Index: head/security/hpn-ssh/Makefile =================================================================== --- head/security/hpn-ssh/Makefile (revision 62436) +++ head/security/hpn-ssh/Makefile (revision 62437) @@ -1,134 +1,141 @@ # New ports collection makefile for: openssh # Date created: 18 Mar 1999 # Whom: dwcjr@inethouston.net # # $FreeBSD$ # PORTNAME= openssh PORTVERSION= 3.4p1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/ -PKGNAMESUFFIX= -portable +PKGNAMESUFFIX?= -portable MAINTAINER= dinoex@FreeBSD.org MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 MLINKS= ssh.1 slogin.1 MAN5= ssh_config.5 sshd_config.5 MAN8= sftp-server.8 sshd.8 ssh-keysign.8 CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto GNU_CONFIGURE= yes CONFIGURE_ARGS+= --prefix=${PREFIX} --with-md5-passwords PRECIOUS= ssh_config sshd_config \ ssh_host_key ssh_host_key.pub \ ssh_host_rsa_key ssh_host_rsa_key.pub \ ssh_host_dsa_key ssh_host_dsa_key.pub ETCOLD= ${PREFIX}/etc +ADDME+= auth2-pam-freebsd.c .if exists(/usr/include/security/pam_modules.h) CONFIGURE_ARGS+= --with-pam .endif .if exists(/usr/include/tcpd.h) CONFIGURE_ARGS+= --with-tcp-wrappers .endif .if !defined(ENABLE_SUID_SSH) CONFIGURE_ARGS+= --disable-suid-ssh .endif .if defined(OPENSSH_OVERWRITE_BASE) USE_OPENSSL_BASE= yes PKGNAMESUFFIX= -overwrite-base PREFIX= /usr MANPREFIX= ${PREFIX}/share CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var EMPTYDIR= /var/empty ETCSSH= /etc/ssh PLIST_SUB+= NOTBASE="@comment " PLIST_SUB+= BASE="" PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty .else EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh PLIST_SUB+= NOTBASE="" PLIST_SUB+= BASE="@comment " .endif PLIST_SUB+= EMPTYDIR=${EMPTYDIR} CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} CONFIGURE_ARGS+= --with-privsep-path=${EMPTYDIR} .if defined(BATCH) EXTRA_PATCHES+= ${FILESDIR}/batch.patch .endif +post-extract: +.for i in ${ADDME} + @${CP} ${FILESDIR}/${i} ${WRKSRC}/ +.endfor + .if defined(KRB5_HOME) && exists(${KRB5_HOME}) +PKGNAMESUFFIX= -gssapi GSSAPI_PATCH= ${PORTNAME}-${PORTVERSION}-gssapi-20020627.diff GSSAPI_SITE= http://www.sxw.org.uk/computing/patches/ MASTER_SITES+= ${GSSAPI_SITE} DISTFILES= ${EXTRACT_ONLY} ${GSSAPI_PATCH} EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX} EXTRA_PATCHES+= ${FILESDIR}/servconf.c.patch BUILD_DEPENDS= autoconf:${PORTSDIR}/devel/autoconf # USE_AUTOCONF_VER= 252 # broken CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} AUTOCONF= autoconf AUTOHEADER= autoheader post-patch: @${ECHO_MSG} Applying extra patch for GSS-API key-exchange... @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \ < ${DISTDIR}/${GSSAPI_PATCH} pre-configure: @${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!! (cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTOCONF} \ ${AUTOCONF_ARGS}) (cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTOHEADER}) .endif post-configure: ${SED} -e 's:__PREFIX__:${PREFIX}:g' \ ${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh pre-install: .if defined(OPENSSH_OVERWRITE_BASE) -${MKDIR} ${EMPTYDIR} .else -${MKDIR} ${PREFIX}/empty .endif if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi -@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH} .for i in ${PRECIOUS} -@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \ ${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \ ${LN} ${ETCOLD}/${i} ${ETCSSH}/${i} .endfor post-install: .if !defined(OPENSSH_OVERWRITE_BASE) ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist .if !defined(OPENSSH_OVERWRITE_BASE) @${CAT} ${PKGMESSAGE} .endif .include .include "${PORTSDIR}/security/openssl/Makefile.ssl" CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} .include Property changes on: head/security/hpn-ssh/Makefile ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.49 \ No newline at end of property +1.50 \ No newline at end of property Index: head/security/hpn-ssh/files/auth2-pam-freebsd.c =================================================================== --- head/security/hpn-ssh/files/auth2-pam-freebsd.c (nonexistent) +++ head/security/hpn-ssh/files/auth2-pam-freebsd.c (revision 62437) @@ -0,0 +1,374 @@ +/*- + * Copyright (c) 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$FreeBSD: /tmp/pcvs/ports/security/hpn-ssh/files/Attic/auth2-pam-freebsd.c,v 1.1 2002-07-04 18:29:18 dinoex Exp $"); + +#ifdef USE_PAM +#include + +#include "auth.h" +#include "log.h" +#include "monitor_wrap.h" +#include "packet.h" +#include "ssh2.h" +#include "xmalloc.h" + +struct pam_ctxt { + char *pam_user; + pid_t pam_pid; + int pam_sock; + int pam_done; +}; + +static void pam_free_ctx(void *); + +/* + * Send message to parent or child. + */ +static int +pam_send(struct pam_ctxt *ctxt, char *fmt, ...) +{ + va_list ap; + char *mstr; + size_t len; + int r; + + va_start(ap, fmt); + len = vasprintf(&mstr, fmt, ap); + va_end(ap); + if (mstr == NULL) + exit(1); + if (ctxt->pam_pid != 0) + debug2("to child: %s", mstr); + r = send(ctxt->pam_sock, mstr, len + 1, MSG_EOR); + free(mstr); + return (r); +} + +/* + * Peek at first byte of next message. + */ +static int +pam_peek(struct pam_ctxt *ctxt) +{ + char ch; + + if (recv(ctxt->pam_sock, &ch, 1, MSG_PEEK) < 1) + return (-1); + return (ch); +} + +/* + * Receive a message from parent or child. + */ +static char * +pam_receive(struct pam_ctxt *ctxt) +{ + char *buf; + size_t len; + ssize_t rlen; + + len = 64; + buf = NULL; + do { + len *= 2; + buf = xrealloc(buf, len); + rlen = recv(ctxt->pam_sock, buf, len, MSG_PEEK); + if (rlen < 1) { + xfree(buf); + return (NULL); + } + } while (rlen == len); + if (recv(ctxt->pam_sock, buf, len, 0) != rlen) { + xfree(buf); + return (NULL); + } + if (ctxt->pam_pid != 0) + debug2("from child: %s", buf); + return (buf); +} + +/* + * Conversation function for child process. + */ +static int +pam_child_conv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + struct pam_ctxt *ctxt; + int i; + + ctxt = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + pam_send(ctxt, "p%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + pam_send(ctxt, "P%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); + break; + case PAM_ERROR_MSG: + pam_send(ctxt, "e%s", msg[i]->msg); + break; + case PAM_TEXT_INFO: + pam_send(ctxt, "i%s", msg[i]->msg); + break; + default: + goto fail; + } + } + return (PAM_SUCCESS); + fail: + while (i) + free(resp[--i]); + free(*resp); + *resp = NULL; + return (PAM_CONV_ERR); +} + +/* + * Child process. + */ +static void * +pam_child(struct pam_ctxt *ctxt) +{ + struct pam_conv pam_conv; + pam_handle_t *pamh; + int pam_err; + + pam_conv.conv = pam_child_conv; + pam_conv.appdata_ptr = ctxt; + pam_err = pam_start("sshd", ctxt->pam_user, &pam_conv, &pamh); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_err = pam_authenticate(pamh, 0); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_err = pam_acct_mgmt(pamh, 0); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_send(ctxt, "=OK"); + pam_end(pamh, pam_err); + exit(0); + auth_fail: + pam_send(ctxt, "!%s", pam_strerror(pamh, pam_err)); + pam_end(pamh, pam_err); + exit(0); +} + +static void * +pam_init_ctx(Authctxt *authctxt) +{ + struct pam_ctxt *ctxt; + int socks[2]; + int i; + + ctxt = xmalloc(sizeof *ctxt); + ctxt->pam_user = xstrdup(authctxt->user); + ctxt->pam_done = 0; + if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, socks) == -1) { + error("%s: failed create sockets: %s", + __func__, strerror(errno)); + xfree(ctxt); + return (NULL); + } + if ((ctxt->pam_pid = fork()) == -1) { + error("%s: failed to fork auth-pam child: %s", + __func__, strerror(errno)); + close(socks[0]); + close(socks[1]); + xfree(ctxt); + return (NULL); + } + if (ctxt->pam_pid == 0) { + /* close everything except our end of the pipe */ + ctxt->pam_sock = socks[1]; + for (i = 0; i < getdtablesize(); ++i) + if (i != ctxt->pam_sock) + close(i); + pam_child(ctxt); + /* not reached */ + exit(1); + } + ctxt->pam_sock = socks[0]; + close(socks[1]); + return (ctxt); +} + +static int +pam_query(void *ctx, char **name, char **info, + u_int *num, char ***prompts, u_int **echo_on) +{ + struct pam_ctxt *ctxt = ctx; + size_t plen; + char *msg; + + *name = xstrdup(""); + *info = xstrdup(""); + *prompts = xmalloc(sizeof(char *)); + **prompts = NULL; + plen = 0; + *echo_on = xmalloc(sizeof(u_int)); + while ((msg = pam_receive(ctxt)) != NULL) { + switch (*msg) { + case 'P': + case 'p': + *num = 1; + **prompts = xrealloc(**prompts, plen + strlen(msg)); + plen += sprintf(**prompts + plen, "%s", msg + 1); + **echo_on = (*msg == 'P'); + xfree(msg); + return (0); + case 'e': + case 'i': + /* accumulate messages */ + **prompts = xrealloc(**prompts, plen + strlen(msg)); + plen += sprintf(**prompts + plen, "%s", msg + 1); + break; + case '=': + case '!': + if (**prompts != NULL) { + /* drain any accumulated messages */ +#if 0 /* not compatible with privsep */ + packet_start(SSH2_MSG_USERAUTH_BANNER); + packet_put_cstring(**prompts); + packet_put_cstring(""); + packet_send(); + packet_write_wait(); +#endif + xfree(**prompts); + **prompts = NULL; + } + if (*msg == '=') { + *num = 0; + **echo_on = 0; + ctxt->pam_done = 1; + xfree(msg); + return (0); + } + error("%s", msg + 1); + default: + *num = 0; + **echo_on = 0; + xfree(msg); + ctxt->pam_done = -1; + return (-1); + } + xfree(msg); + } + return (-1); +} + +static int +pam_respond(void *ctx, u_int num, char **resp) +{ + struct pam_ctxt *ctxt = ctx; + char *msg; + + debug2(__func__); + switch (ctxt->pam_done) { + case 1: + return (0); + case 0: + break; + default: + return (-1); + } + if (num != 1) { + error("expected one response, got %u", num); + return (-1); + } + pam_send(ctxt, "%s", *resp); + switch (pam_peek(ctxt)) { + case 'P': + case 'p': + case 'e': + case 'i': + return (1); + case '=': + msg = pam_receive(ctxt); + xfree(msg); + ctxt->pam_done = 1; + return (0); + default: + msg = pam_receive(ctxt); + if (*msg == '!') + error("%s", msg + 1); + xfree(msg); + ctxt->pam_done = -1; + return (-1); + } +} + +static void +pam_free_ctx(void *ctxtp) +{ + struct pam_ctxt *ctxt = ctxtp; + int status; + + close(ctxt->pam_sock); + kill(ctxt->pam_pid, SIGHUP); + waitpid(ctxt->pam_pid, &status, 0); + xfree(ctxt->pam_user); + xfree(ctxt); +} + +KbdintDevice pam_device = { + "pam", + pam_init_ctx, + pam_query, + pam_respond, + pam_free_ctx +}; + +KbdintDevice mm_pam_device = { + "pam", + mm_pam_init_ctx, + mm_pam_query, + mm_pam_respond, + mm_pam_free_ctx +}; + +#endif /* USE_PAM */ Property changes on: head/security/hpn-ssh/files/auth2-pam-freebsd.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/batch.patch =================================================================== --- head/security/hpn-ssh/files/batch.patch (revision 62436) +++ head/security/hpn-ssh/files/batch.patch (revision 62437) @@ -1,49 +1,48 @@ ---- Makefile.in.orig Tue Feb 26 20:24:22 2002 -+++ Makefile.in Fri Mar 8 22:02:48 2002 -@@ -183,7 +183,7 @@ - autoreconf +--- Makefile.in.orig Wed Jun 26 01:45:42 2002 ++++ Makefile.in Thu Jul 4 20:23:43 2002 +@@ -199,6 +199,7 @@ (cd scard && $(MAKE) -f Makefile.in distprep) --install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key -+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files + install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user ++install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files check-user install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - scard-install: -@@ -222,37 +222,6 @@ + check-user: +@@ -251,37 +252,6 @@ ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ - $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ - $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ - fi - if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ - $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ - $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ - fi ; \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ - if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ - echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ - mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ - else \ - $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \ - fi ; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ - fi host-key: ssh-keygen$(EXEEXT) if [ -z "$(DESTDIR)" ] ; then \ Property changes on: head/security/hpn-ssh/files/batch.patch ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.3 \ No newline at end of property +1.4 \ No newline at end of property Index: head/security/hpn-ssh/files/patch-Makefile.in =================================================================== --- head/security/hpn-ssh/files/patch-Makefile.in (nonexistent) +++ head/security/hpn-ssh/files/patch-Makefile.in (revision 62437) @@ -0,0 +1,11 @@ +--- Makefile.in.orig Wed Jun 26 01:45:42 2002 ++++ Makefile.in Wed Jul 3 07:27:14 2002 +@@ -70,6 +70,8 @@ + MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 + MANTYPE = @MANTYPE@ + ++SSHDOBJS+= auth2-pam-freebsd.o ++ + CONFIGFILES=sshd_config.out ssh_config.out moduli.out + CONFIGFILES_IN=sshd_config ssh_config moduli + Property changes on: head/security/hpn-ssh/files/patch-Makefile.in ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/patch-auth2-chall.c =================================================================== --- head/security/hpn-ssh/files/patch-auth2-chall.c (nonexistent) +++ head/security/hpn-ssh/files/patch-auth2-chall.c (revision 62437) @@ -0,0 +1,48 @@ +--- auth2-chall.c.orig Wed Jun 26 15:58:40 2002 ++++ auth2-chall.c Sun Jun 30 07:12:43 2002 +@@ -41,6 +42,9 @@ + #ifdef BSD_AUTH + extern KbdintDevice bsdauth_device; + #else ++#ifdef USE_PAM ++extern KbdintDevice pam_device; ++#endif + #ifdef SKEY + extern KbdintDevice skey_device; + #endif +@@ -50,6 +54,9 @@ + #ifdef BSD_AUTH + &bsdauth_device, + #else ++#ifdef USE_PAM ++ &pam_device, ++#endif + #ifdef SKEY + &skey_device, + #endif +@@ -323,15 +330,22 @@ + #ifdef BSD_AUTH + extern KbdintDevice mm_bsdauth_device; + #endif ++#ifdef USE_PAM ++ extern KbdintDevice mm_pam_device; ++#endif + #ifdef SKEY + extern KbdintDevice mm_skey_device; + #endif +- /* As long as SSHv1 has devices[0] hard coded this is fine */ ++ int n = 0; ++ + #ifdef BSD_AUTH +- devices[0] = &mm_bsdauth_device; ++ devices[n++] = &mm_bsdauth_device; + #else ++#ifdef USE_PAM ++ devices[n++] = &mm_pam_device; ++#endif + #ifdef SKEY +- devices[0] = &mm_skey_device; ++ devices[n++] = &mm_skey_device; + #endif + #endif + } Property changes on: head/security/hpn-ssh/files/patch-auth2-chall.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.3 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/patch-monitor.c =================================================================== --- head/security/hpn-ssh/files/patch-monitor.c (nonexistent) +++ head/security/hpn-ssh/files/patch-monitor.c (revision 62437) @@ -0,0 +1,136 @@ +--- monitor.c.orig Wed Jun 26 15:27:11 2002 ++++ monitor.c Wed Jul 3 06:24:31 2002 +@@ -118,6 +127,10 @@ + + #ifdef USE_PAM + int mm_answer_pam_start(int, Buffer *); ++int mm_answer_pam_init_ctx(int, Buffer *); ++int mm_answer_pam_query(int, Buffer *); ++int mm_answer_pam_respond(int, Buffer *); ++int mm_answer_pam_free_ctx(int, Buffer *); + #endif + + static Authctxt *authctxt; +@@ -156,6 +169,10 @@ + {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, + #ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, ++ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, ++ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, ++ {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, ++ {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, + #endif + #ifdef BSD_AUTH + {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, +@@ -198,6 +215,10 @@ + #endif + #ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, ++ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, ++ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, ++ {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, ++ {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, + #endif + {0, 0, NULL} + }; +@@ -732,6 +749,100 @@ + xfree(user); + + return (0); ++} ++ ++static void *pam_ctxt, *pam_authok; ++extern KbdintDevice pam_device; ++ ++int ++mm_answer_pam_init_ctx(int socket, Buffer *m) ++{ ++ ++ debug3("%s", __func__); ++ authctxt->user = buffer_get_string(m, NULL); ++ pam_ctxt = (pam_device.init_ctx)(authctxt); ++ pam_authok = NULL; ++ buffer_clear(m); ++ if (pam_ctxt != NULL) { ++ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); ++ buffer_put_int(m, 1); ++ } else { ++ buffer_put_int(m, 0); ++ } ++ mm_request_send(socket, MONITOR_ANS_PAM_INIT_CTX, m); ++ return (0); ++} ++ ++int ++mm_answer_pam_query(int socket, Buffer *m) ++{ ++ char *name, *info, **prompts; ++ u_int num, *echo_on; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ pam_authok = NULL; ++ ret = (pam_device.query)(pam_ctxt, &name, &info, &num, &prompts, &echo_on); ++ if (num > 1 || name == NULL || info == NULL) ++ ret = -1; ++ buffer_put_int(m, ret); ++ buffer_put_cstring(m, name); ++ xfree(name); ++ buffer_put_cstring(m, info); ++ xfree(info); ++ buffer_put_int(m, num); ++ for (i = 0; i < num; ++i) { ++ buffer_put_cstring(m, prompts[i]); ++ xfree(prompts[i]); ++ buffer_put_int(m, echo_on[i]); ++ } ++ if (prompts != NULL) ++ xfree(prompts); ++ if (echo_on != NULL) ++ xfree(echo_on); ++ mm_request_send(socket, MONITOR_ANS_PAM_QUERY, m); ++ return (0); ++} ++ ++int ++mm_answer_pam_respond(int socket, Buffer *m) ++{ ++ char **resp; ++ u_int num; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ pam_authok = NULL; ++ num = buffer_get_int(m); ++ if (num > 0) { ++ resp = xmalloc(num * sizeof(char *)); ++ for (i = 0; i < num; ++i) ++ resp[i] = buffer_get_string(m, NULL); ++ ret = (pam_device.respond)(pam_ctxt, num, resp); ++ for (i = 0; i < num; ++i) ++ xfree(resp[i]); ++ xfree(resp); ++ } else { ++ ret = (pam_device.respond)(pam_ctxt, num, NULL); ++ } ++ buffer_clear(m); ++ buffer_put_int(m, ret); ++ mm_request_send(socket, MONITOR_ANS_PAM_RESPOND, m); ++ auth_method = "keyboard-interactive/pam"; ++ if (ret == 0) ++ pam_authok = pam_ctxt; ++ return (0); ++} ++ ++int ++mm_answer_pam_free_ctx(int socket, Buffer *m) ++{ ++ ++ debug3("%s", __func__); ++ (pam_device.free_ctx)(pam_ctxt); ++ buffer_clear(m); ++ mm_request_send(socket, MONITOR_ANS_PAM_FREE_CTX, m); ++ return (pam_authok == pam_ctxt); + } + #endif + Property changes on: head/security/hpn-ssh/files/patch-monitor.