From john.marshall@riverwillow.com.au  Fri Mar  8 01:20:00 2013
Return-Path: <john.marshall@riverwillow.com.au>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
	by hub.freebsd.org (Postfix) with ESMTP id A75494C4
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  8 Mar 2013 01:20:00 +0000 (UTC)
	(envelope-from john.marshall@riverwillow.com.au)
Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au [203.58.93.36])
	by mx1.freebsd.org (Postfix) with ESMTP id 2CEA3F0A
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  8 Mar 2013 01:19:59 +0000 (UTC)
Received: from rwpc15.mby.riverwillow.net.au (rwpc15.mby.riverwillow.net.au [172.25.24.201])
	(authenticated bits=0)
	by mail1.riverwillow.net.au (8.14.6/8.14.6) with ESMTP id r2814mTx030353
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 8 Mar 2013 12:04:48 +1100 (AEDT)
Received: from rwpc15.mby.riverwillow.net.au (john@localhost [127.0.0.1])
	by rwpc15.mby.riverwillow.net.au (8.14.5/8.14.5) with ESMTP id r2814mRG058050
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 8 Mar 2013 12:04:48 +1100 (AEDT)
	(envelope-from john.marshall@riverwillow.com.au)
Received: (from john@localhost)
	by rwpc15.mby.riverwillow.net.au (8.14.5/8.14.5/Submit) id r2814lNC058049;
	Fri, 8 Mar 2013 12:04:47 +1100 (AEDT)
	(envelope-from john)
Message-Id: <201303080104.r2814lNC058049@rwpc15.mby.riverwillow.net.au>
Date: Fri, 8 Mar 2013 12:04:47 +1100 (AEDT)
From: John Marshall <john.marshall@riverwillow.com.au>
Reply-To: John Marshall <john.marshall@riverwillow.com.au>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] sshd does not honour umask from ~/.login_conf
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         176740
>Category:       bin
>Synopsis:       [patch] sshd(8) does not honour umask from ~/.login_conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 08 01:30:00 UTC 2013
>Closed-Date:    Tue Oct 08 08:46:40 UTC 2013
>Last-Modified:  Tue Oct 08 08:46:40 UTC 2013
>Originator:     John Marshall
>Release:        FreeBSD 9.1-RELEASE i386
>Organization:
Riverwillow Pty Ltd
>Environment:
System: FreeBSD rwpc15 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243728: Sat Dec 1 17:31:25 AEDT 2012 root@rwpc15:/usr/obj/build/src/sys/RWPC15 i386


	
>Description:

If sshd is configured with its default setting of 'UseLogin no', it will
read environment and path values from the user's ~/.login_conf (e.g.
lang and charset) but not any umask value.  Instead, the umask value
from /etc/login.conf is applied.

Setting the server's 'UseLogin' configuration option to 'yes' hands off
that work to login and the user's umask value is retrieved as well, and
is set as expected; but setting UseLogin disables X11Forwarding.

I discovered that crypto/openssh/session.c is restricting the subset of
login_conf settings it will read in user mode so that only environment
and path values will be used.  Is there any reason why umask should not
be included?

I think it is reasonable to expect that setting umask in ~/.login_conf
means that that value will apply to all types of login.  The user
login_conf umask setting is applied when logging in via console
(irrespective of selected shell) and via X but not via sshd.

>How-To-Repeat:

Add a umask setting to the me: class in ~/.login_conf.  After logging in
at the console or via X, note that the user umask value has been
applied.  Log in via ssh and note that the /etc/login.conf value is
applied instead.  After ssh login, execute login(1) at the shell prompt
and note that the user umask value is now applied.

>Fix:

The attached patch adds umask to the list of user settings which will be
retrieved and applied by sshd.


