tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com> 

Also removed some of the 'ISSUES' comments that have been verified by djm.
This commit is contained in:
Ben Lindstrom 2001-01-19 05:37:32 +00:00
parent 22e22bf9ba
commit b100ec9542
7 changed files with 346 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -19,6 +19,7 @@
rename *-skey.c *-chall.c since the files are not skey specific
- (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
to fix NULL pointer deref and fake authloop breakage in PAM code.
- (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
20010118
- (bal) Super Sized OpenBSD Resync

2
auth1.c
View File

@ -95,7 +95,7 @@ do_authloop(Authctxt *authctxt)
#ifdef KRB4
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
#ifdef USE_PAM /* ISSUE: Right?? */
#ifdef USE_PAM
auth_pam_password(pw, password)) {
#else
auth_password(pw, "")) {

6
auth2-pam.c
View File

@ -1,5 +1,5 @@
#include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $");
RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $");
#ifdef USE_PAM
#include "ssh.h"
@ -44,10 +44,6 @@ auth2_pam(Authctxt *authctxt)
retval = (do_pam_authenticate(0) == PAM_SUCCESS);
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
#if 0 /* ISSUE: No longer valid, but should this still be
handled?? */
userauth_log(authctxt, retval, method);
#endif
return retval;
}

35
contrib/cygwin/README
View File

@ -20,18 +20,41 @@ of the files has changed from /usr/local to /usr. The global configuration
files are in /etc now.
If you are installing OpenSSH the first time, you can generate
global config files, server keys and your own user keys by running
global config files and server keys by running
/usr/bin/ssh-config
/usr/bin/ssh-host-config
If you are updating your installation you may run the above ssh-config
Note that this binary archive doesn't contain default config files in /etc.
That files are only created if ssh-host-config is started.
If you are updating your installation you may run the above ssh-host-config
as well to move your configuration files to the new location and to
erase the files at the old location.
Be sure to start the new ssh-config when updating!
To support testing and unattended installation ssh-host-config got
some options:
Note that this binary archive doesn't contain default config files in /etc.
That files are only created if ssh-config is started.
usage: ssh-host-config [OPTION]...
Options:
--debug -d Enable shell's debug output.
--yes -y Answer all questions with "yes" automatically.
--no -n Answer all questions with "no" automatically.
You can create the private and public keys for a user now by running
/usr/bin/ssh-user-config
under the users account.
To support testing and unattended installation ssh-user-config got
some options as well:
usage: ssh-user-config [OPTION]...
Options:
--debug -d Enable shell's debug output.
--yes -y Answer all questions with "yes" automatically.
--no -n Answer all questions with "no" automatically.
--passphrase -p word Use "word" as passphrase automatically.
Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
(results in very slow deamon startup!) or from the command line (recommended

168
contrib/cygwin/ssh-config → contrib/cygwin/ssh-host-config Executable file → Normal file
View File

