freebsd-ports/security/openssh/files/patch-an

--- sshd.c.orig	Tue Dec  7 22:56:55 1999
+++ sshd.c	Tue Dec  7 22:58:36 1999
@@ -24,6 +24,8 @@
 #include "servconf.h"
 #include "uidswap.h"
 #include "compat.h"
+#include <poll.h>
+#include <time.h>
 
 #ifdef LIBWRAP
 #include <tcpd.h>
@@ -32,6 +34,16 @@
 int deny_severity = LOG_WARNING;
 #endif /* LIBWRAP */
 
+#ifdef __FreeBSD__
+#include <libutil.h>
+#include <syslog.h>
+#define	LOGIN_CAP
+#endif /* __FreeBSD__ */
+
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif /* LOGIN_CAP */
+
 #ifndef O_NOCTTY
 #define O_NOCTTY	0
 #endif
@@ -118,6 +130,32 @@
    the private key. */
 RSA *public_key;
 
+/* These are used to implement connections_per_period. */
+struct magic_connection {
+		struct timeval connections_begin;
+		unsigned int connections_this_period;
+} *magic_connections;
+/* Magic number, too!  TODO: this doesn't have to be static. */
+const size_t MAGIC_CONNECTIONS_SIZE = 1;
+
+static __inline int
+magic_hash(struct sockaddr_in *sin) {
+
+	return 0;
+}
+
+static __inline struct timeval
+timevaldiff(struct timeval *tv1, struct timeval *tv2) {
+	struct timeval diff;
+	int carry;
+
+	carry = tv1->tv_usec > tv2->tv_usec;
+	diff.tv_sec = tv2->tv_sec - tv1->tv_sec - (carry ? 0 : 1);
+	diff.tv_usec = tv2->tv_usec - tv1->tv_usec + (carry ? 1000000 : 0);
+
+	return diff;
+}
+
 /* Prototypes for various functions defined later in this file. */
 void do_connection();
 void do_authentication(char *user);
@@ -278,6 +316,7 @@
 	extern char *optarg;
 	extern int optind;
 	int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
+	int connections_per_period_exceeded = 0;
 	int remote_major, remote_minor;
 	int silentrsa = 0;
 	struct pollfd fds;
@@ -543,6 +582,12 @@
 		/* Arrange SIGCHLD to be caught. */
 		signal(SIGCHLD, main_sigchld_handler);
 
+		/* Initialize the magic_connections table.  It's magical! */
+		magic_connections = calloc(MAGIC_CONNECTIONS_SIZE,
+		    sizeof(struct magic_connection));
+		if (magic_connections == NULL)
+			fatal("calloc: %s", strerror(errno));
+
 		/*
 		 * Stay listening for connections until the system crashes or
 		 * the daemon is killed with a signal.
@@ -572,9 +617,31 @@
 				error("accept: %.100s", strerror(errno));
 				continue;
 			}
+			if (options.connections_per_period != 0) {
+				struct timeval diff, connections_end;
+				struct magic_connection *mc;
+
+				(void)gettimeofday(&connections_end, NULL);
+				mc = &magic_connections[magic_hash(&sin)];
+				diff = timevaldiff(&mc->connections_begin, &connections_end);
+				if (diff.tv_sec >= options.connections_period) {
+					/*
+					 * Slide the window forward only after completely
+					 * leaving it.
+					 */
+					mc->connections_begin = connections_end;
+					mc->connections_this_period = 1;
+				} else {
+					if (++mc->connections_this_period >
+					    options.connections_per_period)
+						connections_per_period_exceeded = 1;
+				}
+			}
+					
 			/*
-			 * Got connection.  Fork a child to handle it, unless
-			 * we are in debugging mode.
+			 * Got connection.  Fork a child to handle it unless
+			 * we are in debugging mode or the maximum number of
+			 * connections per period has been exceeded.
 			 */
 			if (debug_flag) {
 				/*
@@ -588,6 +655,12 @@
 				sock_out = newsock;
 				pid = getpid();
 				break;
+			} else if (connections_per_period_exceeded) {
+				log("Connection rate limit of %u/%us has been exceeded; "
+				    "dropping connection from %s.",
+				    options.connections_per_period, options.connections_period,
+				    inet_ntoa(sin.sin_addr));
+				connections_per_period_exceeded = 0;
 			} else {
 				/*
 				 * Normal production daemon.  Fork, and have
@@ -1065,6 +1138,14 @@
 				return 0;
 		}
 	}
+	/* Fail if the account's expiration time has passed. */
+	if (pw->pw_expire != 0) {
+		struct timeval tv;
+
+		(void)gettimeofday(&tv, NULL);
+		if (tv.tv_sec >= pw->pw_expire)
+			return 0;
+	}
 	/* We found no reason not to let this user try to log on... */
 	return 1;
 }
@@ -1100,6 +1181,9 @@
 	pwcopy.pw_gid = pw->pw_gid;
 	pwcopy.pw_dir = xstrdup(pw->pw_dir);
 	pwcopy.pw_shell = xstrdup(pw->pw_shell);
+	pwcopy.pw_class = xstrdup(pw->pw_class);
+	pwcopy.pw_expire = pw->pw_expire;
+	pwcopy.pw_change = pw->pw_change;
 	pw = &pwcopy;
 
 	/*
@@ -1889,6 +1973,10 @@
 	struct sockaddr_in from;
 	int fromlen;
 	struct pty_cleanup_context cleanup_context;
+#ifdef LOGIN_CAP
+	login_cap_t *lc;
+	char *fname;
+#endif /* LOGIN_CAP */
 
 	/* Get remote host name. */
 	hostname = get_canonical_hostname();
@@ -1953,6 +2041,12 @@
 		/* Check if .hushlogin exists. */
 		snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
 		quiet_login = stat(line, &st) >= 0;
+#ifdef LOGIN_CAP
+		lc = login_getpwclass(pw);
+		if (lc == NULL)
+			lc = login_getclassbyname(NULL, pw);
+		quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
+#endif /* LOGIN_CAP */
 
 		/*
 		 * If the user has logged in before, display the time of last
@@ -1976,6 +2070,20 @@
 			else
 				printf("Last login: %s from %s\r\n", time_string, buf);
 		}
+#ifdef LOGIN_CAP
+		if (command == NULL && !quiet_login && !options.use_login) {
+			fname = login_getcapstr(lc, "copyright", NULL, NULL);
+			if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
+				while (fgets(line, sizeof(line), f) != NULL)
+					fputs(line, stdout);
+				fclose(f);
+			} else
+				(void)printf("%s\n\t%s %s\n",
+		"Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+		    "The Regents of the University of California. ",
+		    "All rights reserved.");
+		}
+#endif /* LOGIN_CAP */
 		/*
 		 * Print /etc/motd unless a command was specified or printing
 		 * it was disabled in server options or login(1) will be
@@ -1984,14 +2092,22 @@
 		 */
 		if (command == NULL && options.print_motd && !quiet_login &&
 		    !options.use_login) {
-			/* Print /etc/motd if it exists. */
+#ifdef LOGIN_CAP
+			fname = login_getcapstr(lc, "welcome", NULL, NULL);
+			login_close(lc);
+			if (fname == NULL || (f = fopen(fname, "r")) == NULL)
+				f = fopen("/etc/motd", "r");
+#else /* LOGIN_CAP */
 			f = fopen("/etc/motd", "r");
+#endif /* LOGIN_CAP */
+			/* Print /etc/motd if it exists. */
 			if (f) {
 				while (fgets(line, sizeof(line), f))
 					fputs(line, stdout);
 				fclose(f);
 			}
 		}
+
 		/* Do common processing for the child, such as execing the command. */
 		do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
 		/* NOTREACHED */
@@ -2127,7 +2243,8 @@
 	 const char *display, const char *auth_proto,
 	 const char *auth_data, const char *ttyname)
 {
-	const char *shell, *cp = NULL;
+	char *shell;
+	const char *cp = NULL;
 	char buf[256];
 	FILE *f;
 	unsigned int envsize, i;
@@ -2135,15 +2252,34 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef LOGIN_CAP
+	login_cap_t *lc;
+
+	lc = login_getpwclass(pw);
+	if (lc == NULL)
+		lc = login_getclassbyname(NULL, pw);
+#endif /* LOGIN_CAP */
 
 	f = fopen("/etc/nologin", "r");
+#ifdef __FreeBSD__
+	if (f == NULL)
+		f = fopen("/var/run/nologin", "r");
+#endif /* __FreeBSD__ */
 	if (f) {
 		/* /etc/nologin exists.  Print its contents and exit. */
-		while (fgets(buf, sizeof(buf), f))
-			fputs(buf, stderr);
-		fclose(f);
-		if (pw->pw_uid != 0)
-			exit(254);
+#ifdef LOGIN_CAP
+		/* On FreeBSD, etc., allow overriding nologin via login.conf. */
+		if (!login_getcapbool(lc, "ignorenologin", 0)) {
+#else /* LOGIN_CAP */
+		if (1) {
+#endif /* LOGIN_CAP */
+			while (fgets(buf, sizeof(buf), f))
+				fputs(buf, stderr);
+			fclose(f);
+			if (pw->pw_uid != 0)
+				exit(254);
+		}
+
 	}
 	/* Set login name in the kernel. */
 	if (setlogin(pw->pw_name) < 0)
@@ -2153,6 +2289,13 @@
 	/* Login(1) does this as well, and it needs uid 0 for the "-h"
 	   switch, so we let login(1) to this for us. */
 	if (!options.use_login) {
+#ifdef LOGIN_CAP
+		if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY |
+		    LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) {
+			perror("setclasscontext");
+			exit(1);
+		}
+#endif /* LOGIN_CAP */
 		if (getuid() == 0 || geteuid() == 0) {
 			if (setgid(pw->pw_gid) < 0) {
 				perror("setgid");
@@ -2175,7 +2318,14 @@
 	 * Get the shell from the password data.  An empty shell field is
 	 * legal, and means /bin/sh.
 	 */
+#ifdef LOGIN_CAP
+	shell = pw->pw_shell;
+	shell = login_getcapstr(lc, "shell", shell, shell);
+	if (shell[0] == '\0')
+		shell = _PATH_BSHELL;
+#else /* LOGIN_CAP */
 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+#endif /* LOGIN_CAP */
 
 #ifdef AFS
 	/* Try to get AFS tokens for the local cell. */
@@ -2199,7 +2349,12 @@
 		child_set_env(&env, &envsize, "USER", pw->pw_name);
 		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
 		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
+#ifdef LOGIN_CAP
+		child_set_env(&env, &envsize, "PATH",
+		    login_getpath(lc, "path", _PATH_STDPATH));
+#else /* LOGIN_CAP */
 		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+#endif /* LOGIN_CAP */
 
 		snprintf(buf, sizeof buf, "%.200s/%.50s",
 			 _PATH_MAILDIR, pw->pw_name);
@@ -2289,6 +2444,9 @@
 	 */
 	endpwent();
 	endhostent();
+#ifdef LOGIN_CAP
+	login_close(lc);
+#endif /* LOGIN_CAP */
 
 	/*
 	 * Close any extra open file descriptors so that we don\'t have them
@@ -2296,7 +2454,7 @@
 	 * initgroups, because at least on Solaris 2.3 it leaves file
 	 * descriptors open.
 	 */
-	for (i = 3; i < 64; i++)
+	for (i = 3; i < getdtablesize(); i++)
 		close(i);
 
 	/* Change current directory to the user\'s home directory. */
@@ -2315,6 +2473,26 @@
 	 * in this order).
 	 */
 	if (!options.use_login) {
+#ifdef __FreeBSD__
+		/*
+		 * If the password change time is set and has passed, give the
+		 * user a password expiry notice and chance to change it.
+		 */
+		if (pw->pw_change != 0) {
+			struct timeval tv;
+
+			(void)gettimeofday(&tv, NULL);
+			if (tv.tv_sec >= pw->pw_change) {
+				(void)printf(
+				    "Sorry -- your password has expired.\n");
+				syslog(LOG_INFO,
+				    "%s Password expired - forcing change",
+				    pw->pw_name);
+				if (system("/usr/bin/passwd") != 0)
+					perror("/usr/bin/passwd");
+			}
+		}
+#endif /* __FreeBSD__ */
 		if (stat(SSH_USER_RC, &st) >= 0) {
 			if (debug_flag)
 				fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);