From 91c2a985f9d00247ba2fda6aebbffaeac609f328 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 4 Jan 2001 22:54:50 +0000 Subject: [PATCH] 20010105 - (bal) contrib/caldera/ provided by Tim Rice --- ChangeLog | 3 + contrib/caldera/openssh.spec | 334 +++++++++++++++++++++++++++++++++++ contrib/caldera/sshd.daemons | 6 + contrib/caldera/sshd.init | 99 +++++++++++ contrib/caldera/sshd.pam | 8 + 5 files changed, 450 insertions(+) create mode 100644 contrib/caldera/openssh.spec create mode 100644 contrib/caldera/sshd.daemons create mode 100755 contrib/caldera/sshd.init create mode 100644 contrib/caldera/sshd.pam diff --git a/ChangeLog b/ChangeLog index eb203491f..71350188f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20010105 + - (bal) contrib/caldera/ provided by Tim Rice + 20010104 - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on work by Chris Vaughan diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec new file mode 100644 index 000000000..3191c6744 --- /dev/null +++ b/contrib/caldera/openssh.spec @@ -0,0 +1,334 @@ +# Version of OpenSSH +%define oversion 2.3.0p2 + +# Version of ssh-askpass +%define aversion 1.1.1 + +# Do we want to disable building of x11-askpass? (1=yes 0=no) +%define no_x11_askpass 0 + +# Do we want to disable building of gnome-askpass? (1=yes 0=no) +%define no_gnome_askpass 1 + +# Do we want to include contributed programs? (1=yes 0=no) +%define contrib_programs 1 + +Summary: OpenSSH free Secure Shell (SSH) implementation +Name: openssh +Version: %{oversion} +Release: 1 +Packager: Damien Miller +URL: http://www.openssh.com/ +Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz +Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz +Copyright: BSD +Group: Applications/Internet +BuildRoot: /var/tmp/openssh-%{Version}-buildroot +#BuildRoot: /tmp/openssh-%{Version}-buildroot +Obsoletes: ssh +PreReq: openssl >= 0.9.5a +Requires: openssl >= 0.9.5a +BuildPreReq: perl, openssl-devel, tcp_wrappers +BuildPreReq: /bin/login, /usr/bin/rsh, /usr/include/security/pam_appl.h +%if ! %{no_gnome_askpass} +BuildPreReq: gnome-libs-devel +%endif + +%package clients +Summary: OpenSSH Secure Shell protocol clients +Requires: openssh = %{Version}-%{release} +Group: Applications/Internet +Obsoletes: ssh-clients + +%package server +Summary: OpenSSH Secure Shell protocol server (sshd) +Group: System Environment/Daemons +Obsoletes: ssh-server +#PreReq: openssh chkconfig >= 0.9 + +%package askpass +Summary: OpenSSH X11 passphrase dialog +Group: Applications/Internet +Requires: openssh = %{Version}-%{release} +Obsoletes: ssh-extras + +%package askpass-gnome +Summary: OpenSSH GNOME passphrase dialog +Group: Applications/Internet +Requires: openssh = %{Version}-%{release} +Obsoletes: ssh-extras + +%description +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to separate libraries (OpenSSL). + +This package includes the core files necessary for both the OpenSSH +client and server. To make this package useful, you should also +install openssh-clients, openssh-server, or both. + +%description clients +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to separate libraries (OpenSSL). + +This package includes the clients necessary to make encrypted connections +to SSH servers. + +%description server +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to separate libraries (OpenSSL). + +This package contains the secure shell daemon. The sshd is the server +part of the secure shell protocol and allows ssh clients to connect to +your host. + +%description askpass +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to separate libraries (OpenSSL). + +This package contains Jim Knoble's X11 passphrase +dialog. + +%description askpass-gnome +Ssh (Secure Shell) a program for logging into a remote machine and for +executing commands in a remote machine. It is intended to replace +rlogin and rsh, and provide secure encrypted communications between +two untrusted hosts over an insecure network. X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. + +OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it +up to date in terms of security and features, as well as removing all +patented algorithms to separate libraries (OpenSSL). + +This package contains the GNOME passphrase dialog. + +%prep + +%setup -a 1 + +%build + +%define _sysconfdir /etc/ssh + +CFLAGS="$RPM_OPT_FLAGS" \ + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/ssh \ + --libexecdir=%{_libexecdir}/openssh \ + --with-tcp-wrappers \ + --with-ipv4-default \ + --with-rsh=/usr/bin/rsh + +make + +%if ! %{no_x11_askpass} +cd x11-ssh-askpass-%{aversion} +xmkmf -a +make +cd .. +%endif + +%if ! %{no_gnome_askpass} +cd contrib +gcc -O -g `gnome-config --cflags gnome gnomeui` \ + gnome-ssh-askpass.c -o gnome-ssh-askpass \ + `gnome-config --libs gnome gnomeui` +cd .. +%endif + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT/ + +# setup the environment we want +perl -pi -e "s,PermitRootLogin yes,PermitRootLogin no,;" \ + -e "s,X11Forwarding no,X11Forwarding yes,;" \ + -e "s,CheckMail no,CheckMail yes,;" \ + -e "s,^#Subsystem sftp,Subsystem sftp,;" \ + $RPM_BUILD_ROOT/etc/ssh/sshd_config + +install -d $RPM_BUILD_ROOT/etc/pam.d/ +install -d $RPM_BUILD_ROOT/etc/rc.d/init.d +install -d $RPM_BUILD_ROOT/etc/sysconfig/daemons +install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh +install -d $RPM_BUILD_ROOT/usr/local/bin +install -d $RPM_BUILD_ROOT/usr/local/man/man1 +install -m644 contrib/caldera/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd +install -m755 contrib/caldera/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd +install -m755 contrib/caldera/sshd.daemons $RPM_BUILD_ROOT/etc/sysconfig/daemons/sshd +perl -pi -e "s,\@OPENSSH_VERSION\@,%{Name}-%{Version},g" \ + $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd +perl -pi -e "s,\@OPENSSH_VERSION\@,%{Name}-%{Version},g" \ + $RPM_BUILD_ROOT/etc/sysconfig/daemons/sshd +%if %{contrib_programs} +install -m755 contrib/make-ssh-known-hosts.pl $RPM_BUILD_ROOT/usr/local/bin +install -m644 contrib/make-ssh-known-hosts.1 $RPM_BUILD_ROOT/usr/local/man/man1 +install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/local/bin +install -m644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT/usr/local/man/man1 +%endif + +%if ! %{no_x11_askpass} +install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/x11-ssh-askpass +ln -s /usr/libexec/openssh/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/ssh-askpass +install -d $RPM_BUILD_ROOT/usr/X11R6/man/man1 +install -c -m 0444 x11-ssh-askpass-%{aversion}/x11-ssh-askpass.man $RPM_BUILD_ROOT/usr/X11R6/man/man1/x11-ssh-askpass.1x +ln -s /usr/X11R6/man/man1/x11-ssh-askpass.1x $RPM_BUILD_ROOT/usr/X11R6/man/man1/ssh-askpass.1x +%endif + +%if ! %{no_gnome_askpass} +install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/gnome-ssh-askpass +%endif + +%clean +##rm -rf $RPM_BUILD_ROOT + +%post server +if [ "$1" = 1 ]; then + echo "Creating SSH stop/start scripts in the rc directories..." +# /sbin/chkconfig --add sshd + lisa --SysV-init install sshd S90 2:3:4:5 K05 0:1:6 +fi +if test -r /var/run/sshd.pid +then + echo "Restarting the running SSH daemon..." + /etc/rc.d/init.d/sshd restart >&2 +else + echo "Starting the SSH daemon..." + /etc/rc.d/init.d/sshd start >&2 +fi + +%preun server +if [ "$1" = 0 ] ; then + echo "Stopping the SSH daemon..." + /etc/rc.d/init.d/sshd stop >&2 + echo "Removing SSH stop/start scripts from the rc directories..." +# /sbin/chkconfig --del sshd + lisa --SysV-init remove sshd $1 +fi + +%files +%defattr(-,root,root) +%doc ChangeLog OVERVIEW README* INSTALL +%doc CREDITS LICENCE +%attr(0755,root,root) %{_bindir}/ssh-keygen +%attr(0755,root,root) %{_bindir}/scp +%attr(0755,root,root) %{_bindir}/ssh-keyscan +%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* +%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* +%attr(0644,root,root) %{_mandir}/man1/scp.1* +%attr(0755,root,root) %dir %{_sysconfdir} +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/primes +%attr(0755,root,root) %dir %{_libexecdir}/openssh + +%files clients +%defattr(-,root,root) +%attr(4755,root,root) %{_bindir}/ssh +%attr(0755,root,root) %{_bindir}/ssh-agent +%attr(0755,root,root) %{_bindir}/ssh-add +%attr(0644,root,root) %{_mandir}/man1/ssh.1* +%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* +%attr(0644,root,root) %{_mandir}/man1/ssh-add.1* +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config +%attr(-,root,root) %{_bindir}/slogin +%attr(-,root,root) %{_mandir}/man1/slogin.1* +%if %{contrib_programs} +%attr(0755,root,root) /usr/local/bin/make-ssh-known-hosts.pl +%attr(0644,root,root) /usr/local/man/man1/make-ssh-known-hosts.1 +%attr(0755,root,root) /usr/local/bin/ssh-copy-id +%attr(0644,root,root) /usr/local/man/man1/ssh-copy-id.1 +%endif + +%files server +%defattr(-,root,root) +%attr(0751,root,root) %{_sbindir}/sshd +%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server +%attr(0644,root,root) %{_mandir}/man8/sshd.8* +%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config +%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd +%attr(0755,root,root) %config /etc/rc.d/init.d/sshd +%attr(0755,root,root) %config /etc/sysconfig/daemons/sshd + +%if ! %{no_x11_askpass} +%files askpass +%defattr(-,root,root) +%doc x11-ssh-askpass-%{aversion}/README +%doc x11-ssh-askpass-%{aversion}/ChangeLog +%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad +%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass +%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass +%attr(0644,root,root) /usr/X11R6/man/man1/x11-ssh-askpass.1x +%attr(-,root,root) /usr/X11R6/man/man1/ssh-askpass.1x +%endif + +%if ! %{no_gnome_askpass} +%files askpass-gnome +%defattr(-,root,root) +%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass +%endif + +%changelog +* Mon Oct 18 2000 Damien Miller +- Merge some of Nalin Dahyabhai changes from the + Redhat 7.0 spec file +* Tue Sep 05 2000 Damien Miller +- Use RPM configure macro +* Tue Aug 08 2000 Damien Miller +- Some surgery to sshd.init (generate keys at runtime) +- Cleanup of groups and removal of keygen calls +* Wed Jul 12 2000 Damien Miller +- Make building of X11-askpass and gnome-askpass optional +* Mon Jun 12 2000 Damien Miller +- Glob manpages to catch compressed files +* Wed Mar 15 2000 Damien Miller +- Updated for new location +- Updated for new gnome-ssh-askpass build +* Sun Dec 26 1999 Damien Miller +- Added Jim Knoble's askpass +* Mon Nov 15 1999 Damien Miller +- Split subpackages further based on patch from jim knoble +* Sat Nov 13 1999 Damien Miller +- Added 'Obsoletes' directives +* Tue Nov 09 1999 Damien Miller +- Use make install +- Subpackages +* Mon Nov 08 1999 Damien Miller +- Added links for slogin +- Fixed perms on manpages +* Sat Oct 30 1999 Damien Miller +- Renamed init script +* Fri Oct 29 1999 Damien Miller +- Back to old binary names +* Thu Oct 28 1999 Damien Miller +- Use autoconf +- New binary names +* Wed Oct 27 1999 Damien Miller +- Initial RPMification, based on Jan "Yenya" Kasprzak's spec. + diff --git a/contrib/caldera/sshd.daemons b/contrib/caldera/sshd.daemons new file mode 100644 index 000000000..b75150408 --- /dev/null +++ b/contrib/caldera/sshd.daemons @@ -0,0 +1,6 @@ +IDENT=sshd +SHORT="sshd" +DESCRIPTIVE="@OPENSSH_VERSION@" +DAEMON=/usr/sbin/sshd +# DAEMON_ARGS="-p some_other_port" +ONBOOT=yes diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init new file mode 100755 index 000000000..17643391b --- /dev/null +++ b/contrib/caldera/sshd.init @@ -0,0 +1,99 @@ +#! /bin/sh +# +# Generic network daemon RC script. If installed as /etc/rc.d/init.d/foobar, +# it source /etc/sysconfig/daemons/foobar and looks at the +# variable definitions (Bourne shell syntax). Variables marked with an +# asterisk are required. +# +# * IDENT=sshd +# DESCRIPTIVE="@OPENSSH_VERSION@" +# * DAEMON=/usr/sbin/sshd +# DAEMON_ARGS="-p some_other_port" +# ONBOOT=yes +# + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Source function library, check sysconfig/daemon file and source it. +. /etc/rc.d/init.d/functions + +[ -x $DAEMON ] || exit 0 + +# Some functions to make the below more readable +KEYGEN=/usr/bin/ssh-keygen +RSA1_KEY=/etc/ssh/ssh_host_key +RSA_KEY=/etc/ssh/ssh_host_rsa_key +DSA_KEY=/etc/ssh/ssh_host_dsa_key +PID_FILE=/var/run/sshd.pid +do_rsa1_keygen() { + if ! test -f $RSA1_KEY ; then + echo -n "Generating SSH1 RSA host key: " + if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then + echo "RSA1 key generation success" + else + echo "RSA1 key generation failure" + exit 1 + fi + fi +} +do_rsa_keygen() { + if ! test -f $RSA_KEY ; then + echo -n "Generating SSH2 RSA host key: " + if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then + echo "RSA key generation success" + else + echo "RSA key generation failure" + exit 1 + fi + fi +} +do_dsa_keygen() { + if ! test -f $DSA_KEY ; then + echo -n "Generating SSH2 DSA host key: " + if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then + echo "DSA key generation success" + else + echo "DSA key generation failure" + exit 1 + fi + fi +} + +# See how we were called. +case "$1" in + start) + # Create keys if necessary + do_rsa1_keygen + do_rsa_keygen + do_dsa_keygen + + # Start daemons. + [ ! -e $LOCK ] || exit 1 + echo -n "Starting $SUBSYS services: " + start-stop-daemon -S -n $IDENT -x $DAEMON -- $DAEMON_ARGS + sleep 1 + echo . + touch $LOCK + ;; + stop) + # Stop daemons. + [ -e $LOCK ] || exit 0 + echo -n "Stopping $SUBSYS services: " + start-stop-daemon -K -n $IDENT -x $DAEMON + echo + rm -f $LOCK + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $SUBSYS {start|stop|restart}" + exit 1 +esac + +exit 0 diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam new file mode 100644 index 000000000..26dcb34d9 --- /dev/null +++ b/contrib/caldera/sshd.pam @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth required /lib/security/pam_pwdb.so shadow nodelay +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_pwdb.so +password required /lib/security/pam_cracklib.so +password required /lib/security/pam_pwdb.so shadow nullok use_authtok +session required /lib/security/pam_pwdb.so +session required /lib/security/pam_limits.so