summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorBrian Feldman <green@FreeBSD.org>2000-11-04 23:04:25 +0000
committerBrian Feldman <green@FreeBSD.org>2000-11-04 23:04:25 +0000
commitc512ae8ac925c933208cd6c71172336ffe482637 (patch)
treec36b4dc0bc1d855fd19635aa2dee8991fb1fca8b /security
parentUpdate to knu-cvsweb 1.104.1.39. (diff)
Update to OpenSSH 2.2.0. This is an end-of-life update for the
ports-based OpenSSH. OpenSSH has been in the base system for more than long enough to justify not having to maintain two separate FreeBSD versions of OpenSSH.
Diffstat (limited to 'security')
-rw-r--r--security/openssh/Makefile2
-rw-r--r--security/openssh/distinfo2
-rw-r--r--security/openssh/files/pam_ssh.c2
-rw-r--r--security/openssh/files/patch-ad12
-rw-r--r--security/openssh/files/patch-af19
-rw-r--r--security/openssh/files/patch-ag25
-rw-r--r--security/openssh/files/patch-ah19
-rw-r--r--security/openssh/files/patch-ai22
-rw-r--r--security/openssh/files/patch-aj22
-rw-r--r--security/openssh/files/patch-am15
-rw-r--r--security/openssh/files/patch-an101
-rw-r--r--security/openssh/files/patch-ao25
-rw-r--r--security/openssh/files/patch-ap63
-rw-r--r--security/openssh/files/patch-ar32
-rw-r--r--security/openssh/files/patch-au225
-rw-r--r--security/openssh/files/patch-av16
16 files changed, 109 insertions, 493 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 0e77130e5ad7..ec4187926bd3 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= OpenSSH
-PORTVERSION= 2.1.1
+PORTVERSION= 2.2.0
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index f01380f39a67..a6aa659575ed 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1 +1 @@
-MD5 (openssh-2.1.1.tgz) = ed323003ae30bfb9bd1e2a899a32e765
+MD5 (openssh-2.2.0.tgz) = 8ecfebc800f1c0646cbe09231a012764
diff --git a/security/openssh/files/pam_ssh.c b/security/openssh/files/pam_ssh.c
index 7ee0788c4144..4068bafd9d7c 100644
--- a/security/openssh/files/pam_ssh.c
+++ b/security/openssh/files/pam_ssh.c
@@ -443,7 +443,7 @@ pam_sm_open_session(
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
- retval = ssh_add_identity(ac, key.rsa, comment);
+ retval = ssh_add_identity(ac, &key, comment);
ssh_close_authentication_connection(ac);
env_swap(ssh_env, 0);
return retval ? PAM_SUCCESS : PAM_SESSION_ERR;
diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad
index 165f5ae2379e..497f53dda38c 100644
--- a/security/openssh/files/patch-ad
+++ b/security/openssh/files/patch-ad
@@ -1,12 +1,12 @@
---- lib/Makefile.orig Wed May 17 01:20:16 2000
-+++ lib/Makefile Tue Jun 20 16:14:06 2000
+--- lib/Makefile.orig Sat Aug 19 17:34:44 2000
++++ lib/Makefile Sat Nov 4 16:41:11 2000
@@ -5,7 +5,12 @@
- cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
+ cipher.c compat.c compress.c crc32.c deattack.c \
hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
-- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
-+ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c \
-+ strlcat.c strlcpy.c
+- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c
++ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c \
++ strlcpy.c strlcat.c
+
+.if defined(COMPAT_GETADDRINFO)
+SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
diff --git a/security/openssh/files/patch-af b/security/openssh/files/patch-af
index 4e7ebf6d6cba..0c181dd81cd0 100644
--- a/security/openssh/files/patch-af
+++ b/security/openssh/files/patch-af
