From 606f880e0fd1a31f5beb3b37ece0c12317a9ed61 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 16 Sep 2000 15:39:56 +1100 Subject: [PATCH] - (djm) Shadow expiry check fix from Pavel Troller - (djm) Re-enable int64_t types - we need them for sftp - (djm) Use libexecdir from configure , rather than libexecdir/ssh - (djm) Update Redhat SPEC file accordingly - (djm) Add Kevin Steves HP/UX contrib files - (djm) Add Charles Levert getpgrp patch - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter - (djm) Fixprogs and entropy list fixes from Larry Jones - (djm) Fix for SuSE spec file from Takashi YOSHIDA --- CREDITS | 3 ++ ChangeLog | 12 +++++ Makefile.in | 9 ++-- auth-passwd.c | 16 +++++-- auth.c | 4 +- configure.in | 2 + contrib/hpux/README | 19 ++++++++ contrib/hpux/sshd | 5 +++ contrib/hpux/sshd.rc | 90 +++++++++++++++++++++++++++++++++++++ contrib/redhat/openssh.spec | 20 ++++----- contrib/suse/openssh.spec | 21 ++++----- defines.h | 10 ++--- fixprogs | 6 +-- next-posix.h | 1 - ssh_prng_cmds.in | 9 ++++ 15 files changed, 186 insertions(+), 41 deletions(-) create mode 100644 contrib/hpux/README create mode 100644 contrib/hpux/sshd create mode 100755 contrib/hpux/sshd.rc diff --git a/CREDITS b/CREDITS index b2ea280dc..63dc64add 100644 --- a/CREDITS +++ b/CREDITS @@ -46,7 +46,9 @@ Juergen Keil - scp bugfixing Kees Cook - scp fixes Kenji Miyake - Configure fixes Kevin O'Connor - RSAless operation +Kevin Steves - HP support, bugfixes, improvements Kiyokazu SUTO - Bugfixes +Larry Jones - Bugfixes Lutz Jaenicke - Bugfixes Marc G. Fournier - Solaris patches Mark Miller - Bugfixes @@ -55,6 +57,7 @@ Michael Stone - Irix enhancements Nalin Dahyabhai - PAM environment patch Nate Itkin - SunOS 4.1.x fixes Niels Kristian Bech Jensen - Assorted patches +Pavel Troller - Bugfixes Peter Kocks - Makefile fixes Phil Hands - Debian scripts, assorted patches Phil Karn - Autoconf fix diff --git a/ChangeLog b/ChangeLog index 4b337ebd0..55b626235 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,16 @@ 20000916 + - (djm) Shadow expiry check fix from Pavel Troller + - (djm) Re-enable int64_t types - we need them for sftp + - (djm) Use libexecdir from configure , rather than libexecdir/ssh + - (djm) Update Redhat SPEC file accordingly + - (djm) Add Kevin Steves HP/UX contrib files + - (djm) Add Charles Levert getpgrp patch + - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter + + - (djm) Fixprogs and entropy list fixes from Larry Jones + + - (djm) Fix for SuSE spec file from Takashi YOSHIDA + - (djm) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] diff --git a/Makefile.in b/Makefile.in index f8a0ee291..f3a19c0fd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -15,8 +15,7 @@ DESTDIR= VPATH=@srcdir@ SSH_PROGRAM=@bindir@/ssh -LIBEXEC=@libexecdir@/ssh -ASKPASS_PROGRAM=$(LIBEXEC)/ssh-askpass +ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass CC=@CC@ LD=@LD@ @@ -49,7 +48,7 @@ MANPAGES = @MANTYPE@ CONFIGFILES=sshd_config ssh_config -PATHSUBS = -D/etc/ssh_config=$(sysconfdir)/ssh_config -D/etc/known_hosts=$(sysconfdir)/ssh_known_hosts -D/etc/sshd_config=$(sysconfdir)/sshd_config -D/usr/libexec=$(LIBEXEC) -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv -D/etc/ssh_host_key=$(sysconfdir)/ssh_host_key -D/var/run/sshd.pid=$(piddir)/sshd.pid +PATHSUBS = -D/etc/ssh_config=$(sysconfdir)/ssh_config -D/etc/known_hosts=$(sysconfdir)/ssh_known_hosts -D/etc/sshd_config=$(sysconfdir)/sshd_config -D/usr/libexec=$(libexecdir) -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv -D/etc/ssh_host_key=$(sysconfdir)/ssh_host_key -D/var/run/sshd.pid=$(piddir)/sshd.pid FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS) @@ -127,14 +126,14 @@ install-files: ./mkinstalldirs $(DESTDIR)$(mandir) ./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 ./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 - ./mkinstalldirs $(DESTDIR)$(LIBEXEC) + ./mkinstalldirs $(DESTDIR)$(libexecdir) $(INSTALL) -m 4755 -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd - $(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(LIBEXEC)/sftp-server + $(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(libexecdir)/sftp-server $(INSTALL) -m 644 ssh.