Import OpenSSH 3.9p1.

author: Colin Watson <cjwatson@debian.org> 2005-01-04 12:58:23 +0000
committer: Colin Watson <cjwatson@debian.org> 2005-01-04 12:58:23 +0000
commit: ebd2ce335af5861020c79fddb1ae35c03bf036cf (patch)
tree: ec008b93c62e3241ab611d8c949ebc92905c66b4 /contrib
parent: e17cc75fe35f62ba52928b5889b5e7aadb62bedb (diff)
parent: 16f1d21ea191deaaeeba719d01c0ad82aa044653 (diff)
4 files changed, 636 insertions, 0 deletions
diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass.c
new file mode 100644
index 000000000..7cece5620
--- /dev/null
+++ b/contrib/gnome-ssh-askpass.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the 
+ * environment variable SSH_ASKPASS to point to the location of 
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
+ * pointer will be grabbed too. These may have some benefit to security if 
+ * you don't trust your X server. We grab the keyboard always.
+ */
+/*
+ * Compile with:
+ *
+ * cc `gnome-config --cflags gnome gnomeui` \
+ *    gnome-ssh-askpass.c -o gnome-ssh-askpass \
+ *    `gnome-config --libs gnome gnomeui`
+ *
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnome.h>
+#include <X11/Xlib.h>
+#include <gdk/gdkx.h>
+void
+report_failed_grab (void)
+{
+        GtkWidget *err;
+        err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
+                "A malicious client may be eavesdropping on your session.",
+                                    GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
+        gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+        gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
+        gnome_dialog_run_and_close(GNOME_DIALOG(err));
+}
+void
+passphrase_dialog(char *message)
+{
+        char *passphrase;
+        char **messages;
+        int result, i, grab_server, grab_pointer;
+        GtkWidget *dialog, *entry, *label;
+        grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+        grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+        dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
+            GNOME_STOCK_BUTTON_CANCEL, NULL);
+        messages = g_strsplit(message, "\\n", 0);
+        if (messages)
+                for(i = 0; messages[i]; i++) {
+                        label = gtk_label_new(messages[i]);
+                        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
+                            label, FALSE, FALSE, 0);
+                }
+        entry = gtk_entry_new();
+        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, 
+            FALSE, 0);
+        gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+        gtk_widget_grab_focus(entry);
+        /* Center window and prepare for grab */
+        gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
+        gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
+        gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+        gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
+        gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
+        gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
+            GNOME_PAD);
+        gtk_widget_show_all(dialog);
+        /* Grab focus */
+        if (grab_server)
+                XGrabServer(GDK_DISPLAY());
+        if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, 
+            NULL, NULL, GDK_CURRENT_TIME))
+                goto nograb;
+        if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
+                goto nograbkb;
+        /* Make <enter> close dialog */
+        gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
+        /* Run dialog */
+        result = gnome_dialog_run(GNOME_DIALOG(dialog));
+        /* Ungrab */
+        if (grab_server)
+                XUngrabServer(GDK_DISPLAY());
+        if (grab_pointer)
+                gdk_pointer_ungrab(GDK_CURRENT_TIME);
+        gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+        gdk_flush();
+        /* Report passphrase if user selected OK */
+        passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
+        if (result == 0)
+                puts(passphrase);
+                
+        /* Zero passphrase in memory */
+        memset(passphrase, '\0', strlen(passphrase));
+        gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+                        
+        gnome_dialog_close(GNOME_DIALOG(dialog));
+        return;
+        /* At least one grab failed - ungrab what we got, and report
+           the failure to the user.  Note that XGrabServer() cannot
+           fail.  */
+ nograbkb:
+        gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+        if (grab_server)
+                XUngrabServer(GDK_DISPLAY());
+        gnome_dialog_close(GNOME_DIALOG(dialog));
+        
+        report_failed_grab();
+}
+int
+main(int argc, char **argv)
+{
+        char *message;
+        
+        gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
+        if (argc == 2)
+                message = argv[1];
+        else
+                message = "Enter your OpenSSH passphrase:";
+        setvbuf(stdout, 0, _IONBF, 0);
+        passphrase_dialog(message);
+        return 0;
+}
diff --git a/contrib/solaris/README b/contrib/solaris/README
index fefdd4b53..fefdd4b53 100644..100755
--- a/contrib/solaris/README
+++ b/contrib/solaris/README
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
new file mode 100755
index 000000000..29d096306
--- /dev/null
+++ b/contrib/solaris/buildpkg.sh
@@ -0,0 +1,386 @@
+#!/bin/sh
+#
+# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
+#
+# The following code has been provide under Public Domain License.  I really
+# don't care what you use it for.  Just as long as you don't complain to me
+# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
+#
+umask 022
+#
+# Options for building the package
+# You can create a config.local with your customized options
+#
+# uncommenting TEST_DIR and using
+# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
+# and
+# PKGNAME=tOpenSSH should allow testing a package without interfering
+# with a real OpenSSH package on a system. This is not needed on systems
+# that support the -R option to pkgadd.
