mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-24 11:29:10 +00:00
Vendor import of OpenSSH 5.5p1
This commit is contained in:
parent
5fe13e2e9b
commit
f276912e6f
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/openssh/dist/; revision=207311 svn path=/vendor-crypto/openssh/5.5p1/; revision=207312; tag=vendor/openssh/5.5p1
118
ChangeLog
118
ChangeLog
@ -1,4 +1,120 @@
|
||||
20100307
|
||||
20100410
|
||||
- (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
|
||||
back so we disable the IPv6 tests if we don't have it.
|
||||
|
||||
20100409
|
||||
- (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong
|
||||
ones. Based on a patch from Roumen Petrov.
|
||||
- (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we
|
||||
have it and the path is not provided to --with-libedit. Based on a patch
|
||||
from Iain Morgan.
|
||||
- (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable
|
||||
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
|
||||
|
||||
20100326
|
||||
- (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection
|
||||
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
|
||||
- (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally
|
||||
by Ingo Weinhold via Scott McCreary, ok djm@
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2010/03/25 23:38:28
|
||||
[servconf.c]
|
||||
from portable: getcwd(NULL, 0) doesn't work on all platforms, so
|
||||
use a stack buffer; ok dtucker@
|
||||
- djm@cvs.openbsd.org 2010/03/26 00:26:58
|
||||
[ssh.1]
|
||||
mention that -S none disables connection sharing; from Colin Watson
|
||||
- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
|
||||
set up SELinux execution context before chroot() call. From Russell
|
||||
Coker via Colin watson; bz#1726 ok dtucker@
|
||||
- (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721
|
||||
ok dtucker@
|
||||
- (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using
|
||||
pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold).
|
||||
- (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys;
|
||||
bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2010/03/26 01:06:13
|
||||
[ssh_config.5]
|
||||
Reformat default value of PreferredAuthentications entry (current
|
||||
formatting implies ", " is acceptable as a separator, which it's not.
|
||||
ok djm@
|
||||
|
||||
20100324
|
||||
- (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
|
||||
containing the services file explicitely case-insensitive. This allows to
|
||||
tweak the Windows services file reliably. Patch from vinschen at redhat.
|
||||
|
||||
20100321
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- jmc@cvs.openbsd.org 2010/03/08 09:41:27
|
||||
[ssh-keygen.1]
|
||||
sort the list of constraints (to -O); ok djm
|
||||
- jmc@cvs.openbsd.org 2010/03/10 07:40:35
|
||||
[ssh-keygen.1]
|
||||
typos; from Ross Richardson
|
||||
closes prs 6334 and 6335
|
||||
- djm@cvs.openbsd.org 2010/03/10 23:27:17
|
||||
[auth2-pubkey.c]
|
||||
correct certificate logging and make it more consistent between
|
||||
authorized_keys and TrustedCAKeys; ok markus@
|
||||
- djm@cvs.openbsd.org 2010/03/12 01:06:25
|
||||
[servconf.c]
|
||||
unbreak AuthorizedKeys option with a $HOME-relative path; reported by
|
||||
vinschen AT redhat.com, ok dtucker@
|
||||
- markus@cvs.openbsd.org 2010/03/12 11:37:40
|
||||
[servconf.c]
|
||||
do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
|
||||
free() (not xfree()) the buffer returned by getcwd()
|
||||
- djm@cvs.openbsd.org 2010/03/13 21:10:38
|
||||
[clientloop.c]
|
||||
protocol conformance fix: send language tag when disconnecting normally;
|
||||
spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
|
||||
- djm@cvs.openbsd.org 2010/03/13 21:45:46
|
||||
[ssh-keygen.1]
|
||||
Certificates are named *-cert.pub, not *_cert.pub; committing a diff
|
||||
from stevesk@ ok me
|
||||
- jmc@cvs.openbsd.org 2010/03/13 23:38:13
|
||||
[ssh-keygen.1]
|
||||
fix a formatting error (args need quoted); noted by stevesk
|
||||
- stevesk@cvs.openbsd.org 2010/03/15 19:40:02
|
||||
[key.c key.h ssh-keygen.c]
|
||||
also print certificate type (user or host) for ssh-keygen -L
|
||||
ok djm kettenis
|
||||
- stevesk@cvs.openbsd.org 2010/03/16 15:46:52
|
||||
[auth-options.c]
|
||||
spelling in error message. ok djm kettenis
|
||||
- djm@cvs.openbsd.org 2010/03/16 16:36:49
|
||||
[version.h]
|
||||
crank version to openssh-5.5 since we have a few fixes since 5.4;
|
||||
requested deraadt@ kettenis@
|
||||
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
||||
[contrib/suse/openssh.spec] Crank version numbers
|
||||
|
||||
20100314
|
||||
- (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix
|
||||
compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot
|
||||
AT fefe.de
|
||||
- (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for
|
||||
ssh-pkcs11-helper to repair static builds (we do the same for
|
||||
ssh-keyscan). Reported by felix-mindrot AT fefe.de
|
||||
|
||||
20100312
|
||||
- (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir)
|
||||
- (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.
|
||||
Patch from Corinna Vinschen.
|
||||
- (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install
|
||||
on a Cygwin installation. Patch from Corinna Vinschen.
|
||||
|
||||
20100311
|
||||
- (tim) [contrib/suse/openssh.spec] crank version number here too.
|
||||
report by imorgan AT nas.nasa.gov
|
||||
|
||||
20100309
|
||||
- (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
|
||||
so setting it in CFLAGS correctly skips IPv6 tests.
|
||||
|
||||
20100308
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2010/03/07 22:16:01
|
||||
[ssh-keygen.c]
|
||||
|
29
Makefile.in
29
Makefile.in
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.306 2010/02/24 07:18:51 djm Exp $
|
||||
# $Id: Makefile.in,v 1.309 2010/03/13 21:41:34 djm Exp $
|
||||
|
||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||
#SHELL = @SH@
|
||||
@ -160,7 +160,7 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readco
|
||||
$(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
@ -249,26 +249,25 @@ install-files:
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
|
||||
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
||||
if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \
|
||||
fi
|
||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper $(DESTDIR)$(SSH_PKCS11_HELPER)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER)
|
||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
||||
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
||||
|
4
README
4
README
@ -1,4 +1,4 @@
|
||||
See http://www.openssh.com/txt/release-5.4 for the release notes.
|
||||
See http://www.openssh.com/txt/release-5.5 for the release notes.
|
||||
|
||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||
@ -62,4 +62,4 @@ References -
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
||||
$Id: README,v 1.72 2010/03/07 22:41:02 djm Exp $
|
||||
$Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.49 2010/03/16 15:46:52 stevesk Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -434,7 +434,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
|
||||
goto out;
|
||||
}
|
||||
if (strlen(command) != clen) {
|
||||
error("force-command constrain contains \\0");
|
||||
error("force-command constraint contains \\0");
|
||||
goto out;
|
||||
}
|
||||
if (cert_forced_command != NULL) {
|
||||
@ -454,7 +454,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw)
|
||||
goto out;
|
||||
}
|
||||
if (strlen(allowed) != clen) {
|
||||
error("source-address constrain contains \\0");
|
||||
error("source-address constraint contains \\0");
|
||||
goto out;
|
||||
}
|
||||
if (cert_source_address_done++) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.21 2010/03/04 10:36:03 djm Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.22 2010/03/10 23:27:17 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -240,22 +240,26 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
|
||||
continue;
|
||||
if (!key_equal(found, key->cert->signature_key))
|
||||
continue;
|
||||
debug("matching CA found: file %s, line %lu",
|
||||
file, linenum);
|
||||
fp = key_fingerprint(found, SSH_FP_MD5,
|
||||
SSH_FP_HEX);
|
||||
verbose("Found matching %s CA: %s",
|
||||
key_type(found), fp);
|
||||
xfree(fp);
|
||||
debug("matching CA found: file %s, line %lu, %s %s",
|
||||
file, linenum, key_type(found), fp);
|
||||
if (key_cert_check_authority(key, 0, 0, pw->pw_name,
|
||||
&reason) != 0) {
|
||||
xfree(fp);
|
||||
error("%s", reason);
|
||||
auth_debug_add("%s", reason);
|
||||
continue;
|
||||
}
|
||||
if (auth_cert_constraints(&key->cert->constraints,
|
||||
pw) != 0)
|
||||
pw) != 0) {
|
||||
xfree(fp);
|
||||
continue;
|
||||
}
|
||||
verbose("Accepted certificate ID \"%s\" "
|
||||
"signed by %s CA %s via %s", key->cert->key_id,
|
||||
key_type(found), fp, file);
|
||||
xfree(fp);
|
||||
found_key = 1;
|
||||
break;
|
||||
} else if (!key_is_cert_authority && key_equal(found, key)) {
|
||||
@ -281,15 +285,15 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
|
||||
static int
|
||||
user_cert_trusted_ca(struct passwd *pw, Key *key)
|
||||
{
|
||||
char *key_fp, *ca_fp;
|
||||
char *ca_fp;
|
||||
const char *reason;
|
||||
int ret = 0;
|
||||
|
||||
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
|
||||
return 0;
|
||||
|
||||
key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
ca_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
ca_fp = key_fingerprint(key->cert->signature_key,
|
||||
SSH_FP_MD5, SSH_FP_HEX);
|
||||
|
||||
if (key_in_file(key->cert->signature_key,
|
||||
options.trusted_user_ca_keys, 1) != 1) {
|
||||
@ -306,13 +310,12 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
|
||||
if (auth_cert_constraints(&key->cert->constraints, pw) != 0)
|
||||
goto out;
|
||||
|
||||
verbose("%s certificate %s allowed by trusted %s key %s",
|
||||
key_type(key), key_fp, key_type(key->cert->signature_key), ca_fp);
|
||||
verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s",
|
||||
key->cert->key_id, key_type(key->cert->signature_key), ca_fp,
|
||||
options.trusted_user_ca_keys);
|
||||
ret = 1;
|
||||
|
||||
out:
|
||||
if (key_fp != NULL)
|
||||
xfree(key_fp);
|
||||
if (ca_fp != NULL)
|
||||
xfree(ca_fp);
|
||||
return ret;
|
||||
|
@ -3252,7 +3252,11 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
sock = socket(ai->ai_family, ai->ai_socktype,
|
||||
ai->ai_protocol);
|
||||
if (sock < 0) {
|
||||
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
|
||||
if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
|
||||
#ifdef EPFNOSUPPORT
|
||||
&& (errno != EPFNOSUPPORT)
|
||||
#endif
|
||||
) {
|
||||
error("socket: %.100s", strerror(errno));
|
||||
freeaddrinfo(aitop);
|
||||
return -1;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.c,v 1.218 2010/01/28 00:21:18 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.219 2010/03/13 21:10:38 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -1484,6 +1484,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
|
||||
packet_start(SSH2_MSG_DISCONNECT);
|
||||
packet_put_int(SSH2_DISCONNECT_BY_APPLICATION);
|
||||
packet_put_cstring("disconnected by user");
|
||||
packet_put_cstring(""); /* language tag */
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
}
|
||||
|
12
config.h.in
12
config.h.in
@ -80,9 +80,6 @@
|
||||
/* Define if you want to specify the path to your lastlog file */
|
||||
#undef CONF_LASTLOG_FILE
|
||||
|
||||
/* Define if you want to specify the path to your utmpx file */
|
||||
#undef CONF_UTMPX_FILE
|
||||
|
||||
/* Define if you want to specify the path to your utmp file */
|
||||
#undef CONF_UTMP_FILE
|
||||
|
||||
@ -455,6 +452,9 @@
|
||||
/* Define to 1 if you have the `getutxline' function. */
|
||||
#undef HAVE_GETUTXLINE
|
||||
|
||||
/* Define to 1 if you have the `getutxuser' function. */
|
||||
#undef HAVE_GETUTXUSER
|
||||
|
||||
/* Define to 1 if you have the `get_default_context_with_level' function. */
|
||||
#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
|
||||
|
||||
@ -551,6 +551,9 @@
|
||||
/* Define if system has libiaf that supports set_id */
|
||||
#undef HAVE_LIBIAF
|
||||
|
||||
/* Define to 1 if you have the `network' library (-lnetwork). */
|
||||
#undef HAVE_LIBNETWORK
|
||||
|
||||
/* Define to 1 if you have the `nsl' library (-lnsl). */
|
||||
#undef HAVE_LIBNSL
|
||||
|
||||
@ -804,6 +807,9 @@
|
||||
/* Define to 1 if you have the `setutent' function. */
|
||||
#undef HAVE_SETUTENT
|
||||
|
||||
/* Define to 1 if you have the `setutxdb' function. */
|
||||
#undef HAVE_SETUTXDB
|
||||
|
||||
/* Define to 1 if you have the `setutxent' function. */
|
||||
#undef HAVE_SETUTXENT
|
||||
|
||||
|
293
configure
vendored
293
configure
vendored
@ -1,5 +1,5 @@
|
||||
#! /bin/sh
|
||||
# From configure.ac Revision: 1.444 .
|
||||
# From configure.ac Revision: 1.449 .
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.61 for OpenSSH Portable.
|
||||
#
|
||||
@ -693,6 +693,7 @@ LOGIN_PROGRAM_FALLBACK
|
||||
PATH_PASSWD_PROG
|
||||
LD
|
||||
SSHDLIBS
|
||||
PKGCONFIG
|
||||
LIBEDIT
|
||||
INSTALL_SSH_RAND_HELPER
|
||||
SSH_PRIVSEP_USER
|
||||
@ -7435,6 +7436,85 @@ fi
|
||||
*-*-dragonfly*)
|
||||
SSHDLIBS="$SSHDLIBS -lcrypt"
|
||||
;;
|
||||
*-*-haiku*)
|
||||
LIBS="$LIBS -lbsd "
|
||||
|
||||
{ echo "$as_me:$LINENO: checking for socket in -lnetwork" >&5
|
||||
echo $ECHO_N "checking for socket in -lnetwork... $ECHO_C" >&6; }
|
||||
if test "${ac_cv_lib_network_socket+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lnetwork $LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
char socket ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
return socket ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (ac_try="$ac_link"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_link") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } && {
|
||||
test -z "$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
} && test -s conftest$ac_exeext &&
|
||||
$as_test_x conftest$ac_exeext; then
|
||||
ac_cv_lib_network_socket=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_cv_lib_network_socket=no
|
||||
fi
|
||||
|
||||
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
{ echo "$as_me:$LINENO: result: $ac_cv_lib_network_socket" >&5
|
||||
echo "${ECHO_T}$ac_cv_lib_network_socket" >&6; }
|
||||
if test $ac_cv_lib_network_socket = yes; then
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_LIBNETWORK 1
|
||||
_ACEOF
|
||||
|
||||
LIBS="-lnetwork $LIBS"
|
||||
|
||||
fi
|
||||
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define HAVE_U_INT64_T 1
|
||||
_ACEOF
|
||||
|
||||
MANTYPE=man
|
||||
;;
|
||||
*-*-hpux*)
|
||||
# first we define all of the options common to all HP-UX releases
|
||||
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
|
||||
@ -12326,7 +12406,61 @@ LIBEDIT_MSG="no"
|
||||
# Check whether --with-libedit was given.
|
||||
if test "${with_libedit+set}" = set; then
|
||||
withval=$with_libedit; if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xyes"; then
|
||||
if test "x$withval" = "xyes" ; then
|
||||
# Extract the first word of "pkg-config", so it can be a program name with args.
|
||||
set dummy pkg-config; ac_word=$2
|
||||
{ echo "$as_me:$LINENO: checking for $ac_word" >&5
|
||||
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
|
||||
if test "${ac_cv_path_PKGCONFIG+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
case $PKGCONFIG in
|
||||
[\\/]* | ?:[\\/]*)
|
||||
ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
|
||||
;;
|
||||
*)
|
||||
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
|
||||
for as_dir in $PATH
|
||||
do
|
||||
IFS=$as_save_IFS
|
||||
test -z "$as_dir" && as_dir=.
|
||||
for ac_exec_ext in '' $ac_executable_extensions; do
|
||||
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
|
||||
ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
|
||||
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
|
||||
break 2
|
||||
fi
|
||||
done
|
||||
done
|
||||
IFS=$as_save_IFS
|
||||
|
||||
test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
PKGCONFIG=$ac_cv_path_PKGCONFIG
|
||||
if test -n "$PKGCONFIG"; then
|
||||
{ echo "$as_me:$LINENO: result: $PKGCONFIG" >&5
|
||||
echo "${ECHO_T}$PKGCONFIG" >&6; }
|
||||
else
|
||||
{ echo "$as_me:$LINENO: result: no" >&5
|
||||
echo "${ECHO_T}no" >&6; }
|
||||
fi
|
||||
|
||||
|
||||
if test "x$PKGCONFIG" != "xno"; then
|
||||
{ echo "$as_me:$LINENO: checking if $PKGCONFIG knows about libedit" >&5
|
||||
echo $ECHO_N "checking if $PKGCONFIG knows about libedit... $ECHO_C" >&6; }
|
||||
if "$PKGCONFIG" libedit; then
|
||||
{ echo "$as_me:$LINENO: result: yes" >&5
|
||||
echo "${ECHO_T}yes" >&6; }
|
||||
use_pkgconfig_for_libedit=yes
|
||||
else
|
||||
{ echo "$as_me:$LINENO: result: no" >&5
|
||||
echo "${ECHO_T}no" >&6; }
|
||||
fi
|
||||
fi
|
||||
else
|
||||
CPPFLAGS="$CPPFLAGS -I${withval}/include"
|
||||
if test -n "${need_dash_r}"; then
|
||||
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
|
||||
@ -12334,13 +12468,20 @@ if test "${with_libedit+set}" = set; then
|
||||
LDFLAGS="-L${withval}/lib ${LDFLAGS}"
|
||||
fi
|
||||
fi
|
||||
if test "x$use_pkgconfig_for_libedit" == "xyes"; then
|
||||
LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
|
||||
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
|
||||
else
|
||||
LIBEDIT="-ledit -lcurses"
|
||||
fi
|
||||
OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
|
||||
{ echo "$as_me:$LINENO: checking for el_init in -ledit" >&5
|
||||
echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6; }
|
||||
if test "${ac_cv_lib_edit_el_init+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-ledit -lcurses
|
||||
LIBS="-ledit $OTHERLIBS
|
||||
$LIBS"
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
@ -12402,7 +12543,6 @@ cat >>confdefs.h <<\_ACEOF
|
||||
#define USE_LIBEDIT 1
|
||||
_ACEOF
|
||||
|
||||
LIBEDIT="-ledit -lcurses"
|
||||
LIBEDIT_MSG="yes"
|
||||
|
||||
|
||||
@ -14961,7 +15101,8 @@ done
|
||||
|
||||
|
||||
|
||||
for ac_func in endutxent getutxent getutxid getutxline pututxline
|
||||
|
||||
for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline
|
||||
do
|
||||
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
|
||||
@ -15056,7 +15197,8 @@ done
|
||||
|
||||
|
||||
|
||||
for ac_func in setutxent utmpxname
|
||||
|
||||
for ac_func in setutxdb setutxent utmpxname
|
||||
do
|
||||
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
|
||||
@ -29373,77 +29515,6 @@ _ACEOF
|
||||
fi
|
||||
|
||||
|
||||
{ echo "$as_me:$LINENO: checking if your system defines UTMPX_FILE" >&5
|
||||
echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6; }
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <utmp.h>
|
||||
#ifdef HAVE_UTMPX_H
|
||||
#include <utmpx.h>
|
||||
#endif
|
||||
#ifdef HAVE_PATHS_H
|
||||
# include <paths.h>
|
||||
#endif
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
char *utmpx = UTMPX_FILE;
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext
|
||||
if { (ac_try="$ac_compile"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_compile") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } && {
|
||||
test -z "$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
} && test -s conftest.$ac_objext; then
|
||||
{ echo "$as_me:$LINENO: result: yes" >&5
|
||||
echo "${ECHO_T}yes" >&6; }
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
{ echo "$as_me:$LINENO: result: no" >&5
|
||||
echo "${ECHO_T}no" >&6; }
|
||||
system_utmpx_path=no
|
||||
|
||||
fi
|
||||
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
if test -z "$conf_utmpx_location"; then
|
||||
if test x"$system_utmpx_path" = x"no" ; then
|
||||
cat >>confdefs.h <<\_ACEOF
|
||||
#define DISABLE_UTMPX 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
else
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define CONF_UTMPX_FILE "$conf_utmpx_location"
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
{ echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5
|
||||
echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6; }
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
@ -29524,14 +29595,69 @@ fi
|
||||
|
||||
CFLAGS="$CFLAGS $werror_flags"
|
||||
|
||||
if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
|
||||
test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
|
||||
if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
|
||||
TEST_SSH_IPV6=no
|
||||
|
||||
else
|
||||
TEST_SSH_IPV6=yes
|
||||
|
||||
fi
|
||||
{ echo "$as_me:$LINENO: checking whether BROKEN_GETADDRINFO is declared" >&5
|
||||
echo $ECHO_N "checking whether BROKEN_GETADDRINFO is declared... $ECHO_C" >&6; }
|
||||
if test "${ac_cv_have_decl_BROKEN_GETADDRINFO+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
$ac_includes_default
|
||||
int
|
||||
main ()
|
||||
{
|
||||
#ifndef BROKEN_GETADDRINFO
|
||||
(void) BROKEN_GETADDRINFO;
|
||||
#endif
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext
|
||||
if { (ac_try="$ac_compile"
|
||||
case "(($ac_try" in
|
||||
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
*) ac_try_echo=$ac_try;;
|
||||
esac
|
||||
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
(eval "$ac_compile") 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } && {
|
||||
test -z "$ac_c_werror_flag" ||
|
||||
test ! -s conftest.err
|
||||
} && test -s conftest.$ac_objext; then
|
||||
ac_cv_have_decl_BROKEN_GETADDRINFO=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_cv_have_decl_BROKEN_GETADDRINFO=no
|
||||
fi
|
||||
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
fi
|
||||
{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_BROKEN_GETADDRINFO" >&5
|
||||
echo "${ECHO_T}$ac_cv_have_decl_BROKEN_GETADDRINFO" >&6; }
|
||||
if test $ac_cv_have_decl_BROKEN_GETADDRINFO = yes; then
|
||||
TEST_SSH_IPV6=no
|
||||
fi
|
||||
|
||||
TEST_SSH_IPV6=$TEST_SSH_IPV6
|
||||
|
||||
|
||||
|
||||
ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile ssh_prng_cmds survey.sh"
|
||||
@ -30236,6 +30362,7 @@ LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
|
||||
PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
|
||||
LD!$LD$ac_delim
|
||||
SSHDLIBS!$SSHDLIBS$ac_delim
|
||||
PKGCONFIG!$PKGCONFIG$ac_delim
|
||||
LIBEDIT!$LIBEDIT$ac_delim
|
||||
INSTALL_SSH_RAND_HELPER!$INSTALL_SSH_RAND_HELPER$ac_delim
|
||||
SSH_PRIVSEP_USER!$SSH_PRIVSEP_USER$ac_delim
|
||||
@ -30255,7 +30382,6 @@ PROG_VMSTAT!$PROG_VMSTAT$ac_delim
|
||||
PROG_UPTIME!$PROG_UPTIME$ac_delim
|
||||
PROG_IPCS!$PROG_IPCS$ac_delim
|
||||
PROG_TAIL!$PROG_TAIL$ac_delim
|
||||
INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
|
||||
@ -30297,6 +30423,7 @@ _ACEOF
|
||||
ac_delim='%!_!# '
|
||||
for ac_last_try in false false false false false :; do
|
||||
cat >conf$$subs.sed <<_ACEOF
|
||||
INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
|
||||
KRB5CONF!$KRB5CONF$ac_delim
|
||||
PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
|
||||
xauth_path!$xauth_path$ac_delim
|
||||
@ -30312,7 +30439,7 @@ LIBOBJS!$LIBOBJS$ac_delim
|
||||
LTLIBOBJS!$LTLIBOBJS$ac_delim
|
||||
_ACEOF
|
||||
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
|
||||
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 14; then
|
||||
break
|
||||
elif $ac_last_try; then
|
||||
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
|
||||
|
74
configure.ac
74
configure.ac
@ -1,4 +1,4 @@
|
||||
# $Id: configure.ac,v 1.444 2010/03/05 04:04:35 djm Exp $
|
||||
# $Id: configure.ac,v 1.449 2010/04/10 12:58:01 dtucker Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
@ -15,7 +15,7 @@
|
||||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
|
||||
AC_REVISION($Revision: 1.444 $)
|
||||
AC_REVISION($Revision: 1.449 $)
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
@ -488,6 +488,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
*-*-dragonfly*)
|
||||
SSHDLIBS="$SSHDLIBS -lcrypt"
|
||||
;;
|
||||
*-*-haiku*)
|
||||
LIBS="$LIBS -lbsd "
|
||||
AC_CHECK_LIB(network, socket)
|
||||
AC_DEFINE(HAVE_U_INT64_T)
|
||||
MANTYPE=man
|
||||
;;
|
||||
*-*-hpux*)
|
||||
# first we define all of the options common to all HP-UX releases
|
||||
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
|
||||
@ -1248,7 +1254,18 @@ LIBEDIT_MSG="no"
|
||||
AC_ARG_WITH(libedit,
|
||||
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
|
||||
[ if test "x$withval" != "xno" ; then
|
||||
if test "x$withval" != "xyes"; then
|
||||
if test "x$withval" = "xyes" ; then
|
||||
AC_PATH_PROG(PKGCONFIG, pkg-config, no)
|
||||
if test "x$PKGCONFIG" != "xno"; then
|
||||
AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
|
||||
if "$PKGCONFIG" libedit; then
|
||||
AC_MSG_RESULT(yes)
|
||||
use_pkgconfig_for_libedit=yes
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
fi
|
||||
else
|
||||
CPPFLAGS="$CPPFLAGS -I${withval}/include"
|
||||
if test -n "${need_dash_r}"; then
|
||||
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
|
||||
@ -1256,14 +1273,20 @@ AC_ARG_WITH(libedit,
|
||||
LDFLAGS="-L${withval}/lib ${LDFLAGS}"
|
||||
fi
|
||||
fi
|
||||
if test "x$use_pkgconfig_for_libedit" == "xyes"; then
|
||||
LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
|
||||
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
|
||||
else
|
||||
LIBEDIT="-ledit -lcurses"
|
||||
fi
|
||||
OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
|
||||
AC_CHECK_LIB(edit, el_init,
|
||||
[ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
|
||||
LIBEDIT="-ledit -lcurses"
|
||||
LIBEDIT_MSG="yes"
|
||||
AC_SUBST(LIBEDIT)
|
||||
],
|
||||
[ AC_MSG_ERROR(libedit not found) ],
|
||||
[ -lcurses ]
|
||||
[ $OTHERLIBS ]
|
||||
)
|
||||
AC_MSG_CHECKING(if libedit version is compatible)
|
||||
AC_COMPILE_IFELSE(
|
||||
@ -1534,8 +1557,8 @@ dnl Checks for utmp functions
|
||||
AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
|
||||
AC_CHECK_FUNCS(utmpname)
|
||||
dnl Checks for utmpx functions
|
||||
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
|
||||
AC_CHECK_FUNCS(setutxent utmpxname)
|
||||
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
|
||||
AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
|
||||
dnl Checks for lastlog functions
|
||||
AC_CHECK_FUNCS(getlastlogxbyname)
|
||||
|
||||
@ -4064,34 +4087,6 @@ if test -n "$conf_wtmp_location"; then
|
||||
fi
|
||||
|
||||
|
||||
dnl utmpx detection - I don't know any system so perverse as to require
|
||||
dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
|
||||
dnl there, though.
|
||||
AC_MSG_CHECKING([if your system defines UTMPX_FILE])
|
||||
AC_TRY_COMPILE([
|
||||
#include <sys/types.h>
|
||||
#include <utmp.h>
|
||||
#ifdef HAVE_UTMPX_H
|
||||
#include <utmpx.h>
|
||||
#endif
|
||||
#ifdef HAVE_PATHS_H
|
||||
# include <paths.h>
|
||||
#endif
|
||||
],
|
||||
[ char *utmpx = UTMPX_FILE; ],
|
||||
[ AC_MSG_RESULT(yes) ],
|
||||
[ AC_MSG_RESULT(no)
|
||||
system_utmpx_path=no ]
|
||||
)
|
||||
if test -z "$conf_utmpx_location"; then
|
||||
if test x"$system_utmpx_path" = x"no" ; then
|
||||
AC_DEFINE(DISABLE_UTMPX)
|
||||
fi
|
||||
else
|
||||
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
|
||||
[Define if you want to specify the path to your utmpx file])
|
||||
fi
|
||||
|
||||
dnl wtmpx detection
|
||||
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
|
||||
AC_TRY_COMPILE([
|
||||
@ -4128,12 +4123,13 @@ dnl Adding -Werror to CFLAGS early prevents configure tests from running.
|
||||
dnl Add now.
|
||||
CFLAGS="$CFLAGS $werror_flags"
|
||||
|
||||
if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
|
||||
test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
|
||||
AC_SUBST(TEST_SSH_IPV6, no)
|
||||
if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
|
||||
TEST_SSH_IPV6=no
|
||||
else
|
||||
AC_SUBST(TEST_SSH_IPV6, yes)
|
||||
TEST_SSH_IPV6=yes
|
||||
fi
|
||||
AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
|
||||
AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
|
||||
|
||||
AC_EXEEXT
|
||||
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
|
||||
|
@ -9,7 +9,7 @@ gnome-ssh-askpass1: gnome-ssh-askpass1.c
|
||||
gnome-ssh-askpass2: gnome-ssh-askpass2.c
|
||||
$(CC) `pkg-config --cflags gtk+-2.0` \
|
||||
gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
|
||||
`pkg-config --libs gtk+-2.0`
|
||||
`pkg-config --libs gtk+-2.0 x11`
|
||||
|
||||
clean:
|
||||
rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
|
||||
|
@ -17,11 +17,11 @@
|
||||
#old cvs stuff. please update before use. may be deprecated.
|
||||
%define use_stable 1
|
||||
%if %{use_stable}
|
||||
%define version 5.4p1
|
||||
%define version 5.5p1
|
||||
%define cvs %{nil}
|
||||
%define release 1
|
||||
%else
|
||||
%define version 5.4p1
|
||||
%define version 5.5p1
|
||||
%define cvs cvs20050315
|
||||
%define release 0r1
|
||||
%endif
|
||||
@ -360,4 +360,4 @@ fi
|
||||
* Mon Jan 01 1998 ...
|
||||
Template Version: 1.31
|
||||
|
||||
$Id: openssh.spec,v 1.69 2010/03/07 22:41:03 djm Exp $
|
||||
$Id: openssh.spec,v 1.70 2010/03/21 19:11:58 djm Exp $
|
||||
|
@ -42,11 +42,13 @@ install-sshdoc:
|
||||
$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
|
||||
$(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
|
||||
$(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
|
||||
$(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys
|
||||
$(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux
|
||||
$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
|
||||
$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
|
||||
$(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
|
||||
$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
|
||||
$(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
|
||||
$(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun
|
||||
$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
|
||||
$(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
|
||||
|
||||
|
@ -90,7 +90,7 @@ update_services_file() {
|
||||
fi
|
||||
_serv_tmp="${_my_etcdir}/srv.out.$$"
|
||||
|
||||
mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
|
||||
mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}"
|
||||
|
||||
# Depends on the above mount
|
||||
_wservices=`cygpath -w "${_services}"`
|
||||
|
@ -1,4 +1,4 @@
|
||||
%define ver 5.4p1
|
||||
%define ver 5.5p1
|
||||
%define rel 1
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
|
@ -19,7 +19,7 @@ if [ "-i" = "$1" ]; then
|
||||
shift # and this should leave $1 as the target name
|
||||
fi
|
||||
else
|
||||
if [ x$SSH_AUTH_SOCK != x ] ; then
|
||||
if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
|
||||
GET_ID="$GET_ID ssh-add -L"
|
||||
fi
|
||||
fi
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||
Name: openssh
|
||||
Version: 5.3p1
|
||||
Version: 5.5p1
|
||||
URL: http://www.openssh.com/
|
||||
Release: 1
|
||||
Source0: openssh-%{version}.tar.gz
|
||||
|
@ -25,7 +25,7 @@
|
||||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.159 2010/01/13 23:44:34 tim Exp $ */
|
||||
/* $Id: defines.h,v 1.160 2010/04/09 08:13:27 dtucker Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
@ -674,7 +674,7 @@ struct winsize {
|
||||
#else
|
||||
/* Simply select your favourite login types. */
|
||||
/* Can't do if-else because some systems use several... <sigh> */
|
||||
# if defined(UTMPX_FILE) && !defined(DISABLE_UTMPX)
|
||||
# if !defined(DISABLE_UTMPX)
|
||||
# define USE_UTMPX
|
||||
# endif
|
||||
# if defined(UTMP_FILE) && !defined(DISABLE_UTMP)
|
||||
|
15
key.c
15
key.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: key.c,v 1.85 2010/03/04 01:44:57 djm Exp $ */
|
||||
/* $OpenBSD: key.c,v 1.86 2010/03/15 19:40:02 stevesk Exp $ */
|
||||
/*
|
||||
* read_bignum():
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -801,6 +801,19 @@ key_type(const Key *k)
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
const char *
|
||||
key_cert_type(const Key *k)
|
||||
{
|
||||
switch (k->cert->type) {
|
||||
case SSH2_CERT_TYPE_USER:
|
||||
return "user";
|
||||
case SSH2_CERT_TYPE_HOST:
|
||||
return "host";
|
||||
default:
|
||||
return "unknown";
|
||||
}
|
||||
}
|
||||
|
||||
const char *
|
||||
key_ssh_name(const Key *k)
|
||||
{
|
||||
|
3
key.h
3
key.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */
|
||||
/* $OpenBSD: key.h,v 1.29 2010/03/15 19:40:02 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -82,6 +82,7 @@ int key_equal(const Key *, const Key *);
|
||||
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
|
||||
u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *);
|
||||
const char *key_type(const Key *);
|
||||
const char *key_cert_type(const Key *);
|
||||
int key_write(const Key *, FILE *);
|
||||
int key_read(Key *, char **);
|
||||
u_int key_size(const Key *);
|
||||
|
31
loginrec.c
31
loginrec.c
@ -207,6 +207,7 @@ int syslogin_write_entry(struct logininfo *li);
|
||||
|
||||
int getlast_entry(struct logininfo *li);
|
||||
int lastlog_get_entry(struct logininfo *li);
|
||||
int utmpx_get_entry(struct logininfo *li);
|
||||
int wtmp_get_entry(struct logininfo *li);
|
||||
int wtmpx_get_entry(struct logininfo *li);
|
||||
|
||||
@ -508,6 +509,10 @@ getlast_entry(struct logininfo *li)
|
||||
#ifdef USE_LASTLOG
|
||||
return(lastlog_get_entry(li));
|
||||
#else /* !USE_LASTLOG */
|
||||
#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \
|
||||
defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER)
|
||||
return (utmpx_get_entry(li));
|
||||
#endif
|
||||
|
||||
#if defined(DISABLE_LASTLOG)
|
||||
/* On some systems we shouldn't even try to obtain last login
|
||||
@ -1608,6 +1613,32 @@ lastlog_get_entry(struct logininfo *li)
|
||||
#endif /* HAVE_GETLASTLOGXBYNAME */
|
||||
#endif /* USE_LASTLOG */
|
||||
|
||||
#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \
|
||||
defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER)
|
||||
int
|
||||
utmpx_get_entry(struct logininfo *li)
|
||||
{
|
||||
struct utmpx *utx;
|
||||
|
||||
if (setutxdb(UTXDB_LASTLOGIN, NULL) != 0)
|
||||
return (0);
|
||||
utx = getutxuser(li->username);
|
||||
if (utx == NULL) {
|
||||
endutxent();
|
||||
return (0);
|
||||
}
|
||||
|
||||
line_fullname(li->line, utx->ut_line,
|
||||
MIN_SIZEOF(li->line, utx->ut_line));
|
||||
strlcpy(li->hostname, utx->ut_host,
|
||||
MIN_SIZEOF(li->hostname, utx->ut_host));
|
||||
li->tv_sec = utx->ut_tv.tv_sec;
|
||||
li->tv_usec = utx->ut_tv.tv_usec;
|
||||
endutxent();
|
||||
return (1);
|
||||
}
|
||||
#endif /* USE_UTMPX && HAVE_SETUTXDB && UTXDB_LASTLOGIN && HAVE_GETUTXUSER */
|
||||
|
||||
#ifdef USE_BTMP
|
||||
/*
|
||||
* Logs failed login attempts in _PATH_BTMP if that exists.
|
||||
|
@ -264,7 +264,7 @@ showOptions(void)
|
||||
printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE);
|
||||
#endif
|
||||
#ifdef USE_UTMPX
|
||||
printf("\tUSE_UTMPX (UTMPX_FILE=%s)\n", UTMPX_FILE);
|
||||
printf("\tUSE_UTMPX\n");
|
||||
#endif
|
||||
#ifdef USE_WTMP
|
||||
printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE);
|
||||
|
2
moduli.0
2
moduli.0
@ -69,4 +69,4 @@ SEE ALSO
|
||||
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
|
||||
Protocol, RFC 4419, 2006.
|
||||
|
||||
OpenBSD 4.6 June 26, 2008 2
|
||||
OpenBSD 4.7 June 26, 2008 2
|
||||
|
@ -84,7 +84,7 @@ arc4random_stir(void)
|
||||
}
|
||||
#endif /* !HAVE_ARC4RANDOM */
|
||||
|
||||
#ifndef ARC4RANDOM_BUF
|
||||
#ifndef HAVE_ARC4RANDOM_BUF
|
||||
void
|
||||
arc4random_buf(void *_buf, size_t n)
|
||||
{
|
||||
@ -102,7 +102,7 @@ arc4random_buf(void *_buf, size_t n)
|
||||
}
|
||||
#endif /* !HAVE_ARC4RANDOM_BUF */
|
||||
|
||||
#ifndef ARC4RANDOM_UNIFORM
|
||||
#ifndef HAVE_ARC4RANDOM_UNIFORM
|
||||
/*
|
||||
* Calculate a uniformly distributed random number less than upper_bound
|
||||
* avoiding "modulo bias".
|
||||
|
2
scp.0
2
scp.0
@ -145,4 +145,4 @@ AUTHORS
|
||||
Timo Rinne <tri@iki.fi>
|
||||
Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
||||
OpenBSD 4.6 February 8, 2010 3
|
||||
OpenBSD 4.7 February 8, 2010 3
|
||||
|
19
servconf.c
19
servconf.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: servconf.c,v 1.204 2010/03/04 10:36:03 djm Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -470,15 +470,14 @@ parse_token(const char *cp, const char *filename,
|
||||
char *
|
||||
derelativise_path(const char *path)
|
||||
{
|
||||
char *expanded, *ret, *cwd;
|
||||
char *expanded, *ret, cwd[MAXPATHLEN];
|
||||
|
||||
expanded = tilde_expand_filename(path, getuid());
|
||||
if (*expanded == '/')
|
||||
return expanded;
|
||||
if ((cwd = getcwd(NULL, 0)) == NULL)
|
||||
if (getcwd(cwd, sizeof(cwd)) == NULL)
|
||||
fatal("%s: getcwd: %s", __func__, strerror(errno));
|
||||
xasprintf(&ret, "%s/%s", cwd, expanded);
|
||||
xfree(cwd);
|
||||
xfree(expanded);
|
||||
return ret;
|
||||
}
|
||||
@ -1223,7 +1222,17 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
charptr = (opcode == sAuthorizedKeysFile) ?
|
||||
&options->authorized_keys_file :
|
||||
&options->authorized_keys_file2;
|
||||
goto parse_filename;
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: missing file name.",
|
||||
filename, linenum);
|
||||
if (*activep && *charptr == NULL) {
|
||||
*charptr = tilde_expand_filename(arg, getuid());
|
||||
/* increase optional counter */
|
||||
if (intptr != NULL)
|
||||
*intptr = *intptr + 1;
|
||||
}
|
||||
break;
|
||||
|
||||
case sClientAliveInterval:
|
||||
intptr = &options->client_alive_interval;
|
||||
|
@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw)
|
||||
}
|
||||
#endif /* HAVE_SETPCRED */
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
ssh_selinux_setup_exec_context(pw->pw_name);
|
||||
#endif
|
||||
|
||||
if (options.chroot_directory != NULL &&
|
||||
strcasecmp(options.chroot_directory, "none") != 0) {
|
||||
tmp = tilde_expand_filename(options.chroot_directory,
|
||||
@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw)
|
||||
|
||||
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
||||
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
ssh_selinux_setup_exec_context(pw->pw_name);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -60,4 +60,4 @@ HISTORY
|
||||
AUTHORS
|
||||
Markus Friedl <markus@openbsd.org>
|
||||
|
||||
OpenBSD 4.6 January 9, 2010 1
|
||||
OpenBSD 4.7 January 9, 2010 1
|
||||
|
2
sftp.0
2
sftp.0
@ -316,4 +316,4 @@ SEE ALSO
|
||||
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
|
||||
filexfer-00.txt, January 2001, work in progress material.
|
||||
|
||||
OpenBSD 4.6 February 8, 2010 5
|
||||
OpenBSD 4.7 February 8, 2010 5
|
||||
|
@ -106,4 +106,4 @@ AUTHORS
|
||||
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
|
||||
versions 1.5 and 2.0.
|
||||
|
||||
OpenBSD 4.6 March 5, 2010 2
|
||||
OpenBSD 4.7 March 5, 2010 2
|
||||
|
@ -115,4 +115,4 @@ AUTHORS
|
||||
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
|
||||
versions 1.5 and 2.0.
|
||||
|
||||
OpenBSD 4.6 January 17, 2010 2
|
||||
OpenBSD 4.7 January 17, 2010 2
|
||||
|
44
ssh-keygen.0
44
ssh-keygen.0
@ -165,8 +165,14 @@ DESCRIPTION
|
||||
section for details. The constraints that are valid for user
|
||||
certificates are:
|
||||
|
||||
no-x11-forwarding
|
||||
Disable X11 forwarding (permitted by default).
|
||||
clear Clear all enabled permissions. This is useful for clear-
|
||||
ing the default set of permissions so permissions may be
|
||||
added individually.
|
||||
|
||||
force-command=command
|
||||
Forces the execution of command instead of any shell or
|
||||
command specified by the user when the certificate is
|
||||
used for authentication.
|
||||
|
||||
no-agent-forwarding
|
||||
Disable ssh-agent(1) forwarding (permitted by default).
|
||||
@ -180,12 +186,8 @@ DESCRIPTION
|
||||
Disable execution of ~/.ssh/rc by sshd(8) (permitted by
|
||||
default).
|
||||
|
||||
clear Clear all enabled permissions. This is useful for clear-
|
||||
ing the default set of permissions so permissions may be
|
||||
added individually.
|
||||
|
||||
permit-x11-forwarding
|
||||
Allows X11 forwarding.
|
||||
no-x11-forwarding
|
||||
Disable X11 forwarding (permitted by default).
|
||||
|
||||
permit-agent-forwarding
|
||||
Allows ssh-agent(1) forwarding.
|
||||
@ -199,16 +201,14 @@ DESCRIPTION
|
||||
permit-user-rc
|
||||
Allows execution of ~/.ssh/rc by sshd(8).
|
||||
|
||||
force-command=command
|
||||
Forces the execution of command instead of any shell or
|
||||
command specified by the user when the certificate is
|
||||
used for authentication.
|
||||
permit-x11-forwarding
|
||||
Allows X11 forwarding.
|
||||
|
||||
source-address=address_list
|
||||
Restrict the source addresses from which the certificate
|
||||
is considered valid from. The address_list is a comma-
|
||||
separated list of one or more address/netmask pairs in
|
||||
CIDR format.
|
||||
is considered valid. The address_list is a comma-sepa-
|
||||
rated list of one or more address/netmask pairs in CIDR
|
||||
format.
|
||||
|
||||
At present, no constraints are valid for host keys.
|
||||
|
||||
@ -257,9 +257,9 @@ DESCRIPTION
|
||||
in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative
|
||||
time (to the current time) consisting of a minus sign followed by
|
||||
a relative time in the format described in the TIME FORMATS sec-
|
||||
tion of ssh_config(5). The end time may be specified as a YYYYM-
|
||||
MDD date, a YYYYMMDDHHMMSS time or a relative time starting with
|
||||
a plus character.
|
||||
tion of sshd_config(5). The end time may be specified as a
|
||||
YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting
|
||||
with a plus character.
|
||||
|
||||
For example: ``+52w1d'' (valid from now to 52 weeks and one day
|
||||
from now), ``-4w:+4w'' (valid from four weeks ago to four weeks
|
||||
@ -329,12 +329,12 @@ CERTIFICATES
|
||||
|
||||
$ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
|
||||
|
||||
The resultant certificate will be placed in /path/to/user_key_cert.pub.
|
||||
The resultant certificate will be placed in /path/to/user_key-cert.pub.
|
||||
A host certificate requires the -h option:
|
||||
|
||||
$ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
|
||||
|
||||
The host certificate will be output to /path/to/host_key_cert.pub. In
|
||||
The host certificate will be output to /path/to/host_key-cert.pub. In
|
||||
both cases, key_id is a "key identifier" that is logged by the server
|
||||
when the certificate is used for authentication.
|
||||
|
||||
@ -344,7 +344,7 @@ CERTIFICATES
|
||||
pals:
|
||||
|
||||
$ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
|
||||
$ ssh-keygen -s ca_key -I key_id -h -n host.domain $0
|
||||
$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
|
||||
|
||||
Additional limitations on the validity and use of user certificates may
|
||||
be specified through certificate constraints. A constrained certificate
|
||||
@ -431,4 +431,4 @@ AUTHORS
|
||||
created OpenSSH. Markus Friedl contributed the support for SSH protocol
|
||||
versions 1.5 and 2.0.
|
||||
|
||||
OpenBSD 4.6 March 8, 2010 7
|
||||
OpenBSD 4.7 March 13, 2010 7
|
||||
|
43
ssh-keygen.1
43
ssh-keygen.1
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.88 2010/03/08 00:28:55 djm Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.92 2010/03/13 23:38:13 jmc Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
@ -37,7 +37,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: March 8 2010 $
|
||||
.Dd $Mdocdate: March 13 2010 $
|
||||
.Dt SSH-KEYGEN 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -307,8 +307,15 @@ Please see the
|
||||
section for details.
|
||||
The constraints that are valid for user certificates are:
|
||||
.Bl -tag -width Ds
|
||||
.It Ic no-x11-forwarding
|
||||
Disable X11 forwarding (permitted by default).
|
||||
.It Ic clear
|
||||
Clear all enabled permissions.
|
||||
This is useful for clearing the default set of permissions so permissions may
|
||||
be added individually.
|
||||
.It Ic force-command Ns = Ns Ar command
|
||||
Forces the execution of
|
||||
.Ar command
|
||||
instead of any shell or command specified by the user when
|
||||
the certificate is used for authentication.
|
||||
.It Ic no-agent-forwarding
|
||||
Disable
|
||||
.Xr ssh-agent 1
|
||||
@ -323,12 +330,8 @@ Disable execution of
|
||||
by
|
||||
.Xr sshd 8
|
||||
(permitted by default).
|
||||
.It Ic clear
|
||||
Clear all enabled permissions.
|
||||
This is useful for clearing the default set of permissions so permissions may
|
||||
be added individually.
|
||||
.It Ic permit-x11-forwarding
|
||||
Allows X11 forwarding.
|
||||
.It Ic no-x11-forwarding
|
||||
Disable X11 forwarding (permitted by default).
|
||||
.It Ic permit-agent-forwarding
|
||||
Allows
|
||||
.Xr ssh-agent 1
|
||||
@ -342,14 +345,10 @@ Allows execution of
|
||||
.Pa ~/.ssh/rc
|
||||
by
|
||||
.Xr sshd 8 .
|
||||
.It Ic force-command=command
|
||||
Forces the execution of
|
||||
.Ar command
|
||||
instead of any shell or command specified by the user when
|
||||
the certificate is used for authentication.
|
||||
.It Ic source-address=address_list
|
||||
Restrict the source addresses from which the certificate is considered valid
|
||||
from.
|
||||
.It Ic permit-x11-forwarding
|
||||
Allows X11 forwarding.
|
||||
.It Ic source-address Ns = Ns Ar address_list
|
||||
Restrict the source addresses from which the certificate is considered valid.
|
||||
The
|
||||
.Ar address_list
|
||||
is a comma-separated list of one or more address/netmask pairs in CIDR
|
||||
@ -414,7 +413,7 @@ in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
|
||||
of a minus sign followed by a relative time in the format described in the
|
||||
.Sx TIME FORMATS
|
||||
section of
|
||||
.Xr ssh_config 5 .
|
||||
.Xr sshd_config 5 .
|
||||
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
|
||||
a relative time starting with a plus character.
|
||||
.Pp
|
||||
@ -519,7 +518,7 @@ To generate a user certificate:
|
||||
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
|
||||
.Pp
|
||||
The resultant certificate will be placed in
|
||||
.Pa /path/to/user_key_cert.pub .
|
||||
.Pa /path/to/user_key-cert.pub .
|
||||
A host certificate requires the
|
||||
.Fl h
|
||||
option:
|
||||
@ -527,7 +526,7 @@ option:
|
||||
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
|
||||
.Pp
|
||||
The host certificate will be output to
|
||||
.Pa /path/to/host_key_cert.pub .
|
||||
.Pa /path/to/host_key-cert.pub .
|
||||
In both cases,
|
||||
.Ar key_id
|
||||
is a "key identifier" that is logged by the server when the certificate
|
||||
@ -539,7 +538,7 @@ By default, generated certificates are valid for all users or hosts.
|
||||
To generate a certificate for a specified set of principals:
|
||||
.Pp
|
||||
.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
|
||||
.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
|
||||
.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
|
||||
.Pp
|
||||
Additional limitations on the validity and use of user certificates may
|
||||
be specified through certificate constraints.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.184 2010/03/07 22:16:01 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.185 2010/03/15 19:40:02 stevesk Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -1393,7 +1393,8 @@ do_show_cert(struct passwd *pw)
|
||||
SSH_FP_MD5, SSH_FP_HEX);
|
||||
|
||||
printf("%s:\n", identity_file);
|
||||
printf(" %s certificate %s\n", key_type(key), key_fp);
|
||||
printf(" %s %s certificate %s\n", key_type(key),
|
||||
key_cert_type(key), key_fp);
|
||||
printf(" Signed by %s CA %s\n",
|
||||
key_type(key->cert->signature_key), ca_fp);
|
||||
printf(" Key ID \"%s\"\n", key->cert->key_id);
|
||||
|
@ -104,4 +104,4 @@ BUGS
|
||||
This is because it opens a connection to the ssh port, reads the public
|
||||
key, and drops the connection as soon as it gets the key.
|
||||
|
||||
OpenBSD 4.6 January 9, 2010 2
|
||||
OpenBSD 4.7 January 9, 2010 2
|
||||
|
@ -39,4 +39,4 @@ HISTORY
|
||||
AUTHORS
|
||||
Markus Friedl <markus@openbsd.org>
|
||||
|
||||
OpenBSD 4.6 May 31, 2007 1
|
||||
OpenBSD 4.7 May 31, 2007 1
|
||||
|
@ -22,4 +22,4 @@ HISTORY
|
||||
AUTHORS
|
||||
Markus Friedl <markus@openbsd.org>
|
||||
|
||||
OpenBSD 4.6 February 10, 2010 1
|
||||
OpenBSD 4.7 February 10, 2010 1
|
||||
|
@ -17,8 +17,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef ENABLE_PKCS11
|
||||
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
# include <sys/time.h>
|
||||
@ -39,6 +37,8 @@
|
||||
#include "authfd.h"
|
||||
#include "ssh-pkcs11.h"
|
||||
|
||||
#ifdef ENABLE_PKCS11
|
||||
|
||||
/* borrows code from sftp-server and ssh-agent */
|
||||
|
||||
struct pkcs11_keyinfo {
|
||||
|
@ -48,4 +48,4 @@ AUTHORS
|
||||
SEE ALSO
|
||||
ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
|
||||
|
||||
OpenBSD 4.6 April 14, 2002 1
|
||||
OpenBSD 4.7 April 14, 2002 1
|
||||
|
9
ssh.0
9
ssh.0
@ -308,9 +308,10 @@ DESCRIPTION
|
||||
allocated on the server and reported to the client at run time.
|
||||
|
||||
-S ctl_path
|
||||
Specifies the location of a control socket for connection shar-
|
||||
ing. Refer to the description of ControlPath and ControlMaster
|
||||
in ssh_config(5) for details.
|
||||
Specifies the location of a control socket for connection sharing
|
||||
or the string ``none'' to disable connection sharing. Refer to
|
||||
the description of ControlPath and ControlMaster in ssh_config(5)
|
||||
for details.
|
||||
|
||||
-s May be used to request invocation of a subsystem on the remote
|
||||
system. Subsystems are a feature of the SSH2 protocol which fa-
|
||||
@ -876,4 +877,4 @@ AUTHORS
|
||||
created OpenSSH. Markus Friedl contributed the support for SSH protocol
|
||||
versions 1.5 and 2.0.
|
||||
|
||||
OpenBSD 4.6 March 5, 2010 14
|
||||
OpenBSD 4.7 March 26, 2010 14
|
||||
|
9
ssh.1
9
ssh.1
@ -34,8 +34,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $
|
||||
.Dd $Mdocdate: March 5 2010 $
|
||||
.\" $OpenBSD: ssh.1,v 1.303 2010/03/26 00:26:58 djm Exp $
|
||||
.Dd $Mdocdate: March 26 2010 $
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -558,7 +558,10 @@ argument is
|
||||
the listen port will be dynamically allocated on the server and reported
|
||||
to the client at run time.
|
||||
.It Fl S Ar ctl_path
|
||||
Specifies the location of a control socket for connection sharing.
|
||||
Specifies the location of a control socket for connection sharing
|
||||
or the string
|
||||
.Dq none
|
||||
to disable connection sharing.
|
||||
Refer to the description of
|
||||
.Cm ControlPath
|
||||
and
|
||||
|
@ -425,8 +425,8 @@ DESCRIPTION
|
||||
Specifies the order in which the client should try protocol 2 au-
|
||||
thentication methods. This allows a client to prefer one method
|
||||
(e.g. keyboard-interactive) over another method (e.g. password)
|
||||
The default for this option is: ``gssapi-with-mic,hostbased,
|
||||
publickey, keyboard-interactive, password''.
|
||||
The default for this option is: ``gssapi-with-
|
||||
mic,hostbased,publickey,keyboard-interactive,password''.
|
||||
|
||||
Protocol
|
||||
Specifies the protocol versions ssh(1) should support in order of
|
||||
@ -673,4 +673,4 @@ AUTHORS
|
||||
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
|
||||
versions 1.5 and 2.0.
|
||||
|
||||
OpenBSD 4.6 March 5, 2010 11
|
||||
OpenBSD 4.7 March 26, 2010 11
|
||||
|
10
ssh_config.5
10
ssh_config.5
@ -34,8 +34,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
|
||||
.Dd $Mdocdate: March 5 2010 $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $
|
||||
.Dd $Mdocdate: March 26 2010 $
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -734,11 +734,7 @@ This allows a client to prefer one method (e.g.\&
|
||||
over another method (e.g.\&
|
||||
.Cm password )
|
||||
The default for this option is:
|
||||
.Do gssapi-with-mic ,
|
||||
hostbased,
|
||||
publickey,
|
||||
keyboard-interactive,
|
||||
password
|
||||
.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
|
||||
.Dc .
|
||||
.It Cm Protocol
|
||||
Specifies the protocol versions
|
||||
|
2
sshd.0
2
sshd.0
@ -614,4 +614,4 @@ CAVEATS
|
||||
System security is not improved unless rshd, rlogind, and rexecd are dis-
|
||||
abled (thus completely disabling rlogin and rsh into the machine).
|
||||
|
||||
OpenBSD 4.6 March 5, 2010 10
|
||||
OpenBSD 4.7 March 5, 2010 10
|
||||
|
@ -656,4 +656,4 @@ AUTHORS
|
||||
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
|
||||
for privilege separation.
|
||||
|
||||
OpenBSD 4.6 March 4, 2010 10
|
||||
OpenBSD 4.7 March 4, 2010 10
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* $OpenBSD: version.h,v 1.57 2010/03/07 22:01:32 djm Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.58 2010/03/16 16:36:49 djm Exp $ */
|
||||
|
||||
#define SSH_VERSION "OpenSSH_5.4"
|
||||
#define SSH_VERSION "OpenSSH_5.5"
|
||||
|
||||
#define SSH_PORTABLE "p1"
|
||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
||||
|
Loading…
Reference in New Issue
Block a user