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/patch-monitor.h =================================================================== --- head/security/hpn-ssh/files/patch-monitor.h (nonexistent) +++ head/security/hpn-ssh/files/patch-monitor.h (revision 62437) @@ -0,0 +1,13 @@ +--- monitor.h.orig Tue Jun 11 18:42:49 2002 ++++ monitor.h Sun Jun 30 07:13:09 2002 +@@ -50,6 +51,10 @@ + MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, + MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, + MONITOR_REQ_PAM_START, ++ MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, ++ MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, ++ MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, ++ MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_TERM + }; + Property changes on: head/security/hpn-ssh/files/patch-monitor.h ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/patch-monitor_wrap.c =================================================================== --- head/security/hpn-ssh/files/patch-monitor_wrap.c (nonexistent) +++ head/security/hpn-ssh/files/patch-monitor_wrap.c (revision 62437) @@ -0,0 +1,107 @@ +--- monitor_wrap.c.orig Fri Jun 21 02:43:43 2002 ++++ monitor_wrap.c Sun Jun 30 07:13:18 2002 +@@ -664,6 +665,88 @@ + + buffer_free(&m); + } ++ ++void * ++mm_pam_init_ctx(Authctxt *authctxt) ++{ ++ Buffer m; ++ int success; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ buffer_put_cstring(&m, authctxt->user); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); ++ success = buffer_get_int(&m); ++ if (success == 0) { ++ debug3("%s: pam_init_ctx failed", __func__); ++ buffer_free(&m); ++ return (NULL); ++ } ++ buffer_free(&m); ++ return (authctxt); ++} ++ ++int ++mm_pam_query(void *ctx, char **name, char **info, ++ u_int *num, char ***prompts, u_int **echo_on) ++{ ++ Buffer m; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); ++ ret = buffer_get_int(&m); ++ debug3("%s: pam_query returned %d", __func__, ret); ++ *name = buffer_get_string(&m, NULL); ++ *info = buffer_get_string(&m, NULL); ++ *num = buffer_get_int(&m); ++ *prompts = xmalloc((*num + 1) * sizeof(char *)); ++ *echo_on = xmalloc((*num + 1) * sizeof(u_int)); ++ for (i = 0; i < *num; ++i) { ++ (*prompts)[i] = buffer_get_string(&m, NULL); ++ (*echo_on)[i] = buffer_get_int(&m); ++ } ++ buffer_free(&m); ++ return (ret); ++} ++ ++int ++mm_pam_respond(void *ctx, u_int num, char **resp) ++{ ++ Buffer m; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ buffer_put_int(&m, num); ++ for (i = 0; i < num; ++i) ++ buffer_put_cstring(&m, resp[i]); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); ++ ret = buffer_get_int(&m); ++ debug3("%s: pam_respond returned %d", __func__, ret); ++ buffer_free(&m); ++ return (ret); ++} ++ ++void ++mm_pam_free_ctx(void *ctxtp) ++{ ++ Buffer m; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); ++ buffer_free(&m); ++} + #endif /* USE_PAM */ + + /* Request process termination */ +@@ -767,6 +850,7 @@ + return ((authok == 0) ? -1 : 0); + } + ++#ifdef SKEY + int + mm_skey_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +@@ -829,6 +913,7 @@ + + return ((authok == 0) ? -1 : 0); + } ++#endif + + void + mm_ssh1_session_id(u_char session_id[16]) Property changes on: head/security/hpn-ssh/files/patch-monitor_wrap.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/patch-monitor_wrap.h =================================================================== --- head/security/hpn-ssh/files/patch-monitor_wrap.h (nonexistent) +++ head/security/hpn-ssh/files/patch-monitor_wrap.h (revision 62437) @@ -0,0 +1,13 @@ +--- monitor_wrap.h.orig Mon May 13 03:07:42 2002 ++++ monitor_wrap.h Sun Jun 30 07:13:18 2002 +@@ -57,6 +58,10 @@ + + #ifdef USE_PAM + void mm_start_pam(char *); ++void *mm_pam_init_ctx(struct Authctxt *); ++int mm_pam_query(void *, char **, char **, u_int *, char ***, u_int **); ++int mm_pam_respond(void *, u_int, char **); ++void mm_pam_free_ctx(void *); + #endif + + void mm_terminate(void); Property changes on: head/security/hpn-ssh/files/patch-monitor_wrap.h ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/hpn-ssh/files/patch-sshd_config =================================================================== --- head/security/hpn-ssh/files/patch-sshd_config (revision 62436) +++ head/security/hpn-ssh/files/patch-sshd_config (revision 62437) @@ -1,10 +1,18 @@ --- sshd_config.orig Fri Jun 21 03:11:36 2002 -+++ sshd_config Fri Jun 28 06:55:46 2002 -@@ -58,6 +58,7 @@ ++++ sshd_config Wed Jul 3 06:20:47 2002 +@@ -34,6 +34,7 @@ + + #LoginGraceTime 600 + #PermitRootLogin yes ++PermitRootLogin no + #StrictModes yes + + #RSAAuthentication yes +@@ -58,6 +59,7 @@ # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no Property changes on: head/security/hpn-ssh/files/patch-sshd_config ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.1 \ No newline at end of property +1.2 \ No newline at end of property Index: head/security/openssh-portable/Makefile =================================================================== --- head/security/openssh-portable/Makefile (revision 62436) +++ head/security/openssh-portable/Makefile (revision 62437) @@ -1,134 +1,141 @@ # New ports collection makefile for: openssh # Date created: 18 Mar 1999 # Whom: dwcjr@inethouston.net # # $FreeBSD$ # PORTNAME= openssh PORTVERSION= 3.4p1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/ -PKGNAMESUFFIX= -portable +PKGNAMESUFFIX?