head	1.27;
access;
symbols
	RELEASE_4_5_0:1.26
	RELEASE_4_4_0:1.26
	RELEASE_4_3_0:1.26
	RELEASE_4_2_0:1.26
	RELEASE_4_1_1:1.26
	RELEASE_4_1_0:1.25
	RELEASE_3_5_0:1.25
	RELEASE_4_0_0:1.24
	RELEASE_3_4_0:1.24
	RELEASE_3_3_0:1.24
	RELEASE_3_2_0:1.23
	RELEASE_3_1_0:1.23
	ssh_2_0_11:1.23
	RELEASE_3_0_0:1.21
	RELEASE_2_2_7:1.21
	RELEASE_2_2_6:1.20
	RELEASE_2_2_5:1.17
	RELEASE_2_2_1:1.10
	RELEASE_2_2_2:1.16;
locks; strict;
comment	@# @;


1.27
date	2002.02.22.02.52.25;	author knu;	state dead;
branches;
next	1.26;

1.26
date	2000.09.02.03.56.56;	author kris;	state Exp;
branches;
next	1.25;

1.25
date	2000.05.29.03.16.42;	author steve;	state Exp;
branches;
next	1.24;

1.24
date	99.06.18.20.02.24;	author ache;	state Exp;
branches;
next	1.23;

1.23
date	98.12.01.11.10.33;	author obrien;	state Exp;
branches;
next	1.22;

1.22
date	98.11.23.07.41.52;	author kuriyama;	state dead;
branches;
next	1.21;

1.21
date	98.06.12.07.55.13;	author dima;	state Exp;
branches;
next	1.20;

1.20
date	98.01.22.13.37.55;	author ache;	state Exp;
branches;
next	1.19;

1.19
date	98.01.22.12.04.15;	author ache;	state Exp;
branches;
next	1.18;

1.18
date	98.01.20.23.50.15;	author imp;	state Exp;
branches;
next	1.17;

1.17
date	97.06.11.11.09.00;	author ache;	state Exp;
branches;
next	1.16;

1.16
date	97.05.10.19.03.09;	author davidn;	state Exp;
branches;
next	1.15;

1.15
date	97.05.02.20.20.49;	author ache;	state Exp;
branches;
next	1.14;

1.14
date	97.04.25.05.01.05;	author peter;	state Exp;
branches;
next	1.13;

1.13
date	97.04.16.21.07.36;	author ache;	state Exp;
branches;
next	1.12;

1.12
date	97.04.16.19.48.26;	author ache;	state Exp;
branches;
next	1.11;

1.11
date	97.03.28.23.30.33;	author ache;	state Exp;
branches;
next	1.10;

1.10
date	97.02.27.00.44.32;	author ache;	state Exp;
branches;
next	1.9;

1.9
date	96.11.12.01.47.39;	author ache;	state Exp;
branches;
next	1.8;

1.8
date	96.11.12.00.13.38;	author ache;	state Exp;
branches;
next	1.7;

1.7
date	96.10.24.23.46.12;	author ache;	state dead;
branches;
next	1.6;

1.6
date	96.10.16.04.56.07;	author ache;	state Exp;
branches;
next	1.5;

1.5
date	96.07.18.11.33.46;	author torstenb;	state Exp;
branches;
next	1.4;

1.4
date	96.07.16.00.33.17;	author ache;	state Exp;
branches;
next	1.3;

1.3
date	96.06.07.04.33.25;	author peter;	state Exp;
branches;
next	1.2;

1.2
date	96.02.07.05.35.16;	author pst;	state Exp;
branches;
next	1.1;

1.1
date	96.02.06.02.57.10;	author pst;	state Exp;
branches;
next	;


desc
@@


1.27
log
@- Update to 3.1.0.

  PR:		ports/34740
  Submitted by:	larse@@ISI.EDU

- Add %%PORTDOCS%% to pkg-plist.

- Assign MAINTAINER to the submitter.

  Requested by:	issei (previous MAINTAINER)
@
text
@--- apps/ssh/Makefile.in.orig	Thu Aug 24 17:41:55 2000
+++ apps/ssh/Makefile.in	Sun Aug 27 01:16:01 2000
@@@@ -143,7 +143,7 @@@@
 INCLUDES = -I. -I$(srcdir) -I../.. -I$(srcdir) 	   -I$(top_builddir) -I$(top_srcdir) 	   -I../../include -I$(srcdir)/../../include
 
 
-LDADD = @@ssh2_ldadd_options@@
+LDADD = @@ssh2_ldadd_options@@ -lz
 DEPENDENCIES = ./libssh2.a ../../lib/libssh.a
 
 libssh2_a_SOURCES =  	agentclient.c 	sshchagent.c 	sshserver.c 	agentpath.c 	sshchsession.c 	sshstdiofilter.c 	authc-passwd.c 	sshchssh1agent.c 	sshunixconfig.c 	authc-pubkey.c 	sshchtcpfwd.c 	sshunixuserfiles.c 	auths-passwd.c 	sshchx11.c 	sshuserfiles.c 	auths-pubkey.c 	auths-kerberos.c 	authc-kerberos.c 	auths-kerberos-tgt.c 	authc-kerberos-tgt.c 	sshclient.c 	sshcommon.c 	readpass.c 	sshconfig.c 	sshauthmethodc.c 	sshauthmethods.c 	sshglob.c 	auths-common.c 	sshttyflags.c 	auths-hostbased.c 	authc-hostbased.c 	auths-hostbased-rhosts.c 	ssh2pgppub.c 	ssh2pgpsec.c 	ssh2pgputil.c 	sshappcommon.c 	sshfilecopy.c 	sshgetcwd.c 	sshfc_conn.c 	sshfc_glob.c 	sshfc_transfer.c 	sshfc_recurse.c 	sshserverprobe.c 	ssh1encode.c 	ssh1keydecode.c
@


1.26
log
@Upgrade to ssh-2.3.0.

PR:	ports/20869
Submitted by:	Issei Suzuki <issei@@issei.org> (Maintainer)
@
text
@@


1.25
log
@Update to version 2.1.0pl2.

PR:		18620
Submitted by:	maintainer
@
text
@d1 3
a3 3
--- apps/ssh/Makefile.in.orig	Thu Mar 30 21:41:56 2000
+++ apps/ssh/Makefile.in	Wed May 17 18:09:57 2000
@@@@ -134,7 +134,7 @@@@
d11 1
a11 1
 libssh2_a_SOURCES =  	agentclient.c 	sshchagent.c 	sshserver.c 	agentpath.c 	sshchsession.c 	sshstdiofilter.c 	authc-passwd.c 	sshchssh1agent.c 	sshunixconfig.c 	authc-pubkey.c 	sshchtcpfwd.c 	sshunixuserfiles.c 	auths-passwd.c 	sshchx11.c 	sshuserfiles.c 	auths-pubkey.c 	sshclient.c 	sshcommon.c 	readpass.c 	sshconfig.c 	sshauthmethodc.c 	sshauthmethods.c 	sshglob.c 	auths-common.c 	sshttyflags.c 	auths-hostbased.c 	authc-hostbased.c 	auths-hostbased-rhosts.c 	ssh2pgppub.c 	ssh2pgpsec.c 	ssh2pgputil.c 	sshappcommon.c 	sshfilecopy.c 	sshgetcwd.c 	sshfc_conn.c 	sshfc_glob.c 	sshfc_transfer.c 	sshfc_recurse.c 	sshserverprobe.c 	ssh1encode.c 	ssh1keydecode.c
@


1.24
log
@upgrade to 2.0.13
XXXtgetent from original PR fixed

PR: 12279
Submitted by: Issei Suzuki <issei@@issei.org>
@
text
@d1 4
a4 3
--- apps/ssh/Makefile.in.orig	Tue May 11 17:35:06 1999
+++ apps/ssh/Makefile.in	Fri Jun 18 16:04:37 1999
@@@@ -140,9 +140,10 @@@@
a5 5
 INCLUDES = -I. -I$(srcdir) -I../.. -I$(srcdir) \
 	   -I$(top_builddir) -I$(top_srcdir) \
-	   -I../../include -I$(srcdir)/../../include
+ 	   -I$(srcdir)/../../include -I${PREFIX}/include \
+	   -I${PREFIX}/include
d7 2
a8 2
-LDADD = -L. -L../../lib -lssh2 -lssh
+LDADD = -L. -L../../lib -lssh2 -lssh -lz
d11 1
a11 1
 libssh2_a_SOURCES = agentclient.c sshchagent.c sshserver.c \
@


1.23
log
@1. Update base ssh2 version from 2.0.9 to 2.0.11
   Ssh 2.0.9 has bugs abount updating utmp/wtmp file.

2. Now you can compile ssh2 to support TCP_Wrapper
   (security/tcp_wrapper) when you define USE_TCPWRAP=YES

3. Fix typo in MASTER_SITES
   (Thanks to Chris Piazza <norn@@home.net>)

4. Use /usr/lib/libz.so.* instead of libz in ssh2 source file.

5. Delete some obsolute pathes.

PR:		ports/8916
Submitted by:	issei@@jp.FreeBSD.ORG
@
text
@d1 3
a3 3
--- apps/ssh/Makefile.in.orig	Mon Nov 16 21:24:45 1998
+++ apps/ssh/Makefile.in	Tue Nov 24 19:06:58 1998
@@@@ -133,9 +133,9 @@@@
d5 1
a5 1
 INCLUDES = -I. -I$(srcdir) -I../.. -I$(srcdir) -I../../include \
d7 3
a9 2
-	   -I$(srcdir)/../../include 
+	   -I$(srcdir)/../../include -I${PREFIX}/include
@


1.22
log
@Oops, I forgot to remove old patches...
@
text
@d1 14
a14 108
*** sshd.c.WAS	Thu Jun 11 23:11:47 1998
--- sshd.c	Thu Jun 11 23:30:30 1998
***************
*** 2014,2020 ****
    pwcopy.pw_class = xstrdup(pw->pw_class);
    pwcopy.pw_change = pw->pw_change;
    pwcopy.pw_expire = pw->pw_expire;
! #endif /*  __bsdi__  && _BSDI_VERSION >= 199510 */
    pwcopy.pw_dir = xstrdup(pw->pw_dir);
    pwcopy.pw_shell = xstrdup(pw->pw_shell);
    pw = &pwcopy;
--- 2014,2020 ----
    pwcopy.pw_class = xstrdup(pw->pw_class);
    pwcopy.pw_change = pw->pw_change;
    pwcopy.pw_expire = pw->pw_expire;
! #endif /*  (__bsdi__  && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */
    pwcopy.pw_dir = xstrdup(pw->pw_dir);
    pwcopy.pw_shell = xstrdup(pw->pw_shell);
    pw = &pwcopy;
***************
*** 3045,3054 ****
    struct pty_cleanup_context cleanup_context;
  #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
    login_cap_t *lc;
  #endif
! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 
    struct timeval tp;
! #endif /*  __bsdi__ && _BSDI_VERSION >= 199510 */
  
  #ifdef HAVE_OSF1_C2_SECURITY
    {
--- 3045,3055 ----
    struct pty_cleanup_context cleanup_context;
  #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
    login_cap_t *lc;
+   time_t warnpassword, warnexpire;
  #endif
! #if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
    struct timeval tp;
! #endif /*  __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */
  
  #ifdef HAVE_OSF1_C2_SECURITY
    {
***************
*** 3183,3188 ****
--- 3184,3197 ----
  		   "The Regents of the University of California. ",
  		   "All rights reserved.");
  	}
+ #ifdef HAVE_LOGIN_CAP_H
+ #define DEFAULT_WARN	(2L * 7L * 86400L)	/* Two weeks */
+ 
+ 	warnpassword = login_getcaptime(lc, "warnpassword",
+ 	    DEFAULT_WARN, DEFAULT_WARN);
+ 	warnexpire = login_getcaptime(lc, "warnexpire",
+ 	    DEFAULT_WARN, DEFAULT_WARN);
+ #endif
  #endif
  
        /* Print /etc/motd unless a command was specified or printing it was
***************
*** 3206,3212 ****
  		fputs(line, stdout);
  	      fclose(f);
  	    }
! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
  	  if (pw->pw_change || pw->pw_expire)
  	    (void)gettimeofday(&tp, (struct timezone *)NULL);
  	  if (pw->pw_change)
--- 3215,3221 ----
  		fputs(line, stdout);
  	      fclose(f);
  	    }
! #if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510)
  	  if (pw->pw_change || pw->pw_expire)
  	    (void)gettimeofday(&tp, (struct timezone *)NULL);
  	  if (pw->pw_change)
***************
*** 3575,3581 ****
  	  while (fgets(buf, sizeof(buf), f))
  	    fputs(buf, stderr);
  	  fclose(f);
! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
  	  if (pw->pw_uid != UID_ROOT &&
  	      !login_getcapbool(lc, "ignorenologin", 0))
  	    exit(254);
--- 3584,3590 ----
  	  while (fgets(buf, sizeof(buf), f))
  	    fputs(buf, stderr);
  	  fclose(f);
! #if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
  	  if (pw->pw_uid != UID_ROOT &&
  	      !login_getcapbool(lc, "ignorenologin", 0))
  	    exit(254);
***************
*** 4121,4127 ****
--- 4130,4140 ----
  		  struct stat mailbuf;
  		  
  		  if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
+ #ifdef __FreeBSD__
+ 		    ;
+ #else
  		    printf("No mail.\n");
+ #endif
  		  else if (mailbuf.st_atime > mailbuf.st_mtime)
  		    printf("You have mail.\n");
  		  else
@


1.21
log
@1.2.22 -> 1.2.25

Somebody needs to go through patch-af to check it, since I'm not sure
about some of the stuff.

This version fixes a security flaw in previous version.
@
text
@@


1.20
log
@Don't print "No mail" for FreeBSD , just print nothing
@
text
@d1 108
a108 394
--- sshd.c.orig	Tue Jan 20 15:24:10 1998
+++ sshd.c	Thu Jan 22 16:29:19 1998
@@@@ -428,6 +428,10 @@@@
 #include "firewall.h"	/* TIS authsrv authentication */
 #endif
 
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif
+
 #ifdef _PATH_BSHELL
 #define DEFAULT_SHELL		_PATH_BSHELL
 #else
@@@@ -1594,6 +1598,38 @@@@
     endspent();
   }
 #endif /* HAVE_ETC_SHADOW */
+#ifdef __FreeBSD__
+  {
+    time_t currtime;
+
+    if (pwd->pw_change || pwd->pw_expire)
+ 	currtime = time(NULL);
+
+    /*
+     * Check for an expired password
+     */
+    if (pwd->pw_change && pwd->pw_change <= currtime)
+      {
+	debug("Account %.100s's password is too old - forced to change.",
+	      user);
+	if (options.forced_passwd_change)
+	  forced_command = "/usr/bin/passwd";
+	else
+	  {
+	    return 0;
+	  }
+      }
+    
+    /*
+     * Check for expired account
+     */
+    if (pwd->pw_expire && pwd->pw_expire <= currtime)
+      {
+	debug("Account %.100s has expired - access denied.", user);
+	return 0;
+      }
+  }
+#else   /* !FreeBSD */
   /*
    * Check if account is locked. Check if encrypted password starts
    * with "*LK*".
@@@@ -1605,6 +1641,7 @@@@
 	return 0;
       }
   }
+#endif /* !FreeBSD */
 #ifdef CHECK_ETC_SHELLS
   {
     int  invalid = 1;
@@@@ -1819,8 +1856,10 @@@@
   pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
   pwcopy.pw_uid = pw->pw_uid;
   pwcopy.pw_gid = pw->pw_gid;
-#if defined (__bsdi__) && _BSDI_VERSION >= 199510
+#if defined (HAVE_LOGIN_CAP_H) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
   pwcopy.pw_class = xstrdup(pw->pw_class);
+#endif /*  __bsdi__  && _BSDI_VERSION >= 199510 */
+#if defined (__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
   pwcopy.pw_change = pw->pw_change;
   pwcopy.pw_expire = pw->pw_expire;
 #endif /*  __bsdi__  && _BSDI_VERSION >= 199510 */
@@@@ -2793,9 +2832,13 @@@@
   struct sockaddr_in from;
   int fromlen;
   struct pty_cleanup_context cleanup_context;
-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 
+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
   struct timeval tp;
 #endif /*  __bsdi__ && _BSDI_VERSION >= 199510 */
+#ifdef HAVE_LOGIN_CAP_H
+  login_cap_t *lc;
+  time_t warnpassword, warnexpire;
+#endif
 
   /* We no longer need the child running on user's privileges. */
   userfile_uninit();
@@@@ -2867,10 +2910,18 @@@@
       record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
 		   &from);
 
+#ifdef HAVE_LOGIN_CAP_H
+      lc = login_getclass(pw->pw_class);
+      quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
+      if (!quiet_login) {
+#endif
       /* Check if .hushlogin exists.  Note that we cannot use userfile
          here because we are in the child. */
       sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
       quiet_login = stat(line, &st) >= 0;
+#ifdef HAVE_LOGIN_CAP_H
+      }
+#endif
       
       /* If the user has logged in before, display the time of last login. 
          However, don't display anything extra if a command has been 
@@@@ -2890,6 +2941,38 @@@@
 	  else
 	    printf("Last login: %s from %s\r\n", time_string, buf);
 	}
+#ifdef __FreeBSD__
+      if (command == NULL && !quiet_login)
+	{
+#ifdef HAVE_LOGIN_CAP_H
+	  char *cw;
+	  FILE *f;
+
+	  cw = login_getcapstr(lc, "copyright", NULL, NULL);
+	  if (cw != NULL && (f = fopen(cw, "r")) != NULL)
+	    {
+	      while (fgets(line, sizeof(line), f))
+		fputs(line, stdout);
+	      fclose(f);
+	    }
+	  else
+#endif
+	    printf("%s\n\t%s  %s\n\n",
+	    "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+	    "The Regents of the University of California. ",
+	    "All rights reserved.");
+	}
+#endif
+
+#ifdef HAVE_LOGIN_CAP_H
+#define DEFAULT_WARN  (2L * 7L * 86400L)  /* Two weeks */
+
+      warnpassword = login_getcaptime(lc, "warnpassword",
+				   DEFAULT_WARN, DEFAULT_WARN);
+      warnexpire = login_getcaptime(lc, "warnexpire",
+				     DEFAULT_WARN, DEFAULT_WARN);
+      login_close(lc);
+#endif
 
       /* Print /etc/motd unless a command was specified or printing it was
 	 disabled in server options.  Note that some machines appear to
@@@@ -2900,14 +2983,18 @@@@
 	  FILE *f;
 
 	  /* Print /etc/motd if it exists. */
-	  f = fopen("/etc/motd", "r");
+#ifdef HAVE_LOGIN_CAP_H
+	  f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r");
+#else
+  	  f = fopen("/etc/motd", "r");
+#endif
 	  if (f)
 	    {
 	      while (fgets(line, sizeof(line), f))
 		fputs(line, stdout);
 	      fclose(f);
 	    }
-#if defined (__bsdi__) && _BSDI_VERSION >= 199510
+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
 	  if (pw->pw_change || pw->pw_expire)
 	    (void)gettimeofday(&tp, (struct timezone *)NULL);
 	  if (pw->pw_change)
@@@@ -2915,7 +3002,11 @@@@
 	      fprintf(stderr,"Sorry -- your password has expired.\n");
 	      exit(254);
 	    } else if (pw->pw_change - tp.tv_sec <
+#ifdef HAVE_LOGIN_CAP_H
+		       warnpassword)
+#else
 		       2 * DAYSPERWEEK * SECSPERDAY)
+#endif
 	      fprintf(stderr,"Warning: your password expires on %s",
 		      ctime(&pw->pw_change));
 	  if (pw->pw_expire)
@@@@ -2923,7 +3014,11 @@@@
 	      fprintf(stderr,"Sorry -- your account has expired.\n");
 	      exit(254);
 	    } else if (pw->pw_expire - tp.tv_sec <
+#ifdef HAVE_LOGIN_CAP_H
+		       warnexpire)
+#else
 		       2 * DAYSPERWEEK * SECSPERDAY)
+#endif
 	      fprintf(stderr,"Warning: your account expires on %s",
 		      ctime(&pw->pw_expire));
 #endif /* __bsdi__ & _BSDI_VERSION >= 199510   */
@@@@ -3182,6 +3277,13 @@@@
 #if defined (__bsdi__) && _BSDI_VERSION >= 199510
   login_cap_t *lc = 0;
 #endif /* __bsdi__  && _BSDI_VERSION >= 199510  */
+#ifdef HAVE_LOGIN_CAP_H
+  login_cap_t *lc;
+  char *real_shell;
+  
+  lc = login_getclass(pw->pw_class);
+  auth_checknologin(lc);
+#else /* !HAVE_LOGIN_CAP_H */
 
   /* Check /etc/nologin. */
   f = fopen("/etc/nologin", "r");
@@@@ -3199,10 +3301,16 @@@@
       if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
 	exit(254);
 #else 
+#ifdef HAVE_LOGIN_CAP_H
+      if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
+	exit(254);
+#else
       if (pw->pw_uid != UID_ROOT)
 	exit(254);
+#endif
 #endif /* __bsdi__  && _BSDI_VERSION >= 199510 */ 
     }
+#endif /* HAVE_LOGIN_CAP_H */
 
   if (command != NULL)
     {
@@@@ -3216,6 +3324,7 @@@@
 	log_msg("executing remote command as user %.200s", pw->pw_name);
     }
   
+#ifndef HAVE_LOGIN_CAP_H
 #ifdef HAVE_SETLOGIN
   /* Set login name in the kernel.  Warning: setsid() must be called before
      this. */
@@@@ -3236,6 +3345,7 @@@@
   if (setpcred((char *)pw->pw_name, NULL))
     log_msg("setpcred %.100s: %.100s", strerror(errno));
 #endif /* HAVE_USERSEC_H */
+#endif /* !HAVE_LOGIN_CAP_H */
 
   /* Save some data that will be needed so that we can do certain cleanups
      before we switch to user's uid.  (We must clear all sensitive data 
@@@@ -3306,6 +3416,66 @@@@
   if (command != NULL || !options.use_login)
 #endif /* USELOGIN */
     {
+#ifdef HAVE_LOGIN_CAP_H
+      char *p, *s, **tmpenv;
+
+      /* Initialize the new environment.
+       */
+      envsize = 64;
+      env = xmalloc(envsize * sizeof(char *));
+      env[0] = NULL;
+
+      child_set_env(&env, &envsize, "PATH", DEFAULT_PATH);
+
+#ifdef MAIL_SPOOL_DIRECTORY
+      sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
+      child_set_env(&env, &envsize, "MAIL", buf);
+#else /* MAIL_SPOOL_DIRECTORY */
+#ifdef MAIL_SPOOL_FILE
+      sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
+      child_set_env(&env, &envsize, "MAIL", buf);
+#endif /* MAIL_SPOOL_FILE */
+#endif /* MAIL_SPOOL_DIRECTORY */
+
+      /* Let it inherit timezone if we have one. */
+      if (getenv("TZ"))
+	child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+
+      /* Save previous environment array
+       */
+      tmpenv = environ;
+      environ = env;
+
+      /* Set the user's login environment
+       */
+      if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
+	{
+	  perror("setusercontext");
+	  exit(1);
+	}
+
+      p = getenv("PATH");
+      s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR));
+      *s = '\0';
+      if (p != NULL)
+	{
+	  strcat(s, p);
+	  strcat(s, ":");
+	}
+      strcat(s, SSH_BINDIR);
+
+      env = environ;
+      environ = tmpenv; /* Restore parent environment */
+      for (envsize = 0; env[envsize] != NULL; ++envsize)
+	;
+      /* Reallocate this to what is expected */
+      envsize = (envsize < 100) ? 100 : envsize + 16;
+      env = xrealloc(env, envsize * sizeof(char *));
+
+      child_set_env(&env, &envsize, "PATH", s);
+      xfree(s);
+
+#else /* !HAVE_LOGIN_CAP_H */
       /* Set uid, gid, and groups. */
       if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
 	{ 
@@@@ -3337,6 +3507,7 @@@@
       
       if (getuid() != user_uid || geteuid() != user_uid)
 	fatal("Failed to set uids to %d.", (int)user_uid);
+#endif /* HAVE_LOGIN_CAP_H */
     }
   
   /* Reset signals to their default settings before starting the user
@@@@ -3364,11 +3535,16 @@@@
      and means /bin/sh. */
   shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
 
+#ifdef HAVE_LOGIN_CAP_H
+  real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
+  login_close(lc);
+#else /* !HAVE_LOGIN_CAP_H */
   /* Initialize the environment.  In the first part we allocate space for
      all environment variables. */
   envsize = 100;
   env = xmalloc(envsize * sizeof(char *));
   env[0] = NULL;
+#endif /* HAVE_LOGIN_CAP_H */
 
 #ifdef USELOGIN
   if (command != NULL || !options.use_login)
@@@@ -3378,6 +3554,8 @@@@
       child_set_env(&env, &envsize, "HOME", user_dir);
       child_set_env(&env, &envsize, "USER", user_name);
       child_set_env(&env, &envsize, "LOGNAME", user_name);
+
+#ifndef HAVE_LOGIN_CAP_H
       child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
       
 #ifdef MAIL_SPOOL_DIRECTORY
@@@@ -3389,6 +3567,7 @@@@
       child_set_env(&env, &envsize, "MAIL", buf);
 #endif /* MAIL_SPOOL_FILE */
 #endif /* MAIL_SPOOL_DIRECTORY */
+#endif  /* !HAVE_LOGIN_CAP_H */
       
 #ifdef HAVE_ETC_DEFAULT_LOGIN
       /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
@@@@ -3404,9 +3583,11 @@@@
     child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
 		  original_command);
   
+#ifndef HAVE_LOGIN_CAP_H
   /* Let it inherit timezone if we have one. */
   if (getenv("TZ"))
     child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+#endif /* !HAVE_LOGIN_CAP_H */
   
   /* Set custom environment options from RSA authentication. */
   while (custom_environment) 
@@@@ -3632,7 +3813,11 @@@@
 		  struct stat mailbuf;
 		  
 		  if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
+#ifdef __FreeBSD__
+		    ;
+#else
 		    printf("No mail.\n");
+#endif
 		  else if (mailbuf.st_atime > mailbuf.st_mtime)
 		    printf("You have mail.\n");
 		  else
@@@@ -3647,7 +3832,11 @@@@
 	  /* Execute the shell. */
 	  argv[0] = buf;
 	  argv[1] = NULL;
+#ifdef HAVE_LOGIN_CAP_H
+	  execve(real_shell, argv, env);
+#else
 	  execve(shell, argv, env);
+#endif /* HAVE_LOGIN_CAP_H */
 	  /* Executing the shell failed. */
 	  perror(shell);
 	  exit(1);
@@@@ -3668,7 +3857,11 @@@@
   argv[1] = "-c";
   argv[2] = (char *)command;
   argv[3] = NULL;
+#ifdef HAVE_LOGIN_CAP_H
+  execve(real_shell, argv, env);
+#else
   execve(shell, argv, env);
+#endif /* HAVE_LOGIN_CAP_H */
   perror(shell);
   exit(1);
 }
@


1.19
log
@Fix .hushlogin support
Remove FreeBSD mail check, now done elsewhere in the code
Use bsdi code to warn about expired/changed passwords
Move misplaced login_close up
@
text
@d2 1
a2 1
+++ sshd.c	Thu Jan 22 14:55:40 1998
d359 13
a371 1
@@@@ -3647,7 +3828,11 @@@@
d383 1
a383 1
@@@@ -3668,7 +3853,11 @@@@
@


1.18
log
@Upgrade to ssh 1.2.22.  Please send problems with the upgrade to me.
1.2.22 fixes a security hole with ssh-agent, so users are encouraged
to upgrade.

OK'd by: Torsten Blum (torstenb@@freebsd.org)
@
text
@d1 2
a2 2
--- sshd.c~	Tue Jan 20 05:24:10 1998
+++ sshd.c	Tue Jan 20 14:50:40 1998
d14 1
a14 2
@@@@ -1593,7 +1597,39 @@@@
       }
d17 1
a17 2
-#endif /* HAVE_ETC_SHADOW */
+#endif /* HAVE_ETC_SHADOW */
d61 1
a61 3
@@@@ -1817,6 +1854,9 @@@@
   memset(&pwcopy, 0, sizeof(pwcopy));
   pwcopy.pw_name = xstrdup(pw->pw_name);
a62 3
+#ifdef HAVE_LOGIN_CAP_H
+  pwcopy.pw_class = xstrdup(pw->pw_class);
+#endif
d65 14
a78 3
 #if defined (__bsdi__) && _BSDI_VERSION >= 199510
@@@@ -2796,6 +2836,9 @@@@
 #if defined (__bsdi__) && _BSDI_VERSION >= 199510 
d83 1
d88 1
a88 1
@@@@ -2867,11 +2910,19 @@@@
d94 2
a96 1
+
a100 1
       
d102 1
a102 1
+      quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
d104 1
a104 1
+
d107 1
a107 2
 	 specified (so that ssh can be used to execute commands on a remote
@@@@ -2890,6 +2941,28 @@@@
d133 10
d146 1
a146 1
@@@@ -2900,13 +2973,40 @@@@
d162 13
a174 12
+#ifdef __FreeBSD__
+      if (command == NULL && !quiet_login)
+	{
+#ifdef broken_HAVE_LOGIN_CAP_H
+	  char *mp = getenv("MAIL");
+
+	  if (mp != NULL)
+	    {
+		strncpy(line, mp, sizeof line);
+		line[sizeof line - 1] = '\0';
+	    }
+	  else
d176 7
a182 7
+	  sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name);
+	  if (stat(line, &st) == 0 && st.st_size != 0)
+	    printf("You have %smail.\n",
+		   (st.st_mtime > st.st_atime) ? "new " : "");
+	}
+#endif
+
d184 3
a186 1
+      login_close(lc);
d188 4
a191 4
 #if defined (__bsdi__) && _BSDI_VERSION >= 199510
 	  if (pw->pw_change || pw->pw_expire)
 	    (void)gettimeofday(&tp, (struct timezone *)NULL);
@@@@ -3182,6 +3282,13 @@@@
d205 2
a206 1
@@@@ -3203,6 +3310,7 @@@@
d208 8
@


1.17
log
@Handle expired and changed password timeouts now
@
text
@d1 24
a24 26
*** sshd.c.orig	Wed Apr 23 04:40:08 1997
--- sshd.c	Wed Jun 11 14:56:57 1997
***************
*** 400,405 ****
--- 400,409 ----
  #include "firewall.h"	/* TIS authsrv authentication */
  #endif
  
+ #ifdef HAVE_LOGIN_CAP_H
+ #include <login_cap.h>
+ #endif
+ 
  #ifdef _PATH_BSHELL
  #define DEFAULT_SHELL		_PATH_BSHELL
  #else
***************
*** 1542,1547 ****
--- 1546,1583 ----
      endspent();
    }
  #endif /* HAVE_ETC_SHADOW */
+ #ifdef __FreeBSD__
+   {
+     time_t currtime;
+ 
+     if (pwd->pw_change || pwd->pw_expire)
d26 331
a356 396
+ 
+     /*
+      * Check for an expired password
+      */
+     if (pwd->pw_change && pwd->pw_change <= currtime)
+       {
+ 	debug("Account %.100s's password is too old - forced to change.",
+ 	      user);
+ 	if (options.forced_passwd_change)
+ 	  forced_command = "/usr/bin/passwd";
+ 	else
+ 	  {
+ 	    return 0;
+ 	  }
+       }
+     
+     /*
+      * Check for expired account
+      */
+     if (pwd->pw_expire && pwd->pw_expire <= currtime)
+       {
+ 	debug("Account %.100s has expired - access denied.", user);
+ 	return 0;
+       }
+   }
+ #else   /* !FreeBSD */
    /*
     * Check if account is locked. Check if encrypted password starts
     * with "*LK*".
***************
*** 1553,1558 ****
--- 1589,1595 ----
  	return 0;
        }
    }
+ #endif  /* !FreeBSD */
  #ifdef CHECK_ETC_SHELLS
    {
      int  invalid = 1;
***************
*** 1698,1703 ****
--- 1735,1743 ----
    memset(&pwcopy, 0, sizeof(pwcopy));
    pwcopy.pw_name = xstrdup(pw->pw_name);
    pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
+ #ifdef HAVE_LOGIN_CAP_H
+   pwcopy.pw_class = xstrdup(pw->pw_class);
+ #endif
    pwcopy.pw_uid = pw->pw_uid;
    pwcopy.pw_gid = pw->pw_gid;
    pwcopy.pw_dir = xstrdup(pw->pw_dir);
***************
*** 2654,2659 ****
--- 2694,2702 ----
    struct sockaddr_in from;
    int fromlen;
    struct pty_cleanup_context cleanup_context;
+ #ifdef HAVE_LOGIN_CAP_H
+   login_cap_t *lc;
+ #endif
  
    /* We no longer need the child running on user's privileges. */
    userfile_uninit();
***************
*** 2725,2735 ****
        record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
  		   &from);
  
        /* Check if .hushlogin exists.  Note that we cannot use userfile
           here because we are in the child. */
        sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
        quiet_login = stat(line, &st) >= 0;
!       
        /* If the user has logged in before, display the time of last login. 
           However, don't display anything extra if a command has been 
  	 specified (so that ssh can be used to execute commands on a remote
--- 2768,2786 ----
        record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
  		   &from);
  
+ #ifdef HAVE_LOGIN_CAP_H
+       lc = login_getclass(pw->pw_class);
+ #endif
+ 
        /* Check if .hushlogin exists.  Note that we cannot use userfile
           here because we are in the child. */
        sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
        quiet_login = stat(line, &st) >= 0;
! 
! #ifdef HAVE_LOGIN_CAP_H
!       quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
! #endif
! 
        /* If the user has logged in before, display the time of last login. 
           However, don't display anything extra if a command has been 
  	 specified (so that ssh can be used to execute commands on a remote
***************
*** 2749,2754 ****
--- 2800,2828 ----
  	    printf("Last login: %s from %s\r\n", time_string, buf);
  	}
  
+ #ifdef __FreeBSD__
+       if (command == NULL && !quiet_login)
+ 	{
+ #ifdef HAVE_LOGIN_CAP_H
+ 	  char *cw;
+ 	  FILE *f;
+ 
+ 	  cw = login_getcapstr(lc, "copyright", NULL, NULL);
+ 	  if (cw != NULL && (f = fopen(cw, "r")) != NULL)
+ 	    {
+ 	      while (fgets(line, sizeof(line), f))
+ 		fputs(line, stdout);
+ 	      fclose(f);
+ 	    }
+ 	  else
+ #endif
+ 	    printf("%s\n\t%s  %s\n\n",
+ 	    "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ 	    "The Regents of the University of California. ",
+ 	    "All rights reserved.");
+ 	}
+ #endif
+       
        /* Print /etc/motd unless a command was specified or printing it was
  	 disabled in server options.  Note that some machines appear to
  	 print it in /etc/profile or similar. */
***************
*** 2758,2764 ****
--- 2832,2842 ----
  	  FILE *f;
  
  	  /* Print /etc/motd if it exists. */
+ #ifdef HAVE_LOGIN_CAP_H
+ 	  f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r");
+ #else
  	  f = fopen("/etc/motd", "r");
+ #endif
  	  if (f)
  	    {
  	      while (fgets(line, sizeof(line), f))
***************
*** 2766,2771 ****
--- 2844,2872 ----
  	      fclose(f);
  	    }
  	}
+ #ifdef __FreeBSD__
+       if (command == NULL && !quiet_login)
+ 	{
+ #ifdef broken_HAVE_LOGIN_CAP_H
+ 	  char *mp = getenv("MAIL");
+ 
+ 	  if (mp != NULL)
+ 	    {
+ 		strncpy(line, mp, sizeof line);
+ 		line[sizeof line - 1] = '\0';
+ 	    }
+ 	  else
+ #endif
+ 	  sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name);
+ 	  if (stat(line, &st) == 0 && st.st_size != 0)
+ 	    printf("You have %smail.\n",
+ 		   (st.st_mtime > st.st_atime) ? "new " : "");
+ 	}
+ #endif
+ 
+ #ifdef HAVE_LOGIN_CAP_H
+       login_close(lc);
+ #endif
  
        /* Do common processing for the child, such as execing the command. */
        do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
***************
*** 3017,3023 ****
    char *user_shell;
    char *remote_ip;
    int remote_port;
!   
    /* Check /etc/nologin. */
    f = fopen("/etc/nologin", "r");
    if (f)
--- 3118,3130 ----
    char *user_shell;
    char *remote_ip;
    int remote_port;
! #ifdef HAVE_LOGIN_CAP_H
!   login_cap_t *lc;
!   char *real_shell;
!   
!   lc = login_getclass(pw->pw_class);
!   auth_checknologin(lc);
! #else /* !HAVE_LOGIN_CAP_H */
    /* Check /etc/nologin. */
    f = fopen("/etc/nologin", "r");
    if (f)
***************
*** 3031,3036 ****
--- 3138,3144 ----
        if (pw->pw_uid != UID_ROOT)
  	exit(254);
      }
+ #endif /* HAVE_LOGIN_CAP_H */
  
    if (command != NULL)
      {
***************
*** 3043,3049 ****
        else
  	log_msg("executing remote command as user %.200s", pw->pw_name);
      }
!   
  #ifdef HAVE_SETLOGIN
    /* Set login name in the kernel.  Warning: setsid() must be called before
       this. */
--- 3151,3158 ----
        else
  	log_msg("executing remote command as user %.200s", pw->pw_name);
      }
! 
! #ifndef HAVE_LOGIN_CAP_H
  #ifdef HAVE_SETLOGIN
    /* Set login name in the kernel.  Warning: setsid() must be called before
       this. */
***************
*** 3064,3069 ****
--- 3173,3179 ----
    if (setpcred((char *)pw->pw_name, NULL))
      log_msg("setpcred %.100s: %.100s", strerror(errno));
  #endif /* HAVE_USERSEC_H */
+ #endif /* !HAVE_LOGIN_CAP_H */
  
    /* Save some data that will be needed so that we can do certain cleanups
       before we switch to user's uid.  (We must clear all sensitive data 
***************
*** 3134,3139 ****
--- 3244,3309 ----
    if (command != NULL || !options.use_login)
  #endif /* USELOGIN */
      {
+ #ifdef HAVE_LOGIN_CAP_H
+       char *p, *s, **tmpenv;
+ 
+       /* Initialize the new environment.
+        */
+       envsize = 64;
+       env = xmalloc(envsize * sizeof(char *));
+       env[0] = NULL;
+ 
+       child_set_env(&env, &envsize, "PATH", DEFAULT_PATH);
+ 
+ #ifdef MAIL_SPOOL_DIRECTORY
+       sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
+       child_set_env(&env, &envsize, "MAIL", buf);
+ #else /* MAIL_SPOOL_DIRECTORY */
+ #ifdef MAIL_SPOOL_FILE
+       sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
+       child_set_env(&env, &envsize, "MAIL", buf);
+ #endif /* MAIL_SPOOL_FILE */
+ #endif /* MAIL_SPOOL_DIRECTORY */
+ 
+       /* Let it inherit timezone if we have one. */
+       if (getenv("TZ"))
+ 	child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ 
+       /* Save previous environment array
+        */
+       tmpenv = environ;
+       environ = env;
+ 
+       /* Set the user's login environment
+        */
+       if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
+ 	{
+ 	  perror("setusercontext");
+ 	  exit(1);
+ 	}
+ 
+       p = getenv("PATH");
+       s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR));
+       *s = '\0';
+       if (p != NULL)
+ 	{
+ 	  strcat(s, p);
+ 	  strcat(s, ":");
+ 	}
+       strcat(s, SSH_BINDIR);
+ 
+       env = environ;
+       environ = tmpenv; /* Restore parent environment */
+       for (envsize = 0; env[envsize] != NULL; ++envsize)
+ 	;
+       /* Reallocate this to what is expected */
+       envsize = (envsize < 100) ? 100 : envsize + 16;
+       env = xrealloc(env, envsize * sizeof(char *));
+ 
+       child_set_env(&env, &envsize, "PATH", s);
+       xfree(s);
+ 
+ #else /* !HAVE_LOGIN_CAP_H */
        /* Set uid, gid, and groups. */
        if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
  	{ 
***************
*** 3165,3170 ****
--- 3335,3341 ----
        
        if (getuid() != user_uid || geteuid() != user_uid)
  	fatal("Failed to set uids to %d.", (int)user_uid);
+ #endif /* HAVE_LOGIN_CAP_H */
      }
    
    /* Reset signals to their default settings before starting the user
***************
*** 3175,3185 ****
--- 3346,3361 ----
       and means /bin/sh. */
    shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
  
+ #ifdef HAVE_LOGIN_CAP_H
+   real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
+   login_close(lc);
+ #else /* !HAVE_LOGIN_CAP_H */
    /* Initialize the environment.  In the first part we allocate space for
       all environment variables. */
    envsize = 100;
    env = xmalloc(envsize * sizeof(char *));
    env[0] = NULL;
+ #endif /* HAVE_LOGIN_CAP_H */
  
  #ifdef USELOGIN
    if (command != NULL || !options.use_login)
***************
*** 3189,3194 ****
--- 3365,3372 ----
        child_set_env(&env, &envsize, "HOME", user_dir);
        child_set_env(&env, &envsize, "USER", user_name);
        child_set_env(&env, &envsize, "LOGNAME", user_name);
+ 
+ #ifndef HAVE_LOGIN_CAP_H
        child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
        