+#TEST_DIR=/var/tmp      # leave commented out for production build
+PKGNAME=OpenSSH
+SYSVINIT_NAME=opensshd
+MAKE=${MAKE:="make"}
+SSHDUID=67      # Default privsep uid
+SSHDGID=67      # Default privsep gid
+# uncomment these next three as needed
+#PERMIT_ROOT_LOGIN=no
+#X11_FORWARDING=yes
+#USR_LOCAL_IS_SYMLINK=yes
+# list of system directories we do NOT want to change owner/group/perms
+# when installing our package
+SYSTEM_DIR="/etc        \
+/etc/init.d             \
+/etc/rcS.d              \
+/etc/rc0.d              \
+/etc/rc1.d              \
+/etc/rc2.d              \
+/etc/opt                \
+/opt                    \
+/opt/bin                \
+/usr                    \
+/usr/bin                \
+/usr/lib                \
+/usr/sbin               \
+/usr/share              \
+/usr/share/man          \
+/usr/share/man/man1     \
+/usr/share/man/man8     \
+/usr/local              \
+/usr/local/bin          \
+/usr/local/etc          \
+/usr/local/libexec      \
+/usr/local/man          \
+/usr/local/man/man1     \
+/usr/local/man/man8     \
+/usr/local/sbin         \
+/usr/local/share        \
+/var                    \
+/var/opt                \
+/var/run                \
+/var/tmp                \
+/tmp"
+# We may need to build as root so we make sure PATH is set up
+# only set the path if it's not set already
+[ -d /usr/local/bin ]  &&  {
+        echo $PATH | grep ":/usr/local/bin"  > /dev/null 2>&1
+        [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
+}
+[ -d /usr/ccs/bin ]  &&  {
+        echo $PATH | grep ":/usr/ccs/bin"  > /dev/null 2>&1
+        [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
+}
+export PATH
+#
+[ -f Makefile ]  ||  {
+        echo "Please run this script from your build directory"
+        exit 1
+}
+# we will look for config.local to override the above options
+[ -s ./config.local ]  &&  . ./config.local
+## Start by faking root install
+echo "Faking root install..."
+START=`pwd`
+OPENSSHD_IN=`dirname $0`/opensshd.in
+FAKE_ROOT=$START/package
+[ -d $FAKE_ROOT ]  &&  rm -fr $FAKE_ROOT
+mkdir $FAKE_ROOT
+${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
+if [ $? -gt 0 ]
+then
+        echo "Fake root install failed, stopping."
+        exit 1
+fi
+## Fill in some details, like prefix and sysconfdir
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
+do
+        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
+done
+## Collect value of privsep user
+for confvar in SSH_PRIVSEP_USER
+do
+        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+done
+## Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+        SSH_PRIVSEP_USER=sshd
+fi
+## Extract common info requires for the 'info' part of the package.
+VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
+UNAME_S=`uname -s`
+case ${UNAME_S} in
+        SunOS)  UNAME_S=Solaris
+                ARCH=`uname -p`
+                RCS_D=yes
+                DEF_MSG="(default: n)"
+                ;;
+        *)      ARCH=`uname -m`
+                DEF_MSG="\n" ;;
+esac
+## Setup our run level stuff while we are at it.
+mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
+## setup our initscript correctly
+sed -e "s#%%configDir%%#${sysconfdir}#g"        \
+    -e "s#%%openSSHDir%%#$prefix#g"             \
+    -e "s#%%pidDir%%#${piddir}#g"               \
+        ${OPENSSHD_IN}  > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+[ "${PERMIT_ROOT_LOGIN}" = no ]  &&  \
+        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
+[ "${X11_FORWARDING}" = yes ]  &&  \
+        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
+# fix PrintMotd
+perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
+        $FAKE_ROOT/${sysconfdir}/sshd_config
+# We don't want to overwrite config files on multiple installs
+mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
+mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
+[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ]  &&  \
+mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
+cd $FAKE_ROOT
+## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
+## whining.
