security/openssh/patches/patch-sshd.c

   1 $NetBSD$
   2
   3 Interix support
   4
   5 --- sshd.c.orig 2013-02-12 00:04:48.000000000 +0000
   6 +++ sshd.c
   7 @@ -237,7 +237,11 @@ int *startup_pipes = NULL;
   8  int startup_pipe;              /* in child */
   9
  10  /* variables used for privilege separation */
  11 +#ifdef HAVE_INTERIX
  12  int use_privsep = -1;
  13 +#else
  14 +int use_privsep = 0;
  15 +#endif
  16  struct monitor *pmonitor = NULL;
  17  int privsep_is_preauth = 1;
  18
  19 @@ -625,10 +629,15 @@ privsep_preauth_child(void)
  20         /* XXX not ready, too heavy after chroot */
  21         do_setusercontext(privsep_pw);
  22  #else
  23 +#ifdef HAVE_INTERIX
  24 +       if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE))
  25 +               fatal("setuser: %.100s", strerror(errno));
  26 +#else
  27         gidset[0] = privsep_pw->pw_gid;
  28         if (setgroups(1, gidset) < 0)
  29                 fatal("setgroups: %.100s", strerror(errno));
  30         permanently_set_uid(privsep_pw);
  31 +#endif /* HAVE_INTERIX */
  32  #endif
  33  }
  34
  35 @@ -688,7 +697,7 @@ privsep_preauth(Authctxt *authctxt)
  36                 set_log_handler(mm_log_handler, pmonitor);
  37
  38                 /* Demote the child */
  39 -               if (getuid() == 0 || geteuid() == 0)
  40 +               if (getuid() == ROOTUID || geteuid() == ROOTUID)
  41                         privsep_preauth_child();
  42                 setproctitle("%s", "[net]");
  43                 if (box != NULL)
  44 @@ -706,7 +715,7 @@ privsep_postauth(Authctxt *authctxt)
  45  #ifdef DISABLE_FD_PASSING
  46         if (1) {
  47  #else
  48 -       if (authctxt->pw->pw_uid == 0 || options.use_login) {
  49 +       if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
  50  #endif
  51                 /* File descriptor passing is broken or root login */
  52                 use_privsep = 0;
  53 @@ -1363,8 +1372,10 @@ main(int ac, char **av)
  54         av = saved_argv;
  55  #endif
  56
  57 -       if (geteuid() == 0 && setgroups(0, NULL) == -1)
  58 +#ifndef HAVE_INTERIX
  59 +       if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
  60                 debug("setgroups(): %.200s", strerror(errno));
  61 +#endif
  62
  63         /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
  64         sanitise_stdfd();
  65 @@ -1732,7 +1743,7 @@ main(int ac, char **av)
  66                     (st.st_uid != getuid () ||
  67                     (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  68  #else
  69 -               if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
  70 +               if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
  71  #endif
  72                         fatal("%s must be owned by root and not group or "
  73                             "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
  74 @@ -1755,8 +1766,10 @@ main(int ac, char **av)
  75          * to create a file, and we can't control the code in every
  76          * module which might be used).
  77          */
  78 +#ifndef HAVE_INTERIX
  79         if (setgroups(0, NULL) < 0)
  80                 debug("setgroups() failed: %.200s", strerror(errno));
  81 +#endif
  82
  83         if (rexec_flag) {
  84                 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));