@ -1,11 +1,9 @@
#!/bin/sh
#
# ssh-config, Copyright 2000, Red Hat Inc.
# ssh-host-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
# set -x
# Subdirectory where the new package is being installed
PREFIX=/usr
@ -16,8 +14,19 @@ SYSCONFDIR=/etc
OLDPREFIX=/usr/local
OLDSYSCONFDIR=${OLDPREFIX}/etc
progname=$0
auto_answer=""
request()
{
if [ "${auto_answer}" = "yes" ]
then
return 0
elif [ "${auto_answer}" = "no" ]
then
return 1
fi
answer=""
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
do
@ -32,6 +41,48 @@ request()
fi
}
# Check options
while :
do
case $# in
0)
break
;;
esac
option=$1
shift
case "$option" in
-d | --debug )
set -x
;;
-y | --yes )
auto_answer=yes
;;
-n | --no )
auto_answer=no
;;
*)
echo "usage: ${progname} [OPTION]..."
echo
echo "This script creates an OpenSSH host configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo
exit 1
;;
esac
done
# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running
@ -71,6 +122,7 @@ fi
# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
# the same as ${PREFIX}
old_install=0
if [ "${OLDPREFIX}" != "${PREFIX}" ]
then
if [ -f "${OLDPREFIX}/sbin/sshd" ]
@ -116,6 +168,7 @@ then
rm -f ${OLDPREFIX}/sbin/sshd.exe
rm -f ${OLDPREFIX}/sbin/sftp-server.exe
fi
old_install=1
fi
fi
@ -124,13 +177,19 @@ fi
if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_key"
ssh-keygen -f ${SYSCONFDIR}/ssh_host_key -N ''
ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
ssh-keygen -d -f ${SYSCONFDIR}/ssh_host_dsa_key -N ''
ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
fi
# Check if ssh_config exists. If yes, ask for overwriting
@ -151,7 +210,7 @@ fi
if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Creating default ${SYSCONFDIR}/ssh_config file"
echo "Generating ${SYSCONFDIR}/ssh_config file"
cat > ${SYSCONFDIR}/ssh_config << EOF
# This is ssh client systemwide configuration file. This file provides
# defaults for users, and the values can be changed in per-user configuration
@ -179,7 +238,6 @@ then
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking no
# IdentityFile ~/.ssh/identity
# Port 22
# Protocol 2,1
# Cipher 3des
@ -190,6 +248,11 @@ Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
# Try authentification with the following identities
IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
EOF
fi
@ -211,15 +274,20 @@ fi
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Creating default ${SYSCONFDIR}/sshd_config file"
echo "Generating ${SYSCONFDIR}/sshd_config file"
cat > ${SYSCONFDIR}/sshd_config << EOF
# This is ssh server systemwide configuration file.
Port 22
#Protocol 2,1
#
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh_host_key
#
# Uncomment the following lines according to the used authentication
HostKey /etc/ssh_host_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
@ -262,63 +330,55 @@ UseLogin no
EOF
fi
# Ask user if user identity should be generated
if [ "X${HOME}" = "X" ]
# Add port 22/tcp to services
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
if [ $_nt -gt 0 ]
then
echo '$HOME is nonexistant. Cannot create user identity files.'
exit 1
_wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
_wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
else
_wservices="${WINDIR}\\SERVICES"
_wserv_tmp="${WINDIR}\\SERV.$$"
fi
_services=`cygpath -u "${_wservices}"`
_serv_tmp=`cygpath -u "${_wserv_tmp}"`
if [ ! -d "${HOME}" ]
then
echo '$HOME is not a valid directory. Cannot create user identity files.'
exit 1
fi
mount -b -f "${_wservices}" "${_services}"
mount -b -f "${_wserv_tmp}" "${_serv_tmp}"
# If HOME is the root dir, set HOME to empty string to avoid error messages
# in subsequent parts of that script.
if [ "X${HOME}" = "X/" ]
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
then
HOME=''
fi
if [ -e "${HOME}/.ssh" -a ! -d "${HOME}/.ssh" ]
then
echo '$HOME/.ssh is existant but not a directory. Cannot create user identity files.'
exit 1
fi
if [ ! -e "${HOME}/.ssh" ]
then
mkdir "${HOME}/.ssh"
if [ ! -e "${HOME}/.ssh" ]
awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd 22/tcp #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}"
if [ -f "${_serv_tmp}" ]
then
echo "Creating users ${HOME}/.ssh directory failed"
exit 1
if mv "${_serv_tmp}" "${_services}"
then
echo "Added sshd to ${_services}"
else
echo "Adding sshd to ${_services} failed\!"
fi
rm -f "${_serv_tmp}"
else
echo "Adding sshd to ${_services} failed\!"
fi
fi
if [ ! -f "${HOME}/.ssh/identity" ]
umount "${_services}"
umount "${_serv_tmp}"
# Add sshd line to inetd.conf
if [ -f /etc/inetd.conf ]
then
if request "Shall I create an RSA identity file for you?"
then
echo "Generating ${HOME}/.ssh/identity"
ssh-keygen -f "${HOME}/.ssh/identity"
fi
grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd stream tcp nowait root /usr/sbin/sshd -i" >> /etc/inetd.conf
fi
if [ ! -f "${HOME}/.ssh/id_dsa" ]
if [ "${old_install}" = "1" ]
then
if request "Shall I create an DSA identity file for you? (yes/no) "
then
echo "Generating ${HOME}/.ssh/id_dsa"
ssh-keygen -d -f "${HOME}/.ssh/id_dsa"
fi
echo
echo "Note: If you have used sshd as service or from inetd, don't forget to"
echo " change the path to sshd.exe in the service entry or in inetd.conf."
fi
echo
echo "Note: If you have used sshd as service or from inetd, don't forget to"
echo " change the path to sshd.exe in the service entry or in inetd.conf."
echo
echo "Configuration finished. Have fun!"
echo "Host configuration finished. Have fun!"

