summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-01 17:15:23 +0000
committerColin Watson <cjwatson@debian.org>2010-01-01 17:15:23 +0000
commit99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (patch)
tree1d24ce54c9981ea8cbb4c5a9309964a0e4c4b320 /contrib
parent87552344215a38d3a2b0d4d63dc151e05978bbe1 (diff)
parent54af7a4ae8d455791a631bdfaade4b64436ae16a (diff)
import openssh-5.2p1-gsskex-all-20090726.patch
Diffstat (limited to 'contrib')
-rw-r--r--contrib/caldera/openssh.spec8
-rwxr-xr-xcontrib/caldera/ssh-host-keygen10
-rw-r--r--contrib/caldera/sshd.pam2
-rw-r--r--contrib/cygwin/Makefile4
-rw-r--r--contrib/cygwin/ssh-host-config241
-rw-r--r--contrib/gnome-ssh-askpass.c168
-rw-r--r--contrib/redhat/openssh.spec4
-rw-r--r--contrib/redhat/sshd.pam2
-rwxr-xr-xcontrib/solaris/buildpkg.sh386
-rwxr-xr-xcontrib/solaris/opensshd.in82
-rw-r--r--contrib/ssh-copy-id4
-rw-r--r--contrib/ssh-copy-id.14
-rw-r--r--contrib/sshd.pam.generic2
-rw-r--r--contrib/suse/openssh.spec4
-rw-r--r--contrib/suse/rc.sshd6
15 files changed, 148 insertions, 779 deletions
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 32d175d4b..42dbcfeeb 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,11 +17,11 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 5.1p1 20 %define version 5.2p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
23%else 23%else
24 %define version 5.1p1 24 %define version 5.2p1
25 %define cvs cvs20050315 25 %define cvs cvs20050315
26 %define release 0r1 26 %define release 0r1
27%endif 27%endif
@@ -251,7 +251,7 @@ install -m 0755 contrib/caldera/ssh-host-keygen $SKG
251# install remaining docs 251# install remaining docs
252DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" 252DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
253mkdir -p $DocD/%{askpass} 253mkdir -p $DocD/%{askpass}
254cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD 254cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
255install -p -m 0444 %{SOURCE3} $DocD/faq.html 255install -p -m 0444 %{SOURCE3} $DocD/faq.html
256cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} 256cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
257%if %{use_stable} 257%if %{use_stable}
@@ -358,4 +358,4 @@ fi
358* Mon Jan 01 1998 ... 358* Mon Jan 01 1998 ...
359Template Version: 1.31 359Template Version: 1.31
360 360
361$Id: openssh.spec,v 1.65 2008/07/21 08:21:53 djm Exp $ 361$Id: openssh.spec,v 1.66 2009/02/21 07:03:05 djm Exp $
diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen
index 3c5c17182..86382ddfb 100755
--- a/contrib/caldera/ssh-host-keygen
+++ b/contrib/caldera/ssh-host-keygen
@@ -1,6 +1,6 @@
1#! /bin/sh 1#! /bin/sh
2# 2#
3# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $ 3# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
4# 4#
5# This script is normally run only *once* for a given host 5# This script is normally run only *once* for a given host
6# (in a given period of time) -- on updates/upgrades/recovery 6# (in a given period of time) -- on updates/upgrades/recovery
@@ -15,16 +15,16 @@ if [ -f $keydir/ssh_host_key -o \
15 -f $keydir/ssh_host_key.pub ]; then 15 -f $keydir/ssh_host_key.pub ]; then
16 echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." 16 echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
17else 17else
18 echo "Generating 1024 bit SSH1 RSA host key." 18 echo "Generating SSH1 RSA host key."
19 $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N '' 19 $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
20fi 20fi
21 21
22if [ -f $keydir/ssh_host_rsa_key -o \ 22if [ -f $keydir/ssh_host_rsa_key -o \
23 -f $keydir/ssh_host_rsa_key.pub ]; then 23 -f $keydir/ssh_host_rsa_key.pub ]; then
24 echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." 24 echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
25else 25else
26 echo "Generating 1024 bit SSH2 RSA host key." 26 echo "Generating SSH2 RSA host key."
27 $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' 27 $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
28fi 28fi
29 29
30if [ -f $keydir/ssh_host_dsa_key -o \ 30if [ -f $keydir/ssh_host_dsa_key -o \
diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam
index 26dcb34d9..f050a9aee 100644
--- a/contrib/caldera/sshd.pam
+++ b/contrib/caldera/sshd.pam
@@ -1,6 +1,6 @@
1#%PAM-1.0 1#%PAM-1.0
2auth required /lib/security/pam_pwdb.so shadow nodelay 2auth required /lib/security/pam_pwdb.so shadow nodelay
3auth required /lib/security/pam_nologin.so 3account required /lib/security/pam_nologin.so
4account required /lib/security/pam_pwdb.so 4account required /lib/security/pam_pwdb.so
5password required /lib/security/pam_cracklib.so 5password required /lib/security/pam_cracklib.so
6password required /lib/security/pam_pwdb.so shadow nullok use_authtok 6password required /lib/security/pam_pwdb.so shadow nullok use_authtok
diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile
index 3e2d26404..2ebd143dc 100644
--- a/contrib/cygwin/Makefile
+++ b/contrib/cygwin/Makefile
@@ -38,11 +38,13 @@ install-sshdoc:
38 $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog 38 $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
39 $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE 39 $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
40 $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW 40 $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
41 $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
42 $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
41 $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README 43 $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
42 $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns 44 $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
45 $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
43 $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep 46 $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
44 $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard 47 $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
45 $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
46 $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO 48 $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
47 $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG 49 $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
48 50
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index bbb6da4c4..57e728fbc 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -25,7 +25,7 @@ source ${CSIH_SCRIPT}
25port_number=22 25port_number=22
26privsep_configured=no 26privsep_configured=no
27privsep_used=yes 27privsep_used=yes
28cygwin_value="ntsec" 28cygwin_value=""
29password_value= 29password_value=
30 30
31# ====================================================================== 31# ======================================================================
@@ -37,13 +37,13 @@ create_host_keys() {
37 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key" 37 csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
38 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null 38 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
39 fi 39 fi
40 40
41 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] 41 if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
42 then 42 then
43 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key" 43 csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
44 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null 44 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
45 fi 45 fi
46 46
47 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] 47 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
48 then 48 then
49 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key" 49 csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
@@ -75,12 +75,12 @@ update_services_file() {
75 _spaces=" # " 75 _spaces=" # "
76 fi 76 fi
77 _serv_tmp="${_my_etcdir}/srv.out.$$" 77 _serv_tmp="${_my_etcdir}/srv.out.$$"
78 78
79 mount -t -f "${_win_etcdir}" "${_my_etcdir}" 79 mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
80 80
81 # Depends on the above mount 81 # Depends on the above mount
82 _wservices=`cygpath -w "${_services}"` 82 _wservices=`cygpath -w "${_services}"`
83 83
84 # Remove sshd 22/port from services 84 # Remove sshd 22/port from services
85 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] 85 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
86 then 86 then
@@ -89,16 +89,16 @@ update_services_file() {
89 then 89 then
90 if mv "${_serv_tmp}" "${_services}" 90 if mv "${_serv_tmp}" "${_services}"
91 then 91 then
92 csih_inform "Removing sshd from ${_wservices}" 92 csih_inform "Removing sshd from ${_wservices}"
93 else 93 else
94 csih_warning "Removing sshd from ${_wservices} failed!" 94 csih_warning "Removing sshd from ${_wservices} failed!"
95 fi 95 fi
96 rm -f "${_serv_tmp}" 96 rm -f "${_serv_tmp}"
97 else 97 else
98 csih_warning "Removing sshd from ${_wservices} failed!" 98 csih_warning "Removing sshd from ${_wservices} failed!"
99 fi 99 fi
100 fi 100 fi
101 101
102 # Add ssh 22/tcp and ssh 22/udp to services 102 # Add ssh 22/tcp and ssh 22/udp to services
103 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] 103 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
104 then 104 then
@@ -106,9 +106,9 @@ update_services_file() {
106 then 106 then
107 if mv "${_serv_tmp}" "${_services}" 107 if mv "${_serv_tmp}" "${_services}"
108 then 108 then
109 csih_inform "Added ssh to ${_wservices}" 109 csih_inform "Added ssh to ${_wservices}"
110 else 110 else
111 csih_warning "Adding ssh to ${_wservices} failed!" 111 csih_warning "Adding ssh to ${_wservices} failed!"
112 fi 112 fi
113 rm -f "${_serv_tmp}" 113 rm -f "${_serv_tmp}"
114 else 114 else
@@ -134,16 +134,16 @@ sshd_privsep() {
134 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." 134 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
135 if csih_request "Should privilege separation be used?" 135 if csih_request "Should privilege separation be used?"
136 then 136 then
137 privsep_used=yes 137 privsep_used=yes
138 if ! csih_create_unprivileged_user sshd 138 if ! csih_create_unprivileged_user sshd
139 then 139 then
140 csih_warning "Couldn't create user 'sshd'!" 140 csih_warning "Couldn't create user 'sshd'!"
141 csih_warning "Privilege separation set to 'no' again!" 141 csih_warning "Privilege separation set to 'no' again!"
