aboutsummaryrefslogtreecommitdiff
path: root/security/openssh
diff options
context:
space:
mode:
authorDirk Meyer <dinoex@FreeBSD.org>2002-07-07 18:53:06 +0000
committerDirk Meyer <dinoex@FreeBSD.org>2002-07-07 18:53:06 +0000
commit0184c34e8cb076152632863171178a4dd4fa8adf (patch)
treec85b702b119892bea17cbddff2690287ddbb3f51 /security/openssh
parenta97cff614db365ed488dbc32b5194562af9466f2 (diff)
downloadports-0184c34e8cb076152632863171178a4dd4fa8adf.tar.gz
ports-0184c34e8cb076152632863171178a4dd4fa8adf.zip
FreeBSD specifc security fix for:
ChallengeResponseAuthentication yes
Notes
Notes: svn path=/head/; revision=62597
Diffstat (limited to 'security/openssh')
-rw-r--r--security/openssh/Makefile4
-rw-r--r--security/openssh/files/patch-auth1.c16
2 files changed, 12 insertions, 8 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 65f141c81163..d4b63b579350 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -7,7 +7,7 @@
PORTNAME= openssh
PORTVERSION= 3.4
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@@ -85,7 +85,7 @@ post-extract:
@${CP} ${FILESDIR}/${i} ${WRKSRC}/
.endfor
-post-patch:
+pre-configure:
.for i in ${MODIFY:S/pathnames.h//} ${MAN1:S/slogin.1//} ${MAN5} ${MAN8}
@${MV} ${WRKSRC}/${i} ${WRKSRC}/${i}.sed
${SED} -e "s=/etc/ssh=${ETCSSH}/ssh=" \
diff --git a/security/openssh/files/patch-auth1.c b/security/openssh/files/patch-auth1.c
index 8dabcfa61831..79705ea12adf 100644
--- a/security/openssh/files/patch-auth1.c
+++ b/security/openssh/files/patch-auth1.c
@@ -1,5 +1,5 @@
--- auth1.c.orig Wed Jun 19 02:27:55 2002
-+++ auth1.c Fri Jun 28 06:45:24 2002
++++ auth1.c Sun Jul 7 20:36:36 2002
@@ -26,6 +26,15 @@
#include "session.h"
#include "uidswap.h"
@@ -55,7 +55,7 @@
for (;;) {
/* default to fail */
authenticated = 0;
-@@ -243,12 +268,48 @@
+@@ -243,12 +268,52 @@
packet_check_eom();
/* Try authentication with the password. */
@@ -74,7 +74,11 @@
+#ifdef USE_PAM
+ case SSH_CMSG_AUTH_TIS:
+ debug("rcvd SSH_CMSG_AUTH_TIS: Trying PAM");
++ if (pw == NULL)
++ break;
+ pam_cookie = ipam_start_auth("sshd", pw->pw_name);
++ if (pam_cookie == NULL)
++ break;
+ /* We now have data available to send as a challenge */
+ if (pam_cookie->num_msg != 1 ||
+ (pam_cookie->msg[0]->msg_style != PAM_PROMPT_ECHO_OFF &&
@@ -105,7 +109,7 @@
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.challenge_response_authentication == 1) {
-@@ -275,6 +336,12 @@
+@@ -275,6 +340,12 @@
xfree(response);
}
break;
@@ -118,7 +122,7 @@
default:
/*
-@@ -284,6 +351,34 @@
+@@ -284,6 +355,34 @@
log("Unknown message during authentication: type %d", type);
break;
}
@@ -153,7 +157,7 @@
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
-@@ -299,9 +394,23 @@
+@@ -299,9 +398,23 @@
!auth_root_allowed(get_authname(type)))
authenticated = 0;
@@ -177,7 +181,7 @@
if (authenticated)
return;
-@@ -354,6 +463,11 @@
+@@ -354,6 +467,11 @@
authctxt->valid = 1;
else
debug("do_authentication: illegal user %s", user);