+for i in *; do
+  PROTO_ARGS="$PROTO_ARGS $i=/$i";
+done
+## Build info file
+echo "Building pkginfo file..."
+cat > pkginfo << _EOF
+PKG=$PKGNAME
+NAME="OpenSSH Portable for ${UNAME_S}"
+DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
+VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
+ARCH=$ARCH
+VERSION=$VERSION
+CATEGORY="Security,application"
+BASEDIR=/
+CLASSES="none"
+_EOF
+## Build preinstall file
+echo "Building preinstall file..."
+cat > preinstall << _EOF
+#! /sbin/sh
+#
+[ "\${PRE_INS_STOP}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+exit 0
+_EOF
+## Build postinstall file
+echo "Building postinstall file..."
+cat > postinstall << _EOF
+#! /sbin/sh
+#
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ]  ||  \\
+        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
+                \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ]  ||  \\
+        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
+                \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ]  &&  {
+        [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ]  ||  \\
+        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
+                \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
+}
+# make rc?.d dirs only if we are doing a test install
+[ -n "${TEST_DIR}" ]  &&  {
+        [ "$RCS_D" = yes ]  &&  mkdir -p ${TEST_DIR}/etc/rcS.d
+        mkdir -p ${TEST_DIR}/etc/rc0.d
+        mkdir -p ${TEST_DIR}/etc/rc1.d
+        mkdir -p ${TEST_DIR}/etc/rc2.d
+}
+if [ "\${USE_SYM_LINKS}" = yes ]
+then
+        [ "$RCS_D" = yes ]  &&  \
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+else
+        [ "$RCS_D" = yes ]  &&  \
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+fi
+# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
+[ -d $piddir ]  ||  installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
+installf -f ${PKGNAME}
+# Use chroot to handle PKG_INSTALL_ROOT
+if [ ! -z "\${PKG_INSTALL_ROOT}" ]
+then
+        chroot="chroot \${PKG_INSTALL_ROOT}"
+fi
+# If this is a test build, we will skip the groupadd/useradd/passwd commands
+if [ ! -z "${TEST_DIR}" ]
+then
+        chroot=echo
+fi
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
+then
+        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+        echo "or group."
+else
+        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+        # create group if required
+        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+        else
+                # Use gid of 67 if possible
+                if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
+                then
+                        :
+                else
+                        sshdgid="-g $SSHDGID"
+                fi
+                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+                \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
+        fi
+        # Create user if required
+        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        else
+                # Use uid of 67 if possible
+                if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
+                then
+                        :
+                else
+                        sshduid="-u $SSHDUID"
+                fi
+                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+                \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
+                \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
+        fi
+fi
+[ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
+exit 0
+_EOF
+## Build preremove file
+echo "Building preremove file..."
+cat > preremove << _EOF
+#! /sbin/sh
+#
+${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+exit 0
+_EOF
+## Build request file
+echo "Building request file..."
+cat > request << _EOF
+trap 'exit 3' 15
+USE_SYM_LINKS=no
+PRE_INS_STOP=no
+POST_INS_START=no
+# Use symbolic links?
+ans=\`ckyorn -d n \
+-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
+case \$ans in
+        [y,Y]*) USE_SYM_LINKS=yes ;;
+esac
+# determine if should restart the daemon
+if [ -s ${piddir}/sshd.pid  -a  -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
+then
+        ans=\`ckyorn -d n \
+-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
+        case \$ans in
+                [y,Y]*) PRE_INS_STOP=yes
+                        POST_INS_START=yes
+                        ;;
+        esac
+else
+# determine if we should start sshd
+        ans=\`ckyorn -d n \
+-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
+        case \$ans in
+                [y,Y]*) POST_INS_START=yes ;;
+        esac
+fi
+# make parameters available to installation service,
+# and so to any other packaging scripts
+cat >\$1 <<!
+USE_SYM_LINKS='\$USE_SYM_LINKS'
+PRE_INS_STOP='\$PRE_INS_STOP'
+POST_INS_START='\$POST_INS_START'
+!
+exit 0
+_EOF
+## Build space file
+echo "Building space file..."
+cat > space << _EOF
+# extra space required by start/stop links added by installf in postinstall
+$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
+$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
+$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
+_EOF
+[ "$RCS_D" = yes ]  &&  \
+echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
+## Next Build our prototype
+echo "Building prototype file..."
+cat >mk-proto.awk << _EOF
+            BEGIN { print "i pkginfo"; print "i preinstall"; \\
+                    print "i postinstall"; print "i preremove"; \\
+                    print "i request"; print "i space"; \\
+                    split("$SYSTEM_DIR",sys_files); }
+            {
+             for (dir in sys_files) { if ( \$3 != sys_files[dir] )
+                     { \$5="root"; \$6="sys"; }
+                else
+                     { \$4="?"; \$5="?"; \$6="?"; break;}
+            } }
+            { print; }
+_EOF
+find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
+        pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
+# /usr/local is a symlink on some systems
+[ "${USR_LOCAL_IS_SYMLINK}" = yes ]  &&  {
+        grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
+        mv prototype.new prototype
+}
+## Step back a directory and now build the package.
+echo "Building package.."
+cd ..
+pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
+rm -rf $FAKE_ROOT
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
new file mode 100755
index 000000000..50e18deea
--- /dev/null
+++ b/contrib/solaris/opensshd.in
@@ -0,0 +1,82 @@
+#!/sbin/sh
+# Donated code that was put under PD license.
+#
+# Stripped PRNGd out of it for the time being.
+umask 022
+CAT=/usr/bin/cat
+KILL=/usr/bin/kill
+prefix=%%openSSHDir%%
+etcdir=%%configDir%%
+piddir=%%pidDir%%
+SSHD=$prefix/sbin/sshd
+PIDFILE=$piddir/sshd.pid
+SSH_KEYGEN=$prefix/bin/ssh-keygen
+HOST_KEY_RSA1=$etcdir/ssh_host_key
+HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
+HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
+checkkeys() {
+    if [ ! -f $HOST_KEY_RSA1 ]; then
+        ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+    fi
+    if [ ! -f $HOST_KEY_DSA ]; then
+        ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
+    fi
+    if [ ! -f $HOST_KEY_RSA ]; then
+        ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
+    fi
+}
+stop_service() {
+    if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
+        PID=`${CAT} ${PIDFILE}`
+    fi
+    if [  ${PID:=0} -gt 1 -a  ! "X$PID" = "X "  ]; then
+        ${KILL} ${PID}
+    else
+        echo "Unable to read PID file"
+    fi
+}
+start_service() {
+    # XXX We really should check if the service is already going, but
+    # XXX we will opt out at this time. - Bal
+    # Check to see if we have keys that need to be made
+    checkkeys
+    # Start SSHD
+    echo "starting $SSHD... \c"         ; $SSHD
+    sshd_rc=$?
+    if [ $sshd_rc -ne 0 ]; then
+        echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
+        exit $sshd_rc
+    fi
+    echo done.
+}
+case $1 in
+'start')
+    start_service
+    ;;
+'stop')
+    stop_service
+    ;;
+'restart')
+    stop_service
+    start_service
+    ;;
+*)
+    echo "$0:  usage:  $0 {start|stop|restart}"
+    ;;
+esac
author	Colin Watson <cjwatson@debian.org>	2005-01-04 12:58:23 +0000
committer	Colin Watson <cjwatson@debian.org>	2005-01-04 12:58:23 +0000
commit	ebd2ce335af5861020c79fddb1ae35c03bf036cf (patch)
tree	ec008b93c62e3241ab611d8c949ebc92905c66b4 /contrib
parent	e17cc75fe35f62ba52928b5889b5e7aadb62bedb (diff)
parent	16f1d21ea191deaaeeba719d01c0ad82aa044653 (diff)

diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass.c new file mode 100644 index 000000000..7cece5620 --- /dev/null +++ b/contrib/gnome-ssh-askpass.c
@@ -0,0 +1,168 @@
	1	/*
	2	* Copyright (c) 2000-2002 Damien Miller. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
	25	/*
	26	* This is a simple GNOME SSH passphrase grabber. To use it, set the
	27	* environment variable SSH_ASKPASS to point to the location of
	28	* gnome-ssh-askpass before calling "ssh-add < /dev/null".
	29	*
	30	* There is only two run-time options: if you set the environment variable
	31	* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
	32	* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
	33	* pointer will be grabbed too. These may have some benefit to security if
	34	* you don't trust your X server. We grab the keyboard always.