  #ifdef MAIL_SPOOL_DIRECTORY
***************
*** 3200,3205 ****
--- 3378,3384 ----
        child_set_env(&env, &envsize, "MAIL", buf);
  #endif /* MAIL_SPOOL_FILE */
  #endif /* MAIL_SPOOL_DIRECTORY */
+ #endif  /* !HAVE_LOGIN_CAP_H */
        
  #ifdef HAVE_ETC_DEFAULT_LOGIN
        /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
***************
*** 3215,3223 ****
--- 3394,3404 ----
      child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
  		  original_command);
    
+ #ifndef HAVE_LOGIN_CAP_H
    /* Let it inherit timezone if we have one. */
    if (getenv("TZ"))
      child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ #endif /* !HAVE_LOGIN_CAP_H */
    
    /* Set custom environment options from RSA authentication. */
    while (custom_environment) 
***************
*** 3437,3443 ****
--- 3618,3628 ----
  	  /* Execute the shell. */
  	  argv[0] = buf;
  	  argv[1] = NULL;
+ #ifdef HAVE_LOGIN_CAP_H
+ 	  execve(real_shell, argv, env);
+ #else
  	  execve(shell, argv, env);
+ #endif /* HAVE_LOGIN_CAP_H */
  	  /* Executing the shell failed. */
  	  perror(shell);
  	  exit(1);
***************
*** 3458,3464 ****
--- 3643,3653 ----
    argv[1] = "-c";
    argv[2] = (char *)command;
    argv[3] = NULL;
+ #ifdef HAVE_LOGIN_CAP_H
+   execve(real_shell, argv, env);
+ #else
    execve(shell, argv, env);
+ #endif /* HAVE_LOGIN_CAP_H */
    perror(shell);
    exit(1);
  }
@


1.16
log
@login_getclass() -> login_getpwclass().
@
text
@d2 1
a2 1
--- sshd.c	Sat May  3 00:04:30 1997
d17 51
d69 1
a69 1
--- 1702,1710 ----
d81 1
a81 1
--- 2661,2669 ----
d104 1
a104 1
--- 2735,2753 ----
d126 1
a126 1
--- 2767,2795 ----
d158 1
a158 1
--- 2799,2809 ----
d172 1
a172 1
--- 2811,2839 ----
d211 1
a211 1
--- 3085,3097 ----
d227 1
a227 1
--- 3105,3111 ----
d244 1
a244 1
--- 3118,3125 ----
d255 1
a255 1
--- 3140,3146 ----
d265 1
a265 1
--- 3211,3276 ----
d334 1
a334 1
--- 3302,3308 ----
d344 1
a344 1
--- 3313,3328 ----
d363 1
a363 1
--- 3332,3339 ----
d374 1
a374 1
--- 3345,3351 ----
d384 1
a384 1
--- 3361,3371 ----
d398 1
a398 1
--- 3585,3595 ----
d412 1
a412 1
--- 3610,3620 ----
@


1.15
log
@Fix 3 error with login.conf
1) pw->pw_class was always zero since not copied
2) login_getuserclass() used instead of login_getclass(), so
default class always returned
3) env pointer can be redefined at the moment of setusercontext() call
@
text
@d58 1
a58 1
+       lc = login_getclass(pw);
d168 1
a168 1
!   lc = login_getclass(pw);
@


1.14
log
@Update from ssh-1.2.19 to ssh-1.2.20.  All patches applied still, I just
regenerated them to fix the line numbers.  Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
@
text
@d1 2
a2 2
*** sshd.c.orig	Wed Apr 23 08:40:08 1997
--- sshd.c	Fri Apr 25 12:40:20 1997
d17 12
d30 1
a30 1
--- 2658,2666 ----
d53 1
a53 1
--- 2732,2750 ----
d75 1
a75 1
--- 2764,2792 ----
d107 1
a107 1
--- 2796,2806 ----
d121 1
a121 1
--- 2808,2836 ----
d160 1
a160 1
--- 3082,3094 ----
d168 1
a168 1
!   lc = login_getuserclass(pw);
d176 1
a176 1
--- 3102,3108 ----
d193 1
a193 1
--- 3115,3122 ----
d204 1
a204 1
--- 3137,3143 ----
d214 1
a214 1
--- 3208,3271 ----
a220 3
+       /* Save previous environment array
+        */
+       tmpenv = environ;
d224 1
a224 1
+       environ = env = xmalloc(envsize * sizeof(char *));
d243 5
d283 1
a283 1
--- 3297,3303 ----
d293 1
a293 1
--- 3308,3323 ----
d312 1
a312 1
--- 3327,3334 ----
d323 1
a323 1
--- 3340,3346 ----
d333 1
a333 1
--- 3356,3366 ----
d347 1
a347 1
--- 3580,3590 ----
d361 1
a361 1
--- 3605,3615 ----
@


1.13
log
@Disable extended LOGIN_CAP $MAIL processing until it will be fixed
properly. In old variant /var/mail/root was always checked instead of
/var/mail/<user>
@
text
@d1 2
a2 2
*** sshd.c.orig	Sun Apr  6 03:57:00 1997
--- sshd.c	Wed Apr 16 23:27:28 1997
d4 2
a5 2
*** 379,384 ****
--- 379,388 ----
d17 2
a18 2
*** 2617,2622 ****
--- 2621,2629 ----
d29 1
a29 1
*** 2688,2698 ****
d41 1
a41 1
--- 2695,2713 ----
d62 2
a63 2
*** 2712,2717 ****
--- 2727,2755 ----
d94 2
a95 2
*** 2721,2727 ****
--- 2759,2769 ----
d108 2
a109 2
*** 2729,2734 ****
--- 2771,2799 ----
d140 1
a140 1
*** 2986,2992 ****
d148 1
a148 1
--- 3051,3063 ----
d163 2
a164 2
*** 3000,3005 ****
--- 3071,3077 ----
d173 1
a173 1
*** 3012,3018 ****
d181 1
a181 1
--- 3084,3091 ----
d191 2
a192 2
*** 3033,3038 ****
--- 3106,3112 ----
d201 2
a202 2
*** 3103,3108 ****
--- 3177,3240 ----
d268 2
a269 2
*** 3134,3139 ****
--- 3266,3272 ----
d278 2
a279 2
*** 3144,3154 ****
--- 3277,3292 ----
d297 2
a298 2
*** 3158,3163 ****
--- 3296,3303 ----
d308 2
a309 2
*** 3169,3174 ****
--- 3309,3315 ----
d318 2
a319 2
*** 3184,3192 ****
--- 3325,3335 ----
d332 2
a333 2
*** 3406,3412 ****
--- 3549,3559 ----
d346 2
a347 2
*** 3427,3433 ****
--- 3574,3584 ----
@


1.12
log
@Upgrade to 1.2.19
@
text
@d116 1
a116 1
+ #ifdef HAVE_LOGIN_CAP_H
@


1.11
log
@Upgrade to 1.2.18
@
text
@d1 2
a2 2
*** sshd.c.orig	Thu Mar 27 09:04:08 1997
--- sshd.c	Sat Mar 29 02:11:03 1997
d4 2
a5 2
*** 370,375 ****
--- 370,379 ----
d17 47
a63 2
*** 2697,2702 ****
--- 2701,2716 ----
d70 14
a83 1
+ 	  printf("%s\n\t%s  %s\n\n",
d85 2
a86 2
+ 		    "The Regents of the University of California. ",
+ 		    "All rights reserved.");
d94 16
a109 2
*** 2714,2719 ****
--- 2728,2742 ----
d116 10
d132 4
d140 1
a140 1
*** 2969,2975 ****
d148 1
a148 1
--- 2992,3004 ----
d163 2
a164 2
*** 2983,2988 ****
--- 3012,3018 ----
d173 1
a173 1
*** 2995,3001 ****
d181 1
a181 1
--- 3025,3032 ----
d191 2
a192 2
*** 3016,3021 ****
--- 3047,3053 ----
d201 2
a202 2
*** 3086,3091 ****
--- 3118,3181 ----
d268 2
a269 2
*** 3117,3122 ****
--- 3207,3213 ----
d278 2
a279 2
*** 3127,3137 ****
--- 3218,3233 ----
d297 2
a298 2
*** 3141,3146 ****
--- 3237,3244 ----
d308 2
a309 2
*** 3152,3157 ****
--- 3250,3256 ----
d318 2
a319 2
*** 3167,3175 ****
--- 3266,3276 ----
d332 2
a333 2
*** 3389,3395 ****
--- 3490,3500 ----
d346 2
a347 2
*** 3410,3416 ****
--- 3515,3525 ----
@


