From 7b1120e5f5006ee5587ba15187b182040eb0ff5c Mon Sep 17 00:00:00 2001 From: zrj Date: Thu, 18 Apr 2019 12:35:16 +0300 Subject: [PATCH] Adjust makefiles for OpenSSH 8.0p1 update. Update pam_ssh module to use new sshkey api. The pkcs11 support explicitly disabled to avoid use of dlopen(). If security token/card support is needed it can be enabled back. This update brings several backwards compatibilty breakages. More in official release notes. --- crypto/openssh/README.DRAGONFLY | 16 +- lib/libpam/modules/pam_ssh/Makefile | 19 +- lib/libpam/modules/pam_ssh/pam_ssh.8 | 4 +- lib/libpam/modules/pam_ssh/pam_ssh.c | 29 ++- lib/libssh/Makefile | 84 +++---- lib/libssh/config.h | 342 ++++++++++++++++++++++----- libexec/sftp-server/Makefile | 6 +- libexec/ssh-keysign/Makefile | 5 +- libexec/ssh-pkcs11-helper/Makefile | 4 +- usr.bin/scp/Makefile | 4 +- usr.bin/sftp/Makefile | 6 +- usr.bin/ssh-agent/Makefile | 5 +- usr.bin/ssh/Makefile | 6 +- usr.sbin/sshd/Makefile | 40 ++-- usr.sbin/sshd/auth-passwd-freebsd.c | 33 --- 15 files changed, 405 insertions(+), 198 deletions(-) delete mode 100644 usr.sbin/sshd/auth-passwd-freebsd.c diff --git a/crypto/openssh/README.DRAGONFLY b/crypto/openssh/README.DRAGONFLY index e5f73d616b..34512c6d9c 100644 --- a/crypto/openssh/README.DRAGONFLY +++ b/crypto/openssh/README.DRAGONFLY @@ -11,14 +11,24 @@ sha1 = 756dbb99193f9541c9206a667eaa27b0fa184a4f A list of deleted files is in README.DELETED. -Upgrading notes: +Configured with +=============== ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-sandbox=rlimit --with-pam \ --with-libedit --without-ssl-engine --without-rpath \ --with-privsep-path=/var/empty --with-xauth=/usr/local/bin/xauth \ --disable-pkcs11 ac_cv_lib_dl_dlopen=no -Update config.h in lib/libssh. -Update version in sshd_config, sshd_config.5, version.h. +The following files have been patched (* planned) +================================================= + auth-pam.c WARNS, static sshpam_password_change_required() + platform.h pledge dummies + readconf.c disabled default password authentification + session.c WARNS, unused copy_environment() + WARNS, strdup(login_getcapstr()) (leak) + sshd_config PasswordAuthentication no + +NOTE: The configure script misdetects few things. +Update config.h and openbsd-compat in lib/libssh. Used in: lib/libssh/ diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile index 84704355f7..3d7bfc06b6 100644 --- a/lib/libpam/modules/pam_ssh/Makefile +++ b/lib/libpam/modules/pam_ssh/Makefile @@ -4,7 +4,24 @@ LIB= pam_ssh SRCS= pam_ssh.c MAN= pam_ssh.8 -WARNS?= 4 +WARNS?= 3 + +.if 0 +# Subset of libssh.a, needed to start ssh-agent and load keys. +.PATH: ${.CURDIR}/../../../../crypto/openssh +SRCS+= authfd.c authfile.c sshkey.c +# Support functions for three above. +SRCS+= addrmatch.c atomicio.c bitmap.c cleanup.c digest-openssl.c hash.c +SRCS+= fatal.c krl.c log.c match.c misc.c platform-misc.c verify.c +SRCS+= cipher.c cipher-chachapoly.c chacha.c poly1305.c ssh-dss.c ssh-rsa.c +SRCS+= ssh-ecdsa.c ssh-ed25519.c ed25519.c fe25519.c ge25519.c sc25519.c +SRCS+= sshbuf.c sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c +SRCS+= ssherr.c xmalloc.c +# Support functions from compat. +.PATH: ${.CURDIR}/../../../libssh/openbsd-compat +SRCS+= bcrypt_pbkdf.c bsd-signal.c port-net.c realpath.c +CFLAGS+= -I${.CURDIR}/../../../libssh +.endif LDADD= -lprivate_ssh -lprivate_crypto -lcrypt DPADD= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.8 b/lib/libpam/modules/pam_ssh/pam_ssh.8 index 86a356b422..d0f2096dcd 100644 --- a/lib/libpam/modules/pam_ssh/pam_ssh.8 +++ b/lib/libpam/modules/pam_ssh/pam_ssh.8 @@ -34,7 +34,7 @@ .