From 0184c34e8cb076152632863171178a4dd4fa8adf Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Sun, 7 Jul 2002 18:53:06 +0000 Subject: FreeBSD specifc security fix for: ChallengeResponseAuthentication yes --- security/openssh/Makefile | 4 ++-- security/openssh/files/patch-auth1.c | 16 ++++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'security/openssh') diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 65f141c81163..d4b63b579350 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.4 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ @@ -85,7 +85,7 @@ post-extract: @${CP} ${FILESDIR}/${i} ${WRKSRC}/ .endfor -post-patch: +pre-configure: .for i in ${MODIFY:S/pathnames.h//} ${MAN1:S/slogin.1//} ${MAN5} ${MAN8} @${MV} ${WRKSRC}/${i} ${WRKSRC}/${i}.sed ${SED} -e "s=/etc/ssh=${ETCSSH}/ssh=" \ diff --git a/security/openssh/files/patch-auth1.c b/security/openssh/files/patch-auth1.c index 8dabcfa61831..79705ea12adf 100644 --- a/security/openssh/files/patch-auth1.c +++ b/security/openssh/files/patch-auth1.c @@ -1,5 +1,5 @@ --- auth1.c.orig Wed Jun 19 02:27:55 2002 -+++ auth1.c Fri Jun 28 06:45:24 2002 ++++ auth1.c Sun Jul 7 20:36:36 2002 @@ -26,6 +26,15 @@ #include "session.h" #include "uidswap.h" @@ -55,7 +55,7 @@ for (;;) { /* default to fail */ authenticated = 0; -@@ -243,12 +268,48 @@ +@@ -243,12 +268,52 @@ packet_check_eom(); /* Try authentication with the password. */ @@ -74,7 +74,11 @@ +#ifdef USE_PAM + case SSH_CMSG_AUTH_TIS: + debug("rcvd SSH_CMSG_AUTH_TIS: Trying PAM"); ++ if (pw == NULL) ++ break; + pam_cookie = ipam_start_auth("sshd", pw->pw_name); ++ if (pam_cookie == NULL) ++ break; + /* We now have data available to send as a challenge */ + if (pam_cookie->num_msg != 1 || + (pam_cookie->msg[0]->msg_style != PAM_PROMPT_ECHO_OFF && @@ -105,7 +109,7 @@ case SSH_CMSG_AUTH_TIS: debug("rcvd SSH_CMSG_AUTH_TIS"); if (options.challenge_response_authentication == 1) { -@@ -275,6 +336,12 @@ +@@ -275,6 +340,12 @@ xfree(response); } break; @@ -118,7 +122,7 @@ default: /* -@@ -284,6 +351,34 @@ +@@ -284,6 +355,34 @@ log("Unknown message during authentication: type %d", type); break; } @@ -153,7 +157,7 @@ #ifdef BSD_AUTH if (authctxt->as) { auth_close(authctxt->as); -@@ -299,9 +394,23 @@ +@@ -299,9 +398,23 @@ !auth_root_allowed(get_authname(type))) authenticated = 0; @@ -177,7 +181,7 @@ if (authenticated) return; -@@ -354,6 +463,11 @@ +@@ -354,6 +467,11 @@ authctxt->valid = 1; else debug("do_authentication: illegal user %s", user); -- cgit v1.2.3