OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 12-Mar-2004 12:39:56
Branch: HEAD Handle: 2004031211395600
Added files:
openpkg-src/openssh openssh.patch.alias openssh.patch.chroot
Modified files:
openpkg-src/openssh openssh.patch openssh.spec
Log:
add Alias feature and cleanup ChRoot feature packaging
Summary:
Revision Changes Path
1.9 +0 -72 openpkg-src/openssh/openssh.patch
1.1 +198 -0 openpkg-src/openssh/openssh.patch.alias
1.1 +72 -0 openpkg-src/openssh/openssh.patch.chroot
1.126 +16 -4 openpkg-src/openssh/openssh.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch
============================================================================
$ cvs diff -u -r1.8 -r1.9 openssh.patch
--- openpkg-src/openssh/openssh.patch 24 Feb 2004 19:36:27 -0000 1.8
+++ openpkg-src/openssh/openssh.patch 12 Mar 2004 11:39:56 -0000 1.9
@@ -22,78 +22,6 @@
#endif
void start_pam(const char *);
-Index: session.c
---- session.c.orig 2004-02-23 14:01:27.000000000 +0100
-+++ session.c 2004-02-24 20:25:23.000000000 +0100
-@@ -1270,6 +1270,26 @@
- exit(1);
- }
- endgrent();
-+# ifdef USE_CHROOT
-+ {
-+ char *user_dir;
-+ char *new_root;
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+ while ((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if (strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+ if (chroot(user_dir) == -1)
-+ fatal("Couldn't chroot to user directory \"%s\"",
user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+ }
-+# endif /* USE_CHROOT */
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
-Index: sftp-server.c
---- sftp-server.c.orig 2004-02-23 23:19:15.000000000 +0100
-+++ sftp-server.c 2004-02-24 20:25:23.000000000 +0100
-@@ -1029,6 +1029,38 @@
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
-
-+#ifdef USE_CHROOT
-+{
-+ char *user_dir;
-+ char *new_root;
-+ user_dir = getenv("HOME");
-+ if (user_dir == NULL)
-+ fatal("HOME variable not found in environment");
-+ new_root = user_dir + 1;
-+ while ((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if (strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+ if (geteuid() == 0) {
-+ /* chroot to subdir and adjust HOME for remaining path
*/
-+ if (chroot(user_dir) == -1)
-+ fatal("Couldn't chroot to user directory
\"%s\": %s", user_dir, strerror(errno));
-+ if (setuid(getuid()) == -1)
-+ fatal("Couldn't drop privileges: %s",
strerror(errno));
-+ setenv("HOME", new_root, 1);
-+ }
-+ else {
-+ /* ignore chroot request and adjust HOME for
preceeding path */
-+ setenv("HOME", user_dir, 1);
-+ }
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+}
-+#endif /* USE_CHROOT */
-+
- in = dup(STDIN_FILENO);
- out = dup(STDOUT_FILENO);
-
Index: version.h
--- version.h.orig 2004-02-23 23:24:02.000000000 +0100
+++ version.h 2004-02-24 20:25:23.000000000 +0100
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.alias
============================================================================
$ cvs diff -u -r0 -r1.1 openssh.patch.alias
--- /dev/null 2004-03-12 12:39:56.000000000 +0100
+++ openssh.patch.alias 2004-03-12 12:39:56.000000000 +0100
@@ -0,0 +1,198 @@
+Index: servconf.c
+--- servconf.c.orig Fri Jan 23 12:03:10 2004
++++ servconf.c Fri Mar 12 12:28:21 2004
+@@ -101,6 +101,9 @@
+ options->client_alive_count_max = -1;
+ options->authorized_keys_file = NULL;
+ options->authorized_keys_file2 = NULL;
++#ifdef USE_ALIAS
++ options->num_alias = 0;
++#endif
+
+ /* Needs to be accessable in many places */
+ use_privsep = -1;
+@@ -268,6 +271,9 @@
+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sGssAuthentication, sGssCleanupCreds,
+ sUsePrivilegeSeparation,
++#ifdef USE_ALIAS
++ sAlias,
++#endif
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
+@@ -366,6 +372,9 @@
+ { "authorizedkeysfile", sAuthorizedKeysFile },
+ { "authorizedkeysfile2", sAuthorizedKeysFile2 },
+ { "useprivilegeseparation", sUsePrivilegeSeparation},
++#ifdef USE_ALIAS
++ { "alias", sAlias },
++#endif
+ { NULL, sBadOption }
+ };
+
+@@ -898,6 +907,26 @@
+ while (arg)
+ arg = strdelim(&cp);
+ break;
++
++#ifdef USE_ALIAS
++ case sAlias:
++ if (options->num_alias >= MAX_ALIAS) {
++ fatal("%s line %d: too many user alias defined.",
++ filename, linenum);
++ }
++ arg = strdelim(&cp);
++ if (arg == NULL || arg[0] == '\0')
++ fatal("%s line %d: missing user name alias(es).",
++ filename, linenum);
++ options->alias[options->num_alias].alias = xstrdup(arg);
++ arg = strdelim(&cp);
++ if (arg == NULL || arg[0] == '\0')
++ fatal("%s line %d: missing user name to map alias '%s' to.",
++ filename, linenum,
options->alias[options->num_alias].alias);
++ options->alias[options->num_alias].user = xstrdup(arg);
++ options->num_alias++;
++ break;
++#endif
+
+ case sUnsupported:
+ logit("%s line %d: Unsupported option %s",
+Index: servconf.h
+--- servconf.h.orig Wed Dec 31 01:37:34 2003
++++ servconf.h Fri Mar 12 11:36:15 2004
+@@ -125,6 +125,14 @@
+ char *authorized_keys_file; /* File containing public keys */
+ char *authorized_keys_file2;
+ int use_pam; /* Enable auth via PAM */
++#ifdef USE_ALIAS
++#define MAX_ALIAS 256
++ u_int num_alias;
++ struct {
++ char *alias; /* the alias list to match */
++ char *user; /* the username to map to */
++ } alias[MAX_ALIAS];
++#endif
+ } ServerOptions;
+
+ void initialize_server_options(ServerOptions *);
+Index: auth1.c
+--- auth1.c.orig Sat Nov 22 04:15:30 2003
++++ auth1.c Fri Mar 12 12:30:48 2004
+@@ -26,6 +26,9 @@
+ #include "session.h"
+ #include "uidswap.h"
+ #include "monitor_wrap.h"
++#ifdef USE_ALIAS
++#include "match.h"
++#endif
+
+ /* import */
+ extern ServerOptions options;
+@@ -280,6 +283,10 @@
+ {
+ u_int ulen;
+ char *user, *style = NULL;
++#ifdef USE_ALIAS
++ int i, n;
++ char *cp;
++#endif
+
+ /* Get the name of the user that we wish to log in as. */
+ packet_read_expect(SSH_CMSG_USER);
+@@ -290,6 +297,25 @@
+
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = '\0';
++
++#ifdef USE_ALIAS
++ for (i = 0; i < options.num_alias; i++) {
++ if (match_pattern_list(user, options.alias[i].alias,
strlen(options.alias[i].alias), 0) == 1) {
++ if (style != NULL) {
++ n = strlen(options.alias[i].user) + 1 + strlen(style)
+ 1;
++ cp = xmalloc(n);
++ snprintf(cp, n, "%s:%s", options.alias[i].user, style);
++ style = strchr(cp, ':');
++ *style++ = '\0';
++ }
++ else
++ cp = xstrdup(options.alias[i].user);
++ xfree(user);
