summaryrefslogtreecommitdiff
path: root/security/openssh/files
diff options
context:
space:
mode:
Diffstat (limited to 'security/openssh/files')
-rw-r--r--security/openssh/files/pam_ssh.c31
-rw-r--r--security/openssh/files/patch-ac4
-rw-r--r--security/openssh/files/patch-ad8
-rw-r--r--security/openssh/files/patch-ag23
-rw-r--r--security/openssh/files/patch-am8
-rw-r--r--security/openssh/files/patch-an24
-rw-r--r--security/openssh/files/patch-ap24
-rw-r--r--security/openssh/files/sshd.sh27
8 files changed, 93 insertions, 56 deletions
diff --git a/security/openssh/files/pam_ssh.c b/security/openssh/files/pam_ssh.c
index 9392b9e3eaf1..7ee0788c4144 100644
--- a/security/openssh/files/pam_ssh.c
+++ b/security/openssh/files/pam_ssh.c
@@ -44,10 +44,14 @@
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
+#include <openssl/dsa.h>
+
#include "includes.h"
#include "rsa.h"
+#include "key.h"
#include "ssh.h"
#include "authfd.h"
+#include "authfile.h"
#define MODULE_NAME "pam_ssh"
#define NEED_PASSPHRASE "Need passphrase for %s (%s).\nEnter passphrase: "
@@ -203,11 +207,11 @@ pam_sm_authenticate(
char *comment_priv; /* on private key */
char *comment_pub; /* on public key */
char *identity; /* user's identity file */
- RSA *key; /* user's private key */
+ Key key; /* user's private key */
int options; /* module options */
const char *pass; /* passphrase */
char *prompt; /* passphrase prompt */
- RSA *public_key; /* user's public key */
+ Key public_key; /* user's public key */
const PASSWD *pwent; /* user's passwd entry */
PASSWD *pwent_keep; /* our own copy */
int retval; /* from calls */
@@ -233,17 +237,19 @@ pam_sm_authenticate(
* Fail unless we can load the public key. Change to the
* owner's UID to appease load_public_key().
*/
- key = RSA_new();
- public_key = RSA_new();
+ key.type = KEY_RSA;
+ key.rsa = RSA_new();
+ public_key.type = KEY_RSA;
+ public_key.rsa = RSA_new();
saved_uid = getuid();
(void)setreuid(pwent->pw_uid, saved_uid);
- retval = load_public_key(identity, public_key, &comment_pub);
+ retval = load_public_key(identity, &public_key, &comment_pub);
(void)setuid(saved_uid);
if (!retval) {
free(identity);
return PAM_AUTH_ERR;
}
- RSA_free(public_key);
+ RSA_free(public_key.rsa);
/* build the passphrase prompt */
retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub);
free(comment_pub);
@@ -264,7 +270,7 @@ pam_sm_authenticate(
* If success, the user is authenticated.
*/
(void)setreuid(pwent->pw_uid, saved_uid);
- retval = load_private_key(identity, pass, key, &comment_priv);
+ retval = load_private_key(identity, pass, &key, &comment_priv);
free(identity);
(void)setuid(saved_uid);
if (!retval)
@@ -273,9 +279,9 @@ pam_sm_authenticate(
* Save the key and comment to pass to ssh-agent in the session
* phase.
*/
- if ((retval = pam_set_data(pamh, "ssh_private_key", key,
+ if ((retval = pam_set_data(pamh, "ssh_private_key", key.rsa,
rsa_cleanup)) != PAM_SUCCESS) {
- RSA_free(key);
+ RSA_free(key.rsa);
free(comment_priv);
return retval;
}
@@ -327,7 +333,7 @@ pam_sm_open_session(
char *env_end; /* end of env */
char *env_file; /* to store env */
FILE *env_fp; /* env_file handle */
- RSA *key; /* user's private key */
+ Key key; /* user's private key */
FILE *pipe; /* ssh-agent handle */
const PASSWD *pwent; /* user's passwd entry */
int retval; /* from calls */
@@ -421,9 +427,10 @@ pam_sm_open_session(
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
+ key.type = KEY_RSA;
/* connect to the agent and hand off the private key */
if ((retval = pam_get_data(pamh, "ssh_private_key",
- (const void **)&key)) != PAM_SUCCESS ||
+ (const void **)&key.rsa)) != PAM_SUCCESS ||
(retval = pam_get_data(pamh, "ssh_key_comment",
(const void **)&comment)) != PAM_SUCCESS ||
(retval = env_commit(ssh_env)) != PAM_SUCCESS) {
@@ -436,7 +443,7 @@ pam_sm_open_session(
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
- retval = ssh_add_identity(ac, key, comment);
+ retval = ssh_add_identity(ac, key.rsa, comment);
ssh_close_authentication_connection(ac);
env_swap(ssh_env, 0);
return retval ? PAM_SUCCESS : PAM_SESSION_ERR;
diff --git a/security/openssh/files/patch-ac b/security/openssh/files/patch-ac
index 02183d9c5bfe..2ab60dc3750f 100644
--- a/security/openssh/files/patch-ac
+++ b/security/openssh/files/patch-ac
@@ -1,5 +1,5 @@
---- includes.h.orig Fri Jan 14 20:15:50 2000
-+++ includes.h Fri Jan 14 20:20:05 2000
+--- includes.h.orig Fri Apr 14 06:30:31 2000
++++ includes.h Sat May 13 12:12:41 2000
@@ -24,12 +24,12 @@
#include <sys/select.h>
#include <sys/param.h>
diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad
index f26905adf0f3..e1ed1433b178 100644
--- a/security/openssh/files/patch-ad
+++ b/security/openssh/files/patch-ad
@@ -1,11 +1,11 @@
---- /usr/ports/distfiles/OpenSSH-1.2.3/src/usr.bin/ssh/lib/Makefile Thu Apr 20 17:02:17 2000
-+++ lib/Makefile Thu Apr 20 17:08:05 2000
+--- lib/Makefile.orig Thu Apr 27 05:56:30 2000
++++ lib/Makefile Fri May 12 07:07:30 2000
@@ -5,7 +5,11 @@
cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
-- key.c dispatch.c dsa.c kex.c hmac.c
-+ key.c dispatch.c dsa.c kex.c hmac.c strlcat.c strlcpy.c
+- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c
++ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c strlcat.c strlcpy.c
+
+.if defined(COMPAT_GETADDRINFO)
+SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
diff --git a/security/openssh/files/patch-ag b/security/openssh/files/patch-ag
index 09a17b96aa87..12c47019780c 100644
--- a/security/openssh/files/patch-ag
+++ b/security/openssh/files/patch-ag
@@ -1,10 +1,13 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh/Makefile Wed Nov 17 20:52:33 1999
-+++ ./ssh/Makefile Tue Nov 23 19:26:08 1999
-@@ -2,22 +2,16 @@
+--- ssh/Makefile.orig Thu Apr 27 06:31:58 2000
++++ ssh/Makefile Fri May 12 07:23:01 2000
+@@ -2,16 +2,10 @@
PROG= ssh
BINOWN= root
--
++BINMODE=4555
++BINDIR= /bin
++MAN1= ssh.1
+
-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
- ${MACHINE_ARCH} == "hppa")
-BINMODE=0000
@@ -14,22 +17,22 @@
-
-BINDIR= /usr/bin
-MAN= ssh.1
-+BINMODE=4555
-+BINDIR= /bin
-+MAN1= ssh.1
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
MLINKS= ssh.1 slogin.1
- SRCS= ssh.c sshconnect.c log-client.c readconf.c clientloop.c
+@@ -19,6 +13,7 @@
+ sshconnect.c sshconnect1.c sshconnect2.c
.include <bsd.own.mk> # for AFS
+.include "../Makefile.inc"
.if (${KERBEROS} == "yes")
- CFLAGS+= -DKRB4 -I/usr/include/kerberosIV
-@@ -32,5 +26,5 @@
+ CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
+@@ -32,6 +27,7 @@
+ .endif # KERBEROS
.include <bsd.prog.mk>
++.include "../Makefile.inc"
-LDADD+= -lutil -lz -lcrypto
+LDADD+= -lutil -lz ${CRYPTOLIBS}
diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am
index 25e196b0120e..95eeb35accb6 100644
--- a/security/openssh/files/patch-am
+++ b/security/openssh/files/patch-am
@@ -1,5 +1,5 @@
---- /usr/ports/distfiles/OpenSSH-1.2.3/src/usr.bin/ssh/sshd/Makefile Thu Apr 20 17:02:17 2000
-+++ sshd/Makefile Thu Apr 20 17:10:39 2000
+--- sshd/Makefile.orig Thu Apr 27 06:31:57 2000
++++ sshd/Makefile Fri May 12 07:10:41 2000
@@ -3,14 +3,15 @@
PROG= sshd
BINOWN= root
@@ -10,8 +10,8 @@
+MAN8= sshd.8
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
- pty.c log-server.c login.c servconf.c serverloop.c session.c \
- auth.c
+ pty.c log-server.c login.c servconf.c serverloop.c \
+ auth.c auth1.c auth2.c session.c
.include <bsd.own.mk> # for KERBEROS and AFS
+.include "../Makefile.inc"
diff --git a/security/openssh/files/patch-an b/security/openssh/files/patch-an
index e09752e8b65e..47a60fb490e0 100644
--- a/security/openssh/files/patch-an
+++ b/security/openssh/files/patch-an
@@ -1,6 +1,6 @@
---- sshd.c.orig Thu Apr 20 17:11:24 2000
-+++ sshd.c Thu Apr 20 17:17:12 2000
-@@ -48,6 +48,13 @@
+--- sshd.c.orig Wed May 3 19:21:49 2000
++++ sshd.c Fri May 12 07:11:43 2000
+@@ -49,6 +49,13 @@
int deny_severity = LOG_WARNING;
#endif /* LIBWRAP */
@@ -14,9 +14,9 @@
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
-@@ -128,6 +135,32 @@
- /* session identifier, used by RSA-auth */
- unsigned char session_id[16];
+@@ -134,6 +141,32 @@
+ unsigned char *session_id2 = NULL;
+ int session_id2_len = 0;
+/* These are used to implement connections_per_period. */
+struct magic_connection {
@@ -47,15 +47,15 @@
/* Prototypes for various functions defined later in this file. */
void do_ssh1_kex();
void do_ssh2_kex();
-@@ -395,6 +428,7 @@
+@@ -418,6 +451,7 @@
int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1;
pid_t pid;
socklen_t fromlen;
-+ int connections_per_period_exceeded = 0;
- int silentrsa = 0;
++ int connections_per_period_exceeded = 0;
+ int silent = 0;
fd_set *fdset;
struct sockaddr_storage from;
-@@ -709,6 +743,12 @@
+@@ -763,6 +797,12 @@
fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
fdset = (fd_set *)xmalloc(fdsetsz);
@@ -68,7 +68,7 @@
/*
* Stay listening for connections until the system crashes or
* the daemon is killed with a signal.
-@@ -740,9 +780,31 @@
+@@ -794,9 +834,31 @@
error("newsock del O_NONBLOCK: %s", strerror(errno));
continue;
}
@@ -102,7 +102,7 @@
*/
if (debug_flag) {
/*
-@@ -756,6 +818,12 @@
+@@ -810,6 +872,12 @@
sock_out = newsock;
pid = getpid();
break;
diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ap
index f0026846addb..d3c63bea1620 100644
--- a/security/openssh/files/patch-ap
+++ b/security/openssh/files/patch-ap
@@ -1,15 +1,15 @@
---- servconf.c.orig Thu Apr 20 17:55:11 2000
-+++ servconf.c Thu Apr 20 18:00:08 2000
-@@ -71,6 +71,8 @@
- options->num_deny_groups = 0;
+--- servconf.c.orig Tue May 9 02:12:15 2000
++++ servconf.c Fri May 12 07:13:13 2000
+@@ -74,6 +74,8 @@
options->ciphers = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
-+ options->connections_per_period = 0;
-+ options->connections_period = 0;
+ options->gateway_ports = -1;
++ options->connections_per_period = 0;
++ options->connections_period = 0;
}
void
-@@ -163,7 +165,7 @@
+@@ -172,7 +174,7 @@
#ifdef SKEY
sSkeyAuthentication,
#endif
@@ -18,15 +18,15 @@
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-@@ -218,6 +220,7 @@
- { "denygroups", sDenyGroups },
+@@ -231,6 +233,7 @@
{ "ciphers", sCiphers },
{ "protocol", sProtocol },
-+ { "connectionsperperiod", sConnectionsPerPeriod },
+ { "gatewayports", sGatewayPorts },
++ { "connectionsperperiod", sConnectionsPerPeriod },
{ NULL, 0 }
};
-@@ -327,7 +330,11 @@
+@@ -340,7 +343,11 @@
filename, linenum);
exit(1);
}
@@ -39,7 +39,7 @@
if (*intptr == -1)
*intptr = value;
break;
-@@ -551,6 +558,21 @@
+@@ -584,6 +591,21 @@
filename, linenum);
options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
}
diff --git a/security/openssh/files/sshd.sh b/security/openssh/files/sshd.sh
new file mode 100644
index 000000000000..74798cff8d6f
--- /dev/null
+++ b/security/openssh/files/sshd.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+case "$1" in
+ start)
+ __PREFIX__/sbin/sshd
+ echo -n ' sshd'
+ ;;
+ stop)
+ if [ -f /var/run/sshd.pid ]; then
+ kill -TERM `cat /var/run/sshd.pid`
+ rm -f /var/run/sshd.pid
+ echo -n ' sshd'
+ fi
+ ;;
+ restart)
+ if [ -f /var/run/sshd.pid ]; then
+ kill -HUP `cat /var/run/sshd.pid`
+ echo 'sshd restarted'
+ fi
+ ;;
+ -h)
+ echo "Usage: `basename $0` { start | stop | restart }"
+ ;;
+ *)
+ __PREFIX__/sbin/sshd
+ echo -n ' sshd'
+ ;;
+esac
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-06 14:35:55 +0000