cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to OpenSSH 2.2.0. This is an end-of-life update for the

Browse Source 
ports-based OpenSSH.  OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
This commit is contained in:
Brian Feldman 2000-11-04 23:04:25 +00:00
parent 0ec15f352f
commit c512ae8ac9
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=34806
16 changed files with 109 additions and 493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/openssh/Makefile
View File

@ -6,7 +6,7 @@
#
PORTNAME= OpenSSH
PORTVERSION= 2.1.1
PORTVERSION= 2.2.0
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \

2
security/openssh/distinfo
View File

@ -1 +1 @@
MD5 (openssh-2.1.1.tgz) = ed323003ae30bfb9bd1e2a899a32e765
MD5 (openssh-2.2.0.tgz) = 8ecfebc800f1c0646cbe09231a012764

2
security/openssh/files/pam_ssh.c
View File

@ -443,7 +443,7 @@ pam_sm_open_session(
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
retval = ssh_add_identity(ac, key.rsa, comment);
retval = ssh_add_identity(ac, &key, comment);
ssh_close_authentication_connection(ac);
env_swap(ssh_env, 0);
return retval ? PAM_SUCCESS : PAM_SESSION_ERR;

12
security/openssh/files/patch-ad
View File

@ -1,12 +1,12 @@
--- lib/Makefile.orig Wed May 17 01:20:16 2000
+++ lib/Makefile Tue Jun 20 16:14:06 2000
--- lib/Makefile.orig Sat Aug 19 17:34:44 2000
+++ lib/Makefile Sat Nov 4 16:41:11 2000
@@ -5,7 +5,12 @@
cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
cipher.c compat.c compress.c crc32.c deattack.c \
hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
+ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c \
+ strlcat.c strlcpy.c
- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c
+ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c \
+ strlcpy.c strlcat.c
+
+.if defined(COMPAT_GETADDRINFO)
+SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c

19
security/openssh/files/patch-af
View File

@ -1,20 +1,11 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/scp/Makefile Mon Oct 25 16:27:26 1999
+++ ./scp/Makefile Tue Nov 23 19:23:58 1999
@@ -2,16 +2,9 @@
--- scp/Makefile.orig Thu Jun 29 14:35:46 2000
+++ scp/Makefile Sat Nov 4 16:44:18 2000
@@ -5,8 +5,8 @@
BINMODE?=555
PROG= scp
BINOWN= root
-
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
- ${MACHINE_ARCH} == "hppa")
-BINMODE=0000
-.else
-BINMODE?=555
-.endif
-
-BINDIR= /usr/bin
-MAN= scp.1
+BINMODE=555
+BINDIR= /bin
+MAN1= scp.1

25
security/openssh/files/patch-ag
View File

@ -1,26 +1,17 @@
--- ssh/Makefile.orig Wed Apr 26 17:31:58 2000
+++ ssh/Makefile Sun Jul 30 15:09:14 2000
@@ -2,16 +2,10 @@
--- ssh/Makefile.orig Thu Jun 29 14:35:47 2000
+++ ssh/Makefile Sat Nov 4 16:58:41 2000
@@ -5,8 +5,8 @@
PROG= ssh
BINOWN= root
+BINMODE=4555
+BINDIR= /bin
+MAN1= ssh.1
BINMODE?=4555
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
- ${MACHINE_ARCH} == "hppa")
-BINMODE=0000
-.else
-BINMODE?=4555
-.endif
-
-BINDIR= /usr/bin
-MAN= ssh.1
+BINDIR= /bin
+MAN1= ssh.1
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
MLINKS= ssh.1 slogin.1
@@ -19,10 +13,11 @@
@@ -14,10 +14,11 @@
sshconnect.c sshconnect1.c sshconnect2.c
.include <bsd.own.mk> # for AFS
@ -34,7 +25,7 @@
DPADD+= ${LIBKRB}
.if (${AFS} == "yes")
CFLAGS+= -DAFS
@@ -32,6 +27,7 @@
@@ -27,6 +28,7 @@
.endif # KERBEROS
.include <bsd.prog.mk>

