svn commit: r529015 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Mon Mar 23 23:15:10 UTC 2020
Author: bdrewery
Date: Mon Mar 23 23:15:09 2020
New Revision: 529015
URL: https://svnweb.freebsd.org/changeset/ports/529015
Log:
- Simplify and refactor login.conf environment handling.
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/files/patch-session.c
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Mon Mar 23 22:08:48 2020 (r529014)
+++ head/security/openssh-portable/Makefile Mon Mar 23 23:15:09 2020 (r529015)
@@ -3,7 +3,7 @@
PORTNAME= openssh
DISTVERSION= 8.2p1
-PORTREVISION= 0
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c Mon Mar 23 22:08:48 2020 (r529014)
+++ head/security/openssh-portable/files/patch-session.c Mon Mar 23 23:15:09 2020 (r529015)
@@ -1,3 +1,7 @@
+bdrewery:
+ - Refactor and simplify original commit.
+ - Stop setting TERM=su without a term.
+
------------------------------------------------------------------------
r99055 | des | 2002-06-29 04:21:58 -0700 (Sat, 29 Jun 2002) | 6 lines
Changed paths:
@@ -10,7 +14,7 @@ Reviewed by: ache
Sponsored by: DARPA, NAI Labs
--- session.c.orig 2020-02-13 16:40:54.000000000 -0800
-+++ session.c 2020-03-23 14:50:01.165781000 -0700
++++ session.c 2020-03-23 16:01:07.583958000 -0700
@@ -946,7 +946,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui
}
#endif /* HAVE_ETC_DEFAULT_LOGIN */
@@ -20,71 +24,41 @@ Sponsored by: DARPA, NAI Labs
static void
copy_environment_blacklist(char **source, char ***env, u_int *envsize,
const char *blacklist)
-@@ -994,6 +994,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- struct passwd *pw = s->pw;
- #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
- char *path = NULL;
-+#else
-+ extern char **environ;
-+ char **senv, **var;
- #endif
-
- /* Initialize the environment. */
-@@ -1015,6 +1018,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- }
- #endif
-
-+ if (getenv("TZ"))
-+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-+
- #ifdef GSSAPI
- /* Allow any GSSAPI methods that we've used to alter
- * the childs environment as they see fit
-@@ -1032,11 +1038,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
- #endif
- child_set_env(&env, &envsize, "HOME", pw->pw_dir);
-+ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
-+ child_set_env(&env, &envsize, "MAIL", buf);
- #ifdef HAVE_LOGIN_CAP
-- if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
-- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-- else
-- child_set_env(&env, &envsize, "PATH", getenv("PATH"));
-+ child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-+ child_set_env(&env, &envsize, "TERM", "su");
-+ senv = environ;
-+ environ = xmalloc(sizeof(char *));
-+ *environ = NULL;
-+ (void) setusercontext(lc, pw, pw->pw_uid,
-+ LOGIN_SETENV|LOGIN_SETPATH);
-+ copy_environment_blacklist(environ, &env, &envsize, NULL);
-+ for (var = environ; *var != NULL; ++var)
-+ free(*var);
-+ free(environ);
-+ environ = senv;
- #else /* HAVE_LOGIN_CAP */
- # ifndef HAVE_CYGWIN
- /*
-@@ -1056,17 +1072,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1056,7 +1056,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
- if (!options.use_pam) {
-- snprintf(buf, sizeof buf, "%.200s/%.50s",
-- _PATH_MAILDIR, pw->pw_name);
-- child_set_env(&env, &envsize, "MAIL", buf);
-- }
--
- /* Normal systems set SHELL by default. */
- child_set_env(&env, &envsize, "SHELL", shell);
++ /* FreeBSD PAM doesn't set default "MAIL" */
++ if (1 || !options.use_pam) {
+ snprintf(buf, sizeof buf, "%.200s/%.50s",
+ _PATH_MAILDIR, pw->pw_name);
+ child_set_env(&env, &envsize, "MAIL", buf);
+@@ -1067,6 +1068,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
-- if (getenv("TZ"))
-- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++#ifdef HAVE_LOGIN_CAP
++ /* Load environment from /etc/login.conf setenv directives. */
++ {
++ extern char **environ;
++ char **senv, **var;
++
++ senv = environ;
++ environ = xmalloc(sizeof(char *));
++ *environ = NULL;
++ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV);
++ copy_environment_blacklist(environ, &env, &envsize, NULL);
++ for (var = environ; *var != NULL; ++var)
++ free(*var);
++ free(environ);
++ environ = senv;
++ }
++#endif
if (s->term)
child_set_env(&env, &envsize, "TERM", s->term);
if (s->display)
-@@ -1369,7 +1377,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1369,7 +1387,7 @@ do_setusercontext(struct passwd *pw)
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
More information about the svn-ports-all
mailing list