diff options
| author | Mark Linimon <linimon@FreeBSD.org> | 2004-11-28 21:53:08 +0000 |
|---|---|---|
| committer | Mark Linimon <linimon@FreeBSD.org> | 2004-11-28 21:53:08 +0000 |
| commit | e074ac5451133fb19fa015f74688383d3ec967b7 (patch) | |
| tree | f5ec4ab98ef0638e6f3cece2dfde9e0247a31193 | |
| parent | 1bd7189e1766b416e821eec077b56d8073ea9c69 (diff) | |
| download | ports-e074ac5451133fb19fa015f74688383d3ec967b7.tar.gz ports-e074ac5451133fb19fa015f74688383d3ec967b7.zip | |
As previously announced, remove ports/picobsd/ssh-picobsd due to long-
standing build problems. Since it was the last port in the picobsd
category, remove it, too.
Discussed with: kris
Notes
Notes:
svn path=/head/; revision=122703
39 files changed, 0 insertions, 4823 deletions
@@ -40,7 +40,6 @@ SUBDIR += net SUBDIR += net-mgmt SUBDIR += news SUBDIR += palm -SUBDIR += picobsd SUBDIR += polish SUBDIR += portuguese SUBDIR += print diff --git a/picobsd/Makefile b/picobsd/Makefile deleted file mode 100644 index f4644b300388..000000000000 --- a/picobsd/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# $FreeBSD$ -# - - COMMENT = PicoBSD-related ports - - SUBDIR += ssh-picobsd - -.include <bsd.port.subdir.mk> diff --git a/picobsd/ssh-picobsd/Makefile b/picobsd/ssh-picobsd/Makefile deleted file mode 100644 index d4a722c72801..000000000000 --- a/picobsd/ssh-picobsd/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -# New ports collection makefile for: ssh-picobsd -# Date created: 21 Apr 2001 -# Whom: luigi@FreeBSD.org -# -# $FreeBSD$ -# -# A small version of ssh for picobsd. A single binary does ssh,sshd and scp -# - -PORTNAME= ssh -PORTVERSION= 1.2.27 # Note, 1.2.30 is under a more restrictive license -PORTREVISION= 1 -CATEGORIES= picobsd security -MASTER_SITES= \ - ftp://ftp.ssh.com/pub/ssh/old/ \ - ftp://ftp.cronyx.ru/mirror/ssh/old/ \ - ftp://ftp.dei.uc.pt/pub/Crypto/SSH/old/ \ - ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/old/ - -MAINTAINER= luigi@FreeBSD.org -COMMENT= Secure shell client, server and remote copy (for picobsd) - -NO_CDROM= "Picobsd only" -NO_PACKAGE= "This is only useful to build picobsd images" - -BROKEN= "Install fails" -EXPIRATION_DATE=2004-08-20 -DEPRECATED= ${BROKEN} - -USE_AUTOCONF_VER= 213 -GNU_CONFIGURE= YES -USE_PERL5= YES -CONFIGURE_ENV+= PERL=${PERL5} - -CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc - -# Uncomment if all your users are in their own group and their homedir -# is writeable by that group. Beware the security implications! -# -#CONFIGURE_ARGS+= --enable-group-writeability - -# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection -# over a secure medium (i.e. allow SSH connections without encryption). -# This is normally dangerous since it can lead to the disclosure of keys -# and passwords. -# -#CONFIGURE_ARGS+= --with-none - -.if defined(KRB5_HOME) && exists(${KRB5_HOME}) -CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \ - --disable-suid-ssh -.endif - -# Include support for the SecureID card -# Warning: untested ! -# -.if defined(WITH_SECUREID) -CONFIGURE_ARGS+= --with-secureid -.endif - -# Don't use IDEA. IDEA can be freely used for non-commercial use. However, -# commercial use may require a licence in a number of countries. Since SSH -# itself may not be used for commercial purposes without a license, we -# enable IDEA by default since the user would already be getting himself -# into trouble. - -pre-patch: - @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ - ${WRKSRC}/make-ssh-known-hosts.pl.in - -.include <bsd.port.pre.mk> - -# no IDEA, tcpwrap, IPV6, SOCKS, x11 for picobsd -CONFIGURE_ARGS+= --disable-ipv6 --without-x --without-idea - -.include <bsd.port.post.mk> diff --git a/picobsd/ssh-picobsd/distinfo b/picobsd/ssh-picobsd/distinfo deleted file mode 100644 index 9291d86de2a0..000000000000 --- a/picobsd/ssh-picobsd/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395 -SIZE (ssh-1.2.27.tar.gz) = 1022546 diff --git a/picobsd/ssh-picobsd/files/patch-aa b/picobsd/ssh-picobsd/files/patch-aa deleted file mode 100644 index 3386fc8d68a3..000000000000 --- a/picobsd/ssh-picobsd/files/patch-aa +++ /dev/null @@ -1,19 +0,0 @@ -*** make-ssh-known-hosts.pl.in.orig Wed May 12 20:18:51 1999 ---- make-ssh-known-hosts.pl.in Sun Jun 6 02:30:08 1999 -*************** -*** 98,104 **** - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '/etc/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; ---- 98,104 ---- - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '@ETCDIR@/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; diff --git a/picobsd/ssh-picobsd/files/patch-ac b/picobsd/ssh-picobsd/files/patch-ac deleted file mode 100644 index 1f4163606c09..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ac +++ /dev/null @@ -1,121 +0,0 @@ ---- Makefile.in.orig Wed May 12 04:19:31 1999 -+++ Makefile.in Sun Sep 17 01:39:40 2000 -@@ -301,12 +301,17 @@ - SHELL = /bin/sh - - GMPDIR = gmp-2.0.2-ssh-2 --GMPLIBS = -L$(GMPDIR) -lgmp --GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a -+# We have the same libgmp in the system, so use it instead -+GMPINCDIR = /usr/include -+GMPLIBDIR = /usr/lib -+GMPLIBS = -lgmp -+GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a - - ZLIBDIR = zlib-1.0.4 --ZLIBDEP = $(ZLIBDIR)/libz.a --ZLIBLIBS = -L$(ZLIBDIR) -lz -+ZLIBINCDIR = /usr/include -+ZLIBLIBDIR = /usr/lib -+ZLIBDEP = $(ZLIBINCDIR)/libz.a -+ZLIBLIBS = -lz - - RSAREFDIR = rsaref2 - RSAREFSRCDIR = $(RSAREFDIR)/source -@@ -411,7 +416,7 @@ - $(CC) -o rfc-pg rfc-pg.o - - .c.o: -- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< -+ $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPINCDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< - - sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f sshd -@@ -454,19 +459,19 @@ - sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts - chmod +x make-ssh-known-hosts - --GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ -- mpz_mul.c mpz_cmp.c mpz_sqrtrem.c --$(GMPDIR)/libgmp.a: -- cd $(GMPDIR); $(MAKE) -- --$(ZLIBDEP): -- -if test '!' -d $(ZLIBDIR); then \ -- mkdir $(ZLIBDIR); \ -- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -- fi -- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a -+#GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ -+# mpz_mul.c mpz_cmp.c mpz_sqrtrem.c -+#$(GMPDIR)/libgmp.a: -+# cd $(GMPDIR); $(MAKE) -+# -+#$(ZLIBDEP): -+# -if test '!' -d $(ZLIBDIR); then \ -+# mkdir $(ZLIBDIR); \ -+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -+# fi -+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a - - $(RSAREFSRCDIR)/librsaref.a: - -if test '!' -d $(RSAREFDIR); then \ -@@ -523,7 +528,7 @@ - # (otherwise it can only log in as the user it runs as, and must be - # bound to a non-privileged port). Also, password authentication may - # not be available if non-root and using shadow passwords. --install: $(PROGRAMS) make-dirs generate-host-key install-configs -+install: $(PROGRAMS) make-dirs install-configs - -rm -f $(install_prefix)$(bindir)/ssh1.old - -chmod 755 $(install_prefix)$(bindir)/ssh1 - -chmod 755 $(install_prefix)$(bindir)/ssh -@@ -679,15 +684,15 @@ - - clean: - -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg -- cd $(GMPDIR); $(MAKE) clean -+# cd $(GMPDIR); $(MAKE) clean - # cd $(RSAREFSRCDIR); rm -f *.o *.a -- cd $(ZLIBDIR); $(MAKE) clean -+# cd $(ZLIBDIR); $(MAKE) clean - - distclean: clean - -rm -f Makefile config.status config.cache config.log config.h - -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 -- cd $(GMPDIR); $(MAKE) distclean -- cd $(ZLIBDIR); $(MAKE) distclean -+# cd $(GMPDIR); $(MAKE) distclean -+# cd $(ZLIBDIR); $(MAKE) distclean - - dist: dist-free - -@@ -716,12 +721,12 @@ - -mkdir $(DISTNAME) - cp $(DISTFILES) $(DISTNAME) - for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done -- (cd $(GMPDIR); make dist) -- gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) -+# (cd $(GMPDIR); make dist) -+# gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) - # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) - # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS -+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS - - #ifdef F_SECURE_COMMERCIAL - # -@@ -749,7 +754,7 @@ - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null - - depend: -- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) -+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) - - tags: - -rm -f TAGS diff --git a/picobsd/ssh-picobsd/files/patch-ad b/picobsd/ssh-picobsd/files/patch-ad deleted file mode 100644 index bab4169bca64..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -*** auth-passwd.c.orig Wed May 12 20:19:23 1999 ---- auth-passwd.c Sun Jun 6 02:36:00 1999 -*************** -*** 911,916 **** ---- 911,918 ---- - encrypted_password = crypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); -+ if (!password[0] && correct_passwd[0]) -+ encrypted_password = ":"; - #endif /* HAVE_SCO_ETC_SHADOW */ - - /* Authentication is accepted if the encrypted passwords are identical. */ diff --git a/picobsd/ssh-picobsd/files/patch-ae b/picobsd/ssh-picobsd/files/patch-ae deleted file mode 100644 index 0ef0a89ae6c2..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ae +++ /dev/null @@ -1,58 +0,0 @@ -*** server_config.sample.old Thu Apr 20 23:24:57 2000 ---- server_config.sample Thu Apr 20 23:26:24 2000 -*************** -*** 1,13 **** - # This is ssh server systemwide configuration file. - - Port 22 -! ListenAddress 0.0.0.0 - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 - LoginGraceTime 600 - KeyRegenerationInterval 3600 -! PermitRootLogin yes - IgnoreRhosts no - StrictModes yes - QuietMode no ---- 1,13 ---- - # This is ssh server systemwide configuration file. - - Port 22 -! #Port 722 # Secondary port to listen on - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 - LoginGraceTime 600 - KeyRegenerationInterval 3600 -! PermitRootLogin no - IgnoreRhosts no - StrictModes yes - QuietMode no -*************** -*** 16,27 **** - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility DAEMON - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes - PasswordAuthentication yes -! PermitEmptyPasswords yes - UseLogin no - # CheckMail no - # PidFile /u/zappa/.ssh/pid ---- 16,27 ---- - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility AUTH - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes - PasswordAuthentication yes -! PermitEmptyPasswords no - UseLogin no - # CheckMail no - # PidFile /u/zappa/.ssh/pid diff --git a/picobsd/ssh-picobsd/files/patch-af b/picobsd/ssh-picobsd/files/patch-af deleted file mode 100644 index d3fce096361b..000000000000 --- a/picobsd/ssh-picobsd/files/patch-af +++ /dev/null @@ -1,809 +0,0 @@ -*** sshd.c.orig Tue Jan 11 20:40:10 2000 ---- sshd.c Tue Jan 11 20:40:07 2000 -*************** -*** 553,558 **** ---- 553,571 ---- - /* Name of the server configuration file. */ - char *config_file_name = SERVER_CONFIG_FILE; - -+ /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+ #ifdef ENABLE_IPV6 -+ int IPv4or6 = AF_UNSPEC; -+ #else -+ int IPv4or6 = AF_INET; -+ #endif -+ -+ #ifdef ENABLE_LOG_AUTH -+ char *unauthenticated_user = NULL; -+ int log_auth_flag = 0; -+ #endif /* ENABLE_LOG_AUTH */ -+ - /* Debug mode flag. This can be set on the command line. If debug - mode is enabled, extra debugging output will be sent to the system - log, the daemon will not go to background, and will exit after processing -*************** -*** 576,582 **** - - /* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ -! int listen_sock; - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ ---- 589,605 ---- - - /* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ -! #define MAX_LISTEN_SOCKS 16 -! int listen_socks[MAX_LISTEN_SOCKS]; -! int num_listen_socks = 0; -! void close_listen_socks() -! { -! int i; -! -! for (i = 0; i < num_listen_socks; i++) -! close(listen_socks[i]); -! num_listen_socks = -1; -! } - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ -*************** -*** 666,672 **** - void sighup_restart(void) - { - log_msg("Received SIGHUP; restarting."); -! close(listen_sock); - execvp(saved_argv[0], saved_argv); - log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", - saved_argv[0], strerror(errno)); ---- 689,695 ---- - void sighup_restart(void) - { - log_msg("Received SIGHUP; restarting."); -! close_listen_socks(); - execvp(saved_argv[0], saved_argv); - log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", - saved_argv[0], strerror(errno)); -*************** -*** 680,686 **** - RETSIGTYPE sigterm_handler(int sig) - { - log_msg("Received signal %d; terminating.", sig); -! close(listen_sock); - exit(255); - } - ---- 703,709 ---- - RETSIGTYPE sigterm_handler(int sig) - { - log_msg("Received signal %d; terminating.", sig); -! close_listen_socks(); - exit(255); - } - -*************** -*** 759,765 **** - int perm_denied = 0; - int ret; - fd_set fdset; -! struct sockaddr_in sin; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ - char *comment; ---- 782,788 ---- - int perm_denied = 0; - int ret; - fd_set fdset; -! struct sockaddr_storage from; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ - char *comment; -*************** -*** 769,774 **** ---- 792,800 ---- - struct linger linger; - #endif /* SO_LINGER */ - int done; -+ struct addrinfo *ai; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int listen_sock, maxfd; - - /* Save argv[0]. */ - saved_argv = av; -*************** -*** 787,796 **** - initialize_server_options(&options); - - /* Parse command-line arguments. */ -! while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF) - { - switch (opt) - { - case 'f': - config_file_name = optarg; - break; ---- 813,838 ---- - initialize_server_options(&options); - - /* Parse command-line arguments. */ -! while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4" -! #ifdef ENABLE_IPV6 -! "6" -! #endif -! )) != EOF) - { - switch (opt) - { -+ case '4': -+ #ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+ #else -+ IPv4or6 = AF_INET; -+ #endif -+ break; -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+ #endif - case 'f': - config_file_name = optarg; - break; -*************** -*** 807,813 **** - options.server_key_bits = atoi(optarg); - break; - case 'p': -! options.port = atoi(optarg); - break; - case 'g': - options.login_grace_time = atoi(optarg); ---- 849,855 ---- - options.server_key_bits = atoi(optarg); - break; - case 'p': -! options.ports[options.num_ports++] = atoi(optarg); - break; - case 'g': - options.login_grace_time = atoi(optarg); -*************** -*** 829,834 **** ---- 871,880 ---- - fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); - fprintf(stderr, "Usage: %s [options]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only\n"); -+ #ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only\n"); -+ #endif - fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); - fprintf(stderr, " -d Debugging mode\n"); - fprintf(stderr, " -i Started from inetd\n"); -*************** -*** 857,872 **** - fprintf(stderr, "fatal: Bad server key size.\n"); - exit(1); - } -- if (options.port < 1 || options.port > 65535) -- { -- fprintf(stderr, "fatal: Bad port number.\n"); -- exit(1); -- } - if (options.umask != -1) - { - umask(options.umask); - } - - /* Check that there are no remaining arguments. */ - if (optind < ac) - { ---- 903,917 ---- - fprintf(stderr, "fatal: Bad server key size.\n"); - exit(1); - } - if (options.umask != -1) - { - umask(options.umask); - } - -+ #ifdef ENABLE_LOG_AUTH -+ log_auth_flag = options.log_auth; -+ #endif /* ENABLE_LOG_AUTH */ -+ - /* Check that there are no remaining arguments. */ - if (optind < ac) - { -*************** -*** 1034,1043 **** - } - else - { - /* Create socket for listening. */ -! listen_sock = socket(AF_INET, SOCK_STREAM, 0); - if (listen_sock < 0) - fatal("socket: %.100s", strerror(errno)); - - /* Set socket options. We try to make the port reusable and have it - close as fast as possible without waiting in unnecessary wait states ---- 1079,1091 ---- - } - else - { -+ for (ai = options.listen_addrs; ai; ai = ai->ai_next) -+ { - /* Create socket for listening. */ -! listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (listen_sock < 0) - fatal("socket: %.100s", strerror(errno)); -+ listen_socks[num_listen_socks] = listen_sock; - - /* Set socket options. We try to make the port reusable and have it - close as fast as possible without waiting in unnecessary wait states -*************** -*** 1051,1071 **** - sizeof(linger)); - #endif /* SO_LINGER */ - -! /* Initialize the socket address. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr = options.listen_addr; -! sin.sin_port = htons(options.port); - - /* Bind the socket to the desired port. */ -! if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("bind: %.100s", strerror(errno)); -! shutdown(listen_sock, 2); - close(listen_sock); -! fatal("Bind to port %d failed: %.200s.", options.port, -! strerror(errno)); - } - - if (!debug_flag) - { ---- 1099,1128 ---- - sizeof(linger)); - #endif /* SO_LINGER */ - -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), strport, sizeof(strport), -! NI_NUMERICHOST|NI_NUMERICSERV); - - /* Bind the socket to the desired port. */ -! if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! error("Bind to port %s on %s failed: %.200s.", -! strport, ntop, strerror(errno)); - close(listen_sock); -! continue; - } -+ num_listen_socks++; -+ -+ /* Start listening on the port. */ -+ log_msg("Server listening on %s port %s.", ntop, strport); -+ if (listen(listen_sock, 5) < 0) -+ fatal("listen: %.100s", strerror(errno)); -+ -+ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */ -+ freeaddrinfo(options.listen_addrs); -+ -+ if (!num_listen_socks) -+ fatal("Cannot bind all addresses."); - - if (!debug_flag) - { -*************** -*** 1081,1091 **** - } - } - -- /* Start listening on the port. */ -- log_msg("Server listening on port %d.", options.port); -- if (listen(listen_sock, 5) < 0) -- fatal("listen: %.100s", strerror(errno)); -- - /* Generate an rsa key. */ - log_msg("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(&sensitive_data.private_key, &public_key, ---- 1138,1143 ---- -*************** -*** 1139,1156 **** - - /* Wait in select until there is a connection. */ - FD_ZERO(&fdset); -! FD_SET(listen_sock, &fdset); -! ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); -! if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) - { - if (errno == EINTR) - continue; - error("select: %.100s", strerror(errno)); - continue; - } -! -! aux = sizeof(sin); -! newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux); - if (newsock < 0) - { - if (errno == EINTR) ---- 1191,1218 ---- - - /* Wait in select until there is a connection. */ - FD_ZERO(&fdset); -! maxfd = 0; -! for (i = 0; i < num_listen_socks; i++) -! { -! FD_SET(listen_socks[i], &fdset); -! if (listen_socks[i] > maxfd) -! maxfd = listen_socks[i]; -! } -! ret = select(maxfd + 1, &fdset, NULL, NULL, NULL); -! if (ret < 0) - { - if (errno == EINTR) - continue; - error("select: %.100s", strerror(errno)); - continue; - } -! -! for (i = 0; i < num_listen_socks; i++) -! { -! if (!FD_ISSET(listen_socks[i], &fdset)) -! continue; -! aux = sizeof(from); -! newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux); - if (newsock < 0) - { - if (errno == EINTR) -*************** -*** 1166,1172 **** - /* In debugging mode. Close the listening socket, and start - processing the connection without forking. */ - debug("Server will not fork when running in debugging mode."); -! close(listen_sock); - sock_in = newsock; - sock_out = newsock; - pid = getpid(); ---- 1228,1234 ---- - /* In debugging mode. Close the listening socket, and start - processing the connection without forking. */ - debug("Server will not fork when running in debugging mode."); -! close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - pid = getpid(); -*************** -*** 1195,1201 **** - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ -! close(listen_sock); - sock_in = newsock; - sock_out = newsock; - #ifdef LIBWRAP ---- 1257,1263 ---- - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ -! close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - #ifdef LIBWRAP -*************** -*** 1233,1238 **** ---- 1295,1304 ---- - - /* Close the new socket (the child is now taking care of it). */ - close(newsock); -+ } /* for (i = 0; i < num_host_socks; i++) */ -+ /* child process check (or debug mode) */ -+ if (num_listen_socks < 0) -+ break; - } - } - -*************** -*** 2205,2210 **** ---- 2271,2279 ---- - krb5_parse_name(ssh_context, user, &client); - #endif /* defined(KERBEROS) && defined(KRB5) */ - -+ #ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = user; -+ #endif /* ENABLE_LOG_AUTH */ - /* Verify that the user is a valid user. We disallow usernames starting - with any characters that are commonly used to start NIS entries. */ - pw = getpwnam(user); -*************** -*** 2222,2228 **** - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; -! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; ---- 2291,2297 ---- - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; -! #endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; -*************** -*** 2260,2265 **** ---- 2329,2339 ---- - { - /* Authentication with empty password succeeded. */ - debug("Login for user %.100s accepted without authentication.", user); -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "empty password accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - /* Success packet will be sent after loop below. */ -*************** -*** 2334,2339 **** ---- 2408,2418 ---- - /* Client has successfully authenticated to us. */ - log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s", - tkt_user, user, get_canonical_hostname()); -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "kerberos authentication accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_KERBEROS; - authenticated = 1; - break; -*************** -*** 2382,2387 **** ---- 2461,2471 ---- - /* Authentication accepted. */ - log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", - user, client_user, get_canonical_hostname()); -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts authentication accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS; - authenticated = 1; - remote_user_name = client_user; -*************** -*** 2441,2446 **** ---- 2525,2535 ---- - options.strict_modes)) - { - /* Authentication accepted. */ -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts with RSA host authentication accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS_RSA; - authenticated = 1; - remote_user_name = client_user; -*************** -*** 2474,2479 **** ---- 2563,2573 ---- - /* Successful authentication. */ - mpz_clear(&n); - log_msg("RSA authentication for %.100s accepted.", user); -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "RSA user authentication accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RSA; - authenticated = 1; - break; -*************** -*** 2608,2613 **** ---- 2702,2712 ---- - auth_close(); - memset(password, 0, strlen(password)); - xfree(password); -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from @%.700s (%s)", -+ user, get_canonical_hostname(), -+ "TIS authentication accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_TIS; - authenticated = 1; - break; -*************** -*** 2668,2673 **** ---- 2767,2777 ---- - memset(password, 0, strlen(password)); - xfree(password); - log_msg("Password authentication for %.100s accepted.", user); -+ #ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "password authentication accepted"); -+ #endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - break; -*************** -*** 2708,2713 **** ---- 2812,2822 ---- - } - - /* Check if the user is logging in as root and root logins are disallowed. */ -+ #ifdef ENABLE_LOG_AUTH -+ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) || -+ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command)) -+ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); -+ #endif /* ENABLE_LOG_AUTH */ - if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) - { - if (authentication_type == SSH_AUTH_PASSWORD) -*************** -*** 2775,2780 **** ---- 2884,2892 ---- - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -+ #ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = NULL; -+ #endif /* ENABLE_LOG_AUTH */ - - /* Perform session preparation. */ - do_authenticated(pw); -*************** -*** 3280,3294 **** - char line[256]; - struct stat st; - int quiet_login; -! struct sockaddr_in from; - int fromlen; - struct pty_cleanup_context cleanup_context; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - #endif -! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - struct timeval tp; -! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - - /* We no longer need the child running on user's privileges. */ - userfile_uninit(); ---- 3392,3407 ---- - char line[256]; - struct stat st; - int quiet_login; -! struct sockaddr_storage from; - int fromlen; - struct pty_cleanup_context cleanup_context; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; -+ time_t warnpassword, warnexpire; - #endif -! #if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - struct timeval tp; -! #endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */ - - /* We no longer need the child running on user's privileges. */ - userfile_uninit(); -*************** -*** 3387,3393 **** - - /* Record that there was a login on that terminal. */ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, -! &from); - - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - lc = login_getclass(pw->pw_class); ---- 3500,3506 ---- - - /* Record that there was a login on that terminal. */ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, -! (struct sockaddr *)&from); - - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - lc = login_getclass(pw->pw_class); -*************** -*** 3446,3451 **** ---- 3559,3572 ---- - "The Regents of the University of California. ", - "All rights reserved."); - } -+ #ifdef HAVE_LOGIN_CAP_H -+ #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ -+ -+ warnpassword = login_getcaptime(lc, "warnpassword", -+ DEFAULT_WARN, DEFAULT_WARN); -+ warnexpire = login_getcaptime(lc, "warnexpire", -+ DEFAULT_WARN, DEFAULT_WARN); -+ #endif - #endif - - /* Print /etc/motd unless a command was specified or printing it was -*************** -*** 3469,3475 **** - fputs(line, stdout); - fclose(f); - } -! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) ---- 3590,3596 ---- - fputs(line, stdout); - fclose(f); - } -! #if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) -*************** -*** 3876,3881 **** ---- 3997,4003 ---- - char *user_shell; - char *remote_ip; - int remote_port; -+ int local_port; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - char *real_shell; -*************** -*** 3922,3928 **** - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); -! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); ---- 4044,4050 ---- - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); -! #if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); -*************** -*** 3981,3986 **** ---- 4103,4109 ---- - user_shell = xstrdup(pw->pw_shell); - remote_ip = xstrdup(get_remote_ipaddr()); - remote_port = get_remote_port(); -+ local_port = get_local_port(); - - /* Close the connection descriptors; note that this is the child, and the - server will still have the socket open, and it is important that we -*************** -*** 4000,4006 **** - /* Close any extra file descriptors. Note that there may still be - descriptors left by system functions. They will be closed later. */ - endpwent(); -- endhostent(); - - /* Set dummy encryption key to clear information about the key from - memory. This key will never be used. */ ---- 4123,4128 ---- -*************** -*** 4257,4263 **** - - /* Set SSH_CLIENT. */ - snprintf(buf, sizeof(buf), -! "%.50s %d %d", remote_ip, remote_port, options.port); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - /* Set SSH_TTY if we have a pty. */ ---- 4379,4385 ---- - - /* Set SSH_CLIENT. */ - snprintf(buf, sizeof(buf), -! "%.50s %d %d", remote_ip, remote_port, local_port); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - /* Set SSH_TTY if we have a pty. */ -*************** -*** 4426,4432 **** - int i; - char name[255], *p; - char line[256]; -! struct hostent *hp; - - strncpy(name, display, sizeof(name)); - name[sizeof(name) - 1] = '\0'; ---- 4548,4555 ---- - int i; - char name[255], *p; - char line[256]; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN]; - - strncpy(name, display, sizeof(name)); - name[sizeof(name) - 1] = '\0'; -*************** -*** 4443,4449 **** - /* Moved this call here to avoid a nasty buf in SunOS - 4.1.4 libc where gethostbyname closes an unrelated - file descriptor. */ -! hp = gethostbyname(name); - - snprintf(line, sizeof(line), - "%.200s -q -", options.xauth_path); ---- 4566,4575 ---- - /* Moved this call here to avoid a nasty buf in SunOS - 4.1.4 libc where gethostbyname closes an unrelated - file descriptor. */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! if (getaddrinfo(name, NULL, &hints, &aitop) != 0) -! aitop = 0; - - snprintf(line, sizeof(line), - "%.200s -q -", options.xauth_path); -*************** -*** 4461,4481 **** - cp - display, display, cp, auth_proto, - auth_data); - #endif -! if (hp) - { -! for(i = 0; hp->h_addr_list[i]; i++) - { - if (debug_flag) - { - fprintf(stderr, "Running %s add %s%s %s %s\n", - options.xauth_path, -! inet_ntoa(*((struct in_addr *) -! hp->h_addr_list[i])), - cp, auth_proto, auth_data); - } - fprintf(f, "add %s%s %s %s\n", -! inet_ntoa(*((struct in_addr *) -! hp->h_addr_list[i])), - cp, auth_proto, auth_data); - } - } ---- 4587,4610 ---- - cp - display, display, cp, auth_proto, - auth_data); - #endif -! if (aitop) - { -! for (ai = aitop; ai; ai = ai->ai_next) - { -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, -+ NI_NUMERICHOST); -+ if (strchr(ntop, ':')) -+ continue; /* XXX - xauth doesn't accept it */ - if (debug_flag) - { - fprintf(stderr, "Running %s add %s%s %s %s\n", - options.xauth_path, -! ntop, - cp, auth_proto, auth_data); - } - fprintf(f, "add %s%s %s %s\n", -! ntop, - cp, auth_proto, auth_data); - } - } -*************** -*** 4525,4531 **** ---- 4654,4664 ---- - struct stat mailbuf; - - if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) -+ #ifdef __FreeBSD__ -+ ; -+ #else - printf("No mail.\n"); -+ #endif - else if (mailbuf.st_atime > mailbuf.st_mtime) - printf("You have mail.\n"); - else diff --git a/picobsd/ssh-picobsd/files/patch-ag b/picobsd/ssh-picobsd/files/patch-ag deleted file mode 100644 index 71f3b7e168f8..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ag +++ /dev/null @@ -1,54 +0,0 @@ -*** auth-kerberos.c.orig Tue Jan 11 20:33:46 2000 ---- auth-kerberos.c Tue Jan 11 20:33:38 2000 -*************** -*** 120,129 **** ---- 120,137 ---- - - debug("Kerberos invalid service name (%.100s).", server); - packet_send_debug("Kerberos invalid service name (%.100s).", server); -+ #ifdef krb5_xfree - krb5_xfree(server); -+ #else -+ free(server); -+ #endif - return 0; - } -+ #ifdef krb5_xfree - krb5_xfree(server); -+ #else -+ free(server); -+ #endif - - /* Extract the users name from the ticket client principal */ - problem = krb5_copy_principal(ssh_context, ticket->enc_part2->client, -*************** -*** 159,165 **** ---- 167,177 ---- - packet_put_string((char *) reply.data, reply.length); - packet_send(); - packet_write_wait(); -+ #ifdef krb5_xfree - krb5_xfree(reply.data); -+ #else -+ krb5_free_data_contents(ssh_context, &reply); -+ #endif - return 1; - } - #endif /* KRB5 */ -*************** -*** 177,183 **** - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -! struct sockaddr_in local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - ---- 189,195 ---- - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -! struct sockaddr_storage local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - diff --git a/picobsd/ssh-picobsd/files/patch-al b/picobsd/ssh-picobsd/files/patch-al deleted file mode 100644 index 35a191b5561a..000000000000 --- a/picobsd/ssh-picobsd/files/patch-al +++ /dev/null @@ -1,408 +0,0 @@ -*** sshconnect.c.orig Wed May 12 20:19:29 1999 ---- sshconnect.c Thu Feb 24 22:34:47 2000 -*************** -*** 337,343 **** - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - -! int ssh_create_socket(uid_t original_real_uid, int privileged) - { - int sock; - ---- 337,343 ---- - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - -! int ssh_create_socket(uid_t original_real_uid, int privileged, int family) - { - int sock; - -*************** -*** 345,379 **** - bind our own socket to a privileged port. */ - if (privileged) - { -! struct sockaddr_in sin; - int p; - for (p = 1023; p > 512; p--) - { -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) -! fatal("socket: %.100s", strerror(errno)); - -! /* Initialize the desired sockaddr_in structure. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr.s_addr = INADDR_ANY; -! sin.sin_port = htons(p); - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -! if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; /* Success. */ - #else /* SOCKS */ -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); - continue; - } -! fatal("bind: %.100s", strerror(errno)); - } - debug("Allocated local port %d.", p); - } - else ---- 345,404 ---- - bind our own socket to a privileged port. */ - if (privileged) - { -! struct addrinfo hints, *ai = NULL; -! int errgai; -! char strport[PORTSTRLEN]; - int p; -+ #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) -+ p = 1023; /* Compat with old FreeBSD */ -+ #if __FreeBSD__ >= 400014 -+ sock = rresvport_af(&p, family); -+ if (sock < 0) -+ error("rresvport_af: %.100s", strerror(errno)); -+ #else -+ sock = rresvport(&p); -+ if (sock < 0) -+ error("rresvport: %.100s", strerror(errno)); -+ #endif -+ #else - for (p = 1023; p > 512; p--) - { -! sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) -! error("socket: %.100s", strerror(errno)); - -! /* Initialize the desired addrinfo structure. */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = family; -! hints.ai_flags = AI_PASSIVE; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", p); -! #if defined(SOCKS) -! if ((errgai = Rgetaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); -! #else /* SOCKS */ -! if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); -! #endif /* SOCKS */ - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -! if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #else /* SOCKS */ -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); -+ freeaddrinfo(ai); - continue; - } -! error("bind: %.100s", strerror(errno)); - } -+ freeaddrinfo(ai); -+ #endif - debug("Allocated local port %d.", p); - } - else -*************** -*** 396,409 **** - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -! struct hostent *hp; -! struct sockaddr_in hostaddr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ ---- 421,439 ---- - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -! struct addrinfo hints, *ai, *aitop, *aitmp; -! struct sockaddr_storage hostaddr; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -! int gaierr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ -*************** -*** 421,430 **** - port = SSH_DEFAULT_PORT; - } - -- /* Map localhost to ip-address locally */ -- if (strcmp(host, "localhost") == 0) -- host = "127.0.0.1"; -- - /* If a proxy command is given, connect using it. */ - if (proxy_command != NULL && *proxy_command) - return ssh_proxy_connect(host, port, original_real_uid, proxy_command, ---- 451,456 ---- -*************** -*** 432,440 **** - - /* No proxy command. */ - -! /* No host lookup made yet. */ -! hp = NULL; -! - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ ---- 458,495 ---- - - /* No proxy command. */ - -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", port); -! #if defined(SOCKS) -! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #else /* SOCKS */ -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #endif /* SOCKS */ -! -! #ifdef ENABLE_ANOTHER_PORT_TRY -! if (another_port) -! { -! aitmp = aitop; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", another_port); -! #if defined(SOCKS) -! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #else /* SOCKS */ -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #endif /* SOCKS */ -! for (ai = aitop; ai->ai_next; ai = ai->ai_next); -! ai->ai_next = aitmp; -! } -! #endif /* ENABLE_ANOTHER_PORT_TRY */ -! - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ -*************** -*** 443,545 **** - if (attempt > 0) - debug("Trying again..."); - -- /* Try to parse the host name as a numeric inet address. */ -- memset(&hostaddr, 0, sizeof(hostaddr)); -- hostaddr.sin_family = AF_INET; -- hostaddr.sin_port = htons(port); -- #ifdef BROKEN_INET_ADDR -- hostaddr.sin_addr.s_addr = inet_network(host); -- #else /* BROKEN_INET_ADDR */ -- hostaddr.sin_addr.s_addr = inet_addr(host); -- #endif /* BROKEN_INET_ADDR */ -- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -- { -- /* Create a socket. */ -- sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -- -- /* Valid numeric IP address */ -- debug("Connecting to %.100s port %d.", -- inet_ntoa(hostaddr.sin_addr), port); -- -- /* Connect to the host. */ -- #if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) -- #else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) -- #endif /* SOCKS */ -- >= 0) -- { -- /* Successful connect. */ -- break; -- } -- debug("connect: %.100s", strerror(errno)); -- -- /* Destroy the failed socket. */ -- shutdown(sock, 2); -- close(sock); -- } -- else -- { -- /* Not a valid numeric inet address. */ -- /* Map host name to an address. */ -- if (!hp) -- { -- struct hostent *hp_static; -- -- #if defined(SOCKS5) -- hp_static = Rgethostbyname(host); -- #else -- hp_static = gethostbyname(host); -- #endif -- if (hp_static) -- { -- hp = xmalloc(sizeof(struct hostent)); -- memcpy(hp, hp_static, sizeof(struct hostent)); -- -- /* Copy list of addresses, not just pointers. -- We don't use h_name & h_aliases so leave them as is */ -- for (i = 0; hp_static->h_addr_list[i]; i++) -- ; /* count them */ -- hp->h_addr_list = xmalloc((i + 1) * -- sizeof(hp_static->h_addr_list[0])); -- for (i = 0; hp_static->h_addr_list[i]; i++) -- { -- hp->h_addr_list[i] = xmalloc(hp->h_length); -- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i], -- hp->h_length); -- } -- hp->h_addr_list[i] = NULL; /* last one */ -- } -- } -- if (!hp) -- fatal("Bad host name: %.100s", host); -- if (!hp->h_addr_list[0]) -- fatal("Host does not have an IP address: %.100s", host); -- - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -! for (i = 0; hp->h_addr_list[i]; i++) - { -! /* Set the address to connect to. */ -! hostaddr.sin_family = hp->h_addrtype; -! memcpy(&hostaddr.sin_addr, hp->h_addr_list[i], -! sizeof(hostaddr.sin_addr)); - -! debug("Connecting to %.200s [%.100s] port %d.", -! host, inet_ntoa(hostaddr.sin_addr), port); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -! !anonymous && geteuid() == UID_ROOT); - - /* Connect to the host. */ - #if defined(SOCKS) -! if (Rconnect(sock, (struct sockaddr *)&hostaddr, -! sizeof(hostaddr)) >= 0) - #else /* SOCKS */ -! if (connect(sock, (struct sockaddr *)&hostaddr, -! sizeof(hostaddr)) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ ---- 498,526 ---- - if (attempt > 0) - debug("Trying again..."); - - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -! for (ai = aitop; ai; ai = ai->ai_next) - { -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), strport, sizeof(strport), -! NI_NUMERICHOST|NI_NUMERICSERV); - -! debug("Connecting to %.200s [%.100s] port %s.", -! host, ntop, strport); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -! !anonymous && geteuid() == UID_ROOT, -! ai->ai_family); -! if (sock < 0) -! continue; - - /* Connect to the host. */ - #if defined(SOCKS) -! if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #else /* SOCKS */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ -*************** -*** 552,573 **** - returned an error. */ - shutdown(sock, 2); - close(sock); -! } -! if (hp->h_addr_list[i]) - break; /* Successful connection. */ -- } - - /* Sleep a moment before retrying. */ - sleep(1); - } - -! if (hp) -! { -! for (i = 0; hp->h_addr_list[i]; i++) -! xfree(hp->h_addr_list[i]); -! xfree(hp->h_addr_list); -! xfree(hp); -! } - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) ---- 533,547 ---- - returned an error. */ - shutdown(sock, 2); - close(sock); -! } /* for (ai = aitop; ai; ai = ai->ai_next) */ -! if (ai) - break; /* Successful connection. */ - - /* Sleep a moment before retrying. */ - sleep(1); - } - -! freeaddrinfo(aitop); - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) -*************** -*** 946,952 **** - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -! struct sockaddr_in local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); ---- 920,926 ---- - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -! struct sockaddr_storage local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); diff --git a/picobsd/ssh-picobsd/files/patch-ao b/picobsd/ssh-picobsd/files/patch-ao deleted file mode 100644 index 0c5f76b3ed1b..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ao +++ /dev/null @@ -1,583 +0,0 @@ -*** newchannels.c.orig Tue Jan 11 20:38:09 2000 ---- newchannels.c Tue Jan 11 20:38:02 2000 -*************** -*** 282,287 **** ---- 282,292 ---- - #endif /* NEED_SYS_SYSLOG_H */ - #endif /* LIBWRAP */ - -+ #ifdef __FreeBSD__ -+ #include <utmp.h> -+ #include <osreldate.h> -+ #endif -+ - /* Directory in which the fake unix-domain X11 displays reside. */ - #ifndef X11_DIR - #define X11_DIR "/tmp/.X11-unix" -*************** -*** 1405,1417 **** - int host_port, int gatewayports) - { - int ch, sock; -! struct sockaddr_in sin; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - - /* Create a port to listen for the host. */ -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - ---- 1410,1438 ---- - int host_port, int gatewayports) - { - int ch, sock; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = gatewayports ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ packet_disconnect("getaddrinfo: fatal error"); -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create a port to listen for the host. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - -*************** -*** 1421,1441 **** - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! /* Initialize socket address. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! if (gatewayports) -! sin.sin_addr.s_addr = INADDR_ANY; -! else -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network("127.0.0.1"); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr("127.0.0.1"); -! #endif /* BROKEN_INET_ADDR */ -! sin.sin_port = htons(port); -! - /* Bind the socket to the address. */ -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ ---- 1442,1451 ---- - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! debug("Listening on %s port %s.", ntop, strport); -! - /* Bind the socket to the address. */ -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ -*************** -*** 1448,1453 **** ---- 1458,1466 ---- - strcpy(channels[ch].path, host); /* note: host name stored here */ - channels[ch].host_port = host_port; /* port on host to connect to */ - channels[ch].listening_port = port; /* port being listened */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); - } - - /* Initiate forwarding of connections to port "port" on remote host through -*************** -*** 1636,1644 **** - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; -- struct sockaddr_in sin; - char *host, *originator_string; -! struct hostent *hp; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); ---- 1649,1658 ---- - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; - char *host, *originator_string; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -! int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -*************** -*** 1678,1713 **** - } - } - -! memset(&sin, 0, sizeof(sin)); -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network(host); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr(host); -! #endif /* BROKEN_INET_ADDR */ -! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -! { -! /* It was a valid numeric host address. */ -! sin.sin_family = AF_INET; -! } -! else - { -! /* Look up the host address from the name servers. */ -! hp = gethostbyname(host); -! if (!hp) -! { -! error("%.100s: unknown host.", host); -! goto fail; -! } -! if (!hp->h_addr_list[0]) -! { -! error("%.100s: host has no IP address.", host); -! goto fail; -! } -! sin.sin_family = hp->h_addrtype; -! memcpy(&sin.sin_addr, hp->h_addr_list[0], -! sizeof(sin.sin_addr)); - } -- sin.sin_port = htons(host_port); - - #ifdef F_SECURE_COMMERCIAL - ---- 1692,1706 ---- - } - } - -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", host_port); -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - { -! error("%.100s: unknown host (%s)", host, gai_strerror(gaierr)); -! goto fail; - } - - #ifdef F_SECURE_COMMERCIAL - -*************** -*** 1744,1751 **** - - #endif /* F_SECURE_COMMERCIAL */ - - /* Create the socket. */ -! sock = socket(sin.sin_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); ---- 1737,1751 ---- - - #endif /* F_SECURE_COMMERCIAL */ - -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create the socket. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -*************** -*** 1753,1767 **** - } - - /* Connect to the host/port. */ -! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("connect %.100s:%d: %.100s", host, host_port, -! strerror(errno)); - close(sock); - goto fail; - } - - /* Successful connection. */ - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); ---- 1753,1777 ---- - } - - /* Connect to the host/port. */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); - close(sock); -+ continue; /* fail -- try next */ -+ } -+ break; /* success */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ -+ if (!ai) -+ { -+ error("connect %.100s:%d: failed.", host, host_port); - goto fail; - } - - /* Successful connection. */ -+ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); -*************** -*** 1803,1809 **** - { - extern ServerOptions options; - int display_number, port, sock; -! struct sockaddr_in sin; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; ---- 1813,1822 ---- - { - extern ServerOptions options; - int display_number, port, sock; -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! #define NUM_SOCKS 10 -! int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS]; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; -*************** -*** 1817,1828 **** - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr.s_addr = INADDR_ANY; -! sin.sin_port = htons(port); - -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); ---- 1830,1850 ---- - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_flags = AI_PASSIVE; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", port); -! if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) -! { -! error("getaddrinfo: %.100s", gai_strerror(gaierr)); -! return NULL; -! } -! -! for (ai = aitop; ai; ai = ai->ai_next) -! { - -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -*************** -*** 1835,1847 **** - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -! continue; - } - break; - } - if (display_number >= MAX_DISPLAYS) ---- 1857,1882 ---- - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -! for (n = 0; n < num_socks; n++) -! { -! shutdown(socks[n], 2); -! close(socks[n]); -! } -! num_socks = 0; -! break; - } -+ -+ socks[num_socks++] = sock; -+ if (num_socks == NUM_SOCKS) -+ break; -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ -+ if (num_socks > 0) - break; - } - if (display_number >= MAX_DISPLAYS) -*************** -*** 1851,1863 **** ---- 1886,1907 ---- - } - - /* Start listening for connections on the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - if (listen(sock, 5) < 0) - { - error("listen: %.100s", strerror(errno)); - shutdown(sock, 2); - close(sock); -+ for (nn = 0; nn < n; nn++) -+ { -+ shutdown(socks[nn], 2); -+ close(socks[nn]); -+ } - return NULL; - } -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Set up a suitable value for the DISPLAY variable. */ - #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE -*************** -*** 1868,1877 **** - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -! struct hostent *hp; -! struct in_addr addr; -! hp = gethostbyname(hostname); -! if (hp == NULL || !hp->h_addr_list[0]) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", ---- 1912,1922 ---- - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -! struct addrinfo hints, *ai; -! char ntop[ADDRSTRLEN]; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", -*************** -*** 1880,1888 **** - close(sock); - return NULL; - } -! memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); - snprintf(buf, sizeof(buf), -! "%.100s:%d.%d", inet_ntoa(addr), display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ ---- 1925,1934 ---- - close(sock); - return NULL; - } -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - snprintf(buf, sizeof(buf), -! "%.100s:%d.%d", ntop, display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ -*************** -*** 1891,1896 **** ---- 1937,1945 ---- - fatal("gethostname: %.100s", strerror(errno)); - snprintf(buf, sizeof(buf), - "%.400s:%d.%d", hostname, display_number, screen_number); -+ #if __FreeBSD_version >= 320000 -+ trimdomain(buf, UT_HOSTSIZE); -+ #endif - #else /* HAVE_GETHOSTNAME */ - if (uname(&uts) < 0) - fatal("uname: %.100s", strerror(errno)); -*************** -*** 1900,1907 **** ---- 1949,1960 ---- - #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ - - /* Allocate a channel for the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, - xstrdup("X11 inet listener")); -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Return a suitable value for the DISPLAY environment variable. */ - return xstrdup(buf); -*************** -*** 1916,1924 **** - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; -- struct sockaddr_in sin; - char buf[255], *cp, *remote_host; -! struct hostent *hp; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); ---- 1969,1978 ---- - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; - char buf[255], *cp, *remote_host; -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -*************** -*** 2058,2110 **** - goto fail; - } - -! /* Try to parse the host name as a numeric IP address. */ -! memset(&sin, 0, sizeof(sin)); -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network(buf); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr(buf); -! #endif /* BROKEN_INET_ADDR */ -! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) - { -! /* It was a valid numeric host address. */ -! sin.sin_family = AF_INET; - } -! else - { -- /* Not a numeric IP address. */ -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(buf); -- if (!hp) -- { -- error("%.100s: unknown host.", buf); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", buf); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -- } -- /* Set port number. */ -- sin.sin_port = htons(6000 + display_number); - - /* Create a socket. */ -! sock = socket(sin.sin_family, SOCK_STREAM, 0); - if (sock < 0) - { -! error("socket: %.100s", strerror(errno)); -! goto fail; - } - /* Connect it to the display. */ -! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); - goto fail; - } - ---- 2112,2155 ---- - goto fail; - } - -! /* Look up the host address */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", 6000 + display_number); -! if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) - { -! error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); -! goto fail; - } -! -! for (ai = aitop; ai; ai = ai->ai_next) - { - - /* Create a socket. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { -! debug("socket: %.100s", strerror(errno)); -! continue; - } - /* Connect it to the display. */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! debug("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); -+ continue; -+ } -+ /* Success */ -+ break; -+ -+ } /* (ai = aitop, ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ if (!ai) -+ { -+ error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ strerror(errno)); - goto fail; - } - -*************** -*** 2412,2417 **** ---- 2457,2466 ---- - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - diff --git a/picobsd/ssh-picobsd/files/patch-aw b/picobsd/ssh-picobsd/files/patch-aw deleted file mode 100644 index 697f32393bf6..000000000000 --- a/picobsd/ssh-picobsd/files/patch-aw +++ /dev/null @@ -1,73 +0,0 @@ -*** login.c.orig Tue Jan 11 20:36:37 2000 ---- login.c Tue Jan 11 20:36:34 2000 -*************** -*** 117,122 **** ---- 117,125 ---- - #include <hpsecurity.h> - #include <prot.h> - #endif /* HAVE_HPUX_TCB_AUTH */ -+ #ifdef __FreeBSD__ -+ #include <osreldate.h> -+ #endif - #include "ssh.h" - - /* Returns the time when the user last logged in. Returns 0 if the -*************** -*** 255,261 **** - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr_in *addr) - { - int fd; - ---- 258,264 ---- - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr *addr) - { - int fd; - -*************** -*** 301,317 **** - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP -- strncpy(u.ut_host, host, sizeof(u.ut_host)); - #ifdef __FreeBSD__ - if (strlen(host) > sizeof(u.ut_host)) { - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -! } - #endif /* __FreeBSD__ */ - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - ---- 304,325 ---- - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP - #ifdef __FreeBSD__ -+ #if __FreeBSD_version >= 320000 -+ trimdomain(host, sizeof u.ut_host); -+ #endif - if (strlen(host) > sizeof(u.ut_host)) { - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -! } else - #endif /* __FreeBSD__ */ -+ strncpy(u.ut_host, host, sizeof(u.ut_host)); - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP -+ #if 0 /* XXX */ - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else -+ #endif /* XXX */ - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - diff --git a/picobsd/ssh-picobsd/files/patch-ax b/picobsd/ssh-picobsd/files/patch-ax deleted file mode 100644 index c4a114fc306e..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ax +++ /dev/null @@ -1,25 +0,0 @@ ---- rsaglue.c.orig Tue Nov 9 11:12:32 1999 -+++ rsaglue.c Tue Nov 9 11:17:58 1999 -@@ -139,6 +139,10 @@ - - input_bits = mpz_sizeinbase(input, 2); - input_len = (input_bits + 7) / 8; -+ if(input_bits > MAX_RSA_MODULUS_BITS) -+ fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).", -+ input_bits, MAX_RSA_MODULUS_BITS); -+ - gmp_to_rsaref(input_data, input_len, input); - - rsaref_public_key(&public_key, key); -@@ -172,6 +176,10 @@ - - input_bits = mpz_sizeinbase(input, 2); - input_len = (input_bits + 7) / 8; -+ if(input_bits > MAX_RSA_MODULUS_BITS) -+ fatal("Received session key too long (%d bits, %d max) (malicious?).", -+ input_bits, MAX_RSA_MODULUS_BITS); -+ - gmp_to_rsaref(input_data, input_len, input); - - rsaref_private_key(&private_key, key); - diff --git a/picobsd/ssh-picobsd/files/patch-ay b/picobsd/ssh-picobsd/files/patch-ay deleted file mode 100644 index 71daac2ca4a9..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ay +++ /dev/null @@ -1,20 +0,0 @@ ---- rsaglue.c 1999/12/10 23:27:25 1.8 -+++ rsaglue.c 2001/02/03 09:42:05 -@@ -264,7 +268,15 @@ - mpz_clear(&aux); - - if (value[0] != 0 || value[1] != 2) -- fatal("Bad result from rsa_private_decrypt"); -+ { -+ static time_t last_kill_time = 0; -+ if (time(NULL) - last_kill_time > 60 && getppid() != 1) -+ { -+ last_kill_time = time(NULL); -+ kill(getppid(), SIGALRM); -+ } -+ fatal("Bad result from rsa_private_decrypt"); -+ } - - for (i = 2; i < len && value[i]; i++) - ; - diff --git a/picobsd/ssh-picobsd/files/patch-az b/picobsd/ssh-picobsd/files/patch-az deleted file mode 100644 index e09b6edda900..000000000000 --- a/picobsd/ssh-picobsd/files/patch-az +++ /dev/null @@ -1,12 +0,0 @@ ---- deattack.c-old Wed Feb 7 19:45:16 2001 -+++ deattack.c Wed Feb 7 19:54:11 2001 -@@ -79,7 +79,7 @@ - detect_attack(unsigned char *buf, word32 len, unsigned char *IV) - { - static word16 *h = (word16 *) NULL; -- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; -+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; - register word32 i, j; - word32 l; - register unsigned char *c; - diff --git a/picobsd/ssh-picobsd/files/patch-ba b/picobsd/ssh-picobsd/files/patch-ba deleted file mode 100644 index 69ad90067e8c..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ba +++ /dev/null @@ -1,176 +0,0 @@ -*** README-IPv6.orig Mon Jan 10 22:56:13 2000 ---- README-IPv6 Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,171 ---- -+ ssh-1.2.27-IPv6 version 1.5 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * ssh-1.2.27-IPv6 can handle both IPv4 and IPv6. -+ -+ To enable sshd/ssh to handle both IPv4 and IPv6, -+ -+ ./configure --enable-ipv6 -+ -+ Otherwise sshd/ssh handle IPv4 only as same as original ssh. -+ -+ * You can have multiple ListenAddress lines in /etc/sshd_config. -+ It means that sshd can listen multiple addresses. -+ -+ Example1: sshd will bind on these four adresses. -+ -+ ListenAddress 202.249.17.50 -+ ListenAddress 202.249.17.137 -+ ListenAddress 3ffe:501:c0b::1 -+ ListenAddress 3ffe:501:c0b:20:2a0:c9ff:fe3e:f5fc -+ -+ Example2: as same as example1. -+ (Because bertemu.rcac.tdi.co.jp has these four addresses.) -+ -+ ListenAddress bertemu.rcac.tdi.co.jp -+ -+ Example3: sshd will bind on any address both IPv4 and IPv6. -+ -+ ListenAddress :: -+ ListenAddress 0.0.0.0 -+ -+ Example4: as same as example3. -+ -+ No ListenAddress line in /etc/sshd_config. -+ -+ * You don't mind whether the host has IPv4 or IPv6 address. -+ You can also specify using only IPv4 (or only IPv6). -+ -+ Example1: ssh will try all IPv4 and IPv6 addresses that the host has. -+ -+ ssh host -+ -+ Example2: ssh will try all IPv4 addresses that the host has. -+ -+ ssh -4 host -+ -+ Example3: ssh will try all IPv6 addresses that the host has. -+ -+ ssh -6 host -+ -+ * You can have multiple Port lines in /etc/sshd_config and -p options. -+ It means that sshd can listen multiple ports, not only port 22. -+ -+ For example, you run sshd that listens port 22 and port 722, -+ and you can use port 22 for slogin and port 722 for scp. -+ It's useful if you have preference for interactive traffic in the router. -+ -+ You can have "AnotherPort 722" line in /etc/ssh_config or your -+ config file (maybe ~/.ssh/config). In this case, ssh with -A option -+ try to connect to port 722 at first, and try to connect to original -+ port (maybe port 22) if port 722 fails. scp executes ssh with -A option. -+ -+ * IPv6 supported platform -+ -+ IPv6 feature is available on follwing platforms now. -+ -+ kame -- http://www.kame.net/ (used to be called Hydrangea) -+ v6d -- http://onoe2.sm.sony.co.jp/ipv6/ (IPv6 daemon) -+ -+ On the other environments you can compile and run ssh-1.2.27-IPv6 if -+ you have a good getaddrinfo() in your library. -+ -+ * How to get ssh-1.2.27-IPv6 -+ -+ You can get tar.gz or patch to ssh-1.2.27.tar.gz: -+ -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5.tar.gz -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5-patch.gz -+ -+ * How to install ssh-1.2.27-IPv6 -+ -+ Apply ssh-1.2.27-IPv6-1.5-patch to ssh-1.2.27.tar.gz (or use -+ ssh-1.2.27-IPv6-1.5.tar.gz) and then see INSTALL file of ssh-1.2.27. -+ -+ If you want to enable ssh to handle IPv6, for example, -+ -+ % ./configure --enable-ipv6 -+ % make -+ % make install -+ -+ and you will be able to enjoy ssh handling both IPv6 and IPv4. -+ -+ * Change Log -+ -+ v1.5 1999-05-15 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.27 -+ * supported scp with bracketed ipv6 ip address -+ * used struct sockaddr_storage instead of union sockunion -+ -+ v1.4 1998-08-21 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ * cleanup comparing ip address at get_remote_hostname() in canohost.c -+ -+ v1.3 1998-08-14 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ pointed out by Kenji Rikitake <kenji@k2r.org> -+ -+ v1.2.2 1998-08-07 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed IPv6 enable checking bug in configure.in -+ -+ v1.2.1 1998-08-05 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed AuthLog enable handling bug -+ -+ v1.2 1998-08-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.26 -+ -+ v1.1.5 1998-06-13 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported AuthLog (logging authenticated info) in /etc/sshd_config -+ -+ v1.1.4 1998-06-11 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported multiple Port lines in /etc/sshd_config -+ * supported AnotherPort line in /etc/ssh_config -+ * supported -A option of ssh for another port try -+ -+ v1.1.3 1998-06-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * X11 connection forwarding IPv6 support -+ * removeed all hostent and sockaddr_in from *.c -+ -+ v1.1.2 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * configuration support for v6d. -+ -+ v1.1.1 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add getaddinfo.c, getnameinfo.c and gai.h (delete fakelibinet6.c) -+ * configure checks whether getaddrinfo exists or not. -+ -+ v1.1 1998-05-31 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * add fakelibinet6.c (including getaddrinfo and getnameinfo) -+ * compilation support on non-IPv6 environment. -+ * fixed port forwarding bug -+ -+ v1.0.1 1998-05-30 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add ENABLE_IPV6 flag. -+ * configuration support --enable-ipv6 for IPv6 platforms. -+ -+ v1.0 1998-05-30 created by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * first release -+ * IPv6 support except X11 connection forwarding -+ -+ * Guideline for making this patch -+ -+ * protocol family independent (using AF_UNSPEC) -+ * use getaddrinfo and getnameinfo (see RFC2133) -+ * don't use sockaddr_in and AF_INET (but option -4 uses AF_INET) -+ * don't use sockaddr_in6 and AF_INET6 (but option -6 uses AF_INET6) -+ * don't use gethostbyname, gethostbyaddr and hostent -+ * listen to all addresses for all available protocol family -+ * try to connect to all addresses for all available protocol family -+ diff --git a/picobsd/ssh-picobsd/files/patch-bb b/picobsd/ssh-picobsd/files/patch-bb deleted file mode 100644 index 945e1fd83b2e..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bb +++ /dev/null @@ -1,29 +0,0 @@ -*** acconfig.h.orig Wed May 12 13:19:23 1999 ---- acconfig.h Mon Jan 10 22:56:13 2000 -*************** -*** 274,279 **** ---- 274,297 ---- - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+ /* Define this if you have struct sockaddr_storage. */ -+ #undef HAVE_SOCKADDR_STORAGE -+ -+ /* Define this if you have __sa_family in struct sockaddr_storage. */ -+ #undef HAVE_NEW_SS_FAMILY -+ -+ /* Define this if you have ss_len in struct sockaddr. */ -+ #undef HAVE_SOCKADDR_LEN -+ -+ /* Define this if you want to enable IPv6 support. */ -+ #undef ENABLE_IPV6 -+ -+ /* Define this if you want to enable another port try support. */ -+ #undef ENABLE_ANOTHER_PORT_TRY -+ -+ /* Define this if you want to enable logging auth info support. */ -+ #undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - diff --git a/picobsd/ssh-picobsd/files/patch-bc b/picobsd/ssh-picobsd/files/patch-bc deleted file mode 100644 index 63b079f2e35c..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bc +++ /dev/null @@ -1,401 +0,0 @@ -*** canohost.c.orig Wed May 12 13:19:24 1999 ---- canohost.c Mon Jan 10 22:56:13 2000 -*************** -*** 59,68 **** - - char *get_remote_hostname(int socket) - { -! struct sockaddr_in from; - int fromlen, i; -! struct hostent *hp; - char name[255]; - - /* Get IP address of client. */ - fromlen = sizeof(from); ---- 59,69 ---- - - char *get_remote_hostname(int socket) - { -! struct sockaddr_storage from; - int fromlen, i; -! struct addrinfo hints, *ai, *aitop; - char name[255]; -+ char ntop[ADDRSTRLEN], ntop2[ADDRSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -*************** -*** 73,86 **** - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } - - /* Map the IP address to a host name. */ -! hp = gethostbyaddr((char *)&from.sin_addr, sizeof(struct in_addr), -! from.sin_family); -! if (hp) - { - /* Got host name. */ -- strncpy(name, hp->h_name, sizeof(name)); - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this ---- 74,89 ---- - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } -+ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - - /* Map the IP address to a host name. */ -! if (getnameinfo((struct sockaddr *)&from, fromlen, -! name, sizeof(name), -! NULL, 0, NI_NAMEREQD) == 0) - { - /* Got host name. */ - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this -*************** -*** 95,119 **** - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -! hp = gethostbyname(name); -! if (!hp) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -! strcpy(name, inet_ntoa(from.sin_addr)); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -! for (i = 0; hp->h_addr_list[i]; i++) -! if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) -! == 0) -! break; - /* If we reached the end of the list, the address was not there. */ -! if (!hp->h_addr_list[i]) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -! inet_ntoa(from.sin_addr), name); -! strcpy(name, inet_ntoa(from.sin_addr)); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ ---- 98,127 ---- - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = from.__ss_family; -! if (getaddrinfo(name, NULL, &hints, &aitop) != 0) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -! strcpy(name, ntop); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -! for (ai = aitop; ai; ai = ai->ai_next) -! { -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop2, sizeof(ntop2), NULL, 0, NI_NUMERICHOST); -! if (strcmp(ntop, ntop2) == 0) -! break; -! } -! freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ -! if (!ai) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -! ntop, name); -! strcpy(name, ntop); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ -*************** -*** 121,127 **** - else - { - /* Host name not found. Use ascii representation of the address. */ -! strcpy(name, inet_ntoa(from.sin_addr)); - log_msg("Could not reverse map address %.100s.", name); - } - ---- 129,135 ---- - else - { - /* Host name not found. Use ascii representation of the address. */ -! strcpy(name, ntop); - log_msg("Could not reverse map address %.100s.", name); - } - -*************** -*** 136,141 **** ---- 144,150 ---- - Notice also that if we just dropped source routing here, the other - side could use IP spoofing to do rest of the interaction and could still - bypass security. So we exit here if we detect any IP options. */ -+ if (from.__ss_family == AF_INET) /* IP options -- IPv4 only */ - { - unsigned char options[200], *ucp; - char text[1024], *cp; -*************** -*** 157,165 **** - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -! inet_ntoa(from.sin_addr), text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -! inet_ntoa(from.sin_addr), text); - } - } - #endif ---- 166,174 ---- - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -! ntop, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -! ntop, text); - } - } - #endif -*************** -*** 177,183 **** - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -! struct sockaddr_in from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) ---- 186,192 ---- - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -! struct sockaddr_storage from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) -*************** -*** 200,207 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_ip_addr; - - no_ip_addr: ---- 209,215 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -*************** -*** 221,228 **** - - const char *get_remote_ipaddr(void) - { -! struct sockaddr_in from, to; - int fromlen, tolen, socket; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) ---- 229,237 ---- - - const char *get_remote_ipaddr(void) - { -! struct sockaddr_storage from, to; - int fromlen, tolen, socket; -+ char ntop[ADDRSTRLEN]; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) -*************** -*** 245,252 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_ip_addr; - - no_ip_addr: ---- 254,260 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -*************** -*** 269,275 **** - } - - /* Get the IP address in ascii. */ -! canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr)); - - /* Return ip address string. */ - return canonical_host_ip; ---- 277,285 ---- - } - - /* Get the IP address in ascii. */ -! getnameinfo((struct sockaddr *)&from, fromlen, -! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); -! canonical_host_ip = xstrdup(ntop); - - /* Return ip address string. */ - return canonical_host_ip; -*************** -*** 279,286 **** - - int get_peer_port(int sock) - { -! struct sockaddr_in from; - int fromlen; - - /* Get IP address of client. */ - fromlen = sizeof(from); ---- 289,297 ---- - - int get_peer_port(int sock) - { -! struct sockaddr_storage from; - int fromlen; -+ char strport[PORTSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -*************** -*** 292,298 **** - } - - /* Return port number. */ -! return ntohs(from.sin_port); - } - - /* Returns the port number of the remote host. */ ---- 303,311 ---- - } - - /* Return port number. */ -! getnameinfo((struct sockaddr *)&from, fromlen, -! NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -! return atoi(strport); - } - - /* Returns the port number of the remote host. */ -*************** -*** 301,307 **** - { - int socket; - int fromlen, tolen; -! struct sockaddr_in from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ ---- 314,320 ---- - { - int socket; - int fromlen, tolen; -! struct sockaddr_storage from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ -*************** -*** 319,326 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_port; - - no_ip_addr: ---- 332,338 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_port; - - no_ip_addr: -*************** -*** 335,337 **** ---- 347,413 ---- - /* Get and return the peer port number. */ - return get_peer_port(socket); - } -+ -+ /* Returns the port of the local of the socket. */ -+ -+ int get_sock_port(int sock) -+ { -+ struct sockaddr_storage from; -+ int fromlen; -+ char strport[PORTSTRLEN]; -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) -+ { -+ error("getsockname failed: %.100s", strerror(errno)); -+ return 0; -+ } -+ -+ /* Return port number. */ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -+ return atoi(strport); -+ } -+ -+ /* Returns the port number of the local host. */ -+ -+ int get_local_port() -+ { -+ int socket; -+ int fromlen, tolen; -+ struct sockaddr_storage from, to; -+ -+ /* If two different descriptors, check if they are internet-domain, and -+ have the same address. */ -+ if (packet_get_connection_in() != packet_get_connection_out()) -+ { -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(packet_get_connection_in(), (struct sockaddr *)&from, -+ &fromlen) < 0) -+ goto no_ip_addr; -+ -+ tolen = sizeof(to); -+ memset(&to, 0, sizeof(to)); -+ if (getsockname(packet_get_connection_out(), (struct sockaddr *)&to, -+ &tolen) < 0) -+ goto no_ip_addr; -+ -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) -+ goto return_port; -+ -+ no_ip_addr: -+ return 65535; -+ } -+ -+ return_port: -+ -+ /* Get client socket. */ -+ socket = packet_get_connection_in(); -+ -+ /* Get and return the local port number. */ -+ return get_sock_port(socket); -+ } -+ diff --git a/picobsd/ssh-picobsd/files/patch-bd b/picobsd/ssh-picobsd/files/patch-bd deleted file mode 100644 index 7cb3c119c216..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bd +++ /dev/null @@ -1,60 +0,0 @@ -*** config.h.in.orig Wed May 12 13:20:04 1999 ---- config.h.in Thu Feb 24 17:12:10 2000 -*************** -*** 285,290 **** ---- 285,292 ---- - #undef Rdup2 - #undef Rfclose - #undef Rgethostbyname -+ #undef Rgetaddrinfo -+ - - /* Set this to allow group writeability of $HOME, .ssh and authorized_keys */ - #undef ALLOW_GROUP_WRITEABILITY -*************** -*** 323,328 **** ---- 325,348 ---- - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+ /* Define this if you have struct sockaddr_storage. */ -+ #undef HAVE_SOCKADDR_STORAGE -+ -+ /* Define this if you have __sa_family in struct sockaddr_storage. */ -+ #undef HAVE_NEW_SS_FAMILY -+ -+ /* Define this if you have ss_len in struct sockaddr. */ -+ #undef HAVE_SOCKADDR_LEN -+ -+ /* Define this if you want to enable IPv6 support. */ -+ #undef ENABLE_IPV6 -+ -+ /* Define this if you want to enable another port try support. */ -+ #undef ENABLE_ANOTHER_PORT_TRY -+ -+ /* Define this if you want to enable logging auth info support. */ -+ #undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - -*************** -*** 375,385 **** ---- 395,411 ---- - /* Define if you have the ftruncate function. */ - #undef HAVE_FTRUNCATE - -+ /* Define if you have the getaddrinfo function. */ -+ #undef HAVE_GETADDRINFO -+ - /* Define if you have the getdtablesize function. */ - #undef HAVE_GETDTABLESIZE - - /* Define if you have the gethostname function. */ - #undef HAVE_GETHOSTNAME -+ -+ /* Define if you have the getnameinfo function. */ -+ #undef HAVE_GETNAMEINFO - - /* Define if you have the getpseudotty function. */ - #undef HAVE_GETPSEUDOTTY diff --git a/picobsd/ssh-picobsd/files/patch-be b/picobsd/ssh-picobsd/files/patch-be deleted file mode 100644 index 4a13d5dccb48..000000000000 --- a/picobsd/ssh-picobsd/files/patch-be +++ /dev/null @@ -1,370 +0,0 @@ ---- configure.in.orig Wed May 12 04:20:02 1999 -+++ configure.in Wed Apr 19 01:02:34 2000 -@@ -30,8 +30,140 @@ - fi - - AC_PROG_CC -+AC_PROG_CPP - AC_ISC_POSIX - -+AC_MSG_CHECKING([whether to enable ipv6]) -+AC_ARG_ENABLE(ipv6, -+[ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ipv6=no -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes -+ ;; -+ esac ], -+ -+ AC_TRY_RUN([ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes, -+ AC_MSG_RESULT(no) -+ ipv6=no, -+ AC_MSG_RESULT(no) -+ ipv6=no -+)) -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ AC_MSG_CHECKING([ipv6 stack type]) -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ kame) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ linux) -+ dnl http://www.v6.linux.or.jp/ -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ v6d) -+ AC_EGREP_CPP(yes, [dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"]) -+ ;; -+ zeta) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ AC_MSG_RESULT($ipv6type) -+fi -+ -+if test "$ipv6" = "yes" -a -f /usr/local/v6/lib/libinet6.a; then -+ ac_inet6_LDFLAGS="inet6" -+ ipv6libdir=/usr/local/v6/lib -+ LDFLAGS="$LDFLAGS -L/usr/local/v6/lib" -+ AC_CHECK_LIB(inet6, getaddrinfo, , ipv6lib="$ac_inet6_LDFLAGS") -+fi -+ -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ - AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") - - case "$host" in -@@ -313,7 +445,7 @@ - - # Socket pairs appear to be broken on several systems. I don't know exactly - # where, so I'll use pipes everywhere for now. --AC_DEFINE(USE_PIPES) -+# AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -@@ -369,7 +501,7 @@ - - AC_HEADER_STDC - AC_HEADER_SYS_WAIT --AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) -+AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h) - AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) - AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) - AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) -@@ -399,6 +531,16 @@ - [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) - AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) - -+AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage]) -+AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have __ss_family]) -+AC_EGREP_HEADER(__ss_family, sys/socket.h, -+ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have sa_len]) -+AC_EGREP_HEADER(sa_len, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+ - AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) - AC_CHECK_LIB(sec, getspnam) - AC_CHECK_LIB(seq, get_process_stats) -@@ -436,6 +578,107 @@ - - AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) - -+AC_MSG_CHECKING(getaddrinfo bug) -+AC_TRY_RUN([ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (!(inet4 == 0 || inet4 == 2)) -+ goto bad; -+ if (!(inet6 == 0 || inet6 == 2)) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+], -+AC_MSG_RESULT(good) -+buggygetaddrinfo=no, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes) -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ AC_REPLACE_FUNCS(getaddrinfo getnameinfo) -+ fi -+fi -+ - AC_PROG_LN_S - AC_PROG_INSTALL - AC_CHECK_PROG(AR, ar, ar, echo) -@@ -932,7 +1175,11 @@ - AC_DEFINE(KRB5) - KERBEROS_ROOT="$with_kerberos5" - KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ if test -f ${KERBEROS_ROOT}/lib/libk5crypto.a ; then -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" -+ else -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ fi - AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") - KERBEROS_OBJS="auth-kerberos.o" - ;; -@@ -1123,6 +1370,7 @@ - AC_DEFINE(Rdup2,SOCKSdup2) - AC_DEFINE(Rfclose,SOCKSfclose) - AC_DEFINE(Rgethostbyname,SOCKSgethostbyname) -+ AC_DEFINE(Rgetaddrinfo,SOCKSgetaddrinfo) - fi - - AC_MSG_CHECKING(whether to use rsaref) -@@ -1252,6 +1500,38 @@ - AC_DEFINE(ENABLE_TCP_NODELAY) - ) - -+AC_MSG_CHECKING(whether to enable another port try support) -+AC_ARG_ENABLE(another-port-try, -+[ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+) -+ -+AC_MSG_CHECKING(whether to enable logging auth info support) -+AC_ARG_ENABLE(log-auth, -+[ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+) -+ - AC_MSG_CHECKING(whether to enable SO_LINGER) - AC_ARG_ENABLE(so-linger, - [ --enable-so-linger Enable setting SO_LINGER socket option], -@@ -1311,6 +1591,8 @@ - AC_DEFINE(SCP_ALL_STATISTICS_ENABLED) - ) - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - AC_ARG_ENABLE(asm, -@@ -1324,7 +1606,7 @@ - fi - AC_MSG_RESULT($PIDDIR) - --AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) -+#AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) - - AC_ARG_PROGRAM - -@@ -1336,4 +1618,4 @@ - AC_SUBST(SSHDCONFOBJS) - AC_SUBST(SSHINSTALLMODE) - --AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) -+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl) diff --git a/picobsd/ssh-picobsd/files/patch-bf b/picobsd/ssh-picobsd/files/patch-bf deleted file mode 100644 index d8d53bc45530..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bf +++ /dev/null @@ -1,17 +0,0 @@ -*** gai.h.orig Mon Jan 10 22:56:13 2000 ---- gai.h Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,12 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file is included in getaddrinfo.c and getnameinfo.c. -+ * See getaddrinfo.c and getnameinfo.c. -+ */ -+ -+ /* for old netdb.h */ -+ #ifndef EAI_NODATA -+ #define EAI_NODATA 1 -+ #define EAI_MEMORY 2 -+ #endif diff --git a/picobsd/ssh-picobsd/files/patch-bg b/picobsd/ssh-picobsd/files/patch-bg deleted file mode 100644 index 689982094b9a..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bg +++ /dev/null @@ -1,120 +0,0 @@ -*** getaddrinfo.c.orig Mon Jan 10 22:56:13 2000 ---- getaddrinfo.c Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,115 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getaddrinfo.c -+ * will be used if you have broken getaddrinfo or no getaddrinfo. -+ */ -+ -+ #include "includes.h" -+ #include "ssh.h" -+ -+ #include "gai.h" -+ -+ static struct addrinfo * -+ malloc_ai(port, addr) -+ int port; -+ u_long addr; -+ { -+ struct addrinfo *ai; -+ -+ if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + -+ sizeof(struct sockaddr_in))) { -+ memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); -+ ai->ai_addr = (struct sockaddr *)(ai + 1); -+ /* XXX -- ssh doesn't use sa_len */ -+ ai->ai_addrlen = sizeof(struct sockaddr_in); -+ ai->ai_addr->sa_family = ai->ai_family = AF_INET; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; -+ return ai; -+ } else { -+ return NULL; -+ } -+ } -+ -+ char * -+ gai_strerror(ecode) -+ int ecode; -+ { -+ switch (ecode) { -+ case EAI_NODATA: -+ return "no address associated with hostname."; -+ case EAI_MEMORY: -+ return "memory allocation failure."; -+ default: -+ return "unknown error."; -+ } -+ } -+ -+ void -+ freeaddrinfo(ai) -+ struct addrinfo *ai; -+ { -+ struct addrinfo *next; -+ -+ do { -+ next = ai->ai_next; -+ free(ai); -+ } while (ai = next); -+ } -+ -+ int -+ getaddrinfo(hostname, servname, hints, res) -+ const char *hostname, *servname; -+ const struct addrinfo *hints; -+ struct addrinfo **res; -+ { -+ struct addrinfo *cur, *prev = NULL; -+ struct hostent *hp; -+ int i, port; -+ -+ if (servname) -+ port = htons(atoi(servname)); -+ else -+ port = 0; -+ if (hints && hints->ai_flags & AI_PASSIVE) -+ if (*res = malloc_ai(port, htonl(0x00000000))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (!hostname) -+ if (*res = malloc_ai(port, htonl(0x7f000001))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (inet_addr(hostname) != -1) -+ if (*res = malloc_ai(port, inet_addr(hostname))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if ((hp = gethostbyname(hostname)) && -+ hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { -+ for (i = 0; hp->h_addr_list[i]; i++) -+ if (cur = malloc_ai(port, -+ ((struct in_addr *)hp->h_addr_list[i])->s_addr)) { -+ if (prev) -+ prev->ai_next = cur; -+ else -+ *res = cur; -+ prev = cur; -+ } else { -+ if (*res) -+ freeaddrinfo(*res); -+ return EAI_MEMORY; -+ } -+ return 0; -+ } -+ return EAI_NODATA; -+ } diff --git a/picobsd/ssh-picobsd/files/patch-bh b/picobsd/ssh-picobsd/files/patch-bh deleted file mode 100644 index 3e50aaeda092..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bh +++ /dev/null @@ -1,66 +0,0 @@ -*** getnameinfo.c.orig Mon Jan 10 22:56:13 2000 ---- getnameinfo.c Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,61 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file includes getnameinfo(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getnameinfo.c -+ * will be used if you have broken getnameinfo or no getnameinfo. -+ */ -+ -+ #include "includes.h" -+ #include "ssh.h" -+ -+ #include "gai.h" -+ -+ int -+ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) -+ const struct sockaddr *sa; -+ size_t salen; -+ char *host; -+ size_t hostlen; -+ char *serv; -+ size_t servlen; -+ int flags; -+ { -+ struct sockaddr_in *sin = (struct sockaddr_in *)sa; -+ struct hostent *hp; -+ char tmpserv[16]; -+ -+ if (serv) { -+ sprintf(tmpserv, "%d", ntohs(sin->sin_port)); -+ if (strlen(tmpserv) > servlen) -+ return EAI_MEMORY; -+ else -+ strcpy(serv, tmpserv); -+ } -+ if (host) -+ if (flags & NI_NUMERICHOST) -+ if (strlen(inet_ntoa(sin->sin_addr)) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, inet_ntoa(sin->sin_addr)); -+ return 0; -+ } -+ else -+ if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), -+ AF_INET)) -+ if (strlen(hp->h_name) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, hp->h_name); -+ return 0; -+ } -+ else -+ return EAI_NODATA; -+ return 0; -+ } diff --git a/picobsd/ssh-picobsd/files/patch-bi b/picobsd/ssh-picobsd/files/patch-bi deleted file mode 100644 index 77ff392db911..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bi +++ /dev/null @@ -1,56 +0,0 @@ -*** log-server.c.orig Wed May 12 13:19:26 1999 ---- log-server.c Mon Jan 10 22:56:13 2000 -*************** -*** 146,151 **** ---- 146,170 ---- - syslog(LOG_INFO, "log: %.500s", buf); - } - -+ #ifdef ENABLE_LOG_AUTH -+ void log_auth(const char *fmt, ...) -+ { -+ char buf[1024]; -+ va_list args; -+ extern int log_auth_flag; -+ if (!log_auth_flag) -+ return; -+ if (log_quiet) -+ return; -+ va_start(args, fmt); -+ vsprintf(buf, fmt, args); -+ va_end(args); -+ if (log_on_stderr) -+ fprintf(stderr, "log: %s\n", buf); -+ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf); -+ } -+ #endif /* ENABLE_LOG_AUTH */ -+ - /* Converts portable syslog severity to machine-specific syslog severity. */ - - static int syslog_severity(int severity) -*************** -*** 322,327 **** ---- 341,349 ---- - { - char buf[1024]; - va_list args; -+ #ifdef ENABLE_LOG_AUTH -+ extern char *unauthenticated_user; -+ #endif /* ENABLE_LOG_AUTH */ - - if (log_quiet) - exit(1); -*************** -*** 331,336 **** ---- 353,363 ---- - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); - syslog(syslog_severity(severity), "fatal: %.500s", buf); -+ #ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+ #endif /* ENABLE_LOG_AUTH */ - - do_fatal_cleanups(); - diff --git a/picobsd/ssh-picobsd/files/patch-bj b/picobsd/ssh-picobsd/files/patch-bj deleted file mode 100644 index fb897af4865c..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bj +++ /dev/null @@ -1,16 +0,0 @@ -*** match.c.orig Wed May 12 13:19:27 1999 ---- match.c Mon Jan 10 22:56:13 2000 -*************** -*** 129,134 **** ---- 129,139 ---- - is_ip_pattern = 0; - break; - } -+ for(p = pattern; *p; p++) -+ if (!(isxdigit(*p) || *p == ':' || *p == '?' || *p == '*')) -+ break; -+ if (ip && !*p) -+ is_ip_pattern = 1; - if (is_ip_pattern) - { - return match_pattern(ip, pattern); diff --git a/picobsd/ssh-picobsd/files/patch-bl b/picobsd/ssh-picobsd/files/patch-bl deleted file mode 100644 index 60296a9735bb..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bl +++ /dev/null @@ -1,66 +0,0 @@ -*** readconf.c.orig Wed May 12 13:19:27 1999 ---- readconf.c Mon Jan 10 22:56:13 2000 -*************** -*** 171,176 **** ---- 171,179 ---- - oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, - oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, - oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ oAnotherPort, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost - } OpCodes; - -*************** -*** 194,199 **** ---- 197,205 ---- - { "hostname", oHostName }, - { "proxycommand", oProxyCommand }, - { "port", oPort }, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ { "anotherport", oAnotherPort }, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - { "cipher", oCipher }, - { "remoteforward", oRemoteForward }, - { "localforward", oLocalForward }, -*************** -*** 497,502 **** ---- 503,514 ---- - *intptr = value; - break; - -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ case oAnotherPort: -+ intptr = &options->another_port; -+ goto parse_int; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case oConnectionAttempts: - intptr = &options->connection_attempts; - goto parse_int; -*************** -*** 689,694 **** ---- 701,709 ---- - options->keepalives = -1; - options->compression_level = -1; - options->port = -1; -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ options->another_port = -1; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - options->connection_attempts = -1; - options->number_of_password_prompts = -1; - options->password_prompt_login = -1; -*************** -*** 759,764 **** ---- 774,783 ---- - options->compression_level = 6; - if (options->port == -1) - options->port = 0; /* Filled in ssh_connect. */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ if (options->another_port == -1) -+ options->another_port = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - if (options->connection_attempts == -1) - options->connection_attempts = 4; - if (options->number_of_password_prompts == -1) diff --git a/picobsd/ssh-picobsd/files/patch-bm b/picobsd/ssh-picobsd/files/patch-bm deleted file mode 100644 index a394777b4841..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bm +++ /dev/null @@ -1,14 +0,0 @@ -*** readconf.h.orig Wed May 12 13:19:27 1999 ---- readconf.h Mon Jan 10 22:56:13 2000 -*************** -*** 98,103 **** ---- 98,106 ---- - int use_privileged_port; /* Use privileged port */ - - int port; /* Port to connect. */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port; /* Port to connect for -A option. */ -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int connection_attempts; /* Max attempts (seconds) before giving up */ - int number_of_password_prompts; /* Max number of password prompts */ - int password_prompt_login; /* Show remote login at password prompt */ diff --git a/picobsd/ssh-picobsd/files/patch-bn b/picobsd/ssh-picobsd/files/patch-bn deleted file mode 100644 index 7f625fcea26d..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bn +++ /dev/null @@ -1,191 +0,0 @@ -*** scp.c.orig Wed May 12 13:19:28 1999 ---- scp.c Mon Jan 10 22:56:13 2000 -*************** -*** 180,185 **** ---- 180,193 ---- - #define STDERR_FILENO 2 - #endif - -+ /* This is set to non-zero if IPv4 is desired. */ -+ int IPv4 = 0; -+ -+ #ifdef ENABLE_IPV6 -+ /* This is set to non-zero if IPv6 is desired. */ -+ int IPv6 = 0; -+ #endif -+ - /* This is set to non-zero to enable verbose mode. */ - int verbose = 0; - -*************** -*** 295,302 **** ---- 303,319 ---- - } - args[i++] = "-x"; - args[i++] = "-a"; -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ args[i++] = "-A"; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - args[i++] = "-oFallBackToRsh no"; - args[i++] = "-oClearAllForwardings yes"; -+ if (IPv4) -+ args[i++] = "-4"; -+ #ifdef ENABLE_IPV6 -+ if (IPv6) -+ args[i++] = "-6"; -+ #endif - if (verbose) - args[i++] = "-v"; - if (compress) -*************** -*** 441,448 **** - statistics = 0; - - fflag = tflag = 0; -! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) - switch(ch) { /* User-visible flags. */ - case 'S': - ssh_program = optarg; - break; ---- 458,477 ---- - statistics = 0; - - fflag = tflag = 0; -! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4" -! #ifdef ENABLE_IPV6 -! "6" -! #endif -! )) != EOF) - switch(ch) { /* User-visible flags. */ -+ case '4': -+ IPv4 = 1; -+ break; -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv6 = 1; -+ break; -+ #endif - case 'S': - ssh_program = optarg; - break; -*************** -*** 589,594 **** ---- 618,634 ---- - exit(errs != 0); - } - -+ char * -+ cleanhostname(host) -+ char *host; -+ { -+ if (*host == '[' && host[strlen(host) - 1] == ']') { -+ host[strlen(host) - 1] = '\0'; -+ return (host + 1); -+ } else -+ return host; -+ } -+ - void - toremote(targ, argc, argv) - char *targ, *argv[]; -*************** -*** 644,649 **** ---- 684,690 ---- - bp = xmalloc(len); - if (host) { - *host++ = 0; -+ host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; -*************** -*** 655,667 **** - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -! } else - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -! argv[i], cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; ---- 696,710 ---- - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -! } else { -! host = cleanhostname(argv[i]); - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -! host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -+ } - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; -*************** -*** 671,677 **** - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -! host = thost; - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); ---- 714,720 ---- - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -! host = cleanhostname(thost); - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); -*************** -*** 721,726 **** ---- 764,770 ---- - else if (!okname(suser)) - continue; - } -+ host = cleanhostname(host); - len = strlen(src) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -f %s", cmd, src); -*************** -*** 1365,1375 **** - colon(cp) - char *cp; - { - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); - - for (; *cp; ++cp) { -! if (*cp == ':') - return (cp); - if (*cp == '/') - return (0); ---- 1409,1427 ---- - colon(cp) - char *cp; - { -+ int flag = 0; -+ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); -+ if (*cp == '[') -+ flag = 1; - - for (; *cp; ++cp) { -! if (*cp == '@' && *(cp+1) == '[') -! flag = 1; -! if (*cp == ']' && *(cp+1) == ':' && flag) -! return (cp+1); -! if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return (0); diff --git a/picobsd/ssh-picobsd/files/patch-bo b/picobsd/ssh-picobsd/files/patch-bo deleted file mode 100644 index 886720df255d..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bo +++ /dev/null @@ -1,197 +0,0 @@ -*** servconf.c.orig Wed May 12 13:19:28 1999 ---- servconf.c Mon Jan 10 22:56:13 2000 -*************** -*** 81,88 **** - void initialize_server_options(ServerOptions *options) - { - memset(options, 0, sizeof(*options)); -! options->port = -1; -! options->listen_addr.s_addr = INADDR_ANY; - options->host_key_file = NULL; - options->random_seed_file = NULL; - options->pid_file = NULL; ---- 81,88 ---- - void initialize_server_options(ServerOptions *options) - { - memset(options, 0, sizeof(*options)); -! options->num_ports = 0; -! options->listen_addrs = NULL; - options->host_key_file = NULL; - options->random_seed_file = NULL; - options->pid_file = NULL; -*************** -*** 92,97 **** ---- 92,100 ---- - options->permit_root_login = -1; - options->ignore_rhosts = -1; - options->ignore_root_rhosts = -1; -+ #ifdef ENABLE_LOG_AUTH -+ options->log_auth = -1; -+ #endif /* ENABLE_LOG_AUTH */ - options->quiet_mode = -1; - options->fascist_logging = -1; - options->print_motd = -1; -*************** -*** 138,153 **** - - void fill_default_server_options(ServerOptions *options) - { -! if (options->port == -1) - { -! struct servent *sp; -! -! sp = getservbyname(SSH_SERVICE_NAME, "tcp"); -! if (sp) -! options->port = ntohs(sp->s_port); -! else -! options->port = SSH_DEFAULT_PORT; -! endservent(); - } - if (options->host_key_file == NULL) - options->host_key_file = HOST_KEY_FILE; ---- 141,171 ---- - - void fill_default_server_options(ServerOptions *options) - { -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! int i; -! -! if (options->num_ports == 0) -! options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -! if (options->listen_addrs == NULL) - { -! for (i = 0; i < options->num_ports; i++) -! { -! memset(&hints, 0, sizeof(hints)); -! hints.ai_flags = AI_PASSIVE; -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", options->ports[i]); -! if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -! { -! fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); -! exit(1); -! } -! for (ai = aitop; ai->ai_next; ai = ai->ai_next); -! ai->ai_next = options->listen_addrs; -! options->listen_addrs = aitop; -! } -! /* freeaddrinfo(options->listen_addrs) in sshd.c */ - } - if (options->host_key_file == NULL) - options->host_key_file = HOST_KEY_FILE; -*************** -*** 243,248 **** ---- 261,269 ---- - { - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, -+ #ifdef ENABLE_LOG_AUTH -+ sLogAuth, -+ #endif /* ENABLE_LOG_AUTH */ - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, - sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, - sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, -*************** -*** 275,280 **** ---- 296,304 ---- - { "quietmode", sQuietMode }, - { "fascistlogging", sFascistLogging }, - { "syslogfacility", sLogFacility }, -+ #ifdef ENABLE_LOG_AUTH -+ { "logauth", sLogAuth }, -+ #endif /* ENABLE_LOG_AUTH */ - { "rhostsauthentication", sRhostsAuthentication }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication }, - { "rsaauthentication", sRSAAuthentication }, -*************** -*** 367,372 **** ---- 391,399 ---- - char *cp, **charptr; - int linenum, *intptr, i, value; - ServerOpCodes opcode; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - f = fopen(filename, "r"); - if (!f) -*************** -*** 389,395 **** - switch (opcode) - { - case sPort: -! intptr = &options->port; - parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) ---- 416,429 ---- - switch (opcode) - { - case sPort: -! if (options->num_ports >= MAX_PORTS) -! { -! fprintf(stderr, "%s line %d: too many ports.\n", -! filename, linenum); -! exit(1); -! } -! options->ports[options->num_ports] = -1; -! intptr = &options->ports[options->num_ports++]; - parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) -*************** -*** 452,462 **** - filename, linenum); - exit(1); - } -! #ifdef BROKEN_INET_ADDR -! options->listen_addr.s_addr = inet_network(cp); -! #else /* BROKEN_INET_ADDR */ -! options->listen_addr.s_addr = inet_addr(cp); -! #endif /* BROKEN_INET_ADDR */ - break; - - case sHostKeyFile: ---- 486,510 ---- - filename, linenum); - exit(1); - } -! if (options->num_ports == 0) -! options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -! for (i = 0; i < options->num_ports; i++) -! { -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", options->ports[i]); -! if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) -! { -! fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", -! filename, linenum, gai_strerror(gaierr)); -! exit(1); -! } -! for (ai = aitop; ai->ai_next; ai = ai->ai_next); -! ai->ai_next = options->listen_addrs; -! options->listen_addrs = aitop; -! } -! strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ - break; - - case sHostKeyFile: -*************** -*** 531,536 **** ---- 579,590 ---- - if (*intptr == -1) - *intptr = value; - break; -+ -+ #ifdef ENABLE_LOG_AUTH -+ case sLogAuth: -+ intptr = &options->log_auth; -+ goto parse_flag; -+ #endif /* ENABLE_LOG_AUTH */ - - case sIgnoreRhosts: - intptr = &options->ignore_rhosts; diff --git a/picobsd/ssh-picobsd/files/patch-bp b/picobsd/ssh-picobsd/files/patch-bp deleted file mode 100644 index 40b10db36c4c..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bp +++ /dev/null @@ -1,45 +0,0 @@ -*** servconf.h.orig Wed May 12 13:19:28 1999 ---- servconf.h Mon Jan 10 22:56:13 2000 -*************** -*** 64,69 **** ---- 64,71 ---- - #ifndef SERVCONF_H - #define SERVCONF_H - -+ #define MAX_PORTS 256 /* Max # hosts on allow list. */ -+ - #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ - #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ - #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ -*************** -*** 82,89 **** - - typedef struct - { -! int port; /* Port number to listen on. */ -! struct in_addr listen_addr; /* Address on which the server listens. */ - char *host_key_file; /* File containing host key. */ - char *random_seed_file; /* File containing random seed. */ - char *pid_file; /* File containing process ID number. */ ---- 84,92 ---- - - typedef struct - { -! unsigned int num_ports; -! int ports[MAX_PORTS]; /* Port number to listen on. */ -! struct addrinfo *listen_addrs;/* Addresses on which the server listens. */ - char *host_key_file; /* File containing host key. */ - char *random_seed_file; /* File containing random seed. */ - char *pid_file; /* File containing process ID number. */ -*************** -*** 91,96 **** ---- 94,102 ---- - int login_grace_time; /* Disconnect if no auth in this time (sec). */ - int key_regeneration_time; /* Server key lifetime (seconds). */ - int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ -+ #ifdef ENABLE_LOG_AUTH -+ int log_auth; /* If true, log authentication info. */ -+ #endif /* ENABLE_LOG_AUTH */ - int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, - defaults to ignore_rhosts if not given. */ diff --git a/picobsd/ssh-picobsd/files/patch-br b/picobsd/ssh-picobsd/files/patch-br deleted file mode 100644 index 28dd08a5be56..000000000000 --- a/picobsd/ssh-picobsd/files/patch-br +++ /dev/null @@ -1,97 +0,0 @@ -*** ssh.c.orig Wed May 12 13:19:28 1999 ---- ssh.c Mon Jan 10 22:56:13 2000 -*************** -*** 218,223 **** ---- 218,231 ---- - other functions. */ - RandomState random_state; - -+ /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+ #ifdef ENABLE_IPV6 -+ int IPv4or6 = AF_UNSPEC; -+ #else -+ int IPv4or6 = AF_INET; -+ #endif -+ - /* Flag indicating whether debug mode is on. This can be set on the - command line. */ - int debug_flag = 0; -*************** -*** 277,282 **** ---- 285,297 ---- - { - fprintf(stderr, "Usage: %s [options] host [command]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only.\n"); -+ #ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only.\n"); -+ #endif -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ fprintf(stderr, " -A Try to connect to another port before original port.\n"); -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - fprintf(stderr, " -l user Log in using this user name.\n"); - fprintf(stderr, " -n Redirect input from /dev/null.\n"); - fprintf(stderr, " -a Disable authentication agent forwarding.\n"); -*************** -*** 413,418 **** ---- 428,436 ---- - #ifdef SIGWINCH - struct winsize ws; - #endif /* SIGWINCH */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port_flag = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - - /* Save the original real uid. It will be needed later (uid-swapping may - clobber the real uid). */ -*************** -*** 522,527 **** ---- 540,565 ---- - } - switch (opt) - { -+ case '4': -+ #ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+ #else -+ IPv4or6 = AF_INET; -+ #endif -+ break; -+ -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+ #endif -+ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ case 'A': -+ another_port_flag = 1; -+ break; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case 'n': - stdin_null_flag = 1; - break; -*************** -*** 789,799 **** ---- 827,844 ---- - { - use_privileged_port = 0; - } -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ if (!another_port_flag) -+ options.another_port = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - /* Open a connection to the remote host. This needs root privileges if - rhosts_authentication is true. Note that the random_state is not - yet used by this call, although a pointer to it is stored, and thus it - need not be initialized. */ - ok = ssh_connect(host, options.port, options.connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ options.another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - !use_privileged_port, - original_real_uid, options.proxy_command, &random_state); - diff --git a/picobsd/ssh-picobsd/files/patch-bs b/picobsd/ssh-picobsd/files/patch-bs deleted file mode 100644 index ec0e1a86ef92..000000000000 --- a/picobsd/ssh-picobsd/files/patch-bs +++ /dev/null @@ -1,94 +0,0 @@ -*** ssh.h.orig Wed May 12 13:19:28 1999 ---- ssh.h Mon Jan 10 22:56:13 2000 -*************** -*** 430,436 **** - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr_in *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ ---- 430,436 ---- - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ -*************** -*** 447,452 **** ---- 447,455 ---- - connection is successful, this calls packet_set_connection for the - connection. */ - int ssh_connect(const char *host, int port, int connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state); - -*************** -*** 872,876 **** ---- 875,934 ---- - #else - #define UID_ROOT 0 - #endif -+ -+ #ifdef HAVE_SOCKADDR_STORAGE -+ #ifndef HAVE_NEW_SS_FAMILY -+ #define __ss_len ss_len -+ #define __ss_family ss_family -+ #endif -+ #else -+ #define _SS_MAXSIZE 128 /* Implementation specific max size */ -+ #define _SS_ALIGNSIZE (sizeof(int)) -+ #define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) -+ #define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ -+ _SS_PAD1SIZE + _SS_ALIGNSIZE)) -+ struct sockaddr_storage { -+ #ifdef HAVE_SOCKADDR_LEN -+ u_char __ss_len; -+ u_char __ss_family; -+ #else -+ u_short __ss_family; -+ #endif -+ char __ss_pad1[_SS_PAD1SIZE]; -+ int __ss_align; -+ char __ss_pad2[_SS_PAD2SIZE]; -+ }; -+ #endif -+ -+ #ifdef INET6_ADDRSTRLEN -+ #define ADDRSTRLEN INET6_ADDRSTRLEN -+ #else -+ #define ADDRSTRLEN 46 -+ #endif -+ -+ #define PORTSTRLEN 16 -+ -+ /* AF_UNSPEC or AF_INET or AF_INET6 */ -+ extern int IPv4or6; -+ -+ #ifndef ENABLE_IPV6 -+ /* dummy value for old netdb.h */ -+ #ifndef AI_PASSIVE -+ #define AI_PASSIVE 1 -+ #define NI_NUMERICHOST 2 -+ #define NI_NAMEREQD 4 -+ #define NI_NUMERICSERV 8 -+ struct addrinfo { -+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ -+ int ai_family; /* PF_xxx */ -+ int ai_socktype; /* SOCK_xxx */ -+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ -+ size_t ai_addrlen; /* length of ai_addr */ -+ char *ai_canonname; /* canonical name for hostname */ -+ struct sockaddr *ai_addr; /* binary address */ -+ struct addrinfo *ai_next; /* next structure in linked list */ -+ }; -+ #endif -+ #endif /* not ENABLE_IPV6 */ - - #endif /* SSH_H */ diff --git a/picobsd/ssh-picobsd/files/patch-xa b/picobsd/ssh-picobsd/files/patch-xa deleted file mode 100644 index a775ff6820da..000000000000 --- a/picobsd/ssh-picobsd/files/patch-xa +++ /dev/null @@ -1,167 +0,0 @@ -Note that this patch has been incorporated into the port due to problems -with patching a autoconf generated configure script. The script itself contains -linenumbers and in case of two patches against that script the second one fails -because it expects something that the first patch has already changed. The -only clean way is to re-generate it with autoconf. *sigh* -This patch was fetched from -http://www.ssh.org/patches/patch-ssh-1.2.27-bsd.tty.chown - - torstenb@FreeBSD.org, Tue Jan 11 21:36:46 CET 2000 - - -Patch for problem with tty ownership with chflags and chown in BSD 4.4 -variants. Fixes a security bug in tty allocation. - -This patch works for ssh-1.2.27. - -Apply with the following commands: - -% cd /wherever/you/hold/your/sources/ssh-1.2.27 -% patch -p1 -l < /path/to/where/you/saved/patch-ssh-1.2.27-bsd.tty.chown -% ./configure --whatever-config-flags-you-use -% make clean -% make -% su -Password: *********** -# make install -# kill -HUP `cat /var/run/sshd.pid` - -You should be all set. - -Sami Lehtinen <sjl@ssh.fi> - ---begin patch-- -diff -u --recursive -X /u/sjl/bin/diff-src-db auth-passwd.c.orig auth-passwd.c ---- auth-passwd.c.orig Wed May 12 14:19:23 1999 -+++ auth-passwd.c Wed Aug 11 19:49:32 1999 -@@ -613,7 +613,13 @@ - /* get_name pulls out just the name not the - type */ - strcpy(ccname + 5, krb5_cc_get_name(ssh_context, ccache)); -- (void) chown(ccname + 5, pw->pw_uid, pw->pw_gid); -+ if (chown(ccname + 5, pw->pw_uid, pw->pw_gid) < 0) -+ { -+ log_msg("Kerberos: chown failed for %s, error: %s", -+ ccname + 5, strerror(errno)); -+ packet_send_debug("Kerberos: chown failed for %s", ccname + 5); -+ goto errout; -+ } - - /* If tgt was passed unlink file */ - if (ticket) -diff -u --recursive -X /u/sjl/bin/diff-src-db config.h.in.orig config.h.in ---- config.h.in.orig Wed May 12 14:20:04 1999 -+++ config.h.in Wed Aug 11 20:20:51 1999 -@@ -360,6 +360,9 @@ - /* Define if you have the authenticate function. */ - #undef HAVE_AUTHENTICATE - -+/* Define if you have the chflags function. */ -+#undef HAVE_CHFLAGS -+ - /* Define if you have the clock function. */ - #undef HAVE_CLOCK - -diff -u --recursive -X /u/sjl/bin/diff-src-db configure.in.orig configure.in ---- configure.in.orig Wed May 12 14:20:02 1999 -+++ configure.in Wed Aug 11 20:05:13 1999 -@@ -433,6 +433,7 @@ - AC_CHECK_FUNCS(strchr memcpy setlogin openpty _getpty clock fchmod ulimit) - AC_CHECK_FUNCS(gethostname getdtablesize umask innetgr initgroups setpgrp) - AC_CHECK_FUNCS(setpgid daemon waitpid ttyslot authenticate getpt isastream) -+AC_CHECK_FUNCS(chflags) - - AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) - -diff -u --recursive -X /u/sjl/bin/diff-src-db sshd.c.orig sshd.c ---- sshd.c.orig Wed May 12 14:19:29 1999 -+++ sshd.c Wed Aug 11 20:26:31 1999 -@@ -2897,9 +2897,87 @@ - tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH; - } - -+ retry_chown: -+ - /* Change ownership of the tty. */ -- (void)chown(ttyname, pw->pw_uid, tty_gid); -- (void)chmod(ttyname, tty_mode); -+ if (chown(ttyname, pw->pw_uid, tty_gid) < 0) -+ { -+ /* chown failed. Atleast two possibilities. Either we are not -+ running as root, in which case this is OK, or we are running -+ on BSD, and somebody has put some flags to the tty. */ -+ -+ /* Check whether we are root or not.*/ -+ if (getuid() != UID_ROOT) -+ { -+ /* We are not, and then this is OK. */ -+ debug("chown failed (but we're not root anyway) for " -+ "%s, error %s", ttyname, strerror(errno)); -+ } -+ else -+ { -+#ifdef HAVE_CHFLAGS -+ static int retrying = 0; -+ struct stat st; -+ -+ if (!retrying) -+ { -+ debug("chown failed for %s, error: %s. Removing " -+ "user-settable flags, and retrying.", -+ ttyname, strerror(errno)); -+ -+ if (stat(ttyname, &st) < 0) -+ { -+ error("stat failed for %s, error: %s", -+ ttyname, strerror(errno)); -+ } -+ else -+ { -+ debug("Removing user-settable flags with " -+ "chflags."); -+ /* Remove user definable flags. */ -+ if (chflags(ttyname, st.st_flags & -+ ~(UF_NODUMP | UF_IMMUTABLE | -+ UF_APPEND | UF_OPAQUE)) < 0) -+ { -+ debug("chflags failed for %s, error: %s", -+ ttyname, strerror(errno)); -+ } -+ else -+ { -+ debug("Retrying..."); -+ retrying = 1; -+ goto retry_chown; -+ } -+ } -+ } -+ else -+ { -+ debug("chown failed even with retry. error: %s", -+ strerror(errno)); -+ } -+ -+#endif /* HAVE_CHFLAGS */ -+ error("ssh_pty_allocate_and_fork: chown failed for %s.", -+ ttyname); -+ goto fail; -+ } -+ } -+ -+ if (chmod(ttyname, tty_mode) < 0) -+ { -+ if (getuid() != UID_ROOT) -+ { -+ /* We are not, and then this is (probably) OK. */ -+ debug("chmod failed (but we're not root anyway) for " -+ "%s, error %s", ttyname, strerror(errno)); -+ } -+ else -+ { -+ error("ssh_pty_allocate_and_fork: chmod %s: %s", -+ ttyname, strerror(errno)); -+ goto fail; -+ } -+ } - - /* Get TERM from the packet. Note that the value may be of arbitrary - length. */ diff --git a/picobsd/ssh-picobsd/files/patch-ya b/picobsd/ssh-picobsd/files/patch-ya deleted file mode 100644 index 28df9da50901..000000000000 --- a/picobsd/ssh-picobsd/files/patch-ya +++ /dev/null @@ -1,54 +0,0 @@ ---- Makefile.in.1 Thu Dec 21 18:39:10 2000 -+++ Makefile.in Thu Dec 21 18:44:34 2000 -@@ -267,6 +267,7 @@ - LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - CONFOBJS = @CONFOBJS@ -+CONFOBJS = # force none. - SSHCONFOBJS = @SSHCONFOBJS@ - SSHDCONFOBJS = @SSHDCONFOBJS@ - -@@ -324,16 +325,21 @@ - XLIBS = $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS) - - COMMON_OBJS = $(LIBOBJS) $(CONFOBJS) \ -+ log-server.o \ - rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o \ - xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o \ - crc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o \ -- userfile.o signals.o blowfish.o deattack.o -+ userfile.o signals.o blowfish.o deattack.o \ -+ canohost.o -+ - SSHD_OBJS = sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o \ -- log-server.o login.o hostfile.o canohost.o servconf.o tildexpand.o \ -- serverloop.o $(COMMON_OBJS) $(KERBEROS_OBJS) $(SSHDCONFOBJS) --SSH_OBJS = ssh.o sshconnect.o log-client.o readconf.o hostfile.o readpass.o \ -- tildexpand.o clientloop.o canohost.o $(COMMON_OBJS) $(SSHCONFOBJS) --KEYGEN_OBJS = ssh-keygen.o log-client.o readpass.o rsa.o randoms.o md5.o \ -+ login.o hostfile.o servconf.o tildexpand.o \ -+ serverloop.o \ -+ ssh.o sshconnect.o log-client.o readconf.o readpass.o \ -+ clientloop.o \ -+ scp.o \ -+ $(COMMON_OBJS) $(SSHCONFOBJS) -+KEYGEN_OBJS = ssh-keygen.o log-server.o readpass.o rsa.o randoms.o md5.o \ - buffer.o xmalloc.o authfile.o cipher.o des.o arcfour.o mpaux.o \ - bufaux.o userfile.o signals.o blowfish.o $(LIBOBJS) $(CONFOBJS) - AGENT_OBJS = ssh-agent.o log-client.o rsa.o randoms.o md5.o buffer.o \ -@@ -403,7 +409,6 @@ - #endif F_SECURE_COMMERCIAL - SCRIPT_PROGRAMS = make-ssh-known-hosts - SBIN_PROGRAMS = sshd --PROGRAMS = ssh $(SBIN_PROGRAMS) $(NORMAL_PROGRAMS) $(SCRIPT_PROGRAMS) \ --$(X_PROGRAMS) $(OTHER_PROGRAMS) -+PROGRAMS = $(SBIN_PROGRAMS) - SSH_PROGRAM = $(bindir)/ssh1 - -@@ -759,3 +765,6 @@ - tags: - -rm -f TAGS - find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a -+ -+obj: -+ echo "-- fake target for picobsd --" diff --git a/picobsd/ssh-picobsd/files/patch-yb b/picobsd/ssh-picobsd/files/patch-yb deleted file mode 100644 index 6139703ded64..000000000000 --- a/picobsd/ssh-picobsd/files/patch-yb +++ /dev/null @@ -1,260 +0,0 @@ -diff -ubwr work/ssh-1.2.27/log-client.c work.luigi/ssh-1.2.27/log-client.c ---- log-client.c Wed May 12 04:19:26 1999 -+++ log-client.c Wed Dec 6 18:27:30 2000 -@@ -50,6 +50,7 @@ - * $Endlog$ - */ - -+#if 0 /* XXX luigi */ - #include "includes.h" - #include "xmalloc.h" - #include "ssh.h" -@@ -216,3 +217,4 @@ - va_end(args); - exit(255); - } -+#endif /* XXX luigi */ -diff -ubwr work/ssh-1.2.27/log-server.c work.luigi/ssh-1.2.27/log-server.c ---- log-server.c Wed Dec 6 18:47:50 2000 -+++ log-server.c Wed Dec 6 19:02:53 2000 -@@ -69,6 +69,36 @@ - static int log_debug = 0; - static int log_quiet = 0; - static int log_on_stderr = 0; -+/* -+ * lr 001206 -+ * -+ * try to put here all logging and error handling functions -+ * -+ -+fatal: -+ scp.c -+ ssh-askpass.c -+ log-server.c -+ log-client.c -+ * -+ */ -+ -+enum { SCP, ASKPASS, SERVER, CLIENT } fatal_mode ; -+char *unauthenticated_user = NULL; /* from sshd.c */ -+int log_auth_flag = 0; /* from sshd.c */ -+int allow_severity = LOG_INFO; -+int deny_severity = LOG_WARNING; -+int debug_flag = 0; -+ -+uid_t original_real_uid = 0; -+ -+/* from ssh.c */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ - - /* Initialize the log. - av0 program name (should be argv[0]) -@@ -325,6 +355,10 @@ - - if (log_quiet) - exit(1); -+ -+ if (fatal_mode == CLIENT) -+ do_fatal_cleanups(); -+ - va_start(args, fmt); - vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); -@@ -332,6 +366,7 @@ - fprintf(stderr, "fatal: %s\n", buf); - syslog(LOG_ERR, "fatal: %.500s", buf); - -+ if (fatal_mode == SERVER) - do_fatal_cleanups(); - - exit(1); -diff -ubwr work/ssh-1.2.27/newchannels.c work.luigi/ssh-1.2.27/newchannels.c ---- newchannels.c Wed Dec 6 18:47:49 2000 -+++ newchannels.c Wed Dec 6 18:44:06 2000 -@@ -274,6 +274,7 @@ - #include "authfd.h" - #include "emulate.h" - #include "servconf.h" -+ServerOptions options; /* from sshd */ - #ifdef LIBWRAP - #include <tcpd.h> - #include <syslog.h> -diff -ubwr work/ssh-1.2.27/scp.c work.luigi/ssh-1.2.27/scp.c ---- scp.c Wed Dec 6 18:47:51 2000 -+++ scp.c Wed Dec 6 19:09:39 2000 -@@ -363,6 +363,7 @@ - return 0; - } - -+#if 0 /* XXX luigi */ - void fatal(const char *fmt, ...) - { - va_list ap; -@@ -374,7 +375,7 @@ - fprintf(stderr, "%s\n", buf); - exit(255); - } -- -+#endif - /* This stuff used to be in BSD rcp extern.h. */ - - typedef struct { -@@ -408,10 +409,10 @@ - void source(int, char *[]); - void tolocal(int, char *[]); - void toremote(char *, int, char *[]); --void usage(void); -+void scp_usage(void); - - int --main(argc, argv) -+scp_main(argc, argv) - int argc; - char *argv[]; - { -@@ -555,7 +556,7 @@ - break; - case '?': - default: -- usage(); -+ scp_usage(); - } - argc -= optind; - argv += optind; -@@ -578,7 +579,7 @@ - } - - if (argc < 2) -- usage(); -+ scp_usage(); - if (argc > 2) - targetshouldbedirectory = 1; - -@@ -1336,7 +1337,7 @@ - } - - void --usage(void) -+scp_usage(void) - { - (void)fprintf(stderr, - "usage: scp [-qQaAprvBCL] [-S path-to-ssh] [-o ssh-options] [-P port] [-c cipher] [-i identity] f1 f2; or: scp [options] f1 ... fn directory\n"); -diff -ubwr work/ssh-1.2.27/ssh.c work.luigi/ssh-1.2.27/ssh.c ---- ssh.c Wed Dec 6 18:47:51 2000 -+++ ssh.c Wed Dec 6 19:03:25 2000 -@@ -209,8 +209,8 @@ - #ifdef NEED_SYS_SYSLOG_H - #include <sys/syslog.h> - #endif /* NEED_SYS_SYSLOG_H */ --int allow_severity = LOG_INFO; --int deny_severity = LOG_WARNING; -+extern int allow_severity ; -+extern int deny_severity; - #endif /* LIBWRAP */ - - /* Random number generator state. This is initialized in ssh_login, and -@@ -220,15 +220,11 @@ - - /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. - Default value is AF_UNSPEC means both IPv4 and IPv6. */ --#ifdef ENABLE_IPV6 --int IPv4or6 = AF_UNSPEC; --#else --int IPv4or6 = AF_INET; --#endif -+extern int IPv4or6 ; - - /* Flag indicating whether debug mode is on. This can be set on the - command line. */ --int debug_flag = 0; -+extern int debug_flag; - - /* Flag indicating whether quiet mode is on. */ - int quiet_flag = 0; -@@ -414,7 +410,7 @@ - - /* Main program for the ssh client. */ - --int main(int ac, char **av) -+int ssh_main(int ac, char **av) - { - int i, opt, optind, type, exit_status, ok, fwd_port, fwd_host_port; - int authfd; -diff -ubwr work/ssh-1.2.27/sshd.c work.luigi/ssh-1.2.27/sshd.c ---- sshd.c Wed Dec 6 18:47:52 2000 -+++ sshd.c Wed Dec 6 19:08:18 2000 -@@ -488,8 +488,8 @@ - #ifdef NEED_SYS_SYSLOG_H - #include <sys/syslog.h> - #endif /* NEED_SYS_SYSLOG_H */ --int allow_severity = LOG_INFO; --int deny_severity = LOG_WARNING; -+extern int allow_severity ; -+extern int deny_severity ; - #endif /* LIBWRAP */ - - #ifdef CRAY -@@ -548,29 +548,23 @@ - #endif /* KERBEROS */ - - /* Server configuration options. */ --ServerOptions options; -+extern ServerOptions options; - - /* Name of the server configuration file. */ - char *config_file_name = SERVER_CONFIG_FILE; - --/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -- Default value is AF_UNSPEC means both IPv4 and IPv6. */ --#ifdef ENABLE_IPV6 --int IPv4or6 = AF_UNSPEC; --#else --int IPv4or6 = AF_INET; --#endif -+extern int IPv4or6; - - #ifdef ENABLE_LOG_AUTH --char *unauthenticated_user = NULL; --int log_auth_flag = 0; -+extern char *unauthenticated_user ; -+extern int log_auth_flag ; - #endif /* ENABLE_LOG_AUTH */ - - /* Debug mode flag. This can be set on the command line. If debug - mode is enabled, extra debugging output will be sent to the system - log, the daemon will not go to background, and will exit after processing - the first connection. */ --int debug_flag = 0; -+extern int debug_flag ; - - /* Flag indicating that the daemon is being started from inetd. */ - int inetd_flag = 0; -@@ -603,7 +597,7 @@ - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ --uid_t original_real_uid = 0; -+extern uid_t original_real_uid ; - - /* Flags set in auth-rsa from authorized_keys flags. These are set in - auth-rsa.c. */ -@@ -796,6 +790,14 @@ - char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; - int listen_sock, maxfd; - -+ { int l = strlen(av[0]); /* do ssh if necessary */ -+ if (l < 3) /* assume ssh */ -+ return ssh_main(ac, av); -+ if (!strcmp( av[0] + l - 3, "ssh")) -+ return ssh_main(ac, av); -+ if (!strcmp( av[0] + l - 3, "scp")) -+ return scp_main(ac, av); -+ } - /* Save argv[0]. */ - saved_argv = av; - if (strchr(av[0], '/')) diff --git a/picobsd/ssh-picobsd/files/patch-yc b/picobsd/ssh-picobsd/files/patch-yc deleted file mode 100644 index bc3f04dad408..000000000000 --- a/picobsd/ssh-picobsd/files/patch-yc +++ /dev/null @@ -1,11 +0,0 @@ ---- sshd.c.old Sun Sep 30 12:33:14 2001 -+++ sshd.c Sun Sep 30 12:26:17 2001 -@@ -795,6 +795,8 @@ - return ssh_main(ac, av); - if (!strcmp( av[0] + l - 3, "ssh")) - return ssh_main(ac, av); -+ if (!strcmp( av[0] + l - 4, "ssh1")) -+ return ssh_main(ac, av); - if (!strcmp( av[0] + l - 3, "scp")) - return scp_main(ac, av); - } diff --git a/picobsd/ssh-picobsd/files/sshd.sh b/picobsd/ssh-picobsd/files/sshd.sh deleted file mode 100644 index dd882003037c..000000000000 --- a/picobsd/ssh-picobsd/files/sshd.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -case "$1" in - start) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; - stop) - if [ -f /var/run/sshd.pid ]; then - kill -TERM `cat /var/run/sshd.pid` - rm -f /var/run/sshd.pid - echo -n ' sshd' - fi - ;; - restart) - if [ -f /var/run/sshd.pid ]; then - kill -HUP `cat /var/run/sshd.pid` - echo 'sshd restarted' - fi - ;; - -h) - echo "Usage: `basename $0` { start | stop | restart }" - ;; - *) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; -esac diff --git a/picobsd/ssh-picobsd/pkg-descr b/picobsd/ssh-picobsd/pkg-descr deleted file mode 100644 index 9c1a410f46ff..000000000000 --- a/picobsd/ssh-picobsd/pkg-descr +++ /dev/null @@ -1,7 +0,0 @@ -Secure Shell is a program to log into another computer over a network, -to execute commands in a remote machine, and to move files from one -machine to another. It provides strong authentication and secure -communications over insecure channels. It is intended as a replacement -for rlogin, rsh, and rcp. -This port builds the three programs ssh, sshd and scp as a single binary, -and is intended for use with picobsd images. |