@@ -1,20 +1,11 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/scp/Makefile Mon Oct 25 16:27:26 1999
-+++ ./scp/Makefile Tue Nov 23 19:23:58 1999
-@@ -2,16 +2,9 @@
+--- scp/Makefile.orig Thu Jun 29 14:35:46 2000
++++ scp/Makefile Sat Nov 4 16:44:18 2000
+@@ -5,8 +5,8 @@
+
+ BINMODE?=555
- PROG= scp
- BINOWN= root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
-- ${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
-BINDIR= /usr/bin
-MAN= scp.1
-+BINMODE=555
+BINDIR= /bin
+MAN1= scp.1
diff --git a/security/openssh/files/patch-ag b/security/openssh/files/patch-ag
index d9170272757b..366125f8eb1b 100644
--- a/security/openssh/files/patch-ag
+++ b/security/openssh/files/patch-ag
@@ -1,26 +1,17 @@
---- ssh/Makefile.orig Wed Apr 26 17:31:58 2000
-+++ ssh/Makefile Sun Jul 30 15:09:14 2000
-@@ -2,16 +2,10 @@
+--- ssh/Makefile.orig Thu Jun 29 14:35:47 2000
++++ ssh/Makefile Sat Nov 4 16:58:41 2000
+@@ -5,8 +5,8 @@
- PROG= ssh
- BINOWN= root
-+BINMODE=4555
-+BINDIR= /bin
-+MAN1= ssh.1
+ BINMODE?=4555
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
-- ${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=4555
--.endif
--
-BINDIR= /usr/bin
-MAN= ssh.1
++BINDIR= /bin
++MAN1= ssh.1
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
MLINKS= ssh.1 slogin.1
-@@ -19,10 +13,11 @@
+@@ -14,10 +14,11 @@
sshconnect.c sshconnect1.c sshconnect2.c
.include <bsd.own.mk> # for AFS
@@ -34,7 +25,7 @@
DPADD+= ${LIBKRB}
.if (${AFS} == "yes")
CFLAGS+= -DAFS
-@@ -32,6 +27,7 @@
+@@ -27,6 +28,7 @@
.endif # KERBEROS
.include <bsd.prog.mk>
diff --git a/security/openssh/files/patch-ah b/security/openssh/files/patch-ah
index 95b32a341276..a31814e3b0c0 100644
--- a/security/openssh/files/patch-ah
+++ b/security/openssh/files/patch-ah
@@ -1,20 +1,11 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-add/Makefile Wed Oct 27 12:54:48 1999
-+++ ./ssh-add/Makefile Tue Nov 23 19:26:48 1999
-@@ -2,20 +2,13 @@
+--- ssh-add/Makefile.orig Thu Jun 29 14:35:47 2000
++++ ssh-add/Makefile Sat Nov 4 17:01:50 2000
+@@ -5,12 +5,12 @@
+
+ BINMODE?=555
- PROG= ssh-add
- BINOWN= root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
-- ${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
-BINDIR= /usr/bin
-MAN= ssh-add.1
-+BINMODE=555
+BINDIR= /bin
+MAN1= ssh-add.1
diff --git a/security/openssh/files/patch-ai b/security/openssh/files/patch-ai
index 519c4e727f15..ed25eab56559 100644
--- a/security/openssh/files/patch-ai
+++ b/security/openssh/files/patch-ai
@@ -1,21 +1,13 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-agent/Makefile Wed Oct 27 12:54:49 1999
-+++ ./ssh-agent/Makefile Tue Nov 23 19:27:38 1999
-@@ -2,20 +2,13 @@
+--- ssh-agent/Makefile.orig Thu Jun 29 14:35:48 2000
++++ ssh-agent/Makefile Sat Nov 4 17:06:34 2000
+@@ -5,12 +5,12 @@
+
+ BINMODE?=555
- PROG= ssh-agent
- BINOWN= root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
-- ${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
-BINDIR= /usr/bin
-+BINMODE=555
+-MAN= ssh-agent.1
+BINDIR= /bin
- MAN= ssh-agent.1
++MAN1= ssh-agent.1
SRCS= ssh-agent.c log-client.c
diff --git a/security/openssh/files/patch-aj b/security/openssh/files/patch-aj
index 9f9c0fcd64da..d48741d214ae 100644
--- a/security/openssh/files/patch-aj
+++ b/security/openssh/files/patch-aj
@@ -1,21 +1,13 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen/Makefile Wed Oct 27 12:54:49 1999
-+++ ./ssh-keygen/Makefile Tue Nov 23 19:28:07 1999