1.10
log
@Add LOGIN_CAP abilities
Submitted by: davidn
@
text
@d1 2
a2 2
*** sshd.c.orig	Wed Oct 30 15:27:55 1996
--- sshd.c	Fri Jan 31 00:36:15 1997
d4 3
a6 3
*** 298,303 ****
--- 298,307 ----
  extern char *setlimits();
d17 2
a18 2
*** 2108,2113 ****
--- 2112,2127 ----
d36 2
a37 2
*** 2124,2129 ****
--- 2138,2152 ----
d54 1
a54 1
*** 2376,2382 ****
d62 1
a62 1
--- 2399,2412 ----
a67 1
!   char **tmpenv;
d77 3
a79 3
*** 2390,2395 ****
--- 2420,2426 ----
        if (pw->pw_uid != 0)
d87 1
a87 1
*** 2402,2408 ****
d95 1
a95 1
--- 2433,2440 ----
d105 2
a106 2
*** 2417,2422 ****
--- 2449,2455 ----
d110 1
a110 1
+ #endif /* HAVE_LOGIN_CAP_H */
d115 5
a119 5
*** 2474,2479 ****
--- 2507,2553 ----
        close(i);
      }
  
d121 12
a132 14
+   /* Save previous environment array
+    */
+   tmpenv = environ;
+   /* Initialize the new environment.
+    */
+   envsize = 64;
+   environ = env = xmalloc(envsize * sizeof(char *));
+   env[0] = NULL;
+ 
+   child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
+ 
+   /* Let it inherit timezone if we have one. */
+   if (getenv("TZ"))
+     child_set_env(&env, &envsize, "TZ", getenv("TZ"));
d135 2
a136 2
+   sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
+   child_set_env(&env, &envsize, "MAIL", buf);
d139 2
a140 2
+   sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
+   child_set_env(&env, &envsize, "MAIL", buf);
d144 33
a176 14
+   /* Set the user's login environment
+    */
+   if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
+     {
+       perror("setgid");
+       exit(1);
+     }
+   env = environ;
+   environ = tmpenv; /* Restore parent environment */
+   for (envsize = 0; env[envsize] != NULL; ++envsize)
+     ;
+   /* Reallocate this to what is expected */
+   envsize = (envsize < 100) ? 100 : envsize + 16;
+   env = xrealloc(env, envsize * sizeof(char *));
d178 9
a186 9
    /* At this point, this process should no longer be holding any confidential
       information, as changing uid below will permit the user to attach with
       a debugger on some machines. */
***************
*** 2514,2519 ****
--- 2588,2594 ----
  
    if (getuid() != user_uid || geteuid() != user_uid)
      fatal("Failed to set uids to %d.", (int)user_uid);
d188 2
a189 1
  
a190 1
       process. */
d192 2
a193 2
*** 2523,2538 ****
--- 2598,2621 ----
d199 1
d208 8
a215 4
    /* Set basic environment. */
    child_set_env(&env, &envsize, "USER", user_name);
    child_set_env(&env, &envsize, "LOGNAME", user_name);
    child_set_env(&env, &envsize, "HOME", user_dir);
d217 8
a224 10
+ #ifdef HAVE_LOGIN_CAP_H
+   login_close(lc);
+ #else /* !HAVE_LOGIN_CAP_H */
    child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
  
    /* Let it inherit timezone if we have one. */
***************
*** 2548,2553 ****
--- 2631,2637 ----
    child_set_env(&env, &envsize, "MAIL", buf);
d227 2
a228 2
+ #endif /* HAVE_LOGIN_CAP_H */
  
d230 1
a230 1
    /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
d232 19
a250 5
*** 2710,2716 ****
--- 2794,2804 ----
        /* Execute the shell. */
        argv[0] = buf;
        argv[1] = NULL;
d252 1
a252 1
+       execve(real_shell, argv, env);
d254 1
a254 1
        execve(shell, argv, env);
d256 3
a258 3
        /* Executing the shell failed. */
        perror(shell);
        exit(1);
d260 2
a261 2
*** 2722,2728 ****
--- 2810,2820 ----
@


1.9
log
@Remove my ptys patch, because this code is unused, openpty is used instead

Mimic login more closely now:
1) Put usual Copyright line
2) You have mail
@
text
@d1 2
a2 2
*** sshd.c.orig	Fri Oct  4 17:00:42 1996
--- sshd.c	Tue Nov 12 04:23:15 1996
d4 15
a18 2
*** 2083,2088 ****
--- 2083,2098 ----
d36 2
a37 2
*** 2099,2104 ****
--- 2109,2123 ----
d53 187
@


1.8
log
@Use BSD naming convention for pty names, it fixes two problems:
1) Too many false open syscalls on pty allocation
2) (more serious) ssh not use about half of available ptys
@
text
@d1 2
a2 2
*** pty.c.bak	Fri Oct  4 17:00:42 1996
--- pty.c	Tue Nov 12 03:00:54 1996
d4 24
a27 5
*** 306,314 ****
--- 306,319 ----
  #else			/* not SCO UNIX */
    char buf[64];
    int i;
d29 7
a35 6
+   const char *ptymajors = "pqrsPQRS";
+   const char *ptyminors = "0123456789abcdefghijklmnopqrstuv";
+ #else
    const char *ptymajors = 
      "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ";
    const char *ptyminors = "0123456789abcdef";
a36 2
    int num_minors = strlen(ptyminors);
    int num_ptys = strlen(ptymajors) * num_minors;
d38 2
@


1.7
log
@Use system shared libgmp now
@
text
@d1 2
a2 2
*** Makefile.in.orig	Fri Oct  4 17:00:43 1996
--- Makefile.in	Wed Oct 16 06:40:44 1996
d4 15
a18 2
*** 159,170 ****
  SHELL = /bin/sh
a19 61
  GMPDIR 		= gmp-2.0.2
! GMPLIBS 	= -L$(GMPDIR) -lgmp
! GMPDEP 		= $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
  
  ZLIBDIR		= zlib-1.0.3
! ZLIBDEP		= $(ZLIBDIR)/libz.a
! ZLIBLIBS	= -L$(ZLIBDIR) -lz
  
  RSAREFDIR	= rsaref2
  RSAREFSRCDIR 	= $(RSAREFDIR)/source
--- 159,174 ----
  SHELL = /bin/sh
  
  GMPDIR 		= gmp-2.0.2
! GMPINCDIR	= $(GMPDIR)
! GMPLIBDIR	= $(GMPDIR)
! GMPDEP		= $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
! GMPLIBS		= -L$(GMPLIBDIR) -lgmp
  
  ZLIBDIR		= zlib-1.0.3
! ZLIBINCDIR	= $(ZLIBDIR)
! ZLIBLIBDIR	= $(ZLIBDIR)
! ZLIBDEP		= $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a
! ZLIBLIBS	= -L$(ZLIBLIBDIR) -lz
  
  RSAREFDIR	= rsaref2
  RSAREFSRCDIR 	= $(RSAREFDIR)/source
***************
*** 248,254 ****
  	$(CC) -o rfc-pg rfc-pg.c
  
  .c.o:
! 	$(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
  
  sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
  	-rm -f sshd
--- 252,258 ----
  	$(CC) -o rfc-pg rfc-pg.c
  
  .c.o:
! 	$(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
  
  sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
  	-rm -f sshd
***************
*** 297,303 ****
  $(GMPDIR)/libgmp.a:
  	cd $(GMPDIR); $(MAKE)
  
! $(ZLIBDEP):
  	-if test '!' -d $(ZLIBDIR); then \
  	  mkdir $(ZLIBDIR); \
  	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
--- 301,307 ----
  $(GMPDIR)/libgmp.a:
  	cd $(GMPDIR); $(MAKE)
  
! $(ZLIBDIR)/libz.a:
  	-if test '!' -d $(ZLIBDIR); then \
  	  mkdir $(ZLIBDIR); \
  	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
@


1.6
log
@Upgrade to official 1.2.16
Fix PLIST
@
text
@@


1.5
log
@Back out andrews change - 1.2.14.1 is not an official ssh release.
@
text
@d1 67
a67 41
--- Makefile.in.orig	Thu Jun  6 19:39:35 1996
+++ Makefile.in	Fri Jun  7 11:58:02 1996
@@@@ -137,12 +137,16 @@@@
 SHELL = /bin/sh
 
 GMPDIR 		= gmp-1.3.2
-GMPLIBS 	= -L$(GMPDIR) -lgmp
-GMPDEP 		= $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
+GMPINCDIR	= $(GMPDIR)
+GMPLIBDIR	= $(GMPDIR)
+GMPDEP 		= $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
+GMPLIBS 	= -L$(GMPLIBDIR) -lgmp
 
