diff options
author | des <des@FreeBSD.org> | 2004-04-20 09:35:04 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2004-04-20 09:35:04 +0000 |
commit | c69db9c5a2d88a51f8d2394cf37717ba93f07152 (patch) | |
tree | aaca3b36adea134d5ba39fa7c38bf759a9ef49c6 /crypto/openssh/contrib/caldera | |
parent | 7d1750f1d6c24163bf22790f8527f1783315c5e7 (diff) | |
download | FreeBSD-src-c69db9c5a2d88a51f8d2394cf37717ba93f07152.zip FreeBSD-src-c69db9c5a2d88a51f8d2394cf37717ba93f07152.tar.gz |
Vendor import of OpenSSH 3.8.1p1.
Diffstat (limited to 'crypto/openssh/contrib/caldera')
-rw-r--r-- | crypto/openssh/contrib/caldera/openssh.spec | 366 | ||||
-rwxr-xr-x | crypto/openssh/contrib/caldera/ssh-host-keygen | 36 | ||||
-rwxr-xr-x | crypto/openssh/contrib/caldera/sshd.init | 125 | ||||
-rw-r--r-- | crypto/openssh/contrib/caldera/sshd.pam | 8 |
4 files changed, 535 insertions, 0 deletions
diff --git a/crypto/openssh/contrib/caldera/openssh.spec b/crypto/openssh/contrib/caldera/openssh.spec new file mode 100644 index 0000000..e690f10 --- /dev/null +++ b/crypto/openssh/contrib/caldera/openssh.spec @@ -0,0 +1,366 @@ + +# Some of this will need re-evaluation post-LSB. The SVIdir is there +# because the link appeared broken. The rest is for easy compilation, +# the tradeoff open to discussion. (LC957) + +%define SVIdir /etc/rc.d/init.d +%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} +%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} + +%define _mandir %{_prefix}/share/man/en +%define _sysconfdir /etc/ssh +%define _libexecdir %{_libdir}/ssh + +# Do we want to disable root_login? (1=yes 0=no) +%define no_root_login 0 + +#old cvs stuff. please update before use. may be deprecated. +%define use_stable 1 +%if %{use_stable} + %define version 3.8.1p1 + %define cvs %{nil} + %define release 1 +%else + %define version 3.8.1p1 + %define cvs cvs20011009 + %define release 0r1 +%endif +%define xsa x11-ssh-askpass +%define askpass %{xsa}-1.2.4.1 + +# OpenSSH privilege separation requires a user & group ID +%define sshd_uid 67 +%define sshd_gid 67 + +Name : openssh +Version : %{version}%{cvs} +Release : %{release} +Group : System/Network + +Summary : OpenSSH free Secure Shell (SSH) implementation. +Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). +Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). +Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). +Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. +Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). +Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH). + +Copyright : BSD +Packager : Raymund Will <ray@caldera.de> +URL : http://www.openssh.com/ + +Obsoletes : ssh, ssh-clients, openssh-clients + +BuildRoot : /tmp/%{name}-%{version} +BuildRequires : XFree86-imake + +# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable +# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs +Source0: see-above:/.../openssh-%{version}.tar.gz +%if %{use_stable} +Source1: see-above:/.../openssh-%{version}.tar.gz.sig +%endif +Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz +Source3: http://www.openssh.com/faq.html + +%Package server +Group : System/Network +Requires : openssh = %{version} +Obsoletes : ssh-server + +Summary : OpenSSH Secure Shell protocol server (sshd). +Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). +Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). +Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). +Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). +Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). +Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). + + +%Package askpass +Group : System/Network +Requires : openssh = %{version} +URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/ +Obsoletes : ssh-extras + +Summary : OpenSSH X11 pass-phrase dialog. +Summary(de) : OpenSSH X11 Passwort-Dialog. +Summary(es) : Aplicación de petición de frase clave OpenSSH X11. +Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. +Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. +Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. +Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH. + + +%Description +OpenSSH (Secure Shell) provides access to a remote system. It replaces +telnet, rlogin, rexec, and rsh, and provides secure encrypted +communications between two untrusted