++ user = cp;
++ break;
++ }
++ }
++#endif
+
+ authctxt->user = user;
+ authctxt->style = style;
+Index: auth2.c
+--- auth2.c.orig Mon Nov 17 11:13:41 2003
++++ auth2.c Fri Mar 12 12:30:48 2004
+@@ -35,6 +35,9 @@
+ #include "dispatch.h"
+ #include "pathnames.h"
+ #include "monitor_wrap.h"
++#ifdef USE_ALIAS
++#include "match.h"
++#endif
+
+ #ifdef GSSAPI
+ #include "ssh-gss.h"
+@@ -134,6 +137,10 @@
+ Authmethod *m = NULL;
+ char *user, *service, *method, *style = NULL;
+ int authenticated = 0;
++#ifdef USE_ALIAS
++ int i, n;
++ char *cp;
++#endif
+
+ if (authctxt == NULL)
+ fatal("input_userauth_request: no authctxt");
+@@ -146,6 +153,25 @@
+
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = 0;
++
++#ifdef USE_ALIAS
++ for (i = 0; i < options.num_alias; i++) {
++ if (match_pattern_list(user, options.alias[i].alias,
strlen(options.alias[i].alias), 0) == 1) {
++ if (style != NULL) {
++ n = strlen(options.alias[i].user) + 1 + strlen(style)
+ 1;
++ cp = xmalloc(n);
++ snprintf(cp, n, "%s:%s", options.alias[i].user, style);
++ style = strchr(cp, ':');
++ *style++ = '\0';
++ }
++ else
++ cp = xstrdup(options.alias[i].user);
++ xfree(user);
++ user = cp;
++ break;
++ }
++ }
++#endif
+
+ if (authctxt->attempt++ == 0) {
+ /* setup auth context */
+Index: sshd_config.5
+--- sshd_config.5.orig Wed Feb 18 04:31:24 2004
++++ sshd_config.5 Fri Mar 12 11:44:55 2004
+@@ -61,6 +61,16 @@
+ keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
+ .Bl -tag -width Ds
++.It Cm Alias
++Specifies an optional mapping of a list of user name aliases onto
++real user names. The first argument is a comma separated list of
++user name aliases (optionally prefixed with '!' for negation) to
++match. The characters `*' and `?' can be used as wildcards in the
++alias patterns. The second argument is the real user name onto
++which the aliases are mapped. This allows the use of appealing
++virtual login names (like `anonymous') instead of their physical
++counterparts (like `anoncvs').
++.Pp
+ .It Cm AllowGroups
+ This keyword can be followed by a list of group name patterns, separated
+ by spaces.
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.chroot
============================================================================
$ cvs diff -u -r0 -r1.1 openssh.patch.chroot
--- /dev/null 2004-03-12 12:39:56.000000000 +0100
+++ openssh.patch.chroot 2004-03-12 12:39:56.000000000 +0100
@@ -0,0 +1,72 @@
+Index: session.c
+--- session.c.orig 2004-02-23 14:01:27.000000000 +0100
++++ session.c 2004-02-24 20:25:23.000000000 +0100
+@@ -1270,6 +1270,26 @@
+ exit(1);
+ }
+ endgrent();
++# ifdef USE_CHROOT
++ {
++ char *user_dir;
++ char *new_root;
++ user_dir = xstrdup(pw->pw_dir);
++ new_root = user_dir + 1;
++ while ((new_root = strchr(new_root, '.')) != NULL) {
++ new_root--;
++ if (strncmp(new_root, "/./", 3) == 0) {
++ *new_root = '\0';
++ new_root += 2;
++ if (chroot(user_dir) == -1)
++ fatal("Couldn't chroot to user directory \"%s\"",
user_dir);
++ pw->pw_dir = new_root;
++ break;
++ }
++ new_root += 2;
++ }
++ }
++# endif /* USE_CHROOT */
+ # ifdef USE_PAM
+ /*
+ * PAM credentials may take the form of supplementary groups.
