Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 7a2073c50b92c053594d48a651ebafae052a71ed^! / . / servconf.c
commit7a2073c50b92c053594d48a651ebafae052a71ed[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Fri Mar 22 02:30:41 2002 +0000
committerBen Lindstrom <mouring@eviladmin.org>Fri Mar 22 02:30:41 2002 +0000
tree7cfceb925262a07a356b0667e19f33eec497b602
parent0f345f5ee1e71e1e9f8780ec13b2da23b6a9f7f8 [diff] [blame]
   - provos@cvs.openbsd.org 2002/03/18 17:50:31
     [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!

diff --git a/servconf.c b/servconf.c
index 9bbd994..3b6b55e 100644
--- a/servconf.c
+++ b/servconf.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.101 2002/02/04 12:15:25 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.102 2002/03/18 17:50:31 provos Exp $");
 
 #if defined(KRB4) || defined(KRB5)
 #include <krb.h>
@@ -36,6 +36,8 @@
 
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
+/* Use of privilege separation or not */
+extern int use_privsep;
 
 /* Initializes the server options to their default values. */
 
@@ -110,6 +112,13 @@
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
 	options->authorized_keys_file2 = NULL;
+
+	options->unprivileged_user = -1;
+	options->unprivileged_group = -1;
+	options->unprivileged_dir = NULL;
+
+	/* Needs to be accessable in many places */
+	use_privsep = -1;
 }
 
 void
@@ -235,6 +244,16 @@
 	}
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+
+	/* Turn privilege separation _off_ by default */
+	if (use_privsep == -1)
+		use_privsep = 0;
+	if (options->unprivileged_user == -1)
+		options->unprivileged_user = 32767;
+	if (options->unprivileged_group == -1)
+		options->unprivileged_group = 32767;
+	if (options->unprivileged_dir == NULL)
+		options->unprivileged_dir = "/var/empty";
 }
 
 /* Keyword tokens. */
@@ -267,6 +286,7 @@
 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+	sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, sUnprivDir,
 	sDeprecated
 } ServerOpCodes;
 
@@ -342,6 +362,10 @@
 	{ "clientalivecountmax", sClientAliveCountMax },
 	{ "authorizedkeysfile", sAuthorizedKeysFile },
 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
+	{ "useprivilegeseparation", sUsePrivilegeSeparation},
+	{ "unprivuser", sUnprivUser},
+	{ "unprivgroup", sUnprivGroup},
+	{ "unprivdir", sUnprivDir},
 	{ NULL, sBadOption }
 };
 
@@ -718,6 +742,22 @@
 		intptr = &options->allow_tcp_forwarding;
 		goto parse_flag;
 
+	case sUsePrivilegeSeparation:
+		intptr = &use_privsep;
+		goto parse_flag;
+
+	case sUnprivUser:
+		intptr = &options->unprivileged_user;
+		goto parse_flag;
+
+	case sUnprivGroup:
+		intptr = &options->unprivileged_group;
+		goto parse_flag;
+
+	case sUnprivDir:
+		charptr = &options->unprivileged_dir;
+		goto parse_filename;
+
 	case sAllowUsers:
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
 			if (options->num_allow_users >= MAX_ALLOW_USERS)