Update to OpenSSH 2.2.0. This is an end-of-life update for the

ports-based OpenSSH. OpenSSH has been in the base system for more than long enough to justify not having to maintain two separate FreeBSD versions of OpenSSH.
author: green <green@FreeBSD.org> 2000-11-04 23:04:25 +0000
committer: green <green@FreeBSD.org> 2000-11-04 23:04:25 +0000
commit: 8ef147431e58d013aac39f7e9929ac763026c718 (patch)
tree: 1a25c6e4e3dd06cfbd5a805eccabe171cb225c14 /security/openssh/files
parent: 296f3b8b134fe5d5e8c468f860e016f62118d577 (diff)
download: FreeBSD-ports-8ef147431e58d013aac39f7e9929ac763026c718.zip
FreeBSD-ports-8ef147431e58d013aac39f7e9929ac763026c718.tar.gz
14 files changed, 107 insertions, 491 deletions
diff --git a/security/openssh/files/pam_ssh.c b/security/openssh/files/pam_ssh.c
index 7ee0788..4068baf 100644
--- a/security/openssh/files/pam_ssh.c
+++ b/security/openssh/files/pam_ssh.c
@@ -443,7 +443,7 @@ pam_sm_open_session(
 		env_destroy(ssh_env);
 		return PAM_SESSION_ERR;
 	}
-	retval = ssh_add_identity(ac, key.rsa, comment);
+	retval = ssh_add_identity(ac, &key, comment);
 	ssh_close_authentication_connection(ac);
 	env_swap(ssh_env, 0);
 	return retval ? PAM_SUCCESS : PAM_SESSION_ERR;
diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad
index 165f5ae..497f53d 100644
--- a/security/openssh/files/patch-ad
+++ b/security/openssh/files/patch-ad
@@ -1,12 +1,12 @@
---- lib/Makefile.orig	Wed May 17 01:20:16 2000
-+++ lib/Makefile	Tue Jun 20 16:14:06 2000
+--- lib/Makefile.orig	Sat Aug 19 17:34:44 2000
++++ lib/Makefile	Sat Nov  4 16:41:11 2000
 @@ -5,7 +5,12 @@
- 	cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
+ 	cipher.c compat.c compress.c crc32.c deattack.c \
  	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
  	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
--	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
-+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c \
-+	strlcat.c strlcpy.c
+-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c
++	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c \
++	strlcpy.c strlcat.c
 +
 +.if defined(COMPAT_GETADDRINFO)
 +SRCS+=	getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
diff --git a/security/openssh/files/patch-af b/security/openssh/files/patch-af
index 4e7ebf6..0c181dd 100644
--- a/security/openssh/files/patch-af
+++ b/security/openssh/files/patch-af
@@ -1,20 +1,11 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/scp/Makefile	Mon Oct 25 16:27:26 1999
-+++ ./scp/Makefile	Tue Nov 23 19:23:58 1999
-@@ -2,16 +2,9 @@
+--- scp/Makefile.orig	Thu Jun 29 14:35:46 2000
++++ scp/Makefile	Sat Nov  4 16:44:18 2000
+@@ -5,8 +5,8 @@
+ 
+ BINMODE?=555
  
- PROG=	scp
- BINOWN=	root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
--	${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
 -BINDIR=	/usr/bin
 -MAN=	scp.1
-+BINMODE=555
 +BINDIR=	/bin
 +MAN1=	scp.1
  
diff --git a/security/openssh/files/patch-ag b/security/openssh/files/patch-ag
index d917027..366125f 100644
--- a/security/openssh/files/patch-ag
+++ b/security/openssh/files/patch-ag
@@ -1,26 +1,17 @@
---- ssh/Makefile.orig	Wed Apr 26 17:31:58 2000
-+++ ssh/Makefile	Sun Jul 30 15:09:14 2000
-@@ -2,16 +2,10 @@
+--- ssh/Makefile.orig	Thu Jun 29 14:35:47 2000
++++ ssh/Makefile	Sat Nov  4 16:58:41 2000
+@@ -5,8 +5,8 @@
  
