Merge "Stop relying on global GCE_PLATFORM_SDK_VERSION"
am: 7b8b4a6e29
* commit '7b8b4a6e29299be9e6dd25e376806b3039ac4f8e':
Stop relying on global GCE_PLATFORM_SDK_VERSION
diff --git a/README.version b/README.version
new file mode 100644
index 0000000..0d7533a
--- /dev/null
+++ b/README.version
@@ -0,0 +1,4 @@
+URL: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.8p1.tar.gz
+Version: 6.8p1
+BugComponent: 116028
+Owners: ghartman, yim
diff --git a/auth.c b/auth.c
index 25ed53d..0fefead 100644
--- a/auth.c
+++ b/auth.c
@@ -628,6 +628,14 @@
aix_setauthdb(user);
#endif
+#ifdef ANDROID_GCE
+ // Android has a fixed set of users. Any incoming user that we can't
+ // identify should be authenticated as the shell user.
+ if (strcmp(user, "root") && strcmp(user, "shell")) {
+ logit("Login name %.100s forced to shell", user);
+ user = "shell";
+ }
+#endif
pw = getpwnam(user);
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
diff --git a/config.h b/config.h
index c7c9d6c..f3932ec 100644
--- a/config.h
+++ b/config.h
@@ -1594,8 +1594,10 @@
/* type to use in place of socklen_t if not defined */
/* #undef socklen_t */
+#ifndef SSHDIR
#define SSHDIR "/data/ssh"
+#endif
-#define _PATH_PRIVSEP_CHROOT_DIR "/data/ssh/empty"
+#define _PATH_PRIVSEP_CHROOT_DIR SSHDIR "/empty"
#define _PATH_SSH_PROGRAM "/system/bin/sftp"
diff --git a/sshd.c b/sshd.c
index 30f8c6f..54ea6c0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -623,6 +623,8 @@
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -766,6 +768,8 @@
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
@@ -1430,6 +1434,8 @@
arc4random_buf(rnd, sizeof(rnd));
#ifdef WITH_OPENSSL
RAND_seed(rnd, sizeof(rnd));
+ if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+ fatal("%s: RAND_bytes failed", __func__);
#endif
explicit_bzero(rnd, sizeof(rnd));
}
diff --git a/sshpty.c b/sshpty.c
index af85259..5816922 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -73,16 +73,21 @@
return 0;
}
#ifdef ANDROID
- /* Android does not have a working ttyname() */
- name = "/dev/ptmx";
+ if (ptsname_r(*ptyfd, namebuf, namebuflen)) {
+ fatal("openpty ptsname failed.");
+ close(*ptyfd);
+ *ptyfd = -1;
+ return -1;
+ }
+ return 1;
#else
name = ttyname(*ttyfd);
if (!name)
fatal("openpty returns device for which ttyname fails.");
-#endif
strlcpy(namebuf, name, namebuflen); /* possible truncation */
return 1;
+#endif
}
/* Releases the tty. Its ownership is returned to root, and permissions to 0666. */
diff --git a/uidswap.c b/uidswap.c
index ce7a00d..1974319 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -30,7 +30,11 @@
#ifdef ANDROID
#include <private/android_filesystem_config.h>
+#if !defined(GCE_PLATFORM_SDK_VERSION) || (GCE_PLATFORM_SDK_VERSION > 17)
#include <sys/capability.h>
+#else
+#include <linux/capability.h>
+#endif
#include <sys/prctl.h>
#endif
