diff options
Diffstat (limited to 'security/ssh')
32 files changed, 0 insertions, 4011 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile deleted file mode 100644 index 9802b2de06d8..000000000000 --- a/security/ssh/Makefile +++ /dev/null @@ -1,136 +0,0 @@ -# New ports collection makefile for: ssh -# Date created: 30 Jul 1995 -# Whom: torstenb@FreeBSD.org -# -# $FreeBSD$ -# - -PORTNAME= ssh -PORTVERSION= 1.2.33 -PORTREVISION= 6 -CATEGORIES= security ipv6 -MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \ - ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \ - ftp://ftp.cronyx.ru/mirror/ssh/ \ - ftp://ftp.univie.ac.at/applications/ssh.com/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Secure shell client and server (remote login program) - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -CONFLICTS= openssh-* openssh-portable-* openssh-gssapi-* ssh2-3.* -NO_LATEST_LINK= YES -USE_AUTOTOOLS= autoconf213 -GNU_CONFIGURE= YES -USE_PERL5= YES -CONFIGURE_ENV+= PERL=${PERL5} - -CONFIGURE_ARGS+=--with-etcdir=${PREFIX}/etc - -# Uncomment if all your users are in their own group and their homedir -# is writeable by that group. Beware the security implications! -# -#CONFIGURE_ARGS+= --enable-group-writeability - -# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection -# over a secure medium (i.e. allow SSH connections without encryption). -# This is normally dangerous since it can lead to the disclosure of keys -# and passwords. -# -#CONFIGURE_ARGS+= --with-none - -.if defined(KRB5_HOME) && exists(${KRB5_HOME}) -CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \ - --disable-suid-ssh -.endif - -# Include support for the SecureID card -# Warning: untested ! -# -.if defined(WITH_SECUREID) -CONFIGURE_ARGS+= --with-secureid -.endif - -# Don't use IDEA. IDEA can be freely used for non-commercial use. However, -# commercial use may require a licence in a number of countries. Since SSH -# itself may not be used for commercial purposes without a license, we -# enable IDEA by default since the user would already be getting himself -# into trouble. -# -.if defined(WITHOUT_IDEA) -CONFIGURE_ARGS+= --without-idea -.endif - -LIB_DEPENDS+= gmp.10:${PORTSDIR}/math/gmp -MAKE_ENV+= GMPINCDIR="${LOCALBASE}/include" \ - GMPLIBDIR="${LOCALBASE}/lib" - -.include <bsd.port.pre.mk> - -.if !defined(REALLY_WANT_SSH) -IGNORE= is now deprecated: OpenSSH is a superior version of SSH which has been included in the FreeBSD base system since 4.0-RELEASE. To override this warning set the REALLY_WANT_SSH environment variable and rebuild -.endif - -MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \ - make-ssh-known-hosts1.1 -MAN8= sshd1.8 -MLINKS= make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \ - scp1.1 scp.1 \ - ssh-add1.1 ssh-add.1 \ - ssh-agent1.1 ssh-agent.1 \ - ssh-keygen1.1 ssh-keygen.1 \ - ssh1.1 ssh.1 \ - ssh.1 slogin.1 \ - ssh1.1 slogin1.1 \ - sshd1.8 sshd.8 - -pre-patch: - @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ - ${WRKSRC}/make-ssh-known-hosts.pl.in - -post-install: - @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \ - ${ECHO_MSG} "Generating a secret host key..."; \ - ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \ - fi; \ - if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ - if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ - ${ECHO_MSG} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ - ${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \ - > ${PREFIX}/etc/rc.d/sshd.sh; \ - ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \ - fi; \ - fi - -# Include tcp-wrapper support (call remote identd) -CONFIGURE_ARGS+= --with-libwrap - -# Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ -# ssh-1.2.27-IPv6-1.5-patch.gz -# We still use WITH_INET6 here and try to support pre 4.0 machines with kame -# IPv6 stack -.if defined(WITH_INET6) -CONFIGURE_ARGS+= --enable-ipv6 -.else -CONFIGURE_ARGS+= --disable-ipv6 -.endif - -# Include SOCKS firewall support -.if defined(WITH_SOCKS) -CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5 -.endif - -# Include extra files if X11 is installed -.if defined(WITH_X11) || (exists(${LOCALBASE}/lib/libX11.a) \ - && !defined(WITHOUT_X11)) -USE_XORG= x11 -PLIST:= ${WRKDIR}/PLIST -pre-install: - @${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST} -.else -CONFIGURE_ARGS+= --without-x -.endif - -.include <bsd.port.post.mk> diff --git a/security/ssh/distinfo b/security/ssh/distinfo deleted file mode 100644 index c2bc8a8f4c08..000000000000 --- a/security/ssh/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (ssh-1.2.33.tar.gz) = 1a0ec35dfa1d8d9c0b650fa99ab21d56 -SHA256 (ssh-1.2.33.tar.gz) = d8ff41a026e77facee349becb79c04099e71012ae6bc386ced5ba58c926c2675 -SIZE (ssh-1.2.33.tar.gz) = 1030252 diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa deleted file mode 100644 index 3386fc8d68a3..000000000000 --- a/security/ssh/files/patch-aa +++ /dev/null @@ -1,19 +0,0 @@ -*** make-ssh-known-hosts.pl.in.orig Wed May 12 20:18:51 1999 ---- make-ssh-known-hosts.pl.in Sun Jun 6 02:30:08 1999 -*************** -*** 98,104 **** - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '/etc/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; ---- 98,104 ---- - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '@ETCDIR@/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac deleted file mode 100644 index 2e1d77d2aefb..000000000000 --- a/security/ssh/files/patch-ac +++ /dev/null @@ -1,88 +0,0 @@ ---- Makefile.in.orig Thu Jan 17 08:35:34 2002 -+++ Makefile.in Wed Jan 8 18:13:41 2003 -@@ -307,11 +307,13 @@ - - SHELL = /bin/sh - --GMPDIR = gmp-2.0.2-ssh-2 --GMPLIBS = @ssh_gmp_ldadd_options@ --GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a -+GMPDIR = -+GMPINCDIR ?= /usr/include -+GMPLIBDIR ?= /usr/lib -+GMPLIBS = -L$(GMPLIBDIR) -lgmp -+GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a - --ZLIBDIR = zlib-1.0.4 -+ZLIBDIR = /usr/lib - ZLIBDEP = $(ZLIBDIR)/libz.a - ZLIBLIBS = @ssh_zlib_ldadd_options@ - -@@ -418,17 +420,19 @@ - $(CC) -o rfc-pg rfc-pg.o - - .c.o: -- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< -+ $(CC) -c -I. $(KERBEROS_INCS) -I$(GMPINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< - - sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f sshd - $(CC) $(LDFLAGS) -o sshd $(SSHD_OBJS) \ -- $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) $(KERBEROS_LIBS) -+ $(KERBEROS_LIBS) \ -+ $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) - - ssh: $(SSH_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f ssh - $(CC) $(LDFLAGS) -o ssh $(SSH_OBJS) \ -- $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) $(KERBEROS_LIBS) -+ $(KERBEROS_LIBS) \ -+ $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) - - ssh-keygen: $(KEYGEN_OBJS) $(GMPDEP) $(RSAREFDEP) - -rm -f ssh-keygen -@@ -436,7 +440,9 @@ - - ssh-agent: $(AGENT_OBJS) $(GMPDEP) $(RSAREFDEP) - -rm -f ssh-agent -- $(CC) $(LDFLAGS) -o ssh-agent $(AGENT_OBJS) $(GMPLIBS) $(LIBS) $(KERBEROS_LIBS) -+ $(CC) $(LDFLAGS) -o ssh-agent $(AGENT_OBJS) \ -+ $(KERBEROS_LIBS) \ -+ $(GMPLIBS) $(LIBS) - - ssh-add: $(ADD_OBJS) $(GMPDEP) $(RSAREFDEP) - -rm -f ssh-add -@@ -461,12 +467,12 @@ - sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts - chmod +x make-ssh-known-hosts - --GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ -+XXX_DONT_GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ - mpz_mul.c mpz_cmp.c mpz_sqrtrem.c --$(GMPDIR)/libgmp.a: -+XXX_DONT_$(GMPDIR)/libgmp.a: - cd $(GMPDIR); $(MAKE) - --$(ZLIBDEP): -+XXX_DONT_$(ZLIBDEP): - -if test '!' -d $(ZLIBDIR); then \ - mkdir $(ZLIBDIR); \ - cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -@@ -530,7 +536,7 @@ - # (otherwise it can only log in as the user it runs as, and must be - # bound to a non-privileged port). Also, password authentication may - # not be available if non-root and using shadow passwords. --install: $(PROGRAMS) make-dirs generate-host-key install-configs -+install: $(PROGRAMS) make-dirs install-configs - -rm -f $(install_prefix)$(bindir)/ssh1.old - -chmod 755 $(install_prefix)$(bindir)/ssh1 - -chmod 755 $(install_prefix)$(bindir)/ssh -@@ -756,7 +762,7 @@ - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null - - depend: -- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) -+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) - - tags: - -rm -f TAGS diff --git a/security/ssh/files/patch-ad b/security/ssh/files/patch-ad deleted file mode 100644 index bab4169bca64..000000000000 --- a/security/ssh/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -*** auth-passwd.c.orig Wed May 12 20:19:23 1999 ---- auth-passwd.c Sun Jun 6 02:36:00 1999 -*************** -*** 911,916 **** ---- 911,918 ---- - encrypted_password = crypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); -+ if (!password[0] && correct_passwd[0]) -+ encrypted_password = ":"; - #endif /* HAVE_SCO_ETC_SHADOW */ - - /* Authentication is accepted if the encrypted passwords are identical. */ diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae deleted file mode 100644 index 0ef0a89ae6c2..000000000000 --- a/security/ssh/files/patch-ae +++ /dev/null @@ -1,58 +0,0 @@ -*** server_config.sample.old Thu Apr 20 23:24:57 2000 ---- server_config.sample Thu Apr 20 23:26:24 2000 -*************** -*** 1,13 **** - # This is ssh server systemwide configuration file. - - Port 22 -! ListenAddress 0.0.0.0 - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 - LoginGraceTime 600 - KeyRegenerationInterval 3600 -! PermitRootLogin yes - IgnoreRhosts no - StrictModes yes - QuietMode no ---- 1,13 ---- - # This is ssh server systemwide configuration file. - - Port 22 -! #Port 722 # Secondary port to listen on - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 - LoginGraceTime 600 - KeyRegenerationInterval 3600 -! PermitRootLogin no - IgnoreRhosts no - StrictModes yes - QuietMode no -*************** -*** 16,27 **** - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility DAEMON - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes - PasswordAuthentication yes -! PermitEmptyPasswords yes - UseLogin no - # CheckMail no - # PidFile /u/zappa/.ssh/pid ---- 16,27 ---- - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility AUTH - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes - PasswordAuthentication yes -! PermitEmptyPasswords no - UseLogin no - # CheckMail no - # PidFile /u/zappa/.ssh/pid diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af deleted file mode 100644 index e9f2a66f0dbd..000000000000 --- a/security/ssh/files/patch-af +++ /dev/null @@ -1,564 +0,0 @@ ---- sshd.c.orig Mon Jul 3 19:07:35 2000 -+++ sshd.c Sat Jun 29 22:25:41 2002 -@@ -567,6 +567,19 @@ - /* Name of the server configuration file. */ - char *config_file_name = SERVER_CONFIG_FILE; - -+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ -+#ifdef ENABLE_LOG_AUTH -+char *unauthenticated_user = NULL; -+int log_auth_flag = 0; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Debug mode flag. This can be set on the command line. If debug - mode is enabled, extra debugging output will be sent to the system - log, the daemon will not go to background, and will exit after processing -@@ -590,7 +603,17 @@ - - /* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ --int listen_sock; -+#define MAX_LISTEN_SOCKS 16 -+int listen_socks[MAX_LISTEN_SOCKS]; -+int num_listen_socks = 0; -+void close_listen_socks() -+{ -+ int i; -+ -+ for (i = 0; i < num_listen_socks; i++) -+ close(listen_socks[i]); -+ num_listen_socks = -1; -+} - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ -@@ -680,7 +703,7 @@ - void sighup_restart(void) - { - log_msg("Received SIGHUP; restarting."); -- close(listen_sock); -+ close_listen_socks(); - execvp(saved_argv[0], saved_argv); - log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", - saved_argv[0], strerror(errno)); -@@ -694,7 +717,7 @@ - RETSIGTYPE sigterm_handler(int sig) - { - log_msg("Received signal %d; terminating.", sig); -- close(listen_sock); -+ close_listen_socks(); - exit(255); - } - -@@ -773,7 +796,7 @@ - int perm_denied = 0; - int ret; - fd_set fdset; -- struct sockaddr_in sin; -+ struct sockaddr_storage from; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ - char *comment; -@@ -783,6 +806,9 @@ - struct linger linger; - #endif /* SO_LINGER */ - int done; -+ struct addrinfo *ai; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int listen_sock, maxfd; - - /* Save argv[0]. */ - saved_argv = av; -@@ -801,10 +827,26 @@ - initialize_server_options(&options); - - /* Parse command-line arguments. */ -- while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF) -+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4" -+#ifdef ENABLE_IPV6 -+ "6" -+#endif -+ )) != EOF) - { - switch (opt) - { -+ case '4': -+#ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+#else -+ IPv4or6 = AF_INET; -+#endif -+ break; -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+#endif - case 'f': - config_file_name = optarg; - break; -@@ -821,7 +863,7 @@ - options.server_key_bits = atoi(optarg); - break; - case 'p': -- options.port = atoi(optarg); -+ options.ports[options.num_ports++] = atoi(optarg); - break; - case 'g': - options.login_grace_time = atoi(optarg); -@@ -843,6 +885,10 @@ - fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); - fprintf(stderr, "Usage: %s [options]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only\n"); -+#ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only\n"); -+#endif - fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); - fprintf(stderr, " -d Debugging mode\n"); - fprintf(stderr, " -i Started from inetd\n"); -@@ -871,16 +917,15 @@ - fprintf(stderr, "fatal: Bad server key size.\n"); - exit(1); - } -- if (options.port < 1 || options.port > 65535) -- { -- fprintf(stderr, "fatal: Bad port number.\n"); -- exit(1); -- } - if (options.umask != -1) - { - umask(options.umask); - } - -+#ifdef ENABLE_LOG_AUTH -+ log_auth_flag = options.log_auth; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Check that there are no remaining arguments. */ - if (optind < ac) - { -@@ -1048,10 +1093,13 @@ - } - else - { -+ for (ai = options.listen_addrs; ai; ai = ai->ai_next) -+ { - /* Create socket for listening. */ -- listen_sock = socket(AF_INET, SOCK_STREAM, 0); -+ listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (listen_sock < 0) - fatal("socket: %.100s", strerror(errno)); -+ listen_socks[num_listen_socks] = listen_sock; - - /* Set socket options. We try to make the port reusable and have it - close as fast as possible without waiting in unnecessary wait states -@@ -1065,21 +1113,30 @@ - sizeof(linger)); - #endif /* SO_LINGER */ - -- /* Initialize the socket address. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr = options.listen_addr; -- sin.sin_port = htons(options.port); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); - - /* Bind the socket to the desired port. */ -- if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("bind: %.100s", strerror(errno)); -- shutdown(listen_sock, 2); -+ error("Bind to port %s on %s failed: %.200s.", -+ strport, ntop, strerror(errno)); - close(listen_sock); -- fatal("Bind to port %d failed: %.200s.", options.port, -- strerror(errno)); -+ continue; - } -+ num_listen_socks++; -+ -+ /* Start listening on the port. */ -+ log_msg("Server listening on %s port %s.", ntop, strport); -+ if (listen(listen_sock, 5) < 0) -+ fatal("listen: %.100s", strerror(errno)); -+ -+ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */ -+ freeaddrinfo(options.listen_addrs); -+ -+ if (!num_listen_socks) -+ fatal("Cannot bind all addresses."); - - if (!debug_flag) - { -@@ -1095,11 +1152,6 @@ - } - } - -- /* Start listening on the port. */ -- log_msg("Server listening on port %d.", options.port); -- if (listen(listen_sock, 5) < 0) -- fatal("listen: %.100s", strerror(errno)); -- - /* Generate an rsa key. */ - log_msg("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(&sensitive_data.private_key, &public_key, -@@ -1153,18 +1205,28 @@ - - /* Wait in select until there is a connection. */ - FD_ZERO(&fdset); -- FD_SET(listen_sock, &fdset); -- ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); -- if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) -+ maxfd = 0; -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ FD_SET(listen_socks[i], &fdset); -+ if (listen_socks[i] > maxfd) -+ maxfd = listen_socks[i]; -+ } -+ ret = select(maxfd + 1, &fdset, NULL, NULL, NULL); -+ if (ret < 0) - { - if (errno == EINTR) - continue; - error("select: %.100s", strerror(errno)); - continue; - } -- -- aux = sizeof(sin); -- newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux); -+ -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ if (!FD_ISSET(listen_socks[i], &fdset)) -+ continue; -+ aux = sizeof(from); -+ newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux); - if (newsock < 0) - { - if (errno == EINTR) -@@ -1180,7 +1242,7 @@ - /* In debugging mode. Close the listening socket, and start - processing the connection without forking. */ - debug("Server will not fork when running in debugging mode."); -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - pid = getpid(); -@@ -1209,7 +1271,7 @@ - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - #ifdef LIBWRAP -@@ -1247,6 +1309,10 @@ - - /* Close the new socket (the child is now taking care of it). */ - close(newsock); -+ } /* for (i = 0; i < num_host_socks; i++) */ -+ /* child process check (or debug mode) */ -+ if (num_listen_socks < 0) -+ break; - } - } - -@@ -2219,6 +2285,9 @@ - krb5_parse_name(ssh_context, user, &client); - #endif /* defined(KERBEROS) && defined(KRB5) */ - -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = user; -+#endif /* ENABLE_LOG_AUTH */ - /* Verify that the user is a valid user. We disallow usernames starting - with any characters that are commonly used to start NIS entries. */ - pw = getpwnam(user); -@@ -2236,7 +2305,7 @@ - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ -+#endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; -@@ -2274,6 +2343,11 @@ - { - /* Authentication with empty password succeeded. */ - debug("Login for user %.100s accepted without authentication.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "empty password accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - /* Success packet will be sent after loop below. */ -@@ -2348,6 +2422,11 @@ - /* Client has successfully authenticated to us. */ - log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s", - tkt_user, user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "kerberos authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_KERBEROS; - authenticated = 1; - break; -@@ -2396,6 +2475,11 @@ - /* Authentication accepted. */ - log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", - user, client_user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS; - authenticated = 1; - remote_user_name = client_user; -@@ -2455,6 +2539,11 @@ - options.strict_modes)) - { - /* Authentication accepted. */ -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts with RSA host authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS_RSA; - authenticated = 1; - remote_user_name = client_user; -@@ -2488,6 +2577,11 @@ - /* Successful authentication. */ - mpz_clear(&n); - log_msg("RSA authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "RSA user authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RSA; - authenticated = 1; - break; -@@ -2622,6 +2716,11 @@ - auth_close(); - memset(password, 0, strlen(password)); - xfree(password); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from @%.700s (%s)", -+ user, get_canonical_hostname(), -+ "TIS authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_TIS; - authenticated = 1; - break; -@@ -2682,6 +2781,11 @@ - memset(password, 0, strlen(password)); - xfree(password); - log_msg("Password authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "password authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - break; -@@ -2722,6 +2826,11 @@ - } - - /* Check if the user is logging in as root and root logins are disallowed. */ -+#ifdef ENABLE_LOG_AUTH -+ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) || -+ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command)) -+ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) - { - if (authentication_type == SSH_AUTH_PASSWORD) -@@ -2789,6 +2898,9 @@ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = NULL; -+#endif /* ENABLE_LOG_AUTH */ - - /* Perform session preparation. */ - do_authenticated(pw); -@@ -3383,15 +3495,16 @@ - char line[256]; - struct stat st; - int quiet_login; -- struct sockaddr_in from; -+ struct sockaddr_storage from; - int fromlen; - struct pty_cleanup_context cleanup_context; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; -+ time_t warnpassword, warnexpire; - #endif --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - struct timeval tp; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ -+#endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */ - - /* We no longer need the child running on user's privileges. */ - userfile_uninit(); -@@ -3490,7 +3603,7 @@ - - /* Record that there was a login on that terminal. */ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, -- &from); -+ (struct sockaddr *)&from); - - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - lc = login_getclass(pw->pw_class); -@@ -3549,6 +3662,14 @@ - "The Regents of the University of California. ", - "All rights reserved."); - } -+#ifdef HAVE_LOGIN_CAP_H -+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ -+ -+ warnpassword = login_getcaptime(lc, "warnpassword", -+ DEFAULT_WARN, DEFAULT_WARN); -+ warnexpire = login_getcaptime(lc, "warnexpire", -+ DEFAULT_WARN, DEFAULT_WARN); -+#endif - #endif - - /* Print /etc/motd unless a command was specified or printing it was -@@ -3572,7 +3693,7 @@ - fputs(line, stdout); - fclose(f); - } --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -+#if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) -@@ -3979,6 +4100,7 @@ - char *user_shell; - char *remote_ip; - int remote_port; -+ int local_port; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - char *real_shell; -@@ -4025,7 +4147,7 @@ - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -+#if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); -@@ -4084,6 +4206,7 @@ - user_shell = xstrdup(pw->pw_shell); - remote_ip = xstrdup(get_remote_ipaddr()); - remote_port = get_remote_port(); -+ local_port = get_local_port(); - - /* Close the connection descriptors; note that this is the child, and the - server will still have the socket open, and it is important that we -@@ -4103,7 +4226,6 @@ - /* Close any extra file descriptors. Note that there may still be - descriptors left by system functions. They will be closed later. */ - endpwent(); -- endhostent(); - - /* Set dummy encryption key to clear information about the key from - memory. This key will never be used. */ -@@ -4360,7 +4482,7 @@ - - /* Set SSH_CLIENT. */ - snprintf(buf, sizeof(buf), -- "%.50s %d %d", remote_ip, remote_port, options.port); -+ "%.50s %d %d", remote_ip, remote_port, local_port); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - /* Set SSH_TTY if we have a pty. */ -@@ -4533,7 +4655,8 @@ - int i; - char name[255], *p; - char line[256]; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN]; - - strncpy(name, display, sizeof(name)); - name[sizeof(name) - 1] = '\0'; -@@ -4550,7 +4673,10 @@ - /* Moved this call here to avoid a nasty buf in SunOS - 4.1.4 libc where gethostbyname closes an unrelated - file descriptor. */ -- hp = gethostbyname(name); -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) -+ aitop = 0; - - snprintf(line, sizeof(line), - "%.200s -q -", options.xauth_path); -@@ -4568,21 +4694,24 @@ - cp - display, display, cp, auth_proto, - auth_data); - #endif -- if (hp) -+ if (aitop) - { -- for(i = 0; hp->h_addr_list[i]; i++) -+ for (ai = aitop; ai; ai = ai->ai_next) - { -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, -+ NI_NUMERICHOST); -+ if (strchr(ntop, ':')) -+ continue; /* XXX - xauth doesn't accept it */ - if (debug_flag) - { - fprintf(stderr, "Running %s add %s%s %s %s\n", - options.xauth_path, -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - fprintf(f, "add %s%s %s %s\n", -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - } -@@ -4632,7 +4761,11 @@ - struct stat mailbuf; - - if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) -+#ifdef __FreeBSD__ -+ ; -+#else - printf("No mail.\n"); -+#endif - else if (mailbuf.st_atime > mailbuf.st_mtime) - printf("You have mail.\n"); - else diff --git a/security/ssh/files/patch-ag b/security/ssh/files/patch-ag deleted file mode 100644 index 71f3b7e168f8..000000000000 --- a/security/ssh/files/patch-ag +++ /dev/null @@ -1,54 +0,0 @@ -*** auth-kerberos.c.orig Tue Jan 11 20:33:46 2000 ---- auth-kerberos.c Tue Jan 11 20:33:38 2000 -*************** -*** 120,129 **** ---- 120,137 ---- - - debug("Kerberos invalid service name (%.100s).", server); - packet_send_debug("Kerberos invalid service name (%.100s).", server); -+ #ifdef krb5_xfree - krb5_xfree(server); -+ #else -+ free(server); -+ #endif - return 0; - } -+ #ifdef krb5_xfree - krb5_xfree(server); -+ #else -+ free(server); -+ #endif - - /* Extract the users name from the ticket client principal */ - problem = krb5_copy_principal(ssh_context, ticket->enc_part2->client, -*************** -*** 159,165 **** ---- 167,177 ---- - packet_put_string((char *) reply.data, reply.length); - packet_send(); - packet_write_wait(); -+ #ifdef krb5_xfree - krb5_xfree(reply.data); -+ #else -+ krb5_free_data_contents(ssh_context, &reply); -+ #endif - return 1; - } - #endif /* KRB5 */ -*************** -*** 177,183 **** - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -! struct sockaddr_in local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - ---- 189,195 ---- - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -! struct sockaddr_storage local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al deleted file mode 100644 index 35a191b5561a..000000000000 --- a/security/ssh/files/patch-al +++ /dev/null @@ -1,408 +0,0 @@ -*** sshconnect.c.orig Wed May 12 20:19:29 1999 ---- sshconnect.c Thu Feb 24 22:34:47 2000 -*************** -*** 337,343 **** - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - -! int ssh_create_socket(uid_t original_real_uid, int privileged) - { - int sock; - ---- 337,343 ---- - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - -! int ssh_create_socket(uid_t original_real_uid, int privileged, int family) - { - int sock; - -*************** -*** 345,379 **** - bind our own socket to a privileged port. */ - if (privileged) - { -! struct sockaddr_in sin; - int p; - for (p = 1023; p > 512; p--) - { -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) -! fatal("socket: %.100s", strerror(errno)); - -! /* Initialize the desired sockaddr_in structure. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr.s_addr = INADDR_ANY; -! sin.sin_port = htons(p); - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -! if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; /* Success. */ - #else /* SOCKS */ -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); - continue; - } -! fatal("bind: %.100s", strerror(errno)); - } - debug("Allocated local port %d.", p); - } - else ---- 345,404 ---- - bind our own socket to a privileged port. */ - if (privileged) - { -! struct addrinfo hints, *ai = NULL; -! int errgai; -! char strport[PORTSTRLEN]; - int p; -+ #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) -+ p = 1023; /* Compat with old FreeBSD */ -+ #if __FreeBSD__ >= 400014 -+ sock = rresvport_af(&p, family); -+ if (sock < 0) -+ error("rresvport_af: %.100s", strerror(errno)); -+ #else -+ sock = rresvport(&p); -+ if (sock < 0) -+ error("rresvport: %.100s", strerror(errno)); -+ #endif -+ #else - for (p = 1023; p > 512; p--) - { -! sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) -! error("socket: %.100s", strerror(errno)); - -! /* Initialize the desired addrinfo structure. */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = family; -! hints.ai_flags = AI_PASSIVE; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", p); -! #if defined(SOCKS) -! if ((errgai = Rgetaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); -! #else /* SOCKS */ -! if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); -! #endif /* SOCKS */ - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -! if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #else /* SOCKS */ -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); -+ freeaddrinfo(ai); - continue; - } -! error("bind: %.100s", strerror(errno)); - } -+ freeaddrinfo(ai); -+ #endif - debug("Allocated local port %d.", p); - } - else -*************** -*** 396,409 **** - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -! struct hostent *hp; -! struct sockaddr_in hostaddr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ ---- 421,439 ---- - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -! struct addrinfo hints, *ai, *aitop, *aitmp; -! struct sockaddr_storage hostaddr; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -! int gaierr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ -*************** -*** 421,430 **** - port = SSH_DEFAULT_PORT; - } - -- /* Map localhost to ip-address locally */ -- if (strcmp(host, "localhost") == 0) -- host = "127.0.0.1"; -- - /* If a proxy command is given, connect using it. */ - if (proxy_command != NULL && *proxy_command) - return ssh_proxy_connect(host, port, original_real_uid, proxy_command, ---- 451,456 ---- -*************** -*** 432,440 **** - - /* No proxy command. */ - -! /* No host lookup made yet. */ -! hp = NULL; -! - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ ---- 458,495 ---- - - /* No proxy command. */ - -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", port); -! #if defined(SOCKS) -! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #else /* SOCKS */ -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #endif /* SOCKS */ -! -! #ifdef ENABLE_ANOTHER_PORT_TRY -! if (another_port) -! { -! aitmp = aitop; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", another_port); -! #if defined(SOCKS) -! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #else /* SOCKS */ -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #endif /* SOCKS */ -! for (ai = aitop; ai->ai_next; ai = ai->ai_next); -! ai->ai_next = aitmp; -! } -! #endif /* ENABLE_ANOTHER_PORT_TRY */ -! - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ -*************** -*** 443,545 **** - if (attempt > 0) - debug("Trying again..."); - -- /* Try to parse the host name as a numeric inet address. */ -- memset(&hostaddr, 0, sizeof(hostaddr)); -- hostaddr.sin_family = AF_INET; -- hostaddr.sin_port = htons(port); -- #ifdef BROKEN_INET_ADDR -- hostaddr.sin_addr.s_addr = inet_network(host); -- #else /* BROKEN_INET_ADDR */ -- hostaddr.sin_addr.s_addr = inet_addr(host); -- #endif /* BROKEN_INET_ADDR */ -- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -- { -- /* Create a socket. */ -- sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -- -- /* Valid numeric IP address */ -- debug("Connecting to %.100s port %d.", -- inet_ntoa(hostaddr.sin_addr), port); -- -- /* Connect to the host. */ -- #if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) -- #else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) -- #endif /* SOCKS */ -- >= 0) -- { -- /* Successful connect. */ -- break; -- } -- debug("connect: %.100s", strerror(errno)); -- -- /* Destroy the failed socket. */ -- shutdown(sock, 2); -- close(sock); -- } -- else -- { -- /* Not a valid numeric inet address. */ -- /* Map host name to an address. */ -- if (!hp) -- { -- struct hostent *hp_static; -- -- #if defined(SOCKS5) -- hp_static = Rgethostbyname(host); -- #else -- hp_static = gethostbyname(host); -- #endif -- if (hp_static) -- { -- hp = xmalloc(sizeof(struct hostent)); -- memcpy(hp, hp_static, sizeof(struct hostent)); -- -- /* Copy list of addresses, not just pointers. -- We don't use h_name & h_aliases so leave them as is */ -- for (i = 0; hp_static->h_addr_list[i]; i++) -- ; /* count them */ -- hp->h_addr_list = xmalloc((i + 1) * -- sizeof(hp_static->h_addr_list[0])); -- for (i = 0; hp_static->h_addr_list[i]; i++) -- { -- hp->h_addr_list[i] = xmalloc(hp->h_length); -- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i], -- hp->h_length); -- } -- hp->h_addr_list[i] = NULL; /* last one */ -- } -- } -- if (!hp) -- fatal("Bad host name: %.100s", host); -- if (!hp->h_addr_list[0]) -- fatal("Host does not have an IP address: %.100s", host); -- - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -! for (i = 0; hp->h_addr_list[i]; i++) - { -! /* Set the address to connect to. */ -! hostaddr.sin_family = hp->h_addrtype; -! memcpy(&hostaddr.sin_addr, hp->h_addr_list[i], -! sizeof(hostaddr.sin_addr)); - -! debug("Connecting to %.200s [%.100s] port %d.", -! host, inet_ntoa(hostaddr.sin_addr), port); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -! !anonymous && geteuid() == UID_ROOT); - - /* Connect to the host. */ - #if defined(SOCKS) -! if (Rconnect(sock, (struct sockaddr *)&hostaddr, -! sizeof(hostaddr)) >= 0) - #else /* SOCKS */ -! if (connect(sock, (struct sockaddr *)&hostaddr, -! sizeof(hostaddr)) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ ---- 498,526 ---- - if (attempt > 0) - debug("Trying again..."); - - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -! for (ai = aitop; ai; ai = ai->ai_next) - { -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), strport, sizeof(strport), -! NI_NUMERICHOST|NI_NUMERICSERV); - -! debug("Connecting to %.200s [%.100s] port %s.", -! host, ntop, strport); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -! !anonymous && geteuid() == UID_ROOT, -! ai->ai_family); -! if (sock < 0) -! continue; - - /* Connect to the host. */ - #if defined(SOCKS) -! if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #else /* SOCKS */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ -*************** -*** 552,573 **** - returned an error. */ - shutdown(sock, 2); - close(sock); -! } -! if (hp->h_addr_list[i]) - break; /* Successful connection. */ -- } - - /* Sleep a moment before retrying. */ - sleep(1); - } - -! if (hp) -! { -! for (i = 0; hp->h_addr_list[i]; i++) -! xfree(hp->h_addr_list[i]); -! xfree(hp->h_addr_list); -! xfree(hp); -! } - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) ---- 533,547 ---- - returned an error. */ - shutdown(sock, 2); - close(sock); -! } /* for (ai = aitop; ai; ai = ai->ai_next) */ -! if (ai) - break; /* Successful connection. */ - - /* Sleep a moment before retrying. */ - sleep(1); - } - -! freeaddrinfo(aitop); - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) -*************** -*** 946,952 **** - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -! struct sockaddr_in local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); ---- 920,926 ---- - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -! struct sockaddr_storage local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); diff --git a/security/ssh/files/patch-ao b/security/ssh/files/patch-ao deleted file mode 100644 index 0c5f76b3ed1b..000000000000 --- a/security/ssh/files/patch-ao +++ /dev/null @@ -1,583 +0,0 @@ -*** newchannels.c.orig Tue Jan 11 20:38:09 2000 ---- newchannels.c Tue Jan 11 20:38:02 2000 -*************** -*** 282,287 **** ---- 282,292 ---- - #endif /* NEED_SYS_SYSLOG_H */ - #endif /* LIBWRAP */ - -+ #ifdef __FreeBSD__ -+ #include <utmp.h> -+ #include <osreldate.h> -+ #endif -+ - /* Directory in which the fake unix-domain X11 displays reside. */ - #ifndef X11_DIR - #define X11_DIR "/tmp/.X11-unix" -*************** -*** 1405,1417 **** - int host_port, int gatewayports) - { - int ch, sock; -! struct sockaddr_in sin; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - - /* Create a port to listen for the host. */ -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - ---- 1410,1438 ---- - int host_port, int gatewayports) - { - int ch, sock; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = gatewayports ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ packet_disconnect("getaddrinfo: fatal error"); -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create a port to listen for the host. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - -*************** -*** 1421,1441 **** - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! /* Initialize socket address. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! if (gatewayports) -! sin.sin_addr.s_addr = INADDR_ANY; -! else -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network("127.0.0.1"); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr("127.0.0.1"); -! #endif /* BROKEN_INET_ADDR */ -! sin.sin_port = htons(port); -! - /* Bind the socket to the address. */ -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ ---- 1442,1451 ---- - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! debug("Listening on %s port %s.", ntop, strport); -! - /* Bind the socket to the address. */ -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ -*************** -*** 1448,1453 **** ---- 1458,1466 ---- - strcpy(channels[ch].path, host); /* note: host name stored here */ - channels[ch].host_port = host_port; /* port on host to connect to */ - channels[ch].listening_port = port; /* port being listened */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); - } - - /* Initiate forwarding of connections to port "port" on remote host through -*************** -*** 1636,1644 **** - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; -- struct sockaddr_in sin; - char *host, *originator_string; -! struct hostent *hp; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); ---- 1649,1658 ---- - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; - char *host, *originator_string; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -! int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -*************** -*** 1678,1713 **** - } - } - -! memset(&sin, 0, sizeof(sin)); -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network(host); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr(host); -! #endif /* BROKEN_INET_ADDR */ -! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -! { -! /* It was a valid numeric host address. */ -! sin.sin_family = AF_INET; -! } -! else - { -! /* Look up the host address from the name servers. */ -! hp = gethostbyname(host); -! if (!hp) -! { -! error("%.100s: unknown host.", host); -! goto fail; -! } -! if (!hp->h_addr_list[0]) -! { -! error("%.100s: host has no IP address.", host); -! goto fail; -! } -! sin.sin_family = hp->h_addrtype; -! memcpy(&sin.sin_addr, hp->h_addr_list[0], -! sizeof(sin.sin_addr)); - } -- sin.sin_port = htons(host_port); - - #ifdef F_SECURE_COMMERCIAL - ---- 1692,1706 ---- - } - } - -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", host_port); -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - { -! error("%.100s: unknown host (%s)", host, gai_strerror(gaierr)); -! goto fail; - } - - #ifdef F_SECURE_COMMERCIAL - -*************** -*** 1744,1751 **** - - #endif /* F_SECURE_COMMERCIAL */ - - /* Create the socket. */ -! sock = socket(sin.sin_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); ---- 1737,1751 ---- - - #endif /* F_SECURE_COMMERCIAL */ - -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create the socket. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -*************** -*** 1753,1767 **** - } - - /* Connect to the host/port. */ -! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("connect %.100s:%d: %.100s", host, host_port, -! strerror(errno)); - close(sock); - goto fail; - } - - /* Successful connection. */ - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); ---- 1753,1777 ---- - } - - /* Connect to the host/port. */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); - close(sock); -+ continue; /* fail -- try next */ -+ } -+ break; /* success */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ -+ if (!ai) -+ { -+ error("connect %.100s:%d: failed.", host, host_port); - goto fail; - } - - /* Successful connection. */ -+ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); -*************** -*** 1803,1809 **** - { - extern ServerOptions options; - int display_number, port, sock; -! struct sockaddr_in sin; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; ---- 1813,1822 ---- - { - extern ServerOptions options; - int display_number, port, sock; -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! #define NUM_SOCKS 10 -! int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS]; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; -*************** -*** 1817,1828 **** - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr.s_addr = INADDR_ANY; -! sin.sin_port = htons(port); - -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); ---- 1830,1850 ---- - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_flags = AI_PASSIVE; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", port); -! if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) -! { -! error("getaddrinfo: %.100s", gai_strerror(gaierr)); -! return NULL; -! } -! -! for (ai = aitop; ai; ai = ai->ai_next) -! { - -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -*************** -*** 1835,1847 **** - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -! continue; - } - break; - } - if (display_number >= MAX_DISPLAYS) ---- 1857,1882 ---- - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -! for (n = 0; n < num_socks; n++) -! { -! shutdown(socks[n], 2); -! close(socks[n]); -! } -! num_socks = 0; -! break; - } -+ -+ socks[num_socks++] = sock; -+ if (num_socks == NUM_SOCKS) -+ break; -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ -+ if (num_socks > 0) - break; - } - if (display_number >= MAX_DISPLAYS) -*************** -*** 1851,1863 **** ---- 1886,1907 ---- - } - - /* Start listening for connections on the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - if (listen(sock, 5) < 0) - { - error("listen: %.100s", strerror(errno)); - shutdown(sock, 2); - close(sock); -+ for (nn = 0; nn < n; nn++) -+ { -+ shutdown(socks[nn], 2); -+ close(socks[nn]); -+ } - return NULL; - } -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Set up a suitable value for the DISPLAY variable. */ - #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE -*************** -*** 1868,1877 **** - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -! struct hostent *hp; -! struct in_addr addr; -! hp = gethostbyname(hostname); -! if (hp == NULL || !hp->h_addr_list[0]) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", ---- 1912,1922 ---- - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -! struct addrinfo hints, *ai; -! char ntop[ADDRSTRLEN]; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", -*************** -*** 1880,1888 **** - close(sock); - return NULL; - } -! memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); - snprintf(buf, sizeof(buf), -! "%.100s:%d.%d", inet_ntoa(addr), display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ ---- 1925,1934 ---- - close(sock); - return NULL; - } -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - snprintf(buf, sizeof(buf), -! "%.100s:%d.%d", ntop, display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ -*************** -*** 1891,1896 **** ---- 1937,1945 ---- - fatal("gethostname: %.100s", strerror(errno)); - snprintf(buf, sizeof(buf), - "%.400s:%d.%d", hostname, display_number, screen_number); -+ #if __FreeBSD_version >= 320000 -+ trimdomain(buf, UT_HOSTSIZE); -+ #endif - #else /* HAVE_GETHOSTNAME */ - if (uname(&uts) < 0) - fatal("uname: %.100s", strerror(errno)); -*************** -*** 1900,1907 **** ---- 1949,1960 ---- - #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ - - /* Allocate a channel for the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, - xstrdup("X11 inet listener")); -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Return a suitable value for the DISPLAY environment variable. */ - return xstrdup(buf); -*************** -*** 1916,1924 **** - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; -- struct sockaddr_in sin; - char buf[255], *cp, *remote_host; -! struct hostent *hp; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); ---- 1969,1978 ---- - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; - char buf[255], *cp, *remote_host; -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -*************** -*** 2058,2110 **** - goto fail; - } - -! /* Try to parse the host name as a numeric IP address. */ -! memset(&sin, 0, sizeof(sin)); -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network(buf); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr(buf); -! #endif /* BROKEN_INET_ADDR */ -! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) - { -! /* It was a valid numeric host address. */ -! sin.sin_family = AF_INET; - } -! else - { -- /* Not a numeric IP address. */ -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(buf); -- if (!hp) -- { -- error("%.100s: unknown host.", buf); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", buf); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -- } -- /* Set port number. */ -- sin.sin_port = htons(6000 + display_number); - - /* Create a socket. */ -! sock = socket(sin.sin_family, SOCK_STREAM, 0); - if (sock < 0) - { -! error("socket: %.100s", strerror(errno)); -! goto fail; - } - /* Connect it to the display. */ -! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); - goto fail; - } - ---- 2112,2155 ---- - goto fail; - } - -! /* Look up the host address */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", 6000 + display_number); -! if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) - { -! error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); -! goto fail; - } -! -! for (ai = aitop; ai; ai = ai->ai_next) - { - - /* Create a socket. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { -! debug("socket: %.100s", strerror(errno)); -! continue; - } - /* Connect it to the display. */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! debug("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); -+ continue; -+ } -+ /* Success */ -+ break; -+ -+ } /* (ai = aitop, ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ if (!ai) -+ { -+ error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ strerror(errno)); - goto fail; - } - -*************** -*** 2412,2417 **** ---- 2457,2466 ---- - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - diff --git a/security/ssh/files/patch-aw b/security/ssh/files/patch-aw deleted file mode 100644 index 697f32393bf6..000000000000 --- a/security/ssh/files/patch-aw +++ /dev/null @@ -1,73 +0,0 @@ -*** login.c.orig Tue Jan 11 20:36:37 2000 ---- login.c Tue Jan 11 20:36:34 2000 -*************** -*** 117,122 **** ---- 117,125 ---- - #include <hpsecurity.h> - #include <prot.h> - #endif /* HAVE_HPUX_TCB_AUTH */ -+ #ifdef __FreeBSD__ -+ #include <osreldate.h> -+ #endif - #include "ssh.h" - - /* Returns the time when the user last logged in. Returns 0 if the -*************** -*** 255,261 **** - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr_in *addr) - { - int fd; - ---- 258,264 ---- - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr *addr) - { - int fd; - -*************** -*** 301,317 **** - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP -- strncpy(u.ut_host, host, sizeof(u.ut_host)); - #ifdef __FreeBSD__ - if (strlen(host) > sizeof(u.ut_host)) { - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -! } - #endif /* __FreeBSD__ */ - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - ---- 304,325 ---- - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP - #ifdef __FreeBSD__ -+ #if __FreeBSD_version >= 320000 -+ trimdomain(host, sizeof u.ut_host); -+ #endif - if (strlen(host) > sizeof(u.ut_host)) { - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -! } else - #endif /* __FreeBSD__ */ -+ strncpy(u.ut_host, host, sizeof(u.ut_host)); - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP -+ #if 0 /* XXX */ - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else -+ #endif /* XXX */ - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - diff --git a/security/ssh/files/patch-ba b/security/ssh/files/patch-ba deleted file mode 100644 index 69ad90067e8c..000000000000 --- a/security/ssh/files/patch-ba +++ /dev/null @@ -1,176 +0,0 @@ -*** README-IPv6.orig Mon Jan 10 22:56:13 2000 ---- README-IPv6 Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,171 ---- -+ ssh-1.2.27-IPv6 version 1.5 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * ssh-1.2.27-IPv6 can handle both IPv4 and IPv6. -+ -+ To enable sshd/ssh to handle both IPv4 and IPv6, -+ -+ ./configure --enable-ipv6 -+ -+ Otherwise sshd/ssh handle IPv4 only as same as original ssh. -+ -+ * You can have multiple ListenAddress lines in /etc/sshd_config. -+ It means that sshd can listen multiple addresses. -+ -+ Example1: sshd will bind on these four adresses. -+ -+ ListenAddress 202.249.17.50 -+ ListenAddress 202.249.17.137 -+ ListenAddress 3ffe:501:c0b::1 -+ ListenAddress 3ffe:501:c0b:20:2a0:c9ff:fe3e:f5fc -+ -+ Example2: as same as example1. -+ (Because bertemu.rcac.tdi.co.jp has these four addresses.) -+ -+ ListenAddress bertemu.rcac.tdi.co.jp -+ -+ Example3: sshd will bind on any address both IPv4 and IPv6. -+ -+ ListenAddress :: -+ ListenAddress 0.0.0.0 -+ -+ Example4: as same as example3. -+ -+ No ListenAddress line in /etc/sshd_config. -+ -+ * You don't mind whether the host has IPv4 or IPv6 address. -+ You can also specify using only IPv4 (or only IPv6). -+ -+ Example1: ssh will try all IPv4 and IPv6 addresses that the host has. -+ -+ ssh host -+ -+ Example2: ssh will try all IPv4 addresses that the host has. -+ -+ ssh -4 host -+ -+ Example3: ssh will try all IPv6 addresses that the host has. -+ -+ ssh -6 host -+ -+ * You can have multiple Port lines in /etc/sshd_config and -p options. -+ It means that sshd can listen multiple ports, not only port 22. -+ -+ For example, you run sshd that listens port 22 and port 722, -+ and you can use port 22 for slogin and port 722 for scp. -+ It's useful if you have preference for interactive traffic in the router. -+ -+ You can have "AnotherPort 722" line in /etc/ssh_config or your -+ config file (maybe ~/.ssh/config). In this case, ssh with -A option -+ try to connect to port 722 at first, and try to connect to original -+ port (maybe port 22) if port 722 fails. scp executes ssh with -A option. -+ -+ * IPv6 supported platform -+ -+ IPv6 feature is available on follwing platforms now. -+ -+ kame -- http://www.kame.net/ (used to be called Hydrangea) -+ v6d -- http://onoe2.sm.sony.co.jp/ipv6/ (IPv6 daemon) -+ -+ On the other environments you can compile and run ssh-1.2.27-IPv6 if -+ you have a good getaddrinfo() in your library. -+ -+ * How to get ssh-1.2.27-IPv6 -+ -+ You can get tar.gz or patch to ssh-1.2.27.tar.gz: -+ -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5.tar.gz -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5-patch.gz -+ -+ * How to install ssh-1.2.27-IPv6 -+ -+ Apply ssh-1.2.27-IPv6-1.5-patch to ssh-1.2.27.tar.gz (or use -+ ssh-1.2.27-IPv6-1.5.tar.gz) and then see INSTALL file of ssh-1.2.27. -+ -+ If you want to enable ssh to handle IPv6, for example, -+ -+ % ./configure --enable-ipv6 -+ % make -+ % make install -+ -+ and you will be able to enjoy ssh handling both IPv6 and IPv4. -+ -+ * Change Log -+ -+ v1.5 1999-05-15 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.27 -+ * supported scp with bracketed ipv6 ip address -+ * used struct sockaddr_storage instead of union sockunion -+ -+ v1.4 1998-08-21 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ * cleanup comparing ip address at get_remote_hostname() in canohost.c -+ -+ v1.3 1998-08-14 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ pointed out by Kenji Rikitake <kenji@k2r.org> -+ -+ v1.2.2 1998-08-07 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed IPv6 enable checking bug in configure.in -+ -+ v1.2.1 1998-08-05 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed AuthLog enable handling bug -+ -+ v1.2 1998-08-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.26 -+ -+ v1.1.5 1998-06-13 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported AuthLog (logging authenticated info) in /etc/sshd_config -+ -+ v1.1.4 1998-06-11 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported multiple Port lines in /etc/sshd_config -+ * supported AnotherPort line in /etc/ssh_config -+ * supported -A option of ssh for another port try -+ -+ v1.1.3 1998-06-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * X11 connection forwarding IPv6 support -+ * removeed all hostent and sockaddr_in from *.c -+ -+ v1.1.2 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * configuration support for v6d. -+ -+ v1.1.1 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add getaddinfo.c, getnameinfo.c and gai.h (delete fakelibinet6.c) -+ * configure checks whether getaddrinfo exists or not. -+ -+ v1.1 1998-05-31 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * add fakelibinet6.c (including getaddrinfo and getnameinfo) -+ * compilation support on non-IPv6 environment. -+ * fixed port forwarding bug -+ -+ v1.0.1 1998-05-30 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add ENABLE_IPV6 flag. -+ * configuration support --enable-ipv6 for IPv6 platforms. -+ -+ v1.0 1998-05-30 created by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * first release -+ * IPv6 support except X11 connection forwarding -+ -+ * Guideline for making this patch -+ -+ * protocol family independent (using AF_UNSPEC) -+ * use getaddrinfo and getnameinfo (see RFC2133) -+ * don't use sockaddr_in and AF_INET (but option -4 uses AF_INET) -+ * don't use sockaddr_in6 and AF_INET6 (but option -6 uses AF_INET6) -+ * don't use gethostbyname, gethostbyaddr and hostent -+ * listen to all addresses for all available protocol family -+ * try to connect to all addresses for all available protocol family -+ diff --git a/security/ssh/files/patch-bb b/security/ssh/files/patch-bb deleted file mode 100644 index 945e1fd83b2e..000000000000 --- a/security/ssh/files/patch-bb +++ /dev/null @@ -1,29 +0,0 @@ -*** acconfig.h.orig Wed May 12 13:19:23 1999 ---- acconfig.h Mon Jan 10 22:56:13 2000 -*************** -*** 274,279 **** ---- 274,297 ---- - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+ /* Define this if you have struct sockaddr_storage. */ -+ #undef HAVE_SOCKADDR_STORAGE -+ -+ /* Define this if you have __sa_family in struct sockaddr_storage. */ -+ #undef HAVE_NEW_SS_FAMILY -+ -+ /* Define this if you have ss_len in struct sockaddr. */ -+ #undef HAVE_SOCKADDR_LEN -+ -+ /* Define this if you want to enable IPv6 support. */ -+ #undef ENABLE_IPV6 -+ -+ /* Define this if you want to enable another port try support. */ -+ #undef ENABLE_ANOTHER_PORT_TRY -+ -+ /* Define this if you want to enable logging auth info support. */ -+ #undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - diff --git a/security/ssh/files/patch-bc b/security/ssh/files/patch-bc deleted file mode 100644 index 63b079f2e35c..000000000000 --- a/security/ssh/files/patch-bc +++ /dev/null @@ -1,401 +0,0 @@ -*** canohost.c.orig Wed May 12 13:19:24 1999 ---- canohost.c Mon Jan 10 22:56:13 2000 -*************** -*** 59,68 **** - - char *get_remote_hostname(int socket) - { -! struct sockaddr_in from; - int fromlen, i; -! struct hostent *hp; - char name[255]; - - /* Get IP address of client. */ - fromlen = sizeof(from); ---- 59,69 ---- - - char *get_remote_hostname(int socket) - { -! struct sockaddr_storage from; - int fromlen, i; -! struct addrinfo hints, *ai, *aitop; - char name[255]; -+ char ntop[ADDRSTRLEN], ntop2[ADDRSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -*************** -*** 73,86 **** - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } - - /* Map the IP address to a host name. */ -! hp = gethostbyaddr((char *)&from.sin_addr, sizeof(struct in_addr), -! from.sin_family); -! if (hp) - { - /* Got host name. */ -- strncpy(name, hp->h_name, sizeof(name)); - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this ---- 74,89 ---- - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } -+ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - - /* Map the IP address to a host name. */ -! if (getnameinfo((struct sockaddr *)&from, fromlen, -! name, sizeof(name), -! NULL, 0, NI_NAMEREQD) == 0) - { - /* Got host name. */ - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this -*************** -*** 95,119 **** - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -! hp = gethostbyname(name); -! if (!hp) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -! strcpy(name, inet_ntoa(from.sin_addr)); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -! for (i = 0; hp->h_addr_list[i]; i++) -! if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) -! == 0) -! break; - /* If we reached the end of the list, the address was not there. */ -! if (!hp->h_addr_list[i]) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -! inet_ntoa(from.sin_addr), name); -! strcpy(name, inet_ntoa(from.sin_addr)); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ ---- 98,127 ---- - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = from.__ss_family; -! if (getaddrinfo(name, NULL, &hints, &aitop) != 0) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -! strcpy(name, ntop); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -! for (ai = aitop; ai; ai = ai->ai_next) -! { -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop2, sizeof(ntop2), NULL, 0, NI_NUMERICHOST); -! if (strcmp(ntop, ntop2) == 0) -! break; -! } -! freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ -! if (!ai) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -! ntop, name); -! strcpy(name, ntop); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ -*************** -*** 121,127 **** - else - { - /* Host name not found. Use ascii representation of the address. */ -! strcpy(name, inet_ntoa(from.sin_addr)); - log_msg("Could not reverse map address %.100s.", name); - } - ---- 129,135 ---- - else - { - /* Host name not found. Use ascii representation of the address. */ -! strcpy(name, ntop); - log_msg("Could not reverse map address %.100s.", name); - } - -*************** -*** 136,141 **** ---- 144,150 ---- - Notice also that if we just dropped source routing here, the other - side could use IP spoofing to do rest of the interaction and could still - bypass security. So we exit here if we detect any IP options. */ -+ if (from.__ss_family == AF_INET) /* IP options -- IPv4 only */ - { - unsigned char options[200], *ucp; - char text[1024], *cp; -*************** -*** 157,165 **** - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -! inet_ntoa(from.sin_addr), text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -! inet_ntoa(from.sin_addr), text); - } - } - #endif ---- 166,174 ---- - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -! ntop, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -! ntop, text); - } - } - #endif -*************** -*** 177,183 **** - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -! struct sockaddr_in from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) ---- 186,192 ---- - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -! struct sockaddr_storage from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) -*************** -*** 200,207 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_ip_addr; - - no_ip_addr: ---- 209,215 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -*************** -*** 221,228 **** - - const char *get_remote_ipaddr(void) - { -! struct sockaddr_in from, to; - int fromlen, tolen, socket; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) ---- 229,237 ---- - - const char *get_remote_ipaddr(void) - { -! struct sockaddr_storage from, to; - int fromlen, tolen, socket; -+ char ntop[ADDRSTRLEN]; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) -*************** -*** 245,252 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_ip_addr; - - no_ip_addr: ---- 254,260 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -*************** -*** 269,275 **** - } - - /* Get the IP address in ascii. */ -! canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr)); - - /* Return ip address string. */ - return canonical_host_ip; ---- 277,285 ---- - } - - /* Get the IP address in ascii. */ -! getnameinfo((struct sockaddr *)&from, fromlen, -! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); -! canonical_host_ip = xstrdup(ntop); - - /* Return ip address string. */ - return canonical_host_ip; -*************** -*** 279,286 **** - - int get_peer_port(int sock) - { -! struct sockaddr_in from; - int fromlen; - - /* Get IP address of client. */ - fromlen = sizeof(from); ---- 289,297 ---- - - int get_peer_port(int sock) - { -! struct sockaddr_storage from; - int fromlen; -+ char strport[PORTSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -*************** -*** 292,298 **** - } - - /* Return port number. */ -! return ntohs(from.sin_port); - } - - /* Returns the port number of the remote host. */ ---- 303,311 ---- - } - - /* Return port number. */ -! getnameinfo((struct sockaddr *)&from, fromlen, -! NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -! return atoi(strport); - } - - /* Returns the port number of the remote host. */ -*************** -*** 301,307 **** - { - int socket; - int fromlen, tolen; -! struct sockaddr_in from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ ---- 314,320 ---- - { - int socket; - int fromlen, tolen; -! struct sockaddr_storage from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ -*************** -*** 319,326 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_port; - - no_ip_addr: ---- 332,338 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_port; - - no_ip_addr: -*************** -*** 335,337 **** ---- 347,413 ---- - /* Get and return the peer port number. */ - return get_peer_port(socket); - } -+ -+ /* Returns the port of the local of the socket. */ -+ -+ int get_sock_port(int sock) -+ { -+ struct sockaddr_storage from; -+ int fromlen; -+ char strport[PORTSTRLEN]; -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) -+ { -+ error("getsockname failed: %.100s", strerror(errno)); -+ return 0; -+ } -+ -+ /* Return port number. */ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -+ return atoi(strport); -+ } -+ -+ /* Returns the port number of the local host. */ -+ -+ int get_local_port() -+ { -+ int socket; -+ int fromlen, tolen; -+ struct sockaddr_storage from, to; -+ -+ /* If two different descriptors, check if they are internet-domain, and -+ have the same address. */ -+ if (packet_get_connection_in() != packet_get_connection_out()) -+ { -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(packet_get_connection_in(), (struct sockaddr *)&from, -+ &fromlen) < 0) -+ goto no_ip_addr; -+ -+ tolen = sizeof(to); -+ memset(&to, 0, sizeof(to)); -+ if (getsockname(packet_get_connection_out(), (struct sockaddr *)&to, -+ &tolen) < 0) -+ goto no_ip_addr; -+ -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) -+ goto return_port; -+ -+ no_ip_addr: -+ return 65535; -+ } -+ -+ return_port: -+ -+ /* Get client socket. */ -+ socket = packet_get_connection_in(); -+ -+ /* Get and return the local port number. */ -+ return get_sock_port(socket); -+ } -+ diff --git a/security/ssh/files/patch-bd b/security/ssh/files/patch-bd deleted file mode 100644 index 7cb3c119c216..000000000000 --- a/security/ssh/files/patch-bd +++ /dev/null @@ -1,60 +0,0 @@ -*** config.h.in.orig Wed May 12 13:20:04 1999 ---- config.h.in Thu Feb 24 17:12:10 2000 -*************** -*** 285,290 **** ---- 285,292 ---- - #undef Rdup2 - #undef Rfclose - #undef Rgethostbyname -+ #undef Rgetaddrinfo -+ - - /* Set this to allow group writeability of $HOME, .ssh and authorized_keys */ - #undef ALLOW_GROUP_WRITEABILITY -*************** -*** 323,328 **** ---- 325,348 ---- - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+ /* Define this if you have struct sockaddr_storage. */ -+ #undef HAVE_SOCKADDR_STORAGE -+ -+ /* Define this if you have __sa_family in struct sockaddr_storage. */ -+ #undef HAVE_NEW_SS_FAMILY -+ -+ /* Define this if you have ss_len in struct sockaddr. */ -+ #undef HAVE_SOCKADDR_LEN -+ -+ /* Define this if you want to enable IPv6 support. */ -+ #undef ENABLE_IPV6 -+ -+ /* Define this if you want to enable another port try support. */ -+ #undef ENABLE_ANOTHER_PORT_TRY -+ -+ /* Define this if you want to enable logging auth info support. */ -+ #undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - -*************** -*** 375,385 **** ---- 395,411 ---- - /* Define if you have the ftruncate function. */ - #undef HAVE_FTRUNCATE - -+ /* Define if you have the getaddrinfo function. */ -+ #undef HAVE_GETADDRINFO -+ - /* Define if you have the getdtablesize function. */ - #undef HAVE_GETDTABLESIZE - - /* Define if you have the gethostname function. */ - #undef HAVE_GETHOSTNAME -+ -+ /* Define if you have the getnameinfo function. */ -+ #undef HAVE_GETNAMEINFO - - /* Define if you have the getpseudotty function. */ - #undef HAVE_GETPSEUDOTTY diff --git a/security/ssh/files/patch-be b/security/ssh/files/patch-be deleted file mode 100644 index 553d8e6447f2..000000000000 --- a/security/ssh/files/patch-be +++ /dev/null @@ -1,370 +0,0 @@ ---- configure.in.orig Thu Jan 17 08:36:05 2002 -+++ configure.in Wed Jan 8 18:24:51 2003 -@@ -30,8 +30,140 @@ - fi - - AC_PROG_CC -+AC_PROG_CPP - AC_ISC_POSIX - -+AC_MSG_CHECKING([whether to enable ipv6]) -+AC_ARG_ENABLE(ipv6, -+[ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ipv6=no -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes -+ ;; -+ esac ], -+ -+ AC_TRY_RUN([ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes, -+ AC_MSG_RESULT(no) -+ ipv6=no, -+ AC_MSG_RESULT(no) -+ ipv6=no -+)) -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ AC_MSG_CHECKING([ipv6 stack type]) -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ kame) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ linux) -+ dnl http://www.v6.linux.or.jp/ -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ v6d) -+ AC_EGREP_CPP(yes, [dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"]) -+ ;; -+ zeta) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ AC_MSG_RESULT($ipv6type) -+fi -+ -+if test "$ipv6" = "yes" -a -f /usr/local/v6/lib/libinet6.a; then -+ ac_inet6_LDFLAGS="inet6" -+ ipv6libdir=/usr/local/v6/lib -+ LDFLAGS="$LDFLAGS -L/usr/local/v6/lib" -+ AC_CHECK_LIB(inet6, getaddrinfo, , ipv6lib="$ac_inet6_LDFLAGS") -+fi -+ -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ - AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") - - case "$host" in -@@ -313,7 +445,7 @@ - - # Socket pairs appear to be broken on several systems. I don't know exactly - # where, so I'll use pipes everywhere for now. --AC_DEFINE(USE_PIPES) -+# AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -@@ -369,7 +501,7 @@ - - AC_HEADER_STDC - AC_HEADER_SYS_WAIT --AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) -+AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h) - AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) - AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) - AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) -@@ -399,6 +531,16 @@ - [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) - AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) - -+AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage]) -+AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have __ss_family]) -+AC_EGREP_HEADER(__ss_family, sys/socket.h, -+ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have sa_len]) -+AC_EGREP_HEADER(sa_len, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+ - AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) - AC_CHECK_LIB(sec, getspnam) - AC_CHECK_LIB(seq, get_process_stats) -@@ -438,6 +580,107 @@ - - AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) - -+AC_MSG_CHECKING(getaddrinfo bug) -+AC_TRY_RUN([ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (!(inet4 == 0 || inet4 == 2)) -+ goto bad; -+ if (!(inet6 == 0 || inet6 == 2)) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+], -+AC_MSG_RESULT(good) -+buggygetaddrinfo=no, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes) -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ AC_REPLACE_FUNCS(getaddrinfo getnameinfo) -+ fi -+fi -+ - AC_PROG_LN_S - AC_PROG_INSTALL - AC_CHECK_PROG(AR, ar, ar, echo) -@@ -934,7 +1177,11 @@ - AC_DEFINE(KRB5) - KERBEROS_ROOT="$with_kerberos5" - KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ if test -f ${KERBEROS_ROOT}/lib/libk5crypto.a ; then -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -R${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" -+ else -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -R${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ fi - AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") - KERBEROS_OBJS="auth-kerberos.o" - ;; -@@ -1125,6 +1372,7 @@ - AC_DEFINE(Rdup2,SOCKSdup2) - AC_DEFINE(Rfclose,SOCKSfclose) - AC_DEFINE(Rgethostbyname,SOCKSgethostbyname) -+ AC_DEFINE(Rgetaddrinfo,SOCKSgetaddrinfo) - fi - - AC_MSG_CHECKING(whether to use rsaref) -@@ -1254,6 +1502,38 @@ - AC_DEFINE(ENABLE_TCP_NODELAY) - ) - -+AC_MSG_CHECKING(whether to enable another port try support) -+AC_ARG_ENABLE(another-port-try, -+[ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+) -+ -+AC_MSG_CHECKING(whether to enable logging auth info support) -+AC_ARG_ENABLE(log-auth, -+[ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+) -+ - AC_MSG_CHECKING(whether to enable SO_LINGER) - AC_ARG_ENABLE(so-linger, - [ --enable-so-linger Enable setting SO_LINGER socket option], -@@ -1313,6 +1593,8 @@ - AC_DEFINE(SCP_ALL_STATISTICS_ENABLED) - ) - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - AC_ARG_ENABLE(asm, -@@ -1326,7 +1608,7 @@ - fi - AC_MSG_RESULT($PIDDIR) - --AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) -+#AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) - - AC_ARG_PROGRAM - -@@ -1357,4 +1639,4 @@ - AC_SUBST(SSHDCONFOBJS) - AC_SUBST(SSHINSTALLMODE) - --AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) -+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl) diff --git a/security/ssh/files/patch-bf b/security/ssh/files/patch-bf deleted file mode 100644 index d8d53bc45530..000000000000 --- a/security/ssh/files/patch-bf +++ /dev/null @@ -1,17 +0,0 @@ -*** gai.h.orig Mon Jan 10 22:56:13 2000 ---- gai.h Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,12 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file is included in getaddrinfo.c and getnameinfo.c. -+ * See getaddrinfo.c and getnameinfo.c. -+ */ -+ -+ /* for old netdb.h */ -+ #ifndef EAI_NODATA -+ #define EAI_NODATA 1 -+ #define EAI_MEMORY 2 -+ #endif diff --git a/security/ssh/files/patch-bg b/security/ssh/files/patch-bg deleted file mode 100644 index 689982094b9a..000000000000 --- a/security/ssh/files/patch-bg +++ /dev/null @@ -1,120 +0,0 @@ -*** getaddrinfo.c.orig Mon Jan 10 22:56:13 2000 ---- getaddrinfo.c Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,115 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getaddrinfo.c -+ * will be used if you have broken getaddrinfo or no getaddrinfo. -+ */ -+ -+ #include "includes.h" -+ #include "ssh.h" -+ -+ #include "gai.h" -+ -+ static struct addrinfo * -+ malloc_ai(port, addr) -+ int port; -+ u_long addr; -+ { -+ struct addrinfo *ai; -+ -+ if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + -+ sizeof(struct sockaddr_in))) { -+ memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); -+ ai->ai_addr = (struct sockaddr *)(ai + 1); -+ /* XXX -- ssh doesn't use sa_len */ -+ ai->ai_addrlen = sizeof(struct sockaddr_in); -+ ai->ai_addr->sa_family = ai->ai_family = AF_INET; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; -+ return ai; -+ } else { -+ return NULL; -+ } -+ } -+ -+ char * -+ gai_strerror(ecode) -+ int ecode; -+ { -+ switch (ecode) { -+ case EAI_NODATA: -+ return "no address associated with hostname."; -+ case EAI_MEMORY: -+ return "memory allocation failure."; -+ default: -+ return "unknown error."; -+ } -+ } -+ -+ void -+ freeaddrinfo(ai) -+ struct addrinfo *ai; -+ { -+ struct addrinfo *next; -+ -+ do { -+ next = ai->ai_next; -+ free(ai); -+ } while (ai = next); -+ } -+ -+ int -+ getaddrinfo(hostname, servname, hints, res) -+ const char *hostname, *servname; -+ const struct addrinfo *hints; -+ struct addrinfo **res; -+ { -+ struct addrinfo *cur, *prev = NULL; -+ struct hostent *hp; -+ int i, port; -+ -+ if (servname) -+ port = htons(atoi(servname)); -+ else -+ port = 0; -+ if (hints && hints->ai_flags & AI_PASSIVE) -+ if (*res = malloc_ai(port, htonl(0x00000000))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (!hostname) -+ if (*res = malloc_ai(port, htonl(0x7f000001))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (inet_addr(hostname) != -1) -+ if (*res = malloc_ai(port, inet_addr(hostname))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if ((hp = gethostbyname(hostname)) && -+ hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { -+ for (i = 0; hp->h_addr_list[i]; i++) -+ if (cur = malloc_ai(port, -+ ((struct in_addr *)hp->h_addr_list[i])->s_addr)) { -+ if (prev) -+ prev->ai_next = cur; -+ else -+ *res = cur; -+ prev = cur; -+ } else { -+ if (*res) -+ freeaddrinfo(*res); -+ return EAI_MEMORY; -+ } -+ return 0; -+ } -+ return EAI_NODATA; -+ } diff --git a/security/ssh/files/patch-bh b/security/ssh/files/patch-bh deleted file mode 100644 index 3e50aaeda092..000000000000 --- a/security/ssh/files/patch-bh +++ /dev/null @@ -1,66 +0,0 @@ -*** getnameinfo.c.orig Mon Jan 10 22:56:13 2000 ---- getnameinfo.c Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,61 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file includes getnameinfo(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getnameinfo.c -+ * will be used if you have broken getnameinfo or no getnameinfo. -+ */ -+ -+ #include "includes.h" -+ #include "ssh.h" -+ -+ #include "gai.h" -+ -+ int -+ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) -+ const struct sockaddr *sa; -+ size_t salen; -+ char *host; -+ size_t hostlen; -+ char *serv; -+ size_t servlen; -+ int flags; -+ { -+ struct sockaddr_in *sin = (struct sockaddr_in *)sa; -+ struct hostent *hp; -+ char tmpserv[16]; -+ -+ if (serv) { -+ sprintf(tmpserv, "%d", ntohs(sin->sin_port)); -+ if (strlen(tmpserv) > servlen) -+ return EAI_MEMORY; -+ else -+ strcpy(serv, tmpserv); -+ } -+ if (host) -+ if (flags & NI_NUMERICHOST) -+ if (strlen(inet_ntoa(sin->sin_addr)) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, inet_ntoa(sin->sin_addr)); -+ return 0; -+ } -+ else -+ if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), -+ AF_INET)) -+ if (strlen(hp->h_name) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, hp->h_name); -+ return 0; -+ } -+ else -+ return EAI_NODATA; -+ return 0; -+ } diff --git a/security/ssh/files/patch-bi b/security/ssh/files/patch-bi deleted file mode 100644 index b4108fd81d49..000000000000 --- a/security/ssh/files/patch-bi +++ /dev/null @@ -1,54 +0,0 @@ ---- log-server.c.orig Thu Jan 17 05:35:33 2002 -+++ log-server.c Sat Jun 29 14:50:00 2002 -@@ -163,6 +163,27 @@ - closelog(); - } - -+#ifdef ENABLE_LOG_AUTH -+void log_auth(const char *fmt, ...) -+{ -+ char buf[1024]; -+ va_list args; -+ extern int log_auth_flag; -+ if (!log_auth_flag) -+ return; -+ if (log_quiet) -+ return; -+ va_start(args, fmt); -+ vsprintf(buf, fmt, args); -+ va_end(args); -+ if (log_on_stderr) -+ fprintf(stderr, "log: %s\n", buf); -+ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf); -+} -+ -+extern char *unauthenticated_user; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Converts portable syslog severity to machine-specific syslog severity. */ - - static int syslog_severity(int severity) -@@ -336,6 +357,11 @@ - fprintf(stderr, "fatal: %s\n", buf); - openlog(prg_name, LOG_PID, log_facility); - syslog(LOG_ERR, "fatal: %.500s", buf); -+#ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - closelog(); - - do_fatal_cleanups(); -@@ -357,6 +383,11 @@ - fprintf(stderr, "fatal: %s\n", buf); - openlog(prg_name, LOG_PID, log_facility); - syslog(syslog_severity(severity), "fatal: %.500s", buf); -+#ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - closelog(); - - do_fatal_cleanups(); diff --git a/security/ssh/files/patch-bj b/security/ssh/files/patch-bj deleted file mode 100644 index fb897af4865c..000000000000 --- a/security/ssh/files/patch-bj +++ /dev/null @@ -1,16 +0,0 @@ -*** match.c.orig Wed May 12 13:19:27 1999 ---- match.c Mon Jan 10 22:56:13 2000 -*************** -*** 129,134 **** ---- 129,139 ---- - is_ip_pattern = 0; - break; - } -+ for(p = pattern; *p; p++) -+ if (!(isxdigit(*p) || *p == ':' || *p == '?' || *p == '*')) -+ break; -+ if (ip && !*p) -+ is_ip_pattern = 1; - if (is_ip_pattern) - { - return match_pattern(ip, pattern); diff --git a/security/ssh/files/patch-bl b/security/ssh/files/patch-bl deleted file mode 100644 index 60296a9735bb..000000000000 --- a/security/ssh/files/patch-bl +++ /dev/null @@ -1,66 +0,0 @@ -*** readconf.c.orig Wed May 12 13:19:27 1999 ---- readconf.c Mon Jan 10 22:56:13 2000 -*************** -*** 171,176 **** ---- 171,179 ---- - oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, - oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, - oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ oAnotherPort, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost - } OpCodes; - -*************** -*** 194,199 **** ---- 197,205 ---- - { "hostname", oHostName }, - { "proxycommand", oProxyCommand }, - { "port", oPort }, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ { "anotherport", oAnotherPort }, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - { "cipher", oCipher }, - { "remoteforward", oRemoteForward }, - { "localforward", oLocalForward }, -*************** -*** 497,502 **** ---- 503,514 ---- - *intptr = value; - break; - -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ case oAnotherPort: -+ intptr = &options->another_port; -+ goto parse_int; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case oConnectionAttempts: - intptr = &options->connection_attempts; - goto parse_int; -*************** -*** 689,694 **** ---- 701,709 ---- - options->keepalives = -1; - options->compression_level = -1; - options->port = -1; -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ options->another_port = -1; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - options->connection_attempts = -1; - options->number_of_password_prompts = -1; - options->password_prompt_login = -1; -*************** -*** 759,764 **** ---- 774,783 ---- - options->compression_level = 6; - if (options->port == -1) - options->port = 0; /* Filled in ssh_connect. */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ if (options->another_port == -1) -+ options->another_port = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - if (options->connection_attempts == -1) - options->connection_attempts = 4; - if (options->number_of_password_prompts == -1) diff --git a/security/ssh/files/patch-bm b/security/ssh/files/patch-bm deleted file mode 100644 index 78c9833bb6bf..000000000000 --- a/security/ssh/files/patch-bm +++ /dev/null @@ -1,12 +0,0 @@ ---- readconf.h.orig Thu Jan 17 05:35:34 2002 -+++ readconf.h Fri Jun 21 16:36:20 2002 -@@ -102,6 +102,9 @@ - int use_privileged_port; /* Use privileged port */ - - int port; /* Port to connect. */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port; /* Port to connect for -A option. */ -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int connection_attempts; /* Max attempts (seconds) before giving up */ - int number_of_password_prompts; /* Max number of password prompts */ - int password_prompt_login; /* Show remote login at password prompt */ diff --git a/security/ssh/files/patch-bn b/security/ssh/files/patch-bn deleted file mode 100644 index 7f625fcea26d..000000000000 --- a/security/ssh/files/patch-bn +++ /dev/null @@ -1,191 +0,0 @@ -*** scp.c.orig Wed May 12 13:19:28 1999 ---- scp.c Mon Jan 10 22:56:13 2000 -*************** -*** 180,185 **** ---- 180,193 ---- - #define STDERR_FILENO 2 - #endif - -+ /* This is set to non-zero if IPv4 is desired. */ -+ int IPv4 = 0; -+ -+ #ifdef ENABLE_IPV6 -+ /* This is set to non-zero if IPv6 is desired. */ -+ int IPv6 = 0; -+ #endif -+ - /* This is set to non-zero to enable verbose mode. */ - int verbose = 0; - -*************** -*** 295,302 **** ---- 303,319 ---- - } - args[i++] = "-x"; - args[i++] = "-a"; -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ args[i++] = "-A"; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - args[i++] = "-oFallBackToRsh no"; - args[i++] = "-oClearAllForwardings yes"; -+ if (IPv4) -+ args[i++] = "-4"; -+ #ifdef ENABLE_IPV6 -+ if (IPv6) -+ args[i++] = "-6"; -+ #endif - if (verbose) - args[i++] = "-v"; - if (compress) -*************** -*** 441,448 **** - statistics = 0; - - fflag = tflag = 0; -! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) - switch(ch) { /* User-visible flags. */ - case 'S': - ssh_program = optarg; - break; ---- 458,477 ---- - statistics = 0; - - fflag = tflag = 0; -! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4" -! #ifdef ENABLE_IPV6 -! "6" -! #endif -! )) != EOF) - switch(ch) { /* User-visible flags. */ -+ case '4': -+ IPv4 = 1; -+ break; -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv6 = 1; -+ break; -+ #endif - case 'S': - ssh_program = optarg; - break; -*************** -*** 589,594 **** ---- 618,634 ---- - exit(errs != 0); - } - -+ char * -+ cleanhostname(host) -+ char *host; -+ { -+ if (*host == '[' && host[strlen(host) - 1] == ']') { -+ host[strlen(host) - 1] = '\0'; -+ return (host + 1); -+ } else -+ return host; -+ } -+ - void - toremote(targ, argc, argv) - char *targ, *argv[]; -*************** -*** 644,649 **** ---- 684,690 ---- - bp = xmalloc(len); - if (host) { - *host++ = 0; -+ host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; -*************** -*** 655,667 **** - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -! } else - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -! argv[i], cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; ---- 696,710 ---- - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -! } else { -! host = cleanhostname(argv[i]); - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -! host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -+ } - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; -*************** -*** 671,677 **** - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -! host = thost; - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); ---- 714,720 ---- - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -! host = cleanhostname(thost); - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); -*************** -*** 721,726 **** ---- 764,770 ---- - else if (!okname(suser)) - continue; - } -+ host = cleanhostname(host); - len = strlen(src) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -f %s", cmd, src); -*************** -*** 1365,1375 **** - colon(cp) - char *cp; - { - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); - - for (; *cp; ++cp) { -! if (*cp == ':') - return (cp); - if (*cp == '/') - return (0); ---- 1409,1427 ---- - colon(cp) - char *cp; - { -+ int flag = 0; -+ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); -+ if (*cp == '[') -+ flag = 1; - - for (; *cp; ++cp) { -! if (*cp == '@' && *(cp+1) == '[') -! flag = 1; -! if (*cp == ']' && *(cp+1) == ':' && flag) -! return (cp+1); -! if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return (0); diff --git a/security/ssh/files/patch-bo b/security/ssh/files/patch-bo deleted file mode 100644 index 941fef6346e7..000000000000 --- a/security/ssh/files/patch-bo +++ /dev/null @@ -1,158 +0,0 @@ ---- servconf.c.orig Thu Jan 17 05:35:34 2002 -+++ servconf.c Fri Jun 21 16:22:56 2002 -@@ -88,8 +88,8 @@ - void initialize_server_options(ServerOptions *options) - { - memset(options, 0, sizeof(*options)); -- options->port = -1; -- options->listen_addr.s_addr = INADDR_ANY; -+ options->num_ports = 0; -+ options->listen_addrs = NULL; - options->host_key_file = NULL; - options->random_seed_file = NULL; - options->pid_file = NULL; -@@ -99,6 +99,9 @@ - options->permit_root_login = -1; - options->ignore_rhosts = -1; - options->ignore_root_rhosts = -1; -+#ifdef ENABLE_LOG_AUTH -+ options->log_auth = -1; -+#endif /* ENABLE_LOG_AUTH */ - options->quiet_mode = -1; - options->fascist_logging = -1; - options->print_motd = -1; -@@ -145,17 +148,33 @@ - - void fill_default_server_options(ServerOptions *options) - { -- if (options->port == -1) -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int i; -+ -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ if (options->listen_addrs == NULL) - { -- struct servent *sp; -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ { -+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ /* freeaddrinfo(options->listen_addrs) in sshd.c */ -+ } - -- sp = getservbyname(SSH_SERVICE_NAME, "tcp"); -- if (sp) -- options->port = ntohs(sp->s_port); -- else -- options->port = SSH_DEFAULT_PORT; -- endservent(); -- } - if (options->host_key_file == NULL) - options->host_key_file = HOST_KEY_FILE; - if (options->random_seed_file == NULL) -@@ -250,6 +269,9 @@ - { - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, -+#ifdef ENABLE_LOG_AUTH -+ sLogAuth, -+#endif /* ENABLE_LOG_AUTH */ - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, - sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, - sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, -@@ -282,6 +304,9 @@ - { "quietmode", sQuietMode }, - { "fascistlogging", sFascistLogging }, - { "syslogfacility", sLogFacility }, -+#ifdef ENABLE_LOG_AUTH -+ { "logauth", sLogAuth }, -+#endif /* ENABLE_LOG_AUTH */ - { "rhostsauthentication", sRhostsAuthentication }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication }, - { "rsaauthentication", sRSAAuthentication }, -@@ -375,6 +400,9 @@ - char *cp, **charptr; - int linenum, *intptr, i, value; - ServerOpCodes opcode; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - f = fopen(filename, "r"); - if (!f) -@@ -397,7 +425,14 @@ - switch (opcode) - { - case sPort: -- intptr = &options->port; -+ if (options->num_ports >= MAX_PORTS) -+ { -+ fprintf(stderr, "%s line %d: too many ports.\n", -+ filename, linenum); -+ exit(1); -+ } -+ options->ports[options->num_ports] = -1; -+ intptr = &options->ports[options->num_ports++]; - parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) -@@ -460,12 +495,26 @@ - filename, linenum); - exit(1); - } --#ifdef BROKEN_INET_ADDR -- options->listen_addr.s_addr = inet_network(cp); --#else /* BROKEN_INET_ADDR */ -- options->listen_addr.s_addr = inet_addr(cp); --#endif /* BROKEN_INET_ADDR */ -- break; -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) -+ { -+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", -+ filename, linenum, gai_strerror(gaierr)); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ -+ break; - - case sHostKeyFile: - charptr = &options->host_key_file; -@@ -539,6 +588,12 @@ - if (*intptr == -1) - *intptr = value; - break; -+ -+#ifdef ENABLE_LOG_AUTH -+ case sLogAuth: -+ intptr = &options->log_auth; -+ goto parse_flag; -+#endif /* ENABLE_LOG_AUTH */ - - case sIgnoreRhosts: - intptr = &options->ignore_rhosts; diff --git a/security/ssh/files/patch-bp b/security/ssh/files/patch-bp deleted file mode 100644 index a9cd9987ef37..000000000000 --- a/security/ssh/files/patch-bp +++ /dev/null @@ -1,32 +0,0 @@ ---- servconf.h.orig Thu Jan 17 05:35:34 2002 -+++ servconf.h Fri Jun 21 16:24:35 2002 -@@ -68,6 +68,7 @@ - #ifndef SERVCONF_H - #define SERVCONF_H - -+#define MAX_PORTS 256 /* Max # hosts on allow list. */ - #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ - #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ - #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ -@@ -86,8 +87,9 @@ - - typedef struct - { -- int port; /* Port number to listen on. */ -- struct in_addr listen_addr; /* Address on which the server listens. */ -+ unsigned int num_ports; -+ int ports[MAX_PORTS]; /* Port number to listen on. */ -+ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */ - char *host_key_file; /* File containing host key. */ - char *random_seed_file; /* File containing random seed. */ - char *pid_file; /* File containing process ID number. */ -@@ -95,6 +97,9 @@ - int login_grace_time; /* Disconnect if no auth in this time (sec). */ - int key_regeneration_time; /* Server key lifetime (seconds). */ - int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ -+#ifdef ENABLE_LOG_AUTH -+ int log_auth; /* If true, log authentication info. */ -+#endif /* ENABLE_LOG_AUTH */ - int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, - defaults to ignore_rhosts if not given. */ diff --git a/security/ssh/files/patch-br b/security/ssh/files/patch-br deleted file mode 100644 index 28dd08a5be56..000000000000 --- a/security/ssh/files/patch-br +++ /dev/null @@ -1,97 +0,0 @@ -*** ssh.c.orig Wed May 12 13:19:28 1999 ---- ssh.c Mon Jan 10 22:56:13 2000 -*************** -*** 218,223 **** ---- 218,231 ---- - other functions. */ - RandomState random_state; - -+ /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+ #ifdef ENABLE_IPV6 -+ int IPv4or6 = AF_UNSPEC; -+ #else -+ int IPv4or6 = AF_INET; -+ #endif -+ - /* Flag indicating whether debug mode is on. This can be set on the - command line. */ - int debug_flag = 0; -*************** -*** 277,282 **** ---- 285,297 ---- - { - fprintf(stderr, "Usage: %s [options] host [command]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only.\n"); -+ #ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only.\n"); -+ #endif -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ fprintf(stderr, " -A Try to connect to another port before original port.\n"); -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - fprintf(stderr, " -l user Log in using this user name.\n"); - fprintf(stderr, " -n Redirect input from /dev/null.\n"); - fprintf(stderr, " -a Disable authentication agent forwarding.\n"); -*************** -*** 413,418 **** ---- 428,436 ---- - #ifdef SIGWINCH - struct winsize ws; - #endif /* SIGWINCH */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port_flag = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - - /* Save the original real uid. It will be needed later (uid-swapping may - clobber the real uid). */ -*************** -*** 522,527 **** ---- 540,565 ---- - } - switch (opt) - { -+ case '4': -+ #ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+ #else -+ IPv4or6 = AF_INET; -+ #endif -+ break; -+ -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+ #endif -+ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ case 'A': -+ another_port_flag = 1; -+ break; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case 'n': - stdin_null_flag = 1; - break; -*************** -*** 789,799 **** ---- 827,844 ---- - { - use_privileged_port = 0; - } -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ if (!another_port_flag) -+ options.another_port = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - /* Open a connection to the remote host. This needs root privileges if - rhosts_authentication is true. Note that the random_state is not - yet used by this call, although a pointer to it is stored, and thus it - need not be initialized. */ - ok = ssh_connect(host, options.port, options.connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ options.another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - !use_privileged_port, - original_real_uid, options.proxy_command, &random_state); - diff --git a/security/ssh/files/patch-bs b/security/ssh/files/patch-bs deleted file mode 100644 index ec0e1a86ef92..000000000000 --- a/security/ssh/files/patch-bs +++ /dev/null @@ -1,94 +0,0 @@ -*** ssh.h.orig Wed May 12 13:19:28 1999 ---- ssh.h Mon Jan 10 22:56:13 2000 -*************** -*** 430,436 **** - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr_in *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ ---- 430,436 ---- - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ -*************** -*** 447,452 **** ---- 447,455 ---- - connection is successful, this calls packet_set_connection for the - connection. */ - int ssh_connect(const char *host, int port, int connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state); - -*************** -*** 872,876 **** ---- 875,934 ---- - #else - #define UID_ROOT 0 - #endif -+ -+ #ifdef HAVE_SOCKADDR_STORAGE -+ #ifndef HAVE_NEW_SS_FAMILY -+ #define __ss_len ss_len -+ #define __ss_family ss_family -+ #endif -+ #else -+ #define _SS_MAXSIZE 128 /* Implementation specific max size */ -+ #define _SS_ALIGNSIZE (sizeof(int)) -+ #define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) -+ #define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ -+ _SS_PAD1SIZE + _SS_ALIGNSIZE)) -+ struct sockaddr_storage { -+ #ifdef HAVE_SOCKADDR_LEN -+ u_char __ss_len; -+ u_char __ss_family; -+ #else -+ u_short __ss_family; -+ #endif -+ char __ss_pad1[_SS_PAD1SIZE]; -+ int __ss_align; -+ char __ss_pad2[_SS_PAD2SIZE]; -+ }; -+ #endif -+ -+ #ifdef INET6_ADDRSTRLEN -+ #define ADDRSTRLEN INET6_ADDRSTRLEN -+ #else -+ #define ADDRSTRLEN 46 -+ #endif -+ -+ #define PORTSTRLEN 16 -+ -+ /* AF_UNSPEC or AF_INET or AF_INET6 */ -+ extern int IPv4or6; -+ -+ #ifndef ENABLE_IPV6 -+ /* dummy value for old netdb.h */ -+ #ifndef AI_PASSIVE -+ #define AI_PASSIVE 1 -+ #define NI_NUMERICHOST 2 -+ #define NI_NAMEREQD 4 -+ #define NI_NUMERICSERV 8 -+ struct addrinfo { -+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ -+ int ai_family; /* PF_xxx */ -+ int ai_socktype; /* SOCK_xxx */ -+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ -+ size_t ai_addrlen; /* length of ai_addr */ -+ char *ai_canonname; /* canonical name for hostname */ -+ struct sockaddr *ai_addr; /* binary address */ -+ struct addrinfo *ai_next; /* next structure in linked list */ -+ }; -+ #endif -+ #endif /* not ENABLE_IPV6 */ - - #endif /* SSH_H */ diff --git a/security/ssh/files/sshd.sh b/security/ssh/files/sshd.sh deleted file mode 100644 index dd882003037c..000000000000 --- a/security/ssh/files/sshd.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -case "$1" in - start) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; - stop) - if [ -f /var/run/sshd.pid ]; then - kill -TERM `cat /var/run/sshd.pid` - rm -f /var/run/sshd.pid - echo -n ' sshd' - fi - ;; - restart) - if [ -f /var/run/sshd.pid ]; then - kill -HUP `cat /var/run/sshd.pid` - echo 'sshd restarted' - fi - ;; - -h) - echo "Usage: `basename $0` { start | stop | restart }" - ;; - *) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; -esac diff --git a/security/ssh/pkg-descr b/security/ssh/pkg-descr deleted file mode 100644 index e08cd3baca01..000000000000 --- a/security/ssh/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -Secure Shell is a program to log into another computer over a network, -to execute commands in a remote machine, and to move files from one -machine to another. It provides strong authentication and secure -communications over insecure channels. It is intended as a replacement -for rlogin, rsh, and rcp. diff --git a/security/ssh/pkg-plist b/security/ssh/pkg-plist deleted file mode 100644 index 28e0ce057044..000000000000 --- a/security/ssh/pkg-plist +++ /dev/null @@ -1,19 +0,0 @@ -bin/make-ssh-known-hosts -bin/make-ssh-known-hosts1 -bin/scp -bin/scp1 -bin/slogin -bin/ssh -bin/ssh-add -bin/ssh-add1 -bin/ssh-agent -bin/ssh-agent1 -bin/ssh-keygen -bin/ssh-keygen1 -bin/ssh1 -etc/rc.d/sshd.sh -etc/ssh_config -etc/sshd_config -sbin/sshd -sbin/sshd1 -@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen1 -N "" -f %D/etc/ssh_host_key; fi diff --git a/security/ssh/pkg-plist.x11 b/security/ssh/pkg-plist.x11 deleted file mode 100644 index 3d4ac02a7dba..000000000000 --- a/security/ssh/pkg-plist.x11 +++ /dev/null @@ -1,2 +0,0 @@ -bin/ssh-askpass -bin/ssh-askpass1 |