--- session.c.diff begins here ---
Index: crypto/openssh/session.c
===================================================================
--- crypto/openssh/session.c	(revision 243728)
+++ crypto/openssh/session.c	(working copy)
@@ -1185,7 +1185,7 @@
 		environ = xmalloc(sizeof(char *));
 		*environ = NULL;
 		(void) setusercontext(lc, pw, pw->pw_uid,
-		    LOGIN_SETENV|LOGIN_SETPATH);
+		    LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUMASK);
 		copy_environment(environ, &env, &envsize);
 		for (var = environ; *var != NULL; ++var)
 			xfree(*var);
--- session.c.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: gjb 
Responsible-Changed-When: Fri Mar 8 01:32:51 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=176740 

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: John Marshall <john.marshall@riverwillow.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Fri, 08 Mar 2013 11:55:09 +0100

 John Marshall <john.marshall@riverwillow.com.au> writes:
 > The attached patch adds umask to the list of user settings which will be
 > retrieved and applied by sshd.
 
 The purpose of the code you modified is to retrieve the *environment*
 from {/etc/,~/.}login.conf.  Setting the umask here is inappropriate.
 There is code further down (around line 1500) which *should* take care
 of it:
 
         if (setusercontext(lc, pw, pw->pw_uid,
             (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) <=
  0) {
                 perror("unable to set user context");
                 exit(1);
         }
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: John Marshall <john.marshall@riverwillow.com.au>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Sat, 9 Mar 2013 16:06:43 +1100

 On Fri, 08 Mar 2013, 11:55 +0100, Dag-Erling Smørgrav wrote:
 > The purpose of the code you modified is to retrieve the *environment*
 > from {/etc/,~/.}login.conf.  Setting the umask here is inappropriate.
 > There is code further down (around line 1500) which *should* take care
 > of it:
 
 Thank you for reviewing this PR.  The code to which you refer *would*
 take care of the problem if it were not in the context of
 platform_privileged_uidswap().  In that context it appears to be
 restricted to reading values from /etc/login.conf, which explains why we
 always get the value of umask from login.conf.
 
 There is already other code in do_setup_env() which sets umask for a
 different platform (see read_etc_default_login()), but if you think
 setting umask belongs somewhere else, how about the following, which is
 set at the end of an 'if (!options.use_login) {}' block in do_child()?
 
 Index: session.c
 ===================================================================
 --- session.c	(revision 243728)
 +++ session.c	(working copy)
 @@ -1670,6 +1670,15 @@
  		if (!check_quietlogin(s, command))
  			display_loginmsg();
  #endif /* HAVE_OSF_SIA */
 +
 +#ifdef HAVE_LOGIN_CAP
 +		/*
 +		 * Permit selected user overrides from me: login class.
 +		 * Note that LOGIN_SETENV and LOGIN_SETPATH are taken care
 +		 * of in do_setup_env().
 +		 */
 +		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
 +#endif
  	}
  
  #ifdef USE_PAM
 
 I have tested this on the following platforms with different umask
 values set in ~/.login_conf and /etc/login.conf.  I have verified that a
 value present in ~/.login_conf is used and that, where there is no value
 in the user file, the value from /etc/login.conf is used.
 
   FreeBSD 9.1-RELEASE i386
   FreeBSD 9.1-RELEASE amd64
   FreeBSD 8.3-RELEASE i386
 
 Thank you for your time and for all of your work with the FreeBSD
 Project.
 
 -- 
 John Marshall

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: John Marshall <john.marshall@riverwillow.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Mon, 11 Mar 2013 09:41:03 +0100

 John Marshall <john.marshall@riverwillow.com.au> writes:
 > There is already other code in do_setup_env() which sets umask for a
 > different platform (see read_etc_default_login()), but if you think
 > setting umask belongs somewhere else, how about the following, which is
 > set at the end of an 'if (!options.use_login) {}' block in do_child()?
 
 The logical place to put it would be in do_setusercontext(), which is
 called by both versions of do_child().
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: John Marshall <john.marshall@riverwillow.com.au>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Mon, 11 Mar 2013 21:52:43 +1100

 On Mon, 11 Mar 2013, 09:41 +0100, Dag-Erling Smørgrav wrote:
 > The logical place to put it would be in do_setusercontext(), which is
 > called by both versions of do_child().
 
 OK.  Am I getting closer?  Thank you for your patience.
 
 Index: crypto/openssh/session.c
 ===================================================================
 --- crypto/openssh/session.c	(revision 243728)
 +++ crypto/openssh/session.c	(working copy)
 @@ -1529,6 +1529,13 @@
  			perror("unable to set user context (setuser)");
  			exit(1);
  		}
 +
 +		/*
 +		 * Permit selected user overrides from me: login class.
 +		 * Note that LOGIN_SETENV and LOGIN_SETPATH are taken care
 +		 * of in do_setup_env().
 +		 */
 +		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
  #else
  		/* Permanently switch to the desired uid. */
  		permanently_set_uid(pw);
 
 -- 
 John Marshall

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: John Marshall <john.marshall@riverwillow.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Mon, 11 Mar 2013 13:18:14 +0100

 John Marshall <john.marshall@riverwillow.com.au> writes:
 > Am I getting closer?
 
 Something like that.  Strictly speaking, you don't actually need a
 separate call for LOGIN_SETUMASK - you can add it to the LOGIN_SETUSER
 call - but it doesn't hurt.  The comment is inaccurate, though.
 LOGIN_SETUMASK is handled differently from all other settings, in that
 setusercontext() will only set the umask if the process is already owned
 by the target user, or if LOGIN_SETUSER was also specified.  Therefore,
 LOGIN_SETUMASK is the only user setting that hasn't already been applied
 at that point.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: John Marshall <john.marshall@riverwillow.com.au>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Tue, 12 Mar 2013 10:43:13 +1100

 On Mon, 11 Mar 2013, 13:18 +0100, Dag-Erling Smørgrav wrote:
 > Strictly speaking, you don't actually need a
 > separate call for LOGIN_SETUMASK - you can add it to the LOGIN_SETUSER
 > call - but it doesn't hurt.
 
 That's great!  I had no idea that would work!  I didn't pick that up
 from the man pages but looking at the code for login_class.c I can see
 how that works.  I'm all for merging this into a single call if that's
 acceptable.
 
 > The comment is inaccurate, though.
 > ... Therefore,
 > LOGIN_SETUMASK is the only user setting that hasn't already been applied
 > at that point.
 
 No, at this point we still haven't visited do_setup_env() where the
 user-specific LOGIN_SETENV and LOGIN_SETPATH are set; but I'm content to
 drop the comment if it is superfluous.
 
 1624:do_child(Session *s, const char *command)
 1625:{
 1638:		do_setusercontext(pw);
 1665:		do_setusercontext(pw);
 1694:	env = do_setup_env(s, shell);
 1842:}
 
 How does this look?
 
 Index: crypto/openssh/session.c
 ===================================================================
 --- crypto/openssh/session.c	(revision 243728)
 +++ crypto/openssh/session.c	(working copy)
 @@ -1525,7 +1525,8 @@
  		}
  
  #ifdef HAVE_LOGIN_CAP
 -		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
 +		if (setusercontext(lc, pw, pw->pw_uid,
 +		    LOGIN_SETUSER|LOGIN_SETUMASK) < 0) {
  			perror("unable to set user context (setuser)");
  			exit(1);
  		}
 
 -- 
 John Marshall

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: John Marshall <john.marshall@riverwillow.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Tue, 12 Mar 2013 10:57:43 +0100

 John Marshall <john.marshall@riverwillow.com.au> writes:
 > How does this look?
 
