diff options
Diffstat (limited to 'security/openssh/files')
| -rw-r--r-- | security/openssh/files/patch-aa | 4 | ||||
| -rw-r--r-- | security/openssh/files/patch-ab | 12 | ||||
| -rw-r--r-- | security/openssh/files/patch-ac | 32 | ||||
| -rw-r--r-- | security/openssh/files/patch-ad | 51 | ||||
| -rw-r--r-- | security/openssh/files/patch-ae | 57 | ||||
| -rw-r--r-- | security/openssh/files/patch-af | 33 | ||||
| -rw-r--r-- | security/openssh/files/patch-ag (renamed from security/openssh/files/patch-ap) | 12 | ||||
| -rw-r--r-- | security/openssh/files/patch-ah | 27 | ||||
| -rw-r--r-- | security/openssh/files/patch-ai | 45 | ||||
| -rw-r--r-- | security/openssh/files/patch-aj | 39 | ||||
| -rw-r--r-- | security/openssh/files/patch-ak | 24 | ||||
| -rw-r--r-- | security/openssh/files/patch-al | 27 | ||||
| -rw-r--r-- | security/openssh/files/patch-am (renamed from security/openssh/files/patch-aw) | 7 | ||||
| -rw-r--r-- | security/openssh/files/patch-an | 232 | ||||
| -rw-r--r-- | security/openssh/files/patch-ao | 28 | ||||
| -rw-r--r-- | security/openssh/files/patch-ar | 27 | ||||
| -rw-r--r-- | security/openssh/files/patch-at | 27 | ||||
| -rw-r--r-- | security/openssh/files/patch-au | 13 | ||||
| -rw-r--r-- | security/openssh/files/strlcat.c | 71 |
19 files changed, 524 insertions, 244 deletions
diff --git a/security/openssh/files/patch-aa b/security/openssh/files/patch-aa index ff267ded9258..4797fe4d70a2 100644 --- a/security/openssh/files/patch-aa +++ b/security/openssh/files/patch-aa @@ -1,5 +1,5 @@ ---- Makefile.orig Tue Oct 26 03:31:00 1999 -+++ Makefile Mon Nov 8 00:28:19 1999 +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/Makefile Mon Oct 25 16:27:26 1999 ++++ ./Makefile Tue Nov 23 19:18:22 1999 @@ -1,6 +1,7 @@ # $OpenBSD: Makefile,v 1.5 1999/10/25 20:27:26 markus Exp $ diff --git a/security/openssh/files/patch-ab b/security/openssh/files/patch-ab index a65c47f7601c..277f63f225b6 100644 --- a/security/openssh/files/patch-ab +++ b/security/openssh/files/patch-ab @@ -1,11 +1,9 @@ ---- Makefile.inc.orig Tue Oct 26 03:31:00 1999 -+++ Makefile.inc Tue Nov 9 06:45:18 1999 -@@ -1,11 +1,8 @@ --CFLAGS+= -I${.CURDIR}/.. -+CFLAGS+= -I${.CURDIR}/.. -I${PREFIX}/include +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/Makefile.inc Mon Oct 25 16:27:26 1999 ++++ ./Makefile.inc Tue Nov 23 19:19:33 1999 +@@ -2,10 +2,9 @@ + + .include <bsd.obj.mk> --.include <bsd.obj.mk> -- -.if exists(${.CURDIR}/../lib/${__objdir}) -LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh -DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a diff --git a/security/openssh/files/patch-ac b/security/openssh/files/patch-ac index f03c0f6c88c2..f6ad51c27c10 100644 --- a/security/openssh/files/patch-ac +++ b/security/openssh/files/patch-ac @@ -1,10 +1,24 @@ ---- readconf.h.dist Fri Nov 19 23:32:48 1999 -+++ readconf.h Fri Nov 19 23:48:22 1999 -@@ -54,6 +54,7 @@ - int compression; /* Compress packets in both directions. */ - int compression_level; /* Compression level 1 (fast) to 9 (best). */ - int keepalives; /* Set SO_KEEPALIVE. */ -+ int tis_authentication; /* TIS client-side authentication */ - LogLevel log_level; /* Level for logging. */ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/includes.h Tue Nov 2 16:21:02 1999 ++++ ./includes.h Tue Nov 23 19:20:38 1999 +@@ -24,12 +24,12 @@ + #include <sys/select.h> + #include <sys/param.h> + #include <sys/ioctl.h> +-#include <sys/endian.h> + #include <sys/stat.h> + #include <sys/wait.h> + #include <sys/time.h> + #include <sys/un.h> + #include <sys/resource.h> ++#include <machine/endian.h> - int port; /* Port to connect. */ + #include <netinet/in.h> + #include <netinet/in_systm.h> +@@ -38,7 +38,6 @@ + #include <arpa/inet.h> + #include <netdb.h> + +-#include <netgroup.h> + #include <stdio.h> + #include <ctype.h> + #include <errno.h> diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad index b99d16d2c0d1..fc17693d6e5e 100644 --- a/security/openssh/files/patch-ad +++ b/security/openssh/files/patch-ad @@ -1,35 +1,20 @@ ---- readconf.c.dist Fri Nov 19 23:32:48 1999 -+++ readconf.c Fri Nov 19 23:41:27 1999 -@@ -369,13 +369,8 @@ - goto parse_int; - - case oTISAuthentication: -- cp = strtok(NULL, WHITESPACE); -- if (cp != 0 && (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)) -- fprintf(stderr, -- "%.99s line %d: Warning, TIS is not supported.\n", -- filename, -- linenum); -- break; -+ intptr = &options->tis_authentication; -+ goto parse_flag; +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/lib/Makefile Tue Nov 16 17:49:29 1999 ++++ ./lib/Makefile Tue Nov 23 19:21:19 1999 +@@ -5,6 +5,7 @@ + cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \ + hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ + rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c ++SRCS+= strlcat.c strlcpy.c - case oCompressionLevel: - intptr = &options->compression_level; -@@ -655,6 +650,7 @@ - options->num_local_forwards = 0; - options->num_remote_forwards = 0; - options->log_level = (LogLevel)-1; -+ options->tis_authentication = -1; - } + NOPROFILE= yes + NOPIC= yes +@@ -13,6 +14,7 @@ + @echo -n - /* Called after processing other sources of option data, this fills those -@@ -727,6 +723,8 @@ - options->user_hostfile = SSH_USER_HOSTFILE; - if (options->log_level == (LogLevel)-1) - options->log_level = SYSLOG_LEVEL_INFO; -+ if (options->tis_authentication == -1) -+ options->tis_authentication = 0; - /* options->proxy_command should not be set by default */ - /* options->user will be set in the main program if appropriate */ - /* options->hostname will be set in the main program if appropriate */ + .include <bsd.own.mk> ++.include "../Makefile.inc" + + .if (${KERBEROS} == "yes") + CFLAGS+= -DKRB4 -I/usr/include/kerberosIV +Only in ./lib: strlcat.c +Only in ./lib: strlcpy.c diff --git a/security/openssh/files/patch-ae b/security/openssh/files/patch-ae index f0692ec9487c..33c57f42e6fc 100644 --- a/security/openssh/files/patch-ae +++ b/security/openssh/files/patch-ae @@ -1,43 +1,14 @@ ---- sshconnect.c.orig Fri Nov 19 23:54:54 1999 -+++ sshconnect.c Fri Nov 19 23:56:22 1999 -@@ -1496,6 +1496,40 @@ - return; /* Successful connection. */ - } - -+ /* Support for TIS authentication server obtained from -+ Andre April <Andre.April@cediti.be>. */ -+ if ((supported_authentications & (1 << SSH_AUTH_TIS)) && -+ options.tis_authentication && !options.batch_mode) -+ { -+ char *prompt; -+ debug("Doing TIS authentication."); -+ if (options.cipher == SSH_CIPHER_NONE) -+ log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); -+ packet_start(SSH_CMSG_AUTH_TIS); -+ packet_send(); -+ packet_write_wait(); -+ type = packet_read(&payload_len); -+ if (type == SSH_SMSG_FAILURE) -+ debug("User cannot be identifier on authentication server."); -+ else { -+ if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) -+ packet_disconnect("Protocol error: got %d in response to TIS auth request", type); -+ prompt = packet_get_string(NULL); -+ password = read_passphrase(prompt, 0); -+ packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); -+ packet_put_string(password, strlen(password)); -+ memset(password, 0, strlen(password)); -+ xfree(password); -+ packet_send(); -+ packet_write_wait(); -+ type = packet_read(&payload_len); -+ if (type == SSH_SMSG_SUCCESS) -+ return; -+ if (type != SSH_SMSG_FAILURE) -+ packet_disconnect("Protocol error: got %d in response to TIS auth", type); -+ } -+ } -+ - /* Try password authentication if the server supports it. */ - if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && - options.password_authentication && !options.batch_mode) +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/login.c Tue Nov 23 18:55:14 1999 ++++ ./login.c Tue Nov 23 19:35:08 1999 +@@ -20,7 +20,11 @@ + #include "includes.h" + RCSID("$Id: login.c,v 1.8 1999/11/23 22:25:54 markus Exp $"); + ++#ifdef __FreeBSD__ ++#include <libutil.h> ++#else + #include <util.h> ++#endif /* __FreeBSD__ */ + #include <utmp.h> + #include "ssh.h" + diff --git a/security/openssh/files/patch-af b/security/openssh/files/patch-af index 6eadf2eafb68..4e7ebf6d6cba 100644 --- a/security/openssh/files/patch-af +++ b/security/openssh/files/patch-af @@ -1,11 +1,22 @@ ---- ssh.h.dist Fri Nov 19 23:50:37 1999 -+++ ssh.h Fri Nov 19 23:50:22 1999 -@@ -141,7 +141,7 @@ - #define SSH_AUTH_RSA 2 - #define SSH_AUTH_PASSWORD 3 - #define SSH_AUTH_RHOSTS_RSA 4 -- /* 5 is TIS */ -+#define SSH_AUTH_TIS 5 - #define SSH_AUTH_KERBEROS 6 - #define SSH_PASS_KERBEROS_TGT 7 - /* 8 to 15 are reserved */ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/scp/Makefile Mon Oct 25 16:27:26 1999 ++++ ./scp/Makefile Tue Nov 23 19:23:58 1999 +@@ -2,16 +2,9 @@ + + PROG= scp + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin +-MAN= scp.1 ++BINMODE=555 ++BINDIR= /bin ++MAN1= scp.1 + + SRCS= scp.c + diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ag index db9c3f7d8a0a..09a17b96aa87 100644 --- a/security/openssh/files/patch-ap +++ b/security/openssh/files/patch-ag @@ -1,11 +1,10 @@ ---- ssh/Makefile.orig Tue Oct 26 03:31:00 1999 -+++ ssh/Makefile Tue Nov 9 06:56:24 1999 -@@ -2,22 +2,17 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh/Makefile Wed Nov 17 20:52:33 1999 ++++ ./ssh/Makefile Tue Nov 23 19:26:08 1999 +@@ -2,22 +2,16 @@ PROG= ssh BINOWN= root -+BINMODE=4555 - +- -.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ - ${MACHINE_ARCH} == "hppa") -BINMODE=0000 @@ -15,6 +14,7 @@ - -BINDIR= /usr/bin -MAN= ssh.1 ++BINMODE=4555 +BINDIR= /bin +MAN1= ssh.1 LINKS= ${BINDIR}/ssh ${BINDIR}/slogin @@ -27,7 +27,7 @@ .if (${KERBEROS} == "yes") CFLAGS+= -DKRB4 -I/usr/include/kerberosIV -@@ -32,5 +27,5 @@ +@@ -32,5 +26,5 @@ .include <bsd.prog.mk> diff --git a/security/openssh/files/patch-ah b/security/openssh/files/patch-ah new file mode 100644 index 000000000000..95b32a341276 --- /dev/null +++ b/security/openssh/files/patch-ah @@ -0,0 +1,27 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-add/Makefile Wed Oct 27 12:54:48 1999 ++++ ./ssh-add/Makefile Tue Nov 23 19:26:48 1999 +@@ -2,20 +2,13 @@ + + PROG= ssh-add + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin +-MAN= ssh-add.1 ++BINMODE=555 ++BINDIR= /bin ++MAN1= ssh-add.1 + + SRCS= ssh-add.c log-client.c + + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lutil -lz ++LDADD+= ${CRYPTOLIBS} -lutil -lz + DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ai b/security/openssh/files/patch-ai index fd676782c3d2..519c4e727f15 100644 --- a/security/openssh/files/patch-ai +++ b/security/openssh/files/patch-ai @@ -1,21 +1,26 @@ -diff -ru /home/green/ssh/includes.h ./includes.h ---- /home/green/ssh/includes.h Wed Nov 3 03:36:00 1999 -+++ ./includes.h Mon Nov 8 00:06:40 1999 -@@ -24,7 +24,6 @@ - #include <sys/select.h> - #include <sys/param.h> - #include <sys/ioctl.h> --#include <sys/endian.h> - #include <sys/stat.h> - #include <sys/wait.h> - #include <sys/time.h> -@@ -38,7 +37,8 @@ - #include <arpa/inet.h> - #include <netdb.h> +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-agent/Makefile Wed Oct 27 12:54:49 1999 ++++ ./ssh-agent/Makefile Tue Nov 23 19:27:38 1999 +@@ -2,20 +2,13 @@ --#include <netgroup.h> -+#include <machine/endian.h> -+ - #include <stdio.h> - #include <ctype.h> - #include <errno.h> + PROG= ssh-agent + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin ++BINMODE=555 ++BINDIR= /bin + MAN= ssh-agent.1 + + SRCS= ssh-agent.c log-client.c + + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lutil -lz ++LDADD+= ${CRYPTOLIBS} -lutil -lz + DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-aj b/security/openssh/files/patch-aj index 2b51018f9bc7..9f9c0fcd64da 100644 --- a/security/openssh/files/patch-aj +++ b/security/openssh/files/patch-aj @@ -1,19 +1,26 @@ ---- ./lib/Makefile.orig Tue Nov 16 16:50:53 1999 -+++ ./lib/Makefile Tue Nov 16 16:52:01 1999 -@@ -4,7 +4,7 @@ - SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ - cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \ - hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ -- rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c -+ rsa.c strlcpy.c tildexpand.c ttymodes.c uidswap.c xmalloc.c +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen/Makefile Wed Oct 27 12:54:49 1999 ++++ ./ssh-keygen/Makefile Tue Nov 23 19:28:07 1999 +@@ -2,20 +2,13 @@ - NOPROFILE= yes - NOPIC= yes -@@ -13,6 +13,7 @@ - @echo -n + PROG= ssh-keygen + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin ++BINMODE=555 ++BINDIR= /bin + MAN= ssh-keygen.1 - .include <bsd.own.mk> -+.include "../Makefile.inc" + SRCS= ssh-keygen.c log-client.c - .if (${KERBEROS} == "yes") - CFLAGS+= -DKRB4 -I/usr/include/kerberosIV + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lutil -lz ++LDADD+= ${CRYPTOLIBS} -lutil -lz + DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ak b/security/openssh/files/patch-ak index 7248dbab9bed..f76d52056c2e 100644 --- a/security/openssh/files/patch-ak +++ b/security/openssh/files/patch-ak @@ -1,14 +1,12 @@ ---- ./login.c.orig Sat Nov 13 16:50:45 1999 -+++ ./login.c Sat Nov 13 17:59:23 1999 -@@ -20,7 +20,11 @@ - #include "includes.h" - RCSID("$Id: login.c,v 1.7 1999/09/30 16:55:06 deraadt Exp $"); - -+#if defined(__FreeBSD__) -+#include <libutil.h> -+#else - #include <util.h> +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh.c Tue Nov 23 18:57:50 1999 ++++ ./ssh.c Tue Nov 23 19:28:33 1999 +@@ -123,6 +123,9 @@ + log("Using rsh. WARNING: Connection will not be encrypted."); + /* Build argument list for rsh. */ + i = 0; ++#ifndef _PATH_RSH ++#define _PATH_RSH "/usr/bin/rsh" +#endif - #include <utmp.h> - #include "ssh.h" - + args[i++] = _PATH_RSH; + /* host may have to come after user on some systems */ + args[i++] = host; diff --git a/security/openssh/files/patch-al b/security/openssh/files/patch-al new file mode 100644 index 000000000000..365a45928036 --- /dev/null +++ b/security/openssh/files/patch-al @@ -0,0 +1,27 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh.h Tue Nov 23 18:58:02 1999 ++++ ./ssh.h Tue Nov 23 19:31:00 1999 +@@ -51,7 +51,7 @@ + port if present. */ + #define SSH_SERVICE_NAME "ssh" + +-#define ETCDIR "/etc" ++#define ETCDIR "__PREFIX__/etc" + #define PIDDIR "/var/run" + + /* System-wide file containing host keys of known hosts. This file should be +@@ -64,11 +64,11 @@ + are all defined in Makefile.in. Of these, ssh_host_key should be readable + only by root, whereas ssh_config should be world-readable. */ + +-#define HOST_KEY_FILE "/etc/ssh_host_key" +-#define SERVER_CONFIG_FILE "/etc/sshd_config" +-#define HOST_CONFIG_FILE "/etc/ssh_config" ++#define HOST_KEY_FILE "__PREFIX__/etc/ssh_host_key" ++#define SERVER_CONFIG_FILE "__PREFIX__/etc/sshd_config" ++#define HOST_CONFIG_FILE "__PREFIX__/etc/ssh_config" + +-#define SSH_PROGRAM "/usr/bin/ssh" ++#define SSH_PROGRAM "__PREFIX__/usr/bin/ssh" + + /* The process id of the daemon listening for connections is saved + here to make it easier to kill the correct daemon when necessary. */ diff --git a/security/openssh/files/patch-aw b/security/openssh/files/patch-am index 946b865ec625..22106d6e39ef 100644 --- a/security/openssh/files/patch-aw +++ b/security/openssh/files/patch-am @@ -1,6 +1,5 @@ -diff -ru /home/green/ssh/sshd/Makefile ./sshd/Makefile ---- /home/green/ssh/sshd/Makefile Tue Oct 26 03:31:00 1999 -+++ ./sshd/Makefile Mon Nov 8 00:14:02 1999 +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd/Makefile Mon Oct 25 16:27:27 1999 ++++ ./sshd/Makefile Tue Nov 23 19:29:25 1999 @@ -3,13 +3,14 @@ PROG= sshd BINOWN= root @@ -23,7 +22,7 @@ diff -ru /home/green/ssh/sshd/Makefile ./sshd/Makefile .include <bsd.prog.mk> -LDADD+= -lcrypto -lutil -lz -+LDADD+= -lutil -lz -lcrypt ${CRYPTOLIBS} ++LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} .if (${TCP_WRAPPERS} == "yes") diff --git a/security/openssh/files/patch-an b/security/openssh/files/patch-an new file mode 100644 index 000000000000..8dfdf115c932 --- /dev/null +++ b/security/openssh/files/patch-an @@ -0,0 +1,232 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd.c Tue Nov 23 18:59:05 1999 ++++ ./sshd.c Tue Nov 23 20:33:18 1999 +@@ -39,6 +39,16 @@ + int deny_severity = LOG_WARNING; + #endif /* LIBWRAP */ + ++#ifdef __FreeBSD__ ++#include <libutil.h> ++#include <syslog.h> ++#define LOGIN_CAP ++#endif /* __FreeBSD__ */ ++ ++#ifdef LOGIN_CAP ++#include <login_cap.h> ++#endif /* LOGIN_CAP */ ++ + #ifndef O_NOCTTY + #define O_NOCTTY 0 + #endif +@@ -1008,6 +1018,14 @@ + return 0; + } + } ++ /* Fail if the account's expiration time has passed. */ ++ if (pw->pw_expire != 0) { ++ struct timeval tv; ++ ++ (void)gettimeofday(&tv, NULL); ++ if (tv.tv_sec >= pw->pw_expire) ++ return 0; ++ } + /* We found no reason not to let this user try to log on... */ + return 1; + } +@@ -1042,6 +1060,9 @@ + pwcopy.pw_gid = pw->pw_gid; + pwcopy.pw_dir = xstrdup(pw->pw_dir); + pwcopy.pw_shell = xstrdup(pw->pw_shell); ++ pwcopy.pw_class = xstrdup(pw->pw_class); ++ pwcopy.pw_expire = pw->pw_expire; ++ pwcopy.pw_change = pw->pw_change; + pw = &pwcopy; + + /* If we are not running as root, the user must have the same uid +@@ -1790,6 +1811,10 @@ + struct sockaddr_in from; + int fromlen; + struct pty_cleanup_context cleanup_context; ++#ifdef LOGIN_CAP ++ login_cap_t *lc; ++ char *fname; ++#endif /* LOGIN_CAP */ + + /* Get remote host name. */ + hostname = get_canonical_hostname(); +@@ -1850,6 +1875,12 @@ + /* Check if .hushlogin exists. */ + snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; ++#ifdef LOGIN_CAP ++ lc = login_getpwclass(pw); ++ if (lc == NULL) ++ lc = login_getclassbyname(NULL, pw); ++ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); ++#endif /* LOGIN_CAP */ + + /* If the user has logged in before, display the time of + last login. However, don't display anything extra if a +@@ -1871,12 +1902,31 @@ + else + printf("Last login: %s from %s\r\n", time_string, buf); + } ++#ifdef LOGIN_CAP ++ if (command == NULL && !quiet_login && !options.use_login) { ++ fname = login_getcapstr(lc, "copyright", NULL, NULL); ++ if (fname != NULL && (f = fopen(fname, "r")) != NULL) { ++ while (fgets(line, sizeof(line), f)) ++ fputs(line, stdout); ++ fclose(f); ++ } else ++ (void)printf("%s\n\t%s %s\n", ++ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", ++ "The Regents of the University of California. ", ++ "All rights reserved."); ++ } ++#endif /* LOGIN_CAP */ + /* Print /etc/motd unless a command was specified or + printing it was disabled in server options or login(1) + will be used. Note that some machines appear to print + it in /etc/profile or similar. */ + if (command == NULL && options.print_motd && !quiet_login && + !options.use_login) { ++#ifdef LOGIN_CAP ++ fname = login_getcapstr(lc, "welcome", NULL, NULL); ++ login_close(lc); ++ if (fname == NULL || (f = fopen(fname, "r")) == NULL) ++#endif /* LOGIN_CAP */ + /* Print /etc/motd if it exists. */ + f = fopen("/etc/motd", "r"); + if (f) { +@@ -1885,6 +1935,7 @@ + fclose(f); + } + } ++ + /* Do common processing for the child, such as execing the command. */ + do_child(command, pw, term, display, auth_proto, auth_data, ttyname); + /* NOTREACHED */ +@@ -2030,17 +2081,38 @@ + extern char **environ; + struct stat st; + char *argv[10]; ++#ifdef LOGIN_CAP ++ login_cap_t *lc; ++ ++ lc = login_getpwclass(pw); ++ if (lc == NULL) ++ lc = login_getclassbyname(NULL, pw); ++#endif /* LOGIN_CAP */ + + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); ++#ifdef __FreeBSD__ ++ if (f == NULL) ++ f = fopen("/var/run/nologin", "r"); ++#endif /* __FreeBSD__ */ + if (f) { +- /* /etc/nologin exists. Print its contents and exit. */ +- while (fgets(buf, sizeof(buf), f)) +- fputs(buf, stderr); +- fclose(f); +- if (pw->pw_uid != 0) +- exit(254); +- } ++ /* /etc/nologin exists. */ ++#ifdef LOGIN_CAP ++ /* ++ * If the user doesn't have "ignorenologin" set, print ++ * its contents and exit. ++ */ ++ if (!login_getcapbool(lc, "ignorenologin", 0)) { ++#endif /* LOGIN_CAP */ ++ while (fgets(buf, sizeof(buf), f)) ++ fputs(buf, stderr); ++ fclose(f); ++ if (pw->pw_uid != 0) ++ exit(254); ++#ifdef LOGIN_CAP ++ } ++#endif /* LOGIN_CAP */ ++ } + /* Set login name in the kernel. */ + if (setlogin(pw->pw_name) < 0) + error("setlogin failed: %s", strerror(errno)); +@@ -2049,6 +2121,13 @@ + /* Login(1) does this as well, and it needs uid 0 for the "-h" + switch, so we let login(1) to this for us. */ + if (!options.use_login) { ++#ifdef LOGIN_CAP ++ if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY | ++ LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) { ++ perror("setclasscontext"); ++ exit(1); ++ } ++#endif /* LOGIN_CAP */ + if (getuid() == 0 || geteuid() == 0) { + if (setgid(pw->pw_gid) < 0) { + perror("setgid"); +@@ -2069,7 +2148,13 @@ + } + /* Get the shell from the password data. An empty shell field is + legal, and means /bin/sh. */ ++#ifdef LOGIN_CAP ++ shell = login_getcapstr(lc, "shell", pw->pw_shell, pw->pw_shell); ++ if (shell[0] == '\0') ++ shell = _PATH_BSHELL; ++#else /* LOGIN_CAP */ + shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; ++#endif /* LOGIN_CAP */ + + #ifdef AFS + /* Try to get AFS tokens for the local cell. */ +@@ -2094,7 +2179,12 @@ + child_set_env(&env, &envsize, "USER", pw->pw_name); + child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); + child_set_env(&env, &envsize, "HOME", pw->pw_dir); ++#ifdef LOGIN_CAP ++ child_set_env(&env, &envsize, "PATH", ++ login_getpath(lc, "path", _PATH_STDPATH)); ++#else /* LOGIN_CAP */ + child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); ++#endif /* LOGIN_CAP */ + + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); +@@ -2189,13 +2279,35 @@ + later. */ + endpwent(); + endhostent(); ++#ifdef LOGIN_CAP ++ login_close(lc); ++#endif /* LOGIN_CAP */ + + /* Close any extra open file descriptors so that we don\'t have + them hanging around in clients. Note that we want to do this + after initgroups, because at least on Solaris 2.3 it leaves + file descriptors open. */ +- for (i = 3; i < 64; i++) ++ for (i = 3; i < getdtablesize(); i++) + close(i); ++ ++#ifdef __FreeBSD__ ++ /* ++ * If the password change time is set and has passed, give the ++ * user a password expiry notice and chance to change it. ++ */ ++ if (pw->pw_change != 0) { ++ struct timeval tv; ++ ++ (void)gettimeofday(&tv, NULL); ++ if (tv.tv_sec >= pw->pw_change) { ++ (void)printf("Sorry -- your password has expired.\n"); ++ syslog(LOG_INFO, "%s Password expired - forcing change", ++ pw->pw_name); ++ if (system("/usr/bin/passwd") != 0) ++ perror("/usr/bin/passwd"); ++ } ++ } ++#endif /* __FreeBSD__ */ + + /* Change current directory to the user\'s home directory. */ + if (chdir(pw->pw_dir) < 0) diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao index 21f9247a72e7..a728a10616d5 100644 --- a/security/openssh/files/patch-ao +++ b/security/openssh/files/patch-ao @@ -1,14 +1,16 @@ -diff -ru /home/green/ssh/scp/Makefile ./scp/Makefile ---- /home/green/ssh/scp/Makefile Tue Oct 26 03:31:00 1999 -+++ ./scp/Makefile Mon Nov 8 00:13:21 1999 -@@ -10,8 +10,8 @@ - BINMODE?=555 - .endif - --BINDIR= /usr/bin --MAN= scp.1 -+BINDIR= /bin -+MAN1= scp.1 - - SRCS= scp.c +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd_config Thu Nov 11 17:58:39 1999 ++++ ./sshd_config Tue Nov 23 19:31:58 1999 +@@ -2,11 +2,11 @@ + Port 22 + ListenAddress 0.0.0.0 +-HostKey /etc/ssh_host_key ++HostKey __PREFIX__/etc/ssh_host_key + ServerKeyBits 768 + LoginGraceTime 600 + KeyRegenerationInterval 3600 +-PermitRootLogin yes ++PermitRootLogin no + # + # Don't read ~/.rhosts and ~/.shosts files + IgnoreRhosts yes diff --git a/security/openssh/files/patch-ar b/security/openssh/files/patch-ar deleted file mode 100644 index 0fca0fb71c85..000000000000 --- a/security/openssh/files/patch-ar +++ /dev/null @@ -1,27 +0,0 @@ ---- ssh-agent/Makefile.orig Thu Oct 28 03:32:00 1999 -+++ ssh-agent/Makefile Tue Nov 9 06:41:50 1999 -@@ -2,20 +2,14 @@ - - PROG= ssh-agent - BINOWN= root -+BINMODE=555 - --.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ -- ${MACHINE_ARCH} == "hppa") --BINMODE=0000 --.else --BINMODE?=555 --.endif -- --BINDIR= /usr/bin --MAN= ssh-agent.1 -+BINDIR= /bin -+MAN1= ssh-agent.1 - - SRCS= ssh-agent.c log-client.c - - .include <bsd.prog.mk> - --LDADD+= -lcrypto -lutil -lz -+LDADD+= -lutil -lz ${CRYPTOLIBS} - DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-at b/security/openssh/files/patch-at deleted file mode 100644 index 861e84136ae6..000000000000 --- a/security/openssh/files/patch-at +++ /dev/null @@ -1,27 +0,0 @@ ---- ssh-keygen/Makefile.orig Thu Oct 28 03:32:00 1999 -+++ ssh-keygen/Makefile Tue Nov 9 06:42:34 1999 -@@ -2,20 +2,14 @@ - - PROG= ssh-keygen - BINOWN= root -+BINMODE=555 - --.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ -- ${MACHINE_ARCH} == "hppa") --BINMODE=0000 --.else --BINMODE?=555 --.endif -- --BINDIR= /usr/bin --MAN= ssh-keygen.1 -+BINDIR= /bin -+MAN1= ssh-keygen.1 - - SRCS= ssh-keygen.c log-client.c - - .include <bsd.prog.mk> - --LDADD+= -lcrypto -lutil -lz -+LDADD+= -lutil -lz ${CRYPTOLIBS} - DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au deleted file mode 100644 index 45b30014d990..000000000000 --- a/security/openssh/files/patch-au +++ /dev/null @@ -1,13 +0,0 @@ -diff -ru /home/green/ssh/ssh.c ./ssh.c ---- /home/green/ssh/ssh.c Sat Oct 30 03:43:00 1999 -+++ ./ssh.c Mon Nov 8 00:06:40 1999 -@@ -128,6 +128,9 @@ - log("Using rsh. WARNING: Connection will not be encrypted."); - /* Build argument list for rsh. */ - i = 0; -+#ifndef _PATH_RSH -+#define _PATH_RSH "/usr/bin/rsh" -+#endif - args[i++] = _PATH_RSH; - args[i++] = host; /* may have to come after user on some systems */ - if (user) diff --git a/security/openssh/files/strlcat.c b/security/openssh/files/strlcat.c new file mode 100644 index 000000000000..599994edf5af --- /dev/null +++ b/security/openssh/files/strlcat.c @@ -0,0 +1,71 @@ +/* $OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $ */ + +/* + * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char *rcsid = "$OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include <sys/types.h> +#include <string.h> + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t strlcat(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + register char *d = dst; + register const char *s = src; + register size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (*d != '\0' && n-- != 0) + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} |