hosts over an insecure network. +X11 connections and arbitrary TCP/IP ports can also be forwarded over +the secure channel. + +%Description -l de +OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt +telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte +Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres +Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso +über den sicheren Channel weitergeleitet werden. + +%Description -l es +OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a +telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas +entre dos equipos entre los que no se ha establecido confianza a través de una +red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden +ser canalizadas sobre el canal seguro. + +%Description -l fr +OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace +telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées +securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des +connexions X11 et des ports TCP/IP arbitraires peuvent également être +transmis sur le canal sécurisé. + +%Description -l it +OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. +Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure +e crittate tra due host non fidati su una rete non sicura. Le connessioni +X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso +un canale sicuro. + +%Description -l pt +OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o +telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas +entre duas máquinas sem confiança mútua sobre uma rede insegura. +Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados +pelo canal seguro. + +%Description -l pt_BR +O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o +telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas +entre duas máquinas sem confiança mútua sobre uma rede insegura. +Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas +pelo canal seguro. + +%Description server +This package installs the sshd, the server portion of OpenSSH. + +%Description -l de server +Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. + +%Description -l es server +Este paquete instala sshd, la parte servidor de OpenSSH. + +%Description -l fr server +Ce paquetage installe le 'sshd', partie serveur de OpenSSH. + +%Description -l it server +Questo pacchetto installa sshd, il server di OpenSSH. + +%Description -l pt server +Este pacote intala o sshd, o servidor do OpenSSH. + +%Description -l pt_BR server +Este pacote intala o sshd, o servidor do OpenSSH. + +%Description askpass +This package contains an X11-based pass-phrase dialog used per +default by ssh-add(1). It is based on %{askpass} +by Jim Knoble <jmknoble@pobox.com>. + + +%Prep +%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 +%if ! %{use_stable} + autoreconf +%endif + + +%Build +CFLAGS="$RPM_OPT_FLAGS" \ +%configure \ + --with-pam \ + --with-tcp-wrappers \ + --with-privsep-path=%{_var}/empty/sshd \ + #leave this line for easy edits. + +%__make CFLAGS="$RPM_OPT_FLAGS" + +cd %{askpass} +%configure \ + #leave this line for easy edits. + +xmkmf +%__make includes +%__make + + +%Install +[ %{buildroot} != "/" ] && rm -rf %{buildroot} + +make install DESTDIR=%{buildroot} +%makeinstall -C %{askpass} \ + BINDIR=%{_libexecdir} \ + MANPATH=%{_mandir} \ + DESTDIR=%{buildroot} + +# OpenLinux specific configuration +mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} +mkdir -p %{buildroot}%{_var}/empty/sshd + +# enabling X11 forwarding on the server is convenient and okay, +# on the client side it's a potential security risk! +%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ + %{buildroot}%{_sysconfdir}/sshd_config + +%if %{no_root_login} +%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ + %{buildroot}%{_sysconfdir}/sshd_config +%endif + +install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd +# FIXME: disabled, find out why this doesn't work with nis +%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ + %{buildroot}/etc/pam.d/sshd + +install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd + +# the last one is needless, but more future-proof +find %{buildroot}%{SVIdir} -type f -exec \ + %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ + s:\@sysconfdir\@:%{_sysconfdir}:g; \ + s:/usr/sbin:%{_sbindir}:g'\ + \{\} \; + +cat <<-EoD > %{buildroot}%{SVIcdir}/sshd + IDENT=sshd + DESCRIPTIVE="OpenSSH secure shell daemon" + # This service will be marked as 'skipped' on boot if there + # is no host key. Use ssh-host-keygen to generate one + ONBOOT="yes" + OPTIONS="" +EoD + +SKG=%{buildroot}%{_sbindir}/ssh-host-keygen +install -m 0755 contrib/caldera/ssh-host-keygen $SKG +# Fix up some path names in the keygen toy^Hol + %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ + s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ + %{buildroot}%{_sbindir}/ssh-host-keygen + +# This looks terrible. Expect it to change. +# install remaining docs +DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" +mkdir -p $DocD/%{askpass} +cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD +install -p -m 0444 %{SOURCE3} $DocD/faq.html +cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} +%if %{use_stable} + cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 +%else + cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 + ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 +%endif + +find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf +rm %{buildroot}%{_mandir}/man1/slogin.1 && \ + ln -s %{_mandir}/man1/ssh.1.gz \ + %{buildroot}%{_mandir}/man1/slogin.1.gz + + +%Clean +#%{rmDESTDIR} +[ %{buildroot} != "/" ] && rm -rf %{buildroot} + +%Post +# Generate host key when none is present to get up and running, +# both client and server require this for host-based auth! +# ssh-host-keygen checks for existing keys. +/usr/sbin/ssh-host-keygen +: # to protect the rpm database + +%pre server +%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : +%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ + -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : +: # to protect the rpm database + +%Post server +if [ -x %{LSBinit}-install ]; then + %{LSBinit}-install sshd +else + lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 +fi + +! %{SVIdir}/sshd status || %{SVIdir}/sshd restart +: # to protect the rpm database + + +%PreUn server +[ "$1" = 0 ] || exit 0 + +! %{SVIdir}/sshd status || %{SVIdir}/sshd stop +: # to protect the rpm database + + +%PostUn server +if [ -x %{LSBinit}-remove ]; then + %{LSBinit}-remove sshd +else + lisa --SysV-init remove sshd $1 +fi +: # to protect the rpm database + + +%Files +%defattr(-,root,root) +%dir %{_sysconfdir} +%config %{_sysconfdir}/ssh_config +%{_bindir}/scp +%{_bindir}/sftp +%{_bindir}/ssh +%{_bindir}/slogin +%{_bindir}/ssh-add +%attr(2755,root,nobody) %{_bindir}/ssh-agent +%{_bindir}/ssh-keygen +%{_bindir}/ssh-keyscan +%dir %{_libexecdir} +%attr(4711,root,root) %{_libexecdir}/ssh-keysign +%{_sbindir}/ssh-host-keygen +%dir %{_defaultdocdir}/%{name}-%{version} +%{_defaultdocdir}/%{name}-%{version}/CREDITS +%{_defaultdocdir}/%{name}-%{version}/ChangeLog +%{_defaultdocdir}/%{name}-%{version}/LICENCE +%{_defaultdocdir}/%{name}-%{version}/OVERVIEW +%{_defaultdocdir}/%{name}-%{version}/README* +%{_defaultdocdir}/%{name}-%{version}/TODO +%{_defaultdocdir}/%{name}-%{version}/faq.html +%{_mandir}/man1/* +%{_mandir}/man8/ssh-keysign.8.gz +%{_mandir}/man5/ssh_config.5.gz + +%Files server +%defattr(-,root,root) +%dir %{_var}/empty/sshd +%config %{SVIdir}/sshd +%config /etc/pam.d/sshd +%config %{_sysconfdir}/moduli +%config %{_sysconfdir}/sshd_config +%config %{SVIcdir}/sshd +%{_libexecdir}/sftp-server +%{_sbindir}/sshd +%{_mandir}/man5/sshd_config.5.gz +%{_mandir}/man8/sftp-server.8.gz +%{_mandir}/man8/sshd.8.gz + +%Files askpass +%defattr(-,root,root) +%{_libexecdir}/ssh-askpass +%{_libexecdir}/x11-ssh-askpass +%{_defaultdocdir}/%{name}-%{version}/%{askpass} + + +%ChangeLog +* Mon Jan 01 1998 ... +Template Version: 1.31 + +$Id: openssh.spec,v 1.49 2004/03/21 22:40:04 djm Exp $ diff --git a/crypto/openssh/contrib/caldera/ssh-host-keygen b/crypto/openssh/contrib/caldera/ssh-host-keygen new file mode 100755 index 0000000..3c5c171 --- /dev/null +++ b/crypto/openssh/contrib/caldera/ssh-host-keygen @@ -0,0 +1,36 @@ +#! /bin/sh +# +# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $ +# +# This script is normally run only *once* for a given host +# (in a given period of time) -- on updates/upgrades/recovery +# the ssh_host_key* files _should_ be retained! Otherwise false +# "man-in-the-middle-attack" alerts will frighten unsuspecting +# clients... + +keydir=@sysconfdir@ +keygen=@sshkeygen@ + +if [ -f $keydir/ssh_host_key -o \ + -f $keydir/ssh_host_key.pub ]; then + echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." +else + echo "Generating 1024 bit SSH1 RSA host key." + $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N '' +fi + +if [ -f $keydir/ssh_host_rsa_key -o \ + -f $keydir/ssh_host_rsa_key.pub ]; then + echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." +else + echo "Generating 1024 bit SSH2 RSA host key." + $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' +fi + +if [ -f $keydir/ssh_host_dsa_key -o \ + -f $keydir/ssh_host_dsa_key.pub ]; then + echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." +else + echo "Generating SSH2 DSA host key." + $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N '' +fi diff --git a/crypto/openssh/contrib/caldera/sshd.init b/crypto/openssh/contrib/caldera/sshd.init new file mode 100755 index 0000000..983146f --- /dev/null +++ b/crypto/openssh/contrib/caldera/sshd.init @@ -0,0 +1,125 @@ +#! /bin/bash +# +# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $ +# +### BEGIN INIT INFO +# Provides: +# Required-Start: $network +# Required-Stop: +# Default-Start: 3 4 5 +# Default-Stop: 0 1 2 6 +# Description: sshd +# Bring up/down the OpenSSH secure shell daemon. +### END INIT INFO +# +# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>. +# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>. +# Modified for OpenLinux by Raymund Will <ray@caldera.de> + +NAME=sshd +DAEMON=/usr/sbin/$NAME +# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem +# created by recent OpenSSH daemon/ssd combinations. See Caldera internal +# PR [linux/8278] for details... +PIDF=/var/run/$NAME.pid +NAME=$DAEMON + +_status() { + [ -z "$1" ] || local pidf="$1" + local ret=-1 + local pid + if [ -n "$pidf" ] && [ -r "$pidf" ]; then + pid=$(head -1 $pidf) + else + pid=$(pidof $NAME) + fi + + if [ ! -e $SVIlock ]; then + # no lock-file => not started == stopped? + ret=3 + elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then + # pid-file given but not present or no pid => died, but was not stopped + ret=2 + elif [ -r /proc/$pid/cmdline ] && + echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then + # pid-file given and present or pid found => check process... + # but don't compare exe, as this will fail after an update! + # compares OK => all's well, that ends well... + ret=0 + else + # no such process or exe does not match => stale pid-file or process died + # just recently... + ret=1 + fi + return $ret +} + +# Source function library (and set vital variables). +. @SVIdir@/functions + +case "$1" in + start) + [ ! -e $SVIlock ] || exit 0 + [ -x $DAEMON ] || exit 5 + SVIemptyConfig @sysconfdir@/sshd_config && exit 6 + + if [ ! \( -f @sysconfdir@/ssh_host_key -a \ + -f @sysconfdir@/ssh_host_key.pub \) -a \ + ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ + -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ + ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ + -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then + + echo "$SVIsubsys: host key not initialized: skipped!" + echo "$SVIsubsys: use ssh-host-keygen to generate one!" + exit 6 + fi + + echo -n "Starting $SVIsubsys services: " + ssd -S -x $DAEMON -n $NAME -- $OPTIONS + ret=$? + + echo "." + touch $SVIlock + ;; + + stop) + [ -e $SVIlock ] || exit 0 + + echo -n "Stopping $SVIsubsys services: " + ssd -K -p $PIDF -n $NAME + ret=$? + + echo "." + rm -f $SVIlock + ;; + + force-reload|reload) + [ -e $SVIlock ] || exit 0 + + echo "Reloading $SVIsubsys configuration files: " + ssd -K --signal 1 -q -p $PIDF -n $NAME + ret=$? + echo "done." + ;; + + restart) + $0 stop + $0 start + ret=$? + ;; + + status) + _status $PIDF + ret=$? + ;; + + *) + echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}" + ret=2 + ;; + +esac + +exit $ret + diff --git a/crypto/openssh/contrib/caldera/sshd.pam b/crypto/openssh/contrib/caldera/sshd.pam new file mode 100644 index 0000000..26dcb34 --- /dev/null +++ b/crypto/openssh/contrib/caldera/sshd.pam @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth required /lib/security/pam_pwdb.so shadow nodelay +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_pwdb.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_pwdb.so shadow nullok use_authtok +session required /lib/security/pam_pwdb.so +session required /lib/security/pam_limits.so |