diff options
| author | Andrey A. Chernov <ache@FreeBSD.org> | 1997-02-27 00:44:35 +0000 |
|---|---|---|
| committer | Andrey A. Chernov <ache@FreeBSD.org> | 1997-02-27 00:44:35 +0000 |
| commit | 96a7483d0d87d40fa1f1630ba9b7e498593eb46f (patch) | |
| tree | bb565cffbe49c50b37d60d2c535f3e29ab71ad16 /security | |
| parent | f1a6c0f76a5dcb6e8a7fb8e4306c06f03c1e5635 (diff) | |
| download | ports-96a7483d0d87d40fa1f1630ba9b7e498593eb46f.tar.gz ports-96a7483d0d87d40fa1f1630ba9b7e498593eb46f.zip | |
Add LOGIN_CAP abilities
Submitted by: davidn
Notes
Notes:
svn path=/head/; revision=5763
Diffstat (limited to 'security')
| -rw-r--r-- | security/ssh/files/patch-aa | 8 | ||||
| -rw-r--r-- | security/ssh/files/patch-ac | 38 | ||||
| -rw-r--r-- | security/ssh/files/patch-ae | 4 | ||||
| -rw-r--r-- | security/ssh/files/patch-af | 212 | ||||
| -rw-r--r-- | security/ssh/files/patch-al | 12 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aa | 8 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ab | 21 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ac | 38 | ||||
| -rw-r--r-- | security/ssh2/files/patch-af | 212 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aj | 55 | ||||
| -rw-r--r-- | security/ssh2/files/patch-al | 12 |
11 files changed, 531 insertions, 89 deletions
diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa index 25f39d0b7062..468a7fc1e9cd 100644 --- a/security/ssh/files/patch-aa +++ b/security/ssh/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Sun Feb 11 22:45:15 1996 ---- make-ssh-known-hosts.pl.in Sat Feb 17 17:55:08 1996 +*** make-ssh-known-hosts.pl.in.orig Wed Oct 30 15:27:47 1996 +--- make-ssh-known-hosts.pl.in Thu Jan 30 23:00:02 1997 *************** -*** 78,84 **** +*** 81,87 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 78,84 ---- +--- 81,87 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac index 9f53e634b394..7c43f51d805e 100644 --- a/security/ssh/files/patch-ac +++ b/security/ssh/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.old Tue Oct 22 02:26:19 1996 ---- Makefile.in Tue Oct 22 02:30:18 1996 +*** Makefile.in.orig Wed Oct 30 15:27:56 1996 +--- Makefile.in Thu Jan 30 23:00:03 1997 *************** -*** 159,170 **** +*** 188,199 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 159,176 ---- +--- 188,205 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 248,254 **** +*** 275,281 **** $(CC) -o rfc-pg rfc-pg.c .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 254,260 ---- +--- 281,287 ---- $(CC) -o rfc-pg rfc-pg.c .c.o: @@ -51,9 +51,9 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 292,310 **** - ./gen_minfd $(USER_SHELLS) > minfd.h~ - mv -f minfd.h~ minfd.h +*** 310,328 **** + sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts + chmod +x make-ssh-known-hosts ! GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ ! mpz_mul.c mpz_cmp.c mpz_sqrtrem.c @@ -71,9 +71,9 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 298,316 ---- - ./gen_minfd $(USER_SHELLS) > minfd.h~ - mv -f minfd.h~ minfd.h +--- 316,334 ---- + sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts + chmod +x make-ssh-known-hosts ! #GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ ! # mpz_mul.c mpz_cmp.c mpz_sqrtrem.c @@ -92,7 +92,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 361,367 **** +*** 379,385 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@ $(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ ---- 367,373 ---- +--- 385,391 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@ -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ *************** -*** 462,488 **** +*** 480,506 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 468,494 ---- +--- 486,512 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -162,11 +162,11 @@ # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a ! # tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -) ! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a - tar cf $(DISTNAME).tar $(DISTNAME) + tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 494,500 **** +*** 512,518 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a ---- 500,506 ---- +--- 518,524 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null depend: diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae index 25506705b2ef..2529b300e864 100644 --- a/security/ssh/files/patch-ae +++ b/security/ssh/files/patch-ae @@ -1,5 +1,5 @@ -*** server_config.sample.bak Fri Oct 4 17:00:43 1996 ---- server_config.sample Sat Nov 2 03:15:57 1996 +*** server_config.sample.orig Wed Oct 30 15:27:55 1996 +--- server_config.sample Thu Jan 30 23:00:04 1997 *************** *** 15,21 **** FascistLogging no diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af index c5ae4062d8f1..cd99b4fcd418 100644 --- a/security/ssh/files/patch-af +++ b/security/ssh/files/patch-af @@ -1,8 +1,21 @@ -*** sshd.c.orig Fri Oct 4 17:00:42 1996 ---- sshd.c Tue Nov 12 04:23:15 1996 +*** sshd.c.orig Wed Oct 30 15:27:55 1996 +--- sshd.c Fri Jan 31 00:36:15 1997 *************** -*** 2083,2088 **** ---- 2083,2098 ---- +*** 298,303 **** +--- 298,307 ---- + extern char *setlimits(); + #endif + ++ #ifdef HAVE_LOGIN_CAP_H ++ #include <login_cap.h> ++ #endif ++ + #ifdef _PATH_BSHELL + #define DEFAULT_SHELL _PATH_BSHELL + #else +*************** +*** 2108,2113 **** +--- 2112,2127 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -20,8 +33,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2099,2104 **** ---- 2109,2123 ---- +*** 2124,2129 **** +--- 2138,2152 ---- fclose(f); } } @@ -37,3 +50,190 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); +*************** +*** 2376,2382 **** + char *user_shell; + char *remote_ip; + int remote_port; +! + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); + if (f) +--- 2399,2412 ---- + char *user_shell; + char *remote_ip; + int remote_port; +! #ifdef HAVE_LOGIN_CAP_H +! login_cap_t *lc; +! char **tmpenv; +! char *real_shell; +! +! lc = login_getuserclass(pw); +! auth_checknologin(lc); +! #else /* !HAVE_LOGIN_CAP_H */ + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); + if (f) +*************** +*** 2390,2395 **** +--- 2420,2426 ---- + if (pw->pw_uid != 0) + exit(254); + } ++ #endif /* HAVE_LOGIN_CAP_H */ + + if (command != NULL) + { +*************** +*** 2402,2408 **** + else + log_msg("executing remote command as user %.200s", pw->pw_name); + } +! + #ifdef HAVE_SETLOGIN + /* Set login name in the kernel. Warning: setsid() must be called before + this. */ +--- 2433,2440 ---- + else + log_msg("executing remote command as user %.200s", pw->pw_name); + } +! +! #ifndef HAVE_LOGIN_CAP_H + #ifdef HAVE_SETLOGIN + /* Set login name in the kernel. Warning: setsid() must be called before + this. */ +*************** +*** 2417,2422 **** +--- 2449,2455 ---- + if (setpcred((char *)pw->pw_name, NULL)) + log_msg("setpcred %.100s: %.100s", strerror(errno)); + #endif /* HAVE_USERSEC_H */ ++ #endif /* HAVE_LOGIN_CAP_H */ + + /* Save some data that will be needed so that we can do certain cleanups + before we switch to user's uid. (We must clear all sensitive data +*************** +*** 2474,2479 **** +--- 2507,2553 ---- + close(i); + } + ++ #ifdef HAVE_LOGIN_CAP_H ++ /* Save previous environment array ++ */ ++ tmpenv = environ; ++ /* Initialize the new environment. ++ */ ++ envsize = 64; ++ environ = env = xmalloc(envsize * sizeof(char *)); ++ env[0] = NULL; ++ ++ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); ++ ++ /* Let it inherit timezone if we have one. */ ++ if (getenv("TZ")) ++ child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ ++ #ifdef MAIL_SPOOL_DIRECTORY ++ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name); ++ child_set_env(&env, &envsize, "MAIL", buf); ++ #else /* MAIL_SPOOL_DIRECTORY */ ++ #ifdef MAIL_SPOOL_FILE ++ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE); ++ child_set_env(&env, &envsize, "MAIL", buf); ++ #endif /* MAIL_SPOOL_FILE */ ++ #endif /* MAIL_SPOOL_DIRECTORY */ ++ ++ /* Set the user's login environment ++ */ ++ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0) ++ { ++ perror("setgid"); ++ exit(1); ++ } ++ env = environ; ++ environ = tmpenv; /* Restore parent environment */ ++ for (envsize = 0; env[envsize] != NULL; ++envsize) ++ ; ++ /* Reallocate this to what is expected */ ++ envsize = (envsize < 100) ? 100 : envsize + 16; ++ env = xrealloc(env, envsize * sizeof(char *)); ++ #else /* !HAVE_LOGIN_CAP_H */ + /* At this point, this process should no longer be holding any confidential + information, as changing uid below will permit the user to attach with + a debugger on some machines. */ +*************** +*** 2514,2519 **** +--- 2588,2594 ---- + + if (getuid() != user_uid || geteuid() != user_uid) + fatal("Failed to set uids to %d.", (int)user_uid); ++ #endif /* HAVE_LOGIN_CAP_H */ + + /* Reset signals to their default settings before starting the user + process. */ +*************** +*** 2523,2538 **** +--- 2598,2621 ---- + and means /bin/sh. */ + shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; + ++ #ifdef HAVE_LOGIN_CAP_H ++ real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); ++ #else /* !HAVE_LOGIN_CAP_H */ + /* Initialize the environment. In the first part we allocate space for + all environment variables. */ + envsize = 100; + env = xmalloc(envsize * sizeof(char *)); + env[0] = NULL; ++ #endif /* HAVE_LOGIN_CAP_H */ + + /* Set basic environment. */ + child_set_env(&env, &envsize, "USER", user_name); + child_set_env(&env, &envsize, "LOGNAME", user_name); + child_set_env(&env, &envsize, "HOME", user_dir); ++ ++ #ifdef HAVE_LOGIN_CAP_H ++ login_close(lc); ++ #else /* !HAVE_LOGIN_CAP_H */ + child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); + + /* Let it inherit timezone if we have one. */ +*************** +*** 2548,2553 **** +--- 2631,2637 ---- + child_set_env(&env, &envsize, "MAIL", buf); + #endif /* MAIL_SPOOL_FILE */ + #endif /* MAIL_SPOOL_DIRECTORY */ ++ #endif /* HAVE_LOGIN_CAP_H */ + + #ifdef HAVE_ETC_DEFAULT_LOGIN + /* Read /etc/default/login; this exists at least on Solaris 2.x. Note +*************** +*** 2710,2716 **** +--- 2794,2804 ---- + /* Execute the shell. */ + argv[0] = buf; + argv[1] = NULL; ++ #ifdef HAVE_LOGIN_CAP_H ++ execve(real_shell, argv, env); ++ #else + execve(shell, argv, env); ++ #endif /* HAVE_LOGIN_CAP_H */ + /* Executing the shell failed. */ + perror(shell); + exit(1); +*************** +*** 2722,2728 **** +--- 2810,2820 ---- + argv[1] = "-c"; + argv[2] = (char *)command; + argv[3] = NULL; ++ #ifdef HAVE_LOGIN_CAP_H ++ execve(real_shell, argv, env); ++ #else + execve(shell, argv, env); ++ #endif /* HAVE_LOGIN_CAP_H */ + perror(shell); + exit(1); + } diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al index cdda2b13b478..9fd18168138a 100644 --- a/security/ssh/files/patch-al +++ b/security/ssh/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.dist Thu Jun 6 21:47:06 1996 ---- sshconnect.c Mon Aug 12 13:26:46 1996 +*** sshconnect.c.orig Thu Jan 30 23:00:03 1997 +--- sshconnect.c Thu Jan 30 23:00:04 1997 *************** -*** 235,240 **** ---- 235,246 ---- +*** 239,244 **** +--- 239,250 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 262,267 **** ---- 267,273 ---- +*** 266,271 **** +--- 272,278 ---- } fatal("bind: %.100s", strerror(errno)); } diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa index 25f39d0b7062..468a7fc1e9cd 100644 --- a/security/ssh2/files/patch-aa +++ b/security/ssh2/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Sun Feb 11 22:45:15 1996 ---- make-ssh-known-hosts.pl.in Sat Feb 17 17:55:08 1996 +*** make-ssh-known-hosts.pl.in.orig Wed Oct 30 15:27:47 1996 +--- make-ssh-known-hosts.pl.in Thu Jan 30 23:00:02 1997 *************** -*** 78,84 **** +*** 81,87 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 78,84 ---- +--- 81,87 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index 4551fdf4b9d9..665e48789afa 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,5 +1,5 @@ -*** configure.orig Wed Oct 30 04:27:56 1996 ---- configure Fri Nov 15 07:18:17 1996 +*** configure.orig Wed Oct 30 15:27:56 1996 +--- configure Thu Jan 30 23:03:12 1997 *************** *** 1331,1342 **** @@ -16,6 +16,23 @@ if test "$cross_compiling" = yes; then --- 1331,1336 ---- *************** +*** 2264,2270 **** + + fi + +! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h + do + ac_safe=`echo "$ac_hdr" | tr './\055' '___'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +--- 2258,2264 ---- + + fi + +! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h + do + ac_safe=`echo "$ac_hdr" | tr './\055' '___'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +*************** *** 5140,5146 **** EOF cat >> $CONFIG_STATUS <<EOF diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac index 9f53e634b394..7c43f51d805e 100644 --- a/security/ssh2/files/patch-ac +++ b/security/ssh2/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.old Tue Oct 22 02:26:19 1996 ---- Makefile.in Tue Oct 22 02:30:18 1996 +*** Makefile.in.orig Wed Oct 30 15:27:56 1996 +--- Makefile.in Thu Jan 30 23:00:03 1997 *************** -*** 159,170 **** +*** 188,199 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 159,176 ---- +--- 188,205 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 248,254 **** +*** 275,281 **** $(CC) -o rfc-pg rfc-pg.c .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 254,260 ---- +--- 281,287 ---- $(CC) -o rfc-pg rfc-pg.c .c.o: @@ -51,9 +51,9 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 292,310 **** - ./gen_minfd $(USER_SHELLS) > minfd.h~ - mv -f minfd.h~ minfd.h +*** 310,328 **** + sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts + chmod +x make-ssh-known-hosts ! GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ ! mpz_mul.c mpz_cmp.c mpz_sqrtrem.c @@ -71,9 +71,9 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 298,316 ---- - ./gen_minfd $(USER_SHELLS) > minfd.h~ - mv -f minfd.h~ minfd.h +--- 316,334 ---- + sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts + chmod +x make-ssh-known-hosts ! #GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ ! # mpz_mul.c mpz_cmp.c mpz_sqrtrem.c @@ -92,7 +92,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 361,367 **** +*** 379,385 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@ $(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ ---- 367,373 ---- +--- 385,391 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@ -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ *************** -*** 462,488 **** +*** 480,506 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 468,494 ---- +--- 486,512 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -162,11 +162,11 @@ # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a ! # tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -) ! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a - tar cf $(DISTNAME).tar $(DISTNAME) + tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 494,500 **** +*** 512,518 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a ---- 500,506 ---- +--- 518,524 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null depend: diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index c5ae4062d8f1..cd99b4fcd418 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,8 +1,21 @@ -*** sshd.c.orig Fri Oct 4 17:00:42 1996 ---- sshd.c Tue Nov 12 04:23:15 1996 +*** sshd.c.orig Wed Oct 30 15:27:55 1996 +--- sshd.c Fri Jan 31 00:36:15 1997 *************** -*** 2083,2088 **** ---- 2083,2098 ---- +*** 298,303 **** +--- 298,307 ---- + extern char *setlimits(); + #endif + ++ #ifdef HAVE_LOGIN_CAP_H ++ #include <login_cap.h> ++ #endif ++ + #ifdef _PATH_BSHELL + #define DEFAULT_SHELL _PATH_BSHELL + #else +*************** +*** 2108,2113 **** +--- 2112,2127 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -20,8 +33,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2099,2104 **** ---- 2109,2123 ---- +*** 2124,2129 **** +--- 2138,2152 ---- fclose(f); } } @@ -37,3 +50,190 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); +*************** +*** 2376,2382 **** + char *user_shell; + char *remote_ip; + int remote_port; +! + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); + if (f) +--- 2399,2412 ---- + char *user_shell; + char *remote_ip; + int remote_port; +! #ifdef HAVE_LOGIN_CAP_H +! login_cap_t *lc; +! char **tmpenv; +! char *real_shell; +! +! lc = login_getuserclass(pw); +! auth_checknologin(lc); +! #else /* !HAVE_LOGIN_CAP_H */ + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); + if (f) +*************** +*** 2390,2395 **** +--- 2420,2426 ---- + if (pw->pw_uid != 0) + exit(254); + } ++ #endif /* HAVE_LOGIN_CAP_H */ + + if (command != NULL) + { +*************** +*** 2402,2408 **** + else + log_msg("executing remote command as user %.200s", pw->pw_name); + } +! + #ifdef HAVE_SETLOGIN + /* Set login name in the kernel. Warning: setsid() must be called before + this. */ +--- 2433,2440 ---- + else + log_msg("executing remote command as user %.200s", pw->pw_name); + } +! +! #ifndef HAVE_LOGIN_CAP_H + #ifdef HAVE_SETLOGIN + /* Set login name in the kernel. Warning: setsid() must be called before + this. */ +*************** +*** 2417,2422 **** +--- 2449,2455 ---- + if (setpcred((char *)pw->pw_name, NULL)) + log_msg("setpcred %.100s: %.100s", strerror(errno)); + #endif /* HAVE_USERSEC_H */ ++ #endif /* HAVE_LOGIN_CAP_H */ + + /* Save some data that will be needed so that we can do certain cleanups + before we switch to user's uid. (We must clear all sensitive data +*************** +*** 2474,2479 **** +--- 2507,2553 ---- + close(i); + } + ++ #ifdef HAVE_LOGIN_CAP_H ++ /* Save previous environment array ++ */ ++ tmpenv = environ; ++ /* Initialize the new environment. ++ */ ++ envsize = 64; ++ environ = env = xmalloc(envsize * sizeof(char *)); ++ env[0] = NULL; ++ ++ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); ++ ++ /* Let it inherit timezone if we have one. */ ++ if (getenv("TZ")) ++ child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ ++ #ifdef MAIL_SPOOL_DIRECTORY ++ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name); ++ child_set_env(&env, &envsize, "MAIL", buf); ++ #else /* MAIL_SPOOL_DIRECTORY */ ++ #ifdef MAIL_SPOOL_FILE ++ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE); ++ child_set_env(&env, &envsize, "MAIL", buf); ++ #endif /* MAIL_SPOOL_FILE */ ++ #endif /* MAIL_SPOOL_DIRECTORY */ ++ ++ /* Set the user's login environment ++ */ ++ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0) ++ { ++ perror("setgid"); ++ exit(1); ++ } ++ env = environ; ++ environ = tmpenv; /* Restore parent environment */ ++ for (envsize = 0; env[envsize] != NULL; ++envsize) ++ ; ++ /* Reallocate this to what is expected */ ++ envsize = (envsize < 100) ? 100 : envsize + 16; ++ env = xrealloc(env, envsize * sizeof(char *)); ++ #else /* !HAVE_LOGIN_CAP_H */ + /* At this point, this process should no longer be holding any confidential + information, as changing uid below will permit the user to attach with + a debugger on some machines. */ +*************** +*** 2514,2519 **** +--- 2588,2594 ---- + + if (getuid() != user_uid || geteuid() != user_uid) + fatal("Failed to set uids to %d.", (int)user_uid); ++ #endif /* HAVE_LOGIN_CAP_H */ + + /* Reset signals to their default settings before starting the user + process. */ +*************** +*** 2523,2538 **** +--- 2598,2621 ---- + and means /bin/sh. */ + shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; + ++ #ifdef HAVE_LOGIN_CAP_H ++ real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); ++ #else /* !HAVE_LOGIN_CAP_H */ + /* Initialize the environment. In the first part we allocate space for + all environment variables. */ + envsize = 100; + env = xmalloc(envsize * sizeof(char *)); + env[0] = NULL; ++ #endif /* HAVE_LOGIN_CAP_H */ + + /* Set basic environment. */ + child_set_env(&env, &envsize, "USER", user_name); + child_set_env(&env, &envsize, "LOGNAME", user_name); + child_set_env(&env, &envsize, "HOME", user_dir); ++ ++ #ifdef HAVE_LOGIN_CAP_H ++ login_close(lc); ++ #else /* !HAVE_LOGIN_CAP_H */ + child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); + + /* Let it inherit timezone if we have one. */ +*************** +*** 2548,2553 **** +--- 2631,2637 ---- + child_set_env(&env, &envsize, "MAIL", buf); + #endif /* MAIL_SPOOL_FILE */ + #endif /* MAIL_SPOOL_DIRECTORY */ ++ #endif /* HAVE_LOGIN_CAP_H */ + + #ifdef HAVE_ETC_DEFAULT_LOGIN + /* Read /etc/default/login; this exists at least on Solaris 2.x. Note +*************** +*** 2710,2716 **** +--- 2794,2804 ---- + /* Execute the shell. */ + argv[0] = buf; + argv[1] = NULL; ++ #ifdef HAVE_LOGIN_CAP_H ++ execve(real_shell, argv, env); ++ #else + execve(shell, argv, env); ++ #endif /* HAVE_LOGIN_CAP_H */ + /* Executing the shell failed. */ + perror(shell); + exit(1); +*************** +*** 2722,2728 **** +--- 2810,2820 ---- + argv[1] = "-c"; + argv[2] = (char *)command; + argv[3] = NULL; ++ #ifdef HAVE_LOGIN_CAP_H ++ execve(real_shell, argv, env); ++ #else + execve(shell, argv, env); ++ #endif /* HAVE_LOGIN_CAP_H */ + perror(shell); + exit(1); + } diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj index 1412e9d6a522..74821f010661 100644 --- a/security/ssh2/files/patch-aj +++ b/security/ssh2/files/patch-aj @@ -1,15 +1,40 @@ ---- configure.in.dist Wed Aug 7 13:51:51 1996 -+++ configure.in Wed Aug 7 13:54:35 1996 -@@ -344,9 +344,9 @@ - ;; - esac - --# Socket pairs appear to be broken on several systems. I don't know exactly --# where, so I'll use pipes everywhere for now. --AC_DEFINE(USE_PIPES) -+dnl # Socket pairs appear to be broken on several systems. I don't know exactly -+dnl # where, so I'll use pipes everywhere for now. -+dnl AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], +*** configure.in.orig Wed Oct 30 15:27:56 1996 +--- configure.in Thu Jan 30 23:00:38 1997 +*************** +*** 469,477 **** + + export CFLAGS CC + +! # Socket pairs appear to be broken on several systems. I don't know exactly +! # where, so I'll use pipes everywhere for now. +! AC_DEFINE(USE_PIPES) + + AC_MSG_CHECKING([that the compiler works]) + AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], +--- 469,477 ---- + + export CFLAGS CC + +! dnl # Socket pairs appear to be broken on several systems. I don't know exactly +! dnl # where, so I'll use pipes everywhere for now. +! dnl AC_DEFINE(USE_PIPES) + + AC_MSG_CHECKING([that the compiler works]) + AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], +*************** +*** 523,529 **** + + AC_HEADER_STDC + AC_HEADER_SYS_WAIT +! AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) + AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) + AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) + AC_HEADER_TIME +--- 523,529 ---- + + AC_HEADER_STDC + AC_HEADER_SYS_WAIT +! AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h) + AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) + AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) + AC_HEADER_TIME diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al index cdda2b13b478..9fd18168138a 100644 --- a/security/ssh2/files/patch-al +++ b/security/ssh2/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.dist Thu Jun 6 21:47:06 1996 ---- sshconnect.c Mon Aug 12 13:26:46 1996 +*** sshconnect.c.orig Thu Jan 30 23:00:03 1997 +--- sshconnect.c Thu Jan 30 23:00:04 1997 *************** -*** 235,240 **** ---- 235,246 ---- +*** 239,244 **** +--- 239,250 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 262,267 **** ---- 267,273 ---- +*** 266,271 **** +--- 272,278 ---- } fatal("bind: %.100s", strerror(errno)); } |