142 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" 142 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
143 privsep_used=no 143 privsep_used=no
144 fi 144 fi
145 else 145 else
146 privsep_used=no 146 privsep_used=no
147 fi 147 fi
148 else 148 else
149 # On 9x don't use privilege separation. Since security isn't 149 # On 9x don't use privilege separation. Since security isn't
@@ -151,7 +151,7 @@ sshd_privsep() {
151 privsep_used=no 151 privsep_used=no
152 fi 152 fi
153 fi 153 fi
154 154
155 # Create default sshd_config from skeleton files in /etc/defaults/etc or 155 # Create default sshd_config from skeleton files in /etc/defaults/etc or
156 # modify to add the missing privsep configuration option 156 # modify to add the missing privsep configuration option
157 if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 157 if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
@@ -161,8 +161,8 @@ sshd_privsep() {
161 sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ 161 sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
162 s/^#Port 22/Port ${port_number}/ 162 s/^#Port 22/Port ${port_number}/
163 s/^#StrictModes yes/StrictModes no/" \ 163 s/^#StrictModes yes/StrictModes no/" \
164 < ${SYSCONFDIR}/sshd_config \ 164 < ${SYSCONFDIR}/sshd_config \
165 > "${sshdconfig_tmp}" 165 > "${sshdconfig_tmp}"
166 mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config 166 mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
167 elif [ "${privsep_configured}" != "yes" ] 167 elif [ "${privsep_configured}" != "yes" ]
168 then 168 then
@@ -193,19 +193,19 @@ update_inetd_conf() {
193 # will be replaced by a file in inetd.d/ 193 # will be replaced by a file in inetd.d/
194 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ] 194 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
195 then 195 then
196 grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}" 196 grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
197 if [ -f "${_inetcnf_tmp}" ] 197 if [ -f "${_inetcnf_tmp}" ]
198 then 198 then
199 if mv "${_inetcnf_tmp}" "${_inetcnf}" 199 if mv "${_inetcnf_tmp}" "${_inetcnf}"
200 then 200 then
201 csih_inform "Removed ssh[d] from ${_inetcnf}" 201 csih_inform "Removed ssh[d] from ${_inetcnf}"
202 else 202 else
203 csih_warning "Removing ssh[d] from ${_inetcnf} failed!" 203 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
204 fi 204 fi
205 rm -f "${_inetcnf_tmp}" 205 rm -f "${_inetcnf_tmp}"
206 else 206 else
207 csih_warning "Removing ssh[d] from ${_inetcnf} failed!" 207 csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
208 fi 208 fi
209 fi 209 fi
210 fi 210 fi
211 211
@@ -214,13 +214,13 @@ update_inetd_conf() {
214 then 214 then
215 if [ "${_with_comment}" -eq 0 ] 215 if [ "${_with_comment}" -eq 0 ]
216 then 216 then
217 sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" 217 sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
218 else 218 else
219 sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" 219 sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
220 fi 220 fi
221 mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}" 221 mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
222 csih_inform "Updated ${_sshd_inetd_conf}" 222 csih_inform "Updated ${_sshd_inetd_conf}"
223 fi 223 fi
224 224
225 elif [ -f "${_inetcnf}" ] 225 elif [ -f "${_inetcnf}" ]
226 then 226 then
@@ -233,26 +233,26 @@ update_inetd_conf() {
233 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" 233 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
234 if [ -f "${_inetcnf_tmp}" ] 234 if [ -f "${_inetcnf_tmp}" ]
235 then 235 then
236 if mv "${_inetcnf_tmp}" "${_inetcnf}" 236 if mv "${_inetcnf_tmp}" "${_inetcnf}"
237 then 237 then
238 csih_inform "Removed sshd from ${_inetcnf}" 238 csih_inform "Removed sshd from ${_inetcnf}"
239 else 239 else
240 csih_warning "Removing sshd from ${_inetcnf} failed!" 240 csih_warning "Removing sshd from ${_inetcnf} failed!"
241 fi 241 fi
242 rm -f "${_inetcnf_tmp}" 242 rm -f "${_inetcnf_tmp}"
243 else 243 else
244 csih_warning "Removing sshd from ${_inetcnf} failed!" 244 csih_warning "Removing sshd from ${_inetcnf} failed!"
245 fi 245 fi
246 fi 246 fi
247 247
248 # Add ssh line to inetd.conf 248 # Add ssh line to inetd.conf
249 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ] 249 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
250 then 250 then
251 if [ "${_with_comment}" -eq 0 ] 251 if [ "${_with_comment}" -eq 0 ]
252 then 252 then
253 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" 253 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
254 else 254 else
255 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}" 255 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
256 fi 256 fi
257 csih_inform "Added ssh to ${_inetcnf}" 257 csih_inform "Added ssh to ${_inetcnf}"
258 fi 258 fi
@@ -278,80 +278,83 @@ install_service() {
278 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?" 278 echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
279 if csih_request "(Say \"no\" if it is already installed as a service)" 279 if csih_request "(Say \"no\" if it is already installed as a service)"
280 then 280 then
281 csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\"" 281 csih_get_cygenv "${cygwin_value}"
282 csih_inform "for sshd to be able to change user context without password." 282
283 csih_get_cygenv "${cygwin_value}" 283 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
284 284 then
285 if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) 285 csih_inform "On Windows Server 2003, Windows Vista, and above, the"
286 then 286 csih_inform "SYSTEM account cannot setuid to other users -- a capability"
287 csih_inform "On Windows Server 2003, Windows Vista, and above, the" 287 csih_inform "sshd requires. You need to have or to create a privileged"
288 csih_inform "SYSTEM account cannot setuid to other users -- a capability" 288 csih_inform "account. This script will help you do so."
289 csih_inform "sshd requires. You need to have or to create a privileged" 289 echo
290 csih_inform "account. This script will help you do so." 290 if ! csih_create_privileged_user "${password_value}"
291 echo 291 then
292 if ! csih_create_privileged_user "${password_value}" 292 csih_error_recoverable "There was a serious problem creating a privileged user."
293 then 293 csih_request "Do you want to proceed anyway?" || exit 1
294 csih_error_recoverable "There was a serious problem creating a privileged user." 294 fi
295 csih_request "Do you want to proceed anyway?" || exit 1 295 fi
296 fi 296
297 fi 297 # never returns empty if NT or above
298 298 run_service_as=$(csih_service_should_run_as)
299 # never returns empty if NT or above 299
300 run_service_as=$(csih_service_should_run_as) 300 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
301 301 then
302 if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] 302 password="${csih_PRIVILEGED_PASSWORD}"
303 then 303 if [ -z "${password}" ]
304 password="${csih_PRIVILEGED_PASSWORD}" 304 then
305 if [ -z "${password}" ] 305 csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
306 then 306 password="${csih_value}"
307 csih_get_value "Please enter the password for user '${run_service_as}':" "-s" 307 fi
308 password="${csih_value}" 308 fi
309 fi 309
310 fi 310 # at this point, we either have $run_service_as = "system" and $password is empty,
311 311 # or $run_service_as is some privileged user and (hopefully) $password contains
312 # at this point, we either have $run_service_as = "system" and $password is empty, 312 # the correct password. So, from here out, we use '-z "${password}"' to discriminate
313 # or $run_service_as is some privileged user and (hopefully) $password contains 313 # the two cases.
314 # the correct password. So, from here out, we use '-z "${password}"' to discriminate 314
315 # the two cases. 315 csih_check_user "${run_service_as}"
316 316
317 csih_check_user "${run_service_as}" 317 if [ -n "${csih_cygenv}" ]
318 318 then
319 if [ -z "${password}" ] 319 cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
320 then 320 fi
321 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \ 321 if [ -z "${password}" ]
322 -e CYGWIN="${csih_cygenv}" 322 then
323 then 323 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
324 echo 324 -a "-D" -y tcpip ${cygwin_env}
325 csih_inform "The sshd service has been installed under the LocalSystem" 325 then
326 csih_inform "account (also known as SYSTEM). To start the service now, call" 326 echo
327 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" 327 csih_inform "The sshd service has been installed under the LocalSystem"
328 csih_inform "will start automatically after the next reboot." 328 csih_inform "account (also known as SYSTEM). To start the service now, call"
329 fi 329 csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
330 else 330 csih_inform "will start automatically after the next reboot."
331 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \ 331 fi
332 -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}" 332 else
333 then 333 if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
334 -a "-D" -y tcpip ${cygwin_env} \
335 -u "${run_service_as}" -w "${password}"
336 then
334 echo 337 echo
335 csih_inform "The sshd service has been installed under the '${run_service_as}'" 338 csih_inform "The sshd service has been installed under the '${run_service_as}'"
336 csih_inform "account. To start the service now, call \`net start sshd' or" 339 csih_inform "account. To start the service now, call \`net start sshd' or"
337 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" 340 csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
338 csih_inform "after the next reboot." 341 csih_inform "after the next reboot."
339 fi 342 fi
340 fi 343 fi
341 344
342 # now, if successfully installed, set ownership of the affected files 345 # now, if successfully installed, set ownership of the affected files
343 if cygrunsrv -Q sshd >/dev/null 2>&1 346 if cygrunsrv -Q sshd >/dev/null 2>&1
344 then 347 then
345 chown "${run_service_as}" ${SYSCONFDIR}/ssh* 348 chown "${run_service_as}" ${SYSCONFDIR}/ssh*
346 chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty 349 chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
347 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog 350 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
348 if [ -f ${LOCALSTATEDIR}/log/sshd.log ] 351 if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
349 then 352 then
350 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log 353 chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log
351 fi 354 fi
352 else 355 else
353 csih_warning "Something went wrong installing the sshd service." 356 csih_warning "Something went wrong installing the sshd service."
354 fi 357 fi
355 fi # user allowed us to install as service 358 fi # user allowed us to install as service
356 fi # service not yet installed 359 fi # service not yet installed
357 fi # csih_is_nt 360 fi # csih_is_nt
@@ -456,7 +459,7 @@ done
456 459
457# Check for running ssh/sshd processes first. Refuse to do anything while 460# Check for running ssh/sshd processes first. Refuse to do anything while
458# some ssh processes are still running 461# some ssh processes are still running
459if ps -ef | grep -v grep | grep -q ssh 462if ps -ef | grep -q '/sshd\?$'
460then 463then
461 echo 464 echo
462 csih_error "There are still ssh processes running. Please shut them down first." 465 csih_error "There are still ssh processes running. Please shut them down first."
@@ -475,9 +478,9 @@ setfacl -m u:system:rwx "${LOCALSTATEDIR}/log"
475# Create /var/log/lastlog if not already exists 478# Create /var/log/lastlog if not already exists
476if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] 479if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
477then 480then
478 echo 481 echo
479 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \ 482 csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
480 "Cannot create ssh host configuration." 483 "Cannot create ssh host configuration."
481fi 484fi
482if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] 485if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
483then 486then
@@ -520,7 +523,7 @@ sshd_privsep
520 523
521 524
522 525
523update_services_file 526update_services_file
524update_inetd_conf 527update_inetd_conf
525install_service 528install_service
526 529
diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass.c
deleted file mode 100644
index 7cece5620..000000000
--- a/contrib/gnome-ssh-askpass.c
+++ /dev/null
@@ -1,168 +0,0 @@
1/*
2 * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25/*
26 * This is a simple GNOME SSH passphrase grabber. To use it, set the
27 * environment variable SSH_ASKPASS to point to the location of
28 * gnome-ssh-askpass before calling "ssh-add < /dev/null".
29 *
30 * There is only two run-time options: if you set the environment variable
31 * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
32 * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
33 * pointer will be grabbed too. These may have some benefit to security if
34 * you don't trust your X server. We grab the keyboard always.
35 */
36
37/*
38 * Compile with:
39 *
40 * cc `gnome-config --cflags gnome gnomeui` \
41 * gnome-ssh-askpass.c -o gnome-ssh-askpass \
42 * `gnome-config --libs gnome gnomeui`
43 *
44 */
45
46#include <stdlib.h>
47#include <stdio.h>
48#include <string.h>
49#include <gnome.h>
50#include <X11/Xlib.h>
51#include <gdk/gdkx.h>
52
53void
54report_failed_grab (void)
55{
56 GtkWidget *err;
57
58 err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
59 "A malicious client may be eavesdropping on your session.",
60 GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
61 gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
62 gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
63
64 gnome_dialog_run_and_close(GNOME_DIALOG(err));
65}
66
67void
68passphrase_dialog(char *message)
69{
70 char *passphrase;
71 char **messages;
72 int result, i, grab_server, grab_pointer;
73 GtkWidget *dialog, *entry, *label;
74
75 grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
76 grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
77
78 dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
79 GNOME_STOCK_BUTTON_CANCEL, NULL);
80
81 messages = g_strsplit(message, "\\n", 0);
82 if (messages)
83 for(i = 0; messages[i]; i++) {
84 label = gtk_label_new(messages[i]);
85 gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
86 label, FALSE, FALSE, 0);
87 }
88
89 entry = gtk_entry_new();
90 gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
91 FALSE, 0);
92 gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
93 gtk_widget_grab_focus(entry);
94
95 /* Center window and prepare for grab */
96 gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
97 gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
98 gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
99 gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
100 gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
101 gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
102 GNOME_PAD);
103 gtk_widget_show_all(dialog);
104
105 /* Grab focus */
106 if (grab_server)
107 XGrabServer(GDK_DISPLAY());
108 if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
109 NULL, NULL, GDK_CURRENT_TIME))
110 goto nograb;
111 if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
112 goto nograbkb;
113
114 /* Make <enter> close dialog */
115 gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
116
117 /* Run dialog */
118 result = gnome_dialog_run(GNOME_DIALOG(dialog));
119
120 /* Ungrab */
121 if (grab_server)
122 XUngrabServer(GDK_DISPLAY());
123 if (grab_pointer)
124 gdk_pointer_ungrab(GDK_CURRENT_TIME);
125 gdk_keyboard_ungrab(GDK_CURRENT_TIME);
126 gdk_flush();
127
128 /* Report passphrase if user selected OK */
129 passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
130 if (result == 0)
131 puts(passphrase);
132
133 /* Zero passphrase in memory */
134 memset(passphrase, '\0', strlen(passphrase));
135 gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
136
137 gnome_dialog_close(GNOME_DIALOG(dialog));
138 return;
139
140 /* At least one grab failed - ungrab what we got, and report
141 the failure to the user. Note that XGrabServer() cannot
142 fail. */
143 nograbkb:
144 gdk_pointer_ungrab(GDK_CURRENT_TIME);
145 nograb:
146 if (grab_server)
147 XUngrabServer(GDK_DISPLAY());
148 gnome_dialog_close(GNOME_DIALOG(dialog));
149
150 report_failed_grab();
151}
152
153int
154main(int argc, char **argv)
155{
156 char *message;
157
158 gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
159
160 if (argc == 2)
161 message = argv[1];
162 else
163 message = "Enter your OpenSSH passphrase:";
164
165 setvbuf(stdout, 0, _IONBF, 0);
166 passphrase_dialog(message);
167 return 0;
168}
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index bb9e4d616..10bdc1989 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 5.1p1 1%define ver 5.2p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
@@ -333,7 +333,7 @@ fi
333 333
334%files 334%files
335%defattr(-,root,root) 335%defattr(-,root,root)
336%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* 336%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING*
337%attr(0755,root,root) %{_bindir}/scp 337%attr(0755,root,root) %{_bindir}/scp
338%attr(0644,root,root) %{_mandir}/man1/scp.1* 338%attr(0644,root,root) %{_mandir}/man1/scp.1*
339%attr(0755,root,root) %dir %{_sysconfdir}/ssh 339%attr(0755,root,root) %dir %{_sysconfdir}/ssh
diff --git a/contrib/redhat/sshd.pam b/contrib/redhat/sshd.pam
index e48607766..ffa5adbe5 100644
--- a/contrib/redhat/sshd.pam
+++ b/contrib/redhat/sshd.pam
@@ -1,6 +1,6 @@
1#%PAM-1.0 1#%PAM-1.0
2auth required pam_stack.so service=system-auth 2auth required pam_stack.so service=system-auth
3auth required pam_nologin.so 3account required pam_nologin.so
4account required pam_stack.so service=system-auth 4account required pam_stack.so service=system-auth
5password required pam_stack.so service=system-auth 5password required pam_stack.so service=system-auth
6session required pam_stack.so service=system-auth 6session required pam_stack.so service=system-auth
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
deleted file mode 100755
index 29d096306..000000000
--- a/contrib/solaris/buildpkg.sh
+++ /dev/null
@@ -1,386 +0,0 @@
1#!/bin/sh
2#
3# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
4#
5# The following code has been provide under Public Domain License. I really
6# don't care what you use it for. Just as long as you don't complain to me
7# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
8#
9umask 022
10#
11# Options for building the package
12# You can create a config.local with your customized options
13#
14# uncommenting TEST_DIR and using
15# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
16# and
17# PKGNAME=tOpenSSH should allow testing a package without interfering
18# with a real OpenSSH package on a system. This is not needed on systems
19# that support the -R option to pkgadd.
20#TEST_DIR=/var/tmp # leave commented out for production build
21PKGNAME=OpenSSH
22SYSVINIT_NAME=opensshd
23MAKE=${MAKE:="make"}
24SSHDUID=67 # Default privsep uid
25SSHDGID=67 # Default privsep gid
26# uncomment these next three as needed
27#PERMIT_ROOT_LOGIN=no
28#X11_FORWARDING=yes
29#USR_LOCAL_IS_SYMLINK=yes
30# list of system directories we do NOT want to change owner/group/perms
31# when installing our package
32SYSTEM_DIR="/etc \
33/etc/init.d \
34/etc/rcS.d \
35/etc/rc0.d \
36/etc/rc1.d \
37/etc/rc2.d \
38/etc/opt \
39/opt \
40/opt/bin \
41/usr \
42/usr/bin \
43/usr/lib \
44/usr/sbin \
45/usr/share \
46/usr/share/man \
47/usr/share/man/man1 \
48/usr/share/man/man8 \
49/usr/local \
50/usr/local/bin \
51/usr/local/etc \
52/usr/local/libexec \
53/usr/local/man \
54/usr/local/man/man1 \
55/usr/local/man/man8 \
56/usr/local/sbin \
57/usr/local/share \
58/var \
59/var/opt \
60/var/run \
61/var/tmp \
62/tmp"
63
64# We may need to build as root so we make sure PATH is set up
65# only set the path if it's not set already
66[ -d /usr/local/bin ] && {
67 echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
68 [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
69}
70[ -d /usr/ccs/bin ] && {
71 echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
72 [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
73}
74export PATH
75#
76
77[ -f Makefile ] || {
78 echo "Please run this script from your build directory"
79 exit 1
80}
81
82# we will look for config.local to override the above options
83[ -s ./config.local ] && . ./config.local
84
85## Start by faking root install
86echo "Faking root install..."
87START=`pwd`
88OPENSSHD_IN=`dirname $0`/opensshd.in
89FAKE_ROOT=$START/package
90[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
91mkdir $FAKE_ROOT
92${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
93if [ $? -gt 0 ]
94then
95 echo "Fake root install failed, stopping."
96 exit 1
97fi
98
99## Fill in some details, like prefix and sysconfdir
100for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
101do
102 eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
103done
104
105
106## Collect value of privsep user
107for confvar in SSH_PRIVSEP_USER
108do
109 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
110done
111
112## Set privsep defaults if not defined
113if [ -z "$SSH_PRIVSEP_USER" ]
114then
115 SSH_PRIVSEP_USER=sshd
116fi
117
118## Extract common info requires for the 'info' part of the package.
119VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
120
121UNAME_S=`uname -s`
122case ${UNAME_S} in
123 SunOS) UNAME_S=Solaris
124 ARCH=`uname -p`
125 RCS_D=yes
126 DEF_MSG="(default: n)"
127 ;;
128 *) ARCH=`uname -m`
129 DEF_MSG="\n" ;;
130esac
131
132## Setup our run level stuff while we are at it.
133mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
134
135## setup our initscript correctly
136sed -e "s#%%configDir%%#${sysconfdir}#g" \
137 -e "s#%%openSSHDir%%#$prefix#g" \
138 -e "s#%%pidDir%%#${piddir}#g" \
139 ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
140chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
141
142[ "${PERMIT_ROOT_LOGIN}" = no ] && \
143 perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
144 $FAKE_ROOT/${sysconfdir}/sshd_config
145[ "${X11_FORWARDING}" = yes ] && \
146 perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
147 $FAKE_ROOT/${sysconfdir}/sshd_config
148# fix PrintMotd
149perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
150 $FAKE_ROOT/${sysconfdir}/sshd_config
151
152# We don't want to overwrite config files on multiple installs
153mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
154mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
155[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
156mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
157
158cd $FAKE_ROOT
159
160## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
161## whining.
162for i in *; do
163 PROTO_ARGS="$PROTO_ARGS $i=/$i";
164done
165
166## Build info file
167echo "Building pkginfo file..."
168cat > pkginfo << _EOF
169PKG=$PKGNAME
170NAME="OpenSSH Portable for ${UNAME_S}"
171DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
172VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
173ARCH=$ARCH
174VERSION=$VERSION
175CATEGORY="Security,application"
176BASEDIR=/
177CLASSES="none"
178_EOF
179
180## Build preinstall file
181echo "Building preinstall file..."
182cat > preinstall << _EOF
183#! /sbin/sh
184#
185[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
186exit 0
187_EOF
188
189## Build postinstall file
190echo "Building postinstall file..."
191cat > postinstall << _EOF
192#! /sbin/sh
193#
194[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
195 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
196 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
197[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
198 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
199 \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
200[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
201 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
202 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
203 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
204}
205
206# make rc?.d dirs only if we are doing a test install
207[ -n "${TEST_DIR}" ] && {
208 [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
209 mkdir -p ${TEST_DIR}/etc/rc0.d
210 mkdir -p ${TEST_DIR}/etc/rc1.d
211 mkdir -p ${TEST_DIR}/etc/rc2.d
212}
213
214if [ "\${USE_SYM_LINKS}" = yes ]
215then
216 [ "$RCS_D" = yes ] && \
217installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
218 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
219 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
220 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
221else
222 [ "$RCS_D" = yes ] && \
223installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
224 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
225 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
226 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
227fi
228
229# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
230[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
231
232installf -f ${PKGNAME}
233
234# Use chroot to handle PKG_INSTALL_ROOT
235if [ ! -z "\${PKG_INSTALL_ROOT}" ]
236then
237 chroot="chroot \${PKG_INSTALL_ROOT}"
238fi
239# If this is a test build, we will skip the groupadd/useradd/passwd commands
240if [ ! -z "${TEST_DIR}" ]
241then
242 chroot=echo
243fi
244
245if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
246then
247 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
248 echo "or group."
249else
250 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
251
252 # create group if required
253 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
254 then
255 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
256 else
257 # Use gid of 67 if possible
258 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
259 then
260 :
261 else
262 sshdgid="-g $SSHDGID"
263 fi
264 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
265 \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
266 fi
267
268 # Create user if required
269 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
270 then
271 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
272 else
273 # Use uid of 67 if possible
274 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
275 then
276 :
277 else
278 sshduid="-u $SSHDUID"
279 fi
280 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
281 \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
282 \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
283 fi
284fi
285
286[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
287exit 0
288_EOF
289
290## Build preremove file
291echo "Building preremove file..."
292cat > preremove << _EOF
293#! /sbin/sh
294#
295${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
296exit 0
297_EOF
298
299## Build request file
300echo "Building request file..."
301cat > request << _EOF
302trap 'exit 3' 15
303USE_SYM_LINKS=no
304PRE_INS_STOP=no
305POST_INS_START=no
306# Use symbolic links?
307ans=\`ckyorn -d n \
308-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
309case \$ans in
310 [y,Y]*) USE_SYM_LINKS=yes ;;
311esac
312
313# determine if should restart the daemon
314if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
315then
316 ans=\`ckyorn -d n \
317-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
318 case \$ans in
319 [y,Y]*) PRE_INS_STOP=yes
320 POST_INS_START=yes
321 ;;
322 esac
323
324else
325
326# determine if we should start sshd
327 ans=\`ckyorn -d n \
328-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
329 case \$ans in
330 [y,Y]*) POST_INS_START=yes ;;
331 esac
332fi
333
334# make parameters available to installation service,
335# and so to any other packaging scripts
336cat >\$1 <<!
337USE_SYM_LINKS='\$USE_SYM_LINKS'
338PRE_INS_STOP='\$PRE_INS_STOP'
339POST_INS_START='\$POST_INS_START'
340!
341exit 0
342
343_EOF
344
345## Build space file
346echo "Building space file..."
347cat > space << _EOF
348# extra space required by start/stop links added by installf in postinstall
349$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
350$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
351$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
352_EOF
353[ "$RCS_D" = yes ] && \
354echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
355
356## Next Build our prototype
357echo "Building prototype file..."
358cat >mk-proto.awk << _EOF
359 BEGIN { print "i pkginfo"; print "i preinstall"; \\
360 print "i postinstall"; print "i preremove"; \\
361 print "i request"; print "i space"; \\
362 split("$SYSTEM_DIR",sys_files); }
363 {
364 for (dir in sys_files) { if ( \$3 != sys_files[dir] )
365 { \$5="root"; \$6="sys"; }
366 else
367 { \$4="?"; \$5="?"; \$6="?"; break;}
368 } }
369 { print; }
370_EOF
371find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
372 pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
373
374# /usr/local is a symlink on some systems
375[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
376 grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
377 mv prototype.new prototype
378}
379
380## Step back a directory and now build the package.
381echo "Building package.."
382cd ..
383pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
384echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
385rm -rf $FAKE_ROOT
386
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
deleted file mode 100755
index 50e18deea..000000000
--- a/contrib/solaris/opensshd.in
+++ /dev/null
@@ -1,82 +0,0 @@
1#!/sbin/sh
2# Donated code that was put under PD license.
3#
4# Stripped PRNGd out of it for the time being.
5
6umask 022
7
8CAT=/usr/bin/cat
9KILL=/usr/bin/kill
10
11prefix=%%openSSHDir%%
12etcdir=%%configDir%%
13piddir=%%pidDir%%
14
15SSHD=$prefix/sbin/sshd
16PIDFILE=$piddir/sshd.pid
17SSH_KEYGEN=$prefix/bin/ssh-keygen
18HOST_KEY_RSA1=$etcdir/ssh_host_key
19HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
20HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
21
22
23checkkeys() {
24 if [ ! -f $HOST_KEY_RSA1 ]; then
25 ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
26 fi
27 if [ ! -f $HOST_KEY_DSA ]; then
28 ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
29 fi
30 if [ ! -f $HOST_KEY_RSA ]; then
31 ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
32 fi
33}
34
35stop_service() {
36 if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
37 PID=`${CAT} ${PIDFILE}`
38 fi
39 if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
40 ${KILL} ${PID}
41 else
42 echo "Unable to read PID file"
43 fi
44}
45
46start_service() {
47 # XXX We really should check if the service is already going, but
48 # XXX we will opt out at this time. - Bal
49
50 # Check to see if we have keys that need to be made
51 checkkeys
52
53 # Start SSHD
54 echo "starting $SSHD... \c" ; $SSHD
55
56 sshd_rc=$?
57 if [ $sshd_rc -ne 0 ]; then
58 echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
59 exit $sshd_rc
60 fi
61 echo done.
62}
63
64case $1 in
65
66'start')
67 start_service
68 ;;
69
70'stop')
71 stop_service
72 ;;
73
74'restart')
75 stop_service
76 start_service
77 ;;
78
79*)
80 echo "$0: usage: $0 {start|stop|restart}"
81 ;;
82esac
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index acd36d398..df74d25c8 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -1,11 +1,11 @@
1#!/bin/sh 1#!/bin/sh
2 2
3# Shell script to install your identity.pub on a remote machine 3# Shell script to install your public key on a remote machine
4# Takes the remote machine name as an argument. 4# Takes the remote machine name as an argument.
5# Obviously, the remote machine must accept password authentication, 5# Obviously, the remote machine must accept password authentication,
6# or one of the other keys in your ssh-agent, for this to work. 6# or one of the other keys in your ssh-agent, for this to work.
7 7
8ID_FILE="${HOME}/.ssh/identity.pub" 8ID_FILE="${HOME}/.ssh/id_rsa.pub"
9 9
10if [ "-i" = "$1" ]; then 10if [ "-i" = "$1" ]; then
11 shift 11 shift
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index b331fa149..f25ed01f2 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -18,7 +18,7 @@ the original English.
18.. 18..
19.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH" 19.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH"
20.SH NAME 20.SH NAME
21ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys 21ssh-copy-id \- install your public key in a remote machine's authorized_keys
22.SH SYNOPSIS 22.SH SYNOPSIS
23.B ssh-copy-id [-i [identity_file]] 23.B ssh-copy-id [-i [identity_file]]
24.I "[user@]machine" 24.I "[user@]machine"
@@ -42,7 +42,7 @@ set in its configuration).
42If the 42If the
43.B -i 43.B -i
44option is given then the identity file (defaults to 44option is given then the identity file (defaults to
45.BR ~/.ssh/identity.pub ) 45.BR ~/.ssh/id_rsa.pub )
46is used, regardless of whether there are any keys in your 46is used, regardless of whether there are any keys in your
47.BR ssh-agent . 47.BR ssh-agent .
48Otherwise, if this: 48Otherwise, if this:
diff --git a/contrib/sshd.pam.generic b/contrib/sshd.pam.generic
index cf5af3024..215f0fe30 100644
--- a/contrib/sshd.pam.generic
+++ b/contrib/sshd.pam.generic
@@ -1,6 +1,6 @@
1#%PAM-1.0 1#%PAM-1.0
2auth required /lib/security/pam_unix.so shadow nodelay 2auth required /lib/security/pam_unix.so shadow nodelay
3auth required /lib/security/pam_nologin.so 3account required /lib/security/pam_nologin.so
4account required /lib/security/pam_unix.so 4account required /lib/security/pam_unix.so
5password required /lib/security/pam_cracklib.so 5password required /lib/security/pam_cracklib.so
6password required /lib/security/pam_unix.so shadow nullok use_authtok 6password required /lib/security/pam_unix.so shadow nullok use_authtok
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 7bd9e0569..62f43e137 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 5.1p1 16Version: 5.2p1
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
@@ -200,7 +200,7 @@ fi
200 200
201%files 201%files
202%defattr(-,root,root) 202%defattr(-,root,root)
203%doc ChangeLog OVERVIEW README* 203%doc ChangeLog OVERVIEW README* PROTOCOL*
204%doc TODO CREDITS LICENCE 204%doc TODO CREDITS LICENCE
205%attr(0755,root,root) %dir %{_sysconfdir}/ssh 205%attr(0755,root,root) %dir %{_sysconfdir}/ssh
206%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config 206%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd
index 573960bfa..4d4880d7e 100644
--- a/contrib/suse/rc.sshd
+++ b/contrib/suse/rc.sshd
@@ -45,17 +45,17 @@ case "$1" in
45 start) 45 start)
46 if ! test -f /etc/ssh/ssh_host_key ; then 46 if ! test -f /etc/ssh/ssh_host_key ; then
47 echo Generating /etc/ssh/ssh_host_key. 47 echo Generating /etc/ssh/ssh_host_key.
48 ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' 48 ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
49 fi 49 fi
50 if ! test -f /etc/ssh/ssh_host_dsa_key ; then 50 if ! test -f /etc/ssh/ssh_host_dsa_key ; then
51 echo Generating /etc/ssh/ssh_host_dsa_key. 51 echo Generating /etc/ssh/ssh_host_dsa_key.
52 52
53 ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N '' 53 ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
54 fi 54 fi
55 if ! test -f /etc/ssh/ssh_host_rsa_key ; then 55 if ! test -f /etc/ssh/ssh_host_rsa_key ; then
56 echo Generating /etc/ssh/ssh_host_rsa_key. 56 echo Generating /etc/ssh/ssh_host_rsa_key.
57 57
58 ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N '' 58 ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
59 fi 59 fi
60 echo -n "Starting SSH daemon" 60 echo -n "Starting SSH daemon"
61 ## Start daemon with startproc(8). If this fails 61 ## Start daemon with startproc(8). If this fails