diff options
author | Daniel Ahlberg <aliz@gentoo.org> | 2004-09-14 08:02:18 +0000 |
---|---|---|
committer | Daniel Ahlberg <aliz@gentoo.org> | 2004-09-14 08:02:18 +0000 |
commit | 3c8da527cf03d19633713de6bb3061a1a3a4572e (patch) | |
tree | f500e4142914be963acba5c0a8009778da605117 /net-misc/openssh/files | |
parent | Stable amd64, x86. Removing old ebuilds. (Manifest recommit) (diff) | |
download | gentoo-2-3c8da527cf03d19633713de6bb3061a1a3a4572e.tar.gz gentoo-2-3c8da527cf03d19633713de6bb3061a1a3a4572e.tar.bz2 gentoo-2-3c8da527cf03d19633713de6bb3061a1a3a4572e.zip |
Compressed patches
Diffstat (limited to 'net-misc/openssh/files')
46 files changed, 0 insertions, 2717 deletions
diff --git a/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch b/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch deleted file mode 100644 index 70787b4ca39a..000000000000 --- a/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- sshd.c.orig 2002-11-21 15:42:45.000000000 -0500 -+++ sshd.c 2002-11-21 15:43:42.000000000 -0500 -@@ -994,6 +994,7 @@ - sensitive_data.have_ssh1_key = 1; - break; - case KEY_RSA: -+ i=i+0; /* gcc3.2 drops these 2 cases without this */ - case KEY_DSA: - sensitive_data.have_ssh2_key = 1; - break; diff --git a/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2 b/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2 Binary files differnew file mode 100644 index 000000000000..944ab782ec76 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff deleted file mode 100644 index 7a97fe7f877a..000000000000 --- a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff +++ /dev/null @@ -1,116 +0,0 @@ -diff -urN openssh-3.7.1p1.orig/Makefile.in openssh-3.7.1p1/Makefile.in ---- openssh-3.7.1p1.orig/Makefile.in 2003-09-13 20:40:36.000000000 -0500 -+++ openssh-3.7.1p1/Makefile.in 2003-09-19 19:08:04.000000000 -0500 -@@ -40,7 +40,7 @@ - - CC=@CC@ - LD=@LD@ --CFLAGS=@CFLAGS@ -+CFLAGS=@CFLAGS@ -DWITH_SELINUX - CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - LIBPAM=@LIBPAM@ -@@ -53,7 +53,7 @@ - SED=@SED@ - ENT=@ENT@ - XAUTH_PATH=@XAUTH_PATH@ --LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux - EXEEXT=@EXEEXT@ - - INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ -diff -urN openssh-3.7.1p1.orig/session.c openssh-3.7.1p1/session.c ---- openssh-3.7.1p1.orig/session.c 2003-09-15 20:52:19.000000000 -0500 -+++ openssh-3.7.1p1/session.c 2003-09-19 19:08:36.000000000 -0500 -@@ -62,6 +62,11 @@ - #include "ssh-gss.h" - #endif - -+#ifdef WITH_SELINUX -+#include <selinux/get_context_list.h> -+#include <selinux/selinux.h> -+#endif -+ - /* func */ - - Session *session_new(void); -@@ -1291,6 +1296,19 @@ - #endif - if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) - fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); -+#ifdef WITH_SELINUX -+ if (is_selinux_enabled()) -+ { -+ security_context_t scontext; -+ if (get_default_context(pw->pw_name,NULL,&scontext)) -+ fatal("Failed to get default security context for %s.", pw->pw_name); -+ if (setexeccon(scontext)) { -+ freecon(scontext); -+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); -+ } -+ freecon(scontext); -+ } -+#endif - } - - static void -diff -urN openssh-3.7.1p1.orig/sshpty.c openssh-3.7.1p1/sshpty.c ---- openssh-3.7.1p1.orig/sshpty.c 2003-08-24 20:16:21.000000000 -0500 -+++ openssh-3.7.1p1/sshpty.c 2003-09-19 19:08:04.000000000 -0500 -@@ -30,6 +30,12 @@ - #define O_NOCTTY 0 - #endif - -+#ifdef WITH_SELINUX -+#include <selinux/flask.h> -+#include <selinux/get_context_list.h> -+#include <selinux/selinux.h> -+#endif -+ - /* - * Allocates and opens a pty. Returns 0 if no pty could be allocated, or - * nonzero if a pty was successfully allocated. On success, open file -@@ -386,6 +392,37 @@ - * Warn but continue if filesystem is read-only and the uids match/ - * tty is owned by root. - */ -+#ifdef WITH_SELINUX -+ if (is_selinux_enabled()) { -+ security_context_t new_tty_context=NULL, -+ user_context=NULL, old_tty_context=NULL; -+ -+ if (get_default_context(pw->pw_name,NULL,&user_context)) -+ fatal("Failed to get default security context for %s.", pw->pw_name); -+ -+ if (getfilecon(ttyname, &old_tty_context)<0) { -+ error("getfilecon(%.100s) failed: %.100s", ttyname, -+ strerror(errno)); -+ } -+ else -+ { -+ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) { -+ error("security_compute_relabel(%.100s) failed: %.100s", ttyname, -+ strerror(errno)); -+ } -+ else -+ { -+ if (setfilecon (ttyname, new_tty_context) != 0) { -+ error("setfilecon(%.100s, %s) failed: %.100s", -+ ttyname, new_tty_context, strerror(errno)); -+ } -+ freecon(new_tty_context); -+ } -+ freecon(old_tty_context); -+ } -+ freecon(user_context); -+ } -+#endif - if (stat(ttyname, &st)) - fatal("stat(%.100s) failed: %.100s", ttyname, - strerror(errno)); -@@ -415,4 +452,5 @@ - ttyname, (u_int)mode, strerror(errno)); - } - } -+ - } diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 Binary files differnew file mode 100644 index 000000000000..0d3075b14786 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch deleted file mode 100644 index 13625995a88e..000000000000 --- a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -################################################################################ -# # -# Original patch by Ricardo Cerqueira <rmcc@clix.pt> # -# # -# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 # -# # -# A patch to cause sshd to chroot when it encounters the magic token # -# '/./' in a users home directory. The directory portion before the # -# token is the directory to chroot() to, the portion after the # -# token is the user's home directory relative to the new root. # -# # -# Patch source using: patch -p0 < /path/to/patch # -# # -# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. # -# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about # -# other systems (unless you email me your experiences!). # -# # -################################################################################ -################################################################################ - -diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c ---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003 -+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003 -@@ -58,6 +58,8 @@ - #include "session.h" - #include "monitor_wrap.h" - -+#define CHROOT -+ - #ifdef GSSAPI - #include "ssh-gss.h" - #endif -@@ -1231,6 +1233,12 @@ - void - do_setusercontext(struct passwd *pw) - { -+ -+#ifdef CHROOT -+ char *user_dir; -+ char *new_root; -+#endif /* CHROOT */ -+ - #ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) - #endif /* HAVE_CYGWIN */ -@@ -1268,6 +1276,27 @@ - exit(1); - } - endgrent(); -+ -+#ifdef CHROOT -+ user_dir = xstrdup(pw->pw_dir); -+ new_root = user_dir + 1; -+ -+ while((new_root = strchr(new_root, '.')) != NULL) { -+ new_root--; -+ if(strncmp(new_root, "/./", 3) == 0) { -+ *new_root = '\0'; -+ new_root += 2; -+ -+ if(chroot(user_dir) != 0) -+ fatal("Couldn't chroot to user directory % s", user_dir); -+ pw->pw_dir = new_root; -+ break; -+ } -+ new_root += 2; -+ } -+#endif /* CHROOT */ -+ -+ - # ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2 Binary files differnew file mode 100644 index 000000000000..f1a759d5c205 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch b/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch deleted file mode 100644 index 810ce1420b34..000000000000 --- a/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -ur openssh-3.7.1p2.orig/configure.ac openssh-3.7.1p2/configure.ac ---- openssh-3.7.1p2.orig/configure.ac 2003-09-23 10:24:21.000000000 +0100 -+++ openssh-3.7.1p2/configure.ac 2003-10-04 12:51:15.000000000 +0100 -@@ -1992,7 +1992,7 @@ - else - KRB5ROOT=${withval} - fi -- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" -+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_DEFINE(KRB5) - KRB5_MSG="yes" -@@ -2001,7 +2001,7 @@ - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) -- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" -+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv" - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2 Binary files differnew file mode 100644 index 000000000000..f5dc945b44d8 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch b/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch deleted file mode 100644 index c396f5294ab4..000000000000 --- a/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac 2004-02-25 10:21:51.980605062 +0000 -+++ configure.ac 2004-02-25 10:22:23.742782648 +0000 -@@ -662,7 +662,7 @@ - [ - #include <stdio.h> - #include <skey.h> --int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } -+int main() { char *ff = "true"; ff=""; exit(0); } - ], - [AC_MSG_RESULT(yes)], - [ diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2 Binary files differnew file mode 100644 index 000000000000..516c5a799fcd --- /dev/null +++ b/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch deleted file mode 100644 index 13625995a88e..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -################################################################################ -# # -# Original patch by Ricardo Cerqueira <rmcc@clix.pt> # -# # -# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 # -# # -# A patch to cause sshd to chroot when it encounters the magic token # -# '/./' in a users home directory. The directory portion before the # -# token is the directory to chroot() to, the portion after the # -# token is the user's home directory relative to the new root. # -# # -# Patch source using: patch -p0 < /path/to/patch # -# # -# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. # -# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about # -# other systems (unless you email me your experiences!). # -# # -################################################################################ -################################################################################ - -diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c ---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003 -+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003 -@@ -58,6 +58,8 @@ - #include "session.h" - #include "monitor_wrap.h" - -+#define CHROOT -+ - #ifdef GSSAPI - #include "ssh-gss.h" - #endif -@@ -1231,6 +1233,12 @@ - void - do_setusercontext(struct passwd *pw) - { -+ -+#ifdef CHROOT -+ char *user_dir; -+ char *new_root; -+#endif /* CHROOT */ -+ - #ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) - #endif /* HAVE_CYGWIN */ -@@ -1268,6 +1276,27 @@ - exit(1); - } - endgrent(); -+ -+#ifdef CHROOT -+ user_dir = xstrdup(pw->pw_dir); -+ new_root = user_dir + 1; -+ -+ while((new_root = strchr(new_root, '.')) != NULL) { -+ new_root--; -+ if(strncmp(new_root, "/./", 3) == 0) { -+ *new_root = '\0'; -+ new_root += 2; -+ -+ if(chroot(user_dir) != 0) -+ fatal("Couldn't chroot to user directory % s", user_dir); -+ pw->pw_dir = new_root; -+ break; -+ } -+ new_root += 2; -+ } -+#endif /* CHROOT */ -+ -+ - # ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 Binary files differnew file mode 100644 index 000000000000..f1a759d5c205 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch deleted file mode 100644 index 2d0694f0cc7e..