19
security/openssh/files/patch-ah
View File

@ -1,20 +1,11 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-add/Makefile Wed Oct 27 12:54:48 1999
+++ ./ssh-add/Makefile Tue Nov 23 19:26:48 1999
@@ -2,20 +2,13 @@
--- ssh-add/Makefile.orig Thu Jun 29 14:35:47 2000
+++ ssh-add/Makefile Sat Nov 4 17:01:50 2000
@@ -5,12 +5,12 @@
BINMODE?=555
PROG= ssh-add
BINOWN= root
-
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
- ${MACHINE_ARCH} == "hppa")
-BINMODE=0000
-.else
-BINMODE?=555
-.endif
-
-BINDIR= /usr/bin
-MAN= ssh-add.1
+BINMODE=555
+BINDIR= /bin
+MAN1= ssh-add.1

22
security/openssh/files/patch-ai
View File

@ -1,21 +1,13 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-agent/Makefile Wed Oct 27 12:54:49 1999
+++ ./ssh-agent/Makefile Tue Nov 23 19:27:38 1999
@@ -2,20 +2,13 @@
--- ssh-agent/Makefile.orig Thu Jun 29 14:35:48 2000
+++ ssh-agent/Makefile Sat Nov 4 17:06:34 2000
@@ -5,12 +5,12 @@
BINMODE?=555
PROG= ssh-agent
BINOWN= root
-
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
- ${MACHINE_ARCH} == "hppa")
-BINMODE=0000
-.else
-BINMODE?=555
-.endif
-
-BINDIR= /usr/bin
+BINMODE=555
-MAN= ssh-agent.1
+BINDIR= /bin
MAN= ssh-agent.1
+MAN1= ssh-agent.1
SRCS= ssh-agent.c log-client.c

22
security/openssh/files/patch-aj
View File

@ -1,21 +1,13 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen/Makefile Wed Oct 27 12:54:49 1999
+++ ./ssh-keygen/Makefile Tue Nov 23 19:28:07 1999
@@ -2,20 +2,13 @@
--- ssh-keygen/Makefile.orig Thu Jun 29 14:35:48 2000
+++ ssh-keygen/Makefile Sat Nov 4 17:06:49 2000
@@ -5,12 +5,12 @@
BINMODE?=555
PROG= ssh-keygen
BINOWN= root
-
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
- ${MACHINE_ARCH} == "hppa")
-BINMODE=0000
-.else
-BINMODE?=555
-.endif
-
-BINDIR= /usr/bin
+BINMODE=555
-MAN= ssh-keygen.1
+BINDIR= /bin
MAN= ssh-keygen.1
+MAN1= ssh-keygen.1
SRCS= ssh-keygen.c log-client.c

15
security/openssh/files/patch-am
View File

@ -1,6 +1,6 @@
--- sshd/Makefile.orig Wed Apr 26 17:31:57 2000
+++ sshd/Makefile Sun Jul 30 15:09:25 2000
@@ -3,14 +3,15 @@
--- sshd/Makefile.orig Sun Aug 20 14:42:41 2000
+++ sshd/Makefile Sat Nov 4 17:08:36 2000
@@ -3,8 +3,8 @@
PROG= sshd
BINOWN= root
BINMODE=555
@ -8,17 +8,18 @@
-MAN= sshd.8
+BINDIR= /sbin
+MAN8= sshd.8
CFLAGS+=-DHAVE_LOGIN_CAP
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
pty.c log-server.c login.c servconf.c serverloop.c \
auth.c auth1.c auth2.c session.c
@@ -12,6 +12,7 @@
auth.c auth1.c auth2.c auth-options.c session.c
.include <bsd.own.mk> # for KERBEROS and AFS
+.include "../Makefile.inc"
.if (${KERBEROS} == "yes")
.if (${AFS} == "yes")
@@ -18,9 +19,9 @@
@@ -19,9 +20,9 @@
LDADD+= -lkafs
DPADD+= ${LIBKRBAFS}
.endif # AFS
@ -30,7 +31,7 @@
DPADD+= ${LIBKRB}
.endif # KERBEROS
@@ -30,7 +31,7 @@
@@ -31,7 +32,7 @@
.include <bsd.prog.mk>

