- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
in addition to root as an owner of system directories on AIX and HP-UX. ok djm@
This commit is contained in:
parent
fe10a28e08
commit
aa97d13fa2
|
@ -2,6 +2,9 @@
|
||||||
- (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
|
- (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
|
||||||
Improve portability of cipher-speed test, based mostly on a patch from
|
Improve portability of cipher-speed test, based mostly on a patch from
|
||||||
Iain Morgan.
|
Iain Morgan.
|
||||||
|
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
|
||||||
|
in addition to root as an owner of system directories on AIX and HP-UX.
|
||||||
|
ok djm@
|
||||||
|
|
||||||
20130307
|
20130307
|
||||||
- (dtucker) [INSTALL] Bump documented autoconf version to what we're
|
- (dtucker) [INSTALL] Bump documented autoconf version to what we're
|
||||||
|
|
4
auth.c
4
auth.c
|
@ -448,7 +448,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
|
||||||
snprintf(err, errlen, "%s is not a regular file", buf);
|
snprintf(err, errlen, "%s is not a regular file", buf);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if ((stp->st_uid != 0 && stp->st_uid != uid) ||
|
if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
|
||||||
(stp->st_mode & 022) != 0) {
|
(stp->st_mode & 022) != 0) {
|
||||||
snprintf(err, errlen, "bad ownership or modes for file %s",
|
snprintf(err, errlen, "bad ownership or modes for file %s",
|
||||||
buf);
|
buf);
|
||||||
|
@ -464,7 +464,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
|
||||||
strlcpy(buf, cp, sizeof(buf));
|
strlcpy(buf, cp, sizeof(buf));
|
||||||
|
|
||||||
if (stat(buf, &st) < 0 ||
|
if (stat(buf, &st) < 0 ||
|
||||||
(st.st_uid != 0 && st.st_uid != uid) ||
|
(!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
|
||||||
(st.st_mode & 022) != 0) {
|
(st.st_mode & 022) != 0) {
|
||||||
snprintf(err, errlen,
|
snprintf(err, errlen,
|
||||||
"bad ownership or modes for directory %s", buf);
|
"bad ownership or modes for directory %s", buf);
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $Id: configure.ac,v 1.513 2013/03/08 01:14:23 djm Exp $
|
# $Id: configure.ac,v 1.514 2013/03/12 00:31:05 dtucker Exp $
|
||||||
#
|
#
|
||||||
# Copyright (c) 1999-2004 Damien Miller
|
# Copyright (c) 1999-2004 Damien Miller
|
||||||
#
|
#
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
||||||
AC_REVISION($Revision: 1.513 $)
|
AC_REVISION($Revision: 1.514 $)
|
||||||
AC_CONFIG_SRCDIR([ssh.c])
|
AC_CONFIG_SRCDIR([ssh.c])
|
||||||
AC_LANG([C])
|
AC_LANG([C])
|
||||||
|
|
||||||
|
@ -480,6 +480,7 @@ case "$host" in
|
||||||
AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
|
AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
|
||||||
[AIX 5.2 and 5.3 (and presumably newer) require this])
|
[AIX 5.2 and 5.3 (and presumably newer) require this])
|
||||||
AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
|
AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
|
||||||
|
AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
|
||||||
;;
|
;;
|
||||||
*-*-cygwin*)
|
*-*-cygwin*)
|
||||||
check_for_libcrypt_later=1
|
check_for_libcrypt_later=1
|
||||||
|
@ -565,6 +566,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||||
AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
|
AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
|
||||||
[String used in /etc/passwd to denote locked account])
|
[String used in /etc/passwd to denote locked account])
|
||||||
AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
|
AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
|
||||||
|
AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
|
||||||
maildir="/var/mail"
|
maildir="/var/mail"
|
||||||
LIBS="$LIBS -lsec"
|
LIBS="$LIBS -lsec"
|
||||||
AC_CHECK_LIB([xnet], [t_error], ,
|
AC_CHECK_LIB([xnet], [t_error], ,
|
||||||
|
|
18
platform.c
18
platform.c
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: platform.c,v 1.18 2011/01/11 06:02:25 djm Exp $ */
|
/* $Id: platform.c,v 1.19 2013/03/12 00:31:05 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2006 Darren Tucker. All rights reserved.
|
* Copyright (c) 2006 Darren Tucker. All rights reserved.
|
||||||
|
@ -194,3 +194,19 @@ platform_krb5_get_principal_name(const char *pw_name)
|
||||||
return NULL;
|
return NULL;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* return 1 if the specified uid is a uid that may own a system directory
|
||||||
|
* otherwise 0.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
platform_sys_dir_uid(uid_t uid)
|
||||||
|
{
|
||||||
|
if (uid == 0)
|
||||||
|
return 1;
|
||||||
|
#ifdef PLATFORM_SYS_DIR_UID
|
||||||
|
if (uid == PLATFORM_SYS_DIR_UID)
|
||||||
|
return 1;
|
||||||
|
#endif
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */
|
/* $Id: platform.h,v 1.8 2013/03/12 00:31:05 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2006 Darren Tucker. All rights reserved.
|
* Copyright (c) 2006 Darren Tucker. All rights reserved.
|
||||||
|
@ -29,5 +29,4 @@ void platform_setusercontext(struct passwd *);
|
||||||
void platform_setusercontext_post_groups(struct passwd *);
|
void platform_setusercontext_post_groups(struct passwd *);
|
||||||
char *platform_get_krb5_client(const char *);
|
char *platform_get_krb5_client(const char *);
|
||||||
char *platform_krb5_get_principal_name(const char *);
|
char *platform_krb5_get_principal_name(const char *);
|
||||||
|
int platform_sys_dir_uid(uid_t);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue