mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-05 01:55:52 +00:00
- Update to 5.2p1
- Assign maintainership to the submitter PR: ports/134160 Submitted by: Denis Barov <dindin@dindin.ru>
This commit is contained in:
parent
7391bca721
commit
73a15551c8
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=233924
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
PORTNAME= openssh
|
||||
DISTVERSION= 5.1p1
|
||||
DISTVERSION= 5.2p1
|
||||
PORTEPOCH= 1
|
||||
CATEGORIES= security ipv6
|
||||
.if defined(OPENSSH_SNAPSHOT)
|
||||
@ -18,7 +18,7 @@ MASTER_SITE_SUBDIR= OpenSSH/portable
|
||||
PKGNAMESUFFIX= ${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}
|
||||
DISTNAME= # empty
|
||||
|
||||
MAINTAINER= ports@FreeBSD.org
|
||||
MAINTAINER= dindin@dindin.ru
|
||||
COMMENT= The portable version of OpenBSD's OpenSSH
|
||||
|
||||
.if defined(OPENSSH_SNAPSHOT)
|
||||
@ -72,7 +72,10 @@ OPTIONS= PAM "Enable pam(3) support" on \
|
||||
BROKEN= does not compile
|
||||
.endif
|
||||
|
||||
# Preserve deprecated OPENSSH_OVERWRITE_BASE settings
|
||||
.if defined(WITH_X509) && ( defined(WITH_HPN) || defined(WITH_LPK))
|
||||
BROKEN= X509 patch incompatible with HPN and LPK patches
|
||||
.endif
|
||||
|
||||
.if defined(OPENSSH_OVERWRITE_BASE)
|
||||
WITH_OVERWRITE_BASE= yes
|
||||
.endif
|
||||
@ -96,6 +99,7 @@ CONFIGURE_ARGS+= --disable-suid-ssh
|
||||
.if !defined(WITHOUT_KERBEROS)
|
||||
.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
|
||||
.if defined(WITH_KERB_GSSAPI)
|
||||
BROKEN= KERB_GSSAPI patch incompatible with ${PORTNAME}-5.2p1
|
||||
PATCH_DIST_STRIP= -p0
|
||||
PATCH_SITES+= http://www.sxw.org.uk/computing/patches/
|
||||
PATCHFILES+= openssh-5.0p1-gsskex-20080404.patch
|
||||
@ -136,19 +140,13 @@ CONFIGURE_ARGS+= --with-opensc=${LOCALBASE}
|
||||
EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch
|
||||
.endif
|
||||
|
||||
.if defined(WITH_HPN) && defined(WITH_LPK)
|
||||
BROKEN= HPN and LPK patches are incompatible
|
||||
.endif
|
||||
|
||||
.if defined(WITH_HPN)
|
||||
PATCH_DIST_STRIP= -p1
|
||||
PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/
|
||||
PATCHFILES+= openssh-5.1p1-hpn13v5.diff.gz
|
||||
EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn.patch
|
||||
.endif
|
||||
|
||||
# See http://dev.inversepath.com/trac/openssh-lpk
|
||||
.if defined(WITH_LPK)
|
||||
EXTRA_PATCHES= ${FILESDIR}/openssh-lpk-5.0p1-0.3.9.patch
|
||||
EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.0p1-0.3.9.patch
|
||||
.if ${ARCH} == "amd64"
|
||||
EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.0p1-64bit.patch
|
||||
.endif
|
||||
@ -158,11 +156,21 @@ CONFIGURE_ARGS+= --with-libs='-lldap' --with-ldflags='-L${LOCALBASE}/lib' \
|
||||
--with-cppflags='-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY'
|
||||
.endif
|
||||
|
||||
# resolve some patches incompatibility between LPK and HPN patches
|
||||
|
||||
.if defined(WITH_HPN) && defined(WITH_LPK)
|
||||
EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk+hpn-servconf.patch
|
||||
.elif defined(WITH_HPN) && !defined(WITH_LPK)
|
||||
EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn-servconf.patch
|
||||
.elif defined(WITH_LPK) && !defined(WITH_HPN)
|
||||
EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.0p1-0.3.9-servconv.patch
|
||||
.endif
|
||||
|
||||
# See http://www.roumenpetrov.info/openssh/
|
||||
.if defined(WITH_X509)
|
||||
PATCH_DIST_STRIP= -p1
|
||||
PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.1.1/
|
||||
PATCHFILES+= openssh-5.1p1+x509-6.1.1.diff.gz
|
||||
PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2/
|
||||
PATCHFILES+= openssh-5.2p1+x509-6.2.diff.gz
|
||||
.endif
|
||||
|
||||
.if defined(WITH_OVERWRITE_BASE)
|
||||
|
@ -1,9 +1,6 @@
|
||||
MD5 (openssh-5.1p1.tar.gz) = 03f2d0c1b5ec60d4ac9997a146d2faec
|
||||
SHA256 (openssh-5.1p1.tar.gz) = f05358164dae1021386ae57be53a5e9f5cba7a1f8c9beaa428299e28a5666d75
|
||||
SIZE (openssh-5.1p1.tar.gz) = 1040041
|
||||
MD5 (openssh-5.1p1-hpn13v5.diff.gz) = 614f2cc34817bb9460e3b700be21b94b
|
||||
SHA256 (openssh-5.1p1-hpn13v5.diff.gz) = 81bebd71fb0aa8a265c0576aa3c42c0fdf263712db771f12d35c8aff09523aab
|
||||
SIZE (openssh-5.1p1-hpn13v5.diff.gz) = 23017
|
||||
MD5 (openssh-5.1p1+x509-6.1.1.diff.gz) = 9be4b5f1104e51333199423802e97fe7
|
||||
SHA256 (openssh-5.1p1+x509-6.1.1.diff.gz) = 2821d8fe003337569d6551fd26a387f53b4adc9b59f2b0131659936e11966eb3
|
||||
SIZE (openssh-5.1p1+x509-6.1.1.diff.gz) = 152642
|
||||
MD5 (openssh-5.2p1.tar.gz) = ada79c7328a8551bdf55c95e631e7dad
|
||||
SHA256 (openssh-5.2p1.tar.gz) = 4023710c37d0b3d79e6299cb79b6de2a31db7d581fe59e775a5351784034ecae
|
||||
SIZE (openssh-5.2p1.tar.gz) = 1016612
|
||||
MD5 (openssh-5.2p1+x509-6.2.diff.gz) = 8dbbfb743226864f6bb49b56e77776d9
|
||||
SHA256 (openssh-5.2p1+x509-6.2.diff.gz) = 72cfb1e232b6ae0a9df6e8539a9f6b53db7c0a2141cf2e4dd65b407748fa9f34
|
||||
SIZE (openssh-5.2p1+x509-6.2.diff.gz) = 153010
|
||||
|
@ -0,0 +1,32 @@
|
||||
--- servconf.c.orig 2009-05-02 18:22:38.000000000 +0400
|
||||
+++ servconf.c 2009-05-02 18:24:15.000000000 +0400
|
||||
@@ -127,12 +127,21 @@
|
||||
options->num_permitted_opens = -1;
|
||||
options->adm_forced_command = NULL;
|
||||
options->chroot_directory = NULL;
|
||||
+ options->none_enabled = -1;
|
||||
+ options->tcp_rcv_buf_poll = -1;
|
||||
+ options->hpn_disabled = -1;
|
||||
+ options->hpn_buffer_size = -1;
|
||||
options->zero_knowledge_password_authentication = -1;
|
||||
}
|
||||
|
||||
void
|
||||
fill_default_server_options(ServerOptions *options)
|
||||
{
|
||||
+ /* needed for hpn socket tests */
|
||||
+ int sock;
|
||||
+ int socksize;
|
||||
+ int socksizelen = sizeof(int);
|
||||
+
|
||||
/* Portable-specific options */
|
||||
if (options->use_pam == -1)
|
||||
options->use_pam = 1;
|
||||
@@ -345,6 +354,7 @@
|
||||
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
|
||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||
+ sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
|
||||
sZeroKnowledgePasswordAuthentication,
|
||||
sDeprecated, sUnsupported
|
||||
} ServerOpCodes;
|
2196
security/openssh-portable/files/openssh-5.2p1-hpn.patch
Normal file
2196
security/openssh-portable/files/openssh-5.2p1-hpn.patch
Normal file
File diff suppressed because it is too large
Load Diff
240
security/openssh-portable/files/openssh-lpk+hpn-servconf.patch
Normal file
240
security/openssh-portable/files/openssh-lpk+hpn-servconf.patch
Normal file
@ -0,0 +1,240 @@
|
||||
--- servconf.c.orig 2009-05-02 19:35:42.000000000 +0400
|
||||
+++ servconf.c 2009-05-02 19:37:13.000000000 +0400
|
||||
@@ -42,6 +42,10 @@
|
||||
#include "channels.h"
|
||||
#include "groupaccess.h"
|
||||
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+#include "ldapauth.h"
|
||||
+#endif
|
||||
+
|
||||
static void add_listen_addr(ServerOptions *, char *, int);
|
||||
static void add_one_listen_addr(ServerOptions *, char *, int);
|
||||
|
||||
@@ -74,7 +78,7 @@
|
||||
options->ignore_user_known_hosts = -1;
|
||||
options->print_motd = -1;
|
||||
options->print_lastlog = -1;
|
||||
- options->x11_forwarding = -1;
|
||||
+ options->x11_forwarding = 1;
|
||||
options->x11_display_offset = -1;
|
||||
options->x11_use_localhost = -1;
|
||||
options->xauth_location = NULL;
|
||||
@@ -127,12 +131,39 @@
|
||||
options->num_permitted_opens = -1;
|
||||
options->adm_forced_command = NULL;
|
||||
options->chroot_directory = NULL;
|
||||
+ options->none_enabled = -1;
|
||||
+ options->tcp_rcv_buf_poll = -1;
|
||||
+ options->hpn_disabled = -1;
|
||||
+ options->hpn_buffer_size = -1;
|
||||
options->zero_knowledge_password_authentication = -1;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ /* XXX dirty */
|
||||
+ options->lpk.ld = NULL;
|
||||
+ options->lpk.on = -1;
|
||||
+ options->lpk.servers = NULL;
|
||||
+ options->lpk.u_basedn = NULL;
|
||||
+ options->lpk.g_basedn = NULL;
|
||||
+ options->lpk.binddn = NULL;
|
||||
+ options->lpk.bindpw = NULL;
|
||||
+ options->lpk.sgroup = NULL;
|
||||
+ options->lpk.filter = NULL;
|
||||
+ options->lpk.fgroup = NULL;
|
||||
+ options->lpk.l_conf = NULL;
|
||||
+ options->lpk.tls = -1;
|
||||
+ options->lpk.b_timeout.tv_sec = -1;
|
||||
+ options->lpk.s_timeout.tv_sec = -1;
|
||||
+ options->lpk.flags = FLAG_EMPTY;
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
fill_default_server_options(ServerOptions *options)
|
||||
{
|
||||
+ /* needed for hpn socket tests */
|
||||
+ int sock;
|
||||
+ int socksize;
|
||||
+ int socksizelen = sizeof(int);
|
||||
+
|
||||
/* Portable-specific options */
|
||||
if (options->use_pam == -1)
|
||||
options->use_pam = 1;
|
||||
@@ -265,6 +296,32 @@
|
||||
options->permit_tun = SSH_TUNMODE_NO;
|
||||
if (options->zero_knowledge_password_authentication == -1)
|
||||
options->zero_knowledge_password_authentication = 0;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ if (options->lpk.on == -1)
|
||||
+ options->lpk.on = _DEFAULT_LPK_ON;
|
||||
+ if (options->lpk.servers == NULL)
|
||||
+ options->lpk.servers = _DEFAULT_LPK_SERVERS;
|
||||
+ if (options->lpk.u_basedn == NULL)
|
||||
+ options->lpk.u_basedn = _DEFAULT_LPK_UDN;
|
||||
+ if (options->lpk.g_basedn == NULL)
|
||||
+ options->lpk.g_basedn = _DEFAULT_LPK_GDN;
|
||||
+ if (options->lpk.binddn == NULL)
|
||||
+ options->lpk.binddn = _DEFAULT_LPK_BINDDN;
|
||||
+ if (options->lpk.bindpw == NULL)
|
||||
+ options->lpk.bindpw = _DEFAULT_LPK_BINDPW;
|
||||
+ if (options->lpk.sgroup == NULL)
|
||||
+ options->lpk.sgroup = _DEFAULT_LPK_SGROUP;
|
||||
+ if (options->lpk.filter == NULL)
|
||||
+ options->lpk.filter = _DEFAULT_LPK_FILTER;
|
||||
+ if (options->lpk.tls == -1)
|
||||
+ options->lpk.tls = _DEFAULT_LPK_TLS;
|
||||
+ if (options->lpk.b_timeout.tv_sec == -1)
|
||||
+ options->lpk.b_timeout.tv_sec = _DEFAULT_LPK_BTIMEOUT;
|
||||
+ if (options->lpk.s_timeout.tv_sec == -1)
|
||||
+ options->lpk.s_timeout.tv_sec = _DEFAULT_LPK_STIMEOUT;
|
||||
+ if (options->lpk.l_conf == NULL)
|
||||
+ options->lpk.l_conf = _DEFAULT_LPK_LDP;
|
||||
+#endif
|
||||
|
||||
if (options->hpn_disabled == -1)
|
||||
options->hpn_disabled = 0;
|
||||
@@ -345,8 +402,15 @@
|
||||
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
|
||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||
+ sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
|
||||
sZeroKnowledgePasswordAuthentication,
|
||||
sDeprecated, sUnsupported
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ ,sLdapPublickey, sLdapServers, sLdapUserDN
|
||||
+ ,sLdapGroupDN, sBindDN, sBindPw, sMyGroup
|
||||
+ ,sLdapFilter, sForceTLS, sBindTimeout
|
||||
+ ,sSearchTimeout, sLdapConf
|
||||
+#endif
|
||||
} ServerOpCodes;
|
||||
|
||||
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
|
||||
@@ -457,6 +521,20 @@
|
||||
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
|
||||
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
|
||||
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ { _DEFAULT_LPK_TOKEN, sLdapPublickey, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_SRV_TOKEN, sLdapServers, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_USR_TOKEN, sLdapUserDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_GRP_TOKEN, sLdapGroupDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BDN_TOKEN, sBindDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BPW_TOKEN, sBindPw, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_MYG_TOKEN, sMyGroup, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_FIL_TOKEN, sLdapFilter, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_TLS_TOKEN, sForceTLS, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BTI_TOKEN, sBindTimeout, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_STI_TOKEN, sSearchTimeout, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_LDP_TOKEN, sLdapConf, SSHCFG_GLOBAL },
|
||||
+#endif
|
||||
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
|
||||
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
|
||||
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
|
||||
@@ -1368,6 +1446,107 @@
|
||||
while (arg)
|
||||
arg = strdelim(&cp);
|
||||
break;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ case sLdapPublickey:
|
||||
+ intptr = &options->lpk.on;
|
||||
+ goto parse_flag;
|
||||
+ case sLdapServers:
|
||||
+ /* arg = strdelim(&cp); */
|
||||
+ p = line;
|
||||
+ while(*p++);
|
||||
+ arg = p;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ if ((options->lpk.servers = ldap_parse_servers(arg)) == NULL)
|
||||
+ fatal("%s line %d: error in ldap servers", filename, linenum);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapUserDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.u_basedn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapGroupDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.g_basedn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sBindDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing binddn",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.binddn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sBindPw:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing bindpw",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.bindpw = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sMyGroup:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing groupname",filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.sgroup = xstrdup(arg);
|
||||
+ if (options->lpk.sgroup)
|
||||
+ options->lpk.fgroup = ldap_parse_groups(options->lpk.sgroup);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapFilter:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing filter",filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.filter = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sForceTLS:
|
||||
+ intptr = &options->lpk.tls;
|
||||
+ arg = strdelim(&cp);
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing yes/no argument.",
|
||||
+ filename, linenum);
|
||||
+ value = 0; /* silence compiler */
|
||||
+ if (strcmp(arg, "yes") == 0)
|
||||
+ value = 1;
|
||||
+ else if (strcmp(arg, "no") == 0)
|
||||
+ value = 0;
|
||||
+ else if (strcmp(arg, "try") == 0)
|
||||
+ value = -1;
|
||||
+ else
|
||||
+ fatal("%s line %d: Bad yes/no argument: %s",
|
||||
+ filename, linenum, arg);
|
||||
+ if (*intptr == -1)
|
||||
+ *intptr = value;
|
||||
+ break;
|
||||
+ case sBindTimeout:
|
||||
+ intptr = (int *) &options->lpk.b_timeout.tv_sec;
|
||||
+ goto parse_int;
|
||||
+ case sSearchTimeout:
|
||||
+ intptr = (int *) &options->lpk.s_timeout.tv_sec;
|
||||
+ goto parse_int;
|
||||
+ break;
|
||||
+ case sLdapConf:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing LpkLdapConf", filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.l_conf = xstrdup(arg);
|
||||
+ memset(arg, 0, strlen(arg));
|
||||
+ break;
|
||||
+#endif
|
||||
|
||||
default:
|
||||
fatal("%s line %d: Missing handler for opcode %s (%d)",
|
@ -0,0 +1,222 @@
|
||||
--- servconf.c.orig 2009-05-02 19:24:09.000000000 +0400
|
||||
+++ servconf.c 2009-05-02 19:29:37.000000000 +0400
|
||||
@@ -42,6 +42,10 @@
|
||||
#include "channels.h"
|
||||
#include "groupaccess.h"
|
||||
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+#include "ldapauth.h"
|
||||
+#endif
|
||||
+
|
||||
static void add_listen_addr(ServerOptions *, char *, int);
|
||||
static void add_one_listen_addr(ServerOptions *, char *, int);
|
||||
|
||||
@@ -74,7 +78,7 @@
|
||||
options->ignore_user_known_hosts = -1;
|
||||
options->print_motd = -1;
|
||||
options->print_lastlog = -1;
|
||||
- options->x11_forwarding = -1;
|
||||
+ options->x11_forwarding = 1;
|
||||
options->x11_display_offset = -1;
|
||||
options->x11_use_localhost = -1;
|
||||
options->xauth_location = NULL;
|
||||
@@ -128,6 +132,24 @@
|
||||
options->adm_forced_command = NULL;
|
||||
options->chroot_directory = NULL;
|
||||
options->zero_knowledge_password_authentication = -1;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ /* XXX dirty */
|
||||
+ options->lpk.ld = NULL;
|
||||
+ options->lpk.on = -1;
|
||||
+ options->lpk.servers = NULL;
|
||||
+ options->lpk.u_basedn = NULL;
|
||||
+ options->lpk.g_basedn = NULL;
|
||||
+ options->lpk.binddn = NULL;
|
||||
+ options->lpk.bindpw = NULL;
|
||||
+ options->lpk.sgroup = NULL;
|
||||
+ options->lpk.filter = NULL;
|
||||
+ options->lpk.fgroup = NULL;
|
||||
+ options->lpk.l_conf = NULL;
|
||||
+ options->lpk.tls = -1;
|
||||
+ options->lpk.b_timeout.tv_sec = -1;
|
||||
+ options->lpk.s_timeout.tv_sec = -1;
|
||||
+ options->lpk.flags = FLAG_EMPTY;
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@@ -265,6 +287,32 @@
|
||||
options->permit_tun = SSH_TUNMODE_NO;
|
||||
if (options->zero_knowledge_password_authentication == -1)
|
||||
options->zero_knowledge_password_authentication = 0;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ if (options->lpk.on == -1)
|
||||
+ options->lpk.on = _DEFAULT_LPK_ON;
|
||||
+ if (options->lpk.servers == NULL)
|
||||
+ options->lpk.servers = _DEFAULT_LPK_SERVERS;
|
||||
+ if (options->lpk.u_basedn == NULL)
|
||||
+ options->lpk.u_basedn = _DEFAULT_LPK_UDN;
|
||||
+ if (options->lpk.g_basedn == NULL)
|
||||
+ options->lpk.g_basedn = _DEFAULT_LPK_GDN;
|
||||
+ if (options->lpk.binddn == NULL)
|
||||
+ options->lpk.binddn = _DEFAULT_LPK_BINDDN;
|
||||
+ if (options->lpk.bindpw == NULL)
|
||||
+ options->lpk.bindpw = _DEFAULT_LPK_BINDPW;
|
||||
+ if (options->lpk.sgroup == NULL)
|
||||
+ options->lpk.sgroup = _DEFAULT_LPK_SGROUP;
|
||||
+ if (options->lpk.filter == NULL)
|
||||
+ options->lpk.filter = _DEFAULT_LPK_FILTER;
|
||||
+ if (options->lpk.tls == -1)
|
||||
+ options->lpk.tls = _DEFAULT_LPK_TLS;
|
||||
+ if (options->lpk.b_timeout.tv_sec == -1)
|
||||
+ options->lpk.b_timeout.tv_sec = _DEFAULT_LPK_BTIMEOUT;
|
||||
+ if (options->lpk.s_timeout.tv_sec == -1)
|
||||
+ options->lpk.s_timeout.tv_sec = _DEFAULT_LPK_STIMEOUT;
|
||||
+ if (options->lpk.l_conf == NULL)
|
||||
+ options->lpk.l_conf = _DEFAULT_LPK_LDP;
|
||||
+#endif
|
||||
|
||||
/* Turn privilege separation on by default */
|
||||
if (use_privsep == -1)
|
||||
@@ -311,6 +359,12 @@
|
||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||
sZeroKnowledgePasswordAuthentication,
|
||||
sDeprecated, sUnsupported
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ ,sLdapPublickey, sLdapServers, sLdapUserDN
|
||||
+ ,sLdapGroupDN, sBindDN, sBindPw, sMyGroup
|
||||
+ ,sLdapFilter, sForceTLS, sBindTimeout
|
||||
+ ,sSearchTimeout, sLdapConf
|
||||
+#endif
|
||||
} ServerOpCodes;
|
||||
|
||||
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
|
||||
@@ -421,6 +475,20 @@
|
||||
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
|
||||
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
|
||||
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ { _DEFAULT_LPK_TOKEN, sLdapPublickey, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_SRV_TOKEN, sLdapServers, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_USR_TOKEN, sLdapUserDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_GRP_TOKEN, sLdapGroupDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BDN_TOKEN, sBindDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BPW_TOKEN, sBindPw, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_MYG_TOKEN, sMyGroup, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_FIL_TOKEN, sLdapFilter, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_TLS_TOKEN, sForceTLS, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BTI_TOKEN, sBindTimeout, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_STI_TOKEN, sSearchTimeout, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_LDP_TOKEN, sLdapConf, SSHCFG_GLOBAL },
|
||||
+#endif
|
||||
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
|
||||
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
|
||||
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
|
||||
@@ -1311,6 +1379,107 @@
|
||||
while (arg)
|
||||
arg = strdelim(&cp);
|
||||
break;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ case sLdapPublickey:
|
||||
+ intptr = &options->lpk.on;
|
||||
+ goto parse_flag;
|
||||
+ case sLdapServers:
|
||||
+ /* arg = strdelim(&cp); */
|
||||
+ p = line;
|
||||
+ while(*p++);
|
||||
+ arg = p;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ if ((options->lpk.servers = ldap_parse_servers(arg)) == NULL)
|
||||
+ fatal("%s line %d: error in ldap servers", filename, linenum);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapUserDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.u_basedn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapGroupDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.g_basedn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sBindDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing binddn",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.binddn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sBindPw:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing bindpw",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.bindpw = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sMyGroup:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing groupname",filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.sgroup = xstrdup(arg);
|
||||
+ if (options->lpk.sgroup)
|
||||
+ options->lpk.fgroup = ldap_parse_groups(options->lpk.sgroup);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapFilter:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing filter",filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.filter = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sForceTLS:
|
||||
+ intptr = &options->lpk.tls;
|
||||
+ arg = strdelim(&cp);
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing yes/no argument.",
|
||||
+ filename, linenum);
|
||||
+ value = 0; /* silence compiler */
|
||||
+ if (strcmp(arg, "yes") == 0)
|
||||
+ value = 1;
|
||||
+ else if (strcmp(arg, "no") == 0)
|
||||
+ value = 0;
|
||||
+ else if (strcmp(arg, "try") == 0)
|
||||
+ value = -1;
|
||||
+ else
|
||||
+ fatal("%s line %d: Bad yes/no argument: %s",
|
||||
+ filename, linenum, arg);
|
||||
+ if (*intptr == -1)
|
||||
+ *intptr = value;
|
||||
+ break;
|
||||
+ case sBindTimeout:
|
||||
+ intptr = (int *) &options->lpk.b_timeout.tv_sec;
|
||||
+ goto parse_int;
|
||||
+ case sSearchTimeout:
|
||||
+ intptr = (int *) &options->lpk.s_timeout.tv_sec;
|
||||
+ goto parse_int;
|
||||
+ break;
|
||||
+ case sLdapConf:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing LpkLdapConf", filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.l_conf = xstrdup(arg);
|
||||
+ memset(arg, 0, strlen(arg));
|
||||
+ break;
|
||||
+#endif
|
||||
|
||||
default:
|
||||
fatal("%s line %d: Missing handler for opcode %s (%d)",
|
@ -1509,242 +1509,6 @@
|
||||
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||
+ MUST ( sshPublicKey $ uid )
|
||||
+ )
|
||||
--- servconf.c.orig 2008-02-10 09:48:55.000000000 -0200
|
||||
+++ servconf.c 2008-04-17 21:27:34.000000000 -0300
|
||||
@@ -40,6 +40,10 @@
|
||||
#include "channels.h"
|
||||
#include "groupaccess.h"
|
||||
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+#include "ldapauth.h"
|
||||
+#endif
|
||||
+
|
||||
static void add_listen_addr(ServerOptions *, char *, u_short);
|
||||
static void add_one_listen_addr(ServerOptions *, char *, u_short);
|
||||
|
||||
@@ -123,6 +127,24 @@
|
||||
options->num_permitted_opens = -1;
|
||||
options->adm_forced_command = NULL;
|
||||
options->chroot_directory = NULL;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ /* XXX dirty */
|
||||
+ options->lpk.ld = NULL;
|
||||
+ options->lpk.on = -1;
|
||||
+ options->lpk.servers = NULL;
|
||||
+ options->lpk.u_basedn = NULL;
|
||||
+ options->lpk.g_basedn = NULL;
|
||||
+ options->lpk.binddn = NULL;
|
||||
+ options->lpk.bindpw = NULL;
|
||||
+ options->lpk.sgroup = NULL;
|
||||
+ options->lpk.filter = NULL;
|
||||
+ options->lpk.fgroup = NULL;
|
||||
+ options->lpk.l_conf = NULL;
|
||||
+ options->lpk.tls = -1;
|
||||
+ options->lpk.b_timeout.tv_sec = -1;
|
||||
+ options->lpk.s_timeout.tv_sec = -1;
|
||||
+ options->lpk.flags = FLAG_EMPTY;
|
||||
+#endif
|
||||
}
|
||||
|
||||
void
|
||||
@@ -250,6 +272,32 @@
|
||||
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
|
||||
if (options->permit_tun == -1)
|
||||
options->permit_tun = SSH_TUNMODE_NO;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ if (options->lpk.on == -1)
|
||||
+ options->lpk.on = _DEFAULT_LPK_ON;
|
||||
+ if (options->lpk.servers == NULL)
|
||||
+ options->lpk.servers = _DEFAULT_LPK_SERVERS;
|
||||
+ if (options->lpk.u_basedn == NULL)
|
||||
+ options->lpk.u_basedn = _DEFAULT_LPK_UDN;
|
||||
+ if (options->lpk.g_basedn == NULL)
|
||||
+ options->lpk.g_basedn = _DEFAULT_LPK_GDN;
|
||||
+ if (options->lpk.binddn == NULL)
|
||||
+ options->lpk.binddn = _DEFAULT_LPK_BINDDN;
|
||||
+ if (options->lpk.bindpw == NULL)
|
||||
+ options->lpk.bindpw = _DEFAULT_LPK_BINDPW;
|
||||
+ if (options->lpk.sgroup == NULL)
|
||||
+ options->lpk.sgroup = _DEFAULT_LPK_SGROUP;
|
||||
+ if (options->lpk.filter == NULL)
|
||||
+ options->lpk.filter = _DEFAULT_LPK_FILTER;
|
||||
+ if (options->lpk.tls == -1)
|
||||
+ options->lpk.tls = _DEFAULT_LPK_TLS;
|
||||
+ if (options->lpk.b_timeout.tv_sec == -1)
|
||||
+ options->lpk.b_timeout.tv_sec = _DEFAULT_LPK_BTIMEOUT;
|
||||
+ if (options->lpk.s_timeout.tv_sec == -1)
|
||||
+ options->lpk.s_timeout.tv_sec = _DEFAULT_LPK_STIMEOUT;
|
||||
+ if (options->lpk.l_conf == NULL)
|
||||
+ options->lpk.l_conf = _DEFAULT_LPK_LDP;
|
||||
+#endif
|
||||
|
||||
/* Turn privilege separation on by default */
|
||||
if (use_privsep == -1)
|
||||
@@ -295,6 +343,12 @@
|
||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
||||
sUsePrivilegeSeparation,
|
||||
sDeprecated, sUnsupported
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ ,sLdapPublickey, sLdapServers, sLdapUserDN
|
||||
+ ,sLdapGroupDN, sBindDN, sBindPw, sMyGroup
|
||||
+ ,sLdapFilter, sForceTLS, sBindTimeout
|
||||
+ ,sSearchTimeout, sLdapConf
|
||||
+#endif
|
||||
} ServerOpCodes;
|
||||
|
||||
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
|
||||
@@ -398,6 +452,20 @@
|
||||
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
|
||||
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
|
||||
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ { _DEFAULT_LPK_TOKEN, sLdapPublickey, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_SRV_TOKEN, sLdapServers, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_USR_TOKEN, sLdapUserDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_GRP_TOKEN, sLdapGroupDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BDN_TOKEN, sBindDN, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BPW_TOKEN, sBindPw, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_MYG_TOKEN, sMyGroup, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_FIL_TOKEN, sLdapFilter, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_TLS_TOKEN, sForceTLS, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_BTI_TOKEN, sBindTimeout, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_STI_TOKEN, sSearchTimeout, SSHCFG_GLOBAL },
|
||||
+ { _DEFAULT_LDP_TOKEN, sLdapConf, SSHCFG_GLOBAL },
|
||||
+#endif
|
||||
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
|
||||
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
|
||||
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
|
||||
@@ -1282,6 +1350,107 @@
|
||||
while (arg)
|
||||
arg = strdelim(&cp);
|
||||
break;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ case sLdapPublickey:
|
||||
+ intptr = &options->lpk.on;
|
||||
+ goto parse_flag;
|
||||
+ case sLdapServers:
|
||||
+ /* arg = strdelim(&cp); */
|
||||
+ p = line;
|
||||
+ while(*p++);
|
||||
+ arg = p;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ if ((options->lpk.servers = ldap_parse_servers(arg)) == NULL)
|
||||
+ fatal("%s line %d: error in ldap servers", filename, linenum);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapUserDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.u_basedn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapGroupDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing ldap server",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.g_basedn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sBindDN:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing binddn",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.binddn = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sBindPw:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing bindpw",filename,linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.bindpw = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sMyGroup:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing groupname",filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.sgroup = xstrdup(arg);
|
||||
+ if (options->lpk.sgroup)
|
||||
+ options->lpk.fgroup = ldap_parse_groups(options->lpk.sgroup);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sLdapFilter:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing filter",filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.filter = xstrdup(arg);
|
||||
+ memset(arg,0,strlen(arg));
|
||||
+ break;
|
||||
+ case sForceTLS:
|
||||
+ intptr = &options->lpk.tls;
|
||||
+ arg = strdelim(&cp);
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing yes/no argument.",
|
||||
+ filename, linenum);
|
||||
+ value = 0; /* silence compiler */
|
||||
+ if (strcmp(arg, "yes") == 0)
|
||||
+ value = 1;
|
||||
+ else if (strcmp(arg, "no") == 0)
|
||||
+ value = 0;
|
||||
+ else if (strcmp(arg, "try") == 0)
|
||||
+ value = -1;
|
||||
+ else
|
||||
+ fatal("%s line %d: Bad yes/no argument: %s",
|
||||
+ filename, linenum, arg);
|
||||
+ if (*intptr == -1)
|
||||
+ *intptr = value;
|
||||
+ break;
|
||||
+ case sBindTimeout:
|
||||
+ intptr = (int *) &options->lpk.b_timeout.tv_sec;
|
||||
+ goto parse_int;
|
||||
+ case sSearchTimeout:
|
||||
+ intptr = (int *) &options->lpk.s_timeout.tv_sec;
|
||||
+ goto parse_int;
|
||||
+ break;
|
||||
+ case sLdapConf:
|
||||
+ arg = cp;
|
||||
+ if (!arg || *arg == '\0')
|
||||
+ fatal("%s line %d: missing LpkLdapConf", filename, linenum);
|
||||
+ arg[strlen(arg)] = '\0';
|
||||
+ options->lpk.l_conf = xstrdup(arg);
|
||||
+ memset(arg, 0, strlen(arg));
|
||||
+ break;
|
||||
+#endif
|
||||
|
||||
default:
|
||||
fatal("%s line %d: Missing handler for opcode %s (%d)",
|
||||
--- servconf.h.orig 2008-03-07 04:31:24.000000000 -0300
|
||||
+++ servconf.h 2008-04-17 21:24:57.000000000 -0300
|
||||
@@ -16,6 +16,10 @@
|
||||
#ifndef SERVCONF_H
|
||||
#define SERVCONF_H
|
||||
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+#include "ldapauth.h"
|
||||
+#endif
|
||||
+
|
||||
#define MAX_PORTS 256 /* Max # ports. */
|
||||
|
||||
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
|
||||
@@ -142,6 +146,9 @@
|
||||
int use_pam; /* Enable auth via PAM */
|
||||
|
||||
int permit_tun;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ ldap_opt_t lpk;
|
||||
+#endif
|
||||
|
||||
int num_permitted_opens;
|
||||
|
||||
--- sshd.c.orig 2008-03-11 08:58:25.000000000 -0300
|
||||
+++ sshd.c 2008-04-17 21:24:57.000000000 -0300
|
||||
@@ -126,6 +126,10 @@
|
||||
@ -1864,3 +1628,26 @@
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/libexec/sftp-server
|
||||
|
||||
--- servconf.h.orig 2008-03-07 04:31:24.000000000 -0300
|
||||
+++ servconf.h 2008-04-17 21:24:57.000000000 -0300
|
||||
@@ -16,6 +16,10 @@
|
||||
#ifndef SERVCONF_H
|
||||
#define SERVCONF_H
|
||||
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+#include "ldapauth.h"
|
||||
+#endif
|
||||
+
|
||||
#define MAX_PORTS 256 /* Max # ports. */
|
||||
|
||||
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
|
||||
@@ -142,6 +146,9 @@
|
||||
int use_pam; /* Enable auth via PAM */
|
||||
|
||||
int permit_tun;
|
||||
+#ifdef WITH_LDAP_PUBKEY
|
||||
+ ldap_opt_t lpk;
|
||||
+#endif
|
||||
|
||||
int num_permitted_opens;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user