 6 | Size (openssh-7.2p2.tar.gz) = 1499808 bytes | |
7 | RMD160 (openssh-7.1p1.tar.gz) = 2c97ea10099fa8658156c0351d60d715655b9b07 | |||
8 | SHA512 (openssh-7.1p1.tar.gz) = f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 | |||
9 | Size (openssh-7.1p1.tar.gz) = 1493170 bytes | |||
10 | SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc | 7 | SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc | |
11 | SHA1 (patch-auth-passwd.c) = 92c487cc3c092efb56f8b4ac4ca08ccd67803a83 | 8 | SHA1 (patch-auth-passwd.c) = 92c487cc3c092efb56f8b4ac4ca08ccd67803a83 | |
12 | SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4 | 9 | SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4 | |
13 | SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039 | 10 | SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039 | |
14 | SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374 | 11 | SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374 | |
15 | SHA1 (patch-auth2.c) = efc1eb6d28cb6ec2bd87723943f3e36c612d93aa | 12 | SHA1 (patch-auth2.c) = efc1eb6d28cb6ec2bd87723943f3e36c612d93aa | |
16 | SHA1 (patch-channels.c) = edcce67664bbbc30a8d10ed2fe58dcece944726c | 13 | SHA1 (patch-channels.c) = edcce67664bbbc30a8d10ed2fe58dcece944726c | |
17 | SHA1 (patch-clientloop.c) = a99fa9ff36e0068c059ee9daa392d06c01d1761c | 14 | SHA1 (patch-clientloop.c) = 9b2db181d964b7720e1dc12724a9b9033f28d0e7 | |
18 | SHA1 (patch-config.h.in) = 7406f10b568d2b8237ee575922ce712658d90d59 | 15 | SHA1 (patch-config.h.in) = 7406f10b568d2b8237ee575922ce712658d90d59 | |
19 | SHA1 (patch-configure.ac) = d7ba54f34e03fd204eb1a9804fcae7fd16e285e2 | 16 | SHA1 (patch-configure.ac) = d7ba54f34e03fd204eb1a9804fcae7fd16e285e2 | |
20 | SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4 | 17 | SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4 | |
21 | SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda | 18 | SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda | |
22 | SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c | 19 | SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c | |
23 | SHA1 (patch-openbsd-compat_bsd-openpty.c) = eaac72830e36e307c19a7b679e6018ece9aebaac | 20 | SHA1 (patch-openbsd-compat_bsd-openpty.c) = eaac72830e36e307c19a7b679e6018ece9aebaac | |
24 | SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4 | 21 | SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4 | |
25 | SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590ee | 22 | SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590ee | |
26 | SHA1 (patch-packet.c) = d302a0802861287e9a5230bbe2a1018c5dc17d28 | |||
27 | SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5 | 23 | SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5 | |
28 | SHA1 (patch-readconf.c) = e1663d4d9a7ca8de8f87ba42d7b764923cdcc5db | |||
29 | SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75 | 24 | SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75 | |
30 | SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1 | 25 | SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1 | |
31 | SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b | 26 | SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b | |
32 | SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778 | 27 | SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778 | |
33 | SHA1 (patch-ssh.c) = 00897c09b7d3037713c579cbc41301623d4c2ebf | 28 | SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca | |
34 | SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 | 29 | SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 | |
35 | SHA1 (patch-sshd.c) = 85a9f50c8b1bdcc44156e2b457a583ccdbc5821b | 30 | SHA1 (patch-sshd.c) = cd23ce269bfb48b0caa901e62fc01d35ef0618ac | |
36 | SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938 | 31 | SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938 | |
37 | SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e | 32 | SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e |
@@ -1,36 +1,36 @@ | @@ -1,36 +1,36 @@ | |||
1 | $NetBSD: patch-clientloop.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $ | 1 | $NetBSD: patch-clientloop.c,v 1.4 2016/03/15 20:54:07 bsiegert Exp $ | |
2 | 2 | |||
3 | Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts. | 3 | Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts. | |
4 | 4 | |||
5 | https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205 | 5 | https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205 | |
6 | 6 | |||
7 | --- clientloop.c.orig 2015-08-21 04:49:03.000000000 +0000 | 7 | --- clientloop.c.orig 2016-03-09 18:04:48.000000000 +0000 | |
8 | +++ clientloop.c | 8 | +++ clientloop.c | |
9 | @@ -315,6 +315,10 @@ client_x11_get_proto(const char *display | 9 | @@ -313,6 +313,10 @@ client_x11_get_proto(const char *display | |
10 | struct stat st; | 10 | struct stat st; | |
11 | u_int now, x11_timeout_real; | 11 | u_int now, x11_timeout_real; | |
12 | 12 | |||
13 | +#if __APPLE__ | 13 | +#if __APPLE__ | |
14 | + int is_path_to_socket = 0; | 14 | + int is_path_to_socket = 0; | |
15 | +#endif /* __APPLE__ */ | 15 | +#endif /* __APPLE__ */ | |
16 | + | 16 | + | |
17 | xauthdir = xauthfile = NULL; | |||
18 | *_proto = proto; | 17 | *_proto = proto; | |
19 | *_data = data; | 18 | *_data = data; | |
20 | @@ -330,6 +334,33 @@ client_x11_get_proto(const char *display | 19 | proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; | |
21 | debug("x11_get_proto: DISPLAY not set"); | 20 | @@ -329,6 +333,33 @@ client_x11_get_proto(const char *display | |
22 | return; | 21 | } | |
23 | } | 22 | ||
23 | if (xauth_path != NULL) { | |||
24 | +#if __APPLE__ | 24 | +#if __APPLE__ | |
25 | + { | 25 | + { | |
26 | + /* | 26 | + /* | |
27 | + * If using launchd socket, remove the screen number from the end | 27 | + * If using launchd socket, remove the screen number from the end | |
28 | + * of $DISPLAY. is_path_to_socket is used later in this function | 28 | + * of $DISPLAY. is_path_to_socket is used later in this function | |
29 | + * to determine if an error should be displayed. | 29 | + * to determine if an error should be displayed. | |
30 | + */ | 30 | + */ | |
31 | + char path[PATH_MAX]; | 31 | + char path[PATH_MAX]; | |
32 | + struct stat sbuf; | 32 | + struct stat sbuf; | |
33 | + | 33 | + | |
34 | + strlcpy(path, display, sizeof(path)); | 34 | + strlcpy(path, display, sizeof(path)); | |
35 | + if (0 == stat(path, &sbuf)) { | 35 | + if (0 == stat(path, &sbuf)) { | |
36 | + is_path_to_socket = 1; | 36 | + is_path_to_socket = 1; | |
@@ -41,23 +41,23 @@ https://trac.macports.org/browser/trunk/ | @@ -41,23 +41,23 @@ https://trac.macports.org/browser/trunk/ | |||
41 | + /* screen = atoi(dot + 1); */ | 41 | + /* screen = atoi(dot + 1); */ | |
42 | + if (0 == stat(path, &sbuf)) { | 42 | + if (0 == stat(path, &sbuf)) { | |
43 | + is_path_to_socket = 1; | 43 | + is_path_to_socket = 1; | |
44 | + debug("x11_get_proto: $DISPLAY is launchd, removing screennum"); | 44 | + debug("x11_get_proto: $DISPLAY is launchd, removing screennum"); | |
45 | + setenv("DISPLAY", path, 1); | 45 | + setenv("DISPLAY", path, 1); | |
46 | + } | 46 | + } | |
47 | + } | 47 | + } | |
48 | + } | 48 | + } | |
49 | + } | 49 | + } | |
50 | +#endif /* __APPLE__ */ | 50 | +#endif /* __APPLE__ */ | |
51 | /* | 51 | /* | |
52 | * Handle FamilyLocal case where $DISPLAY does | 52 | * Handle FamilyLocal case where $DISPLAY does | |
53 | * not match an authorization entry. For this we | 53 | * not match an authorization entry. For this we | |