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 $(INSTALL) -m 644 scp.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 $(INSTALL) -m 644 ssh-add.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 diff --git a/auth-passwd.c b/auth-passwd.c index 27824165f..055a03629 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -111,6 +111,9 @@ auth_password(struct passwd * pw, const char *password) #ifdef HAVE_GETPWANAM struct passwd_adjunct *spw; #endif +# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW + struct pr_passwd *prpw; +#endif #ifdef WITH_AIXAUTHENTICATE char *authmsg; char *loginmsg; @@ -167,11 +170,16 @@ auth_password(struct passwd * pw, const char *password) } #endif - /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) - return 1; - +# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW + prpw = getprpwnam(pw->pw_name); + pw_password = prpw->ufld.fd_encrypt; +#else pw_password = pw->pw_passwd; +#endif + + /* Check for users with no password. */ + if (strcmp(password, "") == 0 && strcmp(pw_password, "") == 0) + return 1; #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); diff --git a/auth.c b/auth.c index ccce644a7..ae8c79843 100644 --- a/auth.c +++ b/auth.c @@ -98,8 +98,8 @@ allowed_user(struct passwd * pw) return 0; /* Check password expiry */ - if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) && - (days > (spw->sp_lstchg + spw->sp_inact))) + if ((spw->sp_lstchg > 0) && (spw->sp_max > 0) && + (days > (spw->sp_lstchg + spw->sp_max))) return 0; } #else diff --git a/configure.in b/configure.in index 9fb78f1ff..d509619ff 100644 --- a/configure.in +++ b/configure.in @@ -296,6 +296,8 @@ int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} ) fi +AC_FUNC_GETPGRP + PAM_MSG="no" AC_ARG_WITH(pam, [ --without-pam Disable PAM support ], diff --git a/contrib/hpux/README b/contrib/hpux/README new file mode 100644 index 000000000..edddfc018 --- /dev/null +++ b/contrib/hpux/README @@ -0,0 +1,19 @@ +README for OpenSSH HP-UX contrib files +Kevin Steves + +sshd: configuration file for sshd.rc +sshd.rc: SSH startup script + +To install: + +o Verify paths in sshd.rc match your local installation + (WHAT_PATH and WHAT_PID) +o Customize sshd if needed (SSHD_ARGS) +o Install: + + # cp sshd /etc/rc.config.d + # chmod 444 /etc/rc.config.d/sshd + # cp sshd.rc /sbin/init.d + # chmod 555 /sbin/init.d/sshd.rc + # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd + # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd diff --git a/contrib/hpux/sshd b/contrib/hpux/sshd new file mode 100644 index 000000000..8eb5e92a3 --- /dev/null +++ b/contrib/hpux/sshd @@ -0,0 +1,5 @@ +# SSHD_START: Set to 1 to start SSH daemon +# SSHD_ARGS: Command line arguments to pass to sshd +# +SSHD_START=1 +SSHD_ARGS= diff --git a/contrib/hpux/sshd.rc b/contrib/hpux/sshd.rc new file mode 100755 index 000000000..f9a10999b --- /dev/null +++ b/contrib/hpux/sshd.rc @@ -0,0 +1,90 @@ +#!/sbin/sh + +# +# sshd.rc: SSH daemon start-up and shutdown script +# + +# Allowed exit values: +# 0 = success; causes "OK" to show up in checklist. +# 1 = failure; causes "FAIL" to show up in checklist. +# 2 = skip; causes "N/A" to show up in the checklist. +# Use this value if execution of this script is overridden +# by the use of a control variable, or if this script is not +# appropriate to execute for some other reason. +# 3 = reboot; causes the system to be rebooted after execution. + +# Input and output: +# stdin is redirected from /dev/null +# +# stdout and stderr are redirected to the /etc/rc.log file +# during checklist mode, or to the console in raw mode. + +PATH=/usr/sbin:/usr/bin:/sbin +export PATH + +WHAT='OpenSSH' +WHAT_PATH=/opt/openssh/sbin/sshd +WHAT_PID=/var/run/sshd.pid +WHAT_CONFIG=/etc/rc.config.d/sshd + +# NOTE: If your script executes in run state 0 or state 