\" .\" $FreeBSD: head/lib/libpam/modules/pam_ssh/pam_ssh.8 304635 2016-08-22 20:48:46Z roberto $ .\" -.Dd July 24, 2018 +.Dd April 20, 2019 .Dt PAM_SSH 8 .Os .Sh NAME @@ -129,8 +129,6 @@ authentication phase. .El .Sh FILES .Bl -tag -width ".Pa $HOME/.ssh/id_ed25519" -compact -.It Pa $HOME/.ssh/identity -SSH1 RSA key .It Pa $HOME/.ssh/id_rsa SSH2 RSA key .It Pa $HOME/.ssh/id_dsa diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.c b/lib/libpam/modules/pam_ssh/pam_ssh.c index 7618d36448..1045d95c2d 100644 --- a/lib/libpam/modules/pam_ssh/pam_ssh.c +++ b/lib/libpam/modules/pam_ssh/pam_ssh.c @@ -59,26 +59,24 @@ #include #define __bounded__(x, y, z) -#include "key.h" -#include "buffer.h" #include "authfd.h" #include "authfile.h" +#include "sshkey.h" #define ssh_add_identity(auth, key, comment) \ - ssh_add_identity_constrained(auth, key, comment, 0, 0) + ssh_add_identity_constrained(auth, key, comment, 0, 0, 0) extern char **environ; struct pam_ssh_key { - Key *key; - char *comment; + struct sshkey *key; + char *comment; }; static const char *pam_ssh_prompt = "SSH passphrase: "; static const char *pam_ssh_have_keys = "pam_ssh_have_keys"; static const char *pam_ssh_keyfiles[] = { - ".ssh/identity", /* SSH1 RSA key */ ".ssh/id_rsa", /* SSH2 RSA key */ ".ssh/id_dsa", /* SSH2 DSA key */ ".ssh/id_ecdsa", /* SSH2 ECDSA key */ @@ -102,9 +100,10 @@ pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase, int nullok) { struct pam_ssh_key *psk; + struct sshkey *key; char fn[PATH_MAX]; char *comment; - Key *key; + int ret; if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn)) return (NULL); @@ -117,21 +116,21 @@ pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase, * with an empty passphrase, and if the key is not encrypted, * accept only an empty passphrase. */ - key = key_load_private(fn, "", &comment); - if (key != NULL && !(*passphrase == '\0' && nullok)) { - key_free(key); + ret = sshkey_load_private(fn, "", &key, &comment); + if (ret == 0 && !(*passphrase == '\0' && nullok)) { + sshkey_free(key); return (NULL); } - if (key == NULL) - key = key_load_private(fn, passphrase, &comment); - if (key == NULL) { + if (ret != 0) + ret = sshkey_load_private(fn, passphrase, &key, &comment); + if (ret != 0) { openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn); return (NULL); } openpam_log(PAM_LOG_DEBUG, "loaded '%s' from %s", comment, fn); if ((psk = malloc(sizeof(*psk))) == NULL) { - key_free(key); + sshkey_free(key); free(comment); return (NULL); } @@ -150,7 +149,7 @@ pam_ssh_free_key(pam_handle_t *pamh __unused, struct pam_ssh_key *psk; psk = data; - key_free(psk->key); + sshkey_free(psk->key); free(psk->comment); free(psk); } diff --git a/lib/libssh/Makefile b/lib/libssh/Makefile index 796e3fa8dc..e4e4733fc4 100644 --- a/lib/libssh/Makefile +++ b/lib/libssh/Makefile @@ -2,48 +2,50 @@ LIB= private_ssh