mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-23 04:23:08 +00:00
Defaults changed: (Gregory Sutter)
ChallengeResponseAuthentication no UseLogin no SSH_PRIVSEP_USER=sshd, distributioin patch set it to nobodyh. (Jan Srzednicki) #undef USE_PIPES, problems with ppp over ssh. (Kugimoto Takeshi) fix missing includes for "canohost.h"
This commit is contained in:
parent
27bab29fdb
commit
22f7f6acb8
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=62139
@ -7,6 +7,7 @@
|
||||
|
||||
PORTNAME= openssh
|
||||
PORTVERSION= 3.4
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
|
||||
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
|
||||
@ -28,7 +29,7 @@ MODIFY= ssh.h sshd_config sshd.sh pathnames.h
|
||||
FIXME= lib/Makefile scp/Makefile sftp/Makefile sftp-server/Makefile \
|
||||
ssh/Makefile ssh-add/Makefile ssh-agent/Makefile \
|
||||
ssh-keygen/Makefile ssh-keyscan/Makefile sshd/Makefile
|
||||
ADDME+= netdb.h auth-pam.c auth-pam.h auth2-pam.c
|
||||
ADDME+= auth-pam.c auth-pam.h auth2-pam.c
|
||||
ADDLIB+= strlcat.c strlcpy.c \
|
||||
getaddrinfo.c name6.c bindresvport.c rcmd.c getnameinfo.c
|
||||
PRECIOUS= ssh_config sshd_config \
|
||||
@ -46,6 +47,7 @@ CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto
|
||||
MAKE_ENV+= DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"
|
||||
.if ${OSVERSION} < 400014
|
||||
MAKE_ENV+= COMPAT_GETADDRINFO=yes
|
||||
ADDME+= netdb.h
|
||||
.else
|
||||
MAKE_ENV+= INET6FLAGS=-DINET6
|
||||
.endif
|
||||
|
@ -1,21 +1,21 @@
|
||||
--- auth1.c.orig Wed Jun 19 02:27:55 2002
|
||||
+++ auth1.c Wed Jun 26 18:05:48 2002
|
||||
@@ -27,6 +27,15 @@
|
||||
+++ auth1.c Fri Jun 28 06:45:24 2002
|
||||
@@ -26,6 +26,15 @@
|
||||
#include "session.h"
|
||||
#include "uidswap.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
+#include "canohost.h"
|
||||
+
|
||||
+#ifdef HAVE_LOGIN_CAP
|
||||
+#include <login_cap.h>
|
||||
+#endif /* HAVE_LOGIN_CAP */
|
||||
+#ifdef USE_PAM
|
||||
+#include "canohost.h"
|
||||
+#include "auth-pam.h"
|
||||
+#include <security/pam_appl.h>
|
||||
+#endif /* USE_PAM */
|
||||
+
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
|
||||
@@ -75,6 +84,16 @@
|
||||
u_int ulen;
|
||||
int type = 0;
|
||||
|
@ -1,6 +1,14 @@
|
||||
--- auth2.c.orig Fri May 31 13:35:15 2002
|
||||
+++ auth2.c Mon Jun 24 07:02:04 2002
|
||||
@@ -133,6 +133,15 @@
|
||||
+++ auth2.c Fri Jun 28 06:45:47 2002
|
||||
@@ -35,6 +35,7 @@
|
||||
#include "dispatch.h"
|
||||
#include "pathnames.h"
|
||||
#include "monitor_wrap.h"
|
||||
+#include "canohost.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
@@ -133,6 +134,15 @@
|
||||
Authmethod *m = NULL;
|
||||
char *user, *service, *method, *style = NULL;
|
||||
int authenticated = 0;
|
||||
@ -16,7 +24,7 @@
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("input_userauth_request: no authctxt");
|
||||
@@ -152,8 +161,14 @@
|
||||
@@ -152,8 +162,14 @@
|
||||
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
|
||||
authctxt->valid = 1;
|
||||
debug2("input_userauth_request: setting up authctxt for %s", user);
|
||||
@ -31,7 +39,7 @@
|
||||
}
|
||||
setproctitle("%s%s", authctxt->pw ? user : "unknown",
|
||||
use_privsep ? " [net]" : "");
|
||||
@@ -168,6 +183,41 @@
|
||||
@@ -168,6 +184,41 @@
|
||||
"(%s,%s) -> (%s,%s)",
|
||||
authctxt->user, authctxt->service, user, service);
|
||||
}
|
||||
@ -73,7 +81,7 @@
|
||||
/* reset state */
|
||||
auth2_challenge_stop(authctxt);
|
||||
authctxt->postponed = 0;
|
||||
@@ -178,6 +228,12 @@
|
||||
@@ -178,6 +229,12 @@
|
||||
debug2("input_userauth_request: try method %s", method);
|
||||
authenticated = m->userauth(authctxt);
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- includes.h.orig Sat Jan 26 17:44:22 2002
|
||||
+++ includes.h Sat Jun 22 12:17:34 2002
|
||||
+++ includes.h Fri Jun 28 06:23:07 2002
|
||||
@@ -24,12 +24,12 @@
|
||||
#include <sys/select.h>
|
||||
#include <sys/param.h>
|
||||
@ -22,10 +22,12 @@
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
@@ -62,5 +61,68 @@
|
||||
@@ -61,6 +60,69 @@
|
||||
* Define this to use pipes instead of socketpairs for communicating with the
|
||||
* client program. Socketpairs do not seem to work on all systems.
|
||||
*/
|
||||
#define USE_PIPES 1
|
||||
-#define USE_PIPES 1
|
||||
+#undef USE_PIPES
|
||||
+
|
||||
+#if defined(__FreeBSD__) && __FreeBSD__ <= 3
|
||||
+/*
|
||||
|
11
security/openssh/files/patch-ssh.h
Normal file
11
security/openssh/files/patch-ssh.h
Normal file
@ -0,0 +1,11 @@
|
||||
--- ssh.h.orig Fri Jun 28 06:15:27 2002
|
||||
+++ ssh.h Fri Jun 28 06:16:33 2002
|
||||
@@ -90,7 +90,7 @@
|
||||
* sshd will change its privileges to this user and its
|
||||
* primary group.
|
||||
*/
|
||||
-#define SSH_PRIVSEP_USER "nobody"
|
||||
+#define SSH_PRIVSEP_USER "sshd"
|
||||
|
||||
/* Minimum modulus size (n) for RSA keys. */
|
||||
#define SSH_RSA_MINIMUM_MODULUS_SIZE 768
|
@ -1,10 +1,16 @@
|
||||
--- sshd_config Mon Jun 24 20:56:50 2002
|
||||
+++ sshd_config.orig Sat Jun 22 12:40:35 2002
|
||||
@@ -74,7 +76,9 @@
|
||||
#PrintLastLog yes
|
||||
--- sshd_config.orig Thu Jun 27 22:07:41 2002
|
||||
+++ sshd_config Fri Jun 28 06:00:05 2002
|
||||
@@ -56,6 +56,7 @@
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
#ChallengeResponseAuthentication yes
|
||||
+ChallengeResponseAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
@@ -75,6 +76,7 @@
|
||||
#KeepAlive yes
|
||||
#UseLogin no
|
||||
+UseLogin yes
|
||||
#UsePrivilegeSeparation yes
|
||||
+UsePrivilegeSeparation yes
|
||||
#Compression yes
|
||||
|
Loading…
Reference in New Issue
Block a user