check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they

do not exist.  sync w/openssh
This commit is contained in:
itojun 2002-05-29 23:54:29 +00:00
parent 784d7467c1
commit e67961b545

View File

@ -1,4 +1,4 @@
/* $NetBSD: sshd.c,v 1.21 2002/05/14 23:33:08 itojun Exp $ */
/* $NetBSD: sshd.c,v 1.22 2002/05/29 23:54:29 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -976,6 +976,19 @@ main(int ac, char **av)
}
}
if (use_privsep) {
struct passwd *pw;
struct stat st;
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
@ -1375,7 +1388,7 @@ main(int ac, char **av)
sshd_exchange_identification(sock_in, sock_out);
/*
* Check that the connection comes from a privileged port.
* Rhosts-Authentication only makes sense from priviledged
* Rhosts-Authentication only makes sense from privileged
* programs. Of course, if the intruder has root access on his local
* machine, he can connect from any port. So do not use these
* authentication methods from machines that you do not trust.
@ -1680,7 +1693,7 @@ do_ssh1_kex(void)
debug("Received session key; encryption turned on.");
/* Send an acknowledgement packet. Note that this packet is sent encrypted. */
/* Send an acknowledgment packet. Note that this packet is sent encrypted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();