-@@ -2,20 +2,13 @@
+--- ssh-keygen/Makefile.orig Thu Jun 29 14:35:48 2000
++++ ssh-keygen/Makefile Sat Nov 4 17:06:49 2000
+@@ -5,12 +5,12 @@
+
+ BINMODE?=555
- PROG= ssh-keygen
- BINOWN= root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
-- ${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
-BINDIR= /usr/bin
-+BINMODE=555
+-MAN= ssh-keygen.1
+BINDIR= /bin
- MAN= ssh-keygen.1
++MAN1= ssh-keygen.1
SRCS= ssh-keygen.c log-client.c
diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am
index fee853eadee2..8c88701f8682 100644
--- a/security/openssh/files/patch-am
+++ b/security/openssh/files/patch-am
@@ -1,6 +1,6 @@
---- sshd/Makefile.orig Wed Apr 26 17:31:57 2000
-+++ sshd/Makefile Sun Jul 30 15:09:25 2000
-@@ -3,14 +3,15 @@
+--- sshd/Makefile.orig Sun Aug 20 14:42:41 2000
++++ sshd/Makefile Sat Nov 4 17:08:36 2000
+@@ -3,8 +3,8 @@
PROG= sshd
BINOWN= root
BINMODE=555
@@ -8,17 +8,18 @@
-MAN= sshd.8
+BINDIR= /sbin
+MAN8= sshd.8
+ CFLAGS+=-DHAVE_LOGIN_CAP
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
- pty.c log-server.c login.c servconf.c serverloop.c \
- auth.c auth1.c auth2.c session.c
+@@ -12,6 +12,7 @@
+ auth.c auth1.c auth2.c auth-options.c session.c
.include <bsd.own.mk> # for KERBEROS and AFS
+.include "../Makefile.inc"
.if (${KERBEROS} == "yes")
.if (${AFS} == "yes")
-@@ -18,9 +19,9 @@
+@@ -19,9 +20,9 @@
LDADD+= -lkafs
DPADD+= ${LIBKRBAFS}
.endif # AFS
@@ -30,7 +31,7 @@
DPADD+= ${LIBKRB}
.endif # KERBEROS
-@@ -30,7 +31,7 @@
+@@ -31,7 +32,7 @@
.include <bsd.prog.mk>
diff --git a/security/openssh/files/patch-an b/security/openssh/files/patch-an
index 47a60fb490e0..b26ba76bfa14 100644
--- a/security/openssh/files/patch-an
+++ b/security/openssh/files/patch-an
@@ -14,104 +14,3 @@
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
-@@ -134,6 +141,32 @@
- unsigned char *session_id2 = NULL;
- int session_id2_len = 0;
-
-+/* These are used to implement connections_per_period. */
-+struct magic_connection {
-+ struct timeval connections_begin;
-+ unsigned int connections_this_period;
-+} *magic_connections;
-+/* Magic number, too! TODO: this doesn't have to be static. */
-+const size_t MAGIC_CONNECTIONS_SIZE = 1;
-+
-+static __inline int
-+magic_hash(struct sockaddr_storage *sa) {
-+
-+ return 0;
-+}
-+
-+static __inline struct timeval
-+timevaldiff(struct timeval *tv1, struct timeval *tv2) {
-+ struct timeval diff;
-+ int carry;
-+
-+ carry = tv1->tv_usec > tv2->tv_usec;
-+ diff.tv_sec = tv2->tv_sec - tv1->tv_sec - (carry ? 0 : 1);
-+ diff.tv_usec = tv2->tv_usec - tv1->tv_usec + (carry ? 1000000 : 0);
-+
-+ return diff;
-+}
-+
- /* Prototypes for various functions defined later in this file. */
- void do_ssh1_kex();
- void do_ssh2_kex();
-@@ -418,6 +451,7 @@
- int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1;
- pid_t pid;
- socklen_t fromlen;
-+ int connections_per_period_exceeded = 0;
- int silent = 0;
- fd_set *fdset;
- struct sockaddr_storage from;
-@@ -763,6 +797,12 @@
- fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
- fdset = (fd_set *)xmalloc(fdsetsz);
-
-+ /* Initialize the magic_connections table. It's magical! */
-+ magic_connections = calloc(MAGIC_CONNECTIONS_SIZE,
-+ sizeof(struct magic_connection));
-+ if (magic_connections == NULL)
-+ fatal("calloc: %s", strerror(errno));
-+
- /*
- * Stay listening for connections until the system crashes or
- * the daemon is killed with a signal.
