aboutsummaryrefslogtreecommitdiffstats
path: root/security/ssh2
diff options
context:
space:
mode:
authorache <ache@FreeBSD.org>1998-01-22 20:04:15 +0800
committerache <ache@FreeBSD.org>1998-01-22 20:04:15 +0800
commit1feda50cf734be86ce77539b3efc48a1b72a6f93 (patch)
treea36186cc5245748229d073c9281a6298216f9369 /security/ssh2
parent651c55c64b1ffb0c078ce708192ad5608ece0722 (diff)
downloadfreebsd-ports-gnome-1feda50cf734be86ce77539b3efc48a1b72a6f93.tar.gz
freebsd-ports-gnome-1feda50cf734be86ce77539b3efc48a1b72a6f93.tar.zst
freebsd-ports-gnome-1feda50cf734be86ce77539b3efc48a1b72a6f93.zip
Fix .hushlogin support
Remove FreeBSD mail check, now done elsewhere in the code Use bsdi code to warn about expired/changed passwords Move misplaced login_close up
Diffstat (limited to 'security/ssh2')
-rw-r--r--security/ssh2/files/patch-af122
1 files changed, 74 insertions, 48 deletions
diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af
index 5a41ba201d43..e09faf299d44 100644
--- a/security/ssh2/files/patch-af
+++ b/security/ssh2/files/patch-af
@@ -1,5 +1,5 @@
---- sshd.c~ Tue Jan 20 05:24:10 1998
-+++ sshd.c Tue Jan 20 14:50:40 1998
+--- sshd.c.orig Tue Jan 20 15:24:10 1998
++++ sshd.c Thu Jan 22 14:55:40 1998
@@ -428,6 +428,10 @@
#include "firewall.h" /* TIS authsrv authentication */
#endif
@@ -11,12 +11,10 @@
#ifdef _PATH_BSHELL
#define DEFAULT_SHELL _PATH_BSHELL
#else
-@@ -1593,7 +1597,39 @@
- }
+@@ -1594,6 +1598,38 @@
endspent();
}
--#endif /* HAVE_ETC_SHADOW */
-+#endif /* HAVE_ETC_SHADOW */
+ #endif /* HAVE_ETC_SHADOW */
+#ifdef __FreeBSD__
+ {
+ time_t currtime;
@@ -60,47 +58,53 @@
#ifdef CHECK_ETC_SHELLS
{
int invalid = 1;
-@@ -1817,6 +1854,9 @@
- memset(&pwcopy, 0, sizeof(pwcopy));
- pwcopy.pw_name = xstrdup(pw->pw_name);
+@@ -1819,8 +1856,10 @@
pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
-+#ifdef HAVE_LOGIN_CAP_H
-+ pwcopy.pw_class = xstrdup(pw->pw_class);
-+#endif
pwcopy.pw_uid = pw->pw_uid;
pwcopy.pw_gid = pw->pw_gid;
- #if defined (__bsdi__) && _BSDI_VERSION >= 199510
-@@ -2796,6 +2836,9 @@
- #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+-#if defined (__bsdi__) && _BSDI_VERSION >= 199510
++#if defined (HAVE_LOGIN_CAP_H) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ pwcopy.pw_class = xstrdup(pw->pw_class);
++#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
++#if defined (__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ pwcopy.pw_change = pw->pw_change;
+ pwcopy.pw_expire = pw->pw_expire;
+ #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
+@@ -2793,9 +2832,13 @@
+ struct sockaddr_in from;
+ int fromlen;
+ struct pty_cleanup_context cleanup_context;
+-#if defined (__bsdi__) && _BSDI_VERSION >= 199510
++#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
struct timeval tp;
#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
+#ifdef HAVE_LOGIN_CAP_H
+ login_cap_t *lc;
++ time_t warnpassword, warnexpire;
+#endif
/* We no longer need the child running on user's privileges. */
userfile_uninit();
-@@ -2867,11 +2910,19 @@
+@@ -2867,10 +2910,18 @@
record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
&from);
+#ifdef HAVE_LOGIN_CAP_H
+ lc = login_getclass(pw->pw_class);
++ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
++ if (!quiet_login) {
+#endif
-+
/* Check if .hushlogin exists. Note that we cannot use userfile
here because we are in the child. */
sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
quiet_login = stat(line, &st) >= 0;
-
+#ifdef HAVE_LOGIN_CAP_H
-+ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
++ }
+#endif
-+
+
/* If the user has logged in before, display the time of last login.
