1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
--- apps/ssh/sshchsession.c.orig Thu Aug 24 17:40:41 2000
+++ apps/ssh/sshchsession.c Sun Aug 27 01:16:55 2000
@@ -83,6 +83,11 @@
#include <ulimit.h>
#endif /* ULIMIT_H */
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+extern char **environ;
+#endif
+
#define SSH_DEBUG_MODULE "Ssh2ChannelSession"
#define SSH_SESSION_INTERACTIVE_WINDOW 10000
@@ -489,6 +494,67 @@
if (getenv("TZ"))
ssh_child_set_env(envp, envsizep, "TZ", getenv("TZ"));
+#ifdef HAVE_LOGIN_CAP_H
+ {
+ char *p, *s, **tmpenv;
+ struct passwd *pwd;
+
+ pwd = getpwnam(user_name);
+ if (!pwd)
+ {
+ ssh_warning("Can't getpwnam %s: %s", user_name, strerror(errno));
+ }
+ else
+ {
+ /* Save previous environment array
+ */
+ tmpenv = environ;
+ environ = *envp;
+
+ /* Set the user's login environment
+ */
+ if (setusercontext(NULL, pwd,
+ ssh_user_uid(session->common->user_data),
+ LOGIN_SETPATH|LOGIN_SETENV) == 0)
+ {
+ p = getenv("PATH");
+ s = ssh_xmalloc((p != NULL ? strlen(p) + 1 : 0)
+ + sizeof(SSH_BINDIR));
+ *s = '\0';
+ if (p != NULL)
+ {
+ strcat(s, p);
+ strcat(s, ":");
+ }
+ strcat(s, SSH_BINDIR);
+
+ /* copy enviroment variables to (*envp) */
+ for (i = 0; environ[i] != NULL; i++)
+ ;
+ (*envp) = ssh_xmalloc((i + 51) * sizeof(char *));
+ (*envsizep) = i + 50;
+
+ for (i = 0; environ[i] != NULL; ++i) {
+ (*envp)[i] = ssh_xmalloc((strlen(environ[i]) + 1) * sizeof(char));
+ strcpy((*envp)[i], environ[i]);
+ }
+ (*envp)[i] = NULL;
+
+ environ = tmpenv; /* Restore parent environment */
+ ssh_child_set_env(envp, envsizep, "PATH", s);
+ ssh_xfree(s);
+ }
+ else
+ {
+ *envp = environ;
+ environ = tmpenv; /* Restore parent environment */
+ ssh_warning("Can't setusercontext env. variables: %s", strerror(errno));
+ }
+ }
+ endpwent();
+ }
+#endif /* HAVE_LOGIN_CAP_H */
+
/* Set SSH_CLIENT. */
snprintf(buf, sizeof(buf), "%s %s %s %s",
session->common->remote_ip, session->common->remote_port,
@@ -729,12 +795,20 @@
char buff[100], *time_string;
/* Check /etc/nologin. */
+#ifdef __FreeBSD__
+ f = fopen("/var/run/nologin", "r");
+#else
f = fopen("/etc/nologin", "r");
+#endif
if (f)
{ /* /etc/nologin exists. Print its contents and exit. */
/* Print a message about /etc/nologin existing; I am getting
questions because of this every week. */
+#ifdef __FreeBSD__
+ ssh_warning("Logins are currently denied by /var/run/nologin:");
+#else
ssh_warning("Logins are currently denied by /etc/nologin:");
+#endif
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
fclose(f);
@@ -918,7 +992,11 @@
{
struct stat mailbuf;
if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
+#ifndef __FreeBSD__
printf("No mail.\n");
+#else
+ ;
+#endif
else if (mailbuf.st_atime > mailbuf.st_mtime)
printf("You have mail.\n");
else
|