101
security/openssh/files/patch-an
View File

@ -14,104 +14,3 @@
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
@@ -134,6 +141,32 @@
unsigned char *session_id2 = NULL;
int session_id2_len = 0;
+/* These are used to implement connections_per_period. */
+struct magic_connection {
+ struct timeval connections_begin;
+ unsigned int connections_this_period;
+} *magic_connections;
+/* Magic number, too! TODO: this doesn't have to be static. */
+const size_t MAGIC_CONNECTIONS_SIZE = 1;
+
+static __inline int
+magic_hash(struct sockaddr_storage *sa) {
+
+ return 0;
+}
+
+static __inline struct timeval
+timevaldiff(struct timeval *tv1, struct timeval *tv2) {
+ struct timeval diff;
+ int carry;
+
+ carry = tv1->tv_usec > tv2->tv_usec;
+ diff.tv_sec = tv2->tv_sec - tv1->tv_sec - (carry ? 0 : 1);
+ diff.tv_usec = tv2->tv_usec - tv1->tv_usec + (carry ? 1000000 : 0);
+
+ return diff;
+}
+
/* Prototypes for various functions defined later in this file. */
void do_ssh1_kex();
void do_ssh2_kex();
@@ -418,6 +451,7 @@
int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1;
pid_t pid;
socklen_t fromlen;
+ int connections_per_period_exceeded = 0;
int silent = 0;
fd_set *fdset;
struct sockaddr_storage from;
@@ -763,6 +797,12 @@
fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
+ /* Initialize the magic_connections table. It's magical! */
+ magic_connections = calloc(MAGIC_CONNECTIONS_SIZE,
+ sizeof(struct magic_connection));
+ if (magic_connections == NULL)
+ fatal("calloc: %s", strerror(errno));
+
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
@@ -794,9 +834,31 @@
error("newsock del O_NONBLOCK: %s", strerror(errno));
continue;
}
+ if (options.connections_per_period != 0) {
+ struct timeval diff, connections_end;
+ struct magic_connection *mc;
+
+ (void)gettimeofday(&connections_end, NULL);
+ mc = &magic_connections[magic_hash(&from)];
+ diff = timevaldiff(&mc->connections_begin, &connections_end);
+ if (diff.tv_sec >= options.connections_period) {
+ /*
+ * Slide the window forward only after completely
+ * leaving it.
+ */
+ mc->connections_begin = connections_end;
+ mc->connections_this_period = 1;
+ } else {
+ if (++mc->connections_this_period >
+ options.connections_per_period)
+ connections_per_period_exceeded = 1;
+ }
+ }
+
/*
- * Got connection. Fork a child to handle it, unless
- * we are in debugging mode.
+ * Got connection. Fork a child to handle it unless
+ * we are in debugging mode or the maximum number of
+ * connections per period has been exceeded.
*/
if (debug_flag) {
/*
@@ -810,6 +872,12 @@
sock_out = newsock;
pid = getpid();
break;
+ } else if (connections_per_period_exceeded) {
+ log("Connection rate limit of %u/%us has been exceeded; "
+ "dropping connection from %s.",
+ options.connections_per_period, options.connections_period,
+ ntop);
+ connections_per_period_exceeded = 0;
} else {
/*
* Normal production daemon. Fork, and have

