diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2013-03-12 01:31:05 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2013-03-12 01:31:05 +0100 |
| commit | aa97d13fa22d410ad155d23b230fd3cce989ce25 (patch) | |
| tree | 6b5b35af5bcab94a5e6447f733a96e698069ce48 | |
| parent | - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] (diff) | |
| download | openssh-aa97d13fa22d410ad155d23b230fd3cce989ce25.tar.xz openssh-aa97d13fa22d410ad155d23b230fd3cce989ce25.zip | |
- (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
in addition to root as an owner of system directories on AIX and HP-UX.
ok djm@
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | auth.c | 4 | ||||
| -rw-r--r-- | configure.ac | 6 | ||||
| -rw-r--r-- | platform.c | 18 | ||||
| -rw-r--r-- | platform.h | 5 |
5 files changed, 28 insertions, 8 deletions
@@ -2,6 +2,9 @@ - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] Improve portability of cipher-speed test, based mostly on a patch from Iain Morgan. + - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") + in addition to root as an owner of system directories on AIX and HP-UX. + ok djm@ 20130307 - (dtucker) [INSTALL] Bump documented autoconf version to what we're @@ -448,7 +448,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, snprintf(err, errlen, "%s is not a regular file", buf); return -1; } - if ((stp->st_uid != 0 && stp->st_uid != uid) || + if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || (stp->st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); @@ -464,7 +464,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, strlcpy(buf, cp, sizeof(buf)); if (stat(buf, &st) < 0 || - (st.st_uid != 0 && st.st_uid != uid) || + (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for directory %s", buf); diff --git a/configure.ac b/configure.ac index 6005d7c2f..a49de84e1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.513 2013/03/08 01:14:23 djm Exp $ +# $Id: configure.ac,v 1.514 2013/03/12 00:31:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.513 $) +AC_REVISION($Revision: 1.514 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -480,6 +480,7 @@ case "$host" in AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], [AIX 5.2 and 5.3 (and presumably newer) require this]) AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) + AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) ;; *-*-cygwin*) check_for_libcrypt_later=1 @@ -565,6 +566,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], [String used in /etc/passwd to denote locked account]) AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) + AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) maildir="/var/mail" LIBS="$LIBS -lsec" AC_CHECK_LIB([xnet], [t_error], , diff --git a/platform.c b/platform.c index a455472b3..3262b2478 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.18 2011/01/11 06:02:25 djm Exp $ */ +/* $Id: platform.c,v 1.19 2013/03/12 00:31:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -194,3 +194,19 @@ platform_krb5_get_principal_name(const char *pw_name) return NULL; #endif } + +/* + * return 1 if the specified uid is a uid that may own a system directory + * otherwise 0. + */ +int +platform_sys_dir_uid(uid_t uid) +{ + if (uid == 0) + return 1; +#ifdef PLATFORM_SYS_DIR_UID + if (uid == PLATFORM_SYS_DIR_UID) + return 1; +#endif + return 0; +} diff --git a/platform.h b/platform.h index 944d2c340..19f6bfdd3 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.7 2010/11/05 03:47:01 dtucker Exp $ */ +/* $Id: platform.h,v 1.8 2013/03/12 00:31:05 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -29,5 +29,4 @@ void platform_setusercontext(struct passwd *); void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); - - +int platform_sys_dir_uid(uid_t); |