From 48500b76a665eb0b09417624157a9adeaf7f11fa Mon Sep 17 00:00:00 2001 From: SADA Kenji Date: Tue, 15 Jun 1999 20:14:04 +0000 Subject: PR: ports/12037 Submitted by: Issei Suzuki Upgrade to 1.2.27. # I'm not maintainer but it seems that torstenb is too busy to # look the PR and many people want new version ssh port. --- security/ssh/Makefile | 6 +- security/ssh/distinfo | 4 +- security/ssh/files/patch-aa | 8 +- security/ssh/files/patch-ac | 18 +-- security/ssh/files/patch-ad | 16 +-- security/ssh/files/patch-ae | 35 ++++- security/ssh/files/patch-af | 106 +++++++-------- security/ssh/files/patch-ag | 307 ++++---------------------------------------- security/ssh/files/patch-al | 30 ++--- security/ssh/files/patch-ao | 16 +-- security/ssh/files/patch-aw | 6 +- 11 files changed, 162 insertions(+), 390 deletions(-) (limited to 'security/ssh') diff --git a/security/ssh/Makefile b/security/ssh/Makefile index 9ad1bff9736b..f71540a6250a 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -1,15 +1,15 @@ # New ports collection makefile for: ssh -# Version required: 1.2.25 +# Version required: 1.2.* # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.73 1999/03/13 18:51:11 billf Exp $ +# $Id: Makefile,v 1.74 1999/04/03 03:35:50 ache Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.26 +DISTNAME= ssh-1.2.27 CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ diff --git a/security/ssh/distinfo b/security/ssh/distinfo index d3b49042f45b..bf690165936c 100644 --- a/security/ssh/distinfo +++ b/security/ssh/distinfo @@ -1,3 +1 @@ -MD5 (ssh-1.2.26.tar.gz) = 2ee46d454015dd01c5e8f074eabf0245 -MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d -MD5 (ssh-1.2.22-patchkit) = 5228897d59be91ad3ae88e992d61cd50 +MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395 diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa index 83e9968ac319..3386fc8d68a3 100644 --- a/security/ssh/files/patch-aa +++ b/security/ssh/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997 ---- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997 +*** make-ssh-known-hosts.pl.in.orig Wed May 12 20:18:51 1999 +--- make-ssh-known-hosts.pl.in Sun Jun 6 02:30:08 1999 *************** -*** 87,93 **** +*** 98,104 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 87,93 ---- +--- 98,104 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac index 63759def15ab..0eb45972aba7 100644 --- a/security/ssh/files/patch-ac +++ b/security/ssh/files/patch-ac @@ -1,6 +1,6 @@ ---- Makefile.in.orig Wed Jul 8 09:40:39 1998 -+++ Makefile.in Wed Oct 7 19:11:37 1998 -@@ -294,14 +294,19 @@ +--- Makefile.in.orig Wed May 12 20:19:31 1999 ++++ Makefile.in Sun Jun 6 01:22:50 1999 +@@ -301,14 +301,19 @@ SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -25,7 +25,7 @@ RSAREFSRCDIR = $(RSAREFDIR)/source X_CFLAGS = @X_CFLAGS@ -@@ -404,7 +409,7 @@ +@@ -411,7 +416,7 @@ $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -34,7 +34,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd -@@ -447,19 +452,19 @@ +@@ -454,19 +459,19 @@ sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -67,7 +67,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ -@@ -516,7 +521,7 @@ +@@ -523,7 +528,7 @@ # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -76,7 +76,7 @@ -rm -f $(install_prefix)$(bindir)/ssh1.old -chmod 755 $(install_prefix)$(bindir)/ssh1 -chmod 755 $(install_prefix)$(bindir)/ssh -@@ -672,15 +677,15 @@ +@@ -679,15 +684,15 @@ clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -96,7 +96,7 @@ dist: dist-free -@@ -709,12 +714,12 @@ +@@ -716,12 +721,12 @@ -mkdir $(DISTNAME) cp $(DISTFILES) $(DISTNAME) for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done @@ -113,7 +113,7 @@ #ifdef F_SECURE_COMMERCIAL # -@@ -742,7 +747,7 @@ +@@ -749,7 +754,7 @@ (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh/files/patch-ad b/security/ssh/files/patch-ad index 6b4d2646fa91..bab4169bca64 100644 --- a/security/ssh/files/patch-ad +++ b/security/ssh/files/patch-ad @@ -1,13 +1,13 @@ -*** auth-passwd.c.bak Tue Jan 20 15:23:48 1998 ---- auth-passwd.c Sat Feb 14 00:49:56 1998 +*** auth-passwd.c.orig Wed May 12 20:19:23 1999 +--- auth-passwd.c Sun Jun 6 02:36:00 1999 *************** -*** 815,820 **** ---- 815,822 ---- +*** 911,916 **** +--- 911,918 ---- encrypted_password = crypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); + (correct_passwd[0] && correct_passwd[1]) ? + correct_passwd : "xx"); + if (!password[0] && correct_passwd[0]) -+ encrypted_password = ":"; ++ encrypted_password = ":"; #endif /* HAVE_SCO_ETC_SHADOW */ - #endif /* HAVE_OSF1_C2_SECURITY */ + /* Authentication is accepted if the encrypted passwords are identical. */ diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae index 6c0ffecd0ddd..5db3b9c4e63b 100644 --- a/security/ssh/files/patch-ae +++ b/security/ssh/files/patch-ae @@ -1,7 +1,24 @@ -*** server_config.sample.orig Thu Mar 27 09:04:06 1997 ---- server_config.sample Fri Mar 28 15:45:53 1997 +*** server_config.sample.orig Wed May 12 20:18:51 1999 +--- server_config.sample Sun Jun 6 02:36:38 1999 *************** -*** 16,22 **** +*** 7,13 **** + ServerKeyBits 768 + LoginGraceTime 600 + KeyRegenerationInterval 3600 +! PermitRootLogin yes + IgnoreRhosts no + StrictModes yes + QuietMode no +--- 7,13 ---- + ServerKeyBits 768 + LoginGraceTime 600 + KeyRegenerationInterval 3600 +! PermitRootLogin no + IgnoreRhosts no + StrictModes yes + QuietMode no +*************** +*** 16,27 **** FascistLogging no PrintMotd yes KeepAlive yes @@ -9,7 +26,12 @@ RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes ---- 16,22 ---- + PasswordAuthentication yes +! PermitEmptyPasswords yes + UseLogin no + # CheckMail no + # PidFile /u/zappa/.ssh/pid +--- 16,27 ---- FascistLogging no PrintMotd yes KeepAlive yes @@ -17,3 +39,8 @@ RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes + PasswordAuthentication yes +! PermitEmptyPasswords no + UseLogin no + # CheckMail no + # PidFile /u/zappa/.ssh/pid diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af index f0cea2252274..17d22fcf7540 100644 --- a/security/ssh/files/patch-af +++ b/security/ssh/files/patch-af @@ -1,7 +1,7 @@ -*** sshd.c.WAS Thu Jun 11 23:11:47 1998 ---- sshd.c Thu Jun 11 23:30:30 1998 +*** sshd.c.orig Wed May 12 20:19:29 1999 +--- sshd.c Sun Jun 6 02:37:18 1999 *************** -*** 2014,2020 **** +*** 2222,2228 **** pwcopy.pw_class = xstrdup(pw->pw_class); pwcopy.pw_change = pw->pw_change; pwcopy.pw_expire = pw->pw_expire; @@ -9,7 +9,7 @@ pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; ---- 2014,2020 ---- +--- 2222,2228 ---- pwcopy.pw_class = xstrdup(pw->pw_class); pwcopy.pw_change = pw->pw_change; pwcopy.pw_expire = pw->pw_expire; @@ -18,7 +18,7 @@ pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; *************** -*** 3045,3054 **** +*** 3285,3294 **** struct pty_cleanup_context cleanup_context; #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) login_cap_t *lc; @@ -27,9 +27,9 @@ struct timeval tp; ! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - #ifdef HAVE_OSF1_C2_SECURITY - { ---- 3045,3055 ---- + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +--- 3285,3295 ---- struct pty_cleanup_context cleanup_context; #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) login_cap_t *lc; @@ -39,14 +39,14 @@ struct timeval tp; ! #endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */ - #ifdef HAVE_OSF1_C2_SECURITY - { + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); *************** -*** 3183,3188 **** ---- 3184,3197 ---- - "The Regents of the University of California. ", - "All rights reserved."); - } +*** 3446,3451 **** +--- 3447,3460 ---- + "The Regents of the University of California. ", + "All rights reserved."); + } + #ifdef HAVE_LOGIN_CAP_H + #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ + @@ -59,50 +59,50 @@ /* Print /etc/motd unless a command was specified or printing it was *************** -*** 3206,3212 **** - fputs(line, stdout); - fclose(f); - } +*** 3469,3475 **** + fputs(line, stdout); + fclose(f); + } ! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) ---- 3215,3221 ---- - fputs(line, stdout); - fclose(f); - } + if (pw->pw_change || pw->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pw->pw_change) +--- 3478,3484 ---- + fputs(line, stdout); + fclose(f); + } ! #if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) + if (pw->pw_change || pw->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pw->pw_change) *************** -*** 3575,3581 **** - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); +*** 3922,3928 **** + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); ! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); ---- 3584,3590 ---- - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); + if (pw->pw_uid != UID_ROOT && + !login_getcapbool(lc, "ignorenologin", 0)) + exit(254); +--- 3931,3937 ---- + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); ! #if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); + if (pw->pw_uid != UID_ROOT && + !login_getcapbool(lc, "ignorenologin", 0)) + exit(254); *************** -*** 4121,4127 **** ---- 4130,4140 ---- - struct stat mailbuf; - - if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) +*** 4525,4531 **** +--- 4534,4544 ---- + struct stat mailbuf; + + if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) + #ifdef __FreeBSD__ -+ ; ++ ; + #else - printf("No mail.\n"); + printf("No mail.\n"); + #endif - else if (mailbuf.st_atime > mailbuf.st_mtime) - printf("You have mail.\n"); - else + else if (mailbuf.st_atime > mailbuf.st_mtime) + printf("You have mail.\n"); + else diff --git a/security/ssh/files/patch-ag b/security/ssh/files/patch-ag index c38480580de4..80e3c3d73ab1 100644 --- a/security/ssh/files/patch-ag +++ b/security/ssh/files/patch-ag @@ -1,286 +1,33 @@ ---- sshconnect.c.orig Wed Jul 8 20:40:38 1998 -+++ sshconnect.c Tue Nov 10 15:43:45 1998 -@@ -282,7 +282,7 @@ - - /* Child. Permanently give up superuser privileges. */ - if (setuid(getuid()) < 0) -- fatal("setuid: %s", strerror(errno)); -+ fatal("setuid: %.100s", strerror(errno)); - - /* Redirect stdin and stdout. */ - close(pin[1]); -@@ -944,7 +944,7 @@ - if (!ssh_context) - { - if ((r = krb5_init_context(&ssh_context))) -- fatal("Kerberos V5: %s while initializing krb5.", error_message(r)); -+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r)); - krb5_init_ets(ssh_context); - } - -@@ -959,14 +959,14 @@ - "host", KRB5_NT_SRV_HST, - &creds.server))) - { -- debug("Kerberos V5: error while constructing service name: %s.", -+ debug("Kerberos V5: error while constructing service name: %.100s.", - error_message(r)); - goto cleanup; - } - if ((r = krb5_cc_get_principal(ssh_context, ccache, - &creds.client))) - { -- debug("Kerberos V5: failure on principal (%s).", -+ debug("Kerberos V5: failure on principal (%.100s).", - error_message(r)); - goto cleanup; - } -@@ -975,7 +975,7 @@ - if ((r = krb5_get_credentials(ssh_context, 0, - ccache, &creds, &new_creds))) - { -- debug("Kerberos V5: failure on credentials(%s).", -+ debug("Kerberos V5: failure on credentials(%.100s).", - error_message(r)); - goto cleanup; - } -@@ -987,7 +987,7 @@ - { - if ((r = krb5_auth_con_init(ssh_context, &auth_context))) - { -- debug("Kerberos V5: failed to init auth_context (%s)", -+ debug("Kerberos V5: failed to init auth_context (%.100s)", - error_message(r)); - goto cleanup; - } -@@ -998,7 +998,7 @@ - if ((r = krb5_mk_req_extended(ssh_context, &auth_context, ap_opts, - 0, new_creds, &auth))) - { -- debug("Kerberos V5: failed krb5_mk_req_extended (%s)", -+ debug("Kerberos V5: failed krb5_mk_req_extended (%.100s)", - error_message(r)); - goto cleanup; - } -@@ -1046,7 +1046,7 @@ +--- auth-kerberos.c.orig Sun Jun 6 02:01:32 1999 ++++ auth-kerberos.c Sun Jun 6 02:01:33 1999 +@@ -120,10 +120,18 @@ - if (r = krb5_rd_rep(ssh_context, auth_context, &auth, &repl)) - { -- packet_disconnect("Kerberos V5 Authentication failed: %s", -+ packet_disconnect("Kerberos V5 Authentication failed: %.100s", - error_message(r)); - goto cleanup; - } -@@ -1090,7 +1090,7 @@ - krb5_data outbuf; - krb5_error_code r; - int type; -- char server_name[128]; -+ char server_name[512]; - - remotehost = (char *) get_canonical_hostname(); - memset(&outbuf, 0 , sizeof(outbuf)); -@@ -1100,14 +1100,14 @@ - if (!ssh_context) - { - if ((r = krb5_init_context(&ssh_context))) -- fatal("Kerberos V5: %s while initializing krb5.", error_message(r)); -+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r)); - krb5_init_ets(ssh_context); - } - if (!auth_context) - { - if ((r = krb5_auth_con_init(ssh_context, &auth_context))) - { -- debug("Kerberos V5: failed to init auth_context (%s)", -+ debug("Kerberos V5: failed to init auth_context (%.100s)", - error_message(r)); - return 0 ; - } -@@ -1124,7 +1124,7 @@ - if ((r = krb5_cc_get_principal(ssh_context, ccache, - &client))) - { -- debug("Kerberos V5: failure on principal (%s)", -+ debug("Kerberos V5: failure on principal (%.100s)", - error_message(r)); - return 0 ; - } -@@ -1136,7 +1136,7 @@ - principal and point it to clients realm. This way - we pass over a TGT of the clients realm. */ - -- sprintf(server_name,"host/%s@", remotehost); -+ sprintf(server_name,"host/%.100s@", remotehost); - strncat(server_name,client->realm.data,client->realm.length); - krb5_parse_name(ssh_context,server_name, &server); - server->type = KRB5_NT_SRV_HST; -@@ -1145,7 +1145,7 @@ - if ((r = krb5_fwd_tgt_creds(ssh_context, auth_context, 0, client, - server, ccache, 1, &outbuf))) - { -- debug("Kerberos V5 krb5_fwd_tgt_creds failure (%s)", -+ debug("Kerberos V5 krb5_fwd_tgt_creds failure (%.100s)", - error_message(r)); - krb5_free_principal(ssh_context, client); - krb5_free_principal(ssh_context, server); -@@ -1416,7 +1416,7 @@ - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the host key has just been changed."); - error("Please contact your system administrator."); -- error("Add correct host key in %s to get rid of this message.", -+ error("Add correct host key in %.100s to get rid of this message.", - options->user_hostfile); - - /* If strict host key checking is in use, the user will have to edit -@@ -1589,7 +1589,7 @@ - if (!ssh_context) - { - if ((problem = krb5_init_context(&ssh_context))) -- fatal("Kerberos V5: %s while initializing krb5.", -+ fatal("Kerberos V5: %.100s while initializing krb5.", - error_message(problem)); - krb5_init_ets(ssh_context); - } -@@ -1605,7 +1605,7 @@ - if ((problem = krb5_cc_get_principal(ssh_context, ccache, - &client))) - { -- debug("Kerberos V5: failure on principal (%s).", -+ debug("Kerberos V5: failure on principal (%.100s).", - error_message(problem)); - } - else { ---- auth-kerberos.c.orig Wed Jul 8 20:40:35 1998 -+++ auth-kerberos.c Tue Nov 10 15:50:15 1998 -@@ -63,11 +63,11 @@ - krb5_auth_con_free(ssh_context, auth_context); - auth_context = 0; - } -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); - -- debug("Kerberos krb5_auth_con_genaddrs (%s).", error_message(problem)); -- packet_send_debug("Kerberos krb5_auth_con_genaddrs: %s", -+ debug("Kerberos krb5_auth_con_genaddrs (%.100s).", error_message(problem)); -+ packet_send_debug("Kerberos krb5_auth_con_genaddrs: %.100s", - error_message(problem)); - return 0; - } -@@ -80,11 +80,11 @@ - krb5_auth_con_free(ssh_context, auth_context); - auth_context = 0; - } -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); - -- debug("Kerberos V5 rd_req failed (%s).", error_message(problem)); -- packet_send_debug("Kerberos V5 krb5_rd_req: %s", error_message(problem)); -+ debug("Kerberos V5 rd_req failed (%.100s).", error_message(problem)); -+ packet_send_debug("Kerberos V5 krb5_rd_req: %.100s", error_message(problem)); - return 0; - } - -@@ -93,22 +93,22 @@ - if (problem) - { - krb5_free_ticket(ssh_context, ticket); -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); - -- debug("Kerberos krb5_unparse_name failed (%s).", error_message(problem)); -- packet_send_debug("Kerberos krb5_unparse_name: %s", -+ debug("Kerberos krb5_unparse_name failed (%.100s).", error_message(problem)); -+ packet_send_debug("Kerberos krb5_unparse_name: %.100s", - error_message(problem)); - return 0; - } - if (strncmp(server, "host/", strlen("host/"))) - { - krb5_free_ticket(ssh_context, ticket); -- log_msg("Kerberos ticket authentication of user %s failed: invalid service name (%s)", -+ log_msg("Kerberos ticket authentication of user %.100s failed: invalid service name (%.100s)", - server_user, server); - -- debug("Kerberos invalid service name (%s).", server); -- packet_send_debug("Kerberos invalid service name (%s).", server); -+ debug("Kerberos invalid service name (%.100s).", server); -+ packet_send_debug("Kerberos invalid service name (%.100s).", server); + debug("Kerberos invalid service name (%.100s).", server); + packet_send_debug("Kerberos invalid service name (%.100s).", server); ++#ifdef krb5_xfree krb5_xfree(server); ++#else ++ free(server); ++#endif return 0; } -@@ -122,11 +122,11 @@ - - if (problem) - { -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); -- debug("Kerberos krb5_copy_principal failed (%s).", -+ debug("Kerberos krb5_copy_principal failed (%.100s).", - error_message(problem)); -- packet_send_debug("Kerberos krb5_copy_principal: %s", -+ packet_send_debug("Kerberos krb5_copy_principal: %.100s", - error_message(problem)); - return 0; - } -@@ -135,11 +135,11 @@ - /* Make the reply - so that mutual authentication can be done */ - if ((problem = krb5_mk_rep(ssh_context, auth_context, &reply))) - { -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); -- debug("Kerberos krb5_mk_rep failed (%s).", -+ debug("Kerberos krb5_mk_rep failed (%.100s).", - error_message(problem)); -- packet_send_debug("Kerberos krb5_mk_rep failed: %s", -+ packet_send_debug("Kerberos krb5_mk_rep failed: %.100s", - error_message(problem)); - return 0; - } -@@ -160,7 +160,7 @@ - { - krb5_creds **creds; - krb5_error_code retval; -- static char ccname[128]; -+ static char ccname[512]; - krb5_ccache ccache = NULL; - struct passwd *pwd; - extern char *ticket; -@@ -208,9 +208,9 @@ - - if (retval = krb5_rd_cred(ssh_context, auth_context, krb5data, &creds, NULL)) - { -- log_msg("Kerberos V5 tgt rejected for user %.100s : %s", server_user, -+ log_msg("Kerberos V5 tgt rejected for user %.100s : %.100s", server_user, - error_message(retval)); -- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", -+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", - server_user, - error_message(retval)); - packet_start(SSH_SMSG_FAILURE); -@@ -234,7 +234,7 @@ - goto errout; - - ticket = xmalloc(strlen(ccname) + 1); -- (void) sprintf(ticket, "%s", ccname); -+ (void) sprintf(ticket, "%.100s", ccname); - - /* Successful */ - packet_start(SSH_SMSG_SUCCESS); -@@ -244,9 +244,9 @@ ++#ifdef krb5_xfree + krb5_xfree(server); ++#else ++ free(server); ++#endif - errout: - krb5_free_tgt_creds(ssh_context, creds); -- log_msg("Kerberos V5 tgt rejected for user %.100s :%s", server_user, -+ log_msg("Kerberos V5 tgt rejected for user %.100s :%.100s", server_user, - error_message(retval)); -- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", server_user, -+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", server_user, - error_message(retval)); - packet_start(SSH_SMSG_FAILURE); + /* Extract the users name from the ticket client principal */ + problem = krb5_copy_principal(ssh_context, ticket->enc_part2->client, +@@ -159,7 +167,11 @@ + packet_put_string((char *) reply.data, reply.length); packet_send(); + packet_write_wait(); ++#ifdef krb5_xfree + krb5_xfree(reply.data); ++#else ++ krb5_free_data_contents(ssh_context, &reply); ++#endif + return 1; + } + #endif /* KRB5 */ diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al index 9339ab05185c..839d1fe2b2bf 100644 --- a/security/ssh/files/patch-al +++ b/security/ssh/files/patch-al @@ -1,26 +1,26 @@ -*** sshconnect.c.orig Wed Apr 23 08:40:11 1997 ---- sshconnect.c Fri Apr 25 12:41:59 1997 +*** sshconnect.c.orig Wed May 12 20:19:29 1999 +--- sshconnect.c Sun Jun 6 02:39:02 1999 *************** -*** 311,316 **** ---- 311,322 ---- +*** 347,352 **** +--- 347,358 ---- { struct sockaddr_in sin; int p; + #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) -+ p = 1023; /* Compat with old FreeBSD */ -+ sock = rresvport(&p); -+ if (sock < 0) -+ fatal("rresvport: %.100s", strerror(errno)); ++ p = 1023; /* Compat with old FreeBSD */ ++ sock = rresvport(&p); ++ if (sock < 0) ++ fatal("rresvport: %.100s", strerror(errno)); + #else for (p = 1023; p > 512; p--) - { - sock = socket(AF_INET, SOCK_STREAM, 0); + { + sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 338,343 **** ---- 344,350 ---- - } - fatal("bind: %.100s", strerror(errno)); - } +*** 374,379 **** +--- 380,386 ---- + } + fatal("bind: %.100s", strerror(errno)); + } + #endif debug("Allocated local port %d.", p); } diff --git a/security/ssh/files/patch-ao b/security/ssh/files/patch-ao index a208b165706a..cd7a6f36b366 100644 --- a/security/ssh/files/patch-ao +++ b/security/ssh/files/patch-ao @@ -1,6 +1,6 @@ ---- newchannels.c.orig Wed Jul 8 17:40:36 1998 -+++ newchannels.c Mon May 3 23:45:06 1999 -@@ -271,6 +271,10 @@ +--- newchannels.c.orig Wed May 12 20:19:27 1999 ++++ newchannels.c Sun Jun 6 01:49:22 1999 +@@ -282,6 +282,10 @@ #endif /* NEED_SYS_SYSLOG_H */ #endif /* LIBWRAP */ @@ -11,17 +11,17 @@ /* Directory in which the fake unix-domain X11 displays reside. */ #ifndef X11_DIR #define X11_DIR "/tmp/.X11-unix" -@@ -1874,6 +1878,9 @@ - if (gethostname(hostname, sizeof(hostname)) < 0) +@@ -1891,6 +1895,9 @@ fatal("gethostname: %.100s", strerror(errno)); - sprintf(buf, "%.400s:%d.%d", hostname, display_number, screen_number); + snprintf(buf, sizeof(buf), + "%.400s:%d.%d", hostname, display_number, screen_number); +#ifdef __FreeBSD__ + trimdomain(buf, UT_HOSTSIZE); +#endif #else /* HAVE_GETHOSTNAME */ if (uname(&uts) < 0) - fatal("uname: %s", strerror(errno)); -@@ -2388,6 +2395,10 @@ + fatal("uname: %.100s", strerror(errno)); +@@ -2412,6 +2419,10 @@ ssh-agent connections on your system */ old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); diff --git a/security/ssh/files/patch-aw b/security/ssh/files/patch-aw index ada18457a061..d7e1e7482a7c 100644 --- a/security/ssh/files/patch-aw +++ b/security/ssh/files/patch-aw @@ -1,6 +1,6 @@ ---- login.c.orig Wed Jul 8 17:40:36 1998 -+++ login.c Mon May 3 23:52:39 1999 -@@ -287,12 +287,13 @@ +--- login.c.orig Wed May 12 20:19:26 1999 ++++ login.c Sun Jun 6 01:51:33 1999 +@@ -301,12 +301,13 @@ strncpy(u.ut_user, user, sizeof(u.ut_user)); #endif /* HAVE_NAME_IN_UTMP */ #ifdef HAVE_HOST_IN_UTMP -- cgit v1.2.3