54 | @@ -421,6 +452,9 @@ client_x11_get_proto(const char *display | 54 | @@ -438,6 +469,9 @@ client_x11_get_proto(const char *display | |
55 | if (!got_data) { | 55 | if (!got_data) { | |
56 | u_int32_t rnd = 0; | 56 | u_int32_t rnd = 0; | |
57 | 57 | |||
58 | +#if __APPLE__ | 58 | +#if __APPLE__ | |
59 | + if (!is_path_to_socket) | 59 | + if (!is_path_to_socket) | |
60 | +#endif /* __APPLE__ */ | 60 | +#endif /* __APPLE__ */ | |
61 | logit("Warning: No xauth data; " | 61 | logit("Warning: No xauth data; " | |
62 | "using fake authentication data for X11 forwarding."); | 62 | "using fake authentication data for X11 forwarding."); | |
63 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); | 63 | strlcpy(proto, SSH_X11_PROTO, sizeof proto); |
@@ -1,26 +1,15 @@ | @@ -1,26 +1,15 @@ | |||
1 | $NetBSD: patch-ssh.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $ | 1 | $NetBSD: patch-ssh.c,v 1.6 2016/03/15 20:54:07 bsiegert Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | Disable roaming | |||
5 | 4 | |||
6 | --- ssh.c.orig 2015-08-21 04:49:03.000000000 +0000 | 5 | --- ssh.c.orig 2016-03-09 18:04:48.000000000 +0000 | |
7 | +++ ssh.c | 6 | +++ ssh.c | |
8 | @@ -1084,7 +1084,7 @@ main(int ac, char **av) | 7 | @@ -1097,7 +1097,7 @@ main(int ac, char **av) | |
9 | "disabling"); | |||
10 | options.update_hostkeys = 0; | |||
11 | } | 8 | } | |
9 | if (options.connection_attempts <= 0) | |||
10 | fatal("Invalid number of ConnectionAttempts"); | |||
12 | -#ifndef HAVE_CYGWIN | 11 | -#ifndef HAVE_CYGWIN | |
13 | +#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) | 12 | +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) | |
14 | if (original_effective_uid != 0) | 13 | if (original_effective_uid != 0) | |
15 | options.use_privileged_port = 0; | 14 | options.use_privileged_port = 0; | |
16 | #endif | 15 | #endif | |
17 | @@ -1932,9 +1932,6 @@ ssh_session2(void) | |||
18 | fork_postauth(); | |||
19 | } | |||
20 | ||||
21 | - if (options.use_roaming) | |||
22 | - request_roaming(); | |||
23 | - | |||
24 | return client_loop(tty_flag, tty_flag ? | |||
25 | options.escape_char : SSH_ESCAPECHAR_NONE, id); | |||
26 | } |
@@ -1,124 +1,131 @@ | @@ -1,124 +1,131 @@ | |||
1 | $NetBSD: patch-sshd.c,v 1.6 2016/01/18 12:53:26 jperkin Exp $ | 1 | $NetBSD: patch-sshd.c,v 1.7 2016/03/15 20:54:07 bsiegert Exp $ | |
2 | 2 | |||
3 | * Interix support | 3 | * Interix support | |
4 | * Revive tcp_wrappers support. | 4 | * Revive tcp_wrappers support. | |
5 | 5 | |||
6 | --- sshd.c.orig 2015-08-21 04:49:03.000000000 +0000 | 6 | --- sshd.c.orig 2016-03-09 18:04:48.000000000 +0000 | |
7 | +++ sshd.c | 7 | +++ sshd.c | |
8 | @@ -126,6 +126,13 @@ | 8 | @@ -125,6 +125,13 @@ | |
9 | #include "version.h" | 9 | #include "version.h" | |
10 | #include "ssherr.h" | 10 | #include "ssherr.h" | |
11 | 11 | |||
12 | +#ifdef LIBWRAP | 12 | +#ifdef LIBWRAP | |
13 | +#include <tcpd.h> | 13 | +#include <tcpd.h> | |
14 | +#include <syslog.h> | 14 | +#include <syslog.h> | |
15 | +int allow_severity; | 15 | +int allow_severity; | |
16 | +int deny_severity; | 16 | +int deny_severity; | |
17 | +#endif /* LIBWRAP */ | 17 | +#endif /* LIBWRAP */ | |
18 | + | 18 | + | |
19 | #ifndef O_NOCTTY | 19 | #ifndef O_NOCTTY | |
20 | #define O_NOCTTY 0 | 20 | #define O_NOCTTY 0 | |
21 | #endif | 21 | #endif | |
22 | @@ -237,7 +244,11 @@ int *startup_pipes = NULL; | 22 | @@ -236,7 +243,11 @@ int *startup_pipes = NULL; | |
23 | int startup_pipe; /* in child */ | 23 | int startup_pipe; /* in child */ | |
24 | 24 | |||
25 | /* variables used for privilege separation */ | 25 | /* variables used for privilege separation */ | |
26 | +#ifdef HAVE_INTERIX | 26 | +#ifdef HAVE_INTERIX | |
27 | +int use_privsep = 0; | 27 | +int use_privsep = 0; | |
28 | +#else | 28 | +#else | |