25
security/openssh/files/patch-ao
View File

@ -1,20 +1,29 @@
--- sshd_config.orig Fri Jan 7 01:27:30 2000
+++ sshd_config Fri Jan 7 01:31:01 2000
@@ -3,12 +3,13 @@
Port 22
--- sshd_config.orig Fri Aug 4 16:30:35 2000
+++ sshd_config Sat Nov 4 17:32:28 2000
@@ -4,12 +4,11 @@
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
-HostKey /etc/ssh_host_key
+HostKey __PREFIX__/etc/ssh_host_key
+HostKey /usr/local/etc/ssh_host_key
ServerKeyBits 768
-LoginGraceTime 600
+LoginGraceTime 60
+LoginGraceTime 120
KeyRegenerationInterval 3600
-PermitRootLogin yes
-#
+PermitRootLogin no
+# Rate-limit sshd connections to 5 connections per 10 seconds
+ConnectionsPerPeriod 5/10
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
@@ -48,7 +47,7 @@
#KerberosTgtPassing yes
#CheckMail yes
-#UseLogin no
+UseLogin no
-#Subsystem sftp /usr/local/sbin/sftpd
-#MaxStartups 10:30:60
+Subsystem sftp /usr/local/sbin/sftpd
+MaxStartups 10:30:60

63
security/openssh/files/patch-ap
View File

@ -1,63 +0,0 @@
--- servconf.c.orig Tue May 9 02:12:15 2000
+++ servconf.c Fri May 12 07:13:13 2000
@@ -74,6 +74,8 @@
options->ciphers = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->gateway_ports = -1;
+ options->connections_per_period = 0;
+ options->connections_period = 0;
}
void
@@ -172,7 +174,7 @@
#ifdef SKEY
sSkeyAuthentication,
#endif
- sPasswordAuthentication, sListenAddress,
+ sPasswordAuthentication, sListenAddress, sConnectionsPerPeriod,
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
@@ -231,6 +233,7 @@
{ "ciphers", sCiphers },
{ "protocol", sProtocol },
{ "gatewayports", sGatewayPorts },
+ { "connectionsperperiod", sConnectionsPerPeriod },
{ NULL, 0 }
};
@@ -340,7 +343,11 @@
filename, linenum);
exit(1);
}
- value = atoi(cp);
+ if (sscanf(cp, " %d ", &value) != 1) {
+ fprintf(stderr, "%s line %d: invalid integer value.\n",
+ filename, linenum);
+ exit(1);
+ }
if (*intptr == -1)
*intptr = value;
break;
@@ -584,6 +591,21 @@
filename, linenum);
options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
}
+ break;
+
+ case sConnectionsPerPeriod:
+ cp = strtok(NULL, WHITESPACE);
+ if (cp == NULL)
+ fatal("%.200s line %d: missing (>= 0) number argument.\n",
+ filename, linenum);
+ if (sscanf(cp, " %u/%u ", &options->connections_per_period,
+ &options->connections_period) != 2)
+ fatal("%.200s line %d: invalid numerical argument(s).\n",
+ filename, linenum);
+ if (options->connections_per_period != 0 &&
+ options->connections_period == 0)
+ fatal("%.200s line %d: invalid connections period.\n",
+ filename, linenum);
break;
case sCiphers:

32
security/openssh/files/patch-ar
View File

@ -1,37 +1,5 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd.8 Tue Nov 23 18:58:38 1999
+++ sshd.8 Sun Dec 5 22:59:58 1999
@@ -220,6 +220,31 @@
should check for new mail for interactive logins.
The default is
.Dq no .
+.It Cm ConnectionsPerPeriod
+This keyword allows for rate-limiting of connections, and
+is followed by two numbers in the format
+.Dq n/s ,
+where
+.Ar n
+is the number of connections from a certain address group
+accepted per period of
+.Ar s
+seconds. Any connection after the number
+.Ar n
+connection in the period of
+.Ar s
+seconds will be dropped, and an informational message will be logged.
+A connection will belong to a certain group, of which there are 13
+by default, according to its IP address.
+The default for this keyword is
+.Dq 0/0 ,
+and rate-limiting can be explicitly turned off by using an
+.Ar n
+parameter of
+.Ql 0
+and any
+.Ar s
+parameter.
.It Cm DenyGroups
This keyword can be followed by a number of group names, separated
by spaces. Users whose primary group matches one of the patterns
@@ -453,8 +478,9 @@
If the login is on a tty, records login time.
.It

225
security/openssh/files/patch-au
View File

@ -1,25 +1,20 @@
--- session.c.orig Mon Jun 5 12:53:40 2000
+++ session.c Tue Jun 20 16:20:37 2000
@@ -27,6 +27,18 @@
#include "ssh2.h"
--- session.c.orig Sun Aug 27 23:50:54 2000
+++ session.c Sat Nov 4 17:39:43 2000
@@ -28,6 +28,13 @@
#include "auth.h"
#include "auth-options.h"
+#ifdef __FreeBSD__
+#include <libutil.h>
+#include <poll.h>
+#include <syslog.h>
+#include <time.h>
+#define LOGIN_CAP
+#endif /* __FreeBSD__ */
+
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif /* LOGIN_CAP */
+
/* types */
#define TTYSZ 64
@@ -401,6 +413,13 @@
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
@@ -413,6 +420,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@ -33,35 +28,8 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
@@ -502,6 +521,10 @@
struct sockaddr_storage from;
struct stat st;
time_t last_login_time;
+#ifdef LOGIN_CAP
+ login_cap_t *lc;
+ char *fname;
+#endif /* LOGIN_CAP */
if (s == NULL)
fatal("do_exec_pty: no session");
@@ -511,15 +534,6 @@
/* Get remote host name. */
hostname = get_canonical_hostname();
- /*
- * Get the time when the user last logged in. Buf will be set to
- * contain the hostname the last login was from.
- */
- if (!options.use_login) {
- last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
- buf, sizeof(buf));
- }
-
/* Fork the child. */
if ((pid = fork()) == 0) {
pid = getpid();
@@ -528,6 +542,22 @@
changed. */
@@ -516,6 +530,13 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ /*
@ -71,154 +39,39 @@
+ if (command != NULL)
+ options.use_login = 0;
+
+ /*
+ * Get the time when the user last logged in. Buf will be set
+ * to * contain the hostname the last login was from.
+ */
+ if (!options.use_login) {
+ last_login_time = get_last_login_time(pw->pw_uid,
+ pw->pw_name, buf, sizeof(buf));
+ }
+
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -571,6 +601,12 @@
/* Check if .hushlogin exists. */
snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
quiet_login = stat(line, &st) >= 0;
+#ifdef LOGIN_CAP
+ lc = login_getpwclass(pw);
+ if (lc == NULL)
+ lc = login_getclassbyname(NULL, pw);
+ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
+#endif /* LOGIN_CAP */
/*
* If the user has logged in before, display the time of last
@@ -594,6 +630,20 @@
else
printf("Last login: %s from %s\r\n", time_string, buf);
}
+#ifdef LOGIN_CAP
+ if (command == NULL && !quiet_login && !options.use_login) {
+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
+ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
+ while (fgets(line, sizeof(line), f) != NULL)
+ fputs(line, stdout);
+ fclose(f);
+ } else
+ (void)printf("%s\n\t%s %s\n",
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+ }
+#endif /* LOGIN_CAP */
/*
* Print /etc/motd unless a command was specified or printing
* it was disabled in server options or login(1) will be
@@ -603,7 +653,18 @@
if (command == NULL && options.print_motd && !quiet_login &&
!options.use_login) {
/* Print /etc/motd if it exists. */
+#ifdef LOGIN_CAP
+ fname = login_getcapstr(lc, "welcome", NULL, NULL);
+ login_close(lc);
+ if (fname != NULL) {
+ f = fopen(fname, "r");
+ if (f == NULL)
+ f = fopen("/etc/motd", "r");
+ } else
+ f = fopen("/etc/motd", "r");
+#else /* LOGIN_CAP */
f = fopen("/etc/motd", "r");
+#endif /* LOGIN_CAP */
if (f) {
while (fgets(line, sizeof(line), f))
fputs(line, stdout);
@@ -746,13 +807,29 @@
extern char **environ;
struct stat st;
char *argv[10];
+#ifdef LOGIN_CAP
+ login_cap_t *lc;
+
+ lc = login_getpwclass(pw);
+ if (lc == NULL)
+ lc = login_getclassbyname(NULL, pw);
+ #endif /* LOGIN_CAP */
/* login(1) is only called if we execute the login shell */
if (options.use_login && command != NULL)
options.use_login = 0;
f = fopen("/etc/nologin", "r");
+#ifdef __FreeBSD__
+ if (f == NULL)
+ f = fopen("/var/run/nologin", "r");
+#endif /* __FreeBSD__ */
+#ifdef LOGIN_CAP
+ /* on FreeBSD, etc., allow overriding nologin via login.conf. */
+ if (f != NULL && !login_getcapbool(lc, "ignorenologin", 0)) {
+#else /* LOGIN_CAP */
if (f) {
+#endif /* LOGIN_CAP */
/* /etc/nologin exists. Print its contents and exit. */
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
@@ -768,6 +845,13 @@
/* Login(1) does this as well, and it needs uid 0 for the "-h"
switch, so we let login(1) to this for us. */
if (!options.use_login) {
+#ifdef LOGIN_CAP
+ if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY |
+ LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) {
+ perror("setclasscontext");
+ exit(1);
+ }
+#endif /* LOGIN_CAP */
if (getuid() == 0 || geteuid() == 0) {
if (setgid(pw->pw_gid) < 0) {
perror("setgid");
@@ -790,7 +874,14 @@
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.
*/
+#ifdef LOGIN_CAP
+ shell = pw->pw_shell;
+ shell = login_getcapstr(lc, "shell", shell, shell);
+ if (shell[0] == '\0')
+ shell = _PATH_BSHELL;
+#else /* LOGIN_CAP */
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+#endif /* LOGIN_CAP */
#ifdef AFS
/* Try to get AFS tokens for the local cell. */
@@ -814,7 +905,12 @@
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
+#ifdef LOGIN_CAP
+ child_set_env(&env, &envsize, "PATH",
+ login_getpath(lc, "path", _PATH_STDPATH));
+#else /* LOGIN_CAP */
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+#endif /* LOGIN_CAP */
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
@@ -904,6 +1000,9 @@
* descriptors left by system functions. They will be closed later.
*/
endpwent();
+#ifdef LOGIN_CAP
+ login_close(lc);
+#endif /* LOGIN_CAP */
@@ -602,6 +623,7 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
+ char *fname;
/*
* Close any extra open file descriptors so that we don\'t have them
@@ -911,7 +1010,7 @@
* Get IP address of client. If the connection is not a socket, let
@@ -644,6 +666,20 @@
else
printf("Last login: %s from %s\r\n", time_string, buf);
}
+#ifdef HAVE_LOGIN_CAP
+ if (!options.use_login) {
+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
+ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
+ while (fgets(buf, sizeof(buf), f) != NULL)
+ fputs(buf, stdout);
+ fclose(f);
+ } else
+ (void)printf("%s\n\t%s %s\n",
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+ }
+#endif /* HAVE_LOGIN_CAP */
if (options.print_motd) {
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
@@ -949,7 +985,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@ -227,7 +80,7 @@
close(i);
/* Change current directory to the user\'s home directory. */
@@ -930,7 +1029,27 @@
@@ -973,7 +1009,27 @@
* in this order).
*/
if (!options.use_login) {

16
security/openssh/files/patch-av
View File

@ -1,18 +1,10 @@
--- auth.c.orif Thu Apr 20 17:21:58 2000
+++ auth.c Thu Apr 20 17:50:06 2000
@@ -26,7 +26,6 @@
#include "session.h"
#include "dispatch.h"
-
/* import */
extern ServerOptions options;
extern char *forced_command;
@@ -106,6 +105,16 @@
--- auth.c.orig Sat Nov 4 17:30:17 2000
+++ auth.c Sat Nov 4 17:29:00 2000
@@ -111,6 +111,16 @@
return 0;
}
}
+#ifdef __FreeBSD__
+#ifdef __FreeBSD__
+ /* Fail if the account's expiration time has passed. */
+ if (pw->pw_expire != 0) {
+ struct timeval tv;