= -portable MAINTAINER= dinoex@FreeBSD.org MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 MLINKS= ssh.1 slogin.1 MAN5= ssh_config.5 sshd_config.5 MAN8= sftp-server.8 sshd.8 ssh-keysign.8 CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto GNU_CONFIGURE= yes CONFIGURE_ARGS+= --prefix=${PREFIX} --with-md5-passwords PRECIOUS= ssh_config sshd_config \ ssh_host_key ssh_host_key.pub \ ssh_host_rsa_key ssh_host_rsa_key.pub \ ssh_host_dsa_key ssh_host_dsa_key.pub ETCOLD= ${PREFIX}/etc +ADDME+= auth2-pam-freebsd.c .if exists(/usr/include/security/pam_modules.h) CONFIGURE_ARGS+= --with-pam .endif .if exists(/usr/include/tcpd.h) CONFIGURE_ARGS+= --with-tcp-wrappers .endif .if !defined(ENABLE_SUID_SSH) CONFIGURE_ARGS+= --disable-suid-ssh .endif .if defined(OPENSSH_OVERWRITE_BASE) USE_OPENSSL_BASE= yes PKGNAMESUFFIX= -overwrite-base PREFIX= /usr MANPREFIX= ${PREFIX}/share CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var EMPTYDIR= /var/empty ETCSSH= /etc/ssh PLIST_SUB+= NOTBASE="@comment " PLIST_SUB+= BASE="" PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty .else EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh PLIST_SUB+= NOTBASE="" PLIST_SUB+= BASE="@comment " .endif PLIST_SUB+= EMPTYDIR=${EMPTYDIR} CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} CONFIGURE_ARGS+= --with-privsep-path=${EMPTYDIR} .if defined(BATCH) EXTRA_PATCHES+= ${FILESDIR}/batch.patch .endif +post-extract: +.for i in ${ADDME} + @${CP} ${FILESDIR}/${i} ${WRKSRC}/ +.endfor + .if defined(KRB5_HOME) && exists(${KRB5_HOME}) +PKGNAMESUFFIX= -gssapi GSSAPI_PATCH= ${PORTNAME}-${PORTVERSION}-gssapi-20020627.diff GSSAPI_SITE= http://www.sxw.org.uk/computing/patches/ MASTER_SITES+= ${GSSAPI_SITE} DISTFILES= ${EXTRACT_ONLY} ${GSSAPI_PATCH} EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX} EXTRA_PATCHES+= ${FILESDIR}/servconf.c.patch BUILD_DEPENDS= autoconf:${PORTSDIR}/devel/autoconf # USE_AUTOCONF_VER= 252 # broken CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} AUTOCONF= autoconf AUTOHEADER= autoheader post-patch: @${ECHO_MSG} Applying extra patch for GSS-API key-exchange... @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \ < ${DISTDIR}/${GSSAPI_PATCH} pre-configure: @${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!! (cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTOCONF} \ ${AUTOCONF_ARGS}) (cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTOHEADER}) .endif post-configure: ${SED} -e 's:__PREFIX__:${PREFIX}:g' \ ${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh pre-install: .if defined(OPENSSH_OVERWRITE_BASE) -${MKDIR} ${EMPTYDIR} .else -${MKDIR} ${PREFIX}/empty .endif if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi -@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH} .for i in ${PRECIOUS} -@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \ ${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \ ${LN} ${ETCOLD}/${i} ${ETCSSH}/${i} .endfor post-install: .if !defined(OPENSSH_OVERWRITE_BASE) ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist .if !defined(OPENSSH_OVERWRITE_BASE) @${CAT} ${PKGMESSAGE} .endif .include .include "${PORTSDIR}/security/openssl/Makefile.ssl" CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} .include Property changes on: head/security/openssh-portable/Makefile ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.49 \ No newline at end of property +1.50 \ No newline at end of property Index: head/security/openssh-portable/files/auth2-pam-freebsd.c =================================================================== --- head/security/openssh-portable/files/auth2-pam-freebsd.c (nonexistent) +++ head/security/openssh-portable/files/auth2-pam-freebsd.c (revision 62437) @@ -0,0 +1,374 @@ +/*- + * Copyright (c) 2002 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +RCSID("$FreeBSD: /tmp/pcvs/ports/security/openssh-portable/files/Attic/auth2-pam-freebsd.c,v 1.1 2002-07-04 18:29:18 dinoex Exp $"); + +#ifdef USE_PAM +#include + +#include "auth.h" +#include "log.h" +#include "monitor_wrap.h" +#include "packet.h" +#include "ssh2.h" +#include "xmalloc.h" + +struct pam_ctxt { + char *pam_user; + pid_t pam_pid; + int pam_sock; + int pam_done; +}; + +static void pam_free_ctx(void *); + +/* + * Send message to parent or child. + */ +static int +pam_send(struct pam_ctxt *ctxt, char *fmt, ...) +{ + va_list ap; + char *mstr; + size_t len; + int r; + + va_start(ap, fmt); + len = vasprintf(&mstr, fmt, ap); + va_end(ap); + if (mstr == NULL) + exit(1); + if (ctxt->pam_pid != 0) + debug2("to child: %s", mstr); + r = send(ctxt->pam_sock, mstr, len + 1, MSG_EOR); + free(mstr); + return (r); +} + +/* + * Peek at first byte of next message. + */ +static int +pam_peek(struct pam_ctxt *ctxt) +{ + char ch; + + if (recv(ctxt->pam_sock, &ch, 1, MSG_PEEK) < 1) + return (-1); + return (ch); +} + +/* + * Receive a message from parent or child. + */ +static char * +pam_receive(struct pam_ctxt *ctxt) +{ + char *buf; + size_t len; + ssize_t rlen; + + len = 64; + buf = NULL; + do { + len *= 2; + buf = xrealloc(buf, len); + rlen = recv(ctxt->pam_sock, buf, len, MSG_PEEK); + if (rlen < 1) { + xfree(buf); + return (NULL); + } + } while (rlen == len); + if (recv(ctxt->pam_sock, buf, len, 0) != rlen) { + xfree(buf); + return (NULL); + } + if (ctxt->pam_pid != 0) + debug2("from child: %s", buf); + return (buf); +} + +/* + * Conversation function for child process. + */ +static int +pam_child_conv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + struct pam_ctxt *ctxt; + int i; + + ctxt = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + pam_send(ctxt, "p%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + pam_send(ctxt, "P%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); + break; + case PAM_ERROR_MSG: + pam_send(ctxt, "e%s", msg[i]->msg); + break; + case PAM_TEXT_INFO: + pam_send(ctxt, "i%s", msg[i]->msg); + break; + default: + goto fail; + } + } + return (PAM_SUCCESS); + fail: + while (i) + free(resp[--i]); + free(*resp); + *resp = NULL; + return (PAM_CONV_ERR); +} + +/* + * Child process. + */ +static void * +pam_child(struct pam_ctxt *ctxt) +{ + struct pam_conv pam_conv; + pam_handle_t *pamh; + int pam_err; + + pam_conv.conv = pam_child_conv; + pam_conv.appdata_ptr = ctxt; + pam_err = pam_start("sshd", ctxt->pam_user, &pam_conv, &pamh); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_err = pam_authenticate(pamh, 0); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_err = pam_acct_mgmt(pamh, 0); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_send(ctxt, "=OK"); + pam_end(pamh, pam_err); + exit(0); + auth_fail: + pam_send(ctxt, "!%s", pam_strerror(pamh, pam_err)); + pam_end(pamh, pam_err); + exit(0); +} + +static void * +pam_init_ctx(Authctxt *authctxt) +{ + struct pam_ctxt *ctxt; + int socks[2]; + int i; + + ctxt = xmalloc(sizeof *ctxt); + ctxt->pam_user = xstrdup(authctxt->user); + ctxt->pam_done = 0; + if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, socks) == -1) { + error("%s: failed create sockets: %s", + __func__, strerror(errno)); + xfree(ctxt); + return (NULL); + } + if ((ctxt->pam_pid = fork()) == -1) { + error("%s: failed to fork auth-pam child: %s", + __func__, strerror(errno)); + close(socks[0]); + close(socks[1]); + xfree(ctxt); + return (NULL); + } + if (ctxt->pam_pid == 0) { + /* close everything except our end of the pipe */ + ctxt->pam_sock = socks[1]; + for (i = 0; i < getdtablesize(); ++i) + if (i != ctxt->pam_sock) + close(i); + pam_child(ctxt); + /* not reached */ + exit(1); + } + ctxt->pam_sock = socks[0]; + close(socks[1]); + return (ctxt); +} + +static int +pam_query(void *ctx, char **name, char **info, + u_int *num, char ***prompts, u_int **echo_on) +{ + struct pam_ctxt *ctxt = ctx; + size_t plen; + char *msg; + + *name = xstrdup(""); + *info = xstrdup(""); + *prompts = xmalloc(sizeof(char *)); + **prompts = NULL; + plen = 0; + *echo_on = xmalloc(sizeof(u_int)); + while ((msg = pam_receive(ctxt)) != NULL) { + switch (*msg) { + case 'P': + case 'p': + *num = 1; + **prompts = xrealloc(**prompts, plen + strlen(msg)); + plen += sprintf(**prompts + plen, "%s", msg + 1); + **echo_on = (*msg == 'P'); + xfree(msg); + return (0); + case 'e': + case 'i': + /* accumulate messages */ + **prompts = xrealloc(**prompts, plen + strlen(msg)); + plen += sprintf(**prompts + plen, "%s", msg + 1); + break; + case '=': + case '!': + if (**prompts != NULL) { + /* drain any accumulated messages */ +#if 0 /* not compatible with privsep */ + packet_start(SSH2_MSG_USERAUTH_BANNER); + packet_put_cstring(**prompts); + packet_put_cstring(""); + packet_send(); + packet_write_wait(); +#endif + xfree(**prompts); + **prompts = NULL; + } + if (*msg == '=') { + *num = 0; + **echo_on = 0; + ctxt->pam_done = 1; + xfree(msg); + return (0); + } + error("%s", msg + 1); + default: + *num = 0; + **echo_on = 0; + xfree(msg); + ctxt->pam_done = -1; + return (-1); + } + xfree(msg); + } + return (-1); +} + +static int +pam_respond(void *ctx, u_int num, char **resp) +{ + struct pam_ctxt *ctxt = ctx; + char *msg; + + debug2(__func__); + switch (ctxt->pam_done) { + case 1: + return (0); + case 0: + break; + default: + return (-1); + } + if (num != 1) { + error("expected one response, got %u", num); + return (-1); + } + pam_send(ctxt, "%s", *resp); + switch (pam_peek(ctxt)) { + case 'P': + case 'p': + case 'e': + case 'i': + return (1); + case '=': + msg = pam_receive(ctxt); + xfree(msg); + ctxt->pam_done = 1; + return (0); + default: + msg = pam_receive(ctxt); + if (*msg == '!') + error("%s", msg + 1); + xfree(msg); + ctxt->pam_done = -1; + return (-1); + } +} + +static void +pam_free_ctx(void *ctxtp) +{ + struct pam_ctxt *ctxt = ctxtp; + int status; + + close(ctxt->pam_sock); + kill(ctxt->pam_pid, SIGHUP); + waitpid(ctxt->pam_pid, &status, 0); + xfree(ctxt->pam_user); + xfree(ctxt); +} + +KbdintDevice pam_device = { + "pam", + pam_init_ctx, + pam_query, + pam_respond, + pam_free_ctx +}; + +KbdintDevice mm_pam_device = { + "pam", + mm_pam_init_ctx, + mm_pam_query, + mm_pam_respond, + mm_pam_free_ctx +}; + +#endif /* USE_PAM */ Property changes on: head/security/openssh-portable/files/auth2-pam-freebsd.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/batch.patch =================================================================== --- head/security/openssh-portable/files/batch.patch (revision 62436) +++ head/security/openssh-portable/files/batch.patch (revision 62437) @@ -1,49 +1,48 @@ ---- Makefile.in.orig Tue Feb 26 20:24:22 2002 -+++ Makefile.in Fri Mar 8 22:02:48 2002 -@@ -183,7 +183,7 @@ - autoreconf +--- Makefile.in.orig Wed Jun 26 01:45:42 2002 ++++ Makefile.in Thu Jul 4 20:23:43 2002 +@@ -199,6 +199,7 @@ (cd scard && $(MAKE) -f Makefile.in distprep) --install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key -+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files + install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user ++install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files check-user install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - scard-install: -@@ -222,37 +222,6 @@ + check-user: +@@ -251,37 +252,6 @@ ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ - $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ - $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ - fi - if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ - $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ - $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ - fi ; \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ - if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ - echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ - mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ - else \ - $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \ - fi ; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ - fi host-key: ssh-keygen$(EXEEXT) if [ -z "$(DESTDIR)" ] ; then \ Property changes on: head/security/openssh-portable/files/batch.patch ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.3 \ No newline at end of property +1.4 \ No newline at end of property Index: head/security/openssh-portable/files/patch-Makefile.in =================================================================== --- head/security/openssh-portable/files/patch-Makefile.in (nonexistent) +++ head/security/openssh-portable/files/patch-Makefile.in (revision 62437) @@ -0,0 +1,11 @@ +--- Makefile.in.orig Wed Jun 26 01:45:42 2002 ++++ Makefile.in Wed Jul 3 07:27:14 2002 +@@ -70,6 +70,8 @@ + MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 + MANTYPE = @MANTYPE@ + ++SSHDOBJS+= auth2-pam-freebsd.o ++ + CONFIGFILES=sshd_config.out ssh_config.out moduli.out + CONFIGFILES_IN=sshd_config ssh_config moduli + Property changes on: head/security/openssh-portable/files/patch-Makefile.in ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/patch-auth2-chall.c =================================================================== --- head/security/openssh-portable/files/patch-auth2-chall.c (nonexistent) +++ head/security/openssh-portable/files/patch-auth2-chall.c (revision 62437) @@ -0,0 +1,48 @@ +--- auth2-chall.c.orig Wed Jun 26 15:58:40 2002 ++++ auth2-chall.c Sun Jun 30 07:12:43 2002 +@@ -41,6 +42,9 @@ + #ifdef BSD_AUTH + extern KbdintDevice bsdauth_device; + #else ++#ifdef USE_PAM ++extern KbdintDevice pam_device; ++#endif + #ifdef SKEY + extern KbdintDevice skey_device; + #endif +@@ -50,6 +54,9 @@ + #ifdef BSD_AUTH + &bsdauth_device, + #else ++#ifdef USE_PAM ++ &pam_device, ++#endif + #ifdef SKEY + &skey_device, + #endif +@@ -323,15 +330,22 @@ + #ifdef BSD_AUTH + extern KbdintDevice mm_bsdauth_device; + #endif ++#ifdef USE_PAM ++ extern KbdintDevice mm_pam_device; ++#endif + #ifdef SKEY + extern KbdintDevice mm_skey_device; + #endif +- /* As long as SSHv1 has devices[0] hard coded this is fine */ ++ int n = 0; ++ + #ifdef BSD_AUTH +- devices[0] = &mm_bsdauth_device; ++ devices[n++] = &mm_bsdauth_device; + #else ++#ifdef USE_PAM ++ devices[n++] = &mm_pam_device; ++#endif + #ifdef SKEY +- devices[0] = &mm_skey_device; ++ devices[n++] = &mm_skey_device; + #endif + #endif + } Property changes on: head/security/openssh-portable/files/patch-auth2-chall.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.3 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/patch-monitor.c =================================================================== --- head/security/openssh-portable/files/patch-monitor.c (nonexistent) +++ head/security/openssh-portable/files/patch-monitor.c (revision 62437) @@ -0,0 +1,136 @@ +--- monitor.c.orig Wed Jun 26 15:27:11 2002 ++++ monitor.c Wed Jul 3 06:24:31 2002 +@@ -118,6 +127,10 @@ + + #ifdef USE_PAM + int mm_answer_pam_start(int, Buffer *); ++int mm_answer_pam_init_ctx(int, Buffer *); ++int mm_answer_pam_query(int, Buffer *); ++int mm_answer_pam_respond(int, Buffer *); ++int mm_answer_pam_free_ctx(int, Buffer *); + #endif + + static Authctxt *authctxt; +@@ -156,6 +169,10 @@ + {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, + #ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, ++ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, ++ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, ++ {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, ++ {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, + #endif + #ifdef BSD_AUTH + {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, +@@ -198,6 +215,10 @@ + #endif + #ifdef USE_PAM + {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, ++ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx}, ++ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query}, ++ {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, ++ {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, + #endif + {0, 0, NULL} + }; +@@ -732,6 +749,100 @@ + xfree(user); + + return (0); ++} ++ ++static void *pam_ctxt, *pam_authok; ++extern KbdintDevice pam_device; ++ ++int ++mm_answer_pam_init_ctx(int socket, Buffer *m) ++{ ++ ++ debug3("%s", __func__); ++ authctxt->user = buffer_get_string(m, NULL); ++ pam_ctxt = (pam_device.init_ctx)(authctxt); ++ pam_authok = NULL; ++ buffer_clear(m); ++ if (pam_ctxt != NULL) { ++ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); ++ buffer_put_int(m, 1); ++ } else { ++ buffer_put_int(m, 0); ++ } ++ mm_request_send(socket, MONITOR_ANS_PAM_INIT_CTX, m); ++ return (0); ++} ++ ++int ++mm_answer_pam_query(int socket, Buffer *m) ++{ ++ char *name, *info, **prompts; ++ u_int num, *echo_on; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ pam_authok = NULL; ++ ret = (pam_device.query)(pam_ctxt, &name, &info, &num, &prompts, &echo_on); ++ if (num > 1 || name == NULL || info == NULL) ++ ret = -1; ++ buffer_put_int(m, ret); ++ buffer_put_cstring(m, name); ++ xfree(name); ++ buffer_put_cstring(m, info); ++ xfree(info); ++ buffer_put_int(m, num); ++ for (i = 0; i < num; ++i) { ++ buffer_put_cstring(m, prompts[i]); ++ xfree(prompts[i]); ++ buffer_put_int(m, echo_on[i]); ++ } ++ if (prompts != NULL) ++ xfree(prompts); ++ if (echo_on != NULL) ++ xfree(echo_on); ++ mm_request_send(socket, MONITOR_ANS_PAM_QUERY, m); ++ return (0); ++} ++ ++int ++mm_answer_pam_respond(int socket, Buffer *m) ++{ ++ char **resp; ++ u_int num; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ pam_authok = NULL; ++ num = buffer_get_int(m); ++ if (num > 0) { ++ resp = xmalloc(num * sizeof(char *)); ++ for (i = 0; i < num; ++i) ++ resp[i] = buffer_get_string(m, NULL); ++ ret = (pam_device.respond)(pam_ctxt, num, resp); ++ for (i = 0; i < num; ++i) ++ xfree(resp[i]); ++ xfree(resp); ++ } else { ++ ret = (pam_device.respond)(pam_ctxt, num, NULL); ++ } ++ buffer_clear(m); ++ buffer_put_int(m, ret); ++ mm_request_send(socket, MONITOR_ANS_PAM_RESPOND, m); ++ auth_method = "keyboard-interactive/pam"; ++ if (ret == 0) ++ pam_authok = pam_ctxt; ++ return (0); ++} ++ ++int ++mm_answer_pam_free_ctx(int socket, Buffer *m) ++{ ++ ++ debug3("%s", __func__); ++ (pam_device.free_ctx)(pam_ctxt); ++ buffer_clear(m); ++ mm_request_send(socket, MONITOR_ANS_PAM_FREE_CTX, m); ++ return (pam_authok == pam_ctxt); + } + #endif + Property changes on: head/security/openssh-portable/files/patch-monitor.