+Index: sftp-server.c
+--- sftp-server.c.orig 2004-02-23 23:19:15.000000000 +0100
++++ sftp-server.c 2004-02-24 20:25:23.000000000 +0100
+@@ -1029,6 +1029,38 @@
+ log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+ #endif
+
++#ifdef USE_CHROOT
++{
++ char *user_dir;
++ char *new_root;
++ user_dir = getenv("HOME");
++ if (user_dir == NULL)
++ fatal("HOME variable not found in environment");
++ new_root = user_dir + 1;
++ while ((new_root = strchr(new_root, '.')) != NULL) {
++ new_root--;
++ if (strncmp(new_root, "/./", 3) == 0) {
++ *new_root = '\0';
++ new_root += 2;
++ if (geteuid() == 0) {
++ /* chroot to subdir and adjust HOME for remaining path
*/
++ if (chroot(user_dir) == -1)
++ fatal("Couldn't chroot to user directory
\"%s\": %s", user_dir, strerror(errno));
++ if (setuid(getuid()) == -1)
++ fatal("Couldn't drop privileges: %s",
strerror(errno));
++ setenv("HOME", new_root, 1);
++ }
++ else {
++ /* ignore chroot request and adjust HOME for
preceeding path */
++ setenv("HOME", user_dir, 1);
++ }
++ break;
++ }
++ new_root += 2;
++ }
++}
++#endif /* USE_CHROOT */
++
+ in = dup(STDIN_FILENO);
+ out = dup(STDOUT_FILENO);
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.spec
============================================================================
$ cvs diff -u -r1.125 -r1.126 openssh.spec
--- openpkg-src/openssh/openssh.spec 25 Feb 2004 19:11:18 -0000 1.125
+++ openpkg-src/openssh/openssh.spec 12 Mar 2004 11:39:56 -0000 1.126
@@ -42,7 +42,7 @@
Group: Security
License: BSD
Version: %{V_base}%{V_portable}
-Release: 20040225
+Release: 20040312
# package options
%option with_fsl yes
@@ -50,6 +50,7 @@
%option with_skey no
%option with_x11 no
%option with_chroot no
+%option with_alias no
%option with_watchdog no
%option with_ldap no
%option with_wrap no
@@ -65,8 +66,10 @@
Source7: ssh-keyman.1
Source8: ssh-keyman.pod
Patch0: openssh.patch
-Patch1:
http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-%{V_watchdog}-watchdog.patch.tgz
-Patch2:
http://ldappubkey.gcu-squad.org/%{V_ldap_vers1}/ldappubkey-ossh%{V_ldap_base}-%{V_ldap_vers2}.patch
+Patch1: openssh.patch.chroot
+Patch2: openssh.patch.alias
+Patch3:
http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-%{V_watchdog}-watchdog.patch.tgz
+Patch4:
http://ldappubkey.gcu-squad.org/%{V_ldap_vers1}/ldappubkey-ossh%{V_ldap_base}-%{V_ldap_vers2}.patch
# build information
Prefix: %{l_prefix}
@@ -128,10 +131,16 @@
%prep
# unpack and patch distribution
%setup -q
- %patch -p0
+ %patch -p0 -P 0
%{l_shtool} subst \
-e 's;@l_openpkg_release@;%{l_openpkg_release -F "OpenPKG-%s"};' \
version.h
+%if "%{with_chroot}" == "yes"
+ %patch -p0 -P 1
+%endif
+%if "%{with_alias}" == "yes"
+ %patch -p0 -P 2
+%endif
%if "%{with_watchdog}" == "yes"
%{l_gzip} -d -c %{SOURCE openssh-%{V_watchdog}-watchdog.patch.tgz} | %{l_tar}
xf -
%{l_patch} -p0 <openssh-%{V_watchdog}-watchdog.patch
@@ -146,6 +155,9 @@
ldflags=""
%if "%{with_chroot}" == "yes"
cflags="$cflags -DUSE_CHROOT"
+%endif
+%if "%{with_alias}" == "yes"
+ cflags="$cflags -DUSE_ALIAS"
%endif
%if "%{with_pam}" == "yes"
cflags="$cflags -I`%{l_prefix}/etc/rc --query pam_incdir`"
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