	35	*/
	36
	37	/*
	38	* Compile with:
	39	*
	40	* cc `gnome-config --cflags gnome gnomeui` \
	41	* gnome-ssh-askpass.c -o gnome-ssh-askpass \
	42	* `gnome-config --libs gnome gnomeui`
	43	*
	44	*/
	45
	46	#include <stdlib.h>
	47	#include <stdio.h>
	48	#include <string.h>
	49	#include <gnome.h>
	50	#include <X11/Xlib.h>
	51	#include <gdk/gdkx.h>
	52
	53	void
	54	report_failed_grab (void)
	55	{
	56	GtkWidget *err;
	57
	58	err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
	59	"A malicious client may be eavesdropping on your session.",
	60	GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
	61	gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
	62	gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
	63
	64	gnome_dialog_run_and_close(GNOME_DIALOG(err));
	65	}
	66
	67	void
	68	passphrase_dialog(char *message)
	69	{
	70	char *passphrase;
	71	char **messages;
	72	int result, i, grab_server, grab_pointer;
	73	GtkWidget dialog, entry, *label;
	74
	75	grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
	76	grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
	77
	78	dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
	79	GNOME_STOCK_BUTTON_CANCEL, NULL);
	80
	81	messages = g_strsplit(message, "\\n", 0);
	82	if (messages)
	83	for(i = 0; messages[i]; i++) {
	84	label = gtk_label_new(messages[i]);
	85	gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
	86	label, FALSE, FALSE, 0);
	87	}
	88
	89	entry = gtk_entry_new();
	90	gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
	91	FALSE, 0);
	92	gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
	93	gtk_widget_grab_focus(entry);
	94
	95	/* Center window and prepare for grab */
	96	gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
	97	gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
	98	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
	99	gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
	100	gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
	101	gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
	102	GNOME_PAD);
	103	gtk_widget_show_all(dialog);
	104
	105	/* Grab focus */
	106	if (grab_server)
	107	XGrabServer(GDK_DISPLAY());
	108	if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
	109	NULL, NULL, GDK_CURRENT_TIME))
	110	goto nograb;
	111	if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
	112	goto nograbkb;
	113
	114	/* Make <enter> close dialog */
	115	gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
	116
	117	/* Run dialog */
	118	result = gnome_dialog_run(GNOME_DIALOG(dialog));
	119
	120	/* Ungrab */
	121	if (grab_server)
	122	XUngrabServer(GDK_DISPLAY());
	123	if (grab_pointer)
	124	gdk_pointer_ungrab(GDK_CURRENT_TIME);
	125	gdk_keyboard_ungrab(GDK_CURRENT_TIME);
	126	gdk_flush();
	127
	128	/* Report passphrase if user selected OK */
	129	passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
	130	if (result == 0)
	131	puts(passphrase);
	132
	133	/* Zero passphrase in memory */
	134	memset(passphrase, '\0', strlen(passphrase));
	135	gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
	136
	137	gnome_dialog_close(GNOME_DIALOG(dialog));
	138	return;
	139
	140	/* At least one grab failed - ungrab what we got, and report
	141	the failure to the user. Note that XGrabServer() cannot
	142	fail. */
	143	nograbkb:
	144	gdk_pointer_ungrab(GDK_CURRENT_TIME);
	145	nograb:
	146	if (grab_server)
	147	XUngrabServer(GDK_DISPLAY());
	148	gnome_dialog_close(GNOME_DIALOG(dialog));
	149
	150	report_failed_grab();
	151	}
	152
	153	int
	154	main(int argc, char **argv)
	155	{
	156	char *message;
	157
	158	gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
	159
	160	if (argc == 2)
	161	message = argv[1];
	162	else
	163	message = "Enter your OpenSSH passphrase:";
	164
	165	setvbuf(stdout, 0, _IONBF, 0);
	166	passphrase_dialog(message);
	167	return 0;
	168	}


diff --git a/contrib/solaris/README b/contrib/solaris/README index fefdd4b53..fefdd4b53 100644..100755 --- a/contrib/solaris/README +++ b/contrib/solaris/README


diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh new file mode 100755 index 000000000..29d096306 --- /dev/null +++ b/contrib/solaris/buildpkg.sh
@@ -0,0 +1,386 @@
	1	#!/bin/sh
	2	#
	3	# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
	4	#
	5	# The following code has been provide under Public Domain License. I really
	6	# don't care what you use it for. Just as long as you don't complain to me
	7	# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
	8	#
	9	umask 022
	10	#
	11	# Options for building the package
	12	# You can create a config.local with your customized options
	13	#
	14	# uncommenting TEST_DIR and using
	15	# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
	16	# and
	17	# PKGNAME=tOpenSSH should allow testing a package without interfering
	18	# with a real OpenSSH package on a system. This is not needed on systems
	19	# that support the -R option to pkgadd.
	20	#TEST_DIR=/var/tmp # leave commented out for production build
	21	PKGNAME=OpenSSH
	22	SYSVINIT_NAME=opensshd
	23	MAKE=${MAKE:="make"}
	24	SSHDUID=67 # Default privsep uid
	25	SSHDGID=67 # Default privsep gid
	26	# uncomment these next three as needed
	27	#PERMIT_ROOT_LOGIN=no
	28	#X11_FORWARDING=yes
	29	#USR_LOCAL_IS_SYMLINK=yes
	30	# list of system directories we do NOT want to change owner/group/perms
	31	# when installing our package
	32	SYSTEM_DIR="/etc \
	33	/etc/init.d \
	34	/etc/rcS.d \
	35	/etc/rc0.d \
	36	/etc/rc1.d \
	37	/etc/rc2.d \
	38	/etc/opt \
	39	/opt \
	40	/opt/bin \
	41	/usr \
	42	/usr/bin \
	43	/usr/lib \
	44	/usr/sbin \
	45	/usr/share \
	46	/usr/share/man \
	47	/usr/share/man/man1 \
	48	/usr/share/man/man8 \
	49	/usr/local \
	50	/usr/local/bin \
	51	/usr/local/etc \
	52	/usr/local/libexec \
	53	/usr/local/man \
	54	/usr/local/man/man1 \
	55	/usr/local/man/man8 \
	56	/usr/local/sbin \
	57	/usr/local/share \
	58	/var \
	59	/var/opt \
	60	/var/run \
	61	/var/tmp \
	62	/tmp"
	63
	64	# We may need to build as root so we make sure PATH is set up
	65	# only set the path if it's not set already
	66	[ -d /usr/local/bin ] && {
	67	echo $PATH \| grep ":/usr/local/bin" > /dev/null 2>&1
	68	[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
	69	}
	70	[ -d /usr/ccs/bin ] && {
	71	echo $PATH \| grep ":/usr/ccs/bin" > /dev/null 2>&1
	72	[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
	73	}
	74	export PATH
	75	#
	76
	77	[ -f Makefile ] \|\| {
	78	echo "Please run this script from your build directory"
	79	exit 1
	80	}
	81
	82	# we will look for config.local to override the above options
	83	[ -s ./config.local ] && . ./config.local
	84
	85	## Start by faking root install
	86	echo "Faking root install..."
	87	START=`pwd`
	88	OPENSSHD_IN=`dirname $0`/opensshd.in
	89	FAKE_ROOT=$START/package
	90	[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
	91	mkdir $FAKE_ROOT
	92	${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
	93	if [ $? -gt 0 ]
	94	then
	95	echo "Fake root install failed, stopping."
	96	exit 1
	97	fi
	98
	99	## Fill in some details, like prefix and sysconfdir
	100	for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
	101	do
	102	eval $confvar=`grep "^$confvar=" Makefile \| cut -d = -f 2`
	103	done
	104
	105
	106	## Collect value of privsep user
	107	for confvar in SSH_PRIVSEP_USER
	108	do
	109	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
	110	done
	111
	112	## Set privsep defaults if not defined
	113	if [ -z "$SSH_PRIVSEP_USER" ]
	114	then
	115	SSH_PRIVSEP_USER=sshd
	116	fi
	117
	118	## Extract common info requires for the 'info' part of the package.
	119	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//'`
	120
	121	UNAME_S=`uname -s`
	122	case ${UNAME_S} in
	123	SunOS) UNAME_S=Solaris
	124	ARCH=`uname -p`
	125	RCS_D=yes
	126	DEF_MSG="(default: n)"
	127	;;
	128	*) ARCH=`uname -m`
	129	DEF_MSG="\n" ;;
	130	esac
	131
	132	## Setup our run level stuff while we are at it.
	133	mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
	134
	135	## setup our initscript correctly
	136	sed -e "s#%%configDir%%#${sysconfdir}#g" \
	137	-e "s#%%openSSHDir%%#$prefix#g" \
	138	-e "s#%%pidDir%%#${piddir}#g" \
	139	${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
	140	chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
	141
	142	[ "${PERMIT_ROOT_LOGIN}" = no ] && \
	143	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
	144	$FAKE_ROOT/${sysconfdir}/sshd_config
	145	[ "${X11_FORWARDING}" = yes ] && \
	146	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
	147	$FAKE_ROOT/${sysconfdir}/sshd_config
	148	# fix PrintMotd
	149	perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
	150	$FAKE_ROOT/${sysconfdir}/sshd_config
	151
	152	# We don't want to overwrite config files on multiple installs
	153	mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
	154	mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
	155	[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
	156	mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
	157
	158	cd $FAKE_ROOT
	159
	160	## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
	161	## whining.