1, then /usr might +# not be available. Do not attempt to access commands or files in +# /usr unless your script executes in run state 2 or greater. Other +# file systems typically not mounted until run state 2 include /var +# and /opt. + +rval=0 + +# Check the exit value of a command run by this script. If non-zero, the +# exit code is echoed to the log file and the return value of this script +# is set to indicate failure. + +set_return() { + x=$? + if [ $x -ne 0 ]; then + echo "EXIT CODE: $x" + rval=1 # script FAILed + fi +} + +case $1 in +'start_msg') + echo "Starting $WHAT" + ;; + +'stop_msg') + echo "Stopping $WHAT" + ;; + +'start') + if [ -f $WHAT_CONFIG ] ; then + . $WHAT_CONFIG + else + echo "ERROR: $WHAT_CONFIG defaults file MISSING" + fi + + if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then + $WHAT_PATH $SSHD_ARGS && echo "$WHAT started" + set_return + else + rval=2 + fi + ;; + +'stop') + if kill `cat $WHAT_PID`; then + echo "$WHAT stopped" + else + rval=1 + echo "Unable to stop $WHAT" + fi + set_return + ;; + +*) + echo "usage: $0 {start|stop|start_msg|stop_msg}" + rval=1 + ;; +esac + +exit $rval diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 810af1500..37316d21e 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -167,8 +167,8 @@ This package contains the GNOME passphrase dialog. %build -%configure --sysconfdir=/etc/ssh --with-tcp-wrappers \ - --with-rsh=/usr/bin/rsh +%configure --sysconfdir=/etc/ssh --libexecdir=/usr/libexec/openssh \ + --with-tcp-wrappers --with-rsh=/usr/bin/rsh make @@ -193,17 +193,17 @@ make install DESTDIR=$RPM_BUILD_ROOT/ install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/etc/rc.d/init.d -install -d $RPM_BUILD_ROOT/usr/libexec/ssh +install -d $RPM_BUILD_ROOT/usr/libexec/openssh install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd %if ! %{no_x11_askpass} -install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/ssh/x11-ssh-askpass -ln -s /usr/libexec/ssh/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/ssh/ssh-askpass +install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/x11-ssh-askpass +ln -s /usr/libexec/openssh/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/ssh-askpass %endif %if ! %{no_gnome_askpass} -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/ssh/gnome-ssh-askpass +install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/gnome-ssh-askpass %endif %clean @@ -230,7 +230,7 @@ fi %attr(0644,root,root) /usr/man/man1/ssh-keygen.1* %attr(0644,root,root) /usr/man/man1/scp.1* %attr(0755,root,root) %dir /etc/ssh -%attr(0755,root,root) %dir /usr/libexec/ssh +%attr(0755,root,root) %dir /usr/libexec/openssh %files clients %defattr(-,root,root) @@ -258,12 +258,12 @@ fi %doc x11-ssh-askpass-%{aversion}/README %doc x11-ssh-askpass-%{aversion}/ChangeLog %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad -%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass -%attr(0755,root,root) /usr/libexec/ssh/x11-ssh-askpass +%attr(0755,root,root) /usr/libexec/openssh/ssh-askpass +%attr(0755,root,root) /usr/libexec/openssh/x11-ssh-askpass %endif %if ! %{no_gnome_askpass} %files askpass-gnome %defattr(-,root,root) -%attr(0755,root,root) /usr/libexec/ssh/gnome-ssh-askpass +%attr(0755,root,root) /usr/libexec/openssh/gnome-ssh-askpass %endif diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 5c2e56e62..324d88aea 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -150,8 +150,9 @@ This package contains the GNOME passphrase dialog. %build CFLAGS="$RPM_OPT_FLAGS" \ -./configure --prefix=/usr --sysconfdir=/etc/ssh --with-gnome-askpass \ - --with-tcp-wrappers --with-ipv4-default +./configure --prefix=/usr --sysconfdir=/etc/ssh \ + --libexecdir=/usr/libexec/ssh --with-gnome-askpass \ + --with-tcp-wrappers --with-ipv4-default make cd contrib @@ -167,12 +168,12 @@ install -d $RPM_BUILD_ROOT/etc/ssh/ install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/sbin/init.d/ install -d $RPM_BUILD_ROOT/var/adm/fillup-templates -install -d $RPM_BUILD_ROOT/usr/libexec/ssh -install -m644 sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd +install -d $RPM_BUILD_ROOT/usr/libexec/openssh +install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/ssh/gnome-ssh-askpass -ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/ssh/ssh-askpass +install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/gnome-ssh-askpass +ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/ssh-askpass install -m744 contrib/suse/rc.config.sshd \ $RPM_BUILD_ROOT/var/adm/fillup-templates @@ -230,7 +231,7 @@ fi %attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1* %attr(0644,root,root) %doc /usr/man/man1/scp.1* %attr(0755,root,root) %dir /etc/ssh -%attr(0755,root,root) %dir /usr/libexec/ssh +%attr(0755,root,root) %dir /usr/libexec/openssh %files clients %defattr(-,root,root) @@ -247,7 +248,7 @@ fi %files server %defattr(-,root,root) %attr(0755,root,root) /usr/sbin/sshd -%attr(0755,root,root) /usr/libexec/ssh/sftp-server +%attr(0755,root,root) /usr/libexec/openssh/sftp-server %attr(0644,root,root) %doc /usr/man/man8/sshd.8* %attr(0644,root,root) %doc /usr/man/man8/sftp-server.8* %attr(0600,root,root) %config /etc/ssh/sshd_config @@ -258,6 +259,6 @@ fi %files askpass %defattr(-,root,root) -%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass -%attr(0755,root,root) /usr/libexec/ssh/gnome-ssh-askpass +%attr(0755,root,root) /usr/libexec/openssh/ssh-askpass +%attr(0755,root,root) /usr/libexec/openssh/gnome-ssh-askpass diff --git a/defines.h b/defines.h index 69b8baf27..0ac3e96b2 100644 --- a/defines.h +++ b/defines.h @@ -123,7 +123,6 @@ typedef int int32_t; # else # error "32 bit int type not found." # endif -/* # if (SIZEOF_LONG_INT == 8) typedef long int int64_t; # else @@ -134,7 +133,6 @@ typedef long long int int64_t; # error "64 bit int type not found." # endif # endif -*/ #endif /* If sys/types.h does not supply u_intXX_t, supply them ourselves */ @@ -143,9 +141,7 @@ typedef long long int int64_t; typedef uint8_t u_int8_t; typedef uint16_t u_int16_t; typedef uint32_t u_int32_t; -/* typedef uint64_t u_int64_t; -*/ # define HAVE_U_INTXX_T 1 # else # if (SIZEOF_CHAR == 1) @@ -163,7 +159,6 @@ typedef unsigned int u_int32_t; # else # error "32 bit int type not found." # endif -/* # if (SIZEOF_LONG_INT == 8) typedef unsigned long int u_int64_t; # else @@ -174,7 +169,6 @@ typedef unsigned long long int u_int64_t; # error "64 bit int type not found." # endif # endif -*/ # endif #endif @@ -326,6 +320,10 @@ typedef int mode_t; # define USE_VHANGUP #endif /* defined(HAVE_VHANGUP) && !defined(BROKEN_VHANGUP) */ +#ifndef GETPGRP_VOID +# define getpgrp() getpgrp(0) +#endif + /** ** login recorder definitions **/ diff --git a/fixprogs b/fixprogs index 4a70d2f9f..f781fec08 100755 --- a/fixprogs +++ b/fixprogs @@ -44,9 +44,9 @@ foreach (@infile) { if (! ($pid = fork())) { # child close STDIN; close STDOUT; close STDERR; - open STDIN, "/dev/null"; - open STDERR, ">/dev/null"; + open (STDIN, "/tmp/foo"); + open (STDERR, ">/dev/null"); exec $path @args; exit 1; # shouldn't be here } diff --git a/next-posix.h b/next-posix.h index 13aaaa2cb..06149d5b5 100644 --- a/next-posix.h +++ b/next-posix.h @@ -44,7 +44,6 @@ pid_t posix_wait(int *status); /* new wait() */ /* MISC functions */ int waitpid(int pid,int *stat_loc,int options); -#define getpgrp() getpgrp(0) pid_t setsid(void); /* TC */ diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in index 355c1b90a..0f86c7627 100644 --- a/ssh_prng_cmds.in +++ b/ssh_prng_cmds.in @@ -14,6 +14,15 @@ "ls -alni /tmp" @PROG_LS@ 0.02 "ls -alni /var/tmp" @PROG_LS@ 0.02 "ls -alni /usr/tmp" @PROG_LS@ 0.02 +"ls -alTi /var/log" @PROG_LS@ 0.02 +"ls -alTi /var/adm" @PROG_LS@ 0.02 +"ls -alTi /var/mail" @PROG_LS@ 0.02 +"ls -alTi /var/adm/syslog" @PROG_LS@ 0.02 +"ls -alTi /var/spool/mail" @PROG_LS@ 0.02 +"ls -alTi /proc" @PROG_LS@ 0.02 +"ls -alTi /tmp" @PROG_LS@ 0.02 +"ls -alTi /var/tmp" @PROG_LS@ 0.02 +"ls -alTi /usr/tmp" @PROG_LS@ 0.02 "netstat -an" @PROG_NETSTAT@ 0.05 "netstat -in" @PROG_NETSTAT@ 0.05