diff options
| author | tv <tv@pkgsrc.org> | 2005-03-07 23:29:49 +0000 |
|---|---|---|
| committer | tv <tv@pkgsrc.org> | 2005-03-07 23:29:49 +0000 |
| commit | 71e2654fa31923b68daf2f28ba73fbe6ac59389a (patch) | |
| tree | a03e313a0a2d0cedf2ecfe5ea8233f81f07709f1 /security/openssh/patches/patch-aj | |
| parent | f0b56b8383535702298d13adc0856101aaf631a8 (diff) | |
| download | pkgsrc-71e2654fa31923b68daf2f28ba73fbe6ac59389a.tar.gz | |
nb5: Rework Interix support, based on work done by Interop Systems
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.
sshd now works. Most permissions checks work properly. Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).
Diffstat (limited to 'security/openssh/patches/patch-aj')
| -rw-r--r-- | security/openssh/patches/patch-aj | 67 |
1 files changed, 28 insertions, 39 deletions
diff --git a/security/openssh/patches/patch-aj b/security/openssh/patches/patch-aj index 03640845bd7..a76b5e4a3bc 100644 --- a/security/openssh/patches/patch-aj +++ b/security/openssh/patches/patch-aj @@ -1,42 +1,31 @@ -$NetBSD: patch-aj,v 1.5 2004/08/31 11:27:12 wiz Exp $ +$NetBSD: patch-aj,v 1.6 2005/03/07 23:29:50 tv Exp $ ---- ssh-keygen.c.orig 2004-07-17 08:12:08.000000000 +0200 -+++ ssh-keygen.c -@@ -622,6 +622,7 @@ do_change_passphrase(struct passwd *pw) - exit(0); - } +--- auth-rhosts.c.orig 2003-11-17 05:13:41.000000000 -0500 ++++ auth-rhosts.c +@@ -198,7 +198,7 @@ auth_rhosts2_raw(struct passwd *pw, cons + return 0; -+#ifndef __INTERIX - /* - * Print the SSHFP RR. - */ -@@ -651,6 +652,7 @@ do_print_resource_record(struct passwd * - printf("failed to read v2 public key from %s.\n", identity_file); - exit(1); - } -+#endif /* __INTERIX */ - - /* - * Change the comment of a private key file. -@@ -769,7 +771,9 @@ usage(void) - fprintf(stderr, " -C comment Provide new comment.\n"); - fprintf(stderr, " -N phrase Provide new passphrase.\n"); - fprintf(stderr, " -P phrase Provide old passphrase.\n"); -+#ifndef __INTERIX - fprintf(stderr, " -r hostname Print DNS resource record.\n"); -+#endif /* __INTERIX */ - #ifdef SMARTCARD - fprintf(stderr, " -D reader Download public key from smartcard.\n"); - fprintf(stderr, " -U reader Upload private key to smartcard.\n"); -@@ -957,7 +961,11 @@ main(int ac, char **av) - if (print_public) - do_print_public(pw); - if (resource_record_hostname != NULL) { -+#ifndef __INTERIX - do_print_resource_record(pw, resource_record_hostname); -+#else /* __INTERIX */ -+ fatal("no support for DNS."); -+#endif /* __INTERIX */ + /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ +- if (pw->pw_uid != 0) { ++ if (pw->pw_uid != ROOTUID) { + if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { + auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", +@@ -224,7 +224,7 @@ auth_rhosts2_raw(struct passwd *pw, cons + return 0; } - if (reader_id != NULL) { - #ifdef SMARTCARD + if (options.strict_modes && +- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || ++ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || + (st.st_mode & 022) != 0)) { + logit("Rhosts authentication refused for %.100s: " + "bad ownership or modes for home directory.", pw->pw_name); +@@ -251,7 +251,7 @@ auth_rhosts2_raw(struct passwd *pw, cons + * allowing access to their account by anyone. + */ + if (options.strict_modes && +- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || ++ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || + (st.st_mode & 022) != 0)) { + logit("Rhosts authentication refused for %.100s: bad modes for %.200s", + pw->pw_name, buf); |