- PROG=	ssh
- BINOWN=	root
-+BINMODE=4555
-+BINDIR=	/bin
-+MAN1=	ssh.1
+ BINMODE?=4555
  
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
--	${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=4555
--.endif
--
 -BINDIR=	/usr/bin
 -MAN=	ssh.1
++BINDIR=	/bin
++MAN1=	ssh.1
  LINKS=	${BINDIR}/ssh ${BINDIR}/slogin
  MLINKS=	ssh.1 slogin.1
  
-@@ -19,10 +13,11 @@
+@@ -14,10 +14,11 @@
  	sshconnect.c sshconnect1.c sshconnect2.c
  
  .include <bsd.own.mk> # for AFS
@@ -34,7 +25,7 @@
  DPADD+=	 ${LIBKRB}
  .if (${AFS} == "yes")
  CFLAGS+= -DAFS
-@@ -32,6 +27,7 @@
+@@ -27,6 +28,7 @@
  .endif # KERBEROS
  
  .include <bsd.prog.mk>
diff --git a/security/openssh/files/patch-ah b/security/openssh/files/patch-ah
index 95b32a3..a31814e 100644
--- a/security/openssh/files/patch-ah
+++ b/security/openssh/files/patch-ah
@@ -1,20 +1,11 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-add/Makefile	Wed Oct 27 12:54:48 1999
-+++ ./ssh-add/Makefile	Tue Nov 23 19:26:48 1999
-@@ -2,20 +2,13 @@
+--- ssh-add/Makefile.orig	Thu Jun 29 14:35:47 2000
++++ ssh-add/Makefile	Sat Nov  4 17:01:50 2000
+@@ -5,12 +5,12 @@
+ 
+ BINMODE?=555
  
- PROG=	ssh-add
- BINOWN=	root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
--	${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
 -BINDIR=	/usr/bin
 -MAN=	ssh-add.1
-+BINMODE=555
 +BINDIR=	/bin
 +MAN1=	ssh-add.1
  
diff --git a/security/openssh/files/patch-ai b/security/openssh/files/patch-ai
index 519c4e7..ed25eab 100644
--- a/security/openssh/files/patch-ai
+++ b/security/openssh/files/patch-ai
@@ -1,21 +1,13 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-agent/Makefile	Wed Oct 27 12:54:49 1999
-+++ ./ssh-agent/Makefile	Tue Nov 23 19:27:38 1999
-@@ -2,20 +2,13 @@
+--- ssh-agent/Makefile.orig	Thu Jun 29 14:35:48 2000
++++ ssh-agent/Makefile	Sat Nov  4 17:06:34 2000
+@@ -5,12 +5,12 @@
+ 
+ BINMODE?=555
  
- PROG=	ssh-agent
- BINOWN=	root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
--	${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
 -BINDIR=	/usr/bin
-+BINMODE=555
+-MAN=	ssh-agent.1
 +BINDIR=	/bin
- MAN=	ssh-agent.1
++MAN1=	ssh-agent.1
  
  SRCS=	ssh-agent.c log-client.c
  
diff --git a/security/openssh/files/patch-aj b/security/openssh/files/patch-aj
index 9f9c0fc..d48741d 100644
--- a/security/openssh/files/patch-aj
+++ b/security/openssh/files/patch-aj
@@ -1,21 +1,13 @@
---- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen/Makefile	Wed Oct 27 12:54:49 1999
-+++ ./ssh-keygen/Makefile	Tue Nov 23 19:28:07 1999
-@@ -2,20 +2,13 @@
+--- ssh-keygen/Makefile.orig	Thu Jun 29 14:35:48 2000
++++ ssh-keygen/Makefile	Sat Nov  4 17:06:49 2000
+@@ -5,12 +5,12 @@
+ 
+ BINMODE?=555
  
- PROG=	ssh-keygen
- BINOWN=	root
--
--.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \
--	${MACHINE_ARCH} == "hppa")
--BINMODE=0000
--.else
--BINMODE?=555
--.endif
--
 -BINDIR=	/usr/bin
-+BINMODE=555
+-MAN=	ssh-keygen.1
 +BINDIR=	/bin
- MAN=	ssh-keygen.1
++MAN1=	ssh-keygen.1
  
  SRCS=	ssh-keygen.c log-client.c
  
diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am
index fee853e..8c88701 100644
--- a/security/openssh/files/patch-am
+++ b/security/openssh/files/patch-am
@@ -1,6 +1,6 @@
---- sshd/Makefile.orig	Wed Apr 26 17:31:57 2000
-+++ sshd/Makefile	Sun Jul 30 15:09:25 2000
-@@ -3,14 +3,15 @@
+--- sshd/Makefile.orig	Sun Aug 20 14:42:41 2000
++++ sshd/Makefile	Sat Nov  4 17:08:36 2000
+@@ -3,8 +3,8 @@
  PROG=	sshd
  BINOWN=	root
  BINMODE=555
@@ -8,17 +8,18 @@
 -MAN=	sshd.8
 +BINDIR=	/sbin
 +MAN8=	sshd.8
+ CFLAGS+=-DHAVE_LOGIN_CAP
  
  SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
- 	pty.c log-server.c login.c servconf.c serverloop.c \
- 	auth.c auth1.c auth2.c session.c
+@@ -12,6 +12,7 @@
+ 	auth.c auth1.c auth2.c auth-options.c session.c
  
  .include <bsd.own.mk> # for KERBEROS and AFS
 +.include "../Makefile.inc"
  
  .if (${KERBEROS} == "yes")
  .if (${AFS} == "yes")
-@@ -18,9 +19,9 @@
+@@ -19,9 +20,9 @@
  LDADD+=  -lkafs
  DPADD+=  ${LIBKRBAFS}
  .endif # AFS
@@ -30,7 +31,7 @@
  DPADD+=	 ${LIBKRB}
  .endif # KERBEROS
  
-@@ -30,7 +31,7 @@
+@@ -31,7 +32,7 @@
  
  .include <bsd.prog.mk>
  
diff --git a/security/openssh/files/patch-an b/security/openssh/files/patch-an
index 47a60fb..b26ba76 100644
--- a/security/openssh/files/patch-an
+++ b/security/openssh/files/patch-an
@@ -14,104 +14,3 @@
  #ifndef O_NOCTTY
  #define O_NOCTTY	0
  #endif
-@@ -134,6 +141,32 @@
- unsigned char *session_id2 = NULL;
- int session_id2_len = 0;
- 
-+/* These are used to implement connections_per_period. */
-+struct magic_connection {
-+		struct timeval connections_begin;
-+		unsigned int connections_this_period;
-+} *magic_connections;
-+/* Magic number, too!  TODO: this doesn't have to be static. */
-+const size_t MAGIC_CONNECTIONS_SIZE = 1;
-+
-+static __inline int
-+magic_hash(struct sockaddr_storage *sa) {
-+
-+	return 0;
-+}
-+
-+static __inline struct timeval
-+timevaldiff(struct timeval *tv1, struct timeval *tv2) {
-+	struct timeval diff;
-+	int carry;
-+
-+	carry = tv1->tv_usec > tv2->tv_usec;
-+	diff.tv_sec = tv2->tv_sec - tv1->tv_sec - (carry ? 0 : 1);
-+	diff.tv_usec = tv2->tv_usec - tv1->tv_usec + (carry ? 1000000 : 0);
-+
-+	return diff;
-+}
-+
- /* Prototypes for various functions defined later in this file. */
- void do_ssh1_kex();
- void do_ssh2_kex();
-@@ -418,6 +451,7 @@
- 	int opt, sock_in = 0, sock_out = 0, newsock, i, fdsetsz, on = 1;
- 	pid_t pid;
- 	socklen_t fromlen;
-+ 	int connections_per_period_exceeded = 0;
- 	int silent = 0;
- 	fd_set *fdset;
- 	struct sockaddr_storage from;
-@@ -763,6 +797,12 @@
- 		fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
- 		fdset = (fd_set *)xmalloc(fdsetsz);
- 
-+		/* Initialize the magic_connections table.  It's magical! */
-+		magic_connections = calloc(MAGIC_CONNECTIONS_SIZE,
-+		    sizeof(struct magic_connection));
-+		if (magic_connections == NULL)
-+			fatal("calloc: %s", strerror(errno));
-+
- 		/*
- 		 * Stay listening for connections until the system crashes or
- 		 * the daemon is killed with a signal.
-@@ -794,9 +834,31 @@
- 				error("newsock del O_NONBLOCK: %s", strerror(errno));
- 				continue;
- 			}
-+			if (options.connections_per_period != 0) {
-+				struct timeval diff, connections_end;
-+				struct magic_connection *mc;
-+
-+				(void)gettimeofday(&connections_end, NULL);
-+				mc = &magic_connections[magic_hash(&from)];
-+				diff = timevaldiff(&mc->connections_begin, &connections_end);
-+				if (diff.tv_sec >= options.connections_period) {
-+					/*
-+					 * Slide the window forward only after completely
-+					 * leaving it.
-+					 */
-+					mc->connections_begin = connections_end;
-+					mc->connections_this_period = 1;
-+				} else {
-+					if (++mc->connections_this_period >
-+					    options.connections_per_period)
-+						connections_per_period_exceeded = 1;
-+				}
-+			}
-+					
- 			/*
--			 * Got connection.  Fork a child to handle it, unless
--			 * we are in debugging mode.
-+			 * Got connection.  Fork a child to handle it unless
-+			 * we are in debugging mode or the maximum number of
-+			 * connections per period has been exceeded.
- 			 */
- 			if (debug_flag) {
- 				/*
-@@ -810,6 +872,12 @@
- 				sock_out = newsock;
- 				pid = getpid();
- 				break;
-+			} else if (connections_per_period_exceeded) {
-+				log("Connection rate limit of %u/%us has been exceeded; "
-+				    "dropping connection from %s.",
-+				    options.connections_per_period, options.connections_period,
-+				    ntop);
-+				connections_per_period_exceeded = 0;
- 			} else {
- 				/*
- 				 * Normal production daemon.  Fork, and have
diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao
index 0e5eac8..96aaa0d 100644
--- a/security/openssh/files/patch-ao
+++ b/security/openssh/files/patch-ao
@@ -1,20 +1,29 @@
---- sshd_config.orig	Fri Jan  7 01:27:30 2000
-+++ sshd_config	Fri Jan  7 01:31:01 2000
-@@ -3,12 +3,13 @@
- Port 22
+--- sshd_config.orig	Fri Aug  4 16:30:35 2000
++++ sshd_config	Sat Nov  4 17:32:28 2000
+@@ -4,12 +4,11 @@
+ #Protocol 2,1
  #ListenAddress 0.0.0.0
  #ListenAddress ::
 -HostKey /etc/ssh_host_key
-+HostKey __PREFIX__/etc/ssh_host_key
++HostKey /usr/local/etc/ssh_host_key
  ServerKeyBits 768
 -LoginGraceTime 600
-+LoginGraceTime 60
++LoginGraceTime 120
  KeyRegenerationInterval 3600
 -PermitRootLogin yes
 -#
 +PermitRootLogin no
-+# Rate-limit sshd connections to 5 connections per 10 seconds
-+ConnectionsPerPeriod 5/10
  # Don't read ~/.rhosts and ~/.shosts files
  IgnoreRhosts yes
  # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+@@ -48,7 +47,7 @@
+ #KerberosTgtPassing yes
+ 
+ #CheckMail yes
+-#UseLogin no
++UseLogin no
+ 
+-#Subsystem	sftp	/usr/local/sbin/sftpd
+-#MaxStartups 10:30:60
++Subsystem	sftp	/usr/local/sbin/sftpd
++MaxStartups 10:30:60
diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ap
deleted file mode 100644
index d3c63be..0000000
--- a/security/openssh/files/patch-ap
+++ /dev/null
@@ -1,63 +0,0 @@
---- servconf.c.orig	Tue May  9 02:12:15 2000
-+++ servconf.c	Fri May 12 07:13:13 2000
-@@ -74,6 +74,8 @@
- 	options->ciphers = NULL;
- 	options->protocol = SSH_PROTO_UNKNOWN;
- 	options->gateway_ports = -1;
-+ 	options->connections_per_period = 0;
-+ 	options->connections_period = 0;
- }
- 
- void
-@@ -172,7 +174,7 @@
- #ifdef SKEY
- 	sSkeyAuthentication,
- #endif
--	sPasswordAuthentication, sListenAddress,
-+	sPasswordAuthentication, sListenAddress, sConnectionsPerPeriod,
- 	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
- 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
- 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-@@ -231,6 +233,7 @@
- 	{ "ciphers", sCiphers },
- 	{ "protocol", sProtocol },
- 	{ "gatewayports", sGatewayPorts },
-+ 	{ "connectionsperperiod", sConnectionsPerPeriod },
- 	{ NULL, 0 }
- };
- 
-@@ -340,7 +343,11 @@
- 					filename, linenum);
- 				exit(1);
- 			}
--			value = atoi(cp);
-+			if (sscanf(cp, " %d ", &value) != 1) {
-+				fprintf(stderr, "%s line %d: invalid integer value.\n",
-+					filename, linenum);
-+				exit(1);
-+			}
- 			if (*intptr == -1)
- 				*intptr = value;
- 			break;
-@@ -584,6 +591,21 @@
- 					    filename, linenum);
- 				options->deny_groups[options->num_deny_groups++] = xstrdup(cp);
- 			}
-+			break;
-+
-+		case sConnectionsPerPeriod:
-+			cp = strtok(NULL, WHITESPACE);
-+			if (cp == NULL)
-+				fatal("%.200s line %d: missing (>= 0) number argument.\n",
-+					filename, linenum);
-+			if (sscanf(cp, " %u/%u ", &options->connections_per_period,
-+			    &options->connections_period) != 2)
-+				fatal("%.200s line %d: invalid numerical argument(s).\n",
-+				    filename, linenum);
-+			if (options->connections_per_period != 0 &&
-+			    options->connections_period == 0)
-+				fatal("%.200s line %d: invalid connections period.\n",
-+				    filename, linenum);
- 			break;
- 
- 		case sCiphers:
diff --git a/security/openssh/files/patch-ar b/security/openssh/files/patch-ar
index 2795e96..18d5e5d 100644
--- a/security/openssh/files/patch-ar
+++ b/security/openssh/files/patch-ar
@@ -1,37 +1,5 @@
 --- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd.8	Tue Nov 23 18:58:38 1999
 +++ sshd.8	Sun Dec  5 22:59:58 1999
-@@ -220,6 +220,31 @@
- should check for new mail for interactive logins.
- The default is
- .Dq no .
-+.It Cm ConnectionsPerPeriod
-+This keyword allows for rate-limiting of connections, and
-+is followed by two numbers in the format
-+.Dq n/s ,
-+where
-+.Ar n
-+is the number of connections from a certain address group
-+accepted per period of
-+.Ar s
-+seconds.  Any connection after the number
-+.Ar n
-+connection in the period of
-+.Ar s
-+seconds will be dropped, and an informational message will be logged.
-+A connection will belong to a certain group, of which there are 13
-+by default, according to its IP address.
-+The default for this keyword is
-+.Dq 0/0 ,
-+and rate-limiting can be explicitly turned off by using an
-+.Ar n
-+parameter of
-+.Ql 0
-+and any
-+.Ar s
-+parameter.
- .It Cm DenyGroups
- This keyword can be followed by a number of group names, separated
- by spaces.  Users whose primary group matches one of the patterns
 @@ -453,8 +478,9 @@
  If the login is on a tty, records login time.
  .It
diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au
index f0076dd..82de581 100644
--- a/security/openssh/files/patch-au
+++ b/security/openssh/files/patch-au
@@ -1,25 +1,20 @@
---- session.c.orig	Mon Jun  5 12:53:40 2000
-+++ session.c	Tue Jun 20 16:20:37 2000
-@@ -27,6 +27,18 @@
- #include "ssh2.h"
+--- session.c.orig	Sun Aug 27 23:50:54 2000
++++ session.c	Sat Nov  4 17:39:43 2000
+@@ -28,6 +28,13 @@
  #include "auth.h"
+ #include "auth-options.h"
  
 +#ifdef __FreeBSD__
 +#include <libutil.h>
 +#include <poll.h>
 +#include <syslog.h>
 +#include <time.h>
-+#define LOGIN_CAP
 +#endif /* __FreeBSD__ */
 +
-+#ifdef LOGIN_CAP
-+#include <login_cap.h>
-+#endif /* LOGIN_CAP */
-+
- /* types */
- 
- #define TTYSZ 64
-@@ -401,6 +413,13 @@
+ #ifdef HAVE_LOGIN_CAP
+ #include <login_cap.h>
+ #endif
+@@ -413,6 +420,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -33,35 +28,8 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -502,6 +521,10 @@
- 	struct sockaddr_storage from;
- 	struct stat st;
- 	time_t last_login_time;
-+#ifdef LOGIN_CAP
-+	login_cap_t *lc;
-+	char *fname;
-+#endif /* LOGIN_CAP */
- 
- 	if (s == NULL)
- 		fatal("do_exec_pty: no session");
-@@ -511,15 +534,6 @@
- 	/* Get remote host name. */
- 	hostname = get_canonical_hostname();
- 
--	/*
--	 * Get the time when the user last logged in.  Buf will be set to
--	 * contain the hostname the last login was from.
--	 */
--	if (!options.use_login) {
--		last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name,
--						      buf, sizeof(buf));
--	}
--
- 	/* Fork the child. */
- 	if ((pid = fork()) == 0) {
- 		pid = getpid();
-@@ -528,6 +542,22 @@
- 		   changed. */
+@@ -516,6 +530,13 @@
+ 		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
 +		/*
@@ -71,154 +39,39 @@
 +		if (command != NULL)
 +			options.use_login = 0;
 +		
-+		/*
-+		 * Get the time when the user last logged in.  Buf will be set
-+		 * to * contain the hostname the last login was from.
-+		 */
-+		if (!options.use_login) {
-+			last_login_time = get_last_login_time(pw->pw_uid,
-+			    pw->pw_name, buf, sizeof(buf));
-+		}
-+
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -571,6 +601,12 @@
- 		/* Check if .hushlogin exists. */
- 		snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
- 		quiet_login = stat(line, &st) >= 0;
-+#ifdef LOGIN_CAP
-+		lc = login_getpwclass(pw);
-+		if (lc == NULL)
-+			lc = login_getclassbyname(NULL, pw);
-+		quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
-+#endif /* LOGIN_CAP */
- 
- 		/*
- 		 * If the user has logged in before, display the time of last
-@@ -594,6 +630,20 @@
- 			else
- 				printf("Last login: %s from %s\r\n", time_string, buf);
- 		}
-+#ifdef LOGIN_CAP
-+		if (command == NULL && !quiet_login && !options.use_login) {
-+			fname = login_getcapstr(lc, "copyright", NULL, NULL);
-+			if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
-+				while (fgets(line, sizeof(line), f) != NULL)
-+					fputs(line, stdout);
-+				fclose(f);
-+			} else
-+				(void)printf("%s\n\t%s %s\n",
-+		"Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
-+		    "The Regents of the University of California. ",
-+		    "All rights reserved.");
-+		}
-+#endif /* LOGIN_CAP */
- 		/*
- 		 * Print /etc/motd unless a command was specified or printing
- 		 * it was disabled in server options or login(1) will be
-@@ -603,7 +653,18 @@
- 		if (command == NULL && options.print_motd && !quiet_login &&
- 		    !options.use_login) {
- 			/* Print /etc/motd if it exists. */
-+#ifdef LOGIN_CAP
-+			fname = login_getcapstr(lc, "welcome", NULL, NULL);
-+			login_close(lc);
-+			if (fname != NULL) {
-+				f = fopen(fname, "r");
-+				if (f == NULL)
-+					f = fopen("/etc/motd", "r");
-+			} else
-+				f = fopen("/etc/motd", "r");
-+#else /* LOGIN_CAP */
- 			f = fopen("/etc/motd", "r");
-+#endif /* LOGIN_CAP */
- 			if (f) {
- 				while (fgets(line, sizeof(line), f))
- 					fputs(line, stdout);
-@@ -746,13 +807,29 @@
- 	extern char **environ;
- 	struct stat st;
- 	char *argv[10];
-+#ifdef LOGIN_CAP
-+ 	login_cap_t *lc;
-+ 
-+ 	lc = login_getpwclass(pw);
-+ 	if (lc == NULL)
-+ 		lc = login_getclassbyname(NULL, pw);
-+ #endif /* LOGIN_CAP */
- 
- 	/* login(1) is only called if we execute the login shell */
- 	if (options.use_login && command != NULL)
- 		options.use_login = 0;
- 
- 	f = fopen("/etc/nologin", "r");
-+#ifdef __FreeBSD__
-+	if (f == NULL)
-+		f = fopen("/var/run/nologin", "r");
-+#endif /* __FreeBSD__ */
-+#ifdef LOGIN_CAP
-+	/* on FreeBSD, etc., allow overriding nologin via login.conf. */
-+	if (f != NULL && !login_getcapbool(lc, "ignorenologin", 0)) {
-+#else /* LOGIN_CAP */
- 	if (f) {
-+#endif /* LOGIN_CAP */
- 		/* /etc/nologin exists.  Print its contents and exit. */
- 		while (fgets(buf, sizeof(buf), f))
- 			fputs(buf, stderr);
-@@ -768,6 +845,13 @@
- 	/* Login(1) does this as well, and it needs uid 0 for the "-h"
- 	   switch, so we let login(1) to this for us. */
- 	if (!options.use_login) {
-+#ifdef LOGIN_CAP
-+		if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY |
-+		    LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) {
-+			perror("setclasscontext");
-+			exit(1);
-+		}
-+#endif /* LOGIN_CAP */
- 		if (getuid() == 0 || geteuid() == 0) {
- 			if (setgid(pw->pw_gid) < 0) {
- 				perror("setgid");
-@@ -790,7 +874,14 @@
- 	 * Get the shell from the password data.  An empty shell field is
- 	 * legal, and means /bin/sh.
- 	 */
-+#ifdef LOGIN_CAP
-+	shell = pw->pw_shell;
-+	shell = login_getcapstr(lc, "shell", shell, shell);
-+	if (shell[0] == '\0')
-+		shell = _PATH_BSHELL;
-+#else /* LOGIN_CAP */
- 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
-+#endif /* LOGIN_CAP */
- 
- #ifdef AFS
- 	/* Try to get AFS tokens for the local cell. */
-@@ -814,7 +905,12 @@
- 		child_set_env(&env, &envsize, "USER", pw->pw_name);
- 		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
- 		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
-+#ifdef LOGIN_CAP
-+		child_set_env(&env, &envsize, "PATH",
-+		    login_getpath(lc, "path", _PATH_STDPATH));
-+#else /* LOGIN_CAP */
- 		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-+#endif /* LOGIN_CAP */
- 
- 		snprintf(buf, sizeof buf, "%.200s/%.50s",
- 			 _PATH_MAILDIR, pw->pw_name);
-@@ -904,6 +1000,9 @@
- 	 * descriptors left by system functions.  They will be closed later.
- 	 */
- 	endpwent();
-+#ifdef LOGIN_CAP
-+	login_close(lc);
-+#endif /* LOGIN_CAP */
+@@ -602,6 +623,7 @@
+ 	time_t last_login_time;
+ 	struct passwd * pw = s->pw;
+ 	pid_t pid = getpid();
++	char *fname;
  
  	/*
- 	 * Close any extra open file descriptors so that we don\'t have them
-@@ -911,7 +1010,7 @@
+ 	 * Get IP address of client. If the connection is not a socket, let
+@@ -644,6 +666,20 @@
+ 		else
+ 			printf("Last login: %s from %s\r\n", time_string, buf);
+ 	}
++#ifdef HAVE_LOGIN_CAP
++	if (!options.use_login) {
++		fname = login_getcapstr(lc, "copyright", NULL, NULL);
++		if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
++			while (fgets(buf, sizeof(buf), f) != NULL)
++				fputs(buf, stdout);
++			fclose(f);
++		} else
++			(void)printf("%s\n\t%s %s\n",
++	"Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
++	    "The Regents of the University of California. ",
++	    "All rights reserved.");
++	}
++#endif /* HAVE_LOGIN_CAP */
+ 	if (options.print_motd) {
+ #ifdef HAVE_LOGIN_CAP
+ 		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
+@@ -949,7 +985,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -227,7 +80,7 @@
  		close(i);
  
  	/* Change current directory to the user\'s home directory. */
-@@ -930,7 +1029,27 @@
+@@ -973,7 +1009,27 @@
  	 * in this order).
  	 */
  	if (!options.use_login) {
diff --git a/security/openssh/files/patch-av b/security/openssh/files/patch-av
index d781357..146643a 100644
--- a/security/openssh/files/patch-av
+++ b/security/openssh/files/patch-av
@@ -1,18 +1,10 @@
---- auth.c.orif	Thu Apr 20 17:21:58 2000
-+++ auth.c	Thu Apr 20 17:50:06 2000
-@@ -26,7 +26,6 @@
- #include "session.h"
- #include "dispatch.h"
- 
--
- /* import */
- extern ServerOptions options;
- extern char *forced_command;
-@@ -106,6 +105,16 @@
+--- auth.c.orig	Sat Nov  4 17:30:17 2000
++++ auth.c	Sat Nov  4 17:29:00 2000
+@@ -111,6 +111,16 @@
  				return 0;
  		}
  	}
-+#ifdef __FreeBSD__
++#ifdef __FreeBSD__  
 +	/* Fail if the account's expiration time has passed. */
 +	if (pw->pw_expire != 0) {
 +		struct timeval tv;
author	green <green@FreeBSD.org>	2000-11-04 23:04:25 +0000
committer	green <green@FreeBSD.org>	2000-11-04 23:04:25 +0000
commit	8ef147431e58d013aac39f7e9929ac763026c718 (patch)
tree	1a25c6e4e3dd06cfbd5a805eccabe171cb225c14 /security/openssh/files
parent	296f3b8b134fe5d5e8c468f860e016f62118d577 (diff)
download	FreeBSD-ports-8ef147431e58d013aac39f7e9929ac763026c718.zip FreeBSD-ports-8ef147431e58d013aac39f7e9929ac763026c718.tar.gz