- (stevesk) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/12/13 16:26:53
[ssh-keyscan.c]
fatal already adds \n; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/13 16:25:44
[ssh-agent.c]
remove redundant spaces; from stevesk@pobox.com
- ho@cvs.openbsd.org 2000/12/12 15:50:21
[pty.c]
When failing to set tty owner and mode on a read-only filesystem, don't
abort if the tty already has correct owner and reasonably sane modes.
Example; permit 'root' to login to a firewall with read-only root fs.
(markus@ ok)
- deraadt@cvs.openbsd.org 2000/12/13 06:36:05
[pty.c]
KNF
diff --git a/ChangeLog b/ChangeLog
index 3252d42..201aa42 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,25 @@
+20001215
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/13 16:26:53
+ [ssh-keyscan.c]
+ fatal already adds \n; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/13 16:25:44
+ [ssh-agent.c]
+ remove redundant spaces; from stevesk@pobox.com
+ - ho@cvs.openbsd.org 2000/12/12 15:50:21
+ [pty.c]
+ When failing to set tty owner and mode on a read-only filesystem, don't
+ abort if the tty already has correct owner and reasonably sane modes.
+ Example; permit 'root' to login to a firewall with read-only root fs.
+ (markus@ ok)
+ - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+ [pty.c]
+ KNF
+
20001213
- (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
from Andreas M. Kirchwitz <amk@krell.zikzak.de>
- - (stevesk) OpenSSH CVS update:
+ - (stevesk) OpenBSD CVS update:
- markus@cvs.openbsd.org 2000/12/12 15:30:02
[ssh-keyscan.c ssh.c sshd.c]
consistently use __progname; from stevesk@pobox.com
@@ -62,7 +80,7 @@
tweak comment to reflect real location of pid file; ok provos@
- (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
have it (used in ssh-keyscan).
- - (stevesk) OpenSSH CVS update:
+ - (stevesk) OpenBSD CVS update:
- markus@cvs.openbsd.org 2000/12/06 19:57:48
[ssh-keyscan.c]
err(3) -> internal error(), from stevesk@sweden.hp.com
diff --git a/pty.c b/pty.c
index 40bfd52..d05cb89 100644
--- a/pty.c
+++ b/pty.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: pty.c,v 1.16 2000/09/07 21:13:37 markus Exp $");
+RCSID("$OpenBSD: pty.c,v 1.18 2000/12/13 06:36:05 deraadt Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
@@ -291,6 +291,7 @@
struct group *grp;
gid_t gid;
mode_t mode;
+ struct stat st;
/* Determine the group to make the owner of the tty. */
grp = getgrnam("tty");
@@ -302,11 +303,36 @@
mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
}
- /* Change ownership of the tty. */
- if (chown(ttyname, pw->pw_uid, gid) < 0)
- fatal("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid, strerror(errno));
- if (chmod(ttyname, mode) < 0)
- fatal("chmod(%.100s, 0%o) failed: %.100s",
- ttyname, mode, strerror(errno));
+ /*
+ * Change owner and mode of the tty as required.
+ * Warn but continue if filesystem is read-only and the uids match.
+ */
+ if (stat(ttyname, &st))
+ fatal("stat(%.100s) failed: %.100s", ttyname,
+ strerror(errno));
+
+ if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+ if (chown(ttyname, pw->pw_uid, gid) < 0) {
+ if (errno == EROFS && st.st_uid == pw->pw_uid)
+ error("chown(%.100s, %d, %d) failed: %.100s",
+ ttyname, pw->pw_uid, gid,
+ strerror(errno));
+ else
+ fatal("chown(%.100s, %d, %d) failed: %.100s",
+ ttyname, pw->pw_uid, gid,
+ strerror(errno));
+ }
+ }
+
+ if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
+ if (chmod(ttyname, mode) < 0) {
+ if (errno == EROFS &&
+ (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
+ error("chmod(%.100s, 0%o) failed: %.100s",
+ ttyname, mode, strerror(errno));
+ else
+ fatal("chmod(%.100s, 0%o) failed: %.100s",
+ ttyname, mode, strerror(errno));
+ }
+ }
}
diff --git a/ssh-agent.c b/ssh-agent.c
index b98d955..c5e4447 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.42 2000/12/09 14:06:54 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.43 2000/12/13 23:25:44 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.42 2000/12/09 14:06:54 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.43 2000/12/13 23:25:44 markus Exp $");
#include "ssh.h"
#include "rsa.h"
@@ -242,7 +242,7 @@
int ok = -1;
datafellows = 0;
-
+
blob = buffer_get_string(&e->input, &blen);
data = buffer_get_string(&e->input, &dlen);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 13f9673..60341c9 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -329,9 +329,9 @@
} while ((s = tcpconnect(name)) < 0);
if (s >= maxfd)
- fatal("conalloc: fdno %d too high\n", s);
+ fatal("conalloc: fdno %d too high", s);
if (fdcon[s].c_status)
- fatal("conalloc: attempt to reuse fdno %d\n", s);
+ fatal("conalloc: attempt to reuse fdno %d", s);
fdcon[s].c_fd = s;
fdcon[s].c_status = CS_CON;
@@ -355,7 +355,7 @@
{
close(s);
if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
- fatal("confree: attempt to free bad fdno %d\n", s);
+ fatal("confree: attempt to free bad fdno %d", s);
free(fdcon[s].c_namebase);
free(fdcon[s].c_output_name);
if (fdcon[s].c_status == CS_KEYS)
@@ -455,7 +455,7 @@
return;
break;
default:
- fatal("conread: invalid status %d\n", c->c_status);
+ fatal("conread: invalid status %d", c->c_status);
break;
}
@@ -548,7 +548,7 @@
static void
usage(void)
{
- fatal("usage: %s [-t timeout] { [--] host | -f file } ...\n", __progname);
+ fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
return;
}
@@ -580,11 +580,11 @@
maxfd = fdlim_get(1);
if (maxfd < 0)
- fatal("%s: fdlim_get: bad value\n", __progname);
+ fatal("%s: fdlim_get: bad value", __progname);
if (maxfd > MAXMAXFD)
maxfd = MAXMAXFD;
if (maxcon <= 0)
- fatal("%s: not enough file descriptors\n", __progname);
+ fatal("%s: not enough file descriptors", __progname);
if (maxfd > fdlim_get(0))
fdlim_set(maxfd);
fdcon = xmalloc(maxfd * sizeof(con));