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/patch-monitor.h =================================================================== --- head/security/openssh-portable/files/patch-monitor.h (nonexistent) +++ head/security/openssh-portable/files/patch-monitor.h (revision 62437) @@ -0,0 +1,13 @@ +--- monitor.h.orig Tue Jun 11 18:42:49 2002 ++++ monitor.h Sun Jun 30 07:13:09 2002 +@@ -50,6 +51,10 @@ + MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, + MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, + MONITOR_REQ_PAM_START, ++ MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, ++ MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, ++ MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, ++ MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, + MONITOR_REQ_TERM + }; + Property changes on: head/security/openssh-portable/files/patch-monitor.h ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/patch-monitor_wrap.c =================================================================== --- head/security/openssh-portable/files/patch-monitor_wrap.c (nonexistent) +++ head/security/openssh-portable/files/patch-monitor_wrap.c (revision 62437) @@ -0,0 +1,107 @@ +--- monitor_wrap.c.orig Fri Jun 21 02:43:43 2002 ++++ monitor_wrap.c Sun Jun 30 07:13:18 2002 +@@ -664,6 +665,88 @@ + + buffer_free(&m); + } ++ ++void * ++mm_pam_init_ctx(Authctxt *authctxt) ++{ ++ Buffer m; ++ int success; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ buffer_put_cstring(&m, authctxt->user); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); ++ success = buffer_get_int(&m); ++ if (success == 0) { ++ debug3("%s: pam_init_ctx failed", __func__); ++ buffer_free(&m); ++ return (NULL); ++ } ++ buffer_free(&m); ++ return (authctxt); ++} ++ ++int ++mm_pam_query(void *ctx, char **name, char **info, ++ u_int *num, char ***prompts, u_int **echo_on) ++{ ++ Buffer m; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); ++ ret = buffer_get_int(&m); ++ debug3("%s: pam_query returned %d", __func__, ret); ++ *name = buffer_get_string(&m, NULL); ++ *info = buffer_get_string(&m, NULL); ++ *num = buffer_get_int(&m); ++ *prompts = xmalloc((*num + 1) * sizeof(char *)); ++ *echo_on = xmalloc((*num + 1) * sizeof(u_int)); ++ for (i = 0; i < *num; ++i) { ++ (*prompts)[i] = buffer_get_string(&m, NULL); ++ (*echo_on)[i] = buffer_get_int(&m); ++ } ++ buffer_free(&m); ++ return (ret); ++} ++ ++int ++mm_pam_respond(void *ctx, u_int num, char **resp) ++{ ++ Buffer m; ++ int i, ret; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ buffer_put_int(&m, num); ++ for (i = 0; i < num; ++i) ++ buffer_put_cstring(&m, resp[i]); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); ++ ret = buffer_get_int(&m); ++ debug3("%s: pam_respond returned %d", __func__, ret); ++ buffer_free(&m); ++ return (ret); ++} ++ ++void ++mm_pam_free_ctx(void *ctxtp) ++{ ++ Buffer m; ++ ++ debug3("%s", __func__); ++ buffer_init(&m); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); ++ debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); ++ buffer_free(&m); ++} + #endif /* USE_PAM */ + + /* Request process termination */ +@@ -767,6 +850,7 @@ + return ((authok == 0) ? -1 : 0); + } + ++#ifdef SKEY + int + mm_skey_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +@@ -829,6 +913,7 @@ + + return ((authok == 0) ? -1 : 0); + } ++#endif + + void + mm_ssh1_session_id(u_char session_id[16]) Property changes on: head/security/openssh-portable/files/patch-monitor_wrap.c ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/patch-monitor_wrap.h =================================================================== --- head/security/openssh-portable/files/patch-monitor_wrap.h (nonexistent) +++ head/security/openssh-portable/files/patch-monitor_wrap.h (revision 62437) @@ -0,0 +1,13 @@ +--- monitor_wrap.h.orig Mon May 13 03:07:42 2002 ++++ monitor_wrap.h Sun Jun 30 07:13:18 2002 +@@ -57,6 +58,10 @@ + + #ifdef USE_PAM + void mm_start_pam(char *); ++void *mm_pam_init_ctx(struct Authctxt *); ++int mm_pam_query(void *, char **, char **, u_int *, char ***, u_int **); ++int mm_pam_respond(void *, u_int, char **); ++void mm_pam_free_ctx(void *); + #endif + + void mm_terminate(void); Property changes on: head/security/openssh-portable/files/patch-monitor_wrap.h ___________________________________________________________________ Added: cvs2svn:cvs-rev ## -0,0 +1 ## +1.1 \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/security/openssh-portable/files/patch-sshd_config =================================================================== --- head/security/openssh-portable/files/patch-sshd_config (revision 62436) +++ head/security/openssh-portable/files/patch-sshd_config (revision 62437) @@ -1,10 +1,18 @@ --- sshd_config.orig Fri Jun 21 03:11:36 2002 -+++ sshd_config Fri Jun 28 06:55:46 2002 -@@ -58,6 +58,7 @@ ++++ sshd_config Wed Jul 3 06:20:47 2002 +@@ -34,6 +34,7 @@ + + #LoginGraceTime 600 + #PermitRootLogin yes ++PermitRootLogin no + #StrictModes yes + + #RSAAuthentication yes +@@ -58,6 +59,7 @@ # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no Property changes on: head/security/openssh-portable/files/patch-sshd_config ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.1 \ No newline at end of property +1.2 \ No newline at end of property