29 | int use_privsep = -1; | 29 | int use_privsep = -1; | |
30 | +#endif | 30 | +#endif | |
31 | struct monitor *pmonitor = NULL; | 31 | struct monitor *pmonitor = NULL; | |
32 | int privsep_is_preauth = 1; | 32 | int privsep_is_preauth = 1; | |
33 | 33 | |||
34 | @@ -644,10 +655,15 @@ privsep_preauth_child(void) | 34 | @@ -632,7 +643,7 @@ privsep_preauth_child(void) | |
35 | /* XXX not ready, too heavy after chroot */ | 35 | demote_sensitive_data(); | |
36 | do_setusercontext(privsep_pw); | 36 | ||
37 | #else | 37 | /* Demote the child */ | |
38 | - if (getuid() == 0 || geteuid() == 0) { | |||
39 | + if (getuid() == ROOTUID || geteuid() == ROOTUID) { | |||
40 | /* Change our root directory */ | |||
41 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | |||
42 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | |||
43 | @@ -643,10 +654,15 @@ privsep_preauth_child(void) | |||
44 | /* Drop our privileges */ | |||
45 | debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, | |||
46 | (u_int)privsep_pw->pw_gid); | |||
38 | +#ifdef HAVE_INTERIX | 47 | +#ifdef HAVE_INTERIX | |
39 | + if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE)) | 48 | + if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE)) | |
40 | + fatal("setuser: %.100s", strerror(errno)); | 49 | + fatal("setuser: %.100s", strerror(errno)); | |
41 | +#else | 50 | +#else | |
42 | gidset[0] = privsep_pw->pw_gid; | 51 | gidset[0] = privsep_pw->pw_gid; | |
43 | if (setgroups(1, gidset) < 0) | 52 | if (setgroups(1, gidset) < 0) | |
44 | fatal("setgroups: %.100s", strerror(errno)); | 53 | fatal("setgroups: %.100s", strerror(errno)); | |
45 | permanently_set_uid(privsep_pw); | 54 | permanently_set_uid(privsep_pw); | |
46 | +#endif /* HAVE_INTERIX */ | 55 | +#endif /* HAVE_INTERIX */ | |
47 | #endif | 56 | } | |
48 | } | 57 | } | |
49 | 58 | |||
50 | @@ -715,11 +731,18 @@ privsep_preauth(Authctxt *authctxt) | 59 | @@ -713,10 +729,17 @@ privsep_preauth(Authctxt *authctxt) | |
60 | /* Arrange for logging to be sent to the monitor */ | |||
51 | set_log_handler(mm_log_handler, pmonitor); | 61 | set_log_handler(mm_log_handler, pmonitor); | |
52 | 62 | |||
53 | /* Demote the child */ | |||
54 | - if (getuid() == 0 || geteuid() == 0) | |||
55 | +#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__ | 63 | +#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__ | |
56 | + /* We need to do this before we chroot() so we can read sshd.sb */ | 64 | + /* We need to do this before we chroot() so we can read sshd.sb */ | |
57 | + if (box != NULL) | 65 | + if (box != NULL) | |
58 | + ssh_sandbox_child(box); | 66 | + ssh_sandbox_child(box); | |
59 | +#endif | 67 | +#endif | |
60 | + if (getuid() == ROOTUID || geteuid() == ROOTUID) | 68 | privsep_preauth_child(); | |
61 | privsep_preauth_child(); | |||
62 | setproctitle("%s", "[net]"); | 69 | setproctitle("%s", "[net]"); | |
63 | +#ifndef __APPLE_SANDBOX_NAMED_EXTERNAL__ | 70 | +#ifndef __APPLE_SANDBOX_NAMED_EXTERNAL__ | |
64 | if (box != NULL) | 71 | if (box != NULL) | |
65 | ssh_sandbox_child(box); | 72 | ssh_sandbox_child(box); | |
66 | +#endif | 73 | +#endif | |
67 | 74 | |||
68 | return 0; | 75 | return 0; | |
69 | } | 76 | } | |
70 | @@ -733,7 +756,7 @@ privsep_postauth(Authctxt *authctxt) | 77 | @@ -730,7 +753,7 @@ privsep_postauth(Authctxt *authctxt) | |
71 | #ifdef DISABLE_FD_PASSING | 78 | #ifdef DISABLE_FD_PASSING | |
72 | if (1) { | 79 | if (1) { | |
73 | #else | 80 | #else | |
74 | - if (authctxt->pw->pw_uid == 0 || options.use_login) { | 81 | - if (authctxt->pw->pw_uid == 0 || options.use_login) { | |
75 | + if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { | 82 | + if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { | |
76 | #endif | 83 | #endif | |