200
contrib/cygwin/ssh-user-config Normal file
View File

@ -0,0 +1,200 @@
#!/bin/sh
#
# ssh-user-config, Copyright 2000, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
progname=$0
auto_answer=""
auto_passphrase="no"
passphrase=""
request()
{
if [ "${auto_answer}" = "yes" ]
then
return 0
elif [ "${auto_answer}" = "no" ]
then
return 1
fi
answer=""
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
do
echo -n "$1 (yes/no) "
read answer
done
if [ "X${answer}" = "Xyes" ]
then
return 0
else
return 1
fi
}
# Check options
while :
do
case $# in
0)
break
;;
esac
option=$1
shift
case "$option" in
-d | --debug )
set -x
;;
-y | --yes )
auto_answer=yes
;;
-n | --no )
auto_answer=no
;;
-p | --passphrase )
with_passphrase="yes"
passphrase=$1
shift
;;
*)
echo "usage: ${progname} [OPTION]..."
echo
echo "This script creates an OpenSSH user configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo " --passphrase -p word Use \"word\" as passphrase automatically."
echo
exit 1
;;
esac
done
# Ask user if user identity should be generated
if [ ! -f /etc/passwd ]
then
echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file'
echo 'first using mkpasswd. Check if it contains an entry for you and'
echo 'please care for the home directory in your entry as well.'
exit 1
fi
uid=`id -u`
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd`
if [ "X${pwdhome}" = "X" ]
then
echo 'There is no home directory set for you in /etc/passwd.'
echo 'Setting $HOME is not sufficient!'
exit 1
fi
if [ ! -d "${pwdhome}" ]
then
echo "${pwdhome} is set in /etc/passwd as your home directory"
echo 'but it is not a valid directory. Cannot create user identity files.'
exit 1
fi
# If home is the root dir, set home to empty string to avoid error messages
# in subsequent parts of that script.
if [ "X${pwdhome}" = "X/" ]
then
# But first raise a warning!
echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!'
if request "Would you like to proceed anyway?"
then
pwdhome=''
else
exit 1
fi
fi
if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
then
echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
exit 1
fi
if [ ! -e "${pwdhome}/.ssh" ]
then
mkdir "${pwdhome}/.ssh"
if [ ! -e "${pwdhome}/.ssh" ]
then
echo "Creating users ${pwdhome}/.ssh directory failed"
exit 1
fi
fi
if [ ! -f "${pwdhome}/.ssh/identity" ]
then
if request "Shall I create an SSH1 RSA identity file for you?"
then
echo "Generating ${pwdhome}/.ssh/identity"
if [ "${with_passphrase}" = "yes" ]
then
ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
else
ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
fi
if request "Do you want to use this identity to login to this machine?"
then
echo "Adding to ${pwdhome}/.ssh/authorized_keys"
cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
fi
fi
fi
if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
then
if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
then
echo "Generating ${pwdhome}/.ssh/id_rsa"
if [ "${with_passphrase}" = "yes" ]
then
ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
else
ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
fi
if request "Do you want to use this identity to login to this machine?"
then
echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
fi
fi
fi
if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
then
if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
then
echo "Generating ${pwdhome}/.ssh/id_dsa"
if [ "${with_passphrase}" = "yes" ]
then
ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
else
ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
fi
if request "Do you want to use this identity to login to this machine?"
then
echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
fi
fi
fi
echo
echo "Configuration finished. Have fun!"

1
session.c
View File

@ -2013,7 +2013,6 @@ do_authenticated2(Authctxt *authctxt)
startup_pipe = -1;
}
#if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
/* ISSUE: Is this correct? */
if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) {
error("unable to get login class");
return;