-@@ -794,9 +834,31 @@
- error("newsock del O_NONBLOCK: %s", strerror(errno));
- continue;
- }
-+ if (options.connections_per_period != 0) {
-+ struct timeval diff, connections_end;
-+ struct magic_connection *mc;
-+
-+ (void)gettimeofday(&connections_end, NULL);
-+ mc = &magic_connections[magic_hash(&from)];
-+ diff = timevaldiff(&mc->connections_begin, &connections_end);
-+ if (diff.tv_sec >= options.connections_period) {
-+ /*
-+ * Slide the window forward only after completely
-+ * leaving it.
-+ */
-+ mc->connections_begin = connections_end;
-+ mc->connections_this_period = 1;
-+ } else {
-+ if (++mc->connections_this_period >
-+ options.connections_per_period)
-+ connections_per_period_exceeded = 1;
-+ }
-+ }
-+
- /*
-- * Got connection. Fork a child to handle it, unless
-- * we are in debugging mode.
-+ * Got connection. Fork a child to handle it unless
-+ * we are in debugging mode or the maximum number of
-+ * connections per period has been exceeded.
- */
- if (debug_flag) {
- /*
-@@ -810,6 +872,12 @@
- sock_out = newsock;
- pid = getpid();
- break;
-+ } else if (connections_per_period_exceeded) {
-+ log("Connection rate limit of %u/%us has been exceeded; "
-+ "dropping connection from %s.",
-+ options.connections_per_period, options.connections_period,
-+ ntop);
-+ connections_per_period_exceeded = 0;
- } else {
- /*
- * Normal production daemon. Fork, and have
diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao
index 0e5eac8dee2b..96aaa0db0b3f 100644
--- a/security/openssh/files/patch-ao
+++ b/security/openssh/files/patch-ao
@@ -1,20 +1,29 @@
---- sshd_config.orig Fri Jan 7 01:27:30 2000
-+++ sshd_config Fri Jan 7 01:31:01 2000
-@@ -3,12 +3,13 @@
- Port 22
+--- sshd_config.orig Fri Aug 4 16:30:35 2000
++++ sshd_config Sat Nov 4 17:32:28 2000
+@@ -4,12 +4,11 @@
+ #Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
-HostKey /etc/ssh_host_key
-+HostKey __PREFIX__/etc/ssh_host_key
++HostKey /usr/local/etc/ssh_host_key
ServerKeyBits 768
-LoginGraceTime 600
-+LoginGraceTime 60
++LoginGraceTime 120
KeyRegenerationInterval 3600
-PermitRootLogin yes
-#
+PermitRootLogin no
-+# Rate-limit sshd connections to 5 connections per 10 seconds
-+ConnectionsPerPeriod 5/10
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+@@ -48,7 +47,7 @@
+ #KerberosTgtPassing yes
+
+ #CheckMail yes
+-#UseLogin no
++UseLogin no
+
+-#Subsystem sftp /usr/local/sbin/sftpd
+-#MaxStartups 10:30:60
++Subsystem sftp /usr/local/sbin/sftpd
++MaxStartups 10:30:60
diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ap
deleted file mode 100644
index d3c63bea1620..000000000000
--- a/security/openssh/files/patch-ap
+++ /dev/null
@@ -1,63 +0,0 @@
---- servconf.c.orig Tue May 9 02:12:15 2000
-+++ servconf.c Fri May 12 07:13:13 2000
-@@ -74,6 +74,8 @@
- options->ciphers = NULL;
- options->protocol = SSH_PROTO_UNKNOWN;
- options->gateway_ports = -1;
-+ options->connections_per_period = 0;
-+ options->connections_period = 0;
- }
-
- void
-@@ -172,7 +174,7 @@
- #ifdef SKEY
- sSkeyAuthentication,
- #endif
-- sPasswordAuthentication, sListenAddress,
-+ sPasswordAuthentication, sListenAddress, sConnectionsPerPeriod,
- sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
- sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
- sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-@@ -231,6 +233,7 @@
- { "ciphers", sCiphers },
- { "protocol", sProtocol },
- { "gatewayports", sGatewayPorts },
-+ { "connectionsperperiod", sConnectionsPerPeriod },
- { NULL, 0 }
- };
-
-@@ -340,7 +343,11 @@
- filename, linenum);
- exit(1);
- }
-- value = atoi(cp);
-+ if (sscanf(cp, " %d ", &value) != 1) {
-+ fprintf(stderr, "%s line %d: invalid integer value.\n",
-+ filename, linenum);
-+ exit(1);
-+ }
- if (*intptr == -1)
- *intptr = value;
- break;
-@@ -584,6 +591,21 @@
- filename, linenum);
- options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
- }
-+ break;
-+
-+ case sConnectionsPerPeriod:
-+ cp = strtok(NULL, WHITESPACE);
-+ if (cp == NULL)
-+ fatal("%.200s line %d: missing (>= 0) number argument.\n",
-+ filename, linenum);
-+ if (sscanf(cp, " %u/%u ", &options->connections_per_period,
-+ &options->connections_period) != 2)
-+ fatal("%.200s line %d: invalid numerical argument(s).\n",
-+ filename, linenum);
-+ if (options->connections_per_period != 0 &&
-+ options->connections_period == 0)
-+ fatal("%.200s line %d: invalid connections period.\n",
-+ filename, linenum);
- break;
-
- case sCiphers:
diff --git a/security/openssh/files/patch-ar b/security/openssh/files/patch-ar
index 2795e96d082a..18d5e5dd73f6 100644
--- a/security/openssh/files/patch-ar
+++ b/security/openssh/files/patch-ar
@@ -1,37 +1,5 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd.8 Tue Nov 23 18:58:38 1999
+++ sshd.8 Sun Dec 5 22:59:58 1999
-@@ -220,6 +220,31 @@
- should check for new mail for interactive logins.
- The default is
- .Dq no .
-+.It Cm ConnectionsPerPeriod
-+This keyword allows for rate-limiting of connections, and
-+is followed by two numbers in the format
-+.Dq n/s ,
-+where
-+.Ar n
-+is the number of connections from a certain address group
-+accepted per period of
-+.Ar s
-+seconds. Any connection after the number
-+.Ar n
-+connection in the period of
-+.Ar s
-+seconds will be dropped, and an informational message will be logged.
-+A connection will belong to a certain group, of which there are 13
-+by default, according to its IP address.
-+The default for this keyword is
-+.Dq 0/0 ,
-+and rate-limiting can be explicitly turned off by using an
-+.Ar n
-+parameter of
-+.Ql 0
-+and any
-+.Ar s
-+parameter.
- .It Cm DenyGroups
- This keyword can be followed by a number of group names, separated
- by spaces. Users whose primary group matches one of the patterns
@@ -453,8 +478,9 @@
If the login is on a tty, records login time.
.It
diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au
index f0076dd0e146..82de5814915d 100644
--- a/security/openssh/files/patch-au
+++ b/security/openssh/files/patch-au
@@ -1,25 +1,20 @@
---- session.c.orig Mon Jun 5 12:53:40 2000
-+++ session.c Tue Jun 20 16:20:37 2000
-@@ -27,6 +27,18 @@
- #include "ssh2.h"
+--- session.c.orig Sun Aug 27 23:50:54 2000
++++ session.c Sat Nov 4 17:39:43 2000
+@@ -28,6 +28,13 @@
#include "auth.h"
+ #include "auth-options.h"
+#ifdef __FreeBSD__
+#include <libutil.h>
+#include <poll.h>
+#include <syslog.h>
+#include <time.h>
-+#define LOGIN_CAP
+#endif /* __FreeBSD__ */
+
-+#ifdef LOGIN_CAP
-+#include <login_cap.h>
-+#endif /* LOGIN_CAP */
-+
- /* types */
-
- #define TTYSZ 64
-@@ -401,6 +413,13 @@
+ #ifdef HAVE_LOGIN_CAP
+ #include <login_cap.h>
+ #endif
+@@ -413,6 +420,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -33,35 +28,8 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -502,6 +521,10 @@
- struct sockaddr_storage from;
- struct stat st;
- time_t last_login_time;
-+#ifdef LOGIN_CAP
-+ login_cap_t *lc;
-+ char *fname;
-+#endif /* LOGIN_CAP */
-
- if (s == NULL)
- fatal("do_exec_pty: no session");
-@@ -511,15 +534,6 @@
- /* Get remote host name. */
- hostname = get_canonical_hostname();
-
-- /*
-- * Get the time when the user last logged in. Buf will be set to
-- * contain the hostname the last login was from.