 I actually prefer the previous version (with a separate call) because
 it's a less intrusive change.  Anyway, I'll pass this upstream - OpenBSD
 don't have the same problem, but the patch won't hurt them.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: John Marshall <john.marshall@riverwillow.com.au>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Wed, 13 Mar 2013 12:15:06 +1100

 On Tue, 12 Mar 2013, 10:57 +0100, Dag-Erling Smørgrav wrote:
 > I actually prefer the previous version (with a separate call) because
 > it's a less intrusive change.  Anyway, I'll pass this upstream - OpenBSD
 > don't have the same problem, but the patch won't hurt them.
 
 OK.  Am I correct in supposing that you require no further input from me
 on this PR?
 
 Thank you for your assistance and for taking the time to coach me
 through this.
 
 Regards,
 
 -- 
 John Marshall

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: John Marshall <john.marshall@riverwillow.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Wed, 13 Mar 2013 10:29:11 +0100

 John Marshall <john.marshall@riverwillow.com.au> writes:
 > OK.  Am I correct in supposing that you require no further input from me
 > on this PR?
 
 No, but thank you.  I'll commit a patch locally and try to push it
 upstream.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/176740: commit references a PR
Date: Wed, 13 Mar 2013 09:42:03 +0000 (UTC)

 Author: des
 Date: Wed Mar 13 09:41:55 2013
 New Revision: 248231
 URL: http://svnweb.freebsd.org/changeset/base/248231
 
 Log:
   Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
   own umask setting (from ~/.login.conf) unless running with the user's UID.
   Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.
   
   PR:		bin/176740
   Submitted by:	John Marshall <john.marshall@riverwillow.com.au>
   MFC after:	1 week
 
 Modified:
   head/crypto/openssh/session.c
 
 Modified: head/crypto/openssh/session.c
 ==============================================================================
 --- head/crypto/openssh/session.c	Wed Mar 13 06:42:01 2013	(r248230)
 +++ head/crypto/openssh/session.c	Wed Mar 13 09:41:55 2013	(r248231)
 @@ -1533,6 +1533,12 @@ do_setusercontext(struct passwd *pw)
  			perror("unable to set user context (setuser)");
  			exit(1);
  		}
 +
 +		/*
 +		 * FreeBSD's setusercontext() will not apply the user's
 +		 * own umask setting unless running with the user's UID.
 +		 */
 +		setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
  #else
  		/* Permanently switch to the desired uid. */
  		permanently_set_uid(pw);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: John Marshall <john.marshall@riverwillow.com.au>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Thu, 14 Mar 2013 11:51:58 +1100

 On Wed, 13 Mar 2013, 10:29 +0100, Dag-Erling Smørgrav wrote:
 > John Marshall <john.marshall@riverwillow.com.au> writes:
 > > OK.  Am I correct in supposing that you require no further input from me
 > > on this PR?
 > 
 > No, but thank you.  I'll commit a patch locally and try to push it
 > upstream.
 
 Thank you.  Please let me know if I can provide any further assistance
 in connection with this.
 
 -- 
 John Marshall

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: John Marshall <john.marshall@riverwillow.com.au>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Fri, 15 Mar 2013 11:35:51 +0100

 adopted upstream:
 
 date: 2013/03/15 00:22:37;  author: djm;  state: Exp;  lines: +5 -0
  - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
    occur after UID switch; patch from John Marshall via des AT des.no;
    ok dtucker@
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: John Marshall <john.marshall@riverwillow.com.au>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/176740: [patch] sshd does not honour umask from ~/.login_conf
Date: Tue, 8 Oct 2013 07:49:42 +1100

 On Fri, 15 Mar 2013, 11:35 +0100, Dag-Erling Smørgrav wrote:
 > adopted upstream:
 
 Thank you very much.  Were you waiting on a reply from me before closing
 this PR?  Unless it needs to be open as a reminder to you for something
 I am happy for it to be closed.
 
 Thank you again.
 
 -- 
 John Marshall
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Tue Oct 8 08:46:39 UTC 2013 
State-Changed-Why:  
pushed upstream and fixed in 9.2 and 10.0 

http://www.freebsd.org/cgi/query-pr.cgi?pr=176740 
>Unformatted:
