[src/netbsd-1-6]: src/crypto/dist/ssh Pull up revision 1.22 (requested by ito...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/04340bbd9d06
branches:  netbsd-1-6
changeset: 527617:04340bbd9d06
user:      lukem <lukem%NetBSD.org@localhost>
date:      Thu May 30 08:49:11 2002 +0000

description:
Pull up revision 1.22 (requested by itojun):
check sshd uid/chroot dir on UsePrivilegeSeparation mode, and die if they
do not exist.  sync w/openssh

diffstat:

 crypto/dist/ssh/sshd.c |  19 ++++++++++++++++---
 1 files changed, 16 insertions(+), 3 deletions(-)

diffs (47 lines):

diff -r 9912e32260b9 -r 04340bbd9d06 crypto/dist/ssh/sshd.c
--- a/crypto/dist/ssh/sshd.c    Thu May 30 08:37:46 2002 +0000
+++ b/crypto/dist/ssh/sshd.c    Thu May 30 08:49:11 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sshd.c,v 1.21 2002/05/14 23:33:08 itojun Exp $ */
+/*     $NetBSD: sshd.c,v 1.21.2.1 2002/05/30 08:49:11 lukem Exp $      */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -976,6 +976,19 @@
                }
        }
 
+       if (use_privsep) {
+               struct passwd *pw;
+               struct stat st;
+
+               if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+                       fatal("Privilege separation user %s does not exist",
+                           SSH_PRIVSEP_USER);
+               if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+                   (S_ISDIR(st.st_mode) == 0))
+                       fatal("Missing privilege separation directory: %s",
+                           _PATH_PRIVSEP_CHROOT_DIR);
+       }
+
        /* Configuration looks good, so exit if in test mode. */
        if (test_flag)
                exit(0);
@@ -1375,7 +1388,7 @@
        sshd_exchange_identification(sock_in, sock_out);
        /*
         * Check that the connection comes from a privileged port.
-        * Rhosts-Authentication only makes sense from priviledged
+        * Rhosts-Authentication only makes sense from privileged
         * programs.  Of course, if the intruder has root access on his local
         * machine, he can connect from any port.  So do not use these
         * authentication methods from machines that you do not trust.
@@ -1680,7 +1693,7 @@
 
        debug("Received session key; encryption turned on.");
 
-       /* Send an acknowledgement packet.  Note that this packet is sent encrypted. */
+       /* Send an acknowledgment packet.  Note that this packet is sent encrypted. */
        packet_start(SSH_SMSG_SUCCESS);
        packet_send();
        packet_write_wait();