	162	for i in *; do
	163	PROTO_ARGS="$PROTO_ARGS $i=/$i";
	164	done
	165
	166	## Build info file
	167	echo "Building pkginfo file..."
	168	cat > pkginfo << _EOF
	169	PKG=$PKGNAME
	170	NAME="OpenSSH Portable for ${UNAME_S}"
	171	DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
	172	VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
	173	ARCH=$ARCH
	174	VERSION=$VERSION
	175	CATEGORY="Security,application"
	176	BASEDIR=/
	177	CLASSES="none"
	178	_EOF
	179
	180	## Build preinstall file
	181	echo "Building preinstall file..."
	182	cat > preinstall << _EOF
	183	#! /sbin/sh
	184	#
	185	[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
	186	exit 0
	187	_EOF
	188
	189	## Build postinstall file
	190	echo "Building postinstall file..."
	191	cat > postinstall << _EOF
	192	#! /sbin/sh
	193	#
	194	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\
	195	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
	196	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
	197	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] \|\| \\
	198	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
	199	\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
	200	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
	201	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] \|\| \\
	202	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
	203	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
	204	}
	205
	206	# make rc?.d dirs only if we are doing a test install
	207	[ -n "${TEST_DIR}" ] && {
	208	[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
	209	mkdir -p ${TEST_DIR}/etc/rc0.d
	210	mkdir -p ${TEST_DIR}/etc/rc1.d
	211	mkdir -p ${TEST_DIR}/etc/rc2.d
	212	}
	213
	214	if [ "\${USE_SYM_LINKS}" = yes ]
	215	then
	216	[ "$RCS_D" = yes ] && \
	217	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	218	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	219	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	220	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	221	else
	222	[ "$RCS_D" = yes ] && \
	223	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	224	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	225	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	226	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	227	fi
	228
	229	# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
	230	[ -d $piddir ] \|\| installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
	231
	232	installf -f ${PKGNAME}
	233
	234	# Use chroot to handle PKG_INSTALL_ROOT
	235	if [ ! -z "\${PKG_INSTALL_ROOT}" ]
	236	then
	237	chroot="chroot \${PKG_INSTALL_ROOT}"
	238	fi
	239	# If this is a test build, we will skip the groupadd/useradd/passwd commands
	240	if [ ! -z "${TEST_DIR}" ]
	241	then
	242	chroot=echo
	243	fi
	244
	245	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
	246	then
	247	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
	248	echo "or group."
	249	else
	250	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
	251
	252	# create group if required
	253	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	254	then
	255	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	256	else
	257	# Use gid of 67 if possible
	258	if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group \| egrep '^'$SSHDGID'\$' >/dev/null
	259	then
	260	:
	261	else
	262	sshdgid="-g $SSHDGID"
	263	fi
	264	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
	265	\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
	266	fi
	267
	268	# Create user if required
	269	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	270	then
	271	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	272	else
	273	# Use uid of 67 if possible
	274	if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd \| egrep '^'$SSHDGID'\$' >/dev/null
	275	then
	276	:
	277	else
	278	sshduid="-u $SSHDUID"
	279	fi
	280	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
	281	\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
	282	\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
	283	fi
	284	fi
	285
	286	[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
	287	exit 0
	288	_EOF
	289
	290	## Build preremove file
	291	echo "Building preremove file..."
	292	cat > preremove << _EOF
	293	#! /sbin/sh
	294	#
	295	${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
	296	exit 0
	297	_EOF
	298
	299	## Build request file
	300	echo "Building request file..."
	301	cat > request << _EOF
	302	trap 'exit 3' 15
	303	USE_SYM_LINKS=no
	304	PRE_INS_STOP=no
	305	POST_INS_START=no
	306	# Use symbolic links?
	307	ans=\`ckyorn -d n \
	308	-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` \|\| exit \$?
	309	case \$ans in
	310	[y,Y]*) USE_SYM_LINKS=yes ;;
	311	esac
	312
	313	# determine if should restart the daemon
	314	if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
	315	then
	316	ans=\`ckyorn -d n \
	317	-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` \|\| exit \$?
	318	case \$ans in
	319	[y,Y]*) PRE_INS_STOP=yes
	320	POST_INS_START=yes
	321	;;
	322	esac
	323
	324	else
	325
	326	# determine if we should start sshd
	327	ans=\`ckyorn -d n \
	328	-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` \|\| exit \$?
	329	case \$ans in
	330	[y,Y]*) POST_INS_START=yes ;;
	331	esac
	332	fi
	333
	334	# make parameters available to installation service,
	335	# and so to any other packaging scripts
	336	cat >\$1 <<!
	337	USE_SYM_LINKS='\$USE_SYM_LINKS'
	338	PRE_INS_STOP='\$PRE_INS_STOP'
	339	POST_INS_START='\$POST_INS_START'
	340	!
	341	exit 0
	342
	343	_EOF
	344
	345	## Build space file
	346	echo "Building space file..."
	347	cat > space << _EOF
	348	# extra space required by start/stop links added by installf in postinstall
	349	$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
	350	$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
	351	$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
	352	_EOF
	353	[ "$RCS_D" = yes ] && \
	354	echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
	355
	356	## Next Build our prototype
	357	echo "Building prototype file..."
	358	cat >mk-proto.awk << _EOF
	359	BEGIN { print "i pkginfo"; print "i preinstall"; \\
	360	print "i postinstall"; print "i preremove"; \\
	361	print "i request"; print "i space"; \\
	362	split("$SYSTEM_DIR",sys_files); }
	363	{
	364	for (dir in sys_files) { if ( \$3 != sys_files[dir] )
	365	{ \$5="root"; \$6="sys"; }
	366	else
	367	{ \$4="?"; \$5="?"; \$6="?"; break;}
	368	} }
	369	{ print; }
	370	_EOF
	371	find . \| egrep -v "prototype\|pkginfo\|mk-proto.awk" \| sort \| \
	372	pkgproto $PROTO_ARGS \| nawk -f mk-proto.awk > prototype
	373
	374	# /usr/local is a symlink on some systems
	375	[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
	376	grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
	377	mv prototype.new prototype
	378	}
	379
	380	## Step back a directory and now build the package.
	381	echo "Building package.."
	382	cd ..
	383	pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
	384	echo \| pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
	385	rm -rf $FAKE_ROOT
	386


diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in new file mode 100755 index 000000000..50e18deea --- /dev/null +++ b/contrib/solaris/opensshd.in
@@ -0,0 +1,82 @@
	1	#!/sbin/sh
	2	# Donated code that was put under PD license.
	3	#
	4	# Stripped PRNGd out of it for the time being.
	5
	6	umask 022
	7
	8	CAT=/usr/bin/cat
	9	KILL=/usr/bin/kill
	10
	11	prefix=%%openSSHDir%%
	12	etcdir=%%configDir%%
	13	piddir=%%pidDir%%
	14
	15	SSHD=$prefix/sbin/sshd
	16	PIDFILE=$piddir/sshd.pid
	17	SSH_KEYGEN=$prefix/bin/ssh-keygen
	18	HOST_KEY_RSA1=$etcdir/ssh_host_key
	19	HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
	20	HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
	21
	22
	23	checkkeys() {
	24	if [ ! -f $HOST_KEY_RSA1 ]; then
	25	${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
	26	fi
	27	if [ ! -f $HOST_KEY_DSA ]; then
	28	${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
	29	fi
	30	if [ ! -f $HOST_KEY_RSA ]; then
	31	${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
	32	fi
	33	}
	34
	35	stop_service() {
	36	if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
	37	PID=`${CAT} ${PIDFILE}`
	38	fi
	39	if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
	40	${KILL} ${PID}
	41	else
	42	echo "Unable to read PID file"
	43	fi
	44	}
	45
	46	start_service() {
	47	# XXX We really should check if the service is already going, but
	48	# XXX we will opt out at this time. - Bal
	49
	50	# Check to see if we have keys that need to be made
	51	checkkeys
	52
	53	# Start SSHD
	54	echo "starting $SSHD... \c" ; $SSHD
	55
	56	sshd_rc=$?
	57	if [ $sshd_rc -ne 0 ]; then
	58	echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
	59	exit $sshd_rc
	60	fi
	61	echo done.
	62	}
	63
	64	case $1 in
	65
	66	'start')
	67	start_service
	68	;;
	69
	70	'stop')
	71	stop_service
	72	;;
	73
	74	'restart')
	75	stop_service
	76	start_service
	77	;;
	78
	79	*)
	80	echo "$0: usage: $0 {start\|stop\|restart}"
	81	;;
	82	esac