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- configure.ac 2004-02-24 21:05:46.781403118 +0000 -+++ configure.ac 2004-02-24 21:03:30.717786642 +0000 -@@ -2102,14 +2102,14 @@ - ) - else - AC_MSG_RESULT(no) -- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" -+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include <krb5.h> ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) -- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" -+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv" - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 Binary files differnew file mode 100644 index 000000000000..8f04e301049f --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch deleted file mode 100644 index 67841670145c..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch +++ /dev/null @@ -1,128 +0,0 @@ -diff -uNr openssh-3.8.1p1/auth2-pubkey.c openssh-3.8.1p1-hugekeys/auth2-pubkey.c ---- openssh-3.8.1p1/auth2-pubkey.c 2004-01-21 01:02:50.000000000 +0100 -+++ openssh-3.8.1p1-hugekeys/auth2-pubkey.c 2004-06-24 13:53:28.493574960 +0200 -@@ -32,6 +32,7 @@ - #include "bufaux.h" - #include "auth.h" - #include "key.h" -+#include "authfile.h" - #include "pathnames.h" - #include "uidswap.h" - #include "auth-options.h" -@@ -167,7 +168,8 @@ - static int - user_key_allowed2(struct passwd *pw, Key *key, char *file) - { -- char line[8192]; -+ size_t size; -+ char *line; - int found_key = 0; - FILE *f; - u_long linenum = 0; -@@ -204,7 +206,10 @@ - found_key = 0; - found = key_new(key->type); - -- while (fgets(line, sizeof(line), f)) { -+ size = 4096; -+ line = xmalloc(size); -+ -+ while (read_whole_line(&line, &size, f)) { - char *cp, *options = NULL; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ -@@ -245,6 +250,9 @@ - break; - } - } -+ -+ xfree(line); -+ - restore_uid(); - fclose(f); - key_free(found); -diff -uNr openssh-3.8.1p1/authfile.c openssh-3.8.1p1-hugekeys/authfile.c ---- openssh-3.8.1p1/authfile.c 2003-09-22 13:01:27.000000000 +0200 -+++ openssh-3.8.1p1-hugekeys/authfile.c 2004-06-24 13:49:28.425070920 +0200 -@@ -588,17 +588,50 @@ - return prv; - } - -+char * -+read_whole_line(char **line, size_t *size, FILE *f) -+{ -+ char *ln = *line; -+ size_t i, sz = *size; -+ -+ if (!ln) { -+ fatal("read_whole_line: NULL pointer given as line argument"); -+ } -+ -+ for (i = 0; ln[sz - 2] = '\0', fgets(ln + i, sz - i, f); i = sz - 1, sz <<= 1) { -+ if (ln[sz - 2]) { -+ ln = xrealloc(ln, sz << 1); -+ continue; -+ } -+ -+ *line = ln; -+ *size = sz; -+ -+ return ln; -+ } -+ -+ return NULL; -+} -+ - static int - key_try_load_public(Key *k, const char *filename, char **commentp) - { - FILE *f; -- char line[4096]; -+ size_t size; -+ char *line; - char *cp; - - f = fopen(filename, "r"); - if (f != NULL) { -- while (fgets(line, sizeof(line), f)) { -- line[sizeof(line)-1] = '\0'; -+ size = 4096; -+ line = xmalloc(size); -+ -+ while (read_whole_line(&line, &size, f)) { -+ /* FIXME: is this useful? fgets already stores a '\0' -+ * after the last character in the buffer... -+ */ -+ line[size-1] = '\0'; -+ - cp = line; - switch (*cp) { - case '#': -@@ -613,11 +646,15 @@ - if (key_read(k, &cp) == 1) { - if (commentp) - *commentp=xstrdup(filename); -+ -+ xfree(line); - fclose(f); - return 1; - } - } - } -+ -+ xfree(line); - fclose(f); - } - return 0; -diff -uNr openssh-3.8.1p1/authfile.h openssh-3.8.1p1-hugekeys/authfile.h ---- openssh-3.8.1p1/authfile.h 2002-06-06 21:57:34.000000000 +0200 -+++ openssh-3.8.1p1-hugekeys/authfile.h 2004-06-24 13:42:59.556187976 +0200 -@@ -15,6 +15,8 @@ - #ifndef AUTHFILE_H - #define AUTHFILE_H - -+char *read_whole_line(char **, size_t *, FILE *); -+ - int key_save_private(Key *, const char *, const char *, const char *); - Key *key_load_public(const char *, char **); - Key *key_load_public_type(int, const char *, char **); diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 Binary files differnew file mode 100644 index 000000000000..29a4bc57ea0b --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch deleted file mode 100644 index 92f8d8d6232b..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch +++ /dev/null @@ -1,131 +0,0 @@ -Index: scard-opensc.c -=================================================================== -RCS file: /cvs/openssh/scard-opensc.c,v -retrieving revision 1.12 -diff -u -r1.12 scard-opensc.c ---- scard-opensc.c 25 Aug 2003 00:58:26 -0000 1.12 -+++ scard-opensc.c 27 Aug 2003 11:42:02 -0000 -@@ -38,6 +38,8 @@ - #include "readpass.h" - #include "scard.h" - -+int ask_for_pin=0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -@@ -119,6 +121,7 @@ - struct sc_pkcs15_prkey_info *key; - struct sc_pkcs15_object *pin_obj; - struct sc_pkcs15_pin_info *pin; -+ char *passphrase = NULL; - - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv == NULL) -@@ -156,24 +159,47 @@ - goto err; - } - pin = pin_obj->data; -+ -+ if (sc_pin) -+ passphrase = sc_pin; -+ else if (ask_for_pin) { -+ /* we need a pin but don't have one => ask for the pin */ -+ char prompt[64]; -+ -+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", -+ key_obj->label ? key_obj->label : "smartcard key"); -+ passphrase = read_passphrase(prompt, 0); -+ if (!passphrase || !strcmp(passphrase, "")) -+ goto err; -+ } else -+ /* no pin => error */ -+ goto err; -+ - r = sc_lock(card); - if (r) { - error("Unable to lock smartcard: %s", sc_strerror(r)); - goto err; - } -- if (sc_pin != NULL) { -- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, -- strlen(sc_pin)); -- if (r) { -- sc_unlock(card); -- error("PIN code verification failed: %s", -- sc_strerror(r)); -- goto err; -- } -+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, -+ strlen(passphrase)); -+ if (r) { -+ sc_unlock(card); -+ error("PIN code verification failed: %s", -+ sc_strerror(r)); -+ goto err; - } -+ - *key_obj_out = key_obj; -+ if (!sc_pin) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - return 0; - err: -+ if (!sc_pin && passphrase) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - sc_close(); - return -1; - } -Index: scard.c -=================================================================== -RCS file: /cvs/openssh/scard.c,v -retrieving revision 1.27 -diff -u -r1.27 scard.c ---- scard.c 18 Jun 2003 10:28:40 -0000 1.27 -+++ scard.c 27 Aug 2003 11:42:02 -0000 -@@ -35,6 +35,9 @@ - #include "readpass.h" - #include "scard.h" - -+/* currently unused */ -+int ask_for_pin = 0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -Index: scard.h -=================================================================== -RCS file: /cvs/openssh/scard.h,v -retrieving revision 1.10 -diff -u -r1.10 scard.h ---- scard.h 18 Jun 2003 10:28:40 -0000 1.10 -+++ scard.h 27 Aug 2003 11:42:02 -0000 -@@ -33,6 +33,8 @@ - #define SCARD_ERROR_NOCARD -2 - #define SCARD_ERROR_APPLET -3 - -+extern int ask_for_pin; -+ - Key **sc_get_keys(const char *, const char *); - void sc_close(void); - int sc_put_key(Key *, const char *); -Index: ssh.c -=================================================================== -RCS file: /cvs/openssh/ssh.c,v -retrieving revision 1.180 -diff -u -r1.180 ssh.c ---- ssh.c 21 Aug 2003 23:34:41 -0000 1.180 -+++ ssh.c 27 Aug 2003 11:42:02 -0000 -@@ -1155,6 +1155,9 @@ - #ifdef SMARTCARD - Key **keys; - -+ if (!options.batch_mode) -+ ask_for_pin = 1; -+ - if (options.smartcard_device != NULL && - options.num_identity_files < SSH_MAX_IDENTITY_FILES && - (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 Binary files differnew file mode 100644 index 000000000000..7415c6ee1c30 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch deleted file mode 100644 index 2de0cca0ed96..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- configure.ac 2004-02-24 21:03:30.717786642 +0000 -+++ configure.ac 2004-02-24 21:33:37.936501897 +0000 -@@ -2055,7 +2055,9 @@ - [ - # Needed by our getrrsetbyname() - AC_SEARCH_LIBS(res_query, resolv) -+ AC_SEARCH_LIBS(__res_query, resolv) - AC_SEARCH_LIBS(dn_expand, resolv) -+ AC_SEARCH_LIBS(__dn_expand, resolv) - AC_CHECK_FUNCS(_getshort _getlong) - AC_CHECK_MEMBER(HEADER.ad, - [AC_DEFINE(HAVE_HEADER_AD)],, diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 Binary files differnew file mode 100644 index 000000000000..af4b3ac7537a --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch deleted file mode 100644 index 133635574c8d..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac 2004-02-24 21:07:25.510177659 +0000 -+++ configure.ac 2004-02-24 21:03:30.717786642 +0000 -@@ -721,7 +721,7 @@ - [ - #include <stdio.h> - #include <skey.h> --int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } -+int main() { char *ff = "true"; ff=""; exit(0); } - ], - [AC_MSG_RESULT(yes)], - [ diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 Binary files differnew file mode 100644 index 000000000000..2c403f8dc079 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch b/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch deleted file mode 100644 index 3e9dd1f4e798..