 ZLIBDIR		= zlib095
-ZLIBDEP		= $(ZLIBDIR)/libz.a
-ZLIBLIBS	= -L$(ZLIBDIR) -lz
+ZLIBINCDIR	= $(ZLIBDIR)
+ZLIBLIBDIR	= $(ZLIBDIR)
+ZLIBDEP		= $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a
+ZLIBLIBS	= -L$(ZLIBLIBDIR) -lz
 
 RSAREFDIR	= rsaref2
 RSAREFSRCDIR 	= $(RSAREFDIR)/source
@@@@ -223,7 +227,7 @@@@
 	$(CC) -o rfc-pg rfc-pg.c
 
 .c.o:
-	$(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
+	$(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
 
 sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
 	-rm -f sshd
@@@@ -282,7 +286,7 @@@@
               CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(GMPDIR) \
 	       -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)"
 
-$(ZLIBDEP):
+$(ZLIBDIR)/libz.a:
 	-if test '!' -d $(ZLIBDIR); then \
 	  mkdir $(ZLIBDIR); \
 	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
@


1.4
log
@Upgrade to 1.2.14.1
Misc bugfixes
@
text
@d1 41
a41 67
*** Makefile.in.orig	Fri Jul 12 13:13:34 1996
--- Makefile.in	Tue Jul 16 02:45:04 1996
***************
*** 144,155 ****
  SHELL = /bin/sh
  
  GMPDIR 		= gmp-1.3.2
! GMPLIBS 	= -L$(GMPDIR) -lgmp
! GMPDEP 		= $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
  
  ZLIBDIR		= zlib-1.0.3
! ZLIBDEP		= $(ZLIBDIR)/libz.a
! ZLIBLIBS	= -L$(ZLIBDIR) -lz
  
  RSAREFDIR	= rsaref2
  RSAREFSRCDIR 	= $(RSAREFDIR)/source
--- 144,159 ----
  SHELL = /bin/sh
  
  GMPDIR 		= gmp-1.3.2
! GMPINCDIR	= $(GMPDIR)
! GMPLIBDIR	= $(GMPDIR)
! GMPLIBS		= -L$(GMPLIBDIR) -lgmp
! GMPDEP		= $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
  
  ZLIBDIR		= zlib-1.0.3
! ZLIBINCDIR	= $(ZLIBDIR)
! ZLIBLIBDIR	= $(ZLIBDIR)
! ZLIBDEP		= $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a
! ZLIBLIBS	= -L$(ZLIBLIBDIR) -lz
  
  RSAREFDIR	= rsaref2
  RSAREFSRCDIR 	= $(RSAREFDIR)/source
***************
*** 232,238 ****
  	$(CC) -o rfc-pg rfc-pg.c
  
  .c.o:
! 	$(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
  
  sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
  	-rm -f sshd
--- 236,242 ----
  	$(CC) -o rfc-pg rfc-pg.c
  
  .c.o:
! 	$(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
  
  sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
  	-rm -f sshd
***************
*** 291,297 ****
                CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(GMPDIR) \
  	       -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)"
  
! $(ZLIBDEP):
  	-if test '!' -d $(ZLIBDIR); then \
  	  mkdir $(ZLIBDIR); \
  	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
--- 295,301 ----
                CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(GMPDIR) \
  	       -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)"
  
! $(ZLIBDIR)/libz.a:
  	-if test '!' -d $(ZLIBDIR); then \
  	  mkdir $(ZLIBDIR); \
  	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
@


1.3
log
@Update ssh-1.2.13 -> ssh-1.2.14
ssh-askpass no longer uses wish, so chop the make rules that attempt to
locate it.
Go further to try and protect the ssh_host_key, since it's critical to
the operation and security of the machine.
@
text
@d1 67
a67 41
--- Makefile.in.orig	Thu Jun  6 19:39:35 1996
+++ Makefile.in	Fri Jun  7 11:58:02 1996
@@@@ -137,12 +137,16 @@@@
 SHELL = /bin/sh
 
 GMPDIR 		= gmp-1.3.2
-GMPLIBS 	= -L$(GMPDIR) -lgmp
-GMPDEP 		= $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
+GMPINCDIR	= $(GMPDIR)
+GMPLIBDIR	= $(GMPDIR)
+GMPDEP 		= $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
+GMPLIBS 	= -L$(GMPLIBDIR) -lgmp
 
 ZLIBDIR		= zlib095
-ZLIBDEP		= $(ZLIBDIR)/libz.a
-ZLIBLIBS	= -L$(ZLIBDIR) -lz
+ZLIBINCDIR	= $(ZLIBDIR)
+ZLIBLIBDIR	= $(ZLIBDIR)
+ZLIBDEP		= $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a
+ZLIBLIBS	= -L$(ZLIBLIBDIR) -lz
 
 RSAREFDIR	= rsaref2
 RSAREFSRCDIR 	= $(RSAREFDIR)/source
@@@@ -223,7 +227,7 @@@@
 	$(CC) -o rfc-pg rfc-pg.c
 
 .c.o:
-	$(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
+	$(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $<
 
 sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
 	-rm -f sshd
@@@@ -282,7 +286,7 @@@@
               CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(GMPDIR) \
 	       -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)"
 
-$(ZLIBDEP):
+$(ZLIBDIR)/libz.a:
 	-if test '!' -d $(ZLIBDIR); then \
 	  mkdir $(ZLIBDIR); \
 	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
@


1.2
log
@Fix patch typo.

Found by: Andrzej Tobola <san@@iem.pw.edu.pl>
@
text
@d1 41
a41 74
This patch has been submitted to the author, it allows one to disconnect
ssh from the supplied libgmp and libz.  The next patch (patch-ag) actually
uses these disconnect points to hook us into the system libraries.

The rationale for splitting them up was that the previous patch (patch-ae)
that these two patches replace was unmaintainable and overly drastic.

*** Makefile.in	Thu Jan 25 17:58:10 1996
--- Makefile.in	Mon Feb  5 18:36:09 1996
***************
*** 114,125 ****
  SHELL = /bin/sh
  
  GMPDIR 		= gmp-1.3.2
! GMPLIBS 	= -L$(GMPDIR) -lgmp
! GMPDEP 		= $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
  
  ZLIBDIR		= zlib095
! ZLIBDEP		= $(ZLIBDIR)/libz.a
! ZLIBLIBS	= -L$(ZLIBDIR) -lz
  
  RSAREFDIR	= rsaref2
  RSAREFSRCDIR 	= $(RSAREFDIR)/source
--- 114,129 ----
  SHELL = /bin/sh
  
  GMPDIR 		= gmp-1.3.2
! GMPINCDIR	= $(GMPDIR)
! GMPLIBDIR	= $(GMPDIR)
! GMPDEP 		= $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
! GMPLIBS 	= -L$(GMPLIBDIR) -lgmp
  
  ZLIBDIR		= zlib095
! ZLIBINCDIR	= $(ZLIBDIR)
! ZLIBLIBDIR	= $(ZLIBDIR)
! ZLIBDEP		= $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a
! ZLIBLIBS	= -L$(ZLIBLIBDIR) -lz
  
  RSAREFDIR	= rsaref2
  RSAREFSRCDIR 	= $(RSAREFDIR)/source
***************
*** 186,192 ****
  	$(CC) -o rfc-pg rfc-pg.c
  
  .c.o:
! 	$(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $<
  
  sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
  	-rm -f sshd
--- 190,196 ----
  	$(CC) -o rfc-pg rfc-pg.c
  
  .c.o:
! 	$(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DBINDIR=\"$(bindir)\" $(CFLAGS) $<
  
  sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
  	-rm -f sshd
***************
*** 247,253 ****
                CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(GMPDIR) \
  	       -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)"
  
! $(ZLIBDEP):
  	-if test '!' -d $(ZLIBDIR); then \
  	  mkdir $(ZLIBDIR); \
  	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
--- 251,257 ----
                CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(GMPDIR) \
  	       -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)"
  
! $(ZLIBDIR)/libz.a:
  	-if test '!' -d $(ZLIBDIR); then \
  	  mkdir $(ZLIBDIR); \
  	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
@


1.1
log
@Upgrade to snapshot of ssh.  1.1.12a was recalled due to even worse
security problems.

Also re-do the method we use for disconnecting ourselves from the supplied
gmp and z libraries so that this can be maintained in the future (sigh!).
@
text
@d36 1
a36 1
! ZLIBDEP		= $(ZLIBINCDIR)/libz.h $(ZLIBLIBDIR)/libz.a
@
