OpenSSH 2.3.0p1 port to BSDI BSD/OS

David J. MacKenzie djm at web.us.uu.net
Sat Feb 17 07:33:51 EST 2001 

> Could you please port up the latest snapshot
> at: http://bass.directhit.com/openssh_snap?
> 
> We are coming close to a 2.5.0p1 release so timing
> is pretty critical.

Here's a patch against CVS.  It also applies to the latest snapshot.
The mess regarding des.h on BSD/OS should probably be centralized somewhere.
Sorry about the timing.

Index: auth.h
===================================================================
--- auth.h	2001/02/15 03:08:27	1.11
+++ auth.h	2001/02/16 20:22:32
@@ -82,7 +82,13 @@
 int     auth_rsa_challenge_dialog(RSA *pk);
 
 #ifdef KRB4
-#include <krb.h>
+# include "cipher.h"
+# ifdef HAVE_BSD_AUTH_H
+#  define DES_DEFS /* prevent BSD/OS krb.h from including kerberosIV/des.h */
+#  include <kerberosIV/krb.h>
+# else /* !HAVE_BSD_AUTH_H */
+#  include <krb.h>
+# endif /* HAVE_BSD_AUTH_H */
 /*
  * Performs Kerberos v4 mutual authentication with the client. This returns 0
  * if the client could not be authenticated, and 1 if authentication was
Index: auth1.c
===================================================================
--- auth1.c	2001/02/15 03:14:11	1.34
+++ auth1.c	2001/02/16 20:22:32
@@ -24,6 +24,11 @@
 #include "auth.h"
 #include "session.h"
 
+#ifdef HAVE_BSD_AUTH_H
+# include <login_cap.h>
+# include <bsd_auth.h>
+#endif
+
 /* import */
 extern ServerOptions options;
 extern char *forced_command;
@@ -91,6 +96,8 @@
 	    auth_pam_password(pw, "")) {
 #elif defined(HAVE_OSF_SIA)
 	    0) {
+#elif defined(HAVE_BSD_AUTH_H)
+	    auth_userokay(authctxt->user, authctxt->style, "auth-ssh", "" )) {
 #else
 	    auth_password(pw, "")) {
 #endif
@@ -260,7 +267,10 @@
 			/* Do SIA auth with password */
 			authenticated = auth_sia_password(authctxt->user, 
 			    password);
-#else /* !USE_PAM && !HAVE_OSF_SIA */
+#elif defined(HAVE_BSD_AUTH_H)
+			authenticated = auth_userokay(authctxt->user, authctxt->style, 
+						      "auth-ssh", password);
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
 			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
 #endif /* USE_PAM */
@@ -324,6 +334,10 @@
 		if (authenticated && !do_pam_account(pw->pw_name, client_user))
 			authenticated = 0;
 #endif
+#ifdef HAVE_BSD_AUTH_H
+		if (authenticated && !auth_approval(NULL, NULL, pw->pw_name, "ssh"))
+		    authenticated = 0;
+#endif /* HAVE_BSD_AUTH_H */
 
 		/* Log before sending the reply */
 		auth_log(authctxt, authenticated, get_authname(type), info);
Index: auth2.c
===================================================================
--- auth2.c	2001/02/16 03:17:59	1.42
+++ auth2.c	2001/02/16 20:22:32
@@ -48,6 +48,11 @@
 #include "uidswap.h"
 #include "auth-options.h"
 
+#ifdef HAVE_BSD_AUTH_H
+# include <login_cap.h>
+# include <bsd_auth.h>
+#endif
+
 /* import */
 extern ServerOptions options;
 extern u_char *session_id2;
@@ -239,6 +244,10 @@
 	    NULL))
 		authenticated = 0;
 #endif /* USE_PAM */
+#ifdef HAVE_BSD_AUTH_H
+	if (authenticated && authctxt->user && !auth_approval(NULL, NULL, authctxt->user, "ssh"))
+	    authenticated = 0;
+#endif /* HAVE_BSD_AUTH_H */
 
 	/* Log before sending the reply */
 	auth_log(authctxt, authenticated, method, " ssh2");
@@ -340,7 +349,9 @@
 	return auth_pam_password(authctxt->pw, "");
 #elif defined(HAVE_OSF_SIA)
 	return 0;
-#else /* !HAVE_OSF_SIA && !USE_PAM */
+#elif defined(HAVE_BSD_AUTH_H)
+	return auth_userokay(authctxt->user, authctxt->style, "auth-ssh", "");
+#else /* !HAVE_OSF_SIA && !USE_PAM && !HAVE_BSD_AUTH_H */
 	return auth_password(authctxt->pw, "");
 #endif /* USE_PAM */
 }
@@ -365,7 +376,9 @@
 	    auth_pam_password(authctxt->pw, password) == 1)
 #elif defined(HAVE_OSF_SIA)
 	    auth_sia_password(authctxt->user, password) == 1)
-#else /* !USE_PAM && !HAVE_OSF_SIA */
+#elif defined(HAVE_BSD_AUTH_H)
+	    auth_userokay(authctxt->user, authctxt->style, "auth-ssh", password) != 0)
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
 	    auth_password(authctxt->pw, password) == 1)
 #endif /* USE_PAM */
 		authenticated = 1;
Index: configure.in
===================================================================
--- configure.in	2001/02/16 01:12:41	1.243
+++ configure.in	2001/02/16 20:22:32
@@ -354,7 +354,7 @@
 )
 
 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h regex.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h regex.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h bsd_auth.h)
 
 # Check whether user wants Kerberos support
 KRB4_MSG="no" 
Index: servconf.c
===================================================================
--- servconf.c	2001/02/15 03:08:27	1.40
+++ servconf.c	2001/02/16 20:22:32
@@ -13,7 +13,13 @@
 RCSID("$OpenBSD: servconf.c,v 1.67 2001/02/12 16:16:23 markus Exp $");
 
 #ifdef KRB4
-#include <krb.h>
+# include "cipher.h"
+# ifdef HAVE_BSD_AUTH_H
+#  define DES_DEFS /* prevent BSD/OS krb.h from including kerberosIV/des.h */
+#  include <kerberosIV/krb.h>
+# else /* !HAVE_BSD_AUTH_H */
+#  include <krb.h>
+# endif /* HAVE_BSD_AUTH_H */
 #endif
 #ifdef AFS
 #include <kafs.h>
Index: session.c
===================================================================
--- session.c	2001/02/16 16:02:14	1.77
+++ session.c	2001/02/16 20:22:32
@@ -1176,7 +1176,9 @@
 		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
 #ifdef HAVE_LOGIN_CAP
 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
-		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+		/* Update the path to the one setusercontext set for us */
+		if (getenv("PATH"))
+			child_set_env(&env, &envsize, "PATH", getenv("PATH"));
 #else /* HAVE_LOGIN_CAP */
 # ifndef HAVE_CYGWIN
 		/*
Index: sshconnect1.c
===================================================================
--- sshconnect1.c	2001/02/16 01:34:57	1.24
+++ sshconnect1.c	2001/02/16 20:22:32
@@ -19,7 +19,12 @@
 #include <openssl/evp.h>
 
 #ifdef KRB4
-#include <krb.h>
+# ifdef HAVE_BSD_AUTH_H
+#  define DES_DEFS /* prevent BSD/OS krb.h from including kerberosIV/des.h */
+#  include <kerberosIV/krb.h>
+# else /* !HAVE_BSD_AUTH_H */
+#  include <krb.h>
+# endif /* HAVE_BSD_AUTH_H */
 #endif
 #ifdef AFS
 #include <kafs.h>

More information about the openssh-unix-dev mailing list