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch +++ /dev/null @@ -1,755 +0,0 @@ -diff -ru openssh-3.8.1p1/servconf.c openssh-3.8.1p1_sftp/servconf.c ---- openssh-3.8.1p1/servconf.c 2004-01-23 11:03:10.000000000 +0000 -+++ openssh-3.8.1p1_sftp/servconf.c 2004-08-18 21:28:18.564861272 +0000 -@@ -102,6 +102,15 @@ - options->authorized_keys_file = NULL; - options->authorized_keys_file2 = NULL; - -+ options->log_sftp = LOG_SFTP_NOT_SET; -+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; -+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; -+ -+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); -+ -+ options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET; -+ options->sftp_permit_chown = SFTP_PERMIT_NOT_SET; -+ - /* Needs to be accessable in many places */ - use_privsep = -1; - } -@@ -109,7 +118,7 @@ - void - fill_default_server_options(ServerOptions *options) - { -- /* Portable-specific options */ -+/* Portable-specific options */ - if (options->use_pam == -1) - options->use_pam = 0; - -@@ -228,6 +237,24 @@ - if (options->authorized_keys_file == NULL) - options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - -+ /* Turn sftp-server logging off by default */ -+ if (options->log_sftp == LOG_SFTP_NOT_SET) -+ options->log_sftp = LOG_SFTP_NO; -+ if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET) -+ options->sftp_log_facility = SYSLOG_FACILITY_AUTH; -+ if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET) -+ options->sftp_log_level = SYSLOG_LEVEL_INFO; -+ -+ /* Don't set sftp-server umask */ -+ if (!options->sftp_umask) -+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); -+ -+ /* allow sftp client to issue chmod, chown / chgrp commands */ -+ if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET) -+ options->sftp_permit_chmod = SFTP_PERMIT_YES; -+ if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET) -+ options->sftp_permit_chown = SFTP_PERMIT_YES; -+ - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = 1; -@@ -249,6 +276,9 @@ - /* Portable-specific options */ - sUsePAM, - /* Standard Options */ -+ sLogSftp, sSftpLogFacility, sSftpLogLevel, -+ sSftpUmask, -+ sSftpPermitChown, sSftpPermitChmod, - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, -@@ -334,6 +364,12 @@ - { "printmotd", sPrintMotd }, - { "printlastlog", sPrintLastLog }, - { "ignorerhosts", sIgnoreRhosts }, -+ { "logsftp", sLogSftp}, -+ { "sftplogfacility", sSftpLogFacility}, -+ { "sftploglevel", sSftpLogLevel}, -+ { "sftpumask", sSftpUmask}, -+ { "sftppermitchmod", sSftpPermitChmod}, -+ { "sftppermitchown", sSftpPermitChown}, - { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, - { "x11forwarding", sX11Forwarding }, - { "x11displayoffset", sX11DisplayOffset }, -@@ -431,6 +467,8 @@ - char *cp, **charptr, *arg, *p; - int *intptr, value, i, n; - ServerOpCodes opcode; -+ unsigned int umaskvalue = 0; -+ char *umaskptr; - - cp = line; - arg = strdelim(&cp); -@@ -871,6 +909,58 @@ - case sBanner: - charptr = &options->banner; - goto parse_filename; -+ -+ case sLogSftp: -+ intptr = &options->log_sftp; -+ goto parse_flag; -+ -+ case sSftpLogFacility: -+ intptr = (int *) &options->sftp_log_facility; -+ arg = strdelim(&cp); -+ value = log_facility_number(arg); -+ if (value == SYSLOG_FACILITY_NOT_SET) -+ fatal("%.200s line %d: unsupported log facility '%s'", -+ filename, linenum, arg ? arg : "<NONE>"); -+ if (*intptr == -1) -+ *intptr = (SyslogFacility) value; -+ break; -+ -+ case sSftpLogLevel: -+ intptr = (int *) &options->sftp_log_level; -+ arg = strdelim(&cp); -+ value = log_level_number(arg); -+ if (value == SYSLOG_LEVEL_NOT_SET) -+ fatal("%.200s line %d: unsupported log level '%s'", -+ filename, linenum, arg ? arg : "<NONE>"); -+ if (*intptr == -1) -+ *intptr = (LogLevel) value; -+ break; -+ -+ case sSftpUmask: -+ arg = strdelim(&cp); -+ umaskptr = arg; -+ while (*arg && *arg >= '0' && *arg <= '9') -+ umaskvalue = umaskvalue * 8 + *arg++ - '0'; -+ if (*arg || umaskvalue > 0777) -+ fatal("%s line %d: bad value for umask", -+ filename, linenum); -+ else { -+ while (*umaskptr && *umaskptr == '0') -+ *umaskptr++; -+ strncpy(options->sftp_umask, umaskptr, -+ SFTP_UMASK_LENGTH); -+ } -+ -+ break; -+ -+ case sSftpPermitChmod: -+ intptr = &options->sftp_permit_chmod; -+ goto parse_flag; -+ -+ case sSftpPermitChown: -+ intptr = &options->sftp_permit_chown; -+ goto parse_flag; -+ - /* - * These options can contain %X options expanded at - * connect time, so that you can specify paths like: -@@ -913,6 +1003,7 @@ - if ((arg = strdelim(&cp)) != NULL && *arg != '\0') - fatal("%s line %d: garbage at end of line; \"%.200s\".", - filename, linenum, arg); -+ - return 0; - } - -Only in openssh-3.8.1p1_sftp/: servconf.c.orig -diff -ru openssh-3.8.1p1/servconf.h openssh-3.8.1p1_sftp/servconf.h ---- openssh-3.8.1p1/servconf.h 2003-12-31 00:37:34.000000000 +0000 -+++ openssh-3.8.1p1_sftp/servconf.h 2004-08-18 21:30:53.354147322 +0000 -@@ -13,6 +13,19 @@ - * called by a name other than "ssh" or "Secure Shell". - */ - -+/* sftp-server logging */ -+#define LOG_SFTP_NOT_SET -1 -+#define LOG_SFTP_NO 0 -+#define LOG_SFTP_YES 1 -+ -+/* sftp-server umask control */ -+#define SFTP_UMASK_LENGTH 5 -+ -+/* sftp-server client priviledge */ -+#define SFTP_PERMIT_NOT_SET -1 -+#define SFTP_PERMIT_NO 0 -+#define SFTP_PERMIT_YES 1 -+ - #ifndef SERVCONF_H - #define SERVCONF_H - -@@ -94,6 +107,12 @@ - int use_login; /* If true, login(1) is used */ - int compression; /* If true, compression is allowed */ - int allow_tcp_forwarding; -+ int log_sftp; /* perform sftp-server logging */ -+ SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */ -+ LogLevel sftp_log_level; /* Level for sftp subsystem logging. */ -+ char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */ -+ int sftp_permit_chmod; -+ int sftp_permit_chown; - u_int num_allow_users; - char *allow_users[MAX_ALLOW_USERS]; - u_int num_deny_users; -Only in openssh-3.8.1p1_sftp/: servconf.h.orig -diff -ru openssh-3.8.1p1/session.c openssh-3.8.1p1_sftp/session.c ---- openssh-3.8.1p1/session.c 2004-04-16 12:47:55.000000000 +0000 -+++ openssh-3.8.1p1_sftp/session.c 2004-08-18 21:06:14.440083846 +0000 -@@ -112,6 +112,15 @@ - - static int is_child = 0; - -+/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the -+ environment to the sftp-server subsystem. */ -+static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6", -+ "7", "8", "9", "10", "11", "-1" }; -+static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6", -+ "7", "-1" }; -+ -+static char *sftpumask; -+ - /* Name and directory of socket for authentication agent forwarding. */ - static char *auth_sock_name = NULL; - static char *auth_sock_dir = NULL; -@@ -979,6 +988,7 @@ - env = xmalloc(envsize * sizeof(char *)); - env[0] = NULL; - -+ - #ifdef HAVE_CYGWIN - /* - * The Windows environment contains some setting which are -@@ -1119,6 +1129,67 @@ - child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_sock_name); - -+ /* LOG_SFTP */ -+ if (options.log_sftp == -1 ) -+ child_set_env(&env, &envsize, "LOG_SFTP", "-1"); -+ else if (options.log_sftp == 0) -+ child_set_env(&env, &envsize, "LOG_SFTP", "0"); -+ else -+ child_set_env(&env, &envsize, "LOG_SFTP", "1"); -+ -+ /* SFTP_LOG_FACILITY */ -+ if (options.sftp_log_facility < 0) -+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", -+ "-1"); -+ else -+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", -+ sysfac_to_int[options.sftp_log_facility]); -+ -+ /* SFTP_LOG_LEVEL */ -+ if (options.sftp_log_level < 0) -+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", -+ "-1"); -+ else -+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", -+ syslevel_to_int[options.sftp_log_level]); -+ -+ /* SFTP_UMASK */ -+ -+ if (options.sftp_umask[0] == '\0') -+ child_set_env(&env, &envsize, "SFTP_UMASK", -+ "" ); -+ else { -+ if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) { -+ -+logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \ -+will be turned off."); -+ -+ child_set_env(&env, &envsize, "SFTP_UMASK", -+ "" ); -+ } else { -+ strncpy(sftpumask, options.sftp_umask, -+ SFTP_UMASK_LENGTH); -+ child_set_env(&env, &envsize, "SFTP_UMASK", -+ sftpumask ); -+ } -+ } -+ -+ /* SFTP_PERMIT_CHMOD */ -+ if (options.sftp_permit_chmod == -1 ) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1"); -+ else if (options.sftp_permit_chmod == 0) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0"); -+ else -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1"); -+ -+ /* SFTP_PERMIT_CHOWN */ -+ if (options.sftp_permit_chown == -1 ) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1"); -+ else if (options.sftp_permit_chown == 0) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0"); -+ else -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1"); -+ - /* read $HOME/.ssh/environment. */ - if (options.permit_user_env && !options.use_login) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", -Only in openssh-3.8.1p1_sftp/: session.c.orig -diff -ru openssh-3.8.1p1/sftp-server.8 openssh-3.8.1p1_sftp/sftp-server.8 ---- openssh-3.8.1p1/sftp-server.8 2003-10-15 05:50:43.000000000 +0000 -+++ openssh-3.8.1p1_sftp/sftp-server.8 2004-08-18 21:06:14.441083601 +0000 -@@ -42,12 +42,27 @@ - option. - See - .Xr sshd_config 5 -+for more information. Sftp-server transactions may be logged -+using the -+.Cm LogSftp , -+.Cm SftpLogFacility , -+and -+.Cm SftpLogLevel -+options. The administrator may exert control over the file and directory -+permission and ownership, with -+.Cm SftpUmask , -+.Cm SftpPermitChmod , -+and -+.Cm SftpPermitChown -+. See -+.Xr sshd_config 5 - for more information. - .Sh SEE ALSO - .Xr sftp 1 , - .Xr ssh 1 , - .Xr sshd_config 5 , --.Xr sshd 8 -+.Xr sshd 8, -+.Xr sshd_config 5 - .Rs - .%A T. Ylonen - .%A S. Lehtinen -diff -ru openssh-3.8.1p1/sftp-server.c openssh-3.8.1p1_sftp/sftp-server.c ---- openssh-3.8.1p1/sftp-server.c 2004-02-23 22:19:15.000000000 +0000 -+++ openssh-3.8.1p1_sftp/sftp-server.c 2004-08-18 21:06:14.443083113 +0000 -@@ -31,6 +31,13 @@ - #define get_string(lenp) buffer_get_string(&iqueue, lenp); - #define TRACE debug - -+/* SFTP_UMASK */ -+static mode_t setumask = 0; -+ -+static int permit_chmod = 1; -+static int permit_chown = 1; -+static int permit_logging = 0; -+ - #ifdef HAVE___PROGNAME - extern char *__progname; - #else -@@ -385,6 +392,14 @@ - a = get_attrib(); - flags = flags_from_portable(pflags); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; -+ -+ if (setumask != 0) { -+ if ( permit_logging == 1 ) -+ logit("setting file creation mode to 0666 and umask to %o", setumask); -+ mode = 0666; -+ umask(setumask); -+ } -+ - TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); - fd = open(name, flags, mode); - if (fd < 0) { -@@ -398,6 +413,8 @@ - status = SSH2_FX_OK; - } - } -+ if ( permit_logging == 1 ) -+ logit("open %s", name); - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(name); -@@ -434,6 +451,7 @@ - (u_int64_t)off, len); - if (len > sizeof buf) { - len = sizeof buf; -+ if ( permit_logging == 1 ) - logit("read change len %d", len); - } - fd = handle_to_fd(handle); -@@ -453,6 +471,8 @@ - } - } - } -+ if ( permit_logging == 1 ) -+ logit("reading file"); - if (status != SSH2_FX_OK) - send_status(id, status); - } -@@ -487,10 +507,13 @@ - } else if (ret == len) { - status = SSH2_FX_OK; - } else { -+ if ( permit_logging == 1 ) - logit("nothing at