77 | /* File descriptor passing is broken or root login */ | 84 | /* File descriptor passing is broken or root login */ | |
78 | use_privsep = 0; | 85 | use_privsep = 0; | |
79 | @@ -1489,8 +1512,10 @@ main(int ac, char **av) | 86 | @@ -1497,8 +1520,10 @@ main(int ac, char **av) | |
80 | av = saved_argv; | 87 | av = saved_argv; | |
81 | #endif | 88 | #endif | |
82 | 89 | |||
83 | - if (geteuid() == 0 && setgroups(0, NULL) == -1) | 90 | - if (geteuid() == 0 && setgroups(0, NULL) == -1) | |
84 | +#ifndef HAVE_INTERIX | 91 | +#ifndef HAVE_INTERIX | |
85 | + if (geteuid() == ROOTUID && setgroups(0, NULL) == -1) | 92 | + if (geteuid() == ROOTUID && setgroups(0, NULL) == -1) | |
86 | debug("setgroups(): %.200s", strerror(errno)); | 93 | debug("setgroups(): %.200s", strerror(errno)); | |
87 | +#endif | 94 | +#endif | |
88 | 95 | |||
89 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 96 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | |
90 | sanitise_stdfd(); | 97 | sanitise_stdfd(); | |
91 | @@ -1919,7 +1944,7 @@ main(int ac, char **av) | 98 | @@ -1925,7 +1950,7 @@ main(int ac, char **av) | |
92 | (st.st_uid != getuid () || | 99 | (st.st_uid != getuid () || | |
93 | (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) | 100 | (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) | |
94 | #else | 101 | #else | |
95 | - if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | 102 | - if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | |
96 | + if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | 103 | + if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | |
97 | #endif | 104 | #endif | |
98 | fatal("%s must be owned by root and not group or " | 105 | fatal("%s must be owned by root and not group or " | |
99 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); | 106 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); | |
100 | @@ -1942,8 +1967,10 @@ main(int ac, char **av) | 107 | @@ -1948,8 +1973,10 @@ main(int ac, char **av) | |
101 | * to create a file, and we can't control the code in every | 108 | * to create a file, and we can't control the code in every | |
102 | * module which might be used). | 109 | * module which might be used). | |
103 | */ | 110 | */ | |
104 | +#ifndef HAVE_INTERIX | 111 | +#ifndef HAVE_INTERIX | |
105 | if (setgroups(0, NULL) < 0) | 112 | if (setgroups(0, NULL) < 0) | |
106 | debug("setgroups() failed: %.200s", strerror(errno)); | 113 | debug("setgroups() failed: %.200s", strerror(errno)); | |
107 | +#endif | 114 | +#endif | |
108 | 115 | |||
109 | if (rexec_flag) { | 116 | if (rexec_flag) { | |
110 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); | 117 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); | |
111 | @@ -2139,6 +2166,25 @@ main(int ac, char **av) | 118 | @@ -2145,6 +2172,25 @@ main(int ac, char **av) | |
112 | audit_connection_from(remote_ip, remote_port); | 119 | audit_connection_from(remote_ip, remote_port); | |
113 | #endif | 120 | #endif | |
114 | 121 | |||
115 | +#ifdef LIBWRAP | 122 | +#ifdef LIBWRAP | |
116 | + allow_severity = options.log_facility|LOG_INFO; | 123 | + allow_severity = options.log_facility|LOG_INFO; | |
117 | + deny_severity = options.log_facility|LOG_WARNING; | 124 | + deny_severity = options.log_facility|LOG_WARNING; | |
118 | + /* Check whether logins are denied from this host. */ | 125 | + /* Check whether logins are denied from this host. */ | |
119 | + if (packet_connection_is_on_socket()) { | 126 | + if (packet_connection_is_on_socket()) { | |
120 | + struct request_info req; | 127 | + struct request_info req; | |
121 | + | 128 | + | |
122 | + request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); | 129 | + request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); | |
123 | + fromhost(&req); | 130 | + fromhost(&req); | |
124 | + | 131 | + |