SHLIB_MAJOR= 4 PRIVATELIB= -SRCS= ssh_api.c \ - ssherr.c \ - sshbuf.c \ - sshkey.c \ - sshbuf-getput-basic.c \ - sshbuf-misc.c \ - sshbuf-getput-crypto.c \ - krl.c \ - bitmap.c -SRCS+= authfd.c authfile.c bufaux.c bufbn.c bufec.c buffer.c \ - canohost.c channels.c cipher.c \ - cleanup.c \ - compat.c crc32.c fatal.c hostfile.c \ - log.c match.c moduli.c nchan.c packet.c opacket.c \ - readpass.c ttymodes.c xmalloc.c addrmatch.c \ - atomicio.c key.c dispatch.c mac.c uidswap.c uuencode.c misc.c utf8.c \ - monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \ - msg.c progressmeter.c dns.c entropy.c umac.c umac128.c \ - ssh-pkcs11.c smult_curve25519_ref.c \ - poly1305.c chacha.c cipher-chachapoly.c \ - ssh-ed25519.c digest-openssl.c hmac.c \ - sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c \ - kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c \ - kexdhc.c kexgexc.c kexecdhc.c kexc25519c.c \ - kexdhs.c kexgexs.c kexecdhs.c kexc25519s.c \ - platform-pledge.c platform-tracing.c platform-misc.c -# Portability layer -SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c explicit_bzero.c \ - getrrsetbyname.c glob.c openssl-compat.c port-tun.c \ - realpath.c recallocarray.c timingsafe_bcmp.c - -# only when USE_BUILTIN_RIJNDAEL -#SRCS+= cipher-aes.c - -# only when GSSAPI -#SRCS+= gss-genr.c +SRCS= addrmatch.c atomicio.c authfd.c authfile.c bitmap.c canohost.c \ + chacha.c channels.c cipher.c cipher-chachapoly.c cleanup.c compat.c \ + dh.c digest-openssl.c dispatch.c dns.c entropy.c fatal.c \ + hash.c hmac.c hostfile.c \ + krl.c log.c mac.c match.c misc.c moduli.c monitor_fdpass.c msg.c \ + nchan.c packet.c platform-misc.c poly1305.c readpass.c \ + ssh_api.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c ssh-rsa.c \ + sshbuf.c sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c \ + ssherr.c sshkey.c ttymodes.c \ + umac.c umac128.c utf8.c uuencode.c verify.c xmalloc.c +SRCS+= ed25519.c fe25519.c ge25519.c sc25519.c smult_curve25519_ref.c +SRCS+= kex.c kexc25519.c kexdh.c kexecdh.c \ + kexgen.c kexgex.c kexgexc.c kexgexs.c \ + kexsntrup4591761x25519.c sntrup4591761.c + +# not implemented: platform-pledge.c platform-tracing.c +# only for scp/sftp: progressmeter.c +# disabled: ssh-pkcs11.c +# no GSSAPI: gss-genr.c +# no openssl: cipher-aes.c cipher-aesctr.c cipher-ctr.c crc32.c digest-libc.c rijndael.c +# no xmss: ssh-xmss.c sshkey-xmss.c xmss_commons.c xmss_fast.c xmss_hash.c +# xmss_hash_address.c xmss_wots.c -# only when !OPENSSL_HAVE_EVPCTR -#SRCS+= cipher-ctr.c - -# only when !HAVE_EVP_SHA256 -#SRCS+= md-sha256.c +# Portability layer +.PATH: ${.CURDIR}/openbsd-compat +SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c bsd-signal.c fmt_scaled.c \ + glob.c openssl-compat.c port-net.c realpath.c xcrypt.c +SRCS+= getrrsetbyname.c +# XXX needs to link libldns, use simple version for now +#SRCS+= getrrsetbyname-ldns.c + +# not needed compat: +# arc4random.c base64.c basename.c bindresvport.c bsd-asprintf.c +# bsd-closefrom.c bsd-cygwin_util.c bsd-err.c bsd-flock.c bsd-getline.c +# bsd-getpagesize.c bsd-getpeereid.c bsd-malloc.c bsd-nextstep.c bsd-openpty.c +# bsd-poll.c bsd-setres_id.c bsd-snprintf.c bsd-statvfs.c bsd-waitpid.c +# daemon.c dirname.c explicit_bzero.c fake-rfc2553.c