all written"); - } - } - } -+ if ( permit_logging == 1 ) -+ logit("writing file"); - send_status(id, status); - xfree(data); - } -@@ -583,24 +606,46 @@ - a = get_attrib(); - TRACE("setstat id %u name %s", id, name); - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { -+if ( permit_logging == 1 ) -+logit("process_setstat: truncate"); - ret = truncate(name, a->size); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { -- ret = chmod(name, a->perm & 0777); -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (permit_chmod == 1) { -+ ret = chmod(name, a->perm & 0777); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chmod'ed %s", name); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chmod %s: operation prohibited by sftp-server configuration.", name); -+ } - } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { -+if ( permit_logging == 1 ) -+logit("process_setstat: utimes"); - ret = utimes(name, attrib_to_tv(a)); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { -- ret = chown(name, a->uid, a->gid); -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (permit_chown == 1) { -+ ret = chown(name, a->uid, a->gid); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chown'ed %s.", name); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chown %s: operation prohibited by sftp-server configuration.", name); -+ } - } - send_status(id, status); - xfree(name); -@@ -615,6 +660,9 @@ - int status = SSH2_FX_OK; - char *name; - -+if ( permit_logging == 1 ) -+logit("process_fsetstat"); -+ - id = get_int(); - handle = get_handle(); - a = get_attrib(); -@@ -625,20 +673,33 @@ - status = SSH2_FX_FAILURE; - } else { - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { -+if ( permit_logging == 1 ) -+logit("process_fsetstat: ftruncate"); - ret = ftruncate(fd, a->size); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { -+ if (permit_chmod == 1) { - #ifdef HAVE_FCHMOD -- ret = fchmod(fd, a->perm & 0777); -+ ret = fchmod(fd, a->perm & 0777); - #else -- ret = chmod(name, a->perm & 0777); -+ ret = chmod(name, a->perm & 0777); - #endif -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chmod: succeeded."); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chmod: operation prohibited by sftp-server configuration."); -+ } - } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { -+if ( permit_logging == 1 ) -+logit("process_fsetstat: utimes"); - #ifdef HAVE_FUTIMES - ret = futimes(fd, attrib_to_tv(a)); - #else -@@ -648,13 +709,22 @@ - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { -+ if (permit_chown == 1) { - #ifdef HAVE_FCHOWN -- ret = fchown(fd, a->uid, a->gid); -+ ret = fchown(fd, a->uid, a->gid); - #else -- ret = chown(name, a->uid, a->gid); -+ ret = chown(name, a->uid, a->gid); - #endif -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chown: succeeded"); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chown: operation prohibited by sftp-server configuration."); -+ } - } - } - send_status(id, status); -@@ -684,6 +754,8 @@ - } - - } -+ if ( permit_logging == 1 ) -+ logit("opendir %s", path); - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(path); -@@ -757,6 +829,8 @@ - TRACE("remove id %u name %s", id, name); - ret = unlink(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; -+ if ( permit_logging == 1 ) -+ logit("remove file %s", name); - send_status(id, status); - xfree(name); - } -@@ -774,9 +848,19 @@ - a = get_attrib(); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? - a->perm & 0777 : 0777; -+ -+ if (setumask != 0) { -+ if ( permit_logging == 1 ) -+ logit("setting directory creation mode to 0777 and umask to %o.", setumask); -+ mode = 0777; -+ umask(setumask); -+ } -+ - TRACE("mkdir id %u name %s mode 0%o", id, name, mode); - ret = mkdir(name, mode); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; -+ if ( permit_logging == 1 ) -+ logit("mkdir %s", name); - send_status(id, status); - xfree(name); - } -@@ -793,6 +877,8 @@ - TRACE("rmdir id %u name %s", id, name); - ret = rmdir(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; -+ if ( permit_logging == 1 ) -+ logit("rmdir %s", name); - send_status(id, status); - xfree(name); - } -@@ -819,6 +905,8 @@ - s.name = s.long_name = resolvedname; - send_names(id, 1, &s); - } -+ if ( permit_logging == 1 ) -+ logit("realpath %s", path); - xfree(path); - } - -@@ -854,6 +942,8 @@ - status = SSH2_FX_OK; - } - send_status(id, status); -+ if ( permit_logging == 1 ) -+ logit("rename old %s new %s", oldpath, newpath); - xfree(oldpath); - xfree(newpath); - } -@@ -879,6 +969,8 @@ - s.name = s.long_name = link; - send_names(id, 1, &s); - } -+ if ( permit_logging == 1 ) -+ logit("readlink %s", path); - xfree(path); - } - -@@ -897,6 +989,8 @@ - ret = symlink(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); -+ if ( permit_logging == 1 ) -+ logit("symlink old %s new %s", oldpath, newpath); - xfree(oldpath); - xfree(newpath); - } -@@ -1018,6 +1112,8 @@ - { - fd_set *rset, *wset; - int in, out, max; -+ unsigned int val = 0; -+ char *umask_env; - ssize_t len, olen, set_size; - - /* XXX should use getopt */ -@@ -1025,10 +1121,53 @@ - __progname = ssh_get_progname(av[0]); - handle_init(); - -+ /* Transaction logging */ -+ -+ if (atoi(getenv("LOG_SFTP")) == 1) -+ { -+ permit_logging = 1; -+ log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")), -+ atoi(getenv("SFTP_LOG_FACILITY")), 0); -+ }; -+ -+ - #ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); - #endif - -+ if ( permit_logging == 1 ) -+ logit("Starting sftp-server logging for user %s.", getenv("USER")); -+ -+ /* Umask control */ -+ -+ umask_env = getenv("SFTP_UMASK"); -+ while (*umask_env && *umask_env >= '0' && *umask_env <= '9') -+ val = val * 8 + *umask_env++ - '0'; -+ -+ if (*umask_env || val > 0777 || val == 0) { -+ if ( permit_logging == 1 ) -+ logit("bad value %o for SFTP_UMASK, turning umask control off.", val); -+ setumask = 0; -+ } else { -+ if ( permit_logging == 1 ) -+ logit("umask control is on."); -+ setumask = val; -+ }; -+ -+ -+ /* Sensitive client commands */ -+ -+ if (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) { -+ permit_chmod = 0; -+ if ( permit_logging == 1 ) -+ logit("client is not permitted to chmod."); -+ }; -+ if (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) { -+ permit_chown = 0; -+ if ( permit_logging == 1 ) -+ logit("client is not permitted to chown."); -+ }; -+ - in = dup(STDIN_FILENO); - out = dup(STDOUT_FILENO); - -@@ -1071,6 +1210,8 @@ - len = read(in, buf, sizeof buf); - if (len == 0) { - debug("read eof"); -+ if ( permit_logging == 1 ) -+ logit("sftp-server finished."); - exit(0); - } else if (len < 0) { - error("read error"); -Only in openssh-3.8.1p1_sftp/: sftp-server.c.orig -diff -ru openssh-3.8.1p1/sshd_config openssh-3.8.1p1_sftp/sshd_config ---- openssh-3.8.1p1/sshd_config 2003-12-31 00:38:32.000000000 +0000 -+++ openssh-3.8.1p1_sftp/sshd_config 2004-08-18 21:06:14.443083113 +0000 -@@ -95,3 +95,14 @@ - - # override default of no subsystems - Subsystem sftp /usr/libexec/sftp-server -+ -+# sftp-server logging -+#LogSftp no -+#SftpLogFacility AUTH -+#SftpLogLevel INFO -+ -+# sftp-server umask control -+#SftpUmask -+ -+#SftpPermitChmod yes -+#SftpPermitChown yes -diff -ru openssh-3.8.1p1/sshd_config.5 openssh-3.8.1p1_sftp/sshd_config.5 ---- openssh-3.8.1p1/sshd_config.5 2004-04-14 03:04:36.000000000 +0000 -+++ openssh-3.8.1p1_sftp/sshd_config.5 2004-08-18 21:06:14.444082869 +0000 -@@ -379,6 +379,10 @@ - DEBUG and DEBUG1 are equivalent. - DEBUG2 and DEBUG3 each specify higher levels of debugging output. - Logging with a DEBUG level violates the privacy of users and is not recommended. -+.It Cm LogSftp -+Specifies whether to perform logging of -+.Nm sftp-server -+subsystem transactions. Must be "yes" or "no." The default value is "no." - .It Cm MACs - Specifies the available MAC (message authentication code) algorithms. - The MAC algorithm is used in protocol version 2 -@@ -533,6 +537,37 @@ - .It Cm ServerKeyBits - Defines the number of bits in the ephemeral protocol version 1 server key. - The minimum value is 512, and the default is 768. -+.It Cm SftpLogFacility -+Gives the facility code that is used when logging -+.Nm sftp-server . -+transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0, -+LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -+The default is AUTH. -+.It Cm SftpLogLevel -+Gives the verbosity level that is used when logging messages from -+.Nm sftp-server . -+The possible values are: -+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -+The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -+and DEBUG3 each specify higher levels of debugging output. -+Logging with a DEBUG level violates the privacy of users -+and is not recommended. -+.It Cm SftpPermitChmod -+Specifies whether the sftp-server allows the sftp client to execute chmod -+commands on the server. The default is yes. -+.It Cm SftpPermitChown -+Specifies whether the sftp-server allows the sftp client to execute chown -+or chgrp commands on the server. Turning this value on means that the client -+is allowed to execute both chown and chgrp commands. Turning it off means that -+the client is prohibited from executing either chown or chgrp. -+ The default is yes. -+.It Cm SftpUmask -+Specifies an optional umask for -+.Nm sftp-server -+subsystem transactions. If a umask is given, this umask will override all system, -+environment or sftp client permission modes. If -+no umask or an invalid umask is given, file creation mode defaults to the permission -+mode specified by the sftp client. The default is for no umask. - .It Cm StrictModes - Specifies whether - .Nm sshd -Only in openssh-3.8.1p1_sftp/: sshd_config.5.orig -Only in openssh-3.8.1p1_sftp/: sshd_config.orig -diff -ru openssh-3.8.1p1/version.h openssh-3.8.1p1_sftp/version.h ---- openssh-3.8.1p1/version.h 2004-03-21 22:39:10.000000000 +0000 -+++ openssh-3.8.1p1_sftp/version.h 2004-08-18 21:06:14.436084823 +0000 -@@ -1,3 +1,3 @@ - /* $OpenBSD: version.h,v 1.41 2004/03/20 10:40:59 markus Exp $ */ - --#define SSH_VERSION "OpenSSH_3.8.1p1" -+#define SSH_VERSION "OpenSSH_3.8.1p1+sftplogging-v1.2" -Only in openssh-3.8.1p1_sftp/: version.h.orig diff --git a/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2 Binary files differnew file mode 100644 index 000000000000..5b07d79a808e --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch deleted file mode 100644 index 13625995a88e..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -################################################################################ -# # -# Original patch by Ricardo Cerqueira <rmcc@clix.pt> # -# # -# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 # -# # -# A patch to cause sshd to chroot when it encounters the magic token # -# '/./' in a users home directory. The directory portion before the # -# token is the directory to chroot() to, the portion after the # -# token is the user's home directory relative to the new root. # -# # -# Patch source using: patch -p0 < /path/to/patch # -# # -# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. # -# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about # -# other systems (unless you email me your experiences!). # -# # -################################################################################ -################################################################################ - -diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c ---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003 -+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003 -@@ -58,6 +58,8 @@ - #include "session.h" - #include "monitor_wrap.h" - -+#define CHROOT -+ - #ifdef GSSAPI - #include "ssh-gss.h" - #endif -@@ -1231,6 +1233,12 @@ - void - do_setusercontext(struct passwd *pw) - { -+ -+#ifdef CHROOT -+ char *user_dir; -+ char *new_root; -+#endif /* CHROOT */ -+ - #ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) - #endif /* HAVE_CYGWIN */ -@@ -1268,6 +1276,27 @@ - exit(1); - } - endgrent(); -+ -+#ifdef CHROOT -+ user_dir = xstrdup(pw->pw_dir); -+ new_root = user_dir + 1; -+ -+ while((new_root = strchr(new_root, '.')) != NULL) { -+ new_root--; -+ if(strncmp(new_root, "/./", 3) == 0) { -+ *new_root = '\0'; -+ new_root += 2; -+ -+ if(chroot(user_dir) != 0) -+ fatal("Couldn't chroot to user directory % s", user_dir); -+ pw->pw_dir = new_root; -+ break; -+ } -+ new_root += 2; -+ } -+#endif /* CHROOT */ -+ -+ - # ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. diff --git a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 Binary files differnew file mode 100644 index 000000000000..f1a759d5c205 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch deleted file mode 100644 index 2d0694f0cc7e..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- configure.ac 2004-02-24 21:05:46.781403118 +0000 -+++ configure.ac 2004-02-24 21:03:30.717786642 +0000 -@@ -2102,14 +2102,14 @@ - ) - else - AC_MSG_RESULT(no) -- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" -+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include <krb5.h> ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) -- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" -+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv" - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" diff --git a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 Binary files differnew file mode 100644 index 000000000000..8f04e301049f --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch deleted file mode 100644 index 2de0cca0ed96..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- configure.ac 2004-02-24 21:03:30.717786642 +0000 -+++ configure.ac 2004-02-24 21:33:37.936501897 +0000 -@@ -2055,7 +2055,9 @@ - [ - # Needed by our getrrsetbyname() - AC_SEARCH_LIBS(res_query, resolv) -+ AC_SEARCH_LIBS(__res_query, resolv) - AC_SEARCH_LIBS(dn_expand, resolv) -+ AC_SEARCH_LIBS(__dn_expand, resolv) - AC_CHECK_FUNCS(_getshort _getlong) - AC_CHECK_MEMBER(HEADER.ad, - [AC_DEFINE(HAVE_HEADER_AD)],, diff --git a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 Binary files differnew file mode 100644 index 000000000000..af4b3ac7537a --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.8_p1-skey.patch b/net-misc/openssh/files/openssh-3.8_p1-skey.patch deleted file mode 100644 index 133635574c8d..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-skey.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac 2004-02-24 21:07:25.510177659 +0000 -+++ configure.ac 2004-02-24 21:03:30.717786642 +0000 -@@ -721,7 +721,7 @@ - [ - #include <stdio.h> - #include <skey.h> --int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } -+int main() { char *ff = "true"; ff=""; exit(0); } - ], - [AC_MSG_RESULT(yes)], - [ diff --git a/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 Binary files differnew file mode 100644 index 000000000000..2c403f8dc079 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.9_p1-chroot.patch b/net-misc/openssh/files/openssh-3.9_p1-chroot.patch deleted file mode 100644 index 13625995a88e..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-chroot.patch +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -################################################################################ -# # -# Original patch by Ricardo Cerqueira <rmcc@clix.pt> # -# # -# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 # -# # -# A patch to cause sshd to chroot when it encounters the magic token # -# '/./' in a users home directory. The directory portion before the # -# token is the directory to chroot() to, the portion after the # -# token is the user's home directory relative to the new root. # -# # -# Patch source using: patch -p0 < /path/to/patch # -# # -# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. # -# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about # -# other systems (unless you email me your experiences!). # -# # -################################################################################ -################################################################################ - -diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c ---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003 -+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003 -@@ -58,6 +58,8 @@ - #include "session.h" - #include "monitor_wrap.h" - -+#define CHROOT -+ - #ifdef GSSAPI - #include "ssh-gss.h" - #endif -@@ -1231,6 +1233,12 @@ - void - do_setusercontext(struct passwd *pw) - { -+ -+#ifdef CHROOT -+ char *user_dir; -+ char *new_root; -+#endif /* CHROOT */ -+ - #ifndef HAVE_CYGWIN - if (getuid() == 0 || geteuid() == 0) - #endif /* HAVE_CYGWIN */ -@@ -1268,6 +1276,27 @@ - exit(1); - } - endgrent(); -+ -+#ifdef CHROOT -+ user_dir = xstrdup(pw->pw_dir); -+ new_root = user_dir + 1; -+ -+ while((new_root = strchr(new_root, '.')) != NULL) { -+ new_root--; -+ if(strncmp(new_root, "/./", 3) == 0) { -+ *new_root = '\0'; -+ new_root += 2; -+ -+ if(chroot(user_dir) != 0) -+ fatal("Couldn't chroot to user directory % s", user_dir); -+ pw->pw_dir = new_root; -+ break; -+ } -+ new_root += 2; -+ } -+#endif /* CHROOT */ -+ -+ - # ifdef USE_PAM - /* - * PAM credentials may take the form of supplementary groups. diff --git a/net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2 Binary files differnew file mode 100644 index 000000000000..f1a759d5c205 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch deleted file mode 100644 index 2804782a458a..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff -uNr openssh-3.8.1p1/auth2-pubkey.c openssh-3.8.1p1-hugekeys/auth2-pubkey.c ---- openssh-3.8.1p1/auth2-pubkey.c 2004-01-21 01:02:50.000000000 +0100 -+++ openssh-3.8.1p1-hugekeys/auth2-pubkey.c 2004-06-24 13:53:28.493574960 +0200 -@@ -32,6 +32,7 @@ - #include "bufaux.h" - #include "auth.h" - #include "key.h" -+#include "authfile.h" - #include "pathnames.h" - #include "uidswap.h" - #include "auth-options.h" -@@ -167,7 +168,8 @@ - static int - user_key_allowed2(struct passwd *pw, Key *key, char *file) - { -- char line[8192]; -+ size_t size; -+ char *line; - int found_key = 0; - FILE *f; - u_long linenum = 0; -@@ -204,7 +204,10 @@ - found_key = 0; - found = key_new(key->type); - -- while (fgets(line, sizeof(line), f)) { -+ size = 4096; -+ line = xmalloc(size); -+ -+ while (read_whole_line(&line, &size, f)) { - char *cp, *key_options = NULL; - linenum++; - /* Skip leading whitespace, empty and comment lines. */ -@@ -245,6 +250,9 @@ - break; - } - } -+ -+ xfree(line); -+ - restore_uid(); - fclose(f); - key_free(found); -diff -uNr openssh-3.8.1p1/authfile.c openssh-3.8.1p1-hugekeys/authfile.c ---- openssh-3.8.1p1/authfile.c 2003-09-22 13:01:27.000000000 +0200 -+++ openssh-3.8.1p1-hugekeys/authfile.c 2004-06-24 13:49:28.425070920 +0200 -@@ -588,17 +588,50 @@ - return prv; - } - -+char * -+read_whole_line(char **line, size_t *size, FILE *f) -+{ -+ char *ln = *line; -+ size_t i, sz = *size; -+ -+ if (!ln) { -+ fatal("read_whole_line: NULL pointer given as line argument"); -+ } -+ -+ for (i = 0; ln[sz - 2] = '\0', fgets(ln + i, sz - i, f); i = sz - 1, sz <<= 1) { -+ if (ln[sz - 2]) { -+ ln = xrealloc(ln, sz << 1); -+ continue; -+ } -+ -+ *line = ln; -+ *size = sz; -+ -+ return ln; -+ } -+ -+ return NULL; -+} -+ - static int - key_try_load_public(Key *k, const char *filename, char **commentp) - { - FILE *f; -- char line[4096]; -+ size_t size; -+ char *line; - char *cp; - - f = fopen(filename, "r"); - if (f != NULL) { -- while (fgets(line, sizeof(line), f)) { -- line[sizeof(line)-1] = '\0'; -+ size = 4096; -+ line = xmalloc(size); -+ -+ while (read_whole_line(&line, &size, f)) { -+ /* FIXME: is this useful? fgets already stores a '\0' -+ * after the last character in the buffer... -+ */ -+ line[size-1] = '\0'; -+ - cp = line; - switch (*cp) { - case '#': -@@ -613,11 +646,15 @@ - if (key_read(k, &cp) == 1) { - if (commentp) - *commentp=xstrdup(filename); -+ -+ xfree(line); - fclose(f); - return 1; - } - } - } -+ -+ xfree(line); - fclose(f); - } - return 0; -diff -uNr openssh-3.8.1p1/authfile.h openssh-3.8.1p1-hugekeys/authfile.h ---- openssh-3.8.1p1/authfile.h 2002-06-06 21:57:34.000000000 +0200 -+++ openssh-3.8.1p1-hugekeys/authfile.h 2004-06-24 13:42:59.556187976 +0200 -@@ -15,6 +15,8 @@ - #ifndef AUTHFILE_H - #define AUTHFILE_H - -+char *read_whole_line(char **, size_t *, FILE *); -+ - int key_save_private(Key *, const char *, const char *, const char *); - Key *key_load_public(const char *, char **); - Key *key_load_public_type(int, const char *, char **); ---- /tmp/auth2-pubkey.c 2004-08-18 19:57:44.991708913 +0000 -+++ auth2-pubkey.c 2004-08-18 19:58:19.241405296 +0000 diff --git a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 Binary files differnew file mode 100644 index 000000000000..ae244ef30de6 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch deleted file mode 100644 index 92f8d8d6232b..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch +++ /dev/null @@ -1,131 +0,0 @@ -Index: scard-opensc.c -=================================================================== -RCS file: /cvs/openssh/scard-opensc.c,v -retrieving revision 1.12 -diff -u -r1.12 scard-opensc.c ---- scard-opensc.c 25 Aug 2003 00:58:26 -0000 1.12 -+++ scard-opensc.c 27 Aug 2003 11:42:02 -0000 -@@ -38,6 +38,8 @@ - #include "readpass.h" - #include "scard.h" - -+int ask_for_pin=0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -@@ -119,6 +121,7 @@ - struct sc_pkcs15_prkey_info *key; - struct sc_pkcs15_object *pin_obj; - struct sc_pkcs15_pin_info *pin; -+ char *passphrase = NULL; - - priv = (struct sc_priv_data *) RSA_get_app_data(rsa); - if (priv == NULL) -@@ -156,24 +159,47 @@ - goto err; - } - pin = pin_obj->data; -+ -+ if (sc_pin) -+ passphrase = sc_pin; -+ else if (ask_for_pin) { -+ /* we need a pin but don't have one => ask for the pin */ -+ char prompt[64]; -+ -+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", -+ key_obj->label ? key_obj->label : "smartcard key"); -+ passphrase = read_passphrase(prompt, 0); -+ if (!passphrase || !strcmp(passphrase, "")) -+ goto err; -+ } else -+ /* no pin => error */ -+ goto err; -+ - r = sc_lock(card); - if (r) { - error("Unable to lock smartcard: %s", sc_strerror(r)); - goto err; - } -- if (sc_pin != NULL) { -- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, -- strlen(sc_pin)); -- if (r) { -- sc_unlock(card); -- error("PIN code verification failed: %s", -- sc_strerror(r)); -- goto err; -- } -+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, -+ strlen(passphrase)); -+ if (r) { -+ sc_unlock(card); -+ error("PIN code verification failed: %s", -+ sc_strerror(r)); -+ goto err; - } -+ - *key_obj_out = key_obj; -+ if (!sc_pin) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - return 0; - err: -+ if (!sc_pin && passphrase) { -+ memset(passphrase, 0, strlen(passphrase)); -+ xfree(passphrase); -+ } - sc_close(); - return -1; - } -Index: scard.c -=================================================================== -RCS file: /cvs/openssh/scard.c,v -retrieving revision 1.27 -diff -u -r1.27 scard.c ---- scard.c 18 Jun 2003 10:28:40 -0000 1.27 -+++ scard.c 27 Aug 2003 11:42:02 -0000 -@@ -35,6 +35,9 @@ - #include "readpass.h" - #include "scard.h" - -+/* currently unused */ -+int ask_for_pin = 0; -+ - #if OPENSSL_VERSION_NUMBER < 0x00907000L - #define USE_ENGINE - #define RSA_get_default_method RSA_get_default_openssl_method -Index: scard.h -=================================================================== -RCS file: /cvs/openssh/scard.h,v -retrieving revision 1.10 -diff -u -r1.10 scard.h ---- scard.h 18 Jun 2003 10:28:40 -0000 1.10 -+++ scard.h 27 Aug 2003 11:42:02 -0000 -@@ -33,6 +33,8 @@ - #define SCARD_ERROR_NOCARD -2 - #define SCARD_ERROR_APPLET -3 - -+extern int ask_for_pin; -+ - Key **sc_get_keys(const char *, const char *); - void sc_close(void); - int sc_put_key(Key *, const char *); -Index: ssh.c -=================================================================== -RCS file: /cvs/openssh/ssh.c,v -retrieving revision 1.180 -diff -u -r1.180 ssh.c ---- ssh.c 21 Aug 2003 23:34:41 -0000 1.180 -+++ ssh.c 27 Aug 2003 11:42:02 -0000 -@@ -1155,6 +1155,9 @@ - #ifdef SMARTCARD - Key **keys; - -+ if (!options.batch_mode) -+ ask_for_pin = 1; -+ - if (options.smartcard_device != NULL && - options.num_identity_files < SSH_MAX_IDENTITY_FILES && - (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 Binary files differnew file mode 100644 index 000000000000..7415c6ee1c30 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff deleted file mode 100644 index e845c683d874..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff +++ /dev/null @@ -1,110 +0,0 @@ -diff -urN openssh-3.7.1p1.orig/Makefile.in openssh-3.7.1p1/Makefile.in ---- openssh-3.7.1p1.orig/Makefile.in 2003-09-13 20:40:36.000000000 -0500 -+++ openssh-3.7.1p1/Makefile.in 2003-09-19 19:08:04.000000000 -0500 -@@ -40,7 +40,7 @@ - - CC=@CC@ - LD=@LD@ --CFLAGS=@CFLAGS@ -+CFLAGS=@CFLAGS@ -DWITH_SELINUX - CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - LIBPAM=@LIBPAM@ -@@ -53,7 +53,7 @@ - SED=@SED@ - ENT=@ENT@ - XAUTH_PATH=@XAUTH_PATH@ --LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux - EXEEXT=@EXEEXT@ - - INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ -diff -urN openssh-3.7.1p1.orig/session.c openssh-3.7.1p1/session.c ---- openssh-3.7.1p1.orig/session.c 2003-09-15 20:52:19.000000000 -0500 -+++ openssh-3.7.1p1/session.c 2003-09-19 19:08:36.000000000 -0500 -@@ -66,6 +66,11 @@ - #include "ssh-gss.h" - #endif - -+#ifdef WITH_SELINUX -+#include <selinux/get_context_list.h> -+#include <selinux/selinux.h> -+#endif -+ - /* func */ - - Session *session_new(void); -@@ -1304,6 +1309,19 @@ - #endif - if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) - fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); -+#ifdef WITH_SELINUX -+ if (is_selinux_enabled()) -+ { -+ security_context_t scontext; -+ if (get_default_context(pw->pw_name,NULL,&scontext)) -+ fatal("Failed to get default security context for %s.", pw->pw_name); -+ if (setexeccon(scontext)) { -+ freecon(scontext); -+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); -+ } -+ freecon(scontext); -+ } -+#endif - } - - static void -diff -urN openssh-3.7.1p1.orig/sshpty.c openssh-3.7.1p1/sshpty.c ---- openssh-3.7.1p1.orig/sshpty.c 2003-08-24 20:16:21.000000000 -0500 -+++ openssh-3.7.1p1/sshpty.c 2003-09-19 19:08:04.000000000 -0500 -@@ -30,6 +30,12 @@ - #define O_NOCTTY 0 - #endif - -+#ifdef WITH_SELINUX -+#include <selinux/flask.h> -+#include <selinux/get_context_list.h> -+#include <selinux/selinux.h> -+#endif -+ - /* - * Allocates and opens a pty. Returns 0 if no pty could be allocated, or - * nonzero if a pty was successfully allocated. On success, open file -@@ -196,6 +202,37 @@ - * Warn but continue if filesystem is read-only and the uids match/ - * tty is owned by root. - */ -+#ifdef WITH_SELINUX -+ if (is_selinux_enabled()) { -+ security_context_t new_tty_context=NULL, -+ user_context=NULL, old_tty_context=NULL; -+ -+ if (get_default_context(pw->pw_name,NULL,&user_context)) -+ fatal("Failed to get default security context for %s.", pw->pw_name); -+ -+ if (getfilecon(tty, &old_tty_context)<0) { -+ error("getfilecon(%.100s) failed: %.100s", tty, -+ strerror(errno)); -+ } -+ else -+ { -+ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) { -+ error("security_compute_relabel(%.100s) failed: %.100s", tty, -+ strerror(errno)); -+ } -+ else -+ { -+ if (setfilecon (tty, new_tty_context) != 0) { -+ error("setfilecon(%.100s, %s) failed: %.100s", -+ tty, new_tty_context, strerror(errno)); -+ } -+ freecon(new_tty_context); -+ } -+ freecon(old_tty_context); -+ } -+ freecon(user_context); -+ } -+#endif - if (stat(tty, &st)) - fatal("stat(%.100s) failed: %.100s", tty, - strerror(errno)); diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 Binary files differnew file mode 100644 index 000000000000..b51c746e4921 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 diff --git a/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch b/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch deleted file mode 100644 index 4109e568b1b3..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch +++ /dev/null @@ -1,759 +0,0 @@ -Common subdirectories: openssh-3.9p1/contrib and openssh-3.9p1_sftp/contrib -Common subdirectories: openssh-3.9p1/openbsd-compat and openssh-3.9p1_sftp/openbsd-compat -Common subdirectories: openssh-3.9p1/regress and openssh-3.9p1_sftp/regress -Common subdirectories: openssh-3.9p1/scard and openssh-3.9p1_sftp/scard -diff -u openssh-3.9p1/servconf.c openssh-3.9p1_sftp/servconf.c ---- openssh-3.9p1/servconf.c 2004-08-13 11:30:24.000000000 +0000 -+++ openssh-3.9p1_sftp/servconf.c 2004-08-19 10:18:56.795256718 +0000 -@@ -103,6 +103,15 @@ - options->authorized_keys_file2 = NULL; - options->num_accept_env = 0; - -+ options->log_sftp = LOG_SFTP_NOT_SET; -+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET; -+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET; -+ -+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); -+ -+ options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET; -+ options->sftp_permit_chown = SFTP_PERMIT_NOT_SET; -+ - /* Needs to be accessable in many places */ - use_privsep = -1; - } -@@ -110,7 +119,7 @@ - void - fill_default_server_options(ServerOptions *options) - { -- /* Portable-specific options */ -+/* Portable-specific options */ - if (options->use_pam == -1) - options->use_pam = 0; - -@@ -231,6 +240,24 @@ - if (options->authorized_keys_file == NULL) - options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; - -+ /* Turn sftp-server logging off by default */ -+ if (options->log_sftp == LOG_SFTP_NOT_SET) -+ options->log_sftp = LOG_SFTP_NO; -+ if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET) -+ options->sftp_log_facility = SYSLOG_FACILITY_AUTH; -+ if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET) -+ options->sftp_log_level = SYSLOG_LEVEL_INFO; -+ -+ /* Don't set sftp-server umask */ -+ if (!options->sftp_umask) -+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH); -+ -+ /* allow sftp client to issue chmod, chown / chgrp commands */ -+ if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET) -+ options->sftp_permit_chmod = SFTP_PERMIT_YES; -+ if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET) -+ options->sftp_permit_chown = SFTP_PERMIT_YES; -+ - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = 1; -@@ -252,6 +279,9 @@ - /* Portable-specific options */ - sUsePAM, - /* Standard Options */ -+ sLogSftp, sSftpLogFacility, sSftpLogLevel, -+ sSftpUmask, -+ sSftpPermitChown, sSftpPermitChmod, - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, -@@ -338,6 +368,12 @@ - { "printmotd", sPrintMotd }, - { "printlastlog", sPrintLastLog }, - { "ignorerhosts", sIgnoreRhosts }, -+ { "logsftp", sLogSftp}, -+ { "sftplogfacility", sSftpLogFacility}, -+ { "sftploglevel", sSftpLogLevel}, -+ { "sftpumask", sSftpUmask}, -+ { "sftppermitchmod", sSftpPermitChmod}, -+ { "sftppermitchown", sSftpPermitChown}, - { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, - { "x11forwarding", sX11Forwarding }, - { "x11displayoffset", sX11DisplayOffset }, -@@ -437,6 +473,8 @@ - char *cp, **charptr, *arg, *p; - int *intptr, value, i, n; - ServerOpCodes opcode; -+ unsigned int umaskvalue = 0; -+ char *umaskptr; - - cp = line; - arg = strdelim(&cp); -@@ -881,6 +919,58 @@ - case sBanner: - charptr = &options->banner; - goto parse_filename; -+ -+ case sLogSftp: -+ intptr = &options->log_sftp; -+ goto parse_flag; -+ -+ case sSftpLogFacility: -+ intptr = (int *) &options->sftp_log_facility; -+ arg = strdelim(&cp); -+ value = log_facility_number(arg); -+ if (value == SYSLOG_FACILITY_NOT_SET) -+ fatal("%.200s line %d: unsupported log facility '%s'", -+ filename, linenum, arg ? arg : "<NONE>"); -+ if (*intptr == -1) -+ *intptr = (SyslogFacility) value; -+ break; -+ -+ case sSftpLogLevel: -+ intptr = (int *) &options->sftp_log_level; -+ arg = strdelim(&cp); -+ value = log_level_number(arg); -+ if (value == SYSLOG_LEVEL_NOT_SET) -+ fatal("%.200s line %d: unsupported log level '%s'", -+ filename, linenum, arg ? arg : "<NONE>"); -+ if (*intptr == -1) -+ *intptr = (LogLevel) value; -+ break; -+ -+ case sSftpUmask: -+ arg = strdelim(&cp); -+ umaskptr = arg; -+ while (*arg && *arg >= '0' && *arg <= '9') -+ umaskvalue = umaskvalue * 8 + *arg++ - '0'; -+ if (*arg || umaskvalue > 0777) -+ fatal("%s line %d: bad value for umask", -+ filename, linenum); -+ else { -+ while (*umaskptr && *umaskptr == '0') -+ *umaskptr++; -+ strncpy(options->sftp_umask, umaskptr, -+ SFTP_UMASK_LENGTH); -+ } -+ -+ break; -+ -+ case sSftpPermitChmod: -+ intptr = &options->sftp_permit_chmod; -+ goto parse_flag; -+ -+ case sSftpPermitChown: -+ intptr = &options->sftp_permit_chown; -+ goto parse_flag; -+ - /* - * These options can contain %X options expanded at - * connect time, so that you can specify paths like: -@@ -936,6 +1026,7 @@ - if ((arg = strdelim(&cp)) != NULL && *arg != '\0') - fatal("%s line %d: garbage at end of line; \"%.200s\".", - filename, linenum, arg); -+ - return 0; - } - -Only in openssh-3.9p1_sftp/: servconf.c.orig -diff -u openssh-3.9p1/servconf.h openssh-3.9p1_sftp/servconf.h ---- openssh-3.9p1/servconf.h 2004-06-25 03:33:20.000000000 +0000 -+++ openssh-3.9p1_sftp/servconf.h 2004-08-19 10:20:25.728487142 +0000 -@@ -20,6 +20,19 @@ - - #define MAX_PORTS 256 /* Max # ports. */ - -+/* sftp-server logging */ -+#define LOG_SFTP_NOT_SET -1 -+#define LOG_SFTP_NO 0 -+#define LOG_SFTP_YES 1 -+ -+/* sftp-server umask control */ -+#define SFTP_UMASK_LENGTH 5 -+ -+/* sftp-server client priviledge */ -+#define SFTP_PERMIT_NOT_SET -1 -+#define SFTP_PERMIT_NO 0 -+#define SFTP_PERMIT_YES 1 -+ - #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ - #define MAX_DENY_USERS 256 /* Max # users on deny list. */ - #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ -@@ -98,6 +111,12 @@ - int use_login; /* If true, login(1) is used */ - int compression; /* If true, compression is allowed */ - int allow_tcp_forwarding; -+ int log_sftp; /* perform sftp-server logging */ -+ SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */ -+ LogLevel sftp_log_level; /* Level for sftp subsystem logging. */ -+ char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */ -+ int sftp_permit_chmod; -+ int sftp_permit_chown; - u_int num_allow_users; - char *allow_users[MAX_ALLOW_USERS]; - u_int num_deny_users; -Only in openssh-3.9p1_sftp/: servconf.h.orig -diff -u openssh-3.9p1/session.c openssh-3.9p1_sftp/session.c ---- openssh-3.9p1/session.c 2004-08-12 12:40:25.000000000 +0000 -+++ openssh-3.9p1_sftp/session.c 2004-08-19 10:18:56.796256473 +0000 -@@ -112,6 +112,15 @@ - - static int is_child = 0; - -+/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the -+ environment to the sftp-server subsystem. */ -+static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6", -+ "7", "8", "9", "10", "11", "-1" }; -+static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6", -+ "7", "-1" }; -+ -+static char *sftpumask; -+ - /* Name and directory of socket for authentication agent forwarding. */ - static char *auth_sock_name = NULL; - static char *auth_sock_dir = NULL; -@@ -974,6 +983,7 @@ - env = xmalloc(envsize * sizeof(char *)); - env[0] = NULL; - -+ - #ifdef HAVE_CYGWIN - /* - * The Windows environment contains some setting which are -@@ -1118,6 +1128,67 @@ - child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_sock_name); - -+ /* LOG_SFTP */ -+ if (options.log_sftp == -1 ) -+ child_set_env(&env, &envsize, "LOG_SFTP", "-1"); -+ else if (options.log_sftp == 0) -+ child_set_env(&env, &envsize, "LOG_SFTP", "0"); -+ else -+ child_set_env(&env, &envsize, "LOG_SFTP", "1"); -+ -+ /* SFTP_LOG_FACILITY */ -+ if (options.sftp_log_facility < 0) -+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", -+ "-1"); -+ else -+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY", -+ sysfac_to_int[options.sftp_log_facility]); -+ -+ /* SFTP_LOG_LEVEL */ -+ if (options.sftp_log_level < 0) -+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", -+ "-1"); -+ else -+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL", -+ syslevel_to_int[options.sftp_log_level]); -+ -+ /* SFTP_UMASK */ -+ -+ if (options.sftp_umask[0] == '\0') -+ child_set_env(&env, &envsize, "SFTP_UMASK", -+ "" ); -+ else { -+ if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) { -+ -+logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \ -+will be turned off."); -+ -+ child_set_env(&env, &envsize, "SFTP_UMASK", -+ "" ); -+ } else { -+ strncpy(sftpumask, options.sftp_umask, -+ SFTP_UMASK_LENGTH); -+ child_set_env(&env, &envsize, "SFTP_UMASK", -+ sftpumask ); -+ } -+ } -+ -+ /* SFTP_PERMIT_CHMOD */ -+ if (options.sftp_permit_chmod == -1 ) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1"); -+ else if (options.sftp_permit_chmod == 0) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0"); -+ else -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1"); -+ -+ /* SFTP_PERMIT_CHOWN */ -+ if (options.sftp_permit_chown == -1 ) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1"); -+ else if (options.sftp_permit_chown == 0) -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0"); -+ else -+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1"); -+ - /* read $HOME/.ssh/environment. */ - if (options.permit_user_env && !options.use_login) { - snprintf(buf, sizeof buf, "%.200s/.ssh/environment", -Only in openssh-3.9p1_sftp/: session.c.orig -diff -u openssh-3.9p1/sftp-server.8 openssh-3.9p1_sftp/sftp-server.8 ---- openssh-3.9p1/sftp-server.8 2003-10-15 05:50:43.000000000 +0000 -+++ openssh-3.9p1_sftp/sftp-server.8 2004-08-19 10:18:56.797256229 +0000 -@@ -42,12 +42,27 @@ - option. - See - .Xr sshd_config 5 -+for more information. Sftp-server transactions may be logged -+using the -+.Cm LogSftp , -+.Cm SftpLogFacility , -+and -+.Cm SftpLogLevel -+options. The administrator may exert control over the file and directory -+permission and ownership, with -+.Cm SftpUmask , -+.Cm SftpPermitChmod , -+and -+.Cm SftpPermitChown -+. See -+.Xr sshd_config 5 - for more information. - .Sh SEE ALSO - .Xr sftp 1 , - .Xr ssh 1 , - .Xr sshd_config 5 , --.Xr sshd 8 -+.Xr sshd 8, -+.Xr sshd_config 5 - .Rs - .%A T. Ylonen - .%A S. Lehtinen -diff -u openssh-3.9p1/sftp-server.c openssh-3.9p1_sftp/sftp-server.c ---- openssh-3.9p1/sftp-server.c 2004-07-17 04:07:42.000000000 +0000 -+++ openssh-3.9p1_sftp/sftp-server.c 2004-08-19 10:18:56.798255984 +0000 -@@ -31,6 +31,13 @@ - #define get_string(lenp) buffer_get_string(&iqueue, lenp); - #define TRACE debug - -+/* SFTP_UMASK */ -+static mode_t setumask = 0; -+ -+static int permit_chmod = 1; -+static int permit_chown = 1; -+static int permit_logging = 0; -+ - extern char *__progname; - - /* input and output queue */ -@@ -381,6 +388,14 @@ - a = get_attrib(); - flags = flags_from_portable(pflags); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; -+ -+ if (setumask != 0) { -+ if ( permit_logging == 1 ) -+ logit("setting file creation mode to 0666 and umask to %o", setumask); -+ mode = 0666; -+ umask(setumask); -+ } -+ - TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); - fd = open(name, flags, mode); - if (fd < 0) { -@@ -394,6 +409,8 @@ - status = SSH2_FX_OK; - } - } -+ if ( permit_logging == 1 ) -+ logit("open %s", name); - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(name); -@@ -430,6 +447,7 @@ - (u_int64_t)off, len); - if (len > sizeof buf) { - len = sizeof buf; -+ if ( permit_logging == 1 ) - logit("read change len %d", len); - } - fd = handle_to_fd(handle); -@@ -449,6 +467,8 @@ - } - } - } -+ if ( permit_logging == 1 ) -+ logit("reading file"); - if (status != SSH2_FX_OK) - send_status(id, status); - } -@@ -483,10 +503,13 @@ - } else if (ret == len) { - status = SSH2_FX_OK; - } else { -+ if ( permit_logging == 1 ) - logit("nothing at all written"); - } - } - } -+ if ( permit_logging == 1 ) -+ logit("writing file"); - send_status(id, status); - xfree(data); - } -@@ -579,24 +602,46 @@ - a = get_attrib(); - TRACE("setstat id %u name %s", id, name); - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { -+if ( permit_logging == 1 ) -+logit("process_setstat: truncate"); - ret = truncate(name, a->size); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { -- ret = chmod(name, a->perm & 0777); -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (permit_chmod == 1) { -+ ret = chmod(name, a->perm & 0777); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chmod'ed %s", name); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chmod %s: operation prohibited by sftp-server configuration.", name); -+ } - } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { -+if ( permit_logging == 1 ) -+logit("process_setstat: utimes"); - ret = utimes(name, attrib_to_tv(a)); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { -- ret = chown(name, a->uid, a->gid); -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (permit_chown == 1) { -+ ret = chown(name, a->uid, a->gid); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chown'ed %s.", name); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chown %s: operation prohibited by sftp-server configuration.", name); -+ } - } - send_status(id, status); - xfree(name); -@@ -611,6 +656,9 @@ - int status = SSH2_FX_OK; - char *name; - -+if ( permit_logging == 1 ) -+logit("process_fsetstat"); -+ - id = get_int(); - handle = get_handle(); - a = get_attrib(); -@@ -621,20 +669,33 @@ - status = SSH2_FX_FAILURE; - } else { - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { -+if ( permit_logging == 1 ) -+logit("process_fsetstat: ftruncate"); - ret = ftruncate(fd, a->size); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { -+ if (permit_chmod == 1) { - #ifdef HAVE_FCHMOD -- ret = fchmod(fd, a->perm & 0777); -+ ret = fchmod(fd, a->perm & 0777); - #else -- ret = chmod(name, a->perm & 0777); -+ ret = chmod(name, a->perm & 0777); - #endif -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chmod: succeeded."); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chmod: operation prohibited by sftp-server configuration."); -+ } - } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { -+if ( permit_logging == 1 ) -+logit("process_fsetstat: utimes"); - #ifdef HAVE_FUTIMES - ret = futimes(fd, attrib_to_tv(a)); - #else -@@ -644,13 +705,22 @@ - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { -+ if (permit_chown == 1) { - #ifdef HAVE_FCHOWN -- ret = fchown(fd, a->uid, a->gid); -+ ret = fchown(fd, a->uid, a->gid); - #else -- ret = chown(name, a->uid, a->gid); -+ ret = chown(name, a->uid, a->gid); - #endif -- if (ret == -1) -- status = errno_to_portable(errno); -+ if (ret == -1) -+ status = errno_to_portable(errno); -+ else -+ if ( permit_logging == 1 ) -+ logit("chown: succeeded"); -+ } else { -+ status = SSH2_FX_PERMISSION_DENIED; -+ if ( permit_logging == 1 ) -+ logit("chown: operation prohibited by sftp-server configuration."); -+ } - } - } - send_status(id, status); -@@ -680,6 +750,8 @@ - } - - } -+ if ( permit_logging == 1 ) -+ logit("opendir %s", path); - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(path); -@@ -753,6 +825,8 @@ - TRACE("remove id %u name %s", id, name); - ret = unlink(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; -+ if ( permit_logging == 1 ) -+ logit("remove file %s", name); - send_status(id, status); - xfree(name); - } -@@ -770,9 +844,19 @@ - a = get_attrib(); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? - a->perm & 0777 : 0777; -+ -+ if (setumask != 0) { -+ if ( permit_logging == 1 ) -+ logit("setting directory creation mode to 0777 and umask to %o.", setumask); -+ mode = 0777; -+ umask(setumask); -+ } -+ - TRACE("mkdir id %u name %s mode 0%o", id, name, mode); - ret = mkdir(name, mode); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; -+ if ( permit_logging == 1 ) -+ logit("mkdir %s", name); - send_status(id, status); - xfree(name); - } -@@ -789,6 +873,8 @@ - TRACE("rmdir id %u name %s", id, name); - ret = rmdir(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; -+ if ( permit_logging == 1 ) -+ logit("rmdir %s", name); - send_status(id, status); - xfree(name); - } -@@ -815,6 +901,8 @@ - s.name = s.long_name = resolvedname; - send_names(id, 1, &s); - } -+ if ( permit_logging == 1 ) -+ logit("realpath %s", path); - xfree(path); - } - -@@ -870,6 +958,8 @@ - status = SSH2_FX_OK; - } - send_status(id, status); -+ if ( permit_logging == 1 ) -+ logit("rename old %s new %s", oldpath, newpath); - xfree(oldpath); - xfree(newpath); - } -@@ -895,6 +985,8 @@ - s.name = s.long_name = buf; - send_names(id, 1, &s); - } -+ if ( permit_logging == 1 ) -+ logit("readlink %s", path); - xfree(path); - } - -@@ -913,6 +1005,8 @@ - ret = symlink(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); -+ if ( permit_logging == 1 ) -+ logit("symlink old %s new %s", oldpath, newpath); - xfree(oldpath); - xfree(newpath); - } -@@ -1034,6 +1128,8 @@ - { - fd_set *rset, *wset; - int in, out, max; -+ unsigned int val = 0; -+ char *umask_env; - ssize_t len, olen, set_size; - - /* XXX should use getopt */ -@@ -1041,10 +1137,53 @@ - __progname = ssh_get_progname(av[0]); - handle_init(); - -+ /* Transaction logging */ -+ -+ if (atoi(getenv("LOG_SFTP")) == 1) -+ { -+ permit_logging = 1; -+ log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")), -+ atoi(getenv("SFTP_LOG_FACILITY")), 0); -+ }; -+ -+ - #ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); - #endif - -+ if ( permit_logging == 1 ) -+ logit("Starting sftp-server logging for user %s.", getenv("USER")); -+ -+ /* Umask control */ -+ -+ umask_env = getenv("SFTP_UMASK"); -+ while (*umask_env && *umask_env >= '0' && *umask_env <= '9') -+ val = val * 8 + *umask_env++ - '0'; -+ -+ if (*umask_env || val > 0777 || val == 0) { -+ if ( permit_logging == 1 ) -+ logit("bad value %o for SFTP_UMASK, turning umask control off.", val); -+ setumask = 0; -+ } else { -+ if ( permit_logging == 1 ) -+ logit("umask control is on."); -+ setumask = val; -+ }; -+ -+ -+ /* Sensitive client commands */ -+ -+ if (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) { -+ permit_chmod = 0; -+ if ( permit_logging == 1 ) -+ logit("client is not permitted to chmod."); -+ }; -+ if (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) { -+ permit_chown = 0; -+ if ( permit_logging == 1 ) -+ logit("client is not permitted to chown."); -+ }; -+ - in = dup(STDIN_FILENO); - out = dup(STDOUT_FILENO); - -@@ -1087,6 +1226,8 @@ - len = read(in, buf, sizeof buf); - if (len == 0) { - debug("read eof"); -+ if ( permit_logging == 1 ) -+ logit("sftp-server finished."); - exit(0); - } else if (len < 0) { - error("read error"); -Only in openssh-3.9p1_sftp/: sftp-server.c.orig -diff -u openssh-3.9p1/sshd_config openssh-3.9p1_sftp/sshd_config ---- openssh-3.9p1/sshd_config 2004-05-24 00:36:24.000000000 +0000 -+++ openssh-3.9p1_sftp/sshd_config 2004-08-19 10:18:56.798255984 +0000 -@@ -101,3 +101,14 @@ - - # override default of no subsystems - Subsystem sftp /usr/libexec/sftp-server -+ -+# sftp-server logging -+#LogSftp no -+#SftpLogFacility AUTH -+#SftpLogLevel INFO -+ -+# sftp-server umask control -+#SftpUmask -+ -+#SftpPermitChmod yes -+#SftpPermitChown yes -diff -u openssh-3.9p1/sshd_config.5 openssh-3.9p1_sftp/sshd_config.5 ---- openssh-3.9p1/sshd_config.5 2004-06-30 12:39:34.000000000 +0000 -+++ openssh-3.9p1_sftp/sshd_config.5 2004-08-19 10:18:56.799255739 +0000 -@@ -407,6 +407,10 @@ - DEBUG and DEBUG1 are equivalent. - DEBUG2 and DEBUG3 each specify higher levels of debugging output. - Logging with a DEBUG level violates the privacy of users and is not recommended. -+.It Cm LogSftp -+Specifies whether to perform logging of -+.Nm sftp-server -+subsystem transactions. Must be "yes" or "no." The default value is "no." - .It Cm MACs - Specifies the available MAC (message authentication code) algorithms. - The MAC algorithm is used in protocol version 2 -@@ -567,6 +571,37 @@ - .It Cm ServerKeyBits - Defines the number of bits in the ephemeral protocol version 1 server key. - The minimum value is 512, and the default is 768. -+.It Cm SftpLogFacility -+Gives the facility code that is used when logging -+.Nm sftp-server . -+transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0, -+LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -+The default is AUTH. -+.It Cm SftpLogLevel -+Gives the verbosity level that is used when logging messages from -+.Nm sftp-server . -+The possible values are: -+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. -+The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 -+and DEBUG3 each specify higher levels of debugging output. -+Logging with a DEBUG level violates the privacy of users -+and is not recommended. -+.It Cm SftpPermitChmod -+Specifies whether the sftp-server allows the sftp client to execute chmod -+commands on the server. The default is yes. -+.It Cm SftpPermitChown -+Specifies whether the sftp-server allows the sftp client to execute chown -+or chgrp commands on the server. Turning this value on means that the client -+is allowed to execute both chown and chgrp commands. Turning it off means that -+the client is prohibited from executing either chown or chgrp. -+ The default is yes. -+.It Cm SftpUmask -+Specifies an optional umask for -+.Nm sftp-server -+subsystem transactions. If a umask is given, this umask will override all system, -+environment or sftp client permission modes. If -+no umask or an invalid umask is given, file creation mode defaults to the permission -+mode specified by the sftp client. The default is for no umask. - .It Cm StrictModes - Specifies whether - .Nm sshd -Only in openssh-3.9p1_sftp/: sshd_config.5.orig -Only in openssh-3.9p1_sftp/: sshd_config.orig -diff -u openssh-3.9p1/version.h openssh-3.9p1_sftp/version.h ---- openssh-3.9p1/version.h 2004-08-17 12:47:41.000000000 +0000 -+++ openssh-3.9p1_sftp/version.h 2004-08-19 10:18:56.799255739 +0000 -@@ -1,3 +1,3 @@ - /* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */ - --#define SSH_VERSION "OpenSSH_3.9p1" -+#define SSH_VERSION "OpenSSH_3.9p1+sftplogging-v1.2" -Only in openssh-3.9p1_sftp/: version.h.orig diff --git a/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2 Binary files differnew file mode 100644 index 000000000000..6cc73c31bda5 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2 diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch b/net-misc/openssh/files/openssh-3.9_p1-skey.patch deleted file mode 100644 index 133635574c8d..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-skey.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac 2004-02-24 21:07:25.510177659 +0000 -+++ configure.ac 2004-02-24 21:03:30.717786642 +0000 -@@ -721,7 +721,7 @@ - [ - #include <stdio.h> - #include <skey.h> --int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } -+int main() { char *ff = "true"; ff=""; exit(0); } - ], - [AC_MSG_RESULT(yes)], - [ diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 Binary files differnew file mode 100644 index 000000000000..2c403f8dc079 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 diff --git a/net-misc/openssh/files/openssh-skeychallenge-args.diff b/net-misc/openssh/files/openssh-skeychallenge-args.diff deleted file mode 100644 index 86d6e5d91e0b..000000000000 --- a/net-misc/openssh/files/openssh-skeychallenge-args.diff +++ /dev/null @@ -1,24 +0,0 @@ -diff -ruN openssh-3.7.1p2.orig/auth-skey.c openssh-3.7.1p2/auth-skey.c ---- openssh-3.7.1p2.orig/auth-skey.c 2002-07-04 01:14:18.000000000 +0100 -+++ openssh-3.7.1p2/auth-skey.c 2003-11-05 12:35:23.000000000 +0000 -@@ -47,7 +47,7 @@ - int len; - struct skey skey; - -- if (skeychallenge(&skey, authctxt->user, challenge) == -1) -+ if (skeychallenge(&skey, authctxt->user, challenge, sizeof challenge) == -1) - return -1; - - *name = xstrdup(""); -diff -ruN openssh-3.7.1p2.orig/monitor.c openssh-3.7.1p2/monitor.c ---- openssh-3.7.1p2.orig/monitor.c 2003-09-02 22:32:46.000000000 +0100 -+++ openssh-3.7.1p2/monitor.c 2003-11-05 12:36:03.000000000 +0000 -@@ -736,7 +736,7 @@ - char challenge[1024]; - u_int success; - -- success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; -+ success = skeychallenge(&skey, authctxt->user, challenge, sizeof challenge) < 0 ? 0 : 1; - - buffer_clear(m); - buffer_put_int(m, success); diff --git a/net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2 b/net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2 Binary files differnew file mode 100644 index 000000000000..21449c950471 --- /dev/null +++ b/net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2 |