diff options
author | ache <ache@FreeBSD.org> | 1998-01-22 20:04:15 +0800 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 1998-01-22 20:04:15 +0800 |
commit | 1feda50cf734be86ce77539b3efc48a1b72a6f93 (patch) | |
tree | a36186cc5245748229d073c9281a6298216f9369 /security/ssh2 | |
parent | 651c55c64b1ffb0c078ce708192ad5608ece0722 (diff) | |
download | freebsd-ports-gnome-1feda50cf734be86ce77539b3efc48a1b72a6f93.tar.gz freebsd-ports-gnome-1feda50cf734be86ce77539b3efc48a1b72a6f93.tar.zst freebsd-ports-gnome-1feda50cf734be86ce77539b3efc48a1b72a6f93.zip |
Fix .hushlogin support
Remove FreeBSD mail check, now done elsewhere in the code
Use bsdi code to warn about expired/changed passwords
Move misplaced login_close up
Diffstat (limited to 'security/ssh2')
-rw-r--r-- | security/ssh2/files/patch-af | 122 |
1 files changed, 74 insertions, 48 deletions
diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index 5a41ba201d43..e09faf299d44 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,5 +1,5 @@ ---- sshd.c~ Tue Jan 20 05:24:10 1998 -+++ sshd.c Tue Jan 20 14:50:40 1998 +--- sshd.c.orig Tue Jan 20 15:24:10 1998 ++++ sshd.c Thu Jan 22 14:55:40 1998 @@ -428,6 +428,10 @@ #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -11,12 +11,10 @@ #ifdef _PATH_BSHELL #define DEFAULT_SHELL _PATH_BSHELL #else -@@ -1593,7 +1597,39 @@ - } +@@ -1594,6 +1598,38 @@ endspent(); } --#endif /* HAVE_ETC_SHADOW */ -+#endif /* HAVE_ETC_SHADOW */ + #endif /* HAVE_ETC_SHADOW */ +#ifdef __FreeBSD__ + { + time_t currtime; @@ -60,47 +58,53 @@ #ifdef CHECK_ETC_SHELLS { int invalid = 1; -@@ -1817,6 +1854,9 @@ - memset(&pwcopy, 0, sizeof(pwcopy)); - pwcopy.pw_name = xstrdup(pw->pw_name); +@@ -1819,8 +1856,10 @@ pwcopy.pw_passwd = xstrdup(pw->pw_passwd); -+#ifdef HAVE_LOGIN_CAP_H -+ pwcopy.pw_class = xstrdup(pw->pw_class); -+#endif pwcopy.pw_uid = pw->pw_uid; pwcopy.pw_gid = pw->pw_gid; - #if defined (__bsdi__) && _BSDI_VERSION >= 199510 -@@ -2796,6 +2836,9 @@ - #if defined (__bsdi__) && _BSDI_VERSION >= 199510 +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 ++#if defined (HAVE_LOGIN_CAP_H) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) + pwcopy.pw_class = xstrdup(pw->pw_class); ++#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#if defined (__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) + pwcopy.pw_change = pw->pw_change; + pwcopy.pw_expire = pw->pw_expire; + #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ +@@ -2793,9 +2832,13 @@ + struct sockaddr_in from; + int fromlen; + struct pty_cleanup_context cleanup_context; +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 ++#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) struct timeval tp; #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ +#ifdef HAVE_LOGIN_CAP_H + login_cap_t *lc; ++ time_t warnpassword, warnexpire; +#endif /* We no longer need the child running on user's privileges. */ userfile_uninit(); -@@ -2867,11 +2910,19 @@ +@@ -2867,10 +2910,18 @@ record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); +#ifdef HAVE_LOGIN_CAP_H + lc = login_getclass(pw->pw_class); ++ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); ++ if (!quiet_login) { +#endif -+ /* Check if .hushlogin exists. Note that we cannot use userfile here because we are in the child. */ sprintf(line, "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; - +#ifdef HAVE_LOGIN_CAP_H -+ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); ++ } +#endif -+ + /* If the user has logged in before, display the time of last login. However, don't display anything extra if a command has been - specified (so that ssh can be used to execute commands on a remote -@@ -2890,6 +2941,28 @@ +@@ -2890,6 +2941,38 @@ else printf("Last login: %s from %s\r\n", time_string, buf); } @@ -126,10 +130,20 @@ + "All rights reserved."); + } +#endif ++ ++#ifdef HAVE_LOGIN_CAP_H ++#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ ++ ++ warnpassword = login_getcaptime(lc, "warnpassword", ++ DEFAULT_WARN, DEFAULT_WARN); ++ warnexpire = login_getcaptime(lc, "warnexpire", ++ DEFAULT_WARN, DEFAULT_WARN); ++ login_close(lc); ++#endif /* Print /etc/motd unless a command was specified or printing it was disabled in server options. Note that some machines appear to -@@ -2900,13 +2973,40 @@ +@@ -2900,14 +2983,18 @@ FILE *f; /* Print /etc/motd if it exists. */ @@ -145,33 +159,36 @@ fputs(line, stdout); fclose(f); } -+#ifdef __FreeBSD__ -+ if (command == NULL && !quiet_login) -+ { -+#ifdef broken_HAVE_LOGIN_CAP_H -+ char *mp = getenv("MAIL"); -+ -+ if (mp != NULL) -+ { -+ strncpy(line, mp, sizeof line); -+ line[sizeof line - 1] = '\0'; -+ } -+ else -+#endif -+ sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name); -+ if (stat(line, &st) == 0 && st.st_size != 0) -+ printf("You have %smail.\n", -+ (st.st_mtime > st.st_atime) ? "new " : ""); -+ } +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 ++#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) + if (pw->pw_change || pw->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pw->pw_change) +@@ -2915,7 +3002,11 @@ + fprintf(stderr,"Sorry -- your password has expired.\n"); + exit(254); + } else if (pw->pw_change - tp.tv_sec < ++#ifdef HAVE_LOGIN_CAP_H ++ warnpassword) ++#else + 2 * DAYSPERWEEK * SECSPERDAY) +#endif -+ + fprintf(stderr,"Warning: your password expires on %s", + ctime(&pw->pw_change)); + if (pw->pw_expire) +@@ -2923,7 +3014,11 @@ + fprintf(stderr,"Sorry -- your account has expired.\n"); + exit(254); + } else if (pw->pw_expire - tp.tv_sec < +#ifdef HAVE_LOGIN_CAP_H -+ login_close(lc); ++ warnexpire) ++#else + 2 * DAYSPERWEEK * SECSPERDAY) +#endif - #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); -@@ -3182,6 +3282,13 @@ + fprintf(stderr,"Warning: your account expires on %s", + ctime(&pw->pw_expire)); + #endif /* __bsdi__ & _BSDI_VERSION >= 199510 */ +@@ -3182,6 +3277,13 @@ #if defined (__bsdi__) && _BSDI_VERSION >= 199510 login_cap_t *lc = 0; #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ @@ -185,8 +202,17 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); -@@ -3203,6 +3310,7 @@ +@@ -3199,10 +3301,16 @@ + if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0)) exit(254); + #else ++#ifdef HAVE_LOGIN_CAP_H ++ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0)) ++ exit(254); ++#else + if (pw->pw_uid != UID_ROOT) + exit(254); ++#endif #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ } +#endif /* HAVE_LOGIN_CAP_H */ |