Make the sshd directory configurable am: 3337c7067d

am: 4b43e83b8d

* commit '4b43e83b8dd92f892ab3a8a338fc898b9504f7d1':

diff --git a/README.version b/README.version
new file mode 100644 (file)
index 0000000..0d7533a
--- /dev/null
+++ b/README.version
@@ -0,0 +1,4 @@
+URL: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.8p1.tar.gz
+Version: 6.8p1
+BugComponent: 116028
+Owners: ghartman, yim

diff --git a/auth.c b/auth.c
index 25ed53d..0fefead 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -628,6 +628,14 @@ getpwnamallow(const char *user)
        aix_setauthdb(user);
 #endif
 
+#ifdef ANDROID_GCE
+       // Android has a fixed set of users. Any incoming user that we can't
+       // identify should be authenticated as the shell user.
+       if (strcmp(user, "root") && strcmp(user, "shell")) {
+               logit("Login name %.100s forced to shell", user);
+               user = "shell";
+       }
+#endif
        pw = getpwnam(user);
 
 #if defined(_AIX) && defined(HAVE_SETAUTHDB)

diff --git a/readconf.c b/readconf.c
index 42a2961..ebbf219 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -1660,7 +1660,7 @@ initialize_options(Options * options)
        options->tun_remote = -1;
        options->local_command = NULL;
        options->permit_local_command = -1;
-       options->use_roaming = -1;
+       options->use_roaming = 0;
        options->visual_host_key = -1;
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
@@ -1835,8 +1835,7 @@ fill_default_options(Options * options)
                options->tun_remote = SSH_TUNID_ANY;
        if (options->permit_local_command == -1)
                options->permit_local_command = 0;
-       if (options->use_roaming == -1)
-               options->use_roaming = 1;
+       options->use_roaming = 0;
        if (options->visual_host_key == -1)
                options->visual_host_key = 0;
        if (options->ip_qos_interactive == -1)

diff --git a/ssh.c b/ssh.c
index 0ad82f0..7385462 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1929,9 +1929,6 @@ ssh_session2(void)
                        fork_postauth();
        }
 
-       if (options.use_roaming)
-               request_roaming();
-
        return client_loop(tty_flag, tty_flag ?
            options.escape_char : SSH_ESCAPECHAR_NONE, id);
 }

diff --git a/sshd.c b/sshd.c
index 30f8c6f..54ea6c0 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -623,6 +623,8 @@ privsep_preauth_child(void)
        arc4random_buf(rnd, sizeof(rnd));
 #ifdef WITH_OPENSSL
        RAND_seed(rnd, sizeof(rnd));
+       if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+               fatal("%s: RAND_bytes failed", __func__);
 #endif
        explicit_bzero(rnd, sizeof(rnd));
 
@@ -766,6 +768,8 @@ privsep_postauth(Authctxt *authctxt)
        arc4random_buf(rnd, sizeof(rnd));
 #ifdef WITH_OPENSSL
        RAND_seed(rnd, sizeof(rnd));
+       if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+               fatal("%s: RAND_bytes failed", __func__);
 #endif
        explicit_bzero(rnd, sizeof(rnd));
 
@@ -1430,6 +1434,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                        arc4random_buf(rnd, sizeof(rnd));
 #ifdef WITH_OPENSSL
                        RAND_seed(rnd, sizeof(rnd));
+                       if ((RAND_bytes((u_char *)rnd, 1)) != 1)
+                               fatal("%s: RAND_bytes failed", __func__);
 #endif
                        explicit_bzero(rnd, sizeof(rnd));
                }