freezero.c getcwd.c +# getgrouplist.c getopt_long.c inet_aton.c inet_ntoa.c inet_ntop.c +# kludge-fd_set.c libressl-api-compat.c md5.c mktemp.c +# port-aix.c port-irix.c port-linux.c port-solaris.c port-uw.c +# pwcache.c readpassphrase.c reallocarray.c recallocarray.c rmd160.c +# rresvport.c setenv.c setproctitle.c sha1.c sha2.c sigact.c +# strcasestr.c strlcat.c strlcpy.c strmode.c strndup.c strnlen.c strptime.c +# strsep.c strtoll.c strtonum.c strtoul.c strtoull.c timingsafe_bcmp.c vis.c MAN= moduli.5 diff --git a/lib/libssh/config.h b/lib/libssh/config.h index 3e76e7e92f..f5a154417c 100644 --- a/lib/libssh/config.h +++ b/lib/libssh/config.h @@ -1,6 +1,9 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + /* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address */ /* #undef AIX_GETNAMEINFO_HACK */ @@ -32,12 +35,6 @@ /* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ /* #undef BROKEN_INET_NTOA */ -/* ia_uinfo routines not supported by OS yet */ -/* #undef BROKEN_LIBIAF */ - -/* Ultrix mmap can't map files */ -/* #undef BROKEN_MMAP */ - /* Define if your struct dirent expects you to allocate extra space for d_name */ /* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */ @@ -76,7 +73,13 @@ /* Define if your snprintf is busted */ /* #undef BROKEN_SNPRINTF */ -/* missing VIS_ALL */ +/* strndup broken, see APAR IY61211 */ +/* #undef BROKEN_STRNDUP */ + +/* strnlen broken, see APAR IY62551 */ +/* #undef BROKEN_STRNLEN */ + +/* strnvis detected broken */ /* #undef BROKEN_STRNVIS */ /* tcgetattr with ICANON may hang */ @@ -131,7 +134,10 @@ #define DISABLE_WTMPX 1 /* Enable for PKCS#11 support */ -#define ENABLE_PKCS11 +/* #undef ENABLE_PKCS11 */ + +/* define if fflush(NULL) does not work */ +/* #undef FFLUSH_NULL_BUG */ /* File names may not contain backslash characters */ /* #undef FILESYSTEM_NO_BACKSLASH */ @@ -142,7 +148,7 @@ /* fsid_t has member __val */ /* #undef FSID_HAS___VAL */ -/* Define to 1 if the `getpgrp' function requires zero arguments. */ +/* getpgrp takes one arg */ #define GETPGRP_VOID 1 /* Conflicting defs for getspnam */ @@ -253,6 +259,12 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_BSTRING_H */ +/* Define to 1 if you have the `bzero' function. */ +#define HAVE_BZERO 1 + +/* calloc(0, x) returns NULL */ +#define HAVE_CALLOC 1 + /* Define to 1 if you have the `cap_rights_limit' function. */ /* #undef HAVE_CAP_RIGHTS_LIMIT */ @@ -297,6 +309,10 @@ don't. */ /* #undef HAVE_DECL_AUTHENTICATE */ +/* Define to 1 if you have the declaration of `bzero', and to 0 if you don't. + */ +#define HAVE_DECL_BZERO 1 + /* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you don't. */ #define HAVE_DECL_GLOB_NOMATCH 1 @@ -345,6 +361,10 @@ don't. */ /* #undef HAVE_DECL_PASSWDEXPIRED */ +/* Define to 1 if you have the declaration of `readv', and to 0 if you don't. + */ +#define HAVE_DECL_READV 1 + /* Define to 1 if you have the declaration of `setauthdb', and to 0 if you don't. */ /* #undef HAVE_DECL_SETAUTHDB */ @@ -374,6 +394,21 @@ /* Define if you have /dev/ptc */ /* #undef HAVE_DEV_PTS_AND_PTC */ +/* Define to 1 if you have the `DH_get0_key' function. */ +#define HAVE_DH_GET0_KEY 1 + +/* Define to 1 if you have the `DH_get0_pqg' function. */ +#define HAVE_DH_GET0_PQG 1 + +/* Define to 1 if you have the `DH_set0_key' function. */ +#define HAVE_DH_SET0_KEY 1 + +/* Define to 1 if you have the `DH_set0_pqg' function. */ +#define HAVE_DH_SET0_PQG 1 + +/* Define to 1 if you have the `DH_set_length' function. */ +#define HAVE_DH_SET_LENGTH 1 + /* Define to 1 if you have the header file. */ #define HAVE_DIRENT_H 1 @@ -386,6 +421,33 @@ /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ #define HAVE_DSA_GENERATE_PARAMETERS_EX 1 +/* Define to 1 if you have the `DSA_get0_key' function. */ +#define HAVE_DSA_GET0_KEY 1 + +/* Define to 1 if you have the `DSA_get0_pqg' function. */ +#define HAVE_DSA_GET0_PQG 1 + +/* Define to 1 if you have the `DSA_set0_key' function. */ +#define HAVE_DSA_SET0_KEY 1 + +/* Define to 1 if you have the `DSA_set0_pqg' function. */ +#define HAVE_DSA_SET0_PQG 1 + +/* Define to 1 if you have the `DSA_SIG_get0' function. */ +#define HAVE_DSA_SIG_GET0 1 + +/* Define to 1 if you have the `DSA_SIG_set0' function. */ +#define HAVE_DSA_SIG_SET0 1 + +/* Define to 1 if you have the `ECDSA_SIG_get0' function. */ +#define HAVE_ECDSA_SIG_GET0 1 + +/* Define to 1 if you have the `ECDSA_SIG_set0' function. */ +#define HAVE_ECDSA_SIG_SET0 1 + +/* Define to 1 if you have the `EC_KEY_METHOD_new' function. */ +#define HAVE_EC_KEY_METHOD_NEW 1 + /* Define to 1 if you have the header file. */ #define HAVE_ELF_H 1 @@ -413,9 +475,21 @@ /* Define if your system has /etc/default/login */ /* #undef HAVE_ETC_DEFAULT_LOGIN */ -/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ +/* Define to 1 if you have the `EVP_CIPHER_CTX_ctrl' function. */ #define HAVE_EVP_CIPHER_CTX_CTRL 1 +/* Define to 1 if you have the `EVP_CIPHER_CTX_get_iv' function. */ +#define HAVE_EVP_CIPHER_CTX_GET_IV 1 + +/* Define to 1 if you have the `EVP_CIPHER_CTX_iv' function. */ +/* #undef HAVE_EVP_CIPHER_CTX_IV */ + +/* Define to 1 if you have the `EVP_CIPHER_CTX_iv_noconst' function. */ +/* #undef HAVE_EVP_CIPHER_CTX_IV_NOCONST */ + +/* Define to 1 if you have the `EVP_CIPHER_CTX_set_iv' function. */ +#define HAVE_EVP_CIPHER_CTX_SET_IV 1 + /* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ #define HAVE_EVP_DIGESTFINAL_EX 1 @@ -428,9 +502,18 @@ /* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ #define HAVE_EVP_MD_CTX_COPY_EX 1 +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +#define HAVE_EVP_MD_CTX_FREE 1 + /* Define to 1 if you have the `EVP_MD_CTX_init' function. */ #define HAVE_EVP_MD_CTX_INIT 1 +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#define HAVE_EVP_MD_CTX_NEW 1 + +/* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */ +#define HAVE_EVP_PKEY_GET0_RSA 1 + /* Define to 1 if you have the `EVP_ripemd160' function. */ #define HAVE_EVP_RIPEMD160 1 @@ -441,14 +524,20 @@ /* #undef HAVE_EXIT_IN_UTMP */ /* Define to 1 if you have the `explicit_bzero' function. */ -/* #undef HAVE_EXPLICIT_BZERO */ +#define HAVE_EXPLICIT_BZERO 1 /* Define to 1 if you have the `fchmod' function. */ #define HAVE_FCHMOD 1 +/* Define to 1 if you have the `fchmodat' function. */ +#define HAVE_FCHMODAT 1 + /* Define to 1 if you have the `fchown' function. */ #define HAVE_FCHOWN 1 +/* Define to 1 if you have the `fchownat' function. */ +#define HAVE_FCHOWNAT 1 + /* Use F_CLOSEM fcntl for closefrom */ /* #undef HAVE_FCNTL_CLOSEM */ @@ -464,12 +553,18 @@ /* Define to 1 if you have the header file. */ #define HAVE_FLOATINGPOINT_H 1 +/* Define to 1 if you have the `flock' function. */ +#define HAVE_FLOCK 1 + /* Define to 1 if you have the `fmt_scaled' function. */ /* #undef HAVE_FMT_SCALED */ /* Define to 1 if you have the `freeaddrinfo' function. */ #define HAVE_FREEADDRINFO 1 +/* Define to 1 if you have the `freezero' function. */ +#define HAVE_FREEZERO 1 + /* Define to 1 if the system has the type `fsblkcnt_t'. */ #define HAVE_FSBLKCNT_T 1 @@ -509,6 +604,9 @@ /* Define to 1 if you have the `getlastlogxbyname' function. */ /* #undef HAVE_GETLASTLOGXBYNAME */ +/* Define to 1 if you have the `getline' function. */ +#define HAVE_GETLINE 1 + /* Define to 1 if you have the `getluid' function. */ /* #undef HAVE_GETLUID */ @@ -542,18 +640,21 @@ /* Define to 1 if you have the `getpwanam' function. */ /* #undef HAVE_GETPWANAM */ +/* Define to 1 if you have the `getrandom' function. */ +/* #undef HAVE_GETRANDOM */ + /* Define to 1 if you have the `getrlimit' function. */ #define HAVE_GETRLIMIT 1 /* Define if getrrsetbyname() exists */ /* #undef HAVE_GETRRSETBYNAME */ -/* Define to 1 if you have the `getrusage' function. */ -/* #undef HAVE_GETRUSAGE */ - /* Define to 1 if you have the `getseuserbyname' function. */ /* #undef HAVE_GETSEUSERBYNAME */ +/* Define to 1 if you have the `getsid' function. */ +#define HAVE_GETSID 1 + /* Define to 1 if you have the `gettimeofday' function. */ #define HAVE_GETTIMEOFDAY 1 @@ -635,6 +736,9 @@ /* Define if you have ut_id in utmpx.h */ #define HAVE_ID_IN_UTMPX 1 +/* Define to 1 if you have the header file. */ +#define HAVE_IFADDRS_H 1 + /* Define to 1 if you have the `inet_aton' function. */ #define HAVE_INET_ATON 1 @@ -696,7 +800,7 @@ /* #undef HAVE_LIBCRYPT */ /* Define to 1 if you have the `dl' library (-ldl). */ -#define HAVE_LIBDL 1 +/* #undef HAVE_LIBDL */ /* Define to 1 if you have the header file. */ #define HAVE_LIBGEN_H 1 @@ -737,6 +841,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_LINUX_SECCOMP_H */ +/* Define to 1 if you have the `llabs' function. */ +#define HAVE_LLABS 1 + /* Define to 1 if you have the header file. */ #define HAVE_LOCALE_H 1 @@ -767,6 +874,10 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_MAILLOCK_H */ +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#define HAVE_MALLOC 1 + /* Define to 1 if you have the `mblen' function. */ #define HAVE_MBLEN 1 @@ -791,9 +902,6 @@ /* Define to 1 if you have the `mkdtemp' function. */ #define HAVE_MKDTEMP 1 -/* Define to 1 if you have the `mmap' function. */ -#define HAVE_MMAP 1 - /* define if you have mode_t data type */ #define HAVE_MODE_T 1 @@ -810,7 +918,10 @@ /* #undef HAVE_NETGROUP_H */ /* Define to 1 if you have the header file. */ -#define HAVE_NET_IF_TUN_H 1 /* well, almost */ +/* #undef HAVE_NET_IF_TUN_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NET_ROUTE_H 1 /* Define if you are on NeXT */ /* #undef HAVE_NEXT */ @@ -837,8 +948,17 @@ /* Define to 1 if you have the `openpty' function. */ #define HAVE_OPENPTY 1 -/* Define if your ssl headers are included with #include */ -#define HAVE_OPENSSL 1 +/* as a macro */ +#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1 + +/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ +#define HAVE_OPENSSL_INIT_CRYPTO 1 + +/* Define to 1 if you have the `OpenSSL_version' function. */ +#define HAVE_OPENSSL_VERSION 1 + +/* Define to 1 if you have the `OpenSSL_version_num' function. */ +#define HAVE_OPENSSL_VERSION_NUM 1 /* Define if you have Digital Unix Security Integration Architecture */ /* #undef HAVE_OSF_SIA */ @@ -894,23 +1014,33 @@ /* Define to 1 if you have the `pututxline' function. */ #define HAVE_PUTUTXLINE 1 +/* Define to 1 if you have the `raise' function. */ +#define HAVE_RAISE 1 + /* Define to 1 if you have the `readpassphrase' function. */ #define HAVE_READPASSPHRASE 1 /* Define to 1 if you have the header file. */ #define HAVE_READPASSPHRASE_H 1 +/* Define to 1 if your system has a GNU libc compatible `realloc' function, + and to 0 otherwise. */ +#define HAVE_REALLOC 1 + /* Define to 1 if you have the `reallocarray' function. */ #define HAVE_REALLOCARRAY 1 /* Define to 1 if you have the `realpath' function. */ #define HAVE_REALPATH 1 +/* Define to 1 if you have the `recallocarray' function. */ +#define HAVE_RECALLOCARRAY 1 + /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 /* sys/resource.h has RLIMIT_NPROC */ -#define HAVE_RLIMIT_NPROC +#define HAVE_RLIMIT_NPROC /**/ /* Define to 1 if you have the header file. */ #define HAVE_RPC_TYPES_H 1 @@ -921,9 +1051,48 @@ /* Define to 1 if you have the `RSA_generate_key_ex' function. */ #define HAVE_RSA_GENERATE_KEY_EX 1 +/* Define to 1 if you have the `RSA_get0_crt_params' function. */ +#define HAVE_RSA_GET0_CRT_PARAMS 1 + +/* Define to 1 if you have the `RSA_get0_factors' function. */ +#define HAVE_RSA_GET0_FACTORS 1 + +/* Define to 1 if you have the `RSA_get0_key' function. */ +#define HAVE_RSA_GET0_KEY 1 + /* Define to 1 if you have the `RSA_get_default_method' function. */ #define HAVE_RSA_GET_DEFAULT_METHOD 1 +/* Define to 1 if you have the `RSA_meth_dup' function. */ +#define HAVE_RSA_METH_DUP 1 + +/* Define to 1 if you have the `RSA_meth_free' function. */ +#define HAVE_RSA_METH_FREE 1 + +/* Define to 1 if you have the `RSA_meth_get_finish' function. */ +#define HAVE_RSA_METH_GET_FINISH 1 + +/* Define to 1 if you have the `RSA_meth_set1_name' function. */ +#define HAVE_RSA_METH_SET1_NAME 1 + +/* Define to 1 if you have the `RSA_meth_set_finish' function. */ +#define HAVE_RSA_METH_SET_FINISH 1 + +/* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */ +#define HAVE_RSA_METH_SET_PRIV_DEC 1 + +/* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */ +#define HAVE_RSA_METH_SET_PRIV_ENC 1 + +/* Define to 1 if you have the `RSA_set0_crt_params' function. */ +#define HAVE_RSA_SET0_CRT_PARAMS 1 + +/* Define to 1 if you have the `RSA_set0_factors' function. */ +#define HAVE_RSA_SET0_FACTORS 1 + +/* Define to 1 if you have the `RSA_set0_key' function. */ +#define HAVE_RSA_SET0_KEY 1 + /* Define to 1 if you have the header file. */ /* #undef HAVE_SANDBOX_H */ @@ -1074,6 +1243,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 +/* Define to 1 if you have the `strcasestr' function. */ +#define HAVE_STRCASESTR 1 + /* Define to 1 if you have the `strdup' function. */ #define HAVE_STRDUP 1 @@ -1101,6 +1273,9 @@ /* Define to 1 if you have the `strmode' function. */ #define HAVE_STRMODE 1 +/* Define to 1 if you have the `strndup' function. */ +#define HAVE_STRNDUP 1 + /* Define to 1 if you have the `strnlen' function. */ #define HAVE_STRNLEN 1 @@ -1113,6 +1288,9 @@ /* Define to 1 if you have the `strsep' function. */ #define HAVE_STRSEP 1 +/* Define to 1 if you have the `strsignal' function. */ +#define HAVE_STRSIGNAL 1 + /* Define to 1 if you have the `strtoll' function. */ #define HAVE_STRTOLL 1 @@ -1131,30 +1309,39 @@ /* define if you have struct in6_addr data type */ #define HAVE_STRUCT_IN6_ADDR 1 -/* Define to 1 if `pw_change' is member of `struct passwd'. */ +/* Define to 1 if `pw_change' is a member of `struct passwd'. */ #define HAVE_STRUCT_PASSWD_PW_CHANGE 1 -/* Define to 1 if `pw_class' is member of `struct passwd'. */ +/* Define to 1 if `pw_class' is a member of `struct passwd'. */ #define HAVE_STRUCT_PASSWD_PW_CLASS 1 -/* Define to 1 if `pw_expire' is member of `struct passwd'. */ +/* Define to 1 if `pw_expire' is a member of `struct passwd'. */ #define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 -/* Define to 1 if `pw_gecos' is member of `struct passwd'. */ +/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ #define HAVE_STRUCT_PASSWD_PW_GECOS 1 /* define if you have struct sockaddr_in6 data type */ #define HAVE_STRUCT_SOCKADDR_IN6 1 -/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */ +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ #define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 /* define if you have struct sockaddr_storage data type */ #define HAVE_STRUCT_SOCKADDR_STORAGE 1 -/* Define to 1 if `st_blksize' is member of `struct stat'. */ +/* Define to 1 if `f_flags' is a member of `struct statfs'. */ +/* #undef HAVE_STRUCT_STATFS_F_FLAGS */ + +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ #define HAVE_STRUCT_STAT_ST_BLKSIZE 1 +/* Define to 1 if `st_mtim' is a member of `struct stat'. */ +#define HAVE_STRUCT_STAT_ST_MTIM 1 + +/* Define to 1 if `st_mtime' is a member of `struct stat'. */ +#define HAVE_STRUCT_STAT_ST_MTIME 1 + /* Define to 1 if the system has the type `struct timespec'. */ #define HAVE_STRUCT_TIMESPEC 1 @@ -1179,8 +1366,8 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_BSDTTY_H */ -/* Define to 1 if you have the header file. */ -/* #undef HAVE_SYS_CAPABILITY_H */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_CAPSICUM_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_CDEFS_H 1 @@ -1191,6 +1378,12 @@ /* Define if your system defines sys_errlist[] */ #define HAVE_SYS_ERRLIST 1 +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_FILE_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_LABEL_H */ + /* Define to 1 if you have the header file. */ #define HAVE_SYS_MMAN_H 1 @@ -1215,6 +1408,12 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_PTMS_H */ +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_PTRACE_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_RANDOM_H 1 + /* Define to 1 if you have the header file. */ #define HAVE_SYS_SELECT_H 1 @@ -1233,6 +1432,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_STRTIO_H */ +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SYSCTL_H 1 + /* Force use of sys/syslog.h on Ultrix */ /* #undef HAVE_SYS_SYSