Vendor import of OpenSSH 3.8.1p1.
This commit is contained in:
parent
efcad6b72f
commit
52028650db
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/openssh/dist/; revision=128456
24
crypto/openssh/.cvsignore
Normal file
24
crypto/openssh/.cvsignore
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
ssh
|
||||||
|
scp
|
||||||
|
sshd
|
||||||
|
ssh-add
|
||||||
|
ssh-keygen
|
||||||
|
ssh-keyscan
|
||||||
|
ssh-keysign
|
||||||
|
ssh-agent
|
||||||
|
sftp-server
|
||||||
|
sftp
|
||||||
|
configure
|
||||||
|
config.h.in
|
||||||
|
config.h
|
||||||
|
config.status
|
||||||
|
config.cache
|
||||||
|
config.log
|
||||||
|
stamp-h.in
|
||||||
|
Makefile
|
||||||
|
ssh_prng_cmds
|
||||||
|
*.out
|
||||||
|
*.0
|
||||||
|
buildit.sh
|
||||||
|
autom4te.cache
|
||||||
|
ssh-rand-helper
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,4 @@
|
|||||||
See:
|
See http://www.openssh.com/txt/release-3.8.1 for the release notes.
|
||||||
http://www.openssh.com/txt/release-3.8 for the release notes.
|
|
||||||
|
|
||||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||||
@ -66,4 +65,4 @@ References -
|
|||||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||||
[7] http://www.openssh.com/faq.html
|
[7] http://www.openssh.com/faq.html
|
||||||
|
|
||||||
$Id: README,v 1.53 2004/02/24 05:13:24 dtucker Exp $
|
$Id: README,v 1.54 2004/04/18 10:32:56 djm Exp $
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $Id: acconfig.h,v 1.173 2004/02/06 05:24:31 dtucker Exp $ */
|
/* $Id: acconfig.h,v 1.177 2004/04/15 23:22:40 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
||||||
@ -131,6 +131,9 @@
|
|||||||
/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
|
/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
|
||||||
#undef AIX_LOGINFAILED_4ARG
|
#undef AIX_LOGINFAILED_4ARG
|
||||||
|
|
||||||
|
/* Define if your skeychallenge() function takes 4 arguments (eg NetBSD) */
|
||||||
|
#undef SKEYCHALLENGE_4ARG
|
||||||
|
|
||||||
/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
|
/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
|
||||||
#undef WITH_IRIX_ARRAY
|
#undef WITH_IRIX_ARRAY
|
||||||
|
|
||||||
@ -202,6 +205,9 @@
|
|||||||
/* Define if you don't want to use lastlog in session.c */
|
/* Define if you don't want to use lastlog in session.c */
|
||||||
#undef NO_SSH_LASTLOG
|
#undef NO_SSH_LASTLOG
|
||||||
|
|
||||||
|
/* Define if have krb5_init_ets */
|
||||||
|
#undef KRB5_INIT_ETS
|
||||||
|
|
||||||
/* Define if you don't want to use utmp */
|
/* Define if you don't want to use utmp */
|
||||||
#undef DISABLE_UTMP
|
#undef DISABLE_UTMP
|
||||||
|
|
||||||
@ -347,6 +353,9 @@
|
|||||||
/* getaddrinfo is broken (if present) */
|
/* getaddrinfo is broken (if present) */
|
||||||
#undef BROKEN_GETADDRINFO
|
#undef BROKEN_GETADDRINFO
|
||||||
|
|
||||||
|
/* updwtmpx is broken (if present) */
|
||||||
|
#undef BROKEN_UPDWTMPX
|
||||||
|
|
||||||
/* Workaround more Linux IPv6 quirks */
|
/* Workaround more Linux IPv6 quirks */
|
||||||
#undef DONT_TRY_OTHER_AF
|
#undef DONT_TRY_OTHER_AF
|
||||||
|
|
||||||
|
@ -54,7 +54,9 @@ krb5_init(void *context)
|
|||||||
problem = krb5_init_context(&authctxt->krb5_ctx);
|
problem = krb5_init_context(&authctxt->krb5_ctx);
|
||||||
if (problem)
|
if (problem)
|
||||||
return (problem);
|
return (problem);
|
||||||
|
#ifdef KRB5_INIT_ETS
|
||||||
krb5_init_ets(authctxt->krb5_ctx);
|
krb5_init_ets(authctxt->krb5_ctx);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@ -70,6 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||||||
#endif
|
#endif
|
||||||
krb5_error_code problem;
|
krb5_error_code problem;
|
||||||
krb5_ccache ccache = NULL;
|
krb5_ccache ccache = NULL;
|
||||||
|
int len;
|
||||||
|
|
||||||
if (!authctxt->valid)
|
if (!authctxt->valid)
|
||||||
return (0);
|
return (0);
|
||||||
@ -175,6 +178,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||||||
|
|
||||||
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
|
authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
|
||||||
|
|
||||||
|
len = strlen(authctxt->krb5_ticket_file) + 6;
|
||||||
|
authctxt->krb5_ccname = xmalloc(len);
|
||||||
|
snprintf(authctxt->krb5_ccname, len, "FILE:%s",
|
||||||
|
authctxt->krb5_ticket_file);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
restore_uid();
|
restore_uid();
|
||||||
|
|
||||||
|
@ -31,7 +31,7 @@
|
|||||||
|
|
||||||
/* Based on $FreeBSD$ */
|
/* Based on $FreeBSD$ */
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $");
|
RCSID("$Id: auth-pam.c,v 1.100 2004/04/18 01:00:26 dtucker Exp $");
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
||||||
@ -58,6 +58,7 @@ RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $");
|
|||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
extern Buffer loginmsg;
|
extern Buffer loginmsg;
|
||||||
extern int compat20;
|
extern int compat20;
|
||||||
|
extern u_int utmp_len;
|
||||||
|
|
||||||
#ifdef USE_POSIX_THREADS
|
#ifdef USE_POSIX_THREADS
|
||||||
#include <pthread.h>
|
#include <pthread.h>
|
||||||
@ -117,6 +118,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
|
|||||||
{
|
{
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
||||||
|
sshpam_thread_status = -1;
|
||||||
switch ((pid = fork())) {
|
switch ((pid = fork())) {
|
||||||
case -1:
|
case -1:
|
||||||
error("fork(): %s", strerror(errno));
|
error("fork(): %s", strerror(errno));
|
||||||
@ -159,7 +161,7 @@ static int sshpam_session_open = 0;
|
|||||||
static int sshpam_cred_established = 0;
|
static int sshpam_cred_established = 0;
|
||||||
static int sshpam_account_status = -1;
|
static int sshpam_account_status = -1;
|
||||||
static char **sshpam_env = NULL;
|
static char **sshpam_env = NULL;
|
||||||
static int *force_pwchange;
|
static Authctxt *sshpam_authctxt = NULL;
|
||||||
|
|
||||||
/* Some PAM implementations don't implement this */
|
/* Some PAM implementations don't implement this */
|
||||||
#ifndef HAVE_PAM_GETENVLIST
|
#ifndef HAVE_PAM_GETENVLIST
|
||||||
@ -179,7 +181,9 @@ void
|
|||||||
pam_password_change_required(int reqd)
|
pam_password_change_required(int reqd)
|
||||||
{
|
{
|
||||||
debug3("%s %d", __func__, reqd);
|
debug3("%s %d", __func__, reqd);
|
||||||
*force_pwchange = reqd;
|
if (sshpam_authctxt == NULL)
|
||||||
|
fatal("%s: PAM authctxt not initialized", __func__);
|
||||||
|
sshpam_authctxt->force_pwchange = reqd;
|
||||||
if (reqd) {
|
if (reqd) {
|
||||||
no_port_forwarding_flag |= 2;
|
no_port_forwarding_flag |= 2;
|
||||||
no_agent_forwarding_flag |= 2;
|
no_agent_forwarding_flag |= 2;
|
||||||
@ -201,6 +205,7 @@ import_environments(Buffer *b)
|
|||||||
|
|
||||||
debug3("PAM: %s entering", __func__);
|
debug3("PAM: %s entering", __func__);
|
||||||
|
|
||||||
|
#ifndef USE_POSIX_THREADS
|
||||||
/* Import variables set by do_pam_account */
|
/* Import variables set by do_pam_account */
|
||||||
sshpam_account_status = buffer_get_int(b);
|
sshpam_account_status = buffer_get_int(b);
|
||||||
pam_password_change_required(buffer_get_int(b));
|
pam_password_change_required(buffer_get_int(b));
|
||||||
@ -228,6 +233,7 @@ import_environments(Buffer *b)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -336,6 +342,9 @@ sshpam_thread(void *ctxtp)
|
|||||||
sshpam_conv.conv = sshpam_thread_conv;
|
sshpam_conv.conv = sshpam_thread_conv;
|
||||||
sshpam_conv.appdata_ptr = ctxt;
|
sshpam_conv.appdata_ptr = ctxt;
|
||||||
|
|
||||||
|
if (sshpam_authctxt == NULL)
|
||||||
|
fatal("%s: PAM authctxt not initialized", __func__);
|
||||||
|
|
||||||
buffer_init(&buffer);
|
buffer_init(&buffer);
|
||||||
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
|
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
|
||||||
(const void *)&sshpam_conv);
|
(const void *)&sshpam_conv);
|
||||||
@ -348,7 +357,7 @@ sshpam_thread(void *ctxtp)
|
|||||||
if (compat20) {
|
if (compat20) {
|
||||||
if (!do_pam_account())
|
if (!do_pam_account())
|
||||||
goto auth_fail;
|
goto auth_fail;
|
||||||
if (*force_pwchange) {
|
if (sshpam_authctxt->force_pwchange) {
|
||||||
sshpam_err = pam_chauthtok(sshpam_handle,
|
sshpam_err = pam_chauthtok(sshpam_handle,
|
||||||
PAM_CHANGE_EXPIRED_AUTHTOK);
|
PAM_CHANGE_EXPIRED_AUTHTOK);
|
||||||
if (sshpam_err != PAM_SUCCESS)
|
if (sshpam_err != PAM_SUCCESS)
|
||||||
@ -362,7 +371,7 @@ sshpam_thread(void *ctxtp)
|
|||||||
#ifndef USE_POSIX_THREADS
|
#ifndef USE_POSIX_THREADS
|
||||||
/* Export variables set by do_pam_account */
|
/* Export variables set by do_pam_account */
|
||||||
buffer_put_int(&buffer, sshpam_account_status);
|
buffer_put_int(&buffer, sshpam_account_status);
|
||||||
buffer_put_int(&buffer, *force_pwchange);
|
buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
|
||||||
|
|
||||||
/* Export any environment strings set in child */
|
/* Export any environment strings set in child */
|
||||||
for(i = 0; environ[i] != NULL; i++)
|
for(i = 0; environ[i] != NULL; i++)
|
||||||
@ -443,11 +452,10 @@ sshpam_cleanup(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
sshpam_init(const char *user)
|
sshpam_init(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
extern u_int utmp_len;
|
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
const char *pam_rhost, *pam_user;
|
const char *pam_rhost, *pam_user, *user = authctxt->user;
|
||||||
|
|
||||||
if (sshpam_handle != NULL) {
|
if (sshpam_handle != NULL) {
|
||||||
/* We already have a PAM context; check if the user matches */
|
/* We already have a PAM context; check if the user matches */
|
||||||
@ -461,6 +469,8 @@ sshpam_init(const char *user)
|
|||||||
debug("PAM: initializing for \"%s\"", user);
|
debug("PAM: initializing for \"%s\"", user);
|
||||||
sshpam_err =
|
sshpam_err =
|
||||||
pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
|
pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
|
||||||
|
sshpam_authctxt = authctxt;
|
||||||
|
|
||||||
if (sshpam_err != PAM_SUCCESS) {
|
if (sshpam_err != PAM_SUCCESS) {
|
||||||
pam_end(sshpam_handle, sshpam_err);
|
pam_end(sshpam_handle, sshpam_err);
|
||||||
sshpam_handle = NULL;
|
sshpam_handle = NULL;
|
||||||
@ -503,7 +513,7 @@ sshpam_init_ctx(Authctxt *authctxt)
|
|||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
/* Initialize PAM */
|
/* Initialize PAM */
|
||||||
if (sshpam_init(authctxt->user) == -1) {
|
if (sshpam_init(authctxt) == -1) {
|
||||||
error("PAM: initialization failed");
|
error("PAM: initialization failed");
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
@ -511,8 +521,6 @@ sshpam_init_ctx(Authctxt *authctxt)
|
|||||||
ctxt = xmalloc(sizeof *ctxt);
|
ctxt = xmalloc(sizeof *ctxt);
|
||||||
memset(ctxt, 0, sizeof(*ctxt));
|
memset(ctxt, 0, sizeof(*ctxt));
|
||||||
|
|
||||||
force_pwchange = &(authctxt->force_pwchange);
|
|
||||||
|
|
||||||
/* Start the authentication thread */
|
/* Start the authentication thread */
|
||||||
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
|
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
|
||||||
error("PAM: failed create sockets: %s", strerror(errno));
|
error("PAM: failed create sockets: %s", strerror(errno));
|
||||||
@ -591,7 +599,10 @@ sshpam_query(void *ctx, char **name, char **info,
|
|||||||
xfree(msg);
|
xfree(msg);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
error("PAM: %s", msg);
|
error("PAM: %s for %s%.100s from %.100s", msg,
|
||||||
|
sshpam_authctxt->valid ? "" : "illegal user ",
|
||||||
|
sshpam_authctxt->user,
|
||||||
|
get_remote_name_or_ip(utmp_len, options.use_dns));
|
||||||
/* FALLTHROUGH */
|
/* FALLTHROUGH */
|
||||||
default:
|
default:
|
||||||
*num = 0;
|
*num = 0;
|
||||||
@ -671,12 +682,12 @@ KbdintDevice mm_sshpam_device = {
|
|||||||
* This replaces auth-pam.c
|
* This replaces auth-pam.c
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
start_pam(const char *user)
|
start_pam(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
if (!options.use_pam)
|
if (!options.use_pam)
|
||||||
fatal("PAM: initialisation requested when UsePAM=no");
|
fatal("PAM: initialisation requested when UsePAM=no");
|
||||||
|
|
||||||
if (sshpam_init(user) == -1)
|
if (sshpam_init(authctxt) == -1)
|
||||||
fatal("PAM: initialisation failed");
|
fatal("PAM: initialisation failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $Id: auth-pam.h,v 1.24 2004/02/10 02:23:29 dtucker Exp $ */
|
/* $Id: auth-pam.h,v 1.25 2004/03/08 12:04:07 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Damien Miller. All rights reserved.
|
* Copyright (c) 2000 Damien Miller. All rights reserved.
|
||||||
@ -31,7 +31,7 @@
|
|||||||
# define SSHD_PAM_SERVICE __progname
|
# define SSHD_PAM_SERVICE __progname
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void start_pam(const char *);
|
void start_pam(Authctxt *);
|
||||||
void finish_pam(void);
|
void finish_pam(void);
|
||||||
u_int do_pam_account(void);
|
u_int do_pam_account(void);
|
||||||
void do_pam_session(void);
|
void do_pam_session(void);
|
||||||
|
@ -73,13 +73,6 @@ auth_password(Authctxt *authctxt, const char *password)
|
|||||||
if (*password == '\0' && options.permit_empty_passwd == 0)
|
if (*password == '\0' && options.permit_empty_passwd == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
#if defined(HAVE_OSF_SIA)
|
|
||||||
/*
|
|
||||||
* XXX: any reason this is before krb? could be moved to
|
|
||||||
* sys_auth_passwd()? -dt
|
|
||||||
*/
|
|
||||||
return auth_sia_password(authctxt, password) && ok;
|
|
||||||
#endif
|
|
||||||
#ifdef KRB5
|
#ifdef KRB5
|
||||||
if (options.kerberos_authentication == 1) {
|
if (options.kerberos_authentication == 1) {
|
||||||
int ret = auth_krb5_password(authctxt, password);
|
int ret = auth_krb5_password(authctxt, password);
|
||||||
|
@ -47,7 +47,7 @@ extern int saved_argc;
|
|||||||
extern char **saved_argv;
|
extern char **saved_argv;
|
||||||
|
|
||||||
int
|
int
|
||||||
auth_sia_password(Authctxt *authctxt, char *pass)
|
sys_auth_passwd(Authctxt *authctxt, char *pass)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
SIAENTITY *ent = NULL;
|
SIAENTITY *ent = NULL;
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
|
|
||||||
#ifdef HAVE_OSF_SIA
|
#ifdef HAVE_OSF_SIA
|
||||||
|
|
||||||
int auth_sia_password(Authctxt *, char *);
|
int sys_auth_passwd(Authctxt *, char *);
|
||||||
void session_setup_sia(struct passwd *, char *);
|
void session_setup_sia(struct passwd *, char *);
|
||||||
|
|
||||||
#endif /* HAVE_OSF_SIA */
|
#endif /* HAVE_OSF_SIA */
|
||||||
|
@ -47,7 +47,8 @@ skey_query(void *ctx, char **name, char **infotxt,
|
|||||||
int len;
|
int len;
|
||||||
struct skey skey;
|
struct skey skey;
|
||||||
|
|
||||||
if (skeychallenge(&skey, authctxt->user, challenge) == -1)
|
if (_compat_skeychallenge(&skey, authctxt->user, challenge,
|
||||||
|
sizeof(challenge)) == -1)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
*name = xstrdup("");
|
*name = xstrdup("");
|
||||||
|
@ -66,6 +66,7 @@ struct Authctxt {
|
|||||||
krb5_ccache krb5_fwd_ccache;
|
krb5_ccache krb5_fwd_ccache;
|
||||||
krb5_principal krb5_user;
|
krb5_principal krb5_user;
|
||||||
char *krb5_ticket_file;
|
char *krb5_ticket_file;
|
||||||
|
char *krb5_ccname;
|
||||||
#endif
|
#endif
|
||||||
void *methoddata;
|
void *methoddata;
|
||||||
};
|
};
|
||||||
|
@ -307,7 +307,7 @@ do_authentication(Authctxt *authctxt)
|
|||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
if (options.use_pam)
|
if (options.use_pam)
|
||||||
PRIVSEP(start_pam(user));
|
PRIVSEP(start_pam(authctxt));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -150,24 +150,24 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
|
|||||||
if (authctxt->attempt++ == 0) {
|
if (authctxt->attempt++ == 0) {
|
||||||
/* setup auth context */
|
/* setup auth context */
|
||||||
authctxt->pw = PRIVSEP(getpwnamallow(user));
|
authctxt->pw = PRIVSEP(getpwnamallow(user));
|
||||||
|
authctxt->user = xstrdup(user);
|
||||||
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
|
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
|
||||||
authctxt->valid = 1;
|
authctxt->valid = 1;
|
||||||
debug2("input_userauth_request: setting up authctxt for %s", user);
|
debug2("input_userauth_request: setting up authctxt for %s", user);
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
if (options.use_pam)
|
if (options.use_pam)
|
||||||
PRIVSEP(start_pam(authctxt->pw->pw_name));
|
PRIVSEP(start_pam(authctxt));
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
logit("input_userauth_request: illegal user %s", user);
|
logit("input_userauth_request: illegal user %s", user);
|
||||||
authctxt->pw = fakepw();
|
authctxt->pw = fakepw();
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
if (options.use_pam)
|
if (options.use_pam)
|
||||||
PRIVSEP(start_pam(user));
|
PRIVSEP(start_pam(authctxt));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
setproctitle("%s%s", authctxt->pw ? user : "unknown",
|
setproctitle("%s%s", authctxt->pw ? user : "unknown",
|
||||||
use_privsep ? " [net]" : "");
|
use_privsep ? " [net]" : "");
|
||||||
authctxt->user = xstrdup(user);
|
|
||||||
authctxt->service = xstrdup(service);
|
authctxt->service = xstrdup(service);
|
||||||
authctxt->style = style ? xstrdup(style) : NULL;
|
authctxt->style = style ? xstrdup(style) : NULL;
|
||||||
if (use_privsep)
|
if (use_privsep)
|
||||||
|
@ -44,6 +44,9 @@ get_remote_hostname(int socket, int use_dns)
|
|||||||
cleanup_exit(255);
|
cleanup_exit(255);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (from.ss_family == AF_INET)
|
||||||
|
check_ip_options(socket, ntop);
|
||||||
|
|
||||||
ipv64_normalise_mapped(&from, &fromlen);
|
ipv64_normalise_mapped(&from, &fromlen);
|
||||||
|
|
||||||
if (from.ss_family == AF_INET6)
|
if (from.ss_family == AF_INET6)
|
||||||
@ -56,9 +59,6 @@ get_remote_hostname(int socket, int use_dns)
|
|||||||
if (!use_dns)
|
if (!use_dns)
|
||||||
return xstrdup(ntop);
|
return xstrdup(ntop);
|
||||||
|
|
||||||
if (from.ss_family == AF_INET)
|
|
||||||
check_ip_options(socket, ntop);
|
|
||||||
|
|
||||||
debug3("Trying to reverse map address %.100s.", ntop);
|
debug3("Trying to reverse map address %.100s.", ntop);
|
||||||
/* Map the IP address to a host name. */
|
/* Map the IP address to a host name. */
|
||||||
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
|
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
|
||||||
|
@ -1,4 +1,18 @@
|
|||||||
# $Id: configure.ac,v 1.202 2004/02/24 05:47:04 tim Exp $
|
# $Id: configure.ac,v 1.214 2004/04/17 03:03:07 tim Exp $
|
||||||
|
#
|
||||||
|
# Copyright (c) 1999-2004 Damien Miller
|
||||||
|
#
|
||||||
|
# Permission to use, copy, modify, and distribute this software for any
|
||||||
|
# purpose with or without fee is hereby granted, provided that the above
|
||||||
|
# copyright notice and this permission notice appear in all copies.
|
||||||
|
#
|
||||||
|
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
AC_INIT
|
AC_INIT
|
||||||
AC_CONFIG_SRCDIR([ssh.c])
|
AC_CONFIG_SRCDIR([ssh.c])
|
||||||
@ -195,10 +209,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
|||||||
AC_DEFINE(DISABLE_UTMP)
|
AC_DEFINE(DISABLE_UTMP)
|
||||||
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
|
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
|
||||||
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
|
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
|
||||||
case "$host" in
|
check_for_hpux_broken_getaddrinfo=1
|
||||||
*-*-hpux11.11*)
|
|
||||||
AC_DEFINE(BROKEN_GETADDRINFO);;
|
|
||||||
esac
|
|
||||||
LIBS="$LIBS -lsec"
|
LIBS="$LIBS -lsec"
|
||||||
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
|
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
|
||||||
;;
|
;;
|
||||||
@ -221,6 +232,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
|||||||
AC_DEFINE(SETEUID_BREAKS_SETUID)
|
AC_DEFINE(SETEUID_BREAKS_SETUID)
|
||||||
AC_DEFINE(BROKEN_SETREUID)
|
AC_DEFINE(BROKEN_SETREUID)
|
||||||
AC_DEFINE(BROKEN_SETREGID)
|
AC_DEFINE(BROKEN_SETREGID)
|
||||||
|
AC_DEFINE(BROKEN_UPDWTMPX)
|
||||||
AC_DEFINE(WITH_ABBREV_NO_TTY)
|
AC_DEFINE(WITH_ABBREV_NO_TTY)
|
||||||
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
|
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
|
||||||
;;
|
;;
|
||||||
@ -230,7 +242,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
|||||||
check_for_openpty_ctty_bug=1
|
check_for_openpty_ctty_bug=1
|
||||||
AC_DEFINE(DONT_TRY_OTHER_AF)
|
AC_DEFINE(DONT_TRY_OTHER_AF)
|
||||||
AC_DEFINE(PAM_TTY_KLUDGE)
|
AC_DEFINE(PAM_TTY_KLUDGE)
|
||||||
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
|
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
|
||||||
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
|
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
|
||||||
inet6_default_4in6=yes
|
inet6_default_4in6=yes
|
||||||
case `uname -r` in
|
case `uname -r` in
|
||||||
@ -268,6 +280,9 @@ mips-sony-bsd|mips-sony-newsos4)
|
|||||||
AC_DEFINE(BROKEN_SAVED_UIDS)
|
AC_DEFINE(BROKEN_SAVED_UIDS)
|
||||||
;;
|
;;
|
||||||
*-*-solaris*)
|
*-*-solaris*)
|
||||||
|
if test "x$withval" != "xno" ; then
|
||||||
|
need_dash_r=1
|
||||||
|
fi
|
||||||
AC_DEFINE(PAM_SUN_CODEBASE)
|
AC_DEFINE(PAM_SUN_CODEBASE)
|
||||||
AC_DEFINE(LOGIN_NEEDS_UTMPX)
|
AC_DEFINE(LOGIN_NEEDS_UTMPX)
|
||||||
AC_DEFINE(LOGIN_NEEDS_TERM)
|
AC_DEFINE(LOGIN_NEEDS_TERM)
|
||||||
@ -344,6 +359,9 @@ mips-sony-bsd|mips-sony-newsos4)
|
|||||||
AC_DEFINE(HAVE_SECUREWARE)
|
AC_DEFINE(HAVE_SECUREWARE)
|
||||||
AC_DEFINE(DISABLE_SHADOW)
|
AC_DEFINE(DISABLE_SHADOW)
|
||||||
AC_DEFINE(BROKEN_SAVED_UIDS)
|
AC_DEFINE(BROKEN_SAVED_UIDS)
|
||||||
|
AC_DEFINE(SETEUID_BREAKS_SETUID)
|
||||||
|
AC_DEFINE(BROKEN_SETREUID)
|
||||||
|
AC_DEFINE(BROKEN_SETREGID)
|
||||||
AC_DEFINE(WITH_ABBREV_NO_TTY)
|
AC_DEFINE(WITH_ABBREV_NO_TTY)
|
||||||
AC_CHECK_FUNCS(getluid setluid)
|
AC_CHECK_FUNCS(getluid setluid)
|
||||||
MANTYPE=man
|
MANTYPE=man
|
||||||
@ -491,10 +509,10 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
|
|||||||
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
|
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
|
||||||
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
|
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
|
||||||
strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
|
strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
|
||||||
sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
|
sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
|
||||||
sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
|
sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
|
||||||
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
|
sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
|
||||||
util.h utime.h utmp.h utmpx.h vis.h)
|
ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
|
||||||
|
|
||||||
# Checks for libraries.
|
# Checks for libraries.
|
||||||
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
|
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
|
||||||
@ -728,6 +746,15 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
|
|||||||
AC_MSG_RESULT(no)
|
AC_MSG_RESULT(no)
|
||||||
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
|
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
|
||||||
])
|
])
|
||||||
|
AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
|
||||||
|
AC_TRY_COMPILE(
|
||||||
|
[#include <stdio.h>
|
||||||
|
#include <skey.h>],
|
||||||
|
[(void)skeychallenge(NULL,"name","",0);],
|
||||||
|
[AC_MSG_RESULT(yes)
|
||||||
|
AC_DEFINE(SKEYCHALLENGE_4ARG)],
|
||||||
|
[AC_MSG_RESULT(no)]
|
||||||
|
)
|
||||||
fi
|
fi
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
@ -767,6 +794,9 @@ AC_ARG_WITH(tcp-wrappers,
|
|||||||
AC_MSG_CHECKING(for libwrap)
|
AC_MSG_CHECKING(for libwrap)
|
||||||
AC_TRY_LINK(
|
AC_TRY_LINK(
|
||||||
[
|
[
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
#include <tcpd.h>
|
#include <tcpd.h>
|
||||||
int deny_severity = 0, allow_severity = 0;
|
int deny_severity = 0, allow_severity = 0;
|
||||||
],
|
],
|
||||||
@ -794,12 +824,12 @@ AC_CHECK_FUNCS(\
|
|||||||
getpeereid _getpty getrlimit getttyent glob inet_aton \
|
getpeereid _getpty getrlimit getttyent glob inet_aton \
|
||||||
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
|
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
|
||||||
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
|
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
|
||||||
pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
|
pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
|
||||||
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
|
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
|
||||||
setproctitle setregid setreuid setrlimit \
|
setproctitle setregid setreuid setrlimit \
|
||||||
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
|
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
|
||||||
strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
|
strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
|
||||||
truncate updwtmpx utimes vhangup vsnprintf waitpid \
|
truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
|
||||||
)
|
)
|
||||||
|
|
||||||
# IRIX has a const char return value for gai_strerror()
|
# IRIX has a const char return value for gai_strerror()
|
||||||
@ -967,6 +997,74 @@ main()
|
|||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
|
||||||
|
AC_MSG_CHECKING(if getaddrinfo seems to work)
|
||||||
|
AC_TRY_RUN(
|
||||||
|
[
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netdb.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
|
||||||
|
#define TEST_PORT "2222"
|
||||||
|
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
int err, sock;
|
||||||
|
struct addrinfo *gai_ai, *ai, hints;
|
||||||
|
char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
|
||||||
|
|
||||||
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
hints.ai_family = PF_UNSPEC;
|
||||||
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
|
hints.ai_flags = AI_PASSIVE;
|
||||||
|
|
||||||
|
err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
|
||||||
|
if (err != 0) {
|
||||||
|
fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
|
||||||
|
if (ai->ai_family != AF_INET6)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
|
||||||
|
sizeof(ntop), strport, sizeof(strport),
|
||||||
|
NI_NUMERICHOST|NI_NUMERICSERV);
|
||||||
|
|
||||||
|
if (err != 0) {
|
||||||
|
if (err == EAI_SYSTEM)
|
||||||
|
perror("getnameinfo EAI_SYSTEM");
|
||||||
|
else
|
||||||
|
fprintf(stderr, "getnameinfo failed: %s\n",
|
||||||
|
gai_strerror(err));
|
||||||
|
exit(2);
|
||||||
|
}
|
||||||
|
|
||||||
|
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
||||||
|
if (sock < 0)
|
||||||
|
perror("socket");
|
||||||
|
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||||
|
if (errno == EBADF)
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
AC_MSG_RESULT(yes)
|
||||||
|
],
|
||||||
|
[
|
||||||
|
AC_MSG_RESULT(no)
|
||||||
|
AC_DEFINE(BROKEN_GETADDRINFO)
|
||||||
|
]
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
AC_FUNC_GETPGRP
|
AC_FUNC_GETPGRP
|
||||||
|
|
||||||
# Check for PAM libs
|
# Check for PAM libs
|
||||||
@ -2157,6 +2255,7 @@ AC_ARG_WITH(kerberos5,
|
|||||||
|
|
||||||
LIBS="$LIBS $K5LIBS"
|
LIBS="$LIBS $K5LIBS"
|
||||||
AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
|
AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
|
||||||
|
AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
15
crypto/openssh/contrib/Makefile
Normal file
15
crypto/openssh/contrib/Makefile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
all:
|
||||||
|
@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
|
||||||
|
|
||||||
|
gnome-ssh-askpass1: gnome-ssh-askpass1.c
|
||||||
|
$(CC) `gnome-config --cflags gnome gnomeui` \
|
||||||
|
gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
|
||||||
|
`gnome-config --libs gnome gnomeui`
|
||||||
|
|
||||||
|
gnome-ssh-askpass2: gnome-ssh-askpass2.c
|
||||||
|
$(CC) `pkg-config --cflags gtk+-2.0` \
|
||||||
|
gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
|
||||||
|
`pkg-config --libs gtk+-2.0`
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
|
60
crypto/openssh/contrib/README
Normal file
60
crypto/openssh/contrib/README
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
Other patches and addons for OpenSSH. Please send submissions to
|
||||||
|
djm@mindrot.org
|
||||||
|
|
||||||
|
Externally maintained
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
SSH Proxy Command -- connect.c
|
||||||
|
|
||||||
|
Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
|
||||||
|
which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
|
||||||
|
https CONNECT style proxy server. His page for connect.c has extensive
|
||||||
|
documentation on its use as well as compiled versions for Win32.
|
||||||
|
|
||||||
|
http://www.taiyo.co.jp/~gotoh/ssh/connect.html
|
||||||
|
|
||||||
|
|
||||||
|
X11 SSH Askpass:
|
||||||
|
|
||||||
|
Jim Knoble <jmknoble@pobox.com> has written an excellent X11
|
||||||
|
passphrase requester. This is highly recommended:
|
||||||
|
|
||||||
|
http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
|
||||||
|
|
||||||
|
|
||||||
|
In this directory
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
ssh-copy-id:
|
||||||
|
|
||||||
|
Phil Hands' <phil@hands.com> shell script to automate the process of adding
|
||||||
|
your public key to a remote machine's ~/.ssh/authorized_keys file.
|
||||||
|
|
||||||
|
gnome-ssh-askpass[12]:
|
||||||
|
|
||||||
|
A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
|
||||||
|
"make gnome-ssh-askpass2" to build.
|
||||||
|
|
||||||
|
sshd.pam.generic:
|
||||||
|
|
||||||
|
A generic PAM config file which may be useful on your system. YMMV
|
||||||
|
|
||||||
|
sshd.pam.freebsd:
|
||||||
|
|
||||||
|
A PAM config file which works with FreeBSD's PAM port. Contributed by
|
||||||
|
Dominik Brettnacher <domi@saargate.de>
|
||||||
|
|
||||||
|
mdoc2man.pl:
|
||||||
|
|
||||||
|
Converts mdoc formated manpages into normal manpages. This can be used
|
||||||
|
on Solaris machines to provide manpages that are not preformated.
|
||||||
|
Contributed by Mark D. Roth <roth@feep.net>
|
||||||
|
|
||||||
|
redhat:
|
||||||
|
|
||||||
|
RPM spec file and scripts for building Redhat packages
|
||||||
|
|
||||||
|
suse:
|
||||||
|
|
||||||
|
RPM spec file and scripts for building SuSE packages
|
||||||
|
|
50
crypto/openssh/contrib/aix/README
Normal file
50
crypto/openssh/contrib/aix/README
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
Overview:
|
||||||
|
|
||||||
|
This directory contains files to build an AIX native (installp or SMIT
|
||||||
|
installable) openssh package.
|
||||||
|
|
||||||
|
|
||||||
|
Directions:
|
||||||
|
|
||||||
|
(optional) create config.local in your build dir
|
||||||
|
./configure [options]
|
||||||
|
contrib/aix/buildbff.sh
|
||||||
|
|
||||||
|
The file config.local or the environment is read to set the following options
|
||||||
|
(default first):
|
||||||
|
PERMIT_ROOT_LOGIN=[no|yes]
|
||||||
|
X11_FORWARDING=[no|yes]
|
||||||
|
AIX_SRC=[no|yes]
|
||||||
|
|
||||||
|
Acknowledgements:
|
||||||
|
|
||||||
|
The contents of this directory are based on Ben Lindstrom's Solaris
|
||||||
|
buildpkg.sh. Ben also supplied inventory.sh.
|
||||||
|
|
||||||
|
Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's
|
||||||
|
and for comparison with the output from this script, however no code
|
||||||
|
from lppbuild is included and it is not required for operation.
|
||||||
|
|
||||||
|
SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
|
||||||
|
PrivSep account handling fixes contributed by W. Earl Allen.
|
||||||
|
|
||||||
|
|
||||||
|
Other notes:
|
||||||
|
|
||||||
|
The script treats all packages as USR packages (not ROOT+USR when
|
||||||
|
appropriate). It seems to work, though......
|
||||||
|
|
||||||
|
If there are any patches to this that have not yet been integrated they
|
||||||
|
may be found at http://www.zip.com.au/~dtucker/openssh/.
|
||||||
|
|
||||||
|
|
||||||
|
Disclaimer:
|
||||||
|
|
||||||
|
It is hoped that it is useful but there is no warranty. If it breaks
|
||||||
|
you get to keep both pieces.
|
||||||
|
|
||||||
|
|
||||||
|
- Darren Tucker (dtucker at zip dot com dot au)
|
||||||
|
2002/03/01
|
||||||
|
|
||||||
|
$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $
|
383
crypto/openssh/contrib/aix/buildbff.sh
Executable file
383
crypto/openssh/contrib/aix/buildbff.sh
Executable file
@ -0,0 +1,383 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
|
||||||
|
# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $
|
||||||
|
#
|
||||||
|
# Author: Darren Tucker (dtucker at zip dot com dot au)
|
||||||
|
# This file is placed in the public domain and comes with absolutely
|
||||||
|
# no warranty.
|
||||||
|
#
|
||||||
|
# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tunable configuration settings
|
||||||
|
# create a "config.local" in your build directory or set
|
||||||
|
# environment variables to override these.
|
||||||
|
#
|
||||||
|
[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
|
||||||
|
[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
|
||||||
|
[ -z "$AIX_SRC" ] && AIX_SRC=no
|
||||||
|
|
||||||
|
umask 022
|
||||||
|
|
||||||
|
startdir=`pwd`
|
||||||
|
|
||||||
|
# Path to inventory.sh: same place as buildbff.sh
|
||||||
|
if echo $0 | egrep '^/'
|
||||||
|
then
|
||||||
|
inventory=`dirname $0`/inventory.sh # absolute path
|
||||||
|
else
|
||||||
|
inventory=`pwd`/`dirname $0`/inventory.sh # relative path
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# We still support running from contrib/aix, but this is deprecated
|
||||||
|
#
|
||||||
|
if pwd | egrep 'contrib/aix$'
|
||||||
|
then
|
||||||
|
echo "Changing directory to `pwd`/../.."
|
||||||
|
echo "Please run buildbff.sh from your build directory in future."
|
||||||
|
cd ../..
|
||||||
|
contribaix=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f Makefile ]
|
||||||
|
then
|
||||||
|
echo "Makefile not found (did you run configure?)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# Directories used during build:
|
||||||
|
# current dir = $objdir directory you ran ./configure in.
|
||||||
|
# $objdir/$PKGDIR/ directory package files are constructed in
|
||||||
|
# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
|
||||||
|
#
|
||||||
|
objdir=`pwd`
|
||||||
|
PKGNAME=openssh
|
||||||
|
PKGDIR=package
|
||||||
|
|
||||||
|
#
|
||||||
|
# Collect local configuration settings to override defaults
|
||||||
|
#
|
||||||
|
if [ -s ./config.local ]
|
||||||
|
then
|
||||||
|
echo Reading local settings from config.local
|
||||||
|
. ./config.local
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# Fill in some details from Makefile, like prefix and sysconfdir
|
||||||
|
# the eval also expands variables like sysconfdir=${prefix}/etc
|
||||||
|
# provided they are eval'ed in the correct order
|
||||||
|
#
|
||||||
|
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
|
||||||
|
do
|
||||||
|
eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
|
||||||
|
done
|
||||||
|
|
||||||
|
#
|
||||||
|
# Collect values of privsep user and privsep path
|
||||||
|
# currently only found in config.h
|
||||||
|
#
|
||||||
|
for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
|
||||||
|
do
|
||||||
|
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
|
||||||
|
done
|
||||||
|
|
||||||
|
# Set privsep defaults if not defined
|
||||||
|
if [ -z "$SSH_PRIVSEP_USER" ]
|
||||||
|
then
|
||||||
|
SSH_PRIVSEP_USER=sshd
|
||||||
|
fi
|
||||||
|
if [ -z "$PRIVSEP_PATH" ]
|
||||||
|
then
|
||||||
|
PRIVSEP_PATH=/var/empty
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clean package build directory
|
||||||
|
rm -rf $objdir/$PKGDIR
|
||||||
|
FAKE_ROOT=$objdir/$PKGDIR/root
|
||||||
|
mkdir -p $FAKE_ROOT
|
||||||
|
|
||||||
|
# Start by faking root install
|
||||||
|
echo "Faking root install..."
|
||||||
|
cd $objdir
|
||||||
|
make install-nokeys DESTDIR=$FAKE_ROOT
|
||||||
|
|
||||||
|
if [ $? -gt 0 ]
|
||||||
|
then
|
||||||
|
echo "Fake root install failed, stopping."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# Copy informational files to include in package
|
||||||
|
#
|
||||||
|
cp $srcdir/LICENCE $objdir/$PKGDIR/
|
||||||
|
cp $srcdir/README* $objdir/$PKGDIR/
|
||||||
|
|
||||||
|
#
|
||||||
|
# Extract common info requires for the 'info' part of the package.
|
||||||
|
# AIX requires 4-part version numbers
|
||||||
|
#
|
||||||
|
VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _`
|
||||||
|
MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
|
||||||
|
MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
|
||||||
|
PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
|
||||||
|
PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
|
||||||
|
[ "$PATCH" = "" ] && PATCH=0
|
||||||
|
[ "$PORTABLE" = "" ] && PORTABLE=0
|
||||||
|
BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
|
||||||
|
|
||||||
|
echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set ssh and sshd parameters as per config.local
|
||||||
|
#
|
||||||
|
if [ "${PERMIT_ROOT_LOGIN}" = no ]
|
||||||
|
then
|
||||||
|
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
|
||||||
|
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||||
|
fi
|
||||||
|
if [ "${X11_FORWARDING}" = yes ]
|
||||||
|
then
|
||||||
|
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
|
||||||
|
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Rename config files; postinstall script will copy them if necessary
|
||||||
|
for cfgfile in ssh_config sshd_config ssh_prng_cmds
|
||||||
|
do
|
||||||
|
mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
|
||||||
|
done
|
||||||
|
|
||||||
|
#
|
||||||
|
# Generate lpp control files.
|
||||||
|
# working dir is $FAKE_ROOT but files are generated in dir above
|
||||||
|
# and moved into place just before creation of .bff
|
||||||
|
#
|
||||||
|
cd $FAKE_ROOT
|
||||||
|
echo Generating LPP control files
|
||||||
|
find . ! -name . -print >../openssh.al
|
||||||
|
$inventory >../openssh.inventory
|
||||||
|
|
||||||
|
cat <<EOD >../openssh.copyright
|
||||||
|
This software is distributed under a BSD-style license.
|
||||||
|
For the full text of the license, see /usr/lpp/openssh/LICENCE
|
||||||
|
EOD
|
||||||
|
|
||||||
|
#
|
||||||
|
# openssh.size file allows filesystem expansion as required
|
||||||
|
# generate list of directories containing files
|
||||||
|
# then calculate disk usage for each directory and store in openssh.size
|
||||||
|
#
|
||||||
|
files=`find . -type f -print`
|
||||||
|
dirs=`for file in $files; do dirname $file; done | sort -u`
|
||||||
|
for dir in $dirs
|
||||||
|
do
|
||||||
|
du $dir
|
||||||
|
done > ../openssh.size
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create postinstall script
|
||||||
|
#
|
||||||
|
cat <<EOF >>../openssh.post_i
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo Creating configs from defaults if necessary.
|
||||||
|
for cfgfile in ssh_config sshd_config ssh_prng_cmds
|
||||||
|
do
|
||||||
|
if [ ! -f $sysconfdir/\$cfgfile ]
|
||||||
|
then
|
||||||
|
echo "Creating \$cfgfile from default"
|
||||||
|
cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
|
||||||
|
else
|
||||||
|
echo "\$cfgfile already exists."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
echo
|
||||||
|
|
||||||
|
# Create PrivSep user if PrivSep not disabled in config
|
||||||
|
echo Creating PrivSep prereqs if required.
|
||||||
|
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
|
||||||
|
then
|
||||||
|
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
|
||||||
|
echo "group or chroot directory."
|
||||||
|
else
|
||||||
|
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
|
||||||
|
|
||||||
|
# create group if required
|
||||||
|
if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||||
|
then
|
||||||
|
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
|
||||||
|
else
|
||||||
|
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
|
||||||
|
mkgroup -A $SSH_PRIVSEP_USER
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create user if required
|
||||||
|
if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||||
|
then
|
||||||
|
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||||
|
else
|
||||||
|
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
|
||||||
|
mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
|
||||||
|
fi
|
||||||
|
|
||||||
|
# create chroot directory if required
|
||||||
|
if [ -d $PRIVSEP_PATH ]
|
||||||
|
then
|
||||||
|
echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
|
||||||
|
else
|
||||||
|
echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
|
||||||
|
mkdir $PRIVSEP_PATH
|
||||||
|
chown 0 $PRIVSEP_PATH
|
||||||
|
chgrp 0 $PRIVSEP_PATH
|
||||||
|
chmod 755 $PRIVSEP_PATH
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
|
||||||
|
# Generate keys unless they already exist
|
||||||
|
echo Creating host keys if required.
|
||||||
|
if [ -f "$sysconfdir/ssh_host_key" ] ; then
|
||||||
|
echo "$sysconfdir/ssh_host_key already exists, skipping."
|
||||||
|
else
|
||||||
|
$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
|
||||||
|
fi
|
||||||
|
if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
|
||||||
|
echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
|
||||||
|
else
|
||||||
|
$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
|
||||||
|
fi
|
||||||
|
if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
|
||||||
|
echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
|
||||||
|
else
|
||||||
|
$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
|
||||||
|
# Set startup command depending on SRC support
|
||||||
|
if [ "$AIX_SRC" = "yes" ]
|
||||||
|
then
|
||||||
|
echo Creating SRC sshd subsystem.
|
||||||
|
rmssys -s sshd 2>&1 >/dev/null
|
||||||
|
mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
|
||||||
|
startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
|
||||||
|
oldstartcmd="$sbindir/sshd"
|
||||||
|
else
|
||||||
|
startupcmd="$sbindir/sshd"
|
||||||
|
oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If migrating to or from SRC, change previous startup command
|
||||||
|
# otherwise add to rc.tcpip
|
||||||
|
if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
|
||||||
|
then
|
||||||
|
if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
|
||||||
|
then
|
||||||
|
chmod 0755 /etc/rc.tcpip.new
|
||||||
|
mv /etc/rc.tcpip /etc/rc.tcpip.old && \
|
||||||
|
mv /etc/rc.tcpip.new /etc/rc.tcpip
|
||||||
|
else
|
||||||
|
echo "Updating /etc/rc.tcpip failed, please check."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Add to system startup if required
|
||||||
|
if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
|
||||||
|
then
|
||||||
|
echo "sshd found in rc.tcpip, not adding."
|
||||||
|
else
|
||||||
|
echo "Adding sshd to rc.tcpip"
|
||||||
|
echo >>/etc/rc.tcpip
|
||||||
|
echo "# Start sshd" >>/etc/rc.tcpip
|
||||||
|
echo "\$startupcmd" >>/etc/rc.tcpip
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create liblpp.a and move control files into it
|
||||||
|
#
|
||||||
|
echo Creating liblpp.a
|
||||||
|
(
|
||||||
|
cd ..
|
||||||
|
for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
|
||||||
|
do
|
||||||
|
ar -r liblpp.a $i
|
||||||
|
rm $i
|
||||||
|
done
|
||||||
|
)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create lpp_name
|
||||||
|
#
|
||||||
|
# This will end up looking something like:
|
||||||
|
# 4 R I OpenSSH {
|
||||||
|
# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
|
||||||
|
# [
|
||||||
|
# %
|
||||||
|
# /usr/local/bin 8073
|
||||||
|
# /usr/local/etc 189
|
||||||
|
# /usr/local/libexec 185
|
||||||
|
# /usr/local/man/man1 145
|
||||||
|
# /usr/local/man/man8 83
|
||||||
|
# /usr/local/sbin 2105
|
||||||
|
# /usr/local/share 3
|
||||||
|
# %
|
||||||
|
# ]
|
||||||
|
# }
|
||||||
|
|
||||||
|
echo Creating lpp_name
|
||||||
|
cat <<EOF >../lpp_name
|
||||||
|
4 R I $PKGNAME {
|
||||||
|
$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
|
||||||
|
[
|
||||||
|
%
|
||||||
|
EOF
|
||||||
|
|
||||||
|
for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
|
||||||
|
do
|
||||||
|
# get size in 512 byte blocks
|
||||||
|
if [ -d $FAKE_ROOT/$i ]
|
||||||
|
then
|
||||||
|
size=`du $FAKE_ROOT/$i | awk '{print $1}'`
|
||||||
|
echo "$i $size" >>../lpp_name
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo '%' >>../lpp_name
|
||||||
|
echo ']' >>../lpp_name
|
||||||
|
echo '}' >>../lpp_name
|
||||||
|
|
||||||
|
#
|
||||||
|
# Move pieces into place
|
||||||
|
#
|
||||||
|
mkdir -p usr/lpp/openssh
|
||||||
|
mv ../liblpp.a usr/lpp/openssh
|
||||||
|
mv ../lpp_name .
|
||||||
|
|
||||||
|
#
|
||||||
|
# Now invoke backup to create .bff file
|
||||||
|
# note: lpp_name needs to be the first file so we generate the
|
||||||
|
# file list on the fly and feed it to backup using -i
|
||||||
|
#
|
||||||
|
echo Creating $PKGNAME-$VERSION.bff with backup...
|
||||||
|
rm -f $PKGNAME-$VERSION.bff
|
||||||
|
(
|
||||||
|
echo "./lpp_name"
|
||||||
|
find . ! -name lpp_name -a ! -name . -print
|
||||||
|
) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
|
||||||
|
|
||||||
|
#
|
||||||
|
# Move package into final location and clean up
|
||||||
|
#
|
||||||
|
mv ../$PKGNAME-$VERSION.bff $startdir
|
||||||
|
cd $startdir
|
||||||
|
rm -rf $objdir/$PKGDIR
|
||||||
|
|
||||||
|
echo $0: done.
|
||||||
|
|
63
crypto/openssh/contrib/aix/inventory.sh
Executable file
63
crypto/openssh/contrib/aix/inventory.sh
Executable file
@ -0,0 +1,63 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# inventory.sh
|
||||||
|
# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $
|
||||||
|
#
|
||||||
|
# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
|
||||||
|
# This file is placed into the public domain.
|
||||||
|
#
|
||||||
|
# This will produce an AIX package inventory file, which looks like:
|
||||||
|
#
|
||||||
|
# /usr/local/bin:
|
||||||
|
# class=apply,inventory,openssh
|
||||||
|
# owner=root
|
||||||
|
# group=system
|
||||||
|
# mode=755
|
||||||
|
# type=DIRECTORY
|
||||||
|
# /usr/local/bin/slogin:
|
||||||
|
# class=apply,inventory,openssh
|
||||||
|
# owner=root
|
||||||
|
# group=system
|
||||||
|
# mode=777
|
||||||
|
# type=SYMLINK
|
||||||
|
# target=ssh
|
||||||
|
# /usr/local/share/Ssh.bin:
|
||||||
|
# class=apply,inventory,openssh
|
||||||
|
# owner=root
|
||||||
|
# group=system
|
||||||
|
# mode=644
|
||||||
|
# type=FILE
|
||||||
|
# size=VOLATILE
|
||||||
|
# checksum=VOLATILE
|
||||||
|
|
||||||
|
find . ! -name . -print | perl -ne '{
|
||||||
|
chomp;
|
||||||
|
if ( -l $_ ) {
|
||||||
|
($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat;
|
||||||
|
} else {
|
||||||
|
($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Start to display inventory information
|
||||||
|
$name = $_;
|
||||||
|
$name =~ s|^.||; # Strip leading dot from path
|
||||||
|
print "$name:\n";
|
||||||
|
print "\tclass=apply,inventory,openssh\n";
|
||||||
|
print "\towner=root\n";
|
||||||
|
print "\tgroup=system\n";
|
||||||
|
printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits
|
||||||
|
|
||||||
|
if ( -l $_ ) {
|
||||||
|
# Entry is SymLink
|
||||||
|
print "\ttype=SYMLINK\n";
|
||||||
|
printf "\ttarget=%s\n", readlink($_);
|
||||||
|
} elsif ( -f $_ ) {
|
||||||
|
# Entry is File
|
||||||
|
print "\ttype=FILE\n";
|
||||||
|
print "\tsize=$sz\n";
|
||||||
|
print "\tchecksum=VOLATILE\n";
|
||||||
|
} elsif ( -d $_ ) {
|
||||||
|
# Entry is Directory
|
||||||
|
print "\ttype=DIRECTORY\n";
|
||||||
|
}
|
||||||
|
}'
|
20
crypto/openssh/contrib/aix/pam.conf
Normal file
20
crypto/openssh/contrib/aix/pam.conf
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#
|
||||||
|
# PAM configuration file /etc/pam.conf
|
||||||
|
# Example for OpenSSH on AIX 5.2
|
||||||
|
#
|
||||||
|
|
||||||
|
# Authentication Management
|
||||||
|
sshd auth required /usr/lib/security/pam_aix
|
||||||
|
OTHER auth required /usr/lib/security/pam_aix
|
||||||
|
|
||||||
|
# Account Management
|
||||||
|
sshd account required /usr/lib/security/pam_aix
|
||||||
|
OTHER account required /usr/lib/security/pam_aix
|
||||||
|
|
||||||
|
# Session Management
|
||||||
|
sshd password required /usr/lib/security/pam_aix
|
||||||
|
OTHER password required /usr/lib/security/pam_aix
|
||||||
|
|
||||||
|
# Password Management
|
||||||
|
sshd session required /usr/lib/security/pam_aix
|
||||||
|
OTHER session required /usr/lib/security/pam_aix
|
366
crypto/openssh/contrib/caldera/openssh.spec
Normal file
366
crypto/openssh/contrib/caldera/openssh.spec
Normal file
@ -0,0 +1,366 @@
|
|||||||
|
|
||||||
|
# Some of this will need re-evaluation post-LSB. The SVIdir is there
|
||||||
|
# because the link appeared broken. The rest is for easy compilation,
|
||||||
|
# the tradeoff open to discussion. (LC957)
|
||||||
|
|
||||||
|
%define SVIdir /etc/rc.d/init.d
|
||||||
|
%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages}
|
||||||
|
%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons}
|
||||||
|
|
||||||
|
%define _mandir %{_prefix}/share/man/en
|
||||||
|
%define _sysconfdir /etc/ssh
|
||||||
|
%define _libexecdir %{_libdir}/ssh
|
||||||
|
|
||||||
|
# Do we want to disable root_login? (1=yes 0=no)
|
||||||
|
%define no_root_login 0
|
||||||
|
|
||||||
|
#old cvs stuff. please update before use. may be deprecated.
|
||||||
|
%define use_stable 1
|
||||||
|
%if %{use_stable}
|
||||||
|
%define version 3.8.1p1
|
||||||
|
%define cvs %{nil}
|
||||||
|
%define release 1
|
||||||
|
%else
|
||||||
|
%define version 3.8.1p1
|
||||||
|
%define cvs cvs20011009
|
||||||
|
%define release 0r1
|
||||||
|
%endif
|
||||||
|
%define xsa x11-ssh-askpass
|
||||||
|
%define askpass %{xsa}-1.2.4.1
|
||||||
|
|
||||||
|
# OpenSSH privilege separation requires a user & group ID
|
||||||
|
%define sshd_uid 67
|
||||||
|
%define sshd_gid 67
|
||||||
|
|
||||||
|
Name : openssh
|
||||||
|
Version : %{version}%{cvs}
|
||||||
|
Release : %{release}
|
||||||
|
Group : System/Network
|
||||||
|
|
||||||
|
Summary : OpenSSH free Secure Shell (SSH) implementation.
|
||||||
|
Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH).
|
||||||
|
Summary(es) : OpenSSH implementación libre de Secure Shell (SSH).
|
||||||
|
Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH).
|
||||||
|
Summary(it) : Implementazione gratuita OpenSSH della Secure Shell.
|
||||||
|
Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH).
|
||||||
|
Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH).
|
||||||
|
|
||||||
|
Copyright : BSD
|
||||||
|
Packager : Raymund Will <ray@caldera.de>
|
||||||
|
URL : http://www.openssh.com/
|
||||||
|
|
||||||
|
Obsoletes : ssh, ssh-clients, openssh-clients
|
||||||
|
|
||||||
|
BuildRoot : /tmp/%{name}-%{version}
|
||||||
|
BuildRequires : XFree86-imake
|
||||||
|
|
||||||
|
# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
|
||||||
|
# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
|
||||||
|
Source0: see-above:/.../openssh-%{version}.tar.gz
|
||||||
|
%if %{use_stable}
|
||||||
|
Source1: see-above:/.../openssh-%{version}.tar.gz.sig
|
||||||
|
%endif
|
||||||
|
Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz
|
||||||
|
Source3: http://www.openssh.com/faq.html
|
||||||
|
|
||||||
|
%Package server
|
||||||
|
Group : System/Network
|
||||||
|
Requires : openssh = %{version}
|
||||||
|
Obsoletes : ssh-server
|
||||||
|
|
||||||
|
Summary : OpenSSH Secure Shell protocol server (sshd).
|
||||||
|
Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd).
|
||||||
|
Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd).
|
||||||
|
Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd).
|
||||||
|
Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd).
|
||||||
|
Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
|
||||||
|
Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd).
|
||||||
|
|
||||||
|
|
||||||
|
%Package askpass
|
||||||
|
Group : System/Network
|
||||||
|
Requires : openssh = %{version}
|
||||||
|
URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/
|
||||||
|
Obsoletes : ssh-extras
|
||||||
|
|
||||||
|
Summary : OpenSSH X11 pass-phrase dialog.
|
||||||
|
Summary(de) : OpenSSH X11 Passwort-Dialog.
|
||||||
|
Summary(es) : Aplicación de petición de frase clave OpenSSH X11.
|
||||||
|
Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH.
|
||||||
|
Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH.
|
||||||
|
Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH.
|
||||||
|
Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH.
|
||||||
|
|
||||||
|
|
||||||
|
%Description
|
||||||
|
OpenSSH (Secure Shell) provides access to a remote system. It replaces
|
||||||
|
telnet, rlogin, rexec, and rsh, and provides secure encrypted
|
||||||
|
communications between two untrusted hosts over an insecure network.
|
||||||
|
X11 connections and arbitrary TCP/IP ports can also be forwarded over
|
||||||
|
the secure channel.
|
||||||
|
|
||||||
|
%Description -l de
|
||||||
|
OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
|
||||||
|
telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte
|
||||||
|
Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres
|
||||||
|
Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso
|
||||||
|
über den sicheren Channel weitergeleitet werden.
|
||||||
|
|
||||||
|
%Description -l es
|
||||||
|
OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
|
||||||
|
telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
|
||||||
|
entre dos equipos entre los que no se ha establecido confianza a través de una
|
||||||
|
red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden
|
||||||
|
ser canalizadas sobre el canal seguro.
|
||||||
|
|
||||||
|
%Description -l fr
|
||||||
|
OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace
|
||||||
|
telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées
|
||||||
|
securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des
|
||||||
|
connexions X11 et des ports TCP/IP arbitraires peuvent également être
|
||||||
|
transmis sur le canal sécurisé.
|
||||||
|
|
||||||
|
%Description -l it
|
||||||
|
OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
|
||||||
|
Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
|
||||||
|
e crittate tra due host non fidati su una rete non sicura. Le connessioni
|
||||||
|
X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
|
||||||
|
un canale sicuro.
|
||||||
|
|
||||||
|
%Description -l pt
|
||||||
|
OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
|
||||||
|
telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas
|
||||||
|
entre duas máquinas sem confiança mútua sobre uma rede insegura.
|
||||||
|
Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados
|
||||||
|
pelo canal seguro.
|
||||||
|
|
||||||
|
%Description -l pt_BR
|
||||||
|
O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
|
||||||
|
telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas
|
||||||
|
entre duas máquinas sem confiança mútua sobre uma rede insegura.
|
||||||
|
Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas
|
||||||
|
pelo canal seguro.
|
||||||
|
|
||||||
|
%Description server
|
||||||
|
This package installs the sshd, the server portion of OpenSSH.
|
||||||
|
|
||||||
|
%Description -l de server
|
||||||
|
Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
|
||||||
|
|
||||||
|
%Description -l es server
|
||||||
|
Este paquete instala sshd, la parte servidor de OpenSSH.
|
||||||
|
|
||||||
|
%Description -l fr server
|
||||||
|
Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
|
||||||
|
|
||||||
|
%Description -l it server
|
||||||
|
Questo pacchetto installa sshd, il server di OpenSSH.
|
||||||
|
|
||||||
|
%Description -l pt server
|
||||||
|
Este pacote intala o sshd, o servidor do OpenSSH.
|
||||||
|
|
||||||
|
%Description -l pt_BR server
|
||||||
|
Este pacote intala o sshd, o servidor do OpenSSH.
|
||||||
|
|
||||||
|
%Description askpass
|
||||||
|
This package contains an X11-based pass-phrase dialog used per
|
||||||
|
default by ssh-add(1). It is based on %{askpass}
|
||||||
|
by Jim Knoble <jmknoble@pobox.com>.
|
||||||
|
|
||||||
|
|
||||||
|
%Prep
|
||||||
|
%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
|
||||||
|
%if ! %{use_stable}
|
||||||
|
autoreconf
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%Build
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS" \
|
||||||
|
%configure \
|
||||||
|
--with-pam \
|
||||||
|
--with-tcp-wrappers \
|
||||||
|
--with-privsep-path=%{_var}/empty/sshd \
|
||||||
|
#leave this line for easy edits.
|
||||||
|
|
||||||
|
%__make CFLAGS="$RPM_OPT_FLAGS"
|
||||||
|
|
||||||
|
cd %{askpass}
|
||||||
|
%configure \
|
||||||
|
#leave this line for easy edits.
|
||||||
|
|
||||||
|
xmkmf
|
||||||
|
%__make includes
|
||||||
|
%__make
|
||||||
|
|
||||||
|
|
||||||
|
%Install
|
||||||
|
[ %{buildroot} != "/" ] && rm -rf %{buildroot}
|
||||||
|
|
||||||
|
make install DESTDIR=%{buildroot}
|
||||||
|
%makeinstall -C %{askpass} \
|
||||||
|
BINDIR=%{_libexecdir} \
|
||||||
|
MANPATH=%{_mandir} \
|
||||||
|
DESTDIR=%{buildroot}
|
||||||
|
|
||||||
|
# OpenLinux specific configuration
|
||||||
|
mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
|
||||||
|
mkdir -p %{buildroot}%{_var}/empty/sshd
|
||||||
|
|
||||||
|
# enabling X11 forwarding on the server is convenient and okay,
|
||||||
|
# on the client side it's a potential security risk!
|
||||||
|
%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
|
||||||
|
%{buildroot}%{_sysconfdir}/sshd_config
|
||||||
|
|
||||||
|
%if %{no_root_login}
|
||||||
|
%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
|
||||||
|
%{buildroot}%{_sysconfdir}/sshd_config
|
||||||
|
%endif
|
||||||
|
|
||||||
|
install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
|
||||||
|
# FIXME: disabled, find out why this doesn't work with nis
|
||||||
|
%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
|
||||||
|
%{buildroot}/etc/pam.d/sshd
|
||||||
|
|
||||||
|
install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
|
||||||
|
|
||||||
|
# the last one is needless, but more future-proof
|
||||||
|
find %{buildroot}%{SVIdir} -type f -exec \
|
||||||
|
%__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
|
||||||
|
s:\@sysconfdir\@:%{_sysconfdir}:g; \
|
||||||
|
s:/usr/sbin:%{_sbindir}:g'\
|
||||||
|
\{\} \;
|
||||||
|
|
||||||
|
cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
|
||||||
|
IDENT=sshd
|
||||||
|
DESCRIPTIVE="OpenSSH secure shell daemon"
|
||||||
|
# This service will be marked as 'skipped' on boot if there
|
||||||
|
# is no host key. Use ssh-host-keygen to generate one
|
||||||
|
ONBOOT="yes"
|
||||||
|
OPTIONS=""
|
||||||
|
EoD
|
||||||
|
|
||||||
|
SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
|
||||||
|
install -m 0755 contrib/caldera/ssh-host-keygen $SKG
|
||||||
|
# Fix up some path names in the keygen toy^Hol
|
||||||
|
%__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
|
||||||
|
s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
|
||||||
|
%{buildroot}%{_sbindir}/ssh-host-keygen
|
||||||
|
|
||||||
|
# This looks terrible. Expect it to change.
|
||||||
|
# install remaining docs
|
||||||
|
DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
|
||||||
|
mkdir -p $DocD/%{askpass}
|
||||||
|
cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD
|
||||||
|
install -p -m 0444 %{SOURCE3} $DocD/faq.html
|
||||||
|
cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
|
||||||
|
%if %{use_stable}
|
||||||
|
cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
|
||||||
|
%else
|
||||||
|
cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
|
||||||
|
ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
|
||||||
|
%endif
|
||||||
|
|
||||||
|
find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
|
||||||
|
rm %{buildroot}%{_mandir}/man1/slogin.1 && \
|
||||||
|
ln -s %{_mandir}/man1/ssh.1.gz \
|
||||||
|
%{buildroot}%{_mandir}/man1/slogin.1.gz
|
||||||
|
|
||||||
|
|
||||||
|
%Clean
|
||||||
|
#%{rmDESTDIR}
|
||||||
|
[ %{buildroot} != "/" ] && rm -rf %{buildroot}
|
||||||
|
|
||||||
|
%Post
|
||||||
|
# Generate host key when none is present to get up and running,
|
||||||
|
# both client and server require this for host-based auth!
|
||||||
|
# ssh-host-keygen checks for existing keys.
|
||||||
|
/usr/sbin/ssh-host-keygen
|
||||||
|
: # to protect the rpm database
|
||||||
|
|
||||||
|
%pre server
|
||||||
|
%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
|
||||||
|
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
|
||||||
|
-c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
|
||||||
|
: # to protect the rpm database
|
||||||
|
|
||||||
|
%Post server
|
||||||
|
if [ -x %{LSBinit}-install ]; then
|
||||||
|
%{LSBinit}-install sshd
|
||||||
|
else
|
||||||
|
lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
|
||||||
|
fi
|
||||||
|
|
||||||
|
! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
|
||||||
|
: # to protect the rpm database
|
||||||
|
|
||||||
|
|
||||||
|
%PreUn server
|
||||||
|
[ "$1" = 0 ] || exit 0
|
||||||
|
|
||||||
|
! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
|
||||||
|
: # to protect the rpm database
|
||||||
|
|
||||||
|
|
||||||
|
%PostUn server
|
||||||
|
if [ -x %{LSBinit}-remove ]; then
|
||||||
|
%{LSBinit}-remove sshd
|
||||||
|
else
|
||||||
|
lisa --SysV-init remove sshd $1
|
||||||
|
fi
|
||||||
|
: # to protect the rpm database
|
||||||
|
|
||||||
|
|
||||||
|
%Files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%dir %{_sysconfdir}
|
||||||
|
%config %{_sysconfdir}/ssh_config
|
||||||
|
%{_bindir}/scp
|
||||||
|
%{_bindir}/sftp
|
||||||
|
%{_bindir}/ssh
|
||||||
|
%{_bindir}/slogin
|
||||||
|
%{_bindir}/ssh-add
|
||||||
|
%attr(2755,root,nobody) %{_bindir}/ssh-agent
|
||||||
|
%{_bindir}/ssh-keygen
|
||||||
|
%{_bindir}/ssh-keyscan
|
||||||
|
%dir %{_libexecdir}
|
||||||
|
%attr(4711,root,root) %{_libexecdir}/ssh-keysign
|
||||||
|
%{_sbindir}/ssh-host-keygen
|
||||||
|
%dir %{_defaultdocdir}/%{name}-%{version}
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/CREDITS
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/ChangeLog
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/LICENCE
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/README*
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/TODO
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/faq.html
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
%{_mandir}/man8/ssh-keysign.8.gz
|
||||||
|
%{_mandir}/man5/ssh_config.5.gz
|
||||||
|
|
||||||
|
%Files server
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%dir %{_var}/empty/sshd
|
||||||
|
%config %{SVIdir}/sshd
|
||||||
|
%config /etc/pam.d/sshd
|
||||||
|
%config %{_sysconfdir}/moduli
|
||||||
|
%config %{_sysconfdir}/sshd_config
|
||||||
|
%config %{SVIcdir}/sshd
|
||||||
|
%{_libexecdir}/sftp-server
|
||||||
|
%{_sbindir}/sshd
|
||||||
|
%{_mandir}/man5/sshd_config.5.gz
|
||||||
|
%{_mandir}/man8/sftp-server.8.gz
|
||||||
|
%{_mandir}/man8/sshd.8.gz
|
||||||
|
|
||||||
|
%Files askpass
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_libexecdir}/ssh-askpass
|
||||||
|
%{_libexecdir}/x11-ssh-askpass
|
||||||
|
%{_defaultdocdir}/%{name}-%{version}/%{askpass}
|
||||||
|
|
||||||
|
|
||||||
|
%ChangeLog
|
||||||
|
* Mon Jan 01 1998 ...
|
||||||
|
Template Version: 1.31
|
||||||
|
|
||||||
|
$Id: openssh.spec,v 1.49 2004/03/21 22:40:04 djm Exp $
|
36
crypto/openssh/contrib/caldera/ssh-host-keygen
Executable file
36
crypto/openssh/contrib/caldera/ssh-host-keygen
Executable file
@ -0,0 +1,36 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $
|
||||||
|
#
|
||||||
|
# This script is normally run only *once* for a given host
|
||||||
|
# (in a given period of time) -- on updates/upgrades/recovery
|
||||||
|
# the ssh_host_key* files _should_ be retained! Otherwise false
|
||||||
|
# "man-in-the-middle-attack" alerts will frighten unsuspecting
|
||||||
|
# clients...
|
||||||
|
|
||||||
|
keydir=@sysconfdir@
|
||||||
|
keygen=@sshkeygen@
|
||||||
|
|
||||||
|
if [ -f $keydir/ssh_host_key -o \
|
||||||
|
-f $keydir/ssh_host_key.pub ]; then
|
||||||
|
echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
|
||||||
|
else
|
||||||
|
echo "Generating 1024 bit SSH1 RSA host key."
|
||||||
|
$keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f $keydir/ssh_host_rsa_key -o \
|
||||||
|
-f $keydir/ssh_host_rsa_key.pub ]; then
|
||||||
|
echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
|
||||||
|
else
|
||||||
|
echo "Generating 1024 bit SSH2 RSA host key."
|
||||||
|
$keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f $keydir/ssh_host_dsa_key -o \
|
||||||
|
-f $keydir/ssh_host_dsa_key.pub ]; then
|
||||||
|
echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
|
||||||
|
else
|
||||||
|
echo "Generating SSH2 DSA host key."
|
||||||
|
$keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
|
||||||
|
fi
|
125
crypto/openssh/contrib/caldera/sshd.init
Executable file
125
crypto/openssh/contrib/caldera/sshd.init
Executable file
@ -0,0 +1,125 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
#
|
||||||
|
# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
|
||||||
|
#
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides:
|
||||||
|
# Required-Start: $network
|
||||||
|
# Required-Stop:
|
||||||
|
# Default-Start: 3 4 5
|
||||||
|
# Default-Stop: 0 1 2 6
|
||||||
|
# Description: sshd
|
||||||
|
# Bring up/down the OpenSSH secure shell daemon.
|
||||||
|
### END INIT INFO
|
||||||
|
#
|
||||||
|
# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
|
||||||
|
# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
|
||||||
|
# Modified for OpenLinux by Raymund Will <ray@caldera.de>
|
||||||
|
|
||||||
|
NAME=sshd
|
||||||
|
DAEMON=/usr/sbin/$NAME
|
||||||
|
# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem
|
||||||
|
# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
|
||||||
|
# PR [linux/8278] for details...
|
||||||
|
PIDF=/var/run/$NAME.pid
|
||||||
|
NAME=$DAEMON
|
||||||
|
|
||||||
|
_status() {
|
||||||
|
[ -z "$1" ] || local pidf="$1"
|
||||||
|
local ret=-1
|
||||||
|
local pid
|
||||||
|
if [ -n "$pidf" ] && [ -r "$pidf" ]; then
|
||||||
|
pid=$(head -1 $pidf)
|
||||||
|
else
|
||||||
|
pid=$(pidof $NAME)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e $SVIlock ]; then
|
||||||
|
# no lock-file => not started == stopped?
|
||||||
|
ret=3
|
||||||
|
elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
|
||||||
|
# pid-file given but not present or no pid => died, but was not stopped
|
||||||
|
ret=2
|
||||||
|
elif [ -r /proc/$pid/cmdline ] &&
|
||||||
|
echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
|
||||||
|
# pid-file given and present or pid found => check process...
|
||||||
|
# but don't compare exe, as this will fail after an update!
|
||||||
|
# compares OK => all's well, that ends well...
|
||||||
|
ret=0
|
||||||
|
else
|
||||||
|
# no such process or exe does not match => stale pid-file or process died
|
||||||
|
# just recently...
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
return $ret
|
||||||
|
}
|
||||||
|
|
||||||
|
# Source function library (and set vital variables).
|
||||||
|
. @SVIdir@/functions
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
[ ! -e $SVIlock ] || exit 0
|
||||||
|
[ -x $DAEMON ] || exit 5
|
||||||
|
SVIemptyConfig @sysconfdir@/sshd_config && exit 6
|
||||||
|
|
||||||
|
if [ ! \( -f @sysconfdir@/ssh_host_key -a \
|
||||||
|
-f @sysconfdir@/ssh_host_key.pub \) -a \
|
||||||
|
! \( -f @sysconfdir@/ssh_host_rsa_key -a \
|
||||||
|
-f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
|
||||||
|
! \( -f @sysconfdir@/ssh_host_dsa_key -a \
|
||||||
|
-f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
|
||||||
|
|
||||||
|
echo "$SVIsubsys: host key not initialized: skipped!"
|
||||||
|
echo "$SVIsubsys: use ssh-host-keygen to generate one!"
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n "Starting $SVIsubsys services: "
|
||||||
|
ssd -S -x $DAEMON -n $NAME -- $OPTIONS
|
||||||
|
ret=$?
|
||||||
|
|
||||||
|
echo "."
|
||||||
|
touch $SVIlock
|
||||||
|
;;
|
||||||
|
|
||||||
|
stop)
|
||||||
|
[ -e $SVIlock ] || exit 0
|
||||||
|
|
||||||
|
echo -n "Stopping $SVIsubsys services: "
|
||||||
|
ssd -K -p $PIDF -n $NAME
|
||||||
|
ret=$?
|
||||||
|
|
||||||
|
echo "."
|
||||||
|
rm -f $SVIlock
|
||||||
|
;;
|
||||||
|
|
||||||
|
force-reload|reload)
|
||||||
|
[ -e $SVIlock ] || exit 0
|
||||||
|
|
||||||
|
echo "Reloading $SVIsubsys configuration files: "
|
||||||
|
ssd -K --signal 1 -q -p $PIDF -n $NAME
|
||||||
|
ret=$?
|
||||||
|
echo "done."
|
||||||
|
;;
|
||||||
|
|
||||||
|
restart)
|
||||||
|
$0 stop
|
||||||
|
$0 start
|
||||||
|
ret=$?
|
||||||
|
;;
|
||||||
|
|
||||||
|
status)
|
||||||
|
_status $PIDF
|
||||||
|
ret=$?
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
|
||||||
|
ret=2
|
||||||
|
;;
|
||||||
|
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit $ret
|
||||||
|
|
8
crypto/openssh/contrib/caldera/sshd.pam
Normal file
8
crypto/openssh/contrib/caldera/sshd.pam
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth required /lib/security/pam_pwdb.so shadow nodelay
|
||||||
|
auth required /lib/security/pam_nologin.so
|
||||||
|
account required /lib/security/pam_pwdb.so
|
||||||
|
password required /lib/security/pam_cracklib.so
|
||||||
|
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
|
||||||
|
session required /lib/security/pam_pwdb.so
|
||||||
|
session required /lib/security/pam_limits.so
|
56
crypto/openssh/contrib/cygwin/Makefile
Normal file
56
crypto/openssh/contrib/cygwin/Makefile
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
srcdir=../..
|
||||||
|
prefix=/usr
|
||||||
|
exec_prefix=$(prefix)
|
||||||
|
bindir=$(prefix)/bin
|
||||||
|
datadir=$(prefix)/share
|
||||||
|
docdir=$(datadir)/doc
|
||||||
|
sshdocdir=$(docdir)/openssh
|
||||||
|
cygdocdir=$(docdir)/Cygwin
|
||||||
|
sysconfdir=/etc
|
||||||
|
defaultsdir=$(sysconfdir)/defaults/etc
|
||||||
|
PRIVSEP_PATH=/var/empty
|
||||||
|
INSTALL=/usr/bin/install -c
|
||||||
|
|
||||||
|
DESTDIR=
|
||||||
|
|
||||||
|
all:
|
||||||
|
@echo
|
||||||
|
@echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
|
||||||
|
@echo "Be sure having DESTDIR set correctly!"
|
||||||
|
@echo
|
||||||
|
|
||||||
|
move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
|
||||||
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
|
||||||
|
mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
|
||||||
|
mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
|
||||||
|
|
||||||
|
remove-empty-dir:
|
||||||
|
rm -rf $(DESTDIR)$(PRIVSEP_PATH)
|
||||||
|
|
||||||
|
install-sshdoc:
|
||||||
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
|
||||||
|
$(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
|
||||||
|
|
||||||
|
install-cygwindoc: README
|
||||||
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
|
||||||
|
$(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
|
||||||
|
|
||||||
|
install-doc: install-sshdoc install-cygwindoc
|
||||||
|
|
||||||
|
install-scripts: ssh-host-config ssh-user-config
|
||||||
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
|
||||||
|
$(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
|
||||||
|
$(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
|
||||||
|
|
||||||
|
cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
|
||||||
|
@echo "Cygwin specific configuration finished."
|
224
crypto/openssh/contrib/cygwin/README
Normal file
224
crypto/openssh/contrib/cygwin/README
Normal file
@ -0,0 +1,224 @@
|
|||||||
|
This package describes important Cygwin specific stuff concerning OpenSSH.
|
||||||
|
|
||||||
|
The binary package is usually built for recent Cygwin versions and might
|
||||||
|
not run on older versions. Please check http://cygwin.com/ for information
|
||||||
|
about current Cygwin releases.
|
||||||
|
|
||||||
|
Build instructions are at the end of the file.
|
||||||
|
|
||||||
|
===========================================================================
|
||||||
|
Important change since 3.7.1p2-2:
|
||||||
|
|
||||||
|
The ssh-host-config file doesn't create the /etc/ssh_config and
|
||||||
|
/etc/sshd_config files from builtin here-scripts anymore, but it uses
|
||||||
|
skeleton files installed in /etc/defaults/etc.
|
||||||
|
|
||||||
|
Also it now tries hard to create appropriate permissions on files.
|
||||||
|
Same applies for ssh-user-config.
|
||||||
|
|
||||||
|
After creating the sshd service with ssh-host-config, it's advisable to
|
||||||
|
call ssh-user-config for all affected users, also already exising user
|
||||||
|
configurations. In the latter case, file and directory permissions are
|
||||||
|
checked and changed, if requireed to match the host configuration.
|
||||||
|
|
||||||
|
Important note for Windows 2003 Server users:
|
||||||
|
---------------------------------------------
|
||||||
|
|
||||||
|
2003 Server has a funny new feature. When starting services under SYSTEM
|
||||||
|
account, these services have nearly all user rights which SYSTEM holds...
|
||||||
|
except for the "Create a token object" right, which is needed to allow
|
||||||
|
public key authentication :-(
|
||||||
|
|
||||||
|
There's no way around this, except for creating a substitute account which
|
||||||
|
has the appropriate privileges. Basically, this account should be member
|
||||||
|
of the administrators group, plus it should have the following user rights:
|
||||||
|
|
||||||
|
Create a token object
|
||||||
|
Logon as a service
|
||||||
|
Replace a process level token
|
||||||
|
Increase Quota
|
||||||
|
|
||||||
|
The ssh-host-config script asks you, if it should create such an account,
|
||||||
|
called "sshd_server". If you say "no" here, you're on your own. Please
|
||||||
|
follow the instruction in ssh-host-config exactly if possible. Note that
|
||||||
|
ssh-user-config sets the permissions on 2003 Server machines dependent of
|
||||||
|
whether a sshd_server account exists or not.
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
===========================================================================
|
||||||
|
Important change since 3.4p1-2:
|
||||||
|
|
||||||
|
This version adds privilege separation as default setting, see
|
||||||
|
/usr/doc/openssh/README.privsep. According to that document the
|
||||||
|
privsep feature requires a non-privileged account called 'sshd'.
|
||||||
|
|
||||||
|
The new ssh-host-config file which is part of this version asks
|
||||||
|
to create 'sshd' as local user if you want to use privilege
|
||||||
|
separation. If you confirm, it creates that NT user and adds
|
||||||
|
the necessary entry to /etc/passwd.
|
||||||
|
|
||||||
|
On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
|
||||||
|
since that feature doesn't make any sense on a system which doesn't
|
||||||
|
differ between privileged and unprivileged users.
|
||||||
|
|
||||||
|
The new ssh-host-config script also adds the /var/empty directory
|
||||||
|
needed by privilege separation. When creating the /var/empty directory
|
||||||
|
by yourself, please note that in contrast to the README.privsep document
|
||||||
|
the owner sshould not be "root" but the user which is running sshd. So,
|
||||||
|
in the standard configuration this is SYSTEM. The ssh-host-config script
|
||||||
|
chowns /var/empty accordingly.
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
===========================================================================
|
||||||
|
Important change since 3.0.1p1-2:
|
||||||
|
|
||||||
|
This version introduces the ability to register sshd as service on
|
||||||
|
Windows 9x/Me systems. This is done only when the options -D and/or
|
||||||
|
-d are not given.
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
===========================================================================
|
||||||
|
Important change since 2.9p2:
|
||||||
|
|
||||||
|
Since Cygwin is able to switch user context without password beginning
|
||||||
|
with version 1.3.2, OpenSSH now allows to do so when it's running under
|
||||||
|
a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
|
||||||
|
allow that feature.
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
===========================================================================
|
||||||
|
Important change since 2.3.0p1:
|
||||||
|
|
||||||
|
When using `ntea' or `ntsec' you now have to care for the ownership
|
||||||
|
and permission bits of your host key files and your private key files.
|
||||||
|
The host key files have to be owned by the NT account which starts
|
||||||
|
sshd. The user key files have to be owned by the user. The permission
|
||||||
|
bits of the private key files (host and user) have to be at least
|
||||||
|
rw------- (0600)!
|
||||||
|
|
||||||
|
Note that this is forced under `ntsec' only if the files are on a NTFS
|
||||||
|
filesystem (which is recommended) due to the lack of any basic security
|
||||||
|
features of the FAT/FAT32 filesystems.
|
||||||
|
===========================================================================
|
||||||
|
|
||||||
|
If you are installing OpenSSH the first time, you can generate global config
|
||||||
|
files and server keys by running
|
||||||
|
|
||||||
|
/usr/bin/ssh-host-config
|
||||||
|
|
||||||
|
Note that this binary archive doesn't contain default config files in /etc.
|
||||||
|
That files are only created if ssh-host-config is started.
|
||||||
|
|
||||||
|
If you are updating your installation you may run the above ssh-host-config
|
||||||
|
as well to move your configuration files to the new location and to
|
||||||
|
erase the files at the old location.
|
||||||
|
|
||||||
|
To support testing and unattended installation ssh-host-config got
|
||||||
|
some options:
|
||||||
|
|
||||||
|
usage: ssh-host-config [OPTION]...
|
||||||
|
Options:
|
||||||
|
--debug -d Enable shell's debug output.
|
||||||
|
--yes -y Answer all questions with "yes" automatically.
|
||||||
|
--no -n Answer all questions with "no" automatically.
|
||||||
|
--cygwin -c <options> Use "options" as value for CYGWIN environment var.
|
||||||
|
--port -p <n> sshd listens on port n.
|
||||||
|
--pwd -w <passwd> Use "pwd" as password for user 'sshd_server'.
|
||||||
|
|
||||||
|
Additionally ssh-host-config now asks if it should install sshd as a
|
||||||
|
service when running under NT/W2K. This requires cygrunsrv installed.
|
||||||
|
|
||||||
|
You can create the private and public keys for a user now by running
|
||||||
|
|
||||||
|
/usr/bin/ssh-user-config
|
||||||
|
|
||||||
|
under the users account.
|
||||||
|
|
||||||
|
To support testing and unattended installation ssh-user-config got
|
||||||
|
some options as well:
|
||||||
|
|
||||||
|
usage: ssh-user-config [OPTION]...
|
||||||
|
Options:
|
||||||
|
--debug -d Enable shell's debug output.
|
||||||
|
--yes -y Answer all questions with "yes" automatically.
|
||||||
|
--no -n Answer all questions with "no" automatically.
|
||||||
|
--passphrase -p word Use "word" as passphrase automatically.
|
||||||
|
|
||||||
|
Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
|
||||||
|
(results in very slow deamon startup!) or from the command line (recommended
|
||||||
|
on 9X/ME).
|
||||||
|
|
||||||
|
If you start sshd as deamon via cygrunsrv.exe you MUST give the
|
||||||
|
"-D" option to sshd. Otherwise the service can't get started at all.
|
||||||
|
|
||||||
|
If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
|
||||||
|
following line to your inetd.conf file:
|
||||||
|
|
||||||
|
ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i
|
||||||
|
|
||||||
|
Moreover you'll have to add the following line to your
|
||||||
|
${SYSTEMROOT}/system32/drivers/etc/services file:
|
||||||
|
|
||||||
|
ssh 22/tcp #SSH daemon
|
||||||
|
|
||||||
|
Please note that OpenSSH does never use the value of $HOME to
|
||||||
|
search for the users configuration files! It always uses the
|
||||||
|
value of the pw_dir field in /etc/passwd as the home directory.
|
||||||
|
If no home diretory is set in /etc/passwd, the root directory
|
||||||
|
is used instead!
|
||||||
|
|
||||||
|
You may use all features of the CYGWIN=ntsec setting the same
|
||||||
|
way as they are used by Cygwin's login(1) port:
|
||||||
|
|
||||||
|
The pw_gecos field may contain an additional field, that begins
|
||||||
|
with (upper case!) "U-", followed by the domain and the username
|
||||||
|
separated by a backslash.
|
||||||
|
CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
|
||||||
|
BTW: The field separator in pw_gecos is the comma.
|
||||||
|
The username in pw_name itself may be any nice name:
|
||||||
|
|
||||||
|
domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
|
||||||
|
|
||||||
|
Now you may use `domuser' as your login name with telnet!
|
||||||
|
This is possible additionally for local users, if you don't like
|
||||||
|
your NT login name ;-) You only have to leave out the domain:
|
||||||
|
|
||||||
|
locuser::1104:513:John Doe,U-user,S-1-5-21-...
|
||||||
|
|
||||||
|
Note that the CYGWIN=ntsec setting is required for public key authentication.
|
||||||
|
|
||||||
|
SSH2 server and user keys are generated by the `ssh-*-config' scripts
|
||||||
|
as well.
|
||||||
|
|
||||||
|
If you want to build from source, the following options to
|
||||||
|
configure are used for the Cygwin binary distribution:
|
||||||
|
|
||||||
|
--prefix=/usr \
|
||||||
|
--sysconfdir=/etc \
|
||||||
|
--libexecdir='$(sbindir)' \
|
||||||
|
--localstatedir=/var \
|
||||||
|
--datadir='$(prefix)/share' \
|
||||||
|
--mandir='$(datadir)/man' \
|
||||||
|
--with-tcp-wrappers
|
||||||
|
|
||||||
|
If you want to create a Cygwin package, equivalent to the one
|
||||||
|
in the Cygwin binary distribution, install like this:
|
||||||
|
|
||||||
|
mkdir /tmp/cygwin-ssh
|
||||||
|
cd $(builddir)
|
||||||
|
make install DESTDIR=/tmp/cygwin-ssh
|
||||||
|
cd $(srcdir)/contrib/cygwin
|
||||||
|
make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh
|
||||||
|
cd /tmp/cygwin-ssh
|
||||||
|
find * \! -type d | tar cvjfT my-openssh.tar.bz2 -
|
||||||
|
|
||||||
|
You must have installed the zlib and openssl-devel packages to be able to
|
||||||
|
build OpenSSH!
|
||||||
|
|
||||||
|
Please send requests, error reports etc. to cygwin@cygwin.com.
|
||||||
|
|
||||||
|
Have fun,
|
||||||
|
|
||||||
|
Corinna Vinschen
|
||||||
|
Cygwin Developer
|
||||||
|
Red Hat Inc.
|
592
crypto/openssh/contrib/cygwin/ssh-host-config
Normal file
592
crypto/openssh/contrib/cygwin/ssh-host-config
Normal file
@ -0,0 +1,592 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc.
|
||||||
|
#
|
||||||
|
# This file is part of the Cygwin port of OpenSSH.
|
||||||
|
|
||||||
|
# Subdirectory where the new package is being installed
|
||||||
|
PREFIX=/usr
|
||||||
|
|
||||||
|
# Directory where the config files are stored
|
||||||
|
SYSCONFDIR=/etc
|
||||||
|
LOCALSTATEDIR=/var
|
||||||
|
|
||||||
|
progname=$0
|
||||||
|
auto_answer=""
|
||||||
|
port_number=22
|
||||||
|
|
||||||
|
privsep_configured=no
|
||||||
|
privsep_used=yes
|
||||||
|
sshd_in_passwd=no
|
||||||
|
sshd_in_sam=no
|
||||||
|
|
||||||
|
request()
|
||||||
|
{
|
||||||
|
if [ "${auto_answer}" = "yes" ]
|
||||||
|
then
|
||||||
|
echo "$1 (yes/no) yes"
|
||||||
|
return 0
|
||||||
|
elif [ "${auto_answer}" = "no" ]
|
||||||
|
then
|
||||||
|
echo "$1 (yes/no) no"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
answer=""
|
||||||
|
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
|
||||||
|
do
|
||||||
|
echo -n "$1 (yes/no) "
|
||||||
|
read -e answer
|
||||||
|
done
|
||||||
|
if [ "X${answer}" = "Xyes" ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check options
|
||||||
|
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
case $# in
|
||||||
|
0)
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
option=$1
|
||||||
|
shift
|
||||||
|
|
||||||
|
case "${option}" in
|
||||||
|
-d | --debug )
|
||||||
|
set -x
|
||||||
|
;;
|
||||||
|
|
||||||
|
-y | --yes )
|
||||||
|
auto_answer=yes
|
||||||
|
;;
|
||||||
|
|
||||||
|
-n | --no )
|
||||||
|
auto_answer=no
|
||||||
|
;;
|
||||||
|
|
||||||
|
-c | --cygwin )
|
||||||
|
cygwin_value="$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
|
||||||
|
-p | --port )
|
||||||
|
port_number=$1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
|
||||||
|
-w | --pwd )
|
||||||
|
password_value="$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "usage: ${progname} [OPTION]..."
|
||||||
|
echo
|
||||||
|
echo "This script creates an OpenSSH host configuration."
|
||||||
|
echo
|
||||||
|
echo "Options:"
|
||||||
|
echo " --debug -d Enable shell's debug output."
|
||||||
|
echo " --yes -y Answer all questions with \"yes\" automatically."
|
||||||
|
echo " --no -n Answer all questions with \"no\" automatically."
|
||||||
|
echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
|
||||||
|
echo " --port -p <n> sshd listens on port n."
|
||||||
|
echo " --pwd -w <passwd> Use \"pwd\" as password for user 'sshd_server'."
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Check if running on NT
|
||||||
|
_sys="`uname`"
|
||||||
|
_nt=`expr "${_sys}" : "CYGWIN_NT"`
|
||||||
|
# If running on NT, check if running under 2003 Server or later
|
||||||
|
if [ ${_nt} -gt 0 ]
|
||||||
|
then
|
||||||
|
_nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for running ssh/sshd processes first. Refuse to do anything while
|
||||||
|
# some ssh processes are still running
|
||||||
|
|
||||||
|
if ps -ef | grep -v grep | grep -q ssh
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "There are still ssh processes running. Please shut them down first."
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for ${SYSCONFDIR} directory
|
||||||
|
|
||||||
|
if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "${SYSCONFDIR} is existant but not a directory."
|
||||||
|
echo "Cannot create global configuration files."
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create it if necessary
|
||||||
|
|
||||||
|
if [ ! -e "${SYSCONFDIR}" ]
|
||||||
|
then
|
||||||
|
mkdir "${SYSCONFDIR}"
|
||||||
|
if [ ! -e "${SYSCONFDIR}" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "Creating ${SYSCONFDIR} directory failed"
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create /var/log and /var/log/lastlog if not already existing
|
||||||
|
|
||||||
|
if [ -f ${LOCALSTATEDIR}/log ]
|
||||||
|
then
|
||||||
|
echo "Creating ${LOCALSTATEDIR}/log failed!"
|
||||||
|
else
|
||||||
|
if [ ! -d ${LOCALSTATEDIR}/log ]
|
||||||
|
then
|
||||||
|
mkdir -p ${LOCALSTATEDIR}/log
|
||||||
|
fi
|
||||||
|
if [ -d ${LOCALSTATEDIR}/log/lastlog ]
|
||||||
|
then
|
||||||
|
chmod 777 ${LOCALSTATEDIR}/log/lastlog
|
||||||
|
elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ]
|
||||||
|
then
|
||||||
|
cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
|
||||||
|
chmod 666 ${LOCALSTATEDIR}/log/lastlog
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create /var/empty file used as chroot jail for privilege separation
|
||||||
|
if [ -f ${LOCALSTATEDIR}/empty ]
|
||||||
|
then
|
||||||
|
echo "Creating ${LOCALSTATEDIR}/empty failed!"
|
||||||
|
else
|
||||||
|
mkdir -p ${LOCALSTATEDIR}/empty
|
||||||
|
if [ ${_nt} -gt 0 ]
|
||||||
|
then
|
||||||
|
chmod 755 ${LOCALSTATEDIR}/empty
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# First generate host keys if not already existing
|
||||||
|
|
||||||
|
if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
|
||||||
|
then
|
||||||
|
echo "Generating ${SYSCONFDIR}/ssh_host_key"
|
||||||
|
ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
|
||||||
|
then
|
||||||
|
echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
|
||||||
|
ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
|
||||||
|
then
|
||||||
|
echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
|
||||||
|
ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if ssh_config exists. If yes, ask for overwriting
|
||||||
|
|
||||||
|
if [ -f "${SYSCONFDIR}/ssh_config" ]
|
||||||
|
then
|
||||||
|
if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
|
||||||
|
then
|
||||||
|
rm -f "${SYSCONFDIR}/ssh_config"
|
||||||
|
if [ -f "${SYSCONFDIR}/ssh_config" ]
|
||||||
|
then
|
||||||
|
echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create default ssh_config from skeleton file in /etc/defaults/etc
|
||||||
|
|
||||||
|
if [ ! -f "${SYSCONFDIR}/ssh_config" ]
|
||||||
|
then
|
||||||
|
echo "Generating ${SYSCONFDIR}/ssh_config file"
|
||||||
|
cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config
|
||||||
|
if [ "${port_number}" != "22" ]
|
||||||
|
then
|
||||||
|
echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
|
||||||
|
echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if sshd_config exists. If yes, ask for overwriting
|
||||||
|
|
||||||
|
if [ -f "${SYSCONFDIR}/sshd_config" ]
|
||||||
|
then
|
||||||
|
if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
|
||||||
|
then
|
||||||
|
rm -f "${SYSCONFDIR}/sshd_config"
|
||||||
|
if [ -f "${SYSCONFDIR}/sshd_config" ]
|
||||||
|
then
|
||||||
|
echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Prior to creating or modifying sshd_config, care for privilege separation
|
||||||
|
|
||||||
|
if [ "${privsep_configured}" != "yes" ]
|
||||||
|
then
|
||||||
|
if [ ${_nt} -gt 0 ]
|
||||||
|
then
|
||||||
|
echo "Privilege separation is set to yes by default since OpenSSH 3.3."
|
||||||
|
echo "However, this requires a non-privileged account called 'sshd'."
|
||||||
|
echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
|
||||||
|
echo
|
||||||
|
if request "Should privilege separation be used?"
|
||||||
|
then
|
||||||
|
privsep_used=yes
|
||||||
|
grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
|
||||||
|
net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
|
||||||
|
if [ "${sshd_in_passwd}" != "yes" ]
|
||||||
|
then
|
||||||
|
if [ "${sshd_in_sam}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo "Warning: The following function requires administrator privileges!"
|
||||||
|
if request "Should this script create a local user 'sshd' on this machine?"
|
||||||
|
then
|
||||||
|
dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
|
||||||
|
net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
|
||||||
|
if [ "${sshd_in_sam}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo "Warning: Creating the user 'sshd' failed!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "${sshd_in_sam}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
|
||||||
|
echo " Privilege separation set to 'no' again!"
|
||||||
|
echo " Check your ${SYSCONFDIR}/sshd_config file!"
|
||||||
|
privsep_used=no
|
||||||
|
else
|
||||||
|
mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
privsep_used=no
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# On 9x don't use privilege separation. Since security isn't
|
||||||
|
# available it just adds useless additional processes.
|
||||||
|
privsep_used=no
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create default sshd_config from skeleton files in /etc/defaults/etc or
|
||||||
|
# modify to add the missing privsep configuration option
|
||||||
|
|
||||||
|
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
|
||||||
|
then
|
||||||
|
echo "Generating ${SYSCONFDIR}/sshd_config file"
|
||||||
|
sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
|
||||||
|
s/^#Port 22/Port ${port_number}/
|
||||||
|
s/^#StrictModes yes/StrictModes no/" \
|
||||||
|
< ${SYSCONFDIR}/defaults/etc/sshd_config \
|
||||||
|
> ${SYSCONFDIR}/sshd_config
|
||||||
|
elif [ "${privsep_configured}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo >> ${SYSCONFDIR}/sshd_config
|
||||||
|
echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Care for services file
|
||||||
|
_my_etcdir="/ssh-host-config.$$"
|
||||||
|
if [ ${_nt} -gt 0 ]
|
||||||
|
then
|
||||||
|
_win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
|
||||||
|
_services="${_my_etcdir}/services"
|
||||||
|
# On NT, 27 spaces, no space after the hash
|
||||||
|
_spaces=" #"
|
||||||
|
else
|
||||||
|
_win_etcdir="${WINDIR}"
|
||||||
|
_services="${_my_etcdir}/SERVICES"
|
||||||
|
# On 9x, 18 spaces (95 is very touchy), a space after the hash
|
||||||
|
_spaces=" # "
|
||||||
|
fi
|
||||||
|
_serv_tmp="${_my_etcdir}/srv.out.$$"
|
||||||
|
|
||||||
|
mount -t -f "${_win_etcdir}" "${_my_etcdir}"
|
||||||
|
|
||||||
|
# Depends on the above mount
|
||||||
|
_wservices=`cygpath -w "${_services}"`
|
||||||
|
|
||||||
|
# Remove sshd 22/port from services
|
||||||
|
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
|
||||||
|
then
|
||||||
|
grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
|
||||||
|
if [ -f "${_serv_tmp}" ]
|
||||||
|
then
|
||||||
|
if mv "${_serv_tmp}" "${_services}"
|
||||||
|
then
|
||||||
|
echo "Removing sshd from ${_wservices}"
|
||||||
|
else
|
||||||
|
echo "Removing sshd from ${_wservices} failed!"
|
||||||
|
fi
|
||||||
|
rm -f "${_serv_tmp}"
|
||||||
|
else
|
||||||
|
echo "Removing sshd from ${_wservices} failed!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add ssh 22/tcp and ssh 22/udp to services
|
||||||
|
if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
|
||||||
|
then
|
||||||
|
if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
|
||||||
|
then
|
||||||
|
if mv "${_serv_tmp}" "${_services}"
|
||||||
|
then
|
||||||
|
echo "Added ssh to ${_wservices}"
|
||||||
|
else
|
||||||
|
echo "Adding ssh to ${_wservices} failed!"
|
||||||
|
fi
|
||||||
|
rm -f "${_serv_tmp}"
|
||||||
|
else
|
||||||
|
echo "WARNING: Adding ssh to ${_wservices} failed!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
umount "${_my_etcdir}"
|
||||||
|
|
||||||
|
# Care for inetd.conf file
|
||||||
|
_inetcnf="${SYSCONFDIR}/inetd.conf"
|
||||||
|
_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
|
||||||
|
|
||||||
|
if [ -f "${_inetcnf}" ]
|
||||||
|
then
|
||||||
|
# Check if ssh service is already in use as sshd
|
||||||
|
with_comment=1
|
||||||
|
grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
|
||||||
|
# Remove sshd line from inetd.conf
|
||||||
|
if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
|
||||||
|
then
|
||||||
|
grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
|
||||||
|
if [ -f "${_inetcnf_tmp}" ]
|
||||||
|
then
|
||||||
|
if mv "${_inetcnf_tmp}" "${_inetcnf}"
|
||||||
|
then
|
||||||
|
echo "Removed sshd from ${_inetcnf}"
|
||||||
|
else
|
||||||
|
echo "Removing sshd from ${_inetcnf} failed!"
|
||||||
|
fi
|
||||||
|
rm -f "${_inetcnf_tmp}"
|
||||||
|
else
|
||||||
|
echo "Removing sshd from ${_inetcnf} failed!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add ssh line to inetd.conf
|
||||||
|
if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
|
||||||
|
then
|
||||||
|
if [ "${with_comment}" -eq 0 ]
|
||||||
|
then
|
||||||
|
echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
|
||||||
|
else
|
||||||
|
echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
|
||||||
|
fi
|
||||||
|
echo "Added ssh to ${_inetcnf}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# On NT ask if sshd should be installed as service
|
||||||
|
if [ ${_nt} -gt 0 ]
|
||||||
|
then
|
||||||
|
# But only if it is not already installed
|
||||||
|
if ! cygrunsrv -Q sshd > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo
|
||||||
|
echo "Warning: The following functions require administrator privileges!"
|
||||||
|
echo
|
||||||
|
echo "Do you want to install sshd as service?"
|
||||||
|
if request "(Say \"no\" if it's already installed as service)"
|
||||||
|
then
|
||||||
|
if [ $_nt2003 -gt 0 ]
|
||||||
|
then
|
||||||
|
grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes
|
||||||
|
if [ "${sshd_server_in_passwd}" = "yes" ]
|
||||||
|
then
|
||||||
|
# Drop sshd_server from passwd since it could have wrong settings
|
||||||
|
grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$
|
||||||
|
rm -f ${SYSCONFDIR}/passwd
|
||||||
|
mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd
|
||||||
|
chmod g-w,o-w ${SYSCONFDIR}/passwd
|
||||||
|
fi
|
||||||
|
net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes
|
||||||
|
if [ "${sshd_server_in_sam}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "You appear to be running Windows 2003 Server or later. On 2003 and"
|
||||||
|
echo "later systems, it's not possible to use the LocalSystem account"
|
||||||
|
echo "if sshd should allow passwordless logon (e. g. public key authentication)."
|
||||||
|
echo "If you want to enable that functionality, it's required to create a new"
|
||||||
|
echo "account 'sshd_server' with special privileges, which is then used to run"
|
||||||
|
echo "the sshd service under."
|
||||||
|
echo
|
||||||
|
echo "Should this script create a new local account 'sshd_server' which has"
|
||||||
|
if request "the required privileges?"
|
||||||
|
then
|
||||||
|
_admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group`
|
||||||
|
if [ -z "${_admingroup}" ]
|
||||||
|
then
|
||||||
|
echo "There's no group with SID S-1-5-32-544 (Local administrators group) in"
|
||||||
|
echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'"
|
||||||
|
echo "and restart this script."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
|
||||||
|
while [ "${sshd_server_in_sam}" != "yes" ]
|
||||||
|
do
|
||||||
|
if [ -n "${password_value}" ]
|
||||||
|
then
|
||||||
|
_password="${password_value}"
|
||||||
|
# Allow to ask for password if first try fails
|
||||||
|
password_value=""
|
||||||
|
else
|
||||||
|
echo
|
||||||
|
echo "Please enter a password for new user 'sshd_server'. Please be sure that"
|
||||||
|
echo "this password matches the password rules given on your system."
|
||||||
|
echo -n "Entering no password will exit the configuration. PASSWORD="
|
||||||
|
read -e _password
|
||||||
|
if [ -z "${_password}" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "Exiting configuration. No user sshd_server has been created,"
|
||||||
|
echo "no sshd service installed."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes
|
||||||
|
if [ "${sshd_server_in_sam}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo "Creating the user 'sshd_server' failed! Reason:"
|
||||||
|
cat /tmp/nu.$$
|
||||||
|
rm /tmp/nu.$$
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes
|
||||||
|
if [ "${sshd_server_in_admingroup}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!"
|
||||||
|
echo "Please add sshd_server to local group ${_admingroup} before"
|
||||||
|
echo "starting the sshd service!"
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'`
|
||||||
|
if [ "${passwd_has_expiry_flags}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "WARNING: User sshd_server has password expiry set to system default."
|
||||||
|
echo "Please check that password never expires or set it to your needs."
|
||||||
|
elif ! passwd -e sshd_server
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "WARNING: Setting password expiry for user sshd_server failed!"
|
||||||
|
echo "Please check that password never expires or set it to your needs."
|
||||||
|
fi
|
||||||
|
editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
|
||||||
|
editrights -a SeCreateTokenPrivilege -u sshd_server &&
|
||||||
|
editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
|
||||||
|
editrights -a SeDenyNetworkLogonRight -u sshd_server &&
|
||||||
|
editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
|
||||||
|
editrights -a SeIncreaseQuotaPrivilege -u sshd_server &&
|
||||||
|
editrights -a SeServiceLogonRight -u sshd_server &&
|
||||||
|
sshd_server_got_all_rights="yes"
|
||||||
|
if [ "${sshd_server_got_all_rights}" != "yes" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "Assigning the appropriate privileges to user 'sshd_server' failed!"
|
||||||
|
echo "Can't create sshd service!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
echo "User 'sshd_server' has been created with password '${_password}'."
|
||||||
|
echo "If you change the password, please keep in mind to change the password"
|
||||||
|
echo "for the sshd service, too."
|
||||||
|
echo
|
||||||
|
echo "Also keep in mind that the user sshd_server needs read permissions on all"
|
||||||
|
echo "users' .ssh/authorized_keys file to allow public key authentication for"
|
||||||
|
echo "these users!. (Re-)running ssh-user-config for each user will set the"
|
||||||
|
echo "required permissions correctly."
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "${sshd_server_in_sam}" = "yes" ]
|
||||||
|
then
|
||||||
|
mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ -n "${cygwin_value}" ]
|
||||||
|
then
|
||||||
|
_cygwin="${cygwin_value}"
|
||||||
|
else
|
||||||
|
echo
|
||||||
|
echo "Which value should the environment variable CYGWIN have when"
|
||||||
|
echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
|
||||||
|
echo "able to change user context without password."
|
||||||
|
echo -n "Default is \"ntsec\". CYGWIN="
|
||||||
|
read -e _cygwin
|
||||||
|
fi
|
||||||
|
[ -z "${_cygwin}" ] && _cygwin="ntsec"
|
||||||
|
if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
|
||||||
|
then
|
||||||
|
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}"
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "The service has been installed under sshd_server account."
|
||||||
|
echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "The service has been installed under LocalSystem account."
|
||||||
|
echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Now check if sshd has been successfully installed. This allows to
|
||||||
|
# set the ownership of the affected files correctly.
|
||||||
|
if cygrunsrv -Q sshd > /dev/null 2>&1
|
||||||
|
then
|
||||||
|
if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
|
||||||
|
then
|
||||||
|
_user="sshd_server"
|
||||||
|
else
|
||||||
|
_user="system"
|
||||||
|
fi
|
||||||
|
chown "${_user}" ${SYSCONFDIR}/ssh*
|
||||||
|
chown "${_user}".544 ${LOCALSTATEDIR}/empty
|
||||||
|
if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
|
||||||
|
then
|
||||||
|
chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "Host configuration finished. Have fun!"
|
250
crypto/openssh/contrib/cygwin/ssh-user-config
Normal file
250
crypto/openssh/contrib/cygwin/ssh-user-config
Normal file
@ -0,0 +1,250 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
|
||||||
|
#
|
||||||
|
# This file is part of the Cygwin port of OpenSSH.
|
||||||
|
|
||||||
|
# Directory where the config files are stored
|
||||||
|
SYSCONFDIR=/etc
|
||||||
|
|
||||||
|
progname=$0
|
||||||
|
auto_answer=""
|
||||||
|
auto_passphrase="no"
|
||||||
|
passphrase=""
|
||||||
|
|
||||||
|
request()
|
||||||
|
{
|
||||||
|
if [ "${auto_answer}" = "yes" ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
elif [ "${auto_answer}" = "no" ]
|
||||||
|
then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
answer=""
|
||||||
|
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
|
||||||
|
do
|
||||||
|
echo -n "$1 (yes/no) "
|
||||||
|
read answer
|
||||||
|
done
|
||||||
|
if [ "X${answer}" = "Xyes" ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check if running on NT
|
||||||
|
_sys="`uname -a`"
|
||||||
|
_nt=`expr "$_sys" : "CYGWIN_NT"`
|
||||||
|
# If running on NT, check if running under 2003 Server or later
|
||||||
|
if [ $_nt -gt 0 ]
|
||||||
|
then
|
||||||
|
_nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check options
|
||||||
|
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
case $# in
|
||||||
|
0)
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
option=$1
|
||||||
|
shift
|
||||||
|
|
||||||
|
case "$option" in
|
||||||
|
-d | --debug )
|
||||||
|
set -x
|
||||||
|
;;
|
||||||
|
|
||||||
|
-y | --yes )
|
||||||
|
auto_answer=yes
|
||||||
|
;;
|
||||||
|
|
||||||
|
-n | --no )
|
||||||
|
auto_answer=no
|
||||||
|
;;
|
||||||
|
|
||||||
|
-p | --passphrase )
|
||||||
|
with_passphrase="yes"
|
||||||
|
passphrase=$1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "usage: ${progname} [OPTION]..."
|
||||||
|
echo
|
||||||
|
echo "This script creates an OpenSSH user configuration."
|
||||||
|
echo
|
||||||
|
echo "Options:"
|
||||||
|
echo " --debug -d Enable shell's debug output."
|
||||||
|
echo " --yes -y Answer all questions with \"yes\" automatically."
|
||||||
|
echo " --no -n Answer all questions with \"no\" automatically."
|
||||||
|
echo " --passphrase -p word Use \"word\" as passphrase automatically."
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Ask user if user identity should be generated
|
||||||
|
|
||||||
|
if [ ! -f ${SYSCONFDIR}/passwd ]
|
||||||
|
then
|
||||||
|
echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
|
||||||
|
echo 'first using mkpasswd. Check if it contains an entry for you and'
|
||||||
|
echo 'please care for the home directory in your entry as well.'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
uid=`id -u`
|
||||||
|
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
|
||||||
|
|
||||||
|
if [ "X${pwdhome}" = "X" ]
|
||||||
|
then
|
||||||
|
echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
|
||||||
|
echo 'Setting $HOME is not sufficient!'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d "${pwdhome}" ]
|
||||||
|
then
|
||||||
|
echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
|
||||||
|
echo 'but it is not a valid directory. Cannot create user identity files.'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If home is the root dir, set home to empty string to avoid error messages
|
||||||
|
# in subsequent parts of that script.
|
||||||
|
if [ "X${pwdhome}" = "X/" ]
|
||||||
|
then
|
||||||
|
# But first raise a warning!
|
||||||
|
echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
|
||||||
|
if request "Would you like to proceed anyway?"
|
||||||
|
then
|
||||||
|
pwdhome=''
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo 'WARNING: group and other have been revoked write permission to your home'
|
||||||
|
echo " directory ${pwdhome}."
|
||||||
|
echo ' This is required by OpenSSH to allow public key authentication using'
|
||||||
|
echo ' the key files stored in your .ssh subdirectory.'
|
||||||
|
echo ' Revert this change ONLY if you know what you are doing!'
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
|
||||||
|
then
|
||||||
|
echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e "${pwdhome}/.ssh" ]
|
||||||
|
then
|
||||||
|
mkdir "${pwdhome}/.ssh"
|
||||||
|
if [ ! -e "${pwdhome}/.ssh" ]
|
||||||
|
then
|
||||||
|
echo "Creating users ${pwdhome}/.ssh directory failed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $_nt -gt 0 ]
|
||||||
|
then
|
||||||
|
_user="system"
|
||||||
|
if [ $_nt2003 -gt 0 ]
|
||||||
|
then
|
||||||
|
grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
|
||||||
|
fi
|
||||||
|
if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
|
||||||
|
then
|
||||||
|
echo "${pwdhome}/.ssh couldn't be given the correct permissions."
|
||||||
|
echo "Please try to solve this problem first."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "${pwdhome}/.ssh/identity" ]
|
||||||
|
then
|
||||||
|
if request "Shall I create an SSH1 RSA identity file for you?"
|
||||||
|
then
|
||||||
|
echo "Generating ${pwdhome}/.ssh/identity"
|
||||||
|
if [ "${with_passphrase}" = "yes" ]
|
||||||
|
then
|
||||||
|
ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
|
||||||
|
else
|
||||||
|
ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
|
||||||
|
fi
|
||||||
|
if request "Do you want to use this identity to login to this machine?"
|
||||||
|
then
|
||||||
|
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
||||||
|
cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
|
||||||
|
then
|
||||||
|
if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
|
||||||
|
then
|
||||||
|
echo "Generating ${pwdhome}/.ssh/id_rsa"
|
||||||
|
if [ "${with_passphrase}" = "yes" ]
|
||||||
|
then
|
||||||
|
ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
|
||||||
|
else
|
||||||
|
ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
|
||||||
|
fi
|
||||||
|
if request "Do you want to use this identity to login to this machine?"
|
||||||
|
then
|
||||||
|
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
||||||
|
cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
|
||||||
|
then
|
||||||
|
if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
|
||||||
|
then
|
||||||
|
echo "Generating ${pwdhome}/.ssh/id_dsa"
|
||||||
|
if [ "${with_passphrase}" = "yes" ]
|
||||||
|
then
|
||||||
|
ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
|
||||||
|
else
|
||||||
|
ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
|
||||||
|
fi
|
||||||
|
if request "Do you want to use this identity to login to this machine?"
|
||||||
|
then
|
||||||
|
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
|
||||||
|
cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
|
||||||
|
then
|
||||||
|
if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
|
||||||
|
then
|
||||||
|
echo
|
||||||
|
echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
|
||||||
|
echo "failed. Please care for the correct permissions. The minimum requirement"
|
||||||
|
echo "is, the owner and ${_user} both need read permissions."
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "Configuration finished. Have fun!"
|
159
crypto/openssh/contrib/findssl.sh
Normal file
159
crypto/openssh/contrib/findssl.sh
Normal file
@ -0,0 +1,159 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# findssl.sh
|
||||||
|
# Search for all instances of OpenSSL headers and libraries
|
||||||
|
# and print their versions.
|
||||||
|
# Intended to help diagnose OpenSSH's "OpenSSL headers do not
|
||||||
|
# match your library" errors.
|
||||||
|
#
|
||||||
|
# Written by Darren Tucker (dtucker at zip dot com dot au)
|
||||||
|
# This file is placed in the public domain.
|
||||||
|
#
|
||||||
|
# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $
|
||||||
|
# 2002-07-27: Initial release.
|
||||||
|
# 2002-08-04: Added public domain notice.
|
||||||
|
# 2003-06-24: Incorporated readme, set library paths. First cvs version.
|
||||||
|
#
|
||||||
|
# "OpenSSL headers do not match your library" are usually caused by
|
||||||
|
# OpenSSH's configure picking up an older version of OpenSSL headers
|
||||||
|
# or libraries. You can use the following # procedure to help identify
|
||||||
|
# the cause.
|
||||||
|
#
|
||||||
|
# The output of configure will tell you the versions of the OpenSSL
|
||||||
|
# headers and libraries that were picked up, for example:
|
||||||
|
#
|
||||||
|
# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
|
||||||
|
# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
|
||||||
|
# checking whether OpenSSL's headers match the library... no
|
||||||
|
# configure: error: Your OpenSSL headers do not match your library
|
||||||
|
#
|
||||||
|
# Now run findssl.sh. This should identify the headers and libraries
|
||||||
|
# present and their versions. You should be able to identify the
|
||||||
|
# libraries and headers used and adjust your CFLAGS or remove incorrect
|
||||||
|
# versions. The output will show OpenSSL's internal version identifier
|
||||||
|
# and should look something like:
|
||||||
|
|
||||||
|
# $ ./findssl.sh
|
||||||
|
# Searching for OpenSSL header files.
|
||||||
|
# 0x0090604fL /usr/include/openssl/opensslv.h
|
||||||
|
# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
|
||||||
|
#
|
||||||
|
# Searching for OpenSSL shared library files.
|
||||||
|
# 0x0090602fL /lib/libcrypto.so.0.9.6b
|
||||||
|
# 0x0090602fL /lib/libcrypto.so.2
|
||||||
|
# 0x0090581fL /usr/lib/libcrypto.so.0
|
||||||
|
# 0x0090602fL /usr/lib/libcrypto.so
|
||||||
|
# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
|
||||||
|
# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
|
||||||
|
# 0x0090600fL /usr/lib/libcrypto.so.1
|
||||||
|
#
|
||||||
|
# Searching for OpenSSL static library files.
|
||||||
|
# 0x0090602fL /usr/lib/libcrypto.a
|
||||||
|
# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
|
||||||
|
#
|
||||||
|
# In this example, I gave configure no extra flags, so it's picking up
|
||||||
|
# the OpenSSL header from /usr/include/openssl (90604f) and the library
|
||||||
|
# from /usr/lib/ (90602f).
|
||||||
|
|
||||||
|
#
|
||||||
|
# Adjust these to suit your compiler.
|
||||||
|
# You may also need to set the *LIB*PATH environment variables if
|
||||||
|
# DEFAULT_LIBPATH is not correct for your system.
|
||||||
|
#
|
||||||
|
CC=gcc
|
||||||
|
STATIC=-static
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set up conftest C source
|
||||||
|
#
|
||||||
|
rm -f findssl.log
|
||||||
|
cat >conftest.c <<EOD
|
||||||
|
#include <stdio.h>
|
||||||
|
int main(){printf("0x%08xL\n", SSLeay());}
|
||||||
|
EOD
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set default library paths if not already set
|
||||||
|
#
|
||||||
|
DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
|
||||||
|
LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
|
||||||
|
LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
|
||||||
|
LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
|
||||||
|
export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
|
||||||
|
|
||||||
|
#
|
||||||
|
# Search for OpenSSL headers and print versions
|
||||||
|
#
|
||||||
|
echo Searching for OpenSSL header files.
|
||||||
|
if [ -x "`which locate`" ]
|
||||||
|
then
|
||||||
|
headers=`locate opensslv.h`
|
||||||
|
else
|
||||||
|
headers=`find / -name opensslv.h -print 2>/dev/null`
|
||||||
|
fi
|
||||||
|
|
||||||
|
for header in $headers
|
||||||
|
do
|
||||||
|
ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
|
||||||
|
echo "$ver $header"
|
||||||
|
done
|
||||||
|
echo
|
||||||
|
|
||||||
|
#
|
||||||
|
# Search for shared libraries.
|
||||||
|
# Relies on shared libraries looking like "libcrypto.s*"
|
||||||
|
#
|
||||||
|
echo Searching for OpenSSL shared library files.
|
||||||
|
if [ -x "`which locate`" ]
|
||||||
|
then
|
||||||
|
libraries=`locate libcrypto.s`
|
||||||
|
else
|
||||||
|
libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
|
||||||
|
fi
|
||||||
|
|
||||||
|
for lib in $libraries
|
||||||
|
do
|
||||||
|
(echo "Trying libcrypto $lib" >>findssl.log
|
||||||
|
dir=`dirname $lib`
|
||||||
|
LIBPATH="$dir:$LIBPATH"
|
||||||
|
LD_LIBRARY_PATH="$dir:$LIBPATH"
|
||||||
|
LIBRARY_PATH="$dir:$LIBPATH"
|
||||||
|
export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
|
||||||
|
${CC} -o conftest conftest.c $lib 2>>findssl.log
|
||||||
|
if [ -x ./conftest ]
|
||||||
|
then
|
||||||
|
ver=`./conftest 2>/dev/null`
|
||||||
|
rm -f ./conftest
|
||||||
|
echo "$ver $lib"
|
||||||
|
fi)
|
||||||
|
done
|
||||||
|
echo
|
||||||
|
|
||||||
|
#
|
||||||
|
# Search for static OpenSSL libraries and print versions
|
||||||
|
#
|
||||||
|
echo Searching for OpenSSL static library files.
|
||||||
|
if [ -x "`which locate`" ]
|
||||||
|
then
|
||||||
|
libraries=`locate libcrypto.a`
|
||||||
|
else
|
||||||
|
libraries=`find / -name libcrypto.a -print 2>/dev/null`
|
||||||
|
fi
|
||||||
|
|
||||||
|
for lib in $libraries
|
||||||
|
do
|
||||||
|
libdir=`dirname $lib`
|
||||||
|
echo "Trying libcrypto $lib" >>findssl.log
|
||||||
|
${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
|
||||||
|
if [ -x ./conftest ]
|
||||||
|
then
|
||||||
|
ver=`./conftest 2>/dev/null`
|
||||||
|
rm -f ./conftest
|
||||||
|
echo "$ver $lib"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#
|
||||||
|
# Clean up
|
||||||
|
#
|
||||||
|
rm -f conftest.c
|
171
crypto/openssh/contrib/gnome-ssh-askpass1.c
Normal file
171
crypto/openssh/contrib/gnome-ssh-askpass1.c
Normal file
@ -0,0 +1,171 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2000-2002 Damien Miller. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||||
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This is a simple GNOME SSH passphrase grabber. To use it, set the
|
||||||
|
* environment variable SSH_ASKPASS to point to the location of
|
||||||
|
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
|
||||||
|
*
|
||||||
|
* There is only two run-time options: if you set the environment variable
|
||||||
|
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
|
||||||
|
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
|
||||||
|
* pointer will be grabbed too. These may have some benefit to security if
|
||||||
|
* you don't trust your X server. We grab the keyboard always.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Compile with:
|
||||||
|
*
|
||||||
|
* cc `gnome-config --cflags gnome gnomeui` \
|
||||||
|
* gnome-ssh-askpass1.c -o gnome-ssh-askpass \
|
||||||
|
* `gnome-config --libs gnome gnomeui`
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <gnome.h>
|
||||||
|
#include <X11/Xlib.h>
|
||||||
|
#include <gdk/gdkx.h>
|
||||||
|
|
||||||
|
void
|
||||||
|
report_failed_grab (void)
|
||||||
|
{
|
||||||
|
GtkWidget *err;
|
||||||
|
|
||||||
|
err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
|
||||||
|
"A malicious client may be eavesdropping on your session.",
|
||||||
|
GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
|
||||||
|
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
|
||||||
|
gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
|
||||||
|
|
||||||
|
gnome_dialog_run_and_close(GNOME_DIALOG(err));
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
passphrase_dialog(char *message)
|
||||||
|
{
|
||||||
|
char *passphrase;
|
||||||
|
char **messages;
|
||||||
|
int result, i, grab_server, grab_pointer;
|
||||||
|
GtkWidget *dialog, *entry, *label;
|
||||||
|
|
||||||
|
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||||
|
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||||
|
|
||||||
|
dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
|
||||||
|
GNOME_STOCK_BUTTON_CANCEL, NULL);
|
||||||
|
|
||||||
|
messages = g_strsplit(message, "\\n", 0);
|
||||||
|
if (messages)
|
||||||
|
for(i = 0; messages[i]; i++) {
|
||||||
|
label = gtk_label_new(messages[i]);
|
||||||
|
gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
|
||||||
|
label, FALSE, FALSE, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
entry = gtk_entry_new();
|
||||||
|
gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
|
||||||
|
FALSE, 0);
|
||||||
|
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||||
|
gtk_widget_grab_focus(entry);
|
||||||
|
|
||||||
|
/* Center window and prepare for grab */
|
||||||
|
gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
|
||||||
|
gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
|
||||||
|
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||||
|
gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
|
||||||
|
gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
|
||||||
|
gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
|
||||||
|
GNOME_PAD);
|
||||||
|
gtk_widget_show_all(dialog);
|
||||||
|
|
||||||
|
/* Grab focus */
|
||||||
|
if (grab_server)
|
||||||
|
XGrabServer(GDK_DISPLAY());
|
||||||
|
if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
|
||||||
|
NULL, NULL, GDK_CURRENT_TIME))
|
||||||
|
goto nograb;
|
||||||
|
if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
|
||||||
|
goto nograbkb;
|
||||||
|
|
||||||
|
/* Make <enter> close dialog */
|
||||||
|
gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
|
||||||
|
|
||||||
|
/* Run dialog */
|
||||||
|
result = gnome_dialog_run(GNOME_DIALOG(dialog));
|
||||||
|
|
||||||
|
/* Ungrab */
|
||||||
|
if (grab_server)
|
||||||
|
XUngrabServer(GDK_DISPLAY());
|
||||||
|
if (grab_pointer)
|
||||||
|
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||||
|
gdk_keyboard_ungrab(GDK_CURRENT_TIME);
|
||||||
|
gdk_flush();
|
||||||
|
|
||||||
|
/* Report passphrase if user selected OK */
|
||||||
|
passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
|
||||||
|
if (result == 0)
|
||||||
|
puts(passphrase);
|
||||||
|
|
||||||
|
/* Zero passphrase in memory */
|
||||||
|
memset(passphrase, '\0', strlen(passphrase));
|
||||||
|
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||||
|
|
||||||
|
gnome_dialog_close(GNOME_DIALOG(dialog));
|
||||||
|
return (result == 0 ? 0 : -1);
|
||||||
|
|
||||||
|
/* At least one grab failed - ungrab what we got, and report
|
||||||
|
the failure to the user. Note that XGrabServer() cannot
|
||||||
|
fail. */
|
||||||
|
nograbkb:
|
||||||
|
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||||
|
nograb:
|
||||||
|
if (grab_server)
|
||||||
|
XUngrabServer(GDK_DISPLAY());
|
||||||
|
gnome_dialog_close(GNOME_DIALOG(dialog));
|
||||||
|
|
||||||
|
report_failed_grab();
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main(int argc, char **argv)
|
||||||
|
{
|
||||||
|
char *message;
|
||||||
|
int result;
|
||||||
|
|
||||||
|
gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
|
||||||
|
|
||||||
|
if (argc == 2)
|
||||||
|
message = argv[1];
|
||||||
|
else
|
||||||
|
message = "Enter your OpenSSH passphrase:";
|
||||||
|
|
||||||
|
setvbuf(stdout, 0, _IONBF, 0);
|
||||||
|
result = passphrase_dialog(message);
|
||||||
|
|
||||||
|
return (result);
|
||||||
|
}
|
220
crypto/openssh/contrib/gnome-ssh-askpass2.c
Normal file
220
crypto/openssh/contrib/gnome-ssh-askpass2.c
Normal file
@ -0,0 +1,220 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2000-2002 Damien Miller. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||||
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||||
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This is a simple GNOME SSH passphrase grabber. To use it, set the
|
||||||
|
* environment variable SSH_ASKPASS to point to the location of
|
||||||
|
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
|
||||||
|
*
|
||||||
|
* There is only two run-time options: if you set the environment variable
|
||||||
|
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
|
||||||
|
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
|
||||||
|
* pointer will be grabbed too. These may have some benefit to security if
|
||||||
|
* you don't trust your X server. We grab the keyboard always.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#define GRAB_TRIES 16
|
||||||
|
#define GRAB_WAIT 250 /* milliseconds */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Compile with:
|
||||||
|
*
|
||||||
|
* cc -Wall `pkg-config --cflags gtk+-2.0` \
|
||||||
|
* gnome-ssh-askpass2.c -o gnome-ssh-askpass \
|
||||||
|
* `pkg-config --libs gtk+-2.0`
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <X11/Xlib.h>
|
||||||
|
#include <gtk/gtk.h>
|
||||||
|
#include <gdk/gdkx.h>
|
||||||
|
|
||||||
|
static void
|
||||||
|
report_failed_grab (const char *what)
|
||||||
|
{
|
||||||
|
GtkWidget *err;
|
||||||
|
|
||||||
|
err = gtk_message_dialog_new(NULL, 0,
|
||||||
|
GTK_MESSAGE_ERROR,
|
||||||
|
GTK_BUTTONS_CLOSE,
|
||||||
|
"Could not grab %s. "
|
||||||
|
"A malicious client may be eavesdropping "
|
||||||
|
"on your session.", what);
|
||||||
|
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
|
||||||
|
gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
|
||||||
|
TRUE);
|
||||||
|
|
||||||
|
gtk_dialog_run(GTK_DIALOG(err));
|
||||||
|
|
||||||
|
gtk_widget_destroy(err);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
ok_dialog(GtkWidget *entry, gpointer dialog)
|
||||||
|
{
|
||||||
|
g_return_if_fail(GTK_IS_DIALOG(dialog));
|
||||||
|
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
passphrase_dialog(char *message)
|
||||||
|
{
|
||||||
|
const char *failed;
|
||||||
|
char *passphrase, *local;
|
||||||
|
int result, grab_tries, grab_server, grab_pointer;
|
||||||
|
GtkWidget *dialog, *entry;
|
||||||
|
GdkGrabStatus status;
|
||||||
|
|
||||||
|
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||||
|
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||||
|
grab_tries = 0;
|
||||||
|
|
||||||
|
dialog = gtk_message_dialog_new(NULL, 0,
|
||||||
|
GTK_MESSAGE_QUESTION,
|
||||||
|
GTK_BUTTONS_OK_CANCEL,
|
||||||
|
"%s",
|
||||||
|
message);
|
||||||
|
|
||||||
|
entry = gtk_entry_new();
|
||||||
|
gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
|
||||||
|
FALSE, 0);
|
||||||
|
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||||
|
gtk_widget_grab_focus(entry);
|
||||||
|
gtk_widget_show(entry);
|
||||||
|
|
||||||
|
gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
|
||||||
|
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||||
|
gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
|
||||||
|
TRUE);
|
||||||
|
|
||||||
|
/* Make <enter> close dialog */
|
||||||
|
gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||||
|
g_signal_connect(G_OBJECT(entry), "activate",
|
||||||
|
G_CALLBACK(ok_dialog), dialog);
|
||||||
|
|
||||||
|
/* Grab focus */
|
||||||
|
gtk_widget_show_now(dialog);
|
||||||
|
if (grab_pointer) {
|
||||||
|
for(;;) {
|
||||||
|
status = gdk_pointer_grab(
|
||||||
|
(GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
|
||||||
|
NULL, GDK_CURRENT_TIME);
|
||||||
|
if (status == GDK_GRAB_SUCCESS)
|
||||||
|
break;
|
||||||
|
usleep(GRAB_WAIT * 1000);
|
||||||
|
if (++grab_tries > GRAB_TRIES) {
|
||||||
|
failed = "mouse";
|
||||||
|
goto nograb;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for(;;) {
|
||||||
|
status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
|
||||||
|
FALSE, GDK_CURRENT_TIME);
|
||||||
|
if (status == GDK_GRAB_SUCCESS)
|
||||||
|
break;
|
||||||
|
usleep(GRAB_WAIT * 1000);
|
||||||
|
if (++grab_tries > GRAB_TRIES) {
|
||||||
|
failed = "keyboard";
|
||||||
|
goto nograbkb;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (grab_server) {
|
||||||
|
gdk_x11_grab_server();
|
||||||
|
}
|
||||||
|
|
||||||
|
result = gtk_dialog_run(GTK_DIALOG(dialog));
|
||||||
|
|
||||||
|
/* Ungrab */
|
||||||
|
if (grab_server)
|
||||||
|
XUngrabServer(GDK_DISPLAY());
|
||||||
|
if (grab_pointer)
|
||||||
|
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||||
|
gdk_keyboard_ungrab(GDK_CURRENT_TIME);
|
||||||
|
gdk_flush();
|
||||||
|
|
||||||
|
/* Report passphrase if user selected OK */
|
||||||
|
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||||
|
if (result == GTK_RESPONSE_OK) {
|
||||||
|
local = g_locale_from_utf8(passphrase, strlen(passphrase),
|
||||||
|
NULL, NULL, NULL);
|
||||||
|
if (local != NULL) {
|
||||||
|
puts(local);
|
||||||
|
memset(local, '\0', strlen(local));
|
||||||
|
g_free(local);
|
||||||
|
} else {
|
||||||
|
puts(passphrase);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Zero passphrase in memory */
|
||||||
|
memset(passphrase, '\b', strlen(passphrase));
|
||||||
|
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||||
|
memset(passphrase, '\0', strlen(passphrase));
|
||||||
|
g_free(passphrase);
|
||||||
|
|
||||||
|
gtk_widget_destroy(dialog);
|
||||||
|
return (result == GTK_RESPONSE_OK ? 0 : -1);
|
||||||
|
|
||||||
|
/* At least one grab failed - ungrab what we got, and report
|
||||||
|
the failure to the user. Note that XGrabServer() cannot
|
||||||
|
fail. */
|
||||||
|
nograbkb:
|
||||||
|
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||||
|
nograb:
|
||||||
|
if (grab_server)
|
||||||
|
XUngrabServer(GDK_DISPLAY());
|
||||||
|
gtk_widget_destroy(dialog);
|
||||||
|
|
||||||
|
report_failed_grab(failed);
|
||||||
|
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main(int argc, char **argv)
|
||||||
|
{
|
||||||
|
char *message;
|
||||||
|
int result;
|
||||||
|
|
||||||
|
gtk_init(&argc, &argv);
|
||||||
|
|
||||||
|
if (argc > 1) {
|
||||||
|
message = g_strjoinv(" ", argv + 1);
|
||||||
|
} else {
|
||||||
|
message = g_strdup("Enter your OpenSSH passphrase:");
|
||||||
|
}
|
||||||
|
|
||||||
|
setvbuf(stdout, 0, _IONBF, 0);
|
||||||
|
result = passphrase_dialog(message);
|
||||||
|
g_free(message);
|
||||||
|
|
||||||
|
return (result);
|
||||||
|
}
|
45
crypto/openssh/contrib/hpux/README
Normal file
45
crypto/openssh/contrib/hpux/README
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
README for OpenSSH HP-UX contrib files
|
||||||
|
Kevin Steves <stevesk@pobox.com>
|
||||||
|
|
||||||
|
sshd: configuration file for sshd.rc
|
||||||
|
sshd.rc: SSH startup script
|
||||||
|
egd: configuration file for egd.rc
|
||||||
|
egd.rc: EGD (entropy gathering daemon) startup script
|
||||||
|
|
||||||
|
To install:
|
||||||
|
|
||||||
|
sshd.rc:
|
||||||
|
|
||||||
|
o Verify paths in sshd.rc match your local installation
|
||||||
|
(WHAT_PATH and WHAT_PID)
|
||||||
|
o Customize sshd if needed (SSHD_ARGS)
|
||||||
|
o Install:
|
||||||
|
|
||||||
|
# cp sshd /etc/rc.config.d
|
||||||
|
# chmod 444 /etc/rc.config.d/sshd
|
||||||
|
# cp sshd.rc /sbin/init.d
|
||||||
|
# chmod 555 /sbin/init.d/sshd.rc
|
||||||
|
# ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd
|
||||||
|
# ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd
|
||||||
|
|
||||||
|
egd.rc:
|
||||||
|
|
||||||
|
o Verify egd.pl path in egd.rc matches your local installation
|
||||||
|
(WHAT_PATH)
|
||||||
|
o Customize egd if needed (EGD_ARGS and EGD_LOG)
|
||||||
|
o Add pseudo account:
|
||||||
|
|
||||||
|
# groupadd egd
|
||||||
|
# useradd -g egd egd
|
||||||
|
# mkdir -p /etc/opt/egd
|
||||||
|
# chown egd:egd /etc/opt/egd
|
||||||
|
# chmod 711 /etc/opt/egd
|
||||||
|
|
||||||
|
o Install:
|
||||||
|
|
||||||
|
# cp egd /etc/rc.config.d
|
||||||
|
# chmod 444 /etc/rc.config.d/egd
|
||||||
|
# cp egd.rc /sbin/init.d
|
||||||
|
# chmod 555 /sbin/init.d/egd.rc
|
||||||
|
# ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd
|
||||||
|
# ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd
|
15
crypto/openssh/contrib/hpux/egd
Normal file
15
crypto/openssh/contrib/hpux/egd
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# EGD_START: Set to 1 to start entropy gathering daemon
|
||||||
|
# EGD_ARGS: Command line arguments to pass to egd
|
||||||
|
# EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log)
|
||||||
|
#
|
||||||
|
# To configure the egd environment:
|
||||||
|
|
||||||
|
# groupadd egd
|
||||||
|
# useradd -g egd egd
|
||||||
|
# mkdir -p /etc/opt/egd
|
||||||
|
# chown egd:egd /etc/opt/egd
|
||||||
|
# chmod 711 /etc/opt/egd
|
||||||
|
|
||||||
|
EGD_START=1
|
||||||
|
EGD_ARGS='/etc/opt/egd/entropy'
|
||||||
|
EGD_LOG=
|
98
crypto/openssh/contrib/hpux/egd.rc
Executable file
98
crypto/openssh/contrib/hpux/egd.rc
Executable file
@ -0,0 +1,98 @@
|
|||||||
|
#!/sbin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# egd.rc: EGD start-up and shutdown script
|
||||||
|
#
|
||||||
|
|
||||||
|
# Allowed exit values:
|
||||||
|
# 0 = success; causes "OK" to show up in checklist.
|
||||||
|
# 1 = failure; causes "FAIL" to show up in checklist.
|
||||||
|
# 2 = skip; causes "N/A" to show up in the checklist.
|
||||||
|
# Use this value if execution of this script is overridden
|
||||||
|
# by the use of a control variable, or if this script is not
|
||||||
|
# appropriate to execute for some other reason.
|
||||||
|
# 3 = reboot; causes the system to be rebooted after execution.
|
||||||
|
|
||||||
|
# Input and output:
|
||||||
|
# stdin is redirected from /dev/null
|
||||||
|
#
|
||||||
|
# stdout and stderr are redirected to the /etc/rc.log file
|
||||||
|
# during checklist mode, or to the console in raw mode.
|
||||||
|
|
||||||
|
umask 022
|
||||||
|
|
||||||
|
PATH=/usr/sbin:/usr/bin:/sbin
|
||||||
|
export PATH
|
||||||
|
|
||||||
|
WHAT='EGD (entropy gathering daemon)'
|
||||||
|
WHAT_PATH=/opt/perl/bin/egd.pl
|
||||||
|
WHAT_CONFIG=/etc/rc.config.d/egd
|
||||||
|
WHAT_LOG=/etc/opt/egd/egd.log
|
||||||
|
|
||||||
|
# NOTE: If your script executes in run state 0 or state 1, then /usr might
|
||||||
|
# not be available. Do not attempt to access commands or files in
|
||||||
|
# /usr unless your script executes in run state 2 or greater. Other
|
||||||
|
# file systems typically not mounted until run state 2 include /var
|
||||||
|
# and /opt.
|
||||||
|
|
||||||
|
rval=0
|
||||||
|
|
||||||
|
# Check the exit value of a command run by this script. If non-zero, the
|
||||||
|
# exit code is echoed to the log file and the return value of this script
|
||||||
|
# is set to indicate failure.
|
||||||
|
|
||||||
|
set_return() {
|
||||||
|
x=$?
|
||||||
|
if [ $x -ne 0 ]; then
|
||||||
|
echo "EXIT CODE: $x"
|
||||||
|
rval=1 # script FAILed
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
'start_msg')
|
||||||
|
echo "Starting $WHAT"
|
||||||
|
;;
|
||||||
|
|
||||||
|
'stop_msg')
|
||||||
|
echo "Stopping $WHAT"
|
||||||
|
;;
|
||||||
|
|
||||||
|
'start')
|
||||||
|
if [ -f $WHAT_CONFIG ] ; then
|
||||||
|
. $WHAT_CONFIG
|
||||||
|
else
|
||||||
|
echo "ERROR: $WHAT_CONFIG defaults file MISSING"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then
|
||||||
|
EGD_LOG=${EGD_LOG:-$WHAT_LOG}
|
||||||
|
su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" &&
|
||||||
|
echo $WHAT started
|
||||||
|
set_return
|
||||||
|
else
|
||||||
|
rval=2
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
'stop')
|
||||||
|
pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'`
|
||||||
|
if [ "X$pid" != "X" ]; then
|
||||||
|
if kill "$pid"; then
|
||||||
|
echo "$WHAT stopped"
|
||||||
|
else
|
||||||
|
rval=1
|
||||||
|
echo "Unable to stop $WHAT"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
set_return
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "usage: $0 {start|stop|start_msg|stop_msg}"
|
||||||
|
rval=1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit $rval
|
5
crypto/openssh/contrib/hpux/sshd
Normal file
5
crypto/openssh/contrib/hpux/sshd
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# SSHD_START: Set to 1 to start SSH daemon
|
||||||
|
# SSHD_ARGS: Command line arguments to pass to sshd
|
||||||
|
#
|
||||||
|
SSHD_START=1
|
||||||
|
SSHD_ARGS=
|
90
crypto/openssh/contrib/hpux/sshd.rc
Executable file
90
crypto/openssh/contrib/hpux/sshd.rc
Executable file
@ -0,0 +1,90 @@
|
|||||||
|
#!/sbin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# sshd.rc: SSH daemon start-up and shutdown script
|
||||||
|
#
|
||||||
|
|
||||||
|
# Allowed exit values:
|
||||||
|
# 0 = success; causes "OK" to show up in checklist.
|
||||||
|
# 1 = failure; causes "FAIL" to show up in checklist.
|
||||||
|
# 2 = skip; causes "N/A" to show up in the checklist.
|
||||||
|
# Use this value if execution of this script is overridden
|
||||||
|
# by the use of a control variable, or if this script is not
|
||||||
|
# appropriate to execute for some other reason.
|
||||||
|
# 3 = reboot; causes the system to be rebooted after execution.
|
||||||
|
|
||||||
|
# Input and output:
|
||||||
|
# stdin is redirected from /dev/null
|
||||||
|
#
|
||||||
|
# stdout and stderr are redirected to the /etc/rc.log file
|
||||||
|
# during checklist mode, or to the console in raw mode.
|
||||||
|
|
||||||
|
PATH=/usr/sbin:/usr/bin:/sbin
|
||||||
|
export PATH
|
||||||
|
|
||||||
|
WHAT='OpenSSH'
|
||||||
|
WHAT_PATH=/opt/openssh/sbin/sshd
|
||||||
|
WHAT_PID=/var/run/sshd.pid
|
||||||
|
WHAT_CONFIG=/etc/rc.config.d/sshd
|
||||||
|
|
||||||
|
# NOTE: If your script executes in run state 0 or state 1, then /usr might
|
||||||
|
# not be available. Do not attempt to access commands or files in
|
||||||
|
# /usr unless your script executes in run state 2 or greater. Other
|
||||||
|
# file systems typically not mounted until run state 2 include /var
|
||||||
|
# and /opt.
|
||||||
|
|
||||||
|
rval=0
|
||||||
|
|
||||||
|
# Check the exit value of a command run by this script. If non-zero, the
|
||||||
|
# exit code is echoed to the log file and the return value of this script
|
||||||
|
# is set to indicate failure.
|
||||||
|
|
||||||
|
set_return() {
|
||||||
|
x=$?
|
||||||
|
if [ $x -ne 0 ]; then
|
||||||
|
echo "EXIT CODE: $x"
|
||||||
|
rval=1 # script FAILed
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
'start_msg')
|
||||||
|
echo "Starting $WHAT"
|
||||||
|
;;
|
||||||
|
|
||||||
|
'stop_msg')
|
||||||
|
echo "Stopping $WHAT"
|
||||||
|
;;
|
||||||
|
|
||||||
|
'start')
|
||||||
|
if [ -f $WHAT_CONFIG ] ; then
|
||||||
|
. $WHAT_CONFIG
|
||||||
|
else
|
||||||
|
echo "ERROR: $WHAT_CONFIG defaults file MISSING"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then
|
||||||
|
$WHAT_PATH $SSHD_ARGS && echo "$WHAT started"
|
||||||
|
set_return
|
||||||
|
else
|
||||||
|
rval=2
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
'stop')
|
||||||
|
if kill `cat $WHAT_PID`; then
|
||||||
|
echo "$WHAT stopped"
|
||||||
|
else
|
||||||
|
rval=1
|
||||||
|
echo "Unable to stop $WHAT"
|
||||||
|
fi
|
||||||
|
set_return
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "usage: $0 {start|stop|start_msg|stop_msg}"
|
||||||
|
rval=1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit $rval
|
1
crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh
Normal file
1
crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh
Normal file
@ -0,0 +1 @@
|
|||||||
|
setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass
|
2
crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh
Normal file
2
crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
|
||||||
|
export SSH_ASKPASS
|
804
crypto/openssh/contrib/redhat/openssh.spec
Normal file
804
crypto/openssh/contrib/redhat/openssh.spec
Normal file
@ -0,0 +1,804 @@
|
|||||||
|
%define ver 3.8.1p1
|
||||||
|
%define rel 1
|
||||||
|
|
||||||
|
# OpenSSH privilege separation requires a user & group ID
|
||||||
|
%define sshd_uid 74
|
||||||
|
%define sshd_gid 74
|
||||||
|
|
||||||
|
# Version of ssh-askpass
|
||||||
|
%define aversion 1.2.4.1
|
||||||
|
|
||||||
|
# Do we want to disable building of x11-askpass? (1=yes 0=no)
|
||||||
|
%define no_x11_askpass 0
|
||||||
|
|
||||||
|
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
|
||||||
|
%define no_gnome_askpass 0
|
||||||
|
|
||||||
|
# Do we want to link against a static libcrypto? (1=yes 0=no)
|
||||||
|
%define static_libcrypto 0
|
||||||
|
|
||||||
|
# Do we want smartcard support (1=yes 0=no)
|
||||||
|
%define scard 0
|
||||||
|
|
||||||
|
# Use GTK2 instead of GNOME in gnome-ssh-askpass
|
||||||
|
%define gtk2 1
|
||||||
|
|
||||||
|
# Is this build for RHL 6.x?
|
||||||
|
%define build6x 0
|
||||||
|
|
||||||
|
# Do we want kerberos5 support (1=yes 0=no)
|
||||||
|
%define kerberos5 1
|
||||||
|
|
||||||
|
# Reserve options to override askpass settings with:
|
||||||
|
# rpm -ba|--rebuild --define 'skip_xxx 1'
|
||||||
|
%{?skip_x11_askpass:%define no_x11_askpass 1}
|
||||||
|
%{?skip_gnome_askpass:%define no_gnome_askpass 1}
|
||||||
|
|
||||||
|
# Add option to build without GTK2 for older platforms with only GTK+.
|
||||||
|
# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
|
||||||
|
# rpm -ba|--rebuild --define 'no_gtk2 1'
|
||||||
|
%{?no_gtk2:%define gtk2 0}
|
||||||
|
|
||||||
|
# Is this a build for RHL 6.x or earlier?
|
||||||
|
%{?build_6x:%define build6x 1}
|
||||||
|
|
||||||
|
# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
|
||||||
|
%if %{build6x}
|
||||||
|
%define _sysconfdir /etc
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Options for static OpenSSL link:
|
||||||
|
# rpm -ba|--rebuild --define "static_openssl 1"
|
||||||
|
%{?static_openssl:%define static_libcrypto 1}
|
||||||
|
|
||||||
|
# Options for Smartcard support: (needs libsectok and openssl-engine)
|
||||||
|
# rpm -ba|--rebuild --define "smartcard 1"
|
||||||
|
%{?smartcard:%define scard 1}
|
||||||
|
|
||||||
|
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
||||||
|
%define rescue 0
|
||||||
|
%{?build_rescue:%define rescue 1}
|
||||||
|
|
||||||
|
# Turn off some stuff for resuce builds
|
||||||
|
%if %{rescue}
|
||||||
|
%define kerberos5 0
|
||||||
|
%endif
|
||||||
|
|
||||||
|
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
|
||||||
|
Name: openssh
|
||||||
|
Version: %{ver}
|
||||||
|
%if %{rescue}
|
||||||
|
Release: %{rel}rescue
|
||||||
|
%else
|
||||||
|
Release: %{rel}
|
||||||
|
%endif
|
||||||
|
URL: http://www.openssh.com/portable.html
|
||||||
|
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
|
Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
|
||||||
|
License: BSD
|
||||||
|
Group: Applications/Internet
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||||
|
Obsoletes: ssh
|
||||||
|
%if %{build6x}
|
||||||
|
PreReq: initscripts >= 5.00
|
||||||
|
%else
|
||||||
|
PreReq: initscripts >= 5.20
|
||||||
|
%endif
|
||||||
|
BuildPreReq: perl, openssl-devel, tcp_wrappers
|
||||||
|
BuildPreReq: /bin/login
|
||||||
|
%if ! %{build6x}
|
||||||
|
BuildPreReq: glibc-devel, pam
|
||||||
|
%else
|
||||||
|
BuildPreReq: /usr/include/security/pam_appl.h
|
||||||
|
%endif
|
||||||
|
%if ! %{no_x11_askpass}
|
||||||
|
BuildPreReq: XFree86-devel
|
||||||
|
%endif
|
||||||
|
%if ! %{no_gnome_askpass}
|
||||||
|
BuildPreReq: pkgconfig
|
||||||
|
%endif
|
||||||
|
%if %{kerberos5}
|
||||||
|
BuildPreReq: krb5-devel
|
||||||
|
BuildPreReq: krb5-libs
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%package clients
|
||||||
|
Summary: OpenSSH clients.
|
||||||
|
Requires: openssh = %{version}-%{release}
|
||||||
|
Group: Applications/Internet
|
||||||
|
Obsoletes: ssh-clients
|
||||||
|
|
||||||
|
%package server
|
||||||
|
Summary: The OpenSSH server daemon.
|
||||||
|
Group: System Environment/Daemons
|
||||||
|
Obsoletes: ssh-server
|
||||||
|
PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
|
||||||
|
%if ! %{build6x}
|
||||||
|
Requires: /etc/pam.d/system-auth
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%package askpass
|
||||||
|
Summary: A passphrase dialog for OpenSSH and X.
|
||||||
|
Group: Applications/Internet
|
||||||
|
Requires: openssh = %{version}-%{release}
|
||||||
|
Obsoletes: ssh-extras
|
||||||
|
|
||||||
|
%package askpass-gnome
|
||||||
|
Summary: A passphrase dialog for OpenSSH, X, and GNOME.
|
||||||
|
Group: Applications/Internet
|
||||||
|
Requires: openssh = %{version}-%{release}
|
||||||
|
Obsoletes: ssh-extras
|
||||||
|
|
||||||
|
%description
|
||||||
|
SSH (Secure SHell) is a program for logging into and executing
|
||||||
|
commands on a remote machine. SSH is intended to replace rlogin and
|
||||||
|
rsh, and to provide secure encrypted communications between two
|
||||||
|
untrusted hosts over an insecure network. X11 connections and
|
||||||
|
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
||||||
|
|
||||||
|
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
|
||||||
|
it up to date in terms of security and features, as well as removing
|
||||||
|
all patented algorithms to separate libraries.
|
||||||
|
|
||||||
|
This package includes the core files necessary for both the OpenSSH
|
||||||
|
client and server. To make this package useful, you should also
|
||||||
|
install openssh-clients, openssh-server, or both.
|
||||||
|
|
||||||
|
%description clients
|
||||||
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||||
|
into and executing commands on a remote machine. This package includes
|
||||||
|
the clients necessary to make encrypted connections to SSH servers.
|
||||||
|
You'll also need to install the openssh package on OpenSSH clients.
|
||||||
|
|
||||||
|
%description server
|
||||||
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||||
|
into and executing commands on a remote machine. This package contains
|
||||||
|
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
|
||||||
|
securely connect to your SSH server. You also need to have the openssh
|
||||||
|
package installed.
|
||||||
|
|
||||||
|
%description askpass
|
||||||
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||||
|
into and executing commands on a remote machine. This package contains
|
||||||
|
an X11 passphrase dialog for OpenSSH.
|
||||||
|
|
||||||
|
%description askpass-gnome
|
||||||
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||||
|
into and executing commands on a remote machine. This package contains
|
||||||
|
an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
|
||||||
|
environment.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
|
||||||
|
%if ! %{no_x11_askpass}
|
||||||
|
%setup -q -a 1
|
||||||
|
%else
|
||||||
|
%setup -q
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%build
|
||||||
|
%if %{rescue}
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if %{kerberos5}
|
||||||
|
K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
|
||||||
|
echo K5DIR=$K5DIR
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%configure \
|
||||||
|
--sysconfdir=%{_sysconfdir}/ssh \
|
||||||
|
--libexecdir=%{_libexecdir}/openssh \
|
||||||
|
--datadir=%{_datadir}/openssh \
|
||||||
|
--with-tcp-wrappers \
|
||||||
|
--with-rsh=%{_bindir}/rsh \
|
||||||
|
--with-default-path=/usr/local/bin:/bin:/usr/bin \
|
||||||
|
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
|
||||||
|
--with-privsep-path=%{_var}/empty/sshd \
|
||||||
|
--with-md5-passwords \
|
||||||
|
%if %{scard}
|
||||||
|
--with-smartcard \
|
||||||
|
%endif
|
||||||
|
%if %{rescue}
|
||||||
|
--without-pam \
|
||||||
|
%else
|
||||||
|
--with-pam \
|
||||||
|
%endif
|
||||||
|
%if %{kerberos5}
|
||||||
|
--with-kerberos5=$K5DIR \
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%if %{static_libcrypto}
|
||||||
|
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
|
||||||
|
%endif
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
%if ! %{no_x11_askpass}
|
||||||
|
pushd x11-ssh-askpass-%{aversion}
|
||||||
|
%configure --libexecdir=%{_libexecdir}/openssh
|
||||||
|
xmkmf -a
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Define a variable to toggle gnome1/gtk2 building. This is necessary
|
||||||
|
# because RPM doesn't handle nested %if statements.
|
||||||
|
%if %{gtk2}
|
||||||
|
gtk2=yes
|
||||||
|
%else
|
||||||
|
gtk2=no
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{no_gnome_askpass}
|
||||||
|
pushd contrib
|
||||||
|
if [ $gtk2 = yes ] ; then
|
||||||
|
make gnome-ssh-askpass2
|
||||||
|
mv gnome-ssh-askpass2 gnome-ssh-askpass
|
||||||
|
else
|
||||||
|
make gnome-ssh-askpass1
|
||||||
|
mv gnome-ssh-askpass1 gnome-ssh-askpass
|
||||||
|
fi
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
|
||||||
|
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
||||||
|
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
|
||||||
|
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
install -d $RPM_BUILD_ROOT/etc/pam.d/
|
||||||
|
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||||
|
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
||||||
|
%if %{build6x}
|
||||||
|
install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||||
|
%else
|
||||||
|
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||||
|
%endif
|
||||||
|
install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
|
||||||
|
|
||||||
|
%if ! %{no_x11_askpass}
|
||||||
|
install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
|
||||||
|
ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{no_gnome_askpass}
|
||||||
|
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{scard}
|
||||||
|
rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{no_gnome_askpass}
|
||||||
|
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||||
|
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||||
|
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
||||||
|
%endif
|
||||||
|
|
||||||
|
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%triggerun server -- ssh-server
|
||||||
|
if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
|
||||||
|
touch /var/run/sshd.restart
|
||||||
|
fi
|
||||||
|
|
||||||
|
%triggerun server -- openssh-server < 2.5.0p1
|
||||||
|
# Count the number of HostKey and HostDsaKey statements we have.
|
||||||
|
gawk 'BEGIN {IGNORECASE=1}
|
||||||
|
/^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
|
||||||
|
END {exit sawhostkey}' /etc/ssh/sshd_config
|
||||||
|
# And if we only found one, we know the client was relying on the old default
|
||||||
|
# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
|
||||||
|
# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
|
||||||
|
# one nullifies the default, which would have loaded both.
|
||||||
|
if [ $? -eq 1 ] ; then
|
||||||
|
echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
|
||||||
|
echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
%triggerpostun server -- ssh-server
|
||||||
|
if [ "$1" != 0 ] ; then
|
||||||
|
/sbin/chkconfig --add sshd
|
||||||
|
if test -f /var/run/sshd.restart ; then
|
||||||
|
rm -f /var/run/sshd.restart
|
||||||
|
/sbin/service sshd start > /dev/null 2>&1 || :
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
%pre server
|
||||||
|
%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
|
||||||
|
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
|
||||||
|
-g sshd -M -r sshd 2>/dev/null || :
|
||||||
|
|
||||||
|
%post server
|
||||||
|
/sbin/chkconfig --add sshd
|
||||||
|
|
||||||
|
%postun server
|
||||||
|
/sbin/service sshd condrestart > /dev/null 2>&1 || :
|
||||||
|
|
||||||
|
%preun server
|
||||||
|
if [ "$1" = 0 ]
|
||||||
|
then
|
||||||
|
/sbin/service sshd stop > /dev/null 2>&1 || :
|
||||||
|
/sbin/chkconfig --del sshd
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
|
||||||
|
%attr(0755,root,root) %{_bindir}/scp
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/scp.1*
|
||||||
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||||
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
|
||||||
|
%if ! %{rescue}
|
||||||
|
%attr(0755,root,root) %{_bindir}/ssh-keygen
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
||||||
|
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
||||||
|
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
|
||||||
|
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
||||||
|
%endif
|
||||||
|
%if %{scard}
|
||||||
|
%attr(0755,root,root) %dir %{_datadir}/openssh
|
||||||
|
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%files clients
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%attr(0755,root,root) %{_bindir}/ssh
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
|
||||||
|
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
|
||||||
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
|
||||||
|
%attr(-,root,root) %{_bindir}/slogin
|
||||||
|
%attr(-,root,root) %{_mandir}/man1/slogin.1*
|
||||||
|
%if ! %{rescue}
|
||||||
|
%attr(2755,root,nobody) %{_bindir}/ssh-agent
|
||||||
|
%attr(0755,root,root) %{_bindir}/ssh-add
|
||||||
|
%attr(0755,root,root) %{_bindir}/ssh-keyscan
|
||||||
|
%attr(0755,root,root) %{_bindir}/sftp
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
|
||||||
|
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{rescue}
|
||||||
|
%files server
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%dir %attr(0111,root,root) %{_var}/empty/sshd
|
||||||
|
%attr(0755,root,root) %{_sbindir}/sshd
|
||||||
|
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
||||||
|
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
|
||||||
|
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
|
||||||
|
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
|
||||||
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
||||||
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
||||||
|
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
|
||||||
|
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{no_x11_askpass}
|
||||||
|
%files askpass
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc x11-ssh-askpass-%{aversion}/README
|
||||||
|
%doc x11-ssh-askpass-%{aversion}/ChangeLog
|
||||||
|
%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
|
||||||
|
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
|
||||||
|
%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if ! %{no_gnome_askpass}
|
||||||
|
%files askpass-gnome
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
|
||||||
|
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
|
||||||
|
- Remove noip6 option. This may be controlled at run-time in client config
|
||||||
|
file using new AddressFamily directive
|
||||||
|
|
||||||
|
* Mon May 12 2003 Damien Miller <djm@mindrot.org>
|
||||||
|
- Don't install profile.d scripts when not building with GNOME/GTK askpass
|
||||||
|
(patch from bet@rahul.net)
|
||||||
|
|
||||||
|
* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
|
||||||
|
- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
|
||||||
|
|
||||||
|
* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
|
||||||
|
- Use contrib/ Makefile for building askpass programs
|
||||||
|
|
||||||
|
* Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
|
||||||
|
- Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
|
||||||
|
- Add new {ssh,sshd}_config.5 manpages
|
||||||
|
- Add new ssh-keysign program and remove setuid from ssh client
|
||||||
|
|
||||||
|
* Fri May 10 2002 Damien Miller <djm@mindrot.org>
|
||||||
|
- Merge in spec changes from RedHat, reorgansie a little
|
||||||
|
- Add Privsep user, group and directory
|
||||||
|
|
||||||
|
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
|
||||||
|
- bump and grind (through the build system)
|
||||||
|
|
||||||
|
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
|
||||||
|
- require sharutils for building (mindrot #137)
|
||||||
|
- require db1-devel only when building for 6.x (#55105), which probably won't
|
||||||
|
work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
|
||||||
|
- require pam-devel by file (not by package name) again
|
||||||
|
- add Markus's patch to compile with OpenSSL 0.9.5a (from
|
||||||
|
http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
|
||||||
|
building for 6.x
|
||||||
|
|
||||||
|
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
|
||||||
|
- update to 3.1p1
|
||||||
|
|
||||||
|
* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
|
||||||
|
- update to SNAP-20020305
|
||||||
|
- drop debug patch, fixed upstream
|
||||||
|
|
||||||
|
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
|
||||||
|
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
|
||||||
|
anything to be warned about, gss patches won't apply, I don't mind)
|
||||||
|
|
||||||
|
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
|
||||||
|
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
|
||||||
|
exchange, authentication, and named key support
|
||||||
|
|
||||||
|
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
|
||||||
|
- remove dependency on db1-devel, which has just been swallowed up whole
|
||||||
|
by gnome-libs-devel
|
||||||
|
|
||||||
|
* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- adjust build dependencies so that build6x actually works right (fix
|
||||||
|
from Hugo van der Kooij)
|
||||||
|
|
||||||
|
* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
|
||||||
|
- update to 3.0.2p1
|
||||||
|
|
||||||
|
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
|
||||||
|
- update to 3.0.1p1
|
||||||
|
|
||||||
|
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- update to current CVS (not for use in distribution)
|
||||||
|
|
||||||
|
* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
|
||||||
|
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
|
||||||
|
3.0p1 spec file and init script
|
||||||
|
|
||||||
|
* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- update to 3.0p1
|
||||||
|
- update to x11-ssh-askpass 1.2.4.1
|
||||||
|
- change build dependency on a file from pam-devel to the pam-devel package
|
||||||
|
- replace primes with moduli
|
||||||
|
|
||||||
|
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
|
||||||
|
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
|
||||||
|
|
||||||
|
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
|
||||||
|
- Merge changes to rescue build from current sysadmin survival cd
|
||||||
|
|
||||||
|
* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
|
||||||
|
- fix scp's server's reporting of file sizes, and build with the proper
|
||||||
|
preprocessor define to get large-file capable open(), stat(), etc.
|
||||||
|
(sftp has been doing this correctly all along) (#51827)
|
||||||
|
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
|
||||||
|
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
|
||||||
|
- mark profile.d scriptlets as config files (#42337)
|
||||||
|
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
|
||||||
|
- change a couple of log() statements to debug() statements (#50751)
|
||||||
|
- pull cvs patch to add -t flag to sshd (#28611)
|
||||||
|
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
|
||||||
|
|
||||||
|
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
|
||||||
|
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
|
||||||
|
|
||||||
|
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- pull cvs patch to fix remote port forwarding with protocol 2
|
||||||
|
|
||||||
|
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- pull cvs patch to add session initialization to no-pty sessions
|
||||||
|
- pull cvs patch to not cut off challengeresponse auth needlessly
|
||||||
|
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
||||||
|
it by default on a system that doesn't have X installed (#49263)
|
||||||
|
|
||||||
|
* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
|
||||||
|
|
||||||
|
* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- pass OPTIONS correctly to initlog (#50151)
|
||||||
|
|
||||||
|
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- switch to x11-ssh-askpass 1.2.2
|
||||||
|
|
||||||
|
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- rebuild in new environment
|
||||||
|
|
||||||
|
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- disable the gssapi patch
|
||||||
|
|
||||||
|
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- update to 2.9p2
|
||||||
|
- refresh to a new version of the gssapi patch
|
||||||
|
|
||||||
|
* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- change Copyright: BSD to License: BSD
|
||||||
|
- add Markus Friedl's unverified patch for the cookie file deletion problem
|
||||||
|
so that we can verify it
|
||||||
|
- drop patch to check if xauth is present (was folded into cookie patch)
|
||||||
|
- don't apply gssapi patches for the errata candidate
|
||||||
|
- clear supplemental groups list at startup
|
||||||
|
|
||||||
|
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- fix an error parsing the new default sshd_config
|
||||||
|
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
|
||||||
|
dealing with comments right
|
||||||
|
|
||||||
|
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
|
||||||
|
to be removed before the next beta cycle because it's a big departure
|
||||||
|
from the upstream version
|
||||||
|
|
||||||
|
* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- finish marking strings in the init script for translation
|
||||||
|
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
|
||||||
|
at startup (change merged from openssh.com init script, originally by
|
||||||
|
Pekka Savola)
|
||||||
|
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
||||||
|
it by default on a system that doesn't have X installed
|
||||||
|
|
||||||
|
* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- update to 2.9
|
||||||
|
- drop various patches that came from or went upstream or to or from CVS
|
||||||
|
|
||||||
|
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
|
||||||
|
|
||||||
|
* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
|
||||||
|
- remove explicit openssl requirement, fixes builddistro issue
|
||||||
|
- make initscript stop() function wait until sshd really dead to avoid
|
||||||
|
races in condrestart
|
||||||
|
|
||||||
|
* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- mention that challengereponse supports PAM, so disabling password doesn't
|
||||||
|
limit users to pubkey and rsa auth (#34378)
|
||||||
|
- bypass the daemon() function in the init script and call initlog directly,
|
||||||
|
because daemon() won't start a daemon it detects is already running (like
|
||||||
|
open connections)
|
||||||
|
- require the version of openssl we had when we were built
|
||||||
|
|
||||||
|
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- make do_pam_setcred() smart enough to know when to establish creds and
|
||||||
|
when to reinitialize them
|
||||||
|
- add in a couple of other fixes from Damien for inclusion in the errata
|
||||||
|
|
||||||
|
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- update to 2.5.2p2
|
||||||
|
- call setcred() again after initgroups, because the "creds" could actually
|
||||||
|
be group memberships
|
||||||
|
|
||||||
|
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
|
||||||
|
- don't enable challenge-response by default until we find a way to not
|
||||||
|
have too many userauth requests (we may make up to six pubkey and up to
|
||||||
|
three password attempts as it is)
|
||||||
|
- remove build dependency on rsh to match openssh.com's packages more closely
|
||||||
|
|
||||||
|
* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- remove dependency on openssl -- would need to be too precise
|
||||||
|
|
||||||
|
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- rebuild in new environment
|
||||||
|
|
||||||
|
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Revert the patch to move pam_open_session.
|
||||||
|
- Init script and spec file changes from Pekka Savola. (#28750)
|
||||||
|
- Patch sftp to recognize '-o protocol' arguments. (#29540)
|
||||||
|
|
||||||
|
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Chuck the closing patch.
|
||||||
|
- Add a trigger to add host keys for protocol 2 to the config file, now that
|
||||||
|
configuration file syntax requires us to specify it with HostKey if we
|
||||||
|
specify any other HostKey values, which we do.
|
||||||
|
|
||||||
|
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Redo patch to move pam_open_session after the server setuid()s to the user.
|
||||||
|
- Rework the nopam patch to use be picked up by autoconf.
|
||||||
|
|
||||||
|
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update for 2.5.1p1.
|
||||||
|
- Add init script mods from Pekka Savola.
|
||||||
|
- Tweak the init script to match the CVS contrib script more closely.
|
||||||
|
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
|
||||||
|
adding id_rsa.
|
||||||
|
|
||||||
|
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update for 2.5.0p1.
|
||||||
|
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
|
||||||
|
- Resync with parts of Damien Miller's openssh.spec from CVS, including
|
||||||
|
update of x11 askpass to 1.2.0.
|
||||||
|
- Only require openssl (don't prereq) because we generate keys in the init
|
||||||
|
script now.
|
||||||
|
|
||||||
|
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Don't open a PAM session until we've forked and become the user (#25690).
|
||||||
|
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
|
||||||
|
host the user is attempting a login from.
|
||||||
|
- Resync with parts of Damien Miller's openssh.spec from CVS.
|
||||||
|
- Don't expose KbdInt responses in debug messages (from CVS).
|
||||||
|
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
|
||||||
|
|
||||||
|
* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
|
||||||
|
- i18n-tweak to initscript.
|
||||||
|
|
||||||
|
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- More gettextizing.
|
||||||
|
- Close all files after going into daemon mode (needs more testing).
|
||||||
|
- Extract patch from CVS to handle auth banners (in the client).
|
||||||
|
- Extract patch from CVS to handle compat weirdness.
|
||||||
|
|
||||||
|
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Finish with the gettextizing.
|
||||||
|
|
||||||
|
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Fix a bug in auth2-pam.c (#23877)
|
||||||
|
- Gettextize the init script.
|
||||||
|
|
||||||
|
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Incorporate a switch for using PAM configs for 6.x, just in case.
|
||||||
|
|
||||||
|
* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Incorporate Bero's changes for a build specifically for rescue CDs.
|
||||||
|
|
||||||
|
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
|
||||||
|
succeeded, to allow public-key authentication after a failure with "none"
|
||||||
|
authentication. (#21268)
|
||||||
|
|
||||||
|
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to x11-askpass 1.1.1. (#21301)
|
||||||
|
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
|
||||||
|
|
||||||
|
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Merge multiple PAM text messages into subsequent prompts when possible when
|
||||||
|
doing keyboard-interactive authentication.
|
||||||
|
|
||||||
|
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Disable the built-in MD5 password support. We're using PAM.
|
||||||
|
- Take a crack at doing keyboard-interactive authentication with PAM, and
|
||||||
|
enable use of it in the default client configuration so that the client
|
||||||
|
will try it when the server disallows password authentication.
|
||||||
|
- Build with debugging flags. Build root policies strip all binaries anyway.
|
||||||
|
|
||||||
|
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Use DESTDIR instead of %%makeinstall.
|
||||||
|
- Remove /usr/X11R6/bin from the path-fixing patch.
|
||||||
|
|
||||||
|
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Add the primes file from the latest snapshot to the main package (#20884).
|
||||||
|
- Add the dev package to the prereq list (#19984).
|
||||||
|
- Remove the default path and mimic login's behavior in the server itself.
|
||||||
|
|
||||||
|
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Resync with conditional options in Damien Miller's .spec file for an errata.
|
||||||
|
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
|
||||||
|
|
||||||
|
* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to OpenSSH 2.3.0p1.
|
||||||
|
- Update to x11-askpass 1.1.0.
|
||||||
|
- Enable keyboard-interactive authentication.
|
||||||
|
|
||||||
|
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to ssh-askpass-x11 1.0.3.
|
||||||
|
- Change authentication related messages to be private (#19966).
|
||||||
|
|
||||||
|
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Patch ssh-keygen to be able to list signatures for DSA public key files
|
||||||
|
it generates.
|
||||||
|
|
||||||
|
* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
|
||||||
|
build PAM authentication in.
|
||||||
|
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
|
||||||
|
- Clean out no-longer-used patches.
|
||||||
|
- Patch ssh-add to try to add both identity and id_dsa, and to error only
|
||||||
|
when neither exists.
|
||||||
|
|
||||||
|
* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update x11-askpass to 1.0.2. (#17835)
|
||||||
|
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
|
||||||
|
always find them in the right place. (#17909)
|
||||||
|
- Set the default path to be the same as the one supplied by /bin/login, but
|
||||||
|
add /usr/X11R6/bin. (#17909)
|
||||||
|
- Try to handle obsoletion of ssh-server more cleanly. Package names
|
||||||
|
are different, but init script name isn't. (#17865)
|
||||||
|
|
||||||
|
* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to 2.2.0p1. (#17835)
|
||||||
|
- Tweak the init script to allow proper restarting. (#18023)
|
||||||
|
|
||||||
|
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to 20000823 snapshot.
|
||||||
|
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
|
||||||
|
- Back out the pipe patch.
|
||||||
|
|
||||||
|
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
|
||||||
|
- Move the init script back.
|
||||||
|
- Add Damien's quick fix for wackiness.
|
||||||
|
|
||||||
|
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
|
||||||
|
|
||||||
|
* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Move condrestart to server postun.
|
||||||
|
- Move key generation to init script.
|
||||||
|
- Actually use the right patch for moving the key generation to the init script.
|
||||||
|
- Clean up the init script a bit.
|
||||||
|
|
||||||
|
* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
|
||||||
|
|
||||||
|
* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to 2.1.1p2.
|
||||||
|
- Use of strtok() considered harmful.
|
||||||
|
|
||||||
|
* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Get the build root out of the man pages.
|
||||||
|
|
||||||
|
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Add and use condrestart support in the init script.
|
||||||
|
- Add newer initscripts as a prereq.
|
||||||
|
|
||||||
|
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Build in new environment (release 2)
|
||||||
|
- Move -clients subpackage to Applications/Internet group
|
||||||
|
|
||||||
|
* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Update to 2.2.1p1
|
||||||
|
|
||||||
|
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
- Patch to build with neither RSA nor RSAref.
|
||||||
|
- Miscellaneous FHS-compliance tweaks.
|
||||||
|
- Fix for possibly-compressed man pages.
|
||||||
|
|
||||||
|
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Updated for new location
|
||||||
|
- Updated for new gnome-ssh-askpass build
|
||||||
|
|
||||||
|
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
|
||||||
|
- Added Jim Knoble's <jmknoble@pobox.com> askpass
|
||||||
|
|
||||||
|
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
|
||||||
|
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
|
||||||
|
|
||||||
|
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
|
||||||
|
- Added 'Obsoletes' directives
|
||||||
|
|
||||||
|
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Use make install
|
||||||
|
- Subpackages
|
||||||
|
|
||||||
|
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Added links for slogin
|
||||||
|
- Fixed perms on manpages
|
||||||
|
|
||||||
|
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Renamed init script
|
||||||
|
|
||||||
|
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Back to old binary names
|
||||||
|
|
||||||
|
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Use autoconf
|
||||||
|
- New binary names
|
||||||
|
|
||||||
|
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|
154
crypto/openssh/contrib/redhat/sshd.init
Executable file
154
crypto/openssh/contrib/redhat/sshd.init
Executable file
@ -0,0 +1,154 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Init file for OpenSSH server daemon
|
||||||
|
#
|
||||||
|
# chkconfig: 2345 55 25
|
||||||
|
# description: OpenSSH server daemon
|
||||||
|
#
|
||||||
|
# processname: sshd
|
||||||
|
# config: /etc/ssh/ssh_host_key
|
||||||
|
# config: /etc/ssh/ssh_host_key.pub
|
||||||
|
# config: /etc/ssh/ssh_random_seed
|
||||||
|
# config: /etc/ssh/sshd_config
|
||||||
|
# pidfile: /var/run/sshd.pid
|
||||||
|
|
||||||
|
# source function library
|
||||||
|
. /etc/rc.d/init.d/functions
|
||||||
|
|
||||||
|
# pull in sysconfig settings
|
||||||
|
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
||||||
|
|
||||||
|
RETVAL=0
|
||||||
|
prog="sshd"
|
||||||
|
|
||||||
|
# Some functions to make the below more readable
|
||||||
|
KEYGEN=/usr/bin/ssh-keygen
|
||||||
|
SSHD=/usr/sbin/sshd
|
||||||
|
RSA1_KEY=/etc/ssh/ssh_host_key
|
||||||
|
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
||||||
|
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||||
|
PID_FILE=/var/run/sshd.pid
|
||||||
|
|
||||||
|
do_rsa1_keygen() {
|
||||||
|
if [ ! -s $RSA1_KEY ]; then
|
||||||
|
echo -n $"Generating SSH1 RSA host key: "
|
||||||
|
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
||||||
|
chmod 600 $RSA1_KEY
|
||||||
|
chmod 644 $RSA1_KEY.pub
|
||||||
|
success $"RSA1 key generation"
|
||||||
|
echo
|
||||||
|
else
|
||||||
|
failure $"RSA1 key generation"
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
do_rsa_keygen() {
|
||||||
|
if [ ! -s $RSA_KEY ]; then
|
||||||
|
echo -n $"Generating SSH2 RSA host key: "
|
||||||
|
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||||
|
chmod 600 $RSA_KEY
|
||||||
|
chmod 644 $RSA_KEY.pub
|
||||||
|
success $"RSA key generation"
|
||||||
|
echo
|
||||||
|
else
|
||||||
|
failure $"RSA key generation"
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
do_dsa_keygen() {
|
||||||
|
if [ ! -s $DSA_KEY ]; then
|
||||||
|
echo -n $"Generating SSH2 DSA host key: "
|
||||||
|
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||||
|
chmod 600 $DSA_KEY
|
||||||
|
chmod 644 $DSA_KEY.pub
|
||||||
|
success $"DSA key generation"
|
||||||
|
echo
|
||||||
|
else
|
||||||
|
failure $"DSA key generation"
|
||||||
|
echo
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
do_restart_sanity_check()
|
||||||
|
{
|
||||||
|
$SSHD -t
|
||||||
|
RETVAL=$?
|
||||||
|
if [ ! "$RETVAL" = 0 ]; then
|
||||||
|
failure $"Configuration file or keys are invalid"
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
start()
|
||||||
|
{
|
||||||
|
# Create keys if necessary
|
||||||
|
do_rsa1_keygen
|
||||||
|
do_rsa_keygen
|
||||||
|
do_dsa_keygen
|
||||||
|
|
||||||
|
echo -n $"Starting $prog:"
|
||||||
|
initlog -c "$SSHD $OPTIONS" && success || failure
|
||||||
|
RETVAL=$?
|
||||||
|
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
stop()
|
||||||
|
{
|
||||||
|
echo -n $"Stopping $prog:"
|
||||||
|
killproc $SSHD -TERM
|
||||||
|
RETVAL=$?
|
||||||
|
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
reload()
|
||||||
|
{
|
||||||
|
echo -n $"Reloading $prog:"
|
||||||
|
killproc $SSHD -HUP
|
||||||
|
RETVAL=$?
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
stop
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
stop
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
reload)
|
||||||
|
reload
|
||||||
|
;;
|
||||||
|
condrestart)
|
||||||
|
if [ -f /var/lock/subsys/sshd ] ; then
|
||||||
|
do_restart_sanity_check
|
||||||
|
if [ "$RETVAL" = 0 ] ; then
|
||||||
|
stop
|
||||||
|
# avoid race
|
||||||
|
sleep 3
|
||||||
|
start
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
status $SSHD
|
||||||
|
RETVAL=$?
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
|
||||||
|
RETVAL=1
|
||||||
|
esac
|
||||||
|
exit $RETVAL
|
8
crypto/openssh/contrib/redhat/sshd.pam
Normal file
8
crypto/openssh/contrib/redhat/sshd.pam
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth required pam_stack.so service=system-auth
|
||||||
|
auth required pam_nologin.so
|
||||||
|
account required pam_stack.so service=system-auth
|
||||||
|
password required pam_stack.so service=system-auth
|
||||||
|
session required pam_stack.so service=system-auth
|
||||||
|
session required pam_limits.so
|
||||||
|
session optional pam_console.so
|
24
crypto/openssh/contrib/solaris/README
Executable file
24
crypto/openssh/contrib/solaris/README
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
The following is a new package build script for Solaris. This is being
|
||||||
|
introduced into OpenSSH 3.0 and above in hopes of simplifying the build
|
||||||
|
process. As of 3.1p2 the script should work on all platforms that have
|
||||||
|
SVR4 style package tools.
|
||||||
|
|
||||||
|
The build process is called a 'dummy install'.. Which means the software does
|
||||||
|
a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should
|
||||||
|
be handled correctly and key are defered until the first time the sshd
|
||||||
|
is started.
|
||||||
|
|
||||||
|
Directions:
|
||||||
|
|
||||||
|
1. make -F Makefile.in distprep (Only if you are getting from the CVS tree)
|
||||||
|
2. ./configure --with-pam [..any other options you want..]
|
||||||
|
3. look at the top of contrib/solaris/buildpkg.sh for the configurable options.
|
||||||
|
4. ./contrib/solaris/buildpkg.sh
|
||||||
|
|
||||||
|
If all goes well you should have a solaris package ready to be installed.
|
||||||
|
|
||||||
|
If you have any problems with this script please post them to
|
||||||
|
openssh-unix-dev@mindrot.org and I will try to assist you as best as I can.
|
||||||
|
|
||||||
|
- Ben Lindstrom
|
||||||
|
|
386
crypto/openssh/contrib/solaris/buildpkg.sh
Executable file
386
crypto/openssh/contrib/solaris/buildpkg.sh
Executable file
@ -0,0 +1,386 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
|
||||||
|
#
|
||||||
|
# The following code has been provide under Public Domain License. I really
|
||||||
|
# don't care what you use it for. Just as long as you don't complain to me
|
||||||
|
# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
|
||||||
|
#
|
||||||
|
umask 022
|
||||||
|
#
|
||||||
|
# Options for building the package
|
||||||
|
# You can create a config.local with your customized options
|
||||||
|
#
|
||||||
|
# uncommenting TEST_DIR and using
|
||||||
|
# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
|
||||||
|
# and
|
||||||
|
# PKGNAME=tOpenSSH should allow testing a package without interfering
|
||||||
|
# with a real OpenSSH package on a system. This is not needed on systems
|
||||||
|
# that support the -R option to pkgadd.
|
||||||
|
#TEST_DIR=/var/tmp # leave commented out for production build
|
||||||
|
PKGNAME=OpenSSH
|
||||||
|
SYSVINIT_NAME=opensshd
|
||||||
|
MAKE=${MAKE:="make"}
|
||||||
|
SSHDUID=67 # Default privsep uid
|
||||||
|
SSHDGID=67 # Default privsep gid
|
||||||
|
# uncomment these next three as needed
|
||||||
|
#PERMIT_ROOT_LOGIN=no
|
||||||
|
#X11_FORWARDING=yes
|
||||||
|
#USR_LOCAL_IS_SYMLINK=yes
|
||||||
|
# list of system directories we do NOT want to change owner/group/perms
|
||||||
|
# when installing our package
|
||||||
|
SYSTEM_DIR="/etc \
|
||||||
|
/etc/init.d \
|
||||||
|
/etc/rcS.d \
|
||||||
|
/etc/rc0.d \
|
||||||
|
/etc/rc1.d \
|
||||||
|
/etc/rc2.d \
|
||||||
|
/etc/opt \
|
||||||
|
/opt \
|
||||||
|
/opt/bin \
|
||||||
|
/usr \
|
||||||
|
/usr/bin \
|
||||||
|
/usr/lib \
|
||||||
|
/usr/sbin \
|
||||||
|
/usr/share \
|
||||||
|
/usr/share/man \
|
||||||
|
/usr/share/man/man1 \
|
||||||
|
/usr/share/man/man8 \
|
||||||
|
/usr/local \
|
||||||
|
/usr/local/bin \
|
||||||
|
/usr/local/etc \
|
||||||
|
/usr/local/libexec \
|
||||||
|
/usr/local/man \
|
||||||
|
/usr/local/man/man1 \
|
||||||
|
/usr/local/man/man8 \
|
||||||
|
/usr/local/sbin \
|
||||||
|
/usr/local/share \
|
||||||
|
/var \
|
||||||
|
/var/opt \
|
||||||
|
/var/run \
|
||||||
|
/var/tmp \
|
||||||
|
/tmp"
|
||||||
|
|
||||||
|
# We may need to build as root so we make sure PATH is set up
|
||||||
|
# only set the path if it's not set already
|
||||||
|
[ -d /usr/local/bin ] && {
|
||||||
|
echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
|
||||||
|
[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
|
||||||
|
}
|
||||||
|
[ -d /usr/ccs/bin ] && {
|
||||||
|
echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
|
||||||
|
[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
|
||||||
|
}
|
||||||
|
export PATH
|
||||||
|
#
|
||||||
|
|
||||||
|
[ -f Makefile ] || {
|
||||||
|
echo "Please run this script from your build directory"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# we will look for config.local to override the above options
|
||||||
|
[ -s ./config.local ] && . ./config.local
|
||||||
|
|
||||||
|
## Start by faking root install
|
||||||
|
echo "Faking root install..."
|
||||||
|
START=`pwd`
|
||||||
|
OPENSSHD_IN=`dirname $0`/opensshd.in
|
||||||
|
FAKE_ROOT=$START/package
|
||||||
|
[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
|
||||||
|
mkdir $FAKE_ROOT
|
||||||
|
${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
|
||||||
|
if [ $? -gt 0 ]
|
||||||
|
then
|
||||||
|
echo "Fake root install failed, stopping."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Fill in some details, like prefix and sysconfdir
|
||||||
|
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
|
||||||
|
do
|
||||||
|
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
## Collect value of privsep user
|
||||||
|
for confvar in SSH_PRIVSEP_USER
|
||||||
|
do
|
||||||
|
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
|
||||||
|
done
|
||||||
|
|
||||||
|
## Set privsep defaults if not defined
|
||||||
|
if [ -z "$SSH_PRIVSEP_USER" ]
|
||||||
|
then
|
||||||
|
SSH_PRIVSEP_USER=sshd
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Extract common info requires for the 'info' part of the package.
|
||||||
|
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
|
||||||
|
|
||||||
|
UNAME_S=`uname -s`
|
||||||
|
case ${UNAME_S} in
|
||||||
|
SunOS) UNAME_S=Solaris
|
||||||
|
ARCH=`uname -p`
|
||||||
|
RCS_D=yes
|
||||||
|
DEF_MSG="(default: n)"
|
||||||
|
;;
|
||||||
|
*) ARCH=`uname -m`
|
||||||
|
DEF_MSG="\n" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
## Setup our run level stuff while we are at it.
|
||||||
|
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
|
||||||
|
|
||||||
|
## setup our initscript correctly
|
||||||
|
sed -e "s#%%configDir%%#${sysconfdir}#g" \
|
||||||
|
-e "s#%%openSSHDir%%#$prefix#g" \
|
||||||
|
-e "s#%%pidDir%%#${piddir}#g" \
|
||||||
|
${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||||
|
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
|
||||||
|
|
||||||
|
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
|
||||||
|
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
|
||||||
|
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||||
|
[ "${X11_FORWARDING}" = yes ] && \
|
||||||
|
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
|
||||||
|
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||||
|
# fix PrintMotd
|
||||||
|
perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
|
||||||
|
$FAKE_ROOT/${sysconfdir}/sshd_config
|
||||||
|
|
||||||
|
# We don't want to overwrite config files on multiple installs
|
||||||
|
mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
|
||||||
|
mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
|
||||||
|
[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
|
||||||
|
mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
|
||||||
|
|
||||||
|
cd $FAKE_ROOT
|
||||||
|
|
||||||
|
## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
|
||||||
|
## whining.
|
||||||
|
for i in *; do
|
||||||
|
PROTO_ARGS="$PROTO_ARGS $i=/$i";
|
||||||
|
done
|
||||||
|
|
||||||
|
## Build info file
|
||||||
|
echo "Building pkginfo file..."
|
||||||
|
cat > pkginfo << _EOF
|
||||||
|
PKG=$PKGNAME
|
||||||
|
NAME="OpenSSH Portable for ${UNAME_S}"
|
||||||
|
DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
|
||||||
|
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
|
||||||
|
ARCH=$ARCH
|
||||||
|
VERSION=$VERSION
|
||||||
|
CATEGORY="Security,application"
|
||||||
|
BASEDIR=/
|
||||||
|
CLASSES="none"
|
||||||
|
_EOF
|
||||||
|
|
||||||
|
## Build preinstall file
|
||||||
|
echo "Building preinstall file..."
|
||||||
|
cat > preinstall << _EOF
|
||||||
|
#! /sbin/sh
|
||||||
|
#
|
||||||
|
[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||||
|
exit 0
|
||||||
|
_EOF
|
||||||
|
|
||||||
|
## Build postinstall file
|
||||||
|
echo "Building postinstall file..."
|
||||||
|
cat > postinstall << _EOF
|
||||||
|
#! /sbin/sh
|
||||||
|
#
|
||||||
|
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
|
||||||
|
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
|
||||||
|
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
|
||||||
|
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
|
||||||
|
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
|
||||||
|
\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
|
||||||
|
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
|
||||||
|
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
|
||||||
|
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
|
||||||
|
\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
|
||||||
|
}
|
||||||
|
|
||||||
|
# make rc?.d dirs only if we are doing a test install
|
||||||
|
[ -n "${TEST_DIR}" ] && {
|
||||||
|
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
|
||||||
|
mkdir -p ${TEST_DIR}/etc/rc0.d
|
||||||
|
mkdir -p ${TEST_DIR}/etc/rc1.d
|
||||||
|
mkdir -p ${TEST_DIR}/etc/rc2.d
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "\${USE_SYM_LINKS}" = yes ]
|
||||||
|
then
|
||||||
|
[ "$RCS_D" = yes ] && \
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
|
||||||
|
else
|
||||||
|
[ "$RCS_D" = yes ] && \
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||||
|
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
|
||||||
|
[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
|
||||||
|
|
||||||
|
installf -f ${PKGNAME}
|
||||||
|
|
||||||
|
# Use chroot to handle PKG_INSTALL_ROOT
|
||||||
|
if [ ! -z "\${PKG_INSTALL_ROOT}" ]
|
||||||
|
then
|
||||||
|
chroot="chroot \${PKG_INSTALL_ROOT}"
|
||||||
|
fi
|
||||||
|
# If this is a test build, we will skip the groupadd/useradd/passwd commands
|
||||||
|
if [ ! -z "${TEST_DIR}" ]
|
||||||
|
then
|
||||||
|
chroot=echo
|
||||||
|
fi
|
||||||
|
|
||||||
|
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
|
||||||
|
then
|
||||||
|
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
|
||||||
|
echo "or group."
|
||||||
|
else
|
||||||
|
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
|
||||||
|
|
||||||
|
# create group if required
|
||||||
|
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||||
|
then
|
||||||
|
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
|
||||||
|
else
|
||||||
|
# Use gid of 67 if possible
|
||||||
|
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
|
||||||
|
then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
sshdgid="-g $SSHDGID"
|
||||||
|
fi
|
||||||
|
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
|
||||||
|
\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create user if required
|
||||||
|
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
|
||||||
|
then
|
||||||
|
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
|
||||||
|
else
|
||||||
|
# Use uid of 67 if possible
|
||||||
|
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
|
||||||
|
then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
sshduid="-u $SSHDUID"
|
||||||
|
fi
|
||||||
|
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
|
||||||
|
\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
|
||||||
|
\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
|
||||||
|
exit 0
|
||||||
|
_EOF
|
||||||
|
|
||||||
|
## Build preremove file
|
||||||
|
echo "Building preremove file..."
|
||||||
|
cat > preremove << _EOF
|
||||||
|
#! /sbin/sh
|
||||||
|
#
|
||||||
|
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
|
||||||
|
exit 0
|
||||||
|
_EOF
|
||||||
|
|
||||||
|
## Build request file
|
||||||
|
echo "Building request file..."
|
||||||
|
cat > request << _EOF
|
||||||
|
trap 'exit 3' 15
|
||||||
|
USE_SYM_LINKS=no
|
||||||
|
PRE_INS_STOP=no
|
||||||
|
POST_INS_START=no
|
||||||
|
# Use symbolic links?
|
||||||
|
ans=\`ckyorn -d n \
|
||||||
|
-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
|
||||||
|
case \$ans in
|
||||||
|
[y,Y]*) USE_SYM_LINKS=yes ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# determine if should restart the daemon
|
||||||
|
if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
|
||||||
|
then
|
||||||
|
ans=\`ckyorn -d n \
|
||||||
|
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
|
||||||
|
case \$ans in
|
||||||
|
[y,Y]*) PRE_INS_STOP=yes
|
||||||
|
POST_INS_START=yes
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
# determine if we should start sshd
|
||||||
|
ans=\`ckyorn -d n \
|
||||||
|
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
|
||||||
|
case \$ans in
|
||||||
|
[y,Y]*) POST_INS_START=yes ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
# make parameters available to installation service,
|
||||||
|
# and so to any other packaging scripts
|
||||||
|
cat >\$1 <<!
|
||||||
|
USE_SYM_LINKS='\$USE_SYM_LINKS'
|
||||||
|
PRE_INS_STOP='\$PRE_INS_STOP'
|
||||||
|
POST_INS_START='\$POST_INS_START'
|
||||||
|
!
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
_EOF
|
||||||
|
|
||||||
|
## Build space file
|
||||||
|
echo "Building space file..."
|
||||||
|
cat > space << _EOF
|
||||||
|
# extra space required by start/stop links added by installf in postinstall
|
||||||
|
$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
|
||||||
|
$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
|
||||||
|
$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
|
||||||
|
_EOF
|
||||||
|
[ "$RCS_D" = yes ] && \
|
||||||
|
echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
|
||||||
|
|
||||||
|
## Next Build our prototype
|
||||||
|
echo "Building prototype file..."
|
||||||
|
cat >mk-proto.awk << _EOF
|
||||||
|
BEGIN { print "i pkginfo"; print "i preinstall"; \\
|
||||||
|
print "i postinstall"; print "i preremove"; \\
|
||||||
|
print "i request"; print "i space"; \\
|
||||||
|
split("$SYSTEM_DIR",sys_files); }
|
||||||
|
{
|
||||||
|
for (dir in sys_files) { if ( \$3 != sys_files[dir] )
|
||||||
|
{ \$5="root"; \$6="sys"; }
|
||||||
|
else
|
||||||
|
{ \$4="?"; \$5="?"; \$6="?"; break;}
|
||||||
|
} }
|
||||||
|
{ print; }
|
||||||
|
_EOF
|
||||||
|
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
|
||||||
|
pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
|
||||||
|
|
||||||
|
# /usr/local is a symlink on some systems
|
||||||
|
[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
|
||||||
|
grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
|
||||||
|
mv prototype.new prototype
|
||||||
|
}
|
||||||
|
|
||||||
|
## Step back a directory and now build the package.
|
||||||
|
echo "Building package.."
|
||||||
|
cd ..
|
||||||
|
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
|
||||||
|
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
|
||||||
|
rm -rf $FAKE_ROOT
|
||||||
|
|
82
crypto/openssh/contrib/solaris/opensshd.in
Executable file
82
crypto/openssh/contrib/solaris/opensshd.in
Executable file
@ -0,0 +1,82 @@
|
|||||||
|
#!/sbin/sh
|
||||||
|
# Donated code that was put under PD license.
|
||||||
|
#
|
||||||
|
# Stripped PRNGd out of it for the time being.
|
||||||
|
|
||||||
|
umask 022
|
||||||
|
|
||||||
|
CAT=/usr/bin/cat
|
||||||
|
KILL=/usr/bin/kill
|
||||||
|
|
||||||
|
prefix=%%openSSHDir%%
|
||||||
|
etcdir=%%configDir%%
|
||||||
|
piddir=%%pidDir%%
|
||||||
|
|
||||||
|
SSHD=$prefix/sbin/sshd
|
||||||
|
PIDFILE=$piddir/sshd.pid
|
||||||
|
SSH_KEYGEN=$prefix/bin/ssh-keygen
|
||||||
|
HOST_KEY_RSA1=$etcdir/ssh_host_key
|
||||||
|
HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
|
||||||
|
HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
|
||||||
|
|
||||||
|
|
||||||
|
checkkeys() {
|
||||||
|
if [ ! -f $HOST_KEY_RSA1 ]; then
|
||||||
|
${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
|
||||||
|
fi
|
||||||
|
if [ ! -f $HOST_KEY_DSA ]; then
|
||||||
|
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
|
||||||
|
fi
|
||||||
|
if [ ! -f $HOST_KEY_RSA ]; then
|
||||||
|
${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
stop_service() {
|
||||||
|
if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
|
||||||
|
PID=`${CAT} ${PIDFILE}`
|
||||||
|
fi
|
||||||
|
if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
|
||||||
|
${KILL} ${PID}
|
||||||
|
else
|
||||||
|
echo "Unable to read PID file"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
start_service() {
|
||||||
|
# XXX We really should check if the service is already going, but
|
||||||
|
# XXX we will opt out at this time. - Bal
|
||||||
|
|
||||||
|
# Check to see if we have keys that need to be made
|
||||||
|
checkkeys
|
||||||
|
|
||||||
|
# Start SSHD
|
||||||
|
echo "starting $SSHD... \c" ; $SSHD
|
||||||
|
|
||||||
|
sshd_rc=$?
|
||||||
|
if [ $sshd_rc -ne 0 ]; then
|
||||||
|
echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
|
||||||
|
exit $sshd_rc
|
||||||
|
fi
|
||||||
|
echo done.
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
|
||||||
|
'start')
|
||||||
|
start_service
|
||||||
|
;;
|
||||||
|
|
||||||
|
'stop')
|
||||||
|
stop_service
|
||||||
|
;;
|
||||||
|
|
||||||
|
'restart')
|
||||||
|
stop_service
|
||||||
|
start_service
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "$0: usage: $0 {start|stop|restart}"
|
||||||
|
;;
|
||||||
|
esac
|
50
crypto/openssh/contrib/ssh-copy-id
Normal file
50
crypto/openssh/contrib/ssh-copy-id
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Shell script to install your identity.pub on a remote machine
|
||||||
|
# Takes the remote machine name as an argument.
|
||||||
|
# Obviously, the remote machine must accept password authentication,
|
||||||
|
# or one of the other keys in your ssh-agent, for this to work.
|
||||||
|
|
||||||
|
ID_FILE="${HOME}/.ssh/identity.pub"
|
||||||
|
|
||||||
|
if [ "-i" = "$1" ]; then
|
||||||
|
shift
|
||||||
|
# check if we have 2 parameters left, if so the first is the new ID file
|
||||||
|
if [ -n "$2" ]; then
|
||||||
|
if expr "$1" : ".*\.pub" ; then
|
||||||
|
ID_FILE="$1"
|
||||||
|
else
|
||||||
|
ID_FILE="$1.pub"
|
||||||
|
fi
|
||||||
|
shift # and this should leave $1 as the target name
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ x$SSH_AUTH_SOCK != x ] ; then
|
||||||
|
GET_ID="$GET_ID ssh-add -L"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then
|
||||||
|
GET_ID="cat ${ID_FILE}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "`eval $GET_ID`" ]; then
|
||||||
|
echo "$0: ERROR: No identities found" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
|
||||||
|
echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
Now try logging into the machine, with "ssh '$1'", and check in:
|
||||||
|
|
||||||
|
.ssh/authorized_keys
|
||||||
|
|
||||||
|
to make sure we haven't added extra keys that you weren't expecting.
|
||||||
|
|
||||||
|
EOF
|
67
crypto/openssh/contrib/ssh-copy-id.1
Normal file
67
crypto/openssh/contrib/ssh-copy-id.1
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
.ig \" -*- nroff -*-
|
||||||
|
Copyright (c) 1999 Philip Hands Computing <http://www.hands.com/>
|
||||||
|
|
||||||
|
Permission is granted to make and distribute verbatim copies of
|
||||||
|
this manual provided the copyright notice and this permission notice
|
||||||
|
are preserved on all copies.
|
||||||
|
|
||||||
|
Permission is granted to copy and distribute modified versions of this
|
||||||
|
manual under the conditions for verbatim copying, provided that the
|
||||||
|
entire resulting derived work is distributed under the terms of a
|
||||||
|
permission notice identical to this one.
|
||||||
|
|
||||||
|
Permission is granted to copy and distribute translations of this
|
||||||
|
manual into another language, under the above conditions for modified
|
||||||
|
versions, except that this permission notice may be included in
|
||||||
|
translations approved by the Free Software Foundation instead of in
|
||||||
|
the original English.
|
||||||
|
..
|
||||||
|
.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH"
|
||||||
|
.SH NAME
|
||||||
|
ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B ssh-copy-id [-i [identity_file]]
|
||||||
|
.I "[user@]machine"
|
||||||
|
.br
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.BR ssh-copy-id
|
||||||
|
is a script that uses ssh to log into a remote machine (presumably
|
||||||
|
using a login password, so password authentication should be enabled,
|
||||||
|
unless you've done some clever use of multiple identities)
|
||||||
|
.PP
|
||||||
|
It also changes the permissions of the remote user's home,
|
||||||
|
.BR ~/.ssh ,
|
||||||
|
and
|
||||||
|
.B ~/.ssh/authorized_keys
|
||||||
|
to remove group writability (which would otherwise prevent you from logging in, if the remote
|
||||||
|
.B sshd
|
||||||
|
has
|
||||||
|
.B StrictModes
|
||||||
|
set in its configuration).
|
||||||
|
.PP
|
||||||
|
If the
|
||||||
|
.B -i
|
||||||
|
option is given then the identity file (defaults to
|
||||||
|
.BR ~/.ssh/identity.pub )
|
||||||
|
is used, regardless of whether there are any keys in your
|
||||||
|
.BR ssh-agent .
|
||||||
|
Otherwise, if this:
|
||||||
|
.PP
|
||||||
|
.B " ssh-add -L"
|
||||||
|
.PP
|
||||||
|
provides any output, it uses that in preference to the identity file.
|
||||||
|
.PP
|
||||||
|
If the
|
||||||
|
.B -i
|
||||||
|
option is used, or the
|
||||||
|
.B ssh-add
|
||||||
|
produced no output, then it uses the contents of the identity
|
||||||
|
file. Once it has one or more fingerprints (by whatever means) it
|
||||||
|
uses ssh to append them to
|
||||||
|
.B ~/.ssh/authorized_keys
|
||||||
|
on the remote machine (creating the file, and directory, if necessary)
|
||||||
|
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
.BR ssh (1),
|
||||||
|
.BR ssh-agent (1),
|
||||||
|
.BR sshd (8)
|
5
crypto/openssh/contrib/sshd.pam.freebsd
Normal file
5
crypto/openssh/contrib/sshd.pam.freebsd
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
sshd auth required pam_unix.so try_first_pass
|
||||||
|
sshd account required pam_unix.so
|
||||||
|
sshd password required pam_permit.so
|
||||||
|
sshd session required pam_permit.so
|
||||||
|
|
8
crypto/openssh/contrib/sshd.pam.generic
Normal file
8
crypto/openssh/contrib/sshd.pam.generic
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
auth required /lib/security/pam_unix.so shadow nodelay
|
||||||
|
auth required /lib/security/pam_nologin.so
|
||||||
|
account required /lib/security/pam_unix.so
|
||||||
|
password required /lib/security/pam_cracklib.so
|
||||||
|
password required /lib/security/pam_unix.so shadow nullok use_authtok
|
||||||
|
session required /lib/security/pam_unix.so
|
||||||
|
session required /lib/security/pam_limits.so
|
199
crypto/openssh/contrib/suse/openssh.spec
Normal file
199
crypto/openssh/contrib/suse/openssh.spec
Normal file
@ -0,0 +1,199 @@
|
|||||||
|
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||||
|
Name: openssh
|
||||||
|
Version: 3.8.1p1
|
||||||
|
URL: http://www.openssh.com/
|
||||||
|
Release: 1
|
||||||
|
Source0: openssh-%{version}.tar.gz
|
||||||
|
Copyright: BSD
|
||||||
|
Group: Applications/Internet
|
||||||
|
BuildRoot: /tmp/openssh-%{version}-buildroot
|
||||||
|
PreReq: openssl
|
||||||
|
Obsoletes: ssh
|
||||||
|
#
|
||||||
|
# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
|
||||||
|
# building prerequisites -- stuff for
|
||||||
|
# OpenSSL (openssl-devel),
|
||||||
|
# TCP Wrappers (nkitb),
|
||||||
|
# and Gnome (glibdev, gtkdev, and gnlibsd)
|
||||||
|
#
|
||||||
|
BuildPrereq: openssl
|
||||||
|
BuildPrereq: nkitb
|
||||||
|
BuildPrereq: glibdev
|
||||||
|
BuildPrereq: gtkdev
|
||||||
|
BuildPrereq: gnlibsd
|
||||||
|
|
||||||
|
%description
|
||||||
|
Ssh (Secure Shell) a program for logging into a remote machine and for
|
||||||
|
executing commands in a remote machine. It is intended to replace
|
||||||
|
rlogin and rsh, and provide secure encrypted communications between
|
||||||
|
two untrusted hosts over an insecure network. X11 connections and
|
||||||
|
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
||||||
|
|
||||||
|
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
|
||||||
|
up to date in terms of security and features, as well as removing all
|
||||||
|
patented algorithms to seperate libraries (OpenSSL).
|
||||||
|
|
||||||
|
This package includes all files necessary for both the OpenSSH
|
||||||
|
client and server. Additionally, this package contains the GNOME
|
||||||
|
passphrase dialog.
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
|
||||||
|
- Glob manpages to catch compressed files
|
||||||
|
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Updated for new location
|
||||||
|
- Updated for new gnome-ssh-askpass build
|
||||||
|
* Sun Dec 26 1999 Chris Saia <csaia@wtower.com>
|
||||||
|
- Made symlink to gnome-ssh-askpass called ssh-askpass
|
||||||
|
* Wed Nov 24 1999 Chris Saia <csaia@wtower.com>
|
||||||
|
- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
|
||||||
|
/var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
|
||||||
|
his released tarfile
|
||||||
|
- Changed permissions on ssh_config in the install procedure to 644 from 600
|
||||||
|
even though it was correct in the %files section and thus right in the RPMs
|
||||||
|
- Postinstall script for the server now only prints "Generating SSH host
|
||||||
|
key..." if we need to actually do this, in order to eliminate a confusing
|
||||||
|
message if an SSH host key is already in place
|
||||||
|
- Marked all manual pages as %doc(umentation)
|
||||||
|
* Mon Nov 22 1999 Chris Saia <csaia@wtower.com>
|
||||||
|
- Added flag to configure daemon with TCP Wrappers support
|
||||||
|
- Added building prerequisites (works in RPM 3.0 and newer)
|
||||||
|
* Thu Nov 18 1999 Chris Saia <csaia@wtower.com>
|
||||||
|
- Made this package correct for SuSE.
|
||||||
|
- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
|
||||||
|
with SuSE, and lib_pwdb.so isn't installed by default.
|
||||||
|
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
|
||||||
|
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
|
||||||
|
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
|
||||||
|
- Added 'Obsoletes' directives
|
||||||
|
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Use make install
|
||||||
|
- Subpackages
|
||||||
|
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Added links for slogin
|
||||||
|
- Fixed perms on manpages
|
||||||
|
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Renamed init script
|
||||||
|
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Back to old binary names
|
||||||
|
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Use autoconf
|
||||||
|
- New binary names
|
||||||
|
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
|
||||||
|
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
|
||||||
|
%setup -q
|
||||||
|
|
||||||
|
%build
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS" \
|
||||||
|
./configure --prefix=/usr \
|
||||||
|
--sysconfdir=/etc/ssh \
|
||||||
|
--datadir=/usr/share/openssh \
|
||||||
|
--with-pam \
|
||||||
|
--with-gnome-askpass \
|
||||||
|
--with-tcp-wrappers \
|
||||||
|
--with-ipv4-default \
|
||||||
|
--libexecdir=/usr/lib/ssh
|
||||||
|
make
|
||||||
|
|
||||||
|
cd contrib
|
||||||
|
gcc -O -g `gnome-config --cflags gnome gnomeui` \
|
||||||
|
gnome-ssh-askpass.c -o gnome-ssh-askpass \
|
||||||
|
`gnome-config --libs gnome gnomeui`
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT/
|
||||||
|
install -d $RPM_BUILD_ROOT/etc/ssh/
|
||||||
|
install -d $RPM_BUILD_ROOT/etc/pam.d/
|
||||||
|
install -d $RPM_BUILD_ROOT/sbin/init.d/
|
||||||
|
install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||||
|
install -d $RPM_BUILD_ROOT/usr/lib/ssh
|
||||||
|
install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||||
|
install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd
|
||||||
|
ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd
|
||||||
|
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass
|
||||||
|
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass
|
||||||
|
install -m744 contrib/suse/rc.config.sshd \
|
||||||
|
$RPM_BUILD_ROOT/var/adm/fillup-templates
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
%post
|
||||||
|
if [ "$1" = 1 ]; then
|
||||||
|
echo "Creating SSH stop/start scripts in the rc directories..."
|
||||||
|
ln -s ../sshd /sbin/init.d/rc2.d/K20sshd
|
||||||
|
ln -s ../sshd /sbin/init.d/rc2.d/S20sshd
|
||||||
|
ln -s ../sshd /sbin/init.d/rc3.d/K20sshd
|
||||||
|
ln -s ../sshd /sbin/init.d/rc3.d/S20sshd
|
||||||
|
fi
|
||||||
|
echo "Updating /etc/rc.config..."
|
||||||
|
if [ -x /bin/fillup ] ; then
|
||||||
|
/bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd
|
||||||
|
else
|
||||||
|
echo "ERROR: fillup not found. This should NOT happen in SuSE Linux."
|
||||||
|
echo "Update /etc/rc.config by hand from the following template file:"
|
||||||
|
echo " /var/adm/fillup-templates/rc.config.sshd"
|
||||||
|
fi
|
||||||
|
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
|
||||||
|
echo "Generating SSH host key..."
|
||||||
|
/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
|
||||||
|
fi
|
||||||
|
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
|
||||||
|
echo "Generating SSH DSA host key..."
|
||||||
|
/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
|
||||||
|
fi
|
||||||
|
if test -r /var/run/sshd.pid
|
||||||
|
then
|
||||||
|
echo "Restarting the running SSH daemon..."
|
||||||
|
/usr/sbin/rcsshd restart >&2
|
||||||
|
fi
|
||||||
|
|
||||||
|
%preun
|
||||||
|
if [ "$1" = 0 ]
|
||||||
|
then
|
||||||
|
echo "Stopping the SSH daemon..."
|
||||||
|
/usr/sbin/rcsshd stop >&2
|
||||||
|
echo "Removing SSH stop/start scripts from the rc directories..."
|
||||||
|
rm /sbin/init.d/rc2.d/K20sshd
|
||||||
|
rm /sbin/init.d/rc2.d/S20sshd
|
||||||
|
rm /sbin/init.d/rc3.d/K20sshd
|
||||||
|
rm /sbin/init.d/rc3.d/S20sshd
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc ChangeLog OVERVIEW README*
|
||||||
|
%doc RFC.nroff TODO CREDITS LICENCE
|
||||||
|
%attr(0755,root,root) %dir /etc/ssh
|
||||||
|
%attr(0644,root,root) %config /etc/ssh/ssh_config
|
||||||
|
%attr(0600,root,root) %config /etc/ssh/sshd_config
|
||||||
|
%attr(0600,root,root) %config /etc/ssh/moduli
|
||||||
|
%attr(0644,root,root) %config /etc/pam.d/sshd
|
||||||
|
%attr(0755,root,root) %config /sbin/init.d/sshd
|
||||||
|
%attr(0755,root,root) /usr/bin/ssh-keygen
|
||||||
|
%attr(0755,root,root) /usr/bin/scp
|
||||||
|
%attr(4755,root,root) /usr/bin/ssh
|
||||||
|
%attr(-,root,root) /usr/bin/slogin
|
||||||
|
%attr(0755,root,root) /usr/bin/ssh-agent
|
||||||
|
%attr(0755,root,root) /usr/bin/ssh-add
|
||||||
|
%attr(0755,root,root) /usr/bin/ssh-keyscan
|
||||||
|
%attr(0755,root,root) /usr/bin/sftp
|
||||||
|
%attr(0755,root,root) /usr/sbin/sshd
|
||||||
|
%attr(-,root,root) /usr/sbin/rcsshd
|
||||||
|
%attr(0755,root,root) %dir /usr/lib/ssh
|
||||||
|
%attr(0755,root,root) /usr/lib/ssh/ssh-askpass
|
||||||
|
%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass
|
||||||
|
%attr(0644,root,root) %doc /usr/man/man1/scp.1*
|
||||||
|
%attr(0644,root,root) %doc /usr/man/man1/ssh.1*
|
||||||
|
%attr(-,root,root) %doc /usr/man/man1/slogin.1*
|
||||||
|
%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1*
|
||||||
|
%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1*
|
||||||
|
%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1*
|
||||||
|
%attr(0644,root,root) %doc /usr/man/man8/sshd.8*
|
||||||
|
%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd
|
||||||
|
|
5
crypto/openssh/contrib/suse/rc.config.sshd
Normal file
5
crypto/openssh/contrib/suse/rc.config.sshd
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#
|
||||||
|
# Start the Secure Shell (SSH) Daemon?
|
||||||
|
#
|
||||||
|
START_SSHD="yes"
|
||||||
|
|
80
crypto/openssh/contrib/suse/rc.sshd
Normal file
80
crypto/openssh/contrib/suse/rc.sshd
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany.
|
||||||
|
#
|
||||||
|
# Author: Chris Saia <csaia@wtower.com>
|
||||||
|
#
|
||||||
|
# /sbin/init.d/sshd
|
||||||
|
#
|
||||||
|
# and symbolic its link
|
||||||
|
#
|
||||||
|
# /sbin/rcsshd
|
||||||
|
#
|
||||||
|
|
||||||
|
. /etc/rc.config
|
||||||
|
|
||||||
|
# Determine the base and follow a runlevel link name.
|
||||||
|
base=${0##*/}
|
||||||
|
link=${base#*[SK][0-9][0-9]}
|
||||||
|
|
||||||
|
# Force execution if not called by a runlevel directory.
|
||||||
|
test $link = $base && START_SSHD=yes
|
||||||
|
test "$START_SSHD" = yes || exit 0
|
||||||
|
|
||||||
|
# The echo return value for success (defined in /etc/rc.config).
|
||||||
|
return=$rc_done
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
echo -n "Starting service sshd"
|
||||||
|
## Start daemon with startproc(8). If this fails
|
||||||
|
## the echo return value is set appropriate.
|
||||||
|
|
||||||
|
startproc /usr/sbin/sshd || return=$rc_failed
|
||||||
|
|
||||||
|
echo -e "$return"
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
echo -n "Stopping service sshd"
|
||||||
|
## Stop daemon with killproc(8) and if this fails
|
||||||
|
## set echo the echo return value.
|
||||||
|
|
||||||
|
killproc -TERM /usr/sbin/sshd || return=$rc_failed
|
||||||
|
|
||||||
|
echo -e "$return"
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
## If first returns OK call the second, if first or
|
||||||
|
## second command fails, set echo return value.
|
||||||
|
$0 stop && $0 start || return=$rc_failed
|
||||||
|
;;
|
||||||
|
reload)
|
||||||
|
## Choose ONE of the following two cases:
|
||||||
|
|
||||||
|
## First possibility: A few services accepts a signal
|
||||||
|
## to reread the (changed) configuration.
|
||||||
|
|
||||||
|
echo -n "Reload service sshd"
|
||||||
|
killproc -HUP /usr/sbin/sshd || return=$rc_failed
|
||||||
|
echo -e "$return"
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
echo -n "Checking for service sshd"
|
||||||
|
## Check status with checkproc(8), if process is running
|
||||||
|
## checkproc will return with exit status 0.
|
||||||
|
|
||||||
|
checkproc /usr/sbin/sshd && echo OK || echo No process
|
||||||
|
;;
|
||||||
|
probe)
|
||||||
|
## Optional: Probe for the necessity of a reload,
|
||||||
|
## give out the argument which is required for a reload.
|
||||||
|
|
||||||
|
test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|status|restart|reload[|probe]}"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Inform the caller not only verbosely and set an exit status.
|
||||||
|
test "$return" = "$rc_done" || exit 1
|
||||||
|
exit 0
|
@ -25,7 +25,7 @@
|
|||||||
#ifndef _DEFINES_H
|
#ifndef _DEFINES_H
|
||||||
#define _DEFINES_H
|
#define _DEFINES_H
|
||||||
|
|
||||||
/* $Id: defines.h,v 1.110 2004/02/10 02:01:14 dtucker Exp $ */
|
/* $Id: defines.h,v 1.115 2004/04/14 07:24:30 dtucker Exp $ */
|
||||||
|
|
||||||
|
|
||||||
/* Constants */
|
/* Constants */
|
||||||
@ -507,6 +507,10 @@ struct winsize {
|
|||||||
# undef HAVE_GAI_STRERROR
|
# undef HAVE_GAI_STRERROR
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(BROKEN_UPDWTMPX) && defined(HAVE_UPDWTMPX)
|
||||||
|
# undef HAVE_UPDWTMPX
|
||||||
|
#endif
|
||||||
|
|
||||||
#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
|
#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
|
||||||
# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
|
# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
|
||||||
#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
|
#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
|
||||||
@ -534,6 +538,12 @@ struct winsize {
|
|||||||
# define krb5_get_err_text(context,code) error_message(code)
|
# define krb5_get_err_text(context,code) error_message(code)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(SKEYCHALLENGE_4ARG)
|
||||||
|
# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c,d)
|
||||||
|
#else
|
||||||
|
# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c)
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Maximum number of file descriptors available */
|
/* Maximum number of file descriptors available */
|
||||||
#ifdef HAVE_SYSCONF
|
#ifdef HAVE_SYSCONF
|
||||||
# define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX)
|
# define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX)
|
||||||
@ -611,11 +621,22 @@ struct winsize {
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef UT_LINESIZE
|
||||||
|
# define UT_LINESIZE 8
|
||||||
|
#endif
|
||||||
|
|
||||||
/* I hope that the presence of LASTLOG_FILE is enough to detect this */
|
/* I hope that the presence of LASTLOG_FILE is enough to detect this */
|
||||||
#if defined(LASTLOG_FILE) && !defined(DISABLE_LASTLOG)
|
#if defined(LASTLOG_FILE) && !defined(DISABLE_LASTLOG)
|
||||||
# define USE_LASTLOG
|
# define USE_LASTLOG
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef HAVE_OSF_SIA
|
||||||
|
# ifdef USE_SHADOW
|
||||||
|
# undef USE_SHADOW
|
||||||
|
# endif
|
||||||
|
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||||
|
#endif
|
||||||
|
|
||||||
/** end of login recorder definitions */
|
/** end of login recorder definitions */
|
||||||
|
|
||||||
#endif /* _DEFINES_H */
|
#endif /* _DEFINES_H */
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
|
RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
|
||||||
@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
|||||||
if (BN_num_bits(dhg->p) != dhg->size)
|
if (BN_num_bits(dhg->p) != dhg->size)
|
||||||
goto failclean;
|
goto failclean;
|
||||||
|
|
||||||
|
if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
|
||||||
|
goto failclean;
|
||||||
|
|
||||||
return (1);
|
return (1);
|
||||||
|
|
||||||
failclean:
|
failclean:
|
||||||
@ -105,7 +108,7 @@ DH *
|
|||||||
choose_dh(int min, int wantbits, int max)
|
choose_dh(int min, int wantbits, int max)
|
||||||
{
|
{
|
||||||
FILE *f;
|
FILE *f;
|
||||||
char line[2048];
|
char line[4096];
|
||||||
int best, bestcount, which;
|
int best, bestcount, which;
|
||||||
int linenum;
|
int linenum;
|
||||||
struct dhgroup dhg;
|
struct dhgroup dhg;
|
||||||
@ -194,7 +197,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
|
|||||||
void
|
void
|
||||||
dh_gen_key(DH *dh, int need)
|
dh_gen_key(DH *dh, int need)
|
||||||
{
|
{
|
||||||
int i, bits_set = 0, tries = 0;
|
int i, bits_set, tries = 0;
|
||||||
|
|
||||||
if (dh->p == NULL)
|
if (dh->p == NULL)
|
||||||
fatal("dh_gen_key: dh->p == NULL");
|
fatal("dh_gen_key: dh->p == NULL");
|
||||||
@ -211,7 +214,7 @@ dh_gen_key(DH *dh, int need)
|
|||||||
fatal("dh_gen_key: BN_rand failed");
|
fatal("dh_gen_key: BN_rand failed");
|
||||||
if (DH_generate_key(dh) == 0)
|
if (DH_generate_key(dh) == 0)
|
||||||
fatal("DH_generate_key");
|
fatal("DH_generate_key");
|
||||||
for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
|
for (i = 0, bits_set = 0; i <= BN_num_bits(dh->priv_key); i++)
|
||||||
if (BN_is_bit_set(dh->priv_key, i))
|
if (BN_is_bit_set(dh->priv_key, i))
|
||||||
bits_set++;
|
bits_set++;
|
||||||
debug2("dh_gen_key: priv key bits set: %d/%d",
|
debug2("dh_gen_key: priv key bits set: %d/%d",
|
||||||
|
@ -65,7 +65,9 @@ ssh_gssapi_krb5_init()
|
|||||||
logit("Cannot initialize krb5 context");
|
logit("Cannot initialize krb5 context");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#ifdef KRB5_INIT_ETS
|
||||||
krb5_init_ets(krb_context);
|
krb5_init_ets(krb_context);
|
||||||
|
#endif
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -158,7 +158,7 @@
|
|||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "atomicio.h"
|
#include "atomicio.h"
|
||||||
|
|
||||||
RCSID("$Id: loginrec.c,v 1.54 2004/02/10 05:49:35 dtucker Exp $");
|
RCSID("$Id: loginrec.c,v 1.56 2004/04/08 06:16:06 dtucker Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_UTIL_H
|
#ifdef HAVE_UTIL_H
|
||||||
# include <util.h>
|
# include <util.h>
|
||||||
@ -1354,7 +1354,7 @@ static int
|
|||||||
syslogin_perform_logout(struct logininfo *li)
|
syslogin_perform_logout(struct logininfo *li)
|
||||||
{
|
{
|
||||||
# ifdef HAVE_LOGOUT
|
# ifdef HAVE_LOGOUT
|
||||||
char line[8];
|
char line[UT_LINESIZE];
|
||||||
|
|
||||||
(void)line_stripname(line, li->line, sizeof(line));
|
(void)line_stripname(line, li->line, sizeof(line));
|
||||||
|
|
||||||
|
@ -37,7 +37,13 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $");
|
|||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "kex.h"
|
#include "kex.h"
|
||||||
#include "dh.h"
|
#include "dh.h"
|
||||||
|
#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
|
||||||
|
#undef TARGET_OS_MAC
|
||||||
#include "zlib.h"
|
#include "zlib.h"
|
||||||
|
#define TARGET_OS_MAC 1
|
||||||
|
#else
|
||||||
|
#include "zlib.h"
|
||||||
|
#endif
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "auth-options.h"
|
#include "auth-options.h"
|
||||||
#include "sshpty.h"
|
#include "sshpty.h"
|
||||||
@ -738,7 +744,8 @@ mm_answer_skeyquery(int socket, Buffer *m)
|
|||||||
char challenge[1024];
|
char challenge[1024];
|
||||||
u_int success;
|
u_int success;
|
||||||
|
|
||||||
success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
|
success = _compat_skeychallenge(&skey, authctxt->user, challenge,
|
||||||
|
sizeof(challenge)) < 0 ? 0 : 1;
|
||||||
|
|
||||||
buffer_clear(m);
|
buffer_clear(m);
|
||||||
buffer_put_int(m, success);
|
buffer_put_int(m, success);
|
||||||
@ -782,16 +789,10 @@ mm_answer_skeyrespond(int socket, Buffer *m)
|
|||||||
int
|
int
|
||||||
mm_answer_pam_start(int socket, Buffer *m)
|
mm_answer_pam_start(int socket, Buffer *m)
|
||||||
{
|
{
|
||||||
char *user;
|
|
||||||
|
|
||||||
if (!options.use_pam)
|
if (!options.use_pam)
|
||||||
fatal("UsePAM not set, but ended up in %s anyway", __func__);
|
fatal("UsePAM not set, but ended up in %s anyway", __func__);
|
||||||
|
|
||||||
user = buffer_get_string(m, NULL);
|
start_pam(authctxt);
|
||||||
|
|
||||||
start_pam(user);
|
|
||||||
|
|
||||||
xfree(user);
|
|
||||||
|
|
||||||
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
|
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
|
||||||
|
|
||||||
|
@ -40,7 +40,13 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $");
|
|||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "mac.h"
|
#include "mac.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */
|
||||||
|
#undef TARGET_OS_MAC
|
||||||
#include "zlib.h"
|
#include "zlib.h"
|
||||||
|
#define TARGET_OS_MAC 1
|
||||||
|
#else
|
||||||
|
#include "zlib.h"
|
||||||
|
#endif
|
||||||
#include "monitor.h"
|
#include "monitor.h"
|
||||||
#include "monitor_wrap.h"
|
#include "monitor_wrap.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
@ -686,7 +692,7 @@ mm_session_pty_cleanup2(Session *s)
|
|||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
void
|
void
|
||||||
mm_start_pam(char *user)
|
mm_start_pam(Authctxt *authctxt)
|
||||||
{
|
{
|
||||||
Buffer m;
|
Buffer m;
|
||||||
|
|
||||||
@ -695,8 +701,6 @@ mm_start_pam(char *user)
|
|||||||
fatal("UsePAM=no, but ended up in %s anyway", __func__);
|
fatal("UsePAM=no, but ended up in %s anyway", __func__);
|
||||||
|
|
||||||
buffer_init(&m);
|
buffer_init(&m);
|
||||||
buffer_put_cstring(&m, user);
|
|
||||||
|
|
||||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
|
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m);
|
||||||
|
|
||||||
buffer_free(&m);
|
buffer_free(&m);
|
||||||
|
@ -66,7 +66,7 @@ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
void mm_start_pam(char *);
|
void mm_start_pam(struct Authctxt *);
|
||||||
u_int mm_do_pam_account(void);
|
u_int mm_do_pam_account(void);
|
||||||
void *mm_sshpam_init_ctx(struct Authctxt *);
|
void *mm_sshpam_init_ctx(struct Authctxt *);
|
||||||
int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
|
int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
|
||||||
|
1
crypto/openssh/openbsd-compat/.cvsignore
Normal file
1
crypto/openssh/openbsd-compat/.cvsignore
Normal file
@ -0,0 +1 @@
|
|||||||
|
Makefile
|
@ -29,7 +29,7 @@
|
|||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
RCSID("$Id: bsd-cygwin_util.c,v 1.11 2003/08/07 06:23:43 dtucker Exp $");
|
RCSID("$Id: bsd-cygwin_util.c,v 1.12 2004/04/18 11:15:45 djm Exp $");
|
||||||
|
|
||||||
#ifdef HAVE_CYGWIN
|
#ifdef HAVE_CYGWIN
|
||||||
|
|
||||||
@ -77,6 +77,7 @@ binary_pipe(int fd[2])
|
|||||||
|
|
||||||
#define HAS_CREATE_TOKEN 1
|
#define HAS_CREATE_TOKEN 1
|
||||||
#define HAS_NTSEC_BY_DEFAULT 2
|
#define HAS_NTSEC_BY_DEFAULT 2
|
||||||
|
#define HAS_CREATE_TOKEN_WO_NTSEC 3
|
||||||
|
|
||||||
static int
|
static int
|
||||||
has_capability(int what)
|
has_capability(int what)
|
||||||
@ -84,6 +85,7 @@ has_capability(int what)
|
|||||||
static int inited;
|
static int inited;
|
||||||
static int has_create_token;
|
static int has_create_token;
|
||||||
static int has_ntsec_by_default;
|
static int has_ntsec_by_default;
|
||||||
|
static int has_create_token_wo_ntsec;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* has_capability() basically calls uname() and checks if
|
* has_capability() basically calls uname() and checks if
|
||||||
@ -113,6 +115,9 @@ has_capability(int what)
|
|||||||
has_create_token = 1;
|
has_create_token = 1;
|
||||||
if (api_major_version > 0 || api_minor_version >= 56)
|
if (api_major_version > 0 || api_minor_version >= 56)
|
||||||
has_ntsec_by_default = 1;
|
has_ntsec_by_default = 1;
|
||||||
|
if (major_high > 1 ||
|
||||||
|
(major_high == 1 && major_low >= 5))
|
||||||
|
has_create_token_wo_ntsec = 1;
|
||||||
inited = 1;
|
inited = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -121,6 +126,8 @@ has_capability(int what)
|
|||||||
return (has_create_token);
|
return (has_create_token);
|
||||||
case HAS_NTSEC_BY_DEFAULT:
|
case HAS_NTSEC_BY_DEFAULT:
|
||||||
return (has_ntsec_by_default);
|
return (has_ntsec_by_default);
|
||||||
|
case HAS_CREATE_TOKEN_WO_NTSEC:
|
||||||
|
return (has_create_token_wo_ntsec);
|
||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@ -151,7 +158,8 @@ check_nt_auth(int pwd_authenticated, struct passwd *pw)
|
|||||||
if (has_capability(HAS_CREATE_TOKEN) &&
|
if (has_capability(HAS_CREATE_TOKEN) &&
|
||||||
(ntsec_on(cygwin) ||
|
(ntsec_on(cygwin) ||
|
||||||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
|
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
|
||||||
!ntsec_off(cygwin))))
|
!ntsec_off(cygwin)) ||
|
||||||
|
has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
|
||||||
has_create_token = 1;
|
has_create_token = 1;
|
||||||
}
|
}
|
||||||
if (has_create_token < 1 &&
|
if (has_create_token < 1 &&
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $Id: bsd-misc.h,v 1.14 2004/02/17 05:49:55 djm Exp $ */
|
/* $Id: bsd-misc.h,v 1.15 2004/03/08 11:59:03 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
|
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
|
||||||
@ -89,6 +89,10 @@ pid_t tcgetpgrp(int);
|
|||||||
int tcsendbreak(int, int);
|
int tcsendbreak(int, int);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_UNSETENV
|
||||||
|
void unsetenv(const char *);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* wrapper for signal interface */
|
/* wrapper for signal interface */
|
||||||
typedef void (*mysig_t)(int);
|
typedef void (*mysig_t)(int);
|
||||||
mysig_t mysignal(int sig, mysig_t act);
|
mysig_t mysignal(int sig, mysig_t act);
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $Id: fake-rfc2553.h,v 1.8 2004/02/10 02:05:41 dtucker Exp $ */
|
/* $Id: fake-rfc2553.h,v 1.9 2004/03/10 10:06:33 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
|
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
|
||||||
@ -133,6 +133,9 @@ struct addrinfo {
|
|||||||
#endif /* !HAVE_STRUCT_ADDRINFO */
|
#endif /* !HAVE_STRUCT_ADDRINFO */
|
||||||
|
|
||||||
#ifndef HAVE_GETADDRINFO
|
#ifndef HAVE_GETADDRINFO
|
||||||
|
#ifdef getaddrinfo
|
||||||
|
# undef getaddrinfo
|
||||||
|
#endif
|
||||||
#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d))
|
#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d))
|
||||||
int getaddrinfo(const char *, const char *,
|
int getaddrinfo(const char *, const char *,
|
||||||
const struct addrinfo *, struct addrinfo **);
|
const struct addrinfo *, struct addrinfo **);
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
#ifndef HAVE_SETENV
|
#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV)
|
||||||
|
|
||||||
#if defined(LIBC_SCCS) && !defined(lint)
|
#if defined(LIBC_SCCS) && !defined(lint)
|
||||||
static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $";
|
static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $";
|
||||||
@ -77,6 +77,7 @@ __findenv(name, offset)
|
|||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef HAVE_SETENV
|
||||||
/*
|
/*
|
||||||
* setenv --
|
* setenv --
|
||||||
* Set the value of the environmental variable "name" to be
|
* Set the value of the environmental variable "name" to be
|
||||||
@ -138,7 +139,9 @@ setenv(name, value, rewrite)
|
|||||||
;
|
;
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
#endif /* HAVE_SETENV */
|
||||||
|
|
||||||
|
#ifndef HAVE_UNSETENV
|
||||||
/*
|
/*
|
||||||
* unsetenv(name) --
|
* unsetenv(name) --
|
||||||
* Delete environmental variable "name".
|
* Delete environmental variable "name".
|
||||||
@ -157,5 +160,6 @@ unsetenv(name)
|
|||||||
if (!(*P = *(P + 1)))
|
if (!(*P = *(P + 1)))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
#endif /* HAVE_UNSETENV */
|
||||||
|
|
||||||
#endif /* HAVE_SETENV */
|
#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */
|
||||||
|
@ -24,8 +24,6 @@
|
|||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
#if !defined(HAVE_OSF_SIA)
|
|
||||||
|
|
||||||
# ifdef HAVE_CRYPT_H
|
# ifdef HAVE_CRYPT_H
|
||||||
# include <crypt.h>
|
# include <crypt.h>
|
||||||
# endif
|
# endif
|
||||||
@ -108,5 +106,3 @@ shadow_pw(struct passwd *pw)
|
|||||||
|
|
||||||
return pw_password;
|
return pw_password;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* !defined(HAVE_OSF_SIA) */
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
|
RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
|
||||||
|
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
@ -105,7 +105,7 @@ typedef enum {
|
|||||||
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
|
||||||
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
|
||||||
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
|
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
|
||||||
oServerAliveInterval, oServerAliveCountMax,
|
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
|
||||||
oDeprecated, oUnsupported
|
oDeprecated, oUnsupported
|
||||||
} OpCodes;
|
} OpCodes;
|
||||||
|
|
||||||
@ -147,6 +147,7 @@ static struct {
|
|||||||
{ "usersh", oDeprecated },
|
{ "usersh", oDeprecated },
|
||||||
{ "identityfile", oIdentityFile },
|
{ "identityfile", oIdentityFile },
|
||||||
{ "identityfile2", oIdentityFile }, /* alias */
|
{ "identityfile2", oIdentityFile }, /* alias */
|
||||||
|
{ "identitiesonly", oIdentitiesOnly },
|
||||||
{ "hostname", oHostName },
|
{ "hostname", oHostName },
|
||||||
{ "hostkeyalias", oHostKeyAlias },
|
{ "hostkeyalias", oHostKeyAlias },
|
||||||
{ "proxycommand", oProxyCommand },
|
{ "proxycommand", oProxyCommand },
|
||||||
@ -736,6 +737,10 @@ process_config_line(Options *options, const char *host,
|
|||||||
intptr = &options->enable_ssh_keysign;
|
intptr = &options->enable_ssh_keysign;
|
||||||
goto parse_flag;
|
goto parse_flag;
|
||||||
|
|
||||||
|
case oIdentitiesOnly:
|
||||||
|
intptr = &options->identities_only;
|
||||||
|
goto parse_flag;
|
||||||
|
|
||||||
case oServerAliveInterval:
|
case oServerAliveInterval:
|
||||||
intptr = &options->server_alive_interval;
|
intptr = &options->server_alive_interval;
|
||||||
goto parse_time;
|
goto parse_time;
|
||||||
@ -869,6 +874,7 @@ initialize_options(Options * options)
|
|||||||
options->smartcard_device = NULL;
|
options->smartcard_device = NULL;
|
||||||
options->enable_ssh_keysign = - 1;
|
options->enable_ssh_keysign = - 1;
|
||||||
options->no_host_authentication_for_localhost = - 1;
|
options->no_host_authentication_for_localhost = - 1;
|
||||||
|
options->identities_only = - 1;
|
||||||
options->rekey_limit = - 1;
|
options->rekey_limit = - 1;
|
||||||
options->verify_host_key_dns = -1;
|
options->verify_host_key_dns = -1;
|
||||||
options->server_alive_interval = -1;
|
options->server_alive_interval = -1;
|
||||||
@ -981,6 +987,8 @@ fill_default_options(Options * options)
|
|||||||
clear_forwardings(options);
|
clear_forwardings(options);
|
||||||
if (options->no_host_authentication_for_localhost == - 1)
|
if (options->no_host_authentication_for_localhost == - 1)
|
||||||
options->no_host_authentication_for_localhost = 0;
|
options->no_host_authentication_for_localhost = 0;
|
||||||
|
if (options->identities_only == -1)
|
||||||
|
options->identities_only = 0;
|
||||||
if (options->enable_ssh_keysign == -1)
|
if (options->enable_ssh_keysign == -1)
|
||||||
options->enable_ssh_keysign = 0;
|
options->enable_ssh_keysign = 0;
|
||||||
if (options->rekey_limit == -1)
|
if (options->rekey_limit == -1)
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */
|
/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
@ -100,6 +100,7 @@ typedef struct {
|
|||||||
int enable_ssh_keysign;
|
int enable_ssh_keysign;
|
||||||
int rekey_limit;
|
int rekey_limit;
|
||||||
int no_host_authentication_for_localhost;
|
int no_host_authentication_for_localhost;
|
||||||
|
int identities_only;
|
||||||
int server_alive_interval;
|
int server_alive_interval;
|
||||||
int server_alive_count_max;
|
int server_alive_count_max;
|
||||||
} Options;
|
} Options;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: Makefile,v 1.26 2003/10/11 11:49:49 dtucker Exp $
|
# $OpenBSD: Makefile,v 1.27 2004/02/17 08:23:20 dtucker Exp $
|
||||||
|
|
||||||
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
|
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
|
||||||
tests: $(REGRESS_TARGETS)
|
tests: $(REGRESS_TARGETS)
|
||||||
@ -21,6 +21,7 @@ LTESTS= connect \
|
|||||||
broken-pipe \
|
broken-pipe \
|
||||||
try-ciphers \
|
try-ciphers \
|
||||||
yes-head \
|
yes-head \
|
||||||
|
login-timeout \
|
||||||
agent \
|
agent \
|
||||||
agent-getpeereid \
|
agent-getpeereid \
|
||||||
agent-timeout \
|
agent-timeout \
|
||||||
|
@ -90,5 +90,8 @@ Known Issues.
|
|||||||
fail (because it's not a tcp socket) and will be identified as
|
fail (because it's not a tcp socket) and will be identified as
|
||||||
"unknown", which is then checked against tcpwrappers.
|
"unknown", which is then checked against tcpwrappers.
|
||||||
|
|
||||||
|
- If your build requires ssh-rand-helper regress tests will fail
|
||||||
|
unless ssh-rand-helper is in pre-installed (the path to
|
||||||
|
ssh-rand-helper is hard coded).
|
||||||
|
|
||||||
$Id: README.regress,v 1.3 2004/01/28 01:26:14 dtucker Exp $
|
$Id: README.regress,v 1.4 2004/03/08 20:12:18 tim Exp $
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: dynamic-forward.sh,v 1.2 2003/07/03 08:21:46 markus Exp $
|
# $OpenBSD: dynamic-forward.sh,v 1.3 2004/02/28 12:16:57 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="dynamic forwarding"
|
tid="dynamic forwarding"
|
||||||
@ -7,7 +7,7 @@ PORT=4242
|
|||||||
FWDPORT=4243
|
FWDPORT=4243
|
||||||
DATA=/bin/ls${EXEEXT}
|
DATA=/bin/ls${EXEEXT}
|
||||||
|
|
||||||
if have_prog nc && nc -h 2>&1 | grep "x proxy address" >/dev/null; then
|
if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
|
||||||
proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
|
proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
|
||||||
elif have_prog connect; then
|
elif have_prog connect; then
|
||||||
proxycmd="connect -S 127.0.0.1:$FWDPORT -"
|
proxycmd="connect -S 127.0.0.1:$FWDPORT -"
|
||||||
|
29
crypto/openssh/regress/login-timeout.sh
Normal file
29
crypto/openssh/regress/login-timeout.sh
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# $OpenBSD: login-timeout.sh,v 1.1 2004/02/17 08:23:20 dtucker Exp $
|
||||||
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
|
tid="connect after login grace timeout"
|
||||||
|
|
||||||
|
trace "test login grace with privsep"
|
||||||
|
echo "LoginGraceTime 10s" >> $OBJ/sshd_config
|
||||||
|
echo "MaxStartups 1" >> $OBJ/sshd_config
|
||||||
|
start_sshd
|
||||||
|
|
||||||
|
(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 &
|
||||||
|
sleep 15
|
||||||
|
${SSH} -F $OBJ/ssh_config somehost true
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
fail "ssh connect after login grace timeout failed with privsep"
|
||||||
|
fi
|
||||||
|
|
||||||
|
kill `cat $PIDFILE`
|
||||||
|
|
||||||
|
trace "test login grace without privsep"
|
||||||
|
echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
|
||||||
|
start_sshd
|
||||||
|
|
||||||
|
(echo SSH-2.0-fake; sleep 60) | telnet localhost ${PORT} >/dev/null 2>&1 &
|
||||||
|
sleep 15
|
||||||
|
${SSH} -F $OBJ/ssh_config somehost true
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
fail "ssh connect after login grace timeout failed without privsep"
|
||||||
|
fi
|
@ -85,6 +85,7 @@ echo "get \"$DATA\" $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|
|||||||
|| fail "get failed"
|
|| fail "get failed"
|
||||||
cmp $DATA ${COPY} || fail "corrupted copy after get"
|
cmp $DATA ${COPY} || fail "corrupted copy after get"
|
||||||
|
|
||||||
|
if [ "$os" != "cygwin" ]; then
|
||||||
rm -f ${QUOTECOPY}
|
rm -f ${QUOTECOPY}
|
||||||
cp $DATA ${QUOTECOPY}
|
cp $DATA ${QUOTECOPY}
|
||||||
verbose "$tid: get filename with quotes"
|
verbose "$tid: get filename with quotes"
|
||||||
@ -92,6 +93,7 @@ echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1
|
|||||||
|| fail "put failed"
|
|| fail "put failed"
|
||||||
cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes"
|
cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes"
|
||||||
rm -f ${QUOTECOPY} ${COPY}
|
rm -f ${QUOTECOPY} ${COPY}
|
||||||
|
fi
|
||||||
|
|
||||||
rm -f ${COPY}.dd/*
|
rm -f ${COPY}.dd/*
|
||||||
verbose "$tid: get to directory"
|
verbose "$tid: get to directory"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: ssh-com-client.sh,v 1.5 2003/05/14 22:08:27 markus Exp $
|
# $OpenBSD: ssh-com-client.sh,v 1.6 2004/02/24 17:06:52 markus Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="connect with ssh.com client"
|
tid="connect with ssh.com client"
|
||||||
@ -19,6 +19,9 @@ VERSIONS="
|
|||||||
3.2.0
|
3.2.0
|
||||||
3.2.2
|
3.2.2
|
||||||
3.2.3
|
3.2.3
|
||||||
|
3.2.5
|
||||||
|
3.2.9
|
||||||
|
3.2.9.1
|
||||||
3.3.0"
|
3.3.0"
|
||||||
|
|
||||||
# 2.0.10 2.0.12 2.0.13 don't like the test setup
|
# 2.0.10 2.0.12 2.0.13 don't like the test setup
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: ssh-com-keygen.sh,v 1.3 2003/05/14 22:08:27 markus Exp $
|
# $OpenBSD: ssh-com-keygen.sh,v 1.4 2004/02/24 17:06:52 markus Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="ssh.com key import"
|
tid="ssh.com key import"
|
||||||
@ -22,6 +22,9 @@ VERSIONS="
|
|||||||
3.2.0
|
3.2.0
|
||||||
3.2.2
|
3.2.2
|
||||||
3.2.3
|
3.2.3
|
||||||
|
3.2.5
|
||||||
|
3.2.9
|
||||||
|
3.2.9.1
|
||||||
3.3.0"
|
3.3.0"
|
||||||
|
|
||||||
COMPRV=${OBJ}/comkey
|
COMPRV=${OBJ}/comkey
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: ssh-com-sftp.sh,v 1.4 2003/05/14 22:08:27 markus Exp $
|
# $OpenBSD: ssh-com-sftp.sh,v 1.5 2004/02/24 17:06:52 markus Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="basic sftp put/get with ssh.com server"
|
tid="basic sftp put/get with ssh.com server"
|
||||||
@ -35,6 +35,9 @@ VERSIONS="
|
|||||||
3.2.0
|
3.2.0
|
||||||
3.2.2
|
3.2.2
|
||||||
3.2.3
|
3.2.3
|
||||||
|
3.2.5
|
||||||
|
3.2.9
|
||||||
|
3.2.9.1
|
||||||
3.3.0"
|
3.3.0"
|
||||||
|
|
||||||
# go for it
|
# go for it
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: ssh-com.sh,v 1.6 2003/11/07 10:16:44 jmc Exp $
|
# $OpenBSD: ssh-com.sh,v 1.7 2004/02/24 17:06:52 markus Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="connect to ssh.com server"
|
tid="connect to ssh.com server"
|
||||||
@ -20,6 +20,9 @@ VERSIONS="
|
|||||||
3.2.0
|
3.2.0
|
||||||
3.2.2
|
3.2.2
|
||||||
3.2.3
|
3.2.3
|
||||||
|
3.2.5
|
||||||
|
3.2.9
|
||||||
|
3.2.9.1
|
||||||
3.3.0"
|
3.3.0"
|
||||||
# 2.0.10 does not support UserConfigDirectory
|
# 2.0.10 does not support UserConfigDirectory
|
||||||
# 2.3.1 requires a config in $HOME/.ssh2
|
# 2.3.1 requires a config in $HOME/.ssh2
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: test-exec.sh,v 1.14 2002/04/15 15:19:48 markus Exp $
|
# $OpenBSD: test-exec.sh,v 1.15 2004/02/24 16:56:30 markus Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
PORT=4242
|
PORT=4242
|
||||||
@ -49,28 +49,28 @@ SFTP=sftp
|
|||||||
SFTPSERVER=/usr/libexec/openssh/sftp-server
|
SFTPSERVER=/usr/libexec/openssh/sftp-server
|
||||||
|
|
||||||
if [ "x$TEST_SSH_SSH" != "x" ]; then
|
if [ "x$TEST_SSH_SSH" != "x" ]; then
|
||||||
SSH=${TEST_SSH_SSH}
|
SSH="${TEST_SSH_SSH}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SSHD" != "x" ]; then
|
if [ "x$TEST_SSH_SSHD" != "x" ]; then
|
||||||
SSHD=${TEST_SSH_SSHD}
|
SSHD="${TEST_SSH_SSHD}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
|
if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
|
||||||
SSHAGENT=${TEST_SSH_SSHAGENT}
|
SSHAGENT="${TEST_SSH_SSHAGENT}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SSHADD" != "x" ]; then
|
if [ "x$TEST_SSH_SSHADD" != "x" ]; then
|
||||||
SSHADD=${TEST_SSH_SSHADD}
|
SSHADD="${TEST_SSH_SSHADD}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
|
if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
|
||||||
SSHKEYGEN=${TEST_SSH_SSHKEYGEN}
|
SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
|
if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
|
||||||
SSHKEYSCAN=${TEST_SSH_SSHKEYSCAN}
|
SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SFTP" != "x" ]; then
|
if [ "x$TEST_SSH_SFTP" != "x" ]; then
|
||||||
SFTP=${TEST_SSH_SFTP}
|
SFTP="${TEST_SSH_SFTP}"
|
||||||
fi
|
fi
|
||||||
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
|
if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
|
||||||
SFTPSERVER=${TEST_SSH_SFTPSERVER}
|
SFTPSERVER="${TEST_SSH_SFTPSERVER}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# these should be used in tests
|
# these should be used in tests
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: try-ciphers.sh,v 1.8 2003/06/12 15:40:01 markus Exp $
|
# $OpenBSD: try-ciphers.sh,v 1.9 2004/02/28 13:44:45 dtucker Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="try ciphers"
|
tid="try ciphers"
|
||||||
@ -28,3 +28,19 @@ for c in $ciphers; do
|
|||||||
fail "ssh -1 failed with cipher $c"
|
fail "ssh -1 failed with cipher $c"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if ! ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
|
||||||
|
then
|
||||||
|
|
||||||
|
echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
|
||||||
|
c=acss@openssh.org
|
||||||
|
for m in $macs; do
|
||||||
|
trace "proto 2 $c mac $m"
|
||||||
|
verbose "test $tid: proto 2 cipher $c mac $m"
|
||||||
|
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
fail "ssh -2 failed with mac $m cipher $c"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
fi
|
||||||
|
2
crypto/openssh/scard/.cvsignore
Normal file
2
crypto/openssh/scard/.cvsignore
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Makefile
|
||||||
|
Ssh.bin
|
@ -9,7 +9,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" Created: Sun May 7 00:14:37 1995 ylo
|
.\" Created: Sun May 7 00:14:37 1995 ylo
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $
|
.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $
|
||||||
.\"
|
.\"
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SCP 1
|
.Dt SCP 1
|
||||||
@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see
|
|||||||
.It HostKeyAlias
|
.It HostKeyAlias
|
||||||
.It HostName
|
.It HostName
|
||||||
.It IdentityFile
|
.It IdentityFile
|
||||||
|
.It IdentitiesOnly
|
||||||
.It LogLevel
|
.It LogLevel
|
||||||
.It MACs
|
.It MACs
|
||||||
.It NoHostAuthenticationForLocalhost
|
.It NoHostAuthenticationForLocalhost
|
||||||
|
@ -201,6 +201,7 @@ display_loginmsg(void)
|
|||||||
printf("%s\n", (char *)buffer_ptr(&loginmsg));
|
printf("%s\n", (char *)buffer_ptr(&loginmsg));
|
||||||
buffer_clear(&loginmsg);
|
buffer_clear(&loginmsg);
|
||||||
}
|
}
|
||||||
|
fflush(stdout);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
@ -491,6 +492,13 @@ do_exec_no_pty(Session *s, const char *command)
|
|||||||
close(inout[0]);
|
close(inout[0]);
|
||||||
close(err[0]);
|
close(err[0]);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Clear loginmsg, since it's the child's responsibility to display
|
||||||
|
* it to the user, otherwise multiple sessions may accumulate
|
||||||
|
* multiple copies of the login messages.
|
||||||
|
*/
|
||||||
|
buffer_clear(&loginmsg);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Enter the interactive session. Note: server_loop must be able to
|
* Enter the interactive session. Note: server_loop must be able to
|
||||||
* handle the case that fdin and fdout are the same.
|
* handle the case that fdin and fdout are the same.
|
||||||
@ -1085,9 +1093,9 @@ do_setup_env(Session *s, const char *shell)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef KRB5
|
#ifdef KRB5
|
||||||
if (s->authctxt->krb5_ticket_file)
|
if (s->authctxt->krb5_ccname)
|
||||||
child_set_env(&env, &envsize, "KRB5CCNAME",
|
child_set_env(&env, &envsize, "KRB5CCNAME",
|
||||||
s->authctxt->krb5_ticket_file);
|
s->authctxt->krb5_ccname);
|
||||||
#endif
|
#endif
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
/*
|
/*
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
/* XXX: copy between two remote sites */
|
/* XXX: copy between two remote sites */
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sftp-client.c,v 1.46 2004/02/17 05:39:51 djm Exp $");
|
RCSID("$OpenBSD: sftp-client.c,v 1.47 2004/03/03 09:30:42 djm Exp $");
|
||||||
|
|
||||||
#include "openbsd-compat/sys-queue.h"
|
#include "openbsd-compat/sys-queue.h"
|
||||||
|
|
||||||
@ -805,13 +805,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
|||||||
max_req = 1;
|
max_req = 1;
|
||||||
progress_counter = 0;
|
progress_counter = 0;
|
||||||
|
|
||||||
if (showprogress) {
|
if (showprogress && size != 0)
|
||||||
if (size)
|
start_progress_meter(remote_path, size, &progress_counter);
|
||||||
start_progress_meter(remote_path, size,
|
|
||||||
&progress_counter);
|
|
||||||
else
|
|
||||||
printf("Fetching %s to %s\n", remote_path, local_path);
|
|
||||||
}
|
|
||||||
|
|
||||||
while (num_req > 0 || max_req > 0) {
|
while (num_req > 0 || max_req > 0) {
|
||||||
char *data;
|
char *data;
|
||||||
@ -1036,8 +1031,6 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
|||||||
offset = 0;
|
offset = 0;
|
||||||
if (showprogress)
|
if (showprogress)
|
||||||
start_progress_meter(local_path, sb.st_size, &offset);
|
start_progress_meter(local_path, sb.st_size, &offset);
|
||||||
else
|
|
||||||
printf("Uploading %s to %s\n", local_path, remote_path);
|
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
int len;
|
int len;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $
|
.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
|
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
|
||||||
.\"
|
.\"
|
||||||
@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see
|
|||||||
.It HostKeyAlias
|
.It HostKeyAlias
|
||||||
.It HostName
|
.It HostName
|
||||||
.It IdentityFile
|
.It IdentityFile
|
||||||
|
.It IdentitiesOnly
|
||||||
.It LogLevel
|
.It LogLevel
|
||||||
.It MACs
|
.It MACs
|
||||||
.It NoHostAuthenticationForLocalhost
|
.It NoHostAuthenticationForLocalhost
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
RCSID("$OpenBSD: sftp.c,v 1.44 2004/02/17 11:03:08 djm Exp $");
|
RCSID("$OpenBSD: sftp.c,v 1.45 2004/03/03 09:31:20 djm Exp $");
|
||||||
|
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
@ -44,7 +44,7 @@ size_t num_requests = 16;
|
|||||||
static pid_t sshpid = -1;
|
static pid_t sshpid = -1;
|
||||||
|
|
||||||
/* This is set to 0 if the progressmeter is not desired. */
|
/* This is set to 0 if the progressmeter is not desired. */
|
||||||
int showprogress;
|
int showprogress = 1;
|
||||||
|
|
||||||
int remote_glob(struct sftp_conn *, const char *, int,
|
int remote_glob(struct sftp_conn *, const char *, int,
|
||||||
int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */
|
int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */
|
||||||
@ -1357,6 +1357,9 @@ main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!isatty(STDERR_FILENO))
|
||||||
|
showprogress = 0;
|
||||||
|
|
||||||
log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1);
|
log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1);
|
||||||
|
|
||||||
if (sftp_direct == NULL) {
|
if (sftp_direct == NULL) {
|
||||||
|
@ -57,6 +57,10 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $");
|
|||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(HAVE_SYS_PRCTL_H)
|
||||||
|
#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
|
||||||
|
#endif
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
AUTH_UNUSED,
|
AUTH_UNUSED,
|
||||||
AUTH_SOCKET,
|
AUTH_SOCKET,
|
||||||
@ -1023,6 +1027,11 @@ main(int ac, char **av)
|
|||||||
setegid(getgid());
|
setegid(getgid());
|
||||||
setgid(getgid());
|
setgid(getgid());
|
||||||
|
|
||||||
|
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
||||||
|
/* Disable ptrace on Linux without sgid bit */
|
||||||
|
prctl(PR_SET_DUMPABLE, 0);
|
||||||
|
#endif
|
||||||
|
|
||||||
SSLeay_add_all_algorithms();
|
SSLeay_add_all_algorithms();
|
||||||
|
|
||||||
__progname = ssh_get_progname(av[0]);
|
__progname = ssh_get_progname(av[0]);
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh-keyscan.c,v 1.46 2003/11/23 23:17:34 djm Exp $");
|
RCSID("$OpenBSD: ssh-keyscan.c,v 1.47 2004/03/08 09:38:05 djm Exp $");
|
||||||
|
|
||||||
#include "openbsd-compat/sys-queue.h"
|
#include "openbsd-compat/sys-queue.h"
|
||||||
|
|
||||||
@ -489,7 +489,7 @@ conrecycle(int s)
|
|||||||
static void
|
static void
|
||||||
congreet(int s)
|
congreet(int s)
|
||||||
{
|
{
|
||||||
int remote_major, remote_minor, n = 0;
|
int remote_major = 0, remote_minor = 0, n = 0;
|
||||||
char buf[256], *cp;
|
char buf[256], *cp;
|
||||||
char remote_version[sizeof buf];
|
char remote_version[sizeof buf];
|
||||||
size_t bufsiz;
|
size_t bufsiz;
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $
|
.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SSH 1
|
.Dt SSH 1
|
||||||
.Os
|
.Os
|
||||||
@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see
|
|||||||
.It HostKeyAlias
|
.It HostKeyAlias
|
||||||
.It HostName
|
.It HostName
|
||||||
.It IdentityFile
|
.It IdentityFile
|
||||||
|
.It IdentitiesOnly
|
||||||
.It LocalForward
|
.It LocalForward
|
||||||
.It LogLevel
|
.It LogLevel
|
||||||
.It MACs
|
.It MACs
|
||||||
|
@ -40,7 +40,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: ssh.c,v 1.206 2003/12/16 15:49:51 markus Exp $");
|
RCSID("$OpenBSD: ssh.c,v 1.209 2004/03/11 10:21:17 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
@ -146,49 +146,12 @@ pid_t proxy_command_pid = 0;
|
|||||||
static void
|
static void
|
||||||
usage(void)
|
usage(void)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "Usage: %s [options] host [command]\n", __progname);
|
fprintf(stderr,
|
||||||
fprintf(stderr, "Options:\n");
|
"usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
|
||||||
fprintf(stderr, " -l user Log in using this user name.\n");
|
" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n"
|
||||||
fprintf(stderr, " -n Redirect input from " _PATH_DEVNULL ".\n");
|
" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n"
|
||||||
fprintf(stderr, " -F config Config file (default: ~/%s).\n",
|
" [-p port] [-R port:host:hostport] [user@]hostname [command]\n"
|
||||||
_PATH_SSH_USER_CONFFILE);
|
);
|
||||||
fprintf(stderr, " -A Enable authentication agent forwarding.\n");
|
|
||||||
fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");
|
|
||||||
fprintf(stderr, " -X Enable X11 connection forwarding.\n");
|
|
||||||
fprintf(stderr, " -Y Enable trusted X11 connection forwarding.\n");
|
|
||||||
fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");
|
|
||||||
fprintf(stderr, " -i file Identity for public key authentication "
|
|
||||||
"(default: ~/.ssh/identity)\n");
|
|
||||||
#ifdef SMARTCARD
|
|
||||||
fprintf(stderr, " -I reader Set smartcard reader.\n");
|
|
||||||
#endif
|
|
||||||
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
|
|
||||||
fprintf(stderr, " -T Do not allocate a tty.\n");
|
|
||||||
fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
|
|
||||||
fprintf(stderr, " Multiple -v increases verbosity.\n");
|
|
||||||
fprintf(stderr, " -V Display version number only.\n");
|
|
||||||
fprintf(stderr, " -q Quiet; don't display any warning messages.\n");
|
|
||||||
fprintf(stderr, " -f Fork into background after authentication.\n");
|
|
||||||
fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n");
|
|
||||||
|
|
||||||
fprintf(stderr, " -c cipher Select encryption algorithm\n");
|
|
||||||
fprintf(stderr, " -m macs Specify MAC algorithms for protocol version 2.\n");
|
|
||||||
fprintf(stderr, " -p port Connect to this port. Server must be on the same port.\n");
|
|
||||||
fprintf(stderr, " -L listen-port:host:port Forward local port to remote address\n");
|
|
||||||
fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n");
|
|
||||||
fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname);
|
|
||||||
fprintf(stderr, " forward them to the other side by connecting to host:port.\n");
|
|
||||||
fprintf(stderr, " -D port Enable dynamic application-level port forwarding.\n");
|
|
||||||
fprintf(stderr, " -C Enable compression.\n");
|
|
||||||
fprintf(stderr, " -N Do not execute a shell or command.\n");
|
|
||||||
fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n");
|
|
||||||
fprintf(stderr, " -1 Force protocol version 1.\n");
|
|
||||||
fprintf(stderr, " -2 Force protocol version 2.\n");
|
|
||||||
fprintf(stderr, " -4 Use IPv4 only.\n");
|
|
||||||
fprintf(stderr, " -6 Use IPv6 only.\n");
|
|
||||||
fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n");
|
|
||||||
fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n");
|
|
||||||
fprintf(stderr, " -b addr Local IP address.\n");
|
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -347,12 +310,8 @@ main(int ac, char **av)
|
|||||||
}
|
}
|
||||||
/* fallthrough */
|
/* fallthrough */
|
||||||
case 'V':
|
case 'V':
|
||||||
fprintf(stderr,
|
fprintf(stderr, "%s, %s\n",
|
||||||
"%s, SSH protocols %d.%d/%d.%d, %s\n",
|
SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
|
||||||
SSH_VERSION,
|
|
||||||
PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
|
|
||||||
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
|
|
||||||
SSLeay_version(SSLEAY_VERSION));
|
|
||||||
if (opt == 'V')
|
if (opt == 'V')
|
||||||
exit(0);
|
exit(0);
|
||||||
break;
|
break;
|
||||||
@ -777,7 +736,7 @@ x11_get_proto(char **_proto, char **_data)
|
|||||||
xauthdir);
|
xauthdir);
|
||||||
snprintf(cmd, sizeof(cmd),
|
snprintf(cmd, sizeof(cmd),
|
||||||
"%s -f %s generate %s " SSH_X11_PROTO
|
"%s -f %s generate %s " SSH_X11_PROTO
|
||||||
" untrusted timeout 120 2>" _PATH_DEVNULL,
|
" untrusted timeout 1200 2>" _PATH_DEVNULL,
|
||||||
options.xauth_location, xauthfile, display);
|
options.xauth_location, xauthfile, display);
|
||||||
debug2("x11_get_proto: %s", cmd);
|
debug2("x11_get_proto: %s", cmd);
|
||||||
if (system(cmd) == 0)
|
if (system(cmd) == 0)
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $
|
.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SSH_CONFIG 5
|
.Dt SSH_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
@ -406,6 +406,24 @@ syntax to refer to a user's home directory.
|
|||||||
It is possible to have
|
It is possible to have
|
||||||
multiple identity files specified in configuration files; all these
|
multiple identity files specified in configuration files; all these
|
||||||
identities will be tried in sequence.
|
identities will be tried in sequence.
|
||||||
|
.It Cm IdentitiesOnly
|
||||||
|
Specifies that
|
||||||
|
.Nm ssh
|
||||||
|
should only use the authentication identity files configured in the
|
||||||
|
.Nm
|
||||||
|
files,
|
||||||
|
even if the
|
||||||
|
.Nm ssh-agent
|
||||||
|
offers more identities.
|
||||||
|
The argument to this keyword must be
|
||||||
|
.Dq yes
|
||||||
|
or
|
||||||
|
.Dq no .
|
||||||
|
This option is intented for situations where
|
||||||
|
.Nm ssh-agent
|
||||||
|
offers many different identities.
|
||||||
|
The default is
|
||||||
|
.Dq no .
|
||||||
.It Cm LocalForward
|
.It Cm LocalForward
|
||||||
Specifies that a TCP/IP port on the local machine be forwarded over
|
Specifies that a TCP/IP port on the local machine be forwarded over
|
||||||
the secure channel to the specified host and port from the remote machine.
|
the secure channel to the specified host and port from the remote machine.
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $");
|
RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $");
|
||||||
|
|
||||||
#include "openbsd-compat/sys-queue.h"
|
#include "openbsd-compat/sys-queue.h"
|
||||||
|
|
||||||
@ -1044,7 +1044,7 @@ pubkey_prepare(Authctxt *authctxt)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!found) {
|
if (!found && !options.identities_only) {
|
||||||
id = xmalloc(sizeof(*id));
|
id = xmalloc(sizeof(*id));
|
||||||
memset(id, 0, sizeof(*id));
|
memset(id, 0, sizeof(*id));
|
||||||
id->key = key;
|
id->key = key;
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: sshd.c,v 1.286 2004/02/23 12:02:33 markus Exp $");
|
RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $");
|
||||||
|
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
@ -101,7 +101,6 @@ extern char *__progname;
|
|||||||
#else
|
#else
|
||||||
char *__progname;
|
char *__progname;
|
||||||
#endif
|
#endif
|
||||||
extern char **environ;
|
|
||||||
|
|
||||||
/* Server configuration options. */
|
/* Server configuration options. */
|
||||||
ServerOptions options;
|
ServerOptions options;
|
||||||
@ -568,7 +567,7 @@ privsep_preauth_child(void)
|
|||||||
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
|
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
|
||||||
(u_int)pw->pw_gid);
|
(u_int)pw->pw_gid);
|
||||||
#if 0
|
#if 0
|
||||||
/* XXX not ready, to heavy after chroot */
|
/* XXX not ready, too heavy after chroot */
|
||||||
do_setusercontext(pw);
|
do_setusercontext(pw);
|
||||||
#else
|
#else
|
||||||
gidset[0] = pw->pw_gid;
|
gidset[0] = pw->pw_gid;
|
||||||
@ -764,26 +763,12 @@ drop_connection(int startups)
|
|||||||
static void
|
static void
|
||||||
usage(void)
|
usage(void)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "sshd version %s, %s\n",
|
fprintf(stderr, "%s, %s\n",
|
||||||
SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
|
SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
|
||||||
fprintf(stderr, "Usage: %s [options]\n", __progname);
|
fprintf(stderr,
|
||||||
fprintf(stderr, "Options:\n");
|
"usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n"
|
||||||
fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
|
" [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n"
|
||||||
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
|
);
|
||||||
fprintf(stderr, " -i Started from inetd\n");
|
|
||||||
fprintf(stderr, " -D Do not fork into daemon mode\n");
|
|
||||||
fprintf(stderr, " -t Only test configuration file and keys\n");
|
|
||||||
fprintf(stderr, " -q Quiet (no logging)\n");
|
|
||||||
fprintf(stderr, " -p port Listen on the specified port (default: 22)\n");
|
|
||||||
fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n");
|
|
||||||
fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
|
|
||||||
fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
|
|
||||||
fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
|
|
||||||
_PATH_HOST_KEY_FILE);
|
|
||||||
fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
|
|
||||||
fprintf(stderr, " -4 Use IPv4 only\n");
|
|
||||||
fprintf(stderr, " -6 Use IPv6 only\n");
|
|
||||||
fprintf(stderr, " -o option Process the option as if it was read from a configuration file.\n");
|
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -832,6 +817,9 @@ main(int ac, char **av)
|
|||||||
av = saved_argv;
|
av = saved_argv;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (geteuid() == 0 && setgroups(0, NULL) == -1)
|
||||||
|
debug("setgroups(): %.200s", strerror(errno));
|
||||||
|
|
||||||
/* Initialize configuration options to their default values. */
|
/* Initialize configuration options to their default values. */
|
||||||
initialize_server_options(&options);
|
initialize_server_options(&options);
|
||||||
|
|
||||||
@ -940,6 +928,13 @@ main(int ac, char **av)
|
|||||||
SYSLOG_FACILITY_AUTH : options.log_facility,
|
SYSLOG_FACILITY_AUTH : options.log_facility,
|
||||||
log_stderr || !inetd_flag);
|
log_stderr || !inetd_flag);
|
||||||
|
|
||||||
|
#ifdef _AIX
|
||||||
|
/*
|
||||||
|
* Unset KRB5CCNAME, otherwise the user's session may inherit it from
|
||||||
|
* root's environment
|
||||||
|
*/
|
||||||
|
unsetenv("KRB5CCNAME");
|
||||||
|
#endif /* _AIX */
|
||||||
#ifdef _UNICOS
|
#ifdef _UNICOS
|
||||||
/* Cray can define user privs drop all prives now!
|
/* Cray can define user privs drop all prives now!
|
||||||
* Not needed on PRIV_SU systems!
|
* Not needed on PRIV_SU systems!
|
||||||
@ -1106,11 +1101,6 @@ main(int ac, char **av)
|
|||||||
unmounted if desired. */
|
unmounted if desired. */
|
||||||
chdir("/");
|
chdir("/");
|
||||||
|
|
||||||
#ifndef HAVE_CYGWIN
|
|
||||||
/* Clear environment */
|
|
||||||
environ[0] = NULL;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* ignore SIGPIPE */
|
/* ignore SIGPIPE */
|
||||||
signal(SIGPIPE, SIG_IGN);
|
signal(SIGPIPE, SIG_IGN);
|
||||||
|
|
||||||
@ -1389,6 +1379,7 @@ main(int ac, char **av)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* This is the child processing a new connection. */
|
/* This is the child processing a new connection. */
|
||||||
|
setproctitle("%s", "[accepted]");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create a new session and process group since the 4.4BSD
|
* Create a new session and process group since the 4.4BSD
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd_config.5,v 1.28 2004/02/17 19:35:21 jmc Exp $
|
.\" $OpenBSD: sshd_config.5,v 1.29 2004/03/08 10:18:57 dtucker Exp $
|
||||||
.Dd September 25, 1999
|
.Dd September 25, 1999
|
||||||
.Dt SSHD_CONFIG 5
|
.Dt SSHD_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
@ -300,6 +300,11 @@ To use this option, the server needs a
|
|||||||
Kerberos servtab which allows the verification of the KDC's identity.
|
Kerberos servtab which allows the verification of the KDC's identity.
|
||||||
Default is
|
Default is
|
||||||
.Dq no .
|
.Dq no .
|
||||||
|
.It Cm KerberosGetAFSToken
|
||||||
|
If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire
|
||||||
|
an AFS token before accessing the user's home directory.
|
||||||
|
Default is
|
||||||
|
.Dq no .
|
||||||
.It Cm KerberosOrLocalPasswd
|
.It Cm KerberosOrLocalPasswd
|
||||||
If set then if password authentication through Kerberos fails then
|
If set then if password authentication through Kerberos fails then
|
||||||
the password will be validated via any additional local mechanism
|
the password will be validated via any additional local mechanism
|
||||||
@ -429,7 +434,9 @@ The default is
|
|||||||
.Pp
|
.Pp
|
||||||
If this option is set to
|
If this option is set to
|
||||||
.Dq without-password
|
.Dq without-password
|
||||||
password authentication is disabled for root.
|
password authentication is disabled for root. Note that other authentication
|
||||||
|
methods (e.g., keyboard-interactive/PAM) may still allow root to login using
|
||||||
|
a password.
|
||||||
.Pp
|
.Pp
|
||||||
If this option is set to
|
If this option is set to
|
||||||
.Dq forced-commands-only
|
.Dq forced-commands-only
|
||||||
|
@ -52,11 +52,11 @@ u_long
|
|||||||
get_last_login_time(uid_t uid, const char *logname,
|
get_last_login_time(uid_t uid, const char *logname,
|
||||||
char *buf, u_int bufsize)
|
char *buf, u_int bufsize)
|
||||||
{
|
{
|
||||||
struct logininfo li;
|
struct logininfo li;
|
||||||
|
|
||||||
login_get_lastlog(&li, uid);
|
login_get_lastlog(&li, uid);
|
||||||
strlcpy(buf, li.hostname, bufsize);
|
strlcpy(buf, li.hostname, bufsize);
|
||||||
return li.tv_sec;
|
return li.tv_sec;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -67,12 +67,12 @@ void
|
|||||||
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
||||||
const char *host, struct sockaddr * addr, socklen_t addrlen)
|
const char *host, struct sockaddr * addr, socklen_t addrlen)
|
||||||
{
|
{
|
||||||
struct logininfo *li;
|
struct logininfo *li;
|
||||||
|
|
||||||
li = login_alloc_entry(pid, user, host, ttyname);
|
li = login_alloc_entry(pid, user, host, ttyname);
|
||||||
login_set_addr(li, addr, addrlen);
|
login_set_addr(li, addr, addrlen);
|
||||||
login_login(li);
|
login_login(li);
|
||||||
login_free_entry(li);
|
login_free_entry(li);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef LOGIN_NEEDS_UTMPX
|
#ifdef LOGIN_NEEDS_UTMPX
|
||||||
@ -80,12 +80,12 @@ void
|
|||||||
record_utmp_only(pid_t pid, const char *ttyname, const char *user,
|
record_utmp_only(pid_t pid, const char *ttyname, const char *user,
|
||||||
const char *host, struct sockaddr * addr, socklen_t addrlen)
|
const char *host, struct sockaddr * addr, socklen_t addrlen)
|
||||||
{
|
{
|
||||||
struct logininfo *li;
|
struct logininfo *li;
|
||||||
|
|
||||||
li = login_alloc_entry(pid, user, host, ttyname);
|
li = login_alloc_entry(pid, user, host, ttyname);
|
||||||
login_set_addr(li, addr, addrlen);
|
login_set_addr(li, addr, addrlen);
|
||||||
login_utmp_only(li);
|
login_utmp_only(li);
|
||||||
login_free_entry(li);
|
login_free_entry(li);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -93,9 +93,9 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
|
|||||||
void
|
void
|
||||||
record_logout(pid_t pid, const char *ttyname, const char *user)
|
record_logout(pid_t pid, const char *ttyname, const char *user)
|
||||||
{
|
{
|
||||||
struct logininfo *li;
|
struct logininfo *li;
|
||||||
|
|
||||||
li = login_alloc_entry(pid, user, NULL, ttyname);
|
li = login_alloc_entry(pid, user, NULL, ttyname);
|
||||||
login_logout(li);
|
login_logout(li);
|
||||||
login_free_entry(li);
|
login_free_entry(li);
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
/* $OpenBSD: version.h,v 1.40 2004/02/23 15:16:46 markus Exp $ */
|
/* $OpenBSD: version.h,v 1.41 2004/03/20 10:40:59 markus Exp $ */
|
||||||
|
|
||||||
#define SSH_VERSION "OpenSSH_3.8p1"
|
#define SSH_VERSION "OpenSSH_3.8.1p1"
|
||||||
|
Loading…
Reference in New Issue
Block a user