-- */
-- if (!options.use_login) {
-- last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
-- buf, sizeof(buf));
-- }
--
- /* Fork the child. */
- if ((pid = fork()) == 0) {
- pid = getpid();
-@@ -528,6 +542,22 @@
- changed. */
+@@ -516,6 +530,13 @@
+ /* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ /*
@@ -71,154 +39,39 @@
+ if (command != NULL)
+ options.use_login = 0;
+
-+ /*
-+ * Get the time when the user last logged in. Buf will be set
-+ * to * contain the hostname the last login was from.
-+ */
-+ if (!options.use_login) {
-+ last_login_time = get_last_login_time(pw->pw_uid,
-+ pw->pw_name, buf, sizeof(buf));
-+ }
-+
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -571,6 +601,12 @@
- /* Check if .hushlogin exists. */
- snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
- quiet_login = stat(line, &st) >= 0;
-+#ifdef LOGIN_CAP
-+ lc = login_getpwclass(pw);
-+ if (lc == NULL)
-+ lc = login_getclassbyname(NULL, pw);
-+ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
-+#endif /* LOGIN_CAP */
-
- /*
- * If the user has logged in before, display the time of last
-@@ -594,6 +630,20 @@
- else
- printf("Last login: %s from %s\r\n", time_string, buf);
- }
-+#ifdef LOGIN_CAP
-+ if (command == NULL && !quiet_login && !options.use_login) {
-+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
-+ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
-+ while (fgets(line, sizeof(line), f) != NULL)
-+ fputs(line, stdout);
-+ fclose(f);
-+ } else
-+ (void)printf("%s\n\t%s %s\n",
-+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
-+ "The Regents of the University of California. ",
-+ "All rights reserved.");
-+ }
-+#endif /* LOGIN_CAP */
- /*
- * Print /etc/motd unless a command was specified or printing
- * it was disabled in server options or login(1) will be
-@@ -603,7 +653,18 @@
- if (command == NULL && options.print_motd && !quiet_login &&
- !options.use_login) {
- /* Print /etc/motd if it exists. */
-+#ifdef LOGIN_CAP
-+ fname = login_getcapstr(lc, "welcome", NULL, NULL);
-+ login_close(lc);
-+ if (fname != NULL) {
-+ f = fopen(fname, "r");
-+ if (f == NULL)
-+ f = fopen("/etc/motd", "r");
-+ } else
-+ f = fopen("/etc/motd", "r");
-+#else /* LOGIN_CAP */
- f = fopen("/etc/motd", "r");
-+#endif /* LOGIN_CAP */
- if (f) {
- while (fgets(line, sizeof(line), f))
- fputs(line, stdout);
-@@ -746,13 +807,29 @@
- extern char **environ;
- struct stat st;
- char *argv[10];
-+#ifdef LOGIN_CAP
-+ login_cap_t *lc;
-+
-+ lc = login_getpwclass(pw);
-+ if (lc == NULL)
-+ lc = login_getclassbyname(NULL, pw);
-+ #endif /* LOGIN_CAP */
-
- /* login(1) is only called if we execute the login shell */
- if (options.use_login && command != NULL)
- options.use_login = 0;
-
- f = fopen("/etc/nologin", "r");
-+#ifdef __FreeBSD__
-+ if (f == NULL)
-+ f = fopen("/var/run/nologin", "r");
-+#endif /* __FreeBSD__ */
-+#ifdef LOGIN_CAP
-+ /* on FreeBSD, etc., allow overriding nologin via login.conf. */
-+ if (f != NULL && !login_getcapbool(lc, "ignorenologin", 0)) {
-+#else /* LOGIN_CAP */
- if (f) {
-+#endif /* LOGIN_CAP */
- /* /etc/nologin exists. Print its contents and exit. */
- while (fgets(buf, sizeof(buf), f))
- fputs(buf, stderr);
-@@ -768,6 +845,13 @@
- /* Login(1) does this as well, and it needs uid 0 for the "-h"
- switch, so we let login(1) to this for us. */
- if (!options.use_login) {
-+#ifdef LOGIN_CAP
-+ if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY |
-+ LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) {
-+ perror("setclasscontext");
-+ exit(1);
-+ }
-+#endif /* LOGIN_CAP */
- if (getuid() == 0 || geteuid() == 0) {
- if (setgid(pw->pw_gid) < 0) {
- perror("setgid");
-@@ -790,7 +874,14 @@
- * Get the shell from the password data. An empty shell field is
- * legal, and means /bin/sh.
- */
-+#ifdef LOGIN_CAP
-+ shell = pw->pw_shell;
-+ shell = login_getcapstr(lc, "shell", shell, shell);
-+ if (shell[0] == '\0')
-+ shell = _PATH_BSHELL;
-+#else /* LOGIN_CAP */
- shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
-+#endif /* LOGIN_CAP */
-
- #ifdef AFS
- /* Try to get AFS tokens for the local cell. */
-@@ -814,7 +905,12 @@
- child_set_env(&env, &envsize, "USER", pw->pw_name);
- child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
- child_set_env(&env, &envsize, "HOME", pw->pw_dir);
-+#ifdef LOGIN_CAP
-+ child_set_env(&env, &envsize, "PATH",
-+ login_getpath(lc, "path", _PATH_STDPATH));
-+#else /* LOGIN_CAP */
- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-+#endif /* LOGIN_CAP */
-
- snprintf(buf, sizeof buf, "%.200s/%.50s",
- _PATH_MAILDIR, pw->pw_name);
-@@ -904,6 +1000,9 @@
- * descriptors left by system functions. They will be closed later.
- */
- endpwent();
-+#ifdef LOGIN_CAP
-+ login_close(lc);
-+#endif /* LOGIN_CAP */
+@@ -602,6 +623,7 @@
+ time_t last_login_time;
+ struct passwd * pw = s->pw;
+ pid_t pid = getpid();
++ char *fname;
/*
- * Close any extra open file descriptors so that we don\'t have them
-@@ -911,7 +1010,7 @@
+ * Get IP address of client. If the connection is not a socket, let
+@@ -644,6 +666,20 @@
+ else
+ printf("Last login: %s from %s\r\n", time_string, buf);
+ }
++#ifdef HAVE_LOGIN_CAP
++ if (!options.use_login) {
++ fname = login_getcapstr(lc, "copyright", NULL, NULL);
++ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
++ while (fgets(buf, sizeof(buf), f) != NULL)
++ fputs(buf, stdout);
++ fclose(f);
++ } else
++ (void)printf("%s\n\t%s %s\n",
++ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
++ "The Regents of the University of California. ",
++ "All rights reserved.");
++ }
++#endif /* HAVE_LOGIN_CAP */
+ if (options.print_motd) {
+ #ifdef HAVE_LOGIN_CAP
+ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
+@@ -949,7 +985,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -227,7 +80,7 @@
close(i);
/* Change current directory to the user\'s home directory. */
-@@ -930,7 +1029,27 @@
+@@ -973,7 +1009,27 @@
* in this order).
*/
if (!options.use_login) {
diff --git a/security/openssh/files/patch-av b/security/openssh/files/patch-av
index d781357fb1da..146643ad6122 100644
--- a/security/openssh/files/patch-av
+++ b/security/openssh/files/patch-av
@@ -1,18 +1,10 @@
---- auth.c.orif Thu Apr 20 17:21:58 2000
-+++ auth.c Thu Apr 20 17:50:06 2000
-@@ -26,7 +26,6 @@
- #include "session.h"
- #include "dispatch.h"
-
--
- /* import */
- extern ServerOptions options;
- extern char *forced_command;
-@@ -106,6 +105,16 @@
+--- auth.c.orig Sat Nov 4 17:30:17 2000
++++ auth.c Sat Nov 4 17:29:00 2000
+@@ -111,6 +111,16 @@
return 0;
}
}
-+#ifdef __FreeBSD__
++#ifdef __FreeBSD__
+ /* Fail if the account's expiration time has passed. */
+ if (pw->pw_expire != 0) {
+ struct timeval tv;