However, don't display anything extra if a command has been
- specified (so that ssh can be used to execute commands on a remote
-@@ -2890,6 +2941,28 @@
+@@ -2890,6 +2941,38 @@
else
printf("Last login: %s from %s\r\n", time_string, buf);
}
@@ -126,10 +130,20 @@
+ "All rights reserved.");
+ }
+#endif
++
++#ifdef HAVE_LOGIN_CAP_H
++#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
++
++ warnpassword = login_getcaptime(lc, "warnpassword",
++ DEFAULT_WARN, DEFAULT_WARN);
++ warnexpire = login_getcaptime(lc, "warnexpire",
++ DEFAULT_WARN, DEFAULT_WARN);
++ login_close(lc);
++#endif
/* Print /etc/motd unless a command was specified or printing it was
disabled in server options. Note that some machines appear to
-@@ -2900,13 +2973,40 @@
+@@ -2900,14 +2983,18 @@
FILE *f;
/* Print /etc/motd if it exists. */
@@ -145,33 +159,36 @@
fputs(line, stdout);
fclose(f);
}
-+#ifdef __FreeBSD__
-+ if (command == NULL && !quiet_login)
-+ {
-+#ifdef broken_HAVE_LOGIN_CAP_H
-+ char *mp = getenv("MAIL");
-+
-+ if (mp != NULL)
-+ {
-+ strncpy(line, mp, sizeof line);
-+ line[sizeof line - 1] = '\0';
-+ }
-+ else
-+#endif
-+ sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name);
-+ if (stat(line, &st) == 0 && st.st_size != 0)
-+ printf("You have %smail.\n",
-+ (st.st_mtime > st.st_atime) ? "new " : "");
-+ }
+-#if defined (__bsdi__) && _BSDI_VERSION >= 199510
++#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ if (pw->pw_change || pw->pw_expire)
+ (void)gettimeofday(&tp, (struct timezone *)NULL);
+ if (pw->pw_change)
+@@ -2915,7 +3002,11 @@
+ fprintf(stderr,"Sorry -- your password has expired.\n");
+ exit(254);
+ } else if (pw->pw_change - tp.tv_sec <
++#ifdef HAVE_LOGIN_CAP_H
++ warnpassword)
++#else
+ 2 * DAYSPERWEEK * SECSPERDAY)
+#endif
-+
+ fprintf(stderr,"Warning: your password expires on %s",
+ ctime(&pw->pw_change));
+ if (pw->pw_expire)
+@@ -2923,7 +3014,11 @@
+ fprintf(stderr,"Sorry -- your account has expired.\n");
+ exit(254);
+ } else if (pw->pw_expire - tp.tv_sec <
+#ifdef HAVE_LOGIN_CAP_H
-+ login_close(lc);
++ warnexpire)
++#else
+ 2 * DAYSPERWEEK * SECSPERDAY)
+#endif
- #if defined (__bsdi__) && _BSDI_VERSION >= 199510
- if (pw->pw_change || pw->pw_expire)
- (void)gettimeofday(&tp, (struct timezone *)NULL);
-@@ -3182,6 +3282,13 @@
+ fprintf(stderr,"Warning: your account expires on %s",
+ ctime(&pw->pw_expire));
+ #endif /* __bsdi__ & _BSDI_VERSION >= 199510 */
+@@ -3182,6 +3277,13 @@
#if defined (__bsdi__) && _BSDI_VERSION >= 199510
login_cap_t *lc = 0;
#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
@@ -185,8 +202,17 @@
/* Check /etc/nologin. */
f = fopen("/etc/nologin", "r");
-@@ -3203,6 +3310,7 @@
+@@ -3199,10 +3301,16 @@
+ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
exit(254);
+ #else
++#ifdef HAVE_LOGIN_CAP_H
++ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
++ exit(254);
++#else
+ if (pw->pw_uid != UID_ROOT)
+ exit(254);
++#endif
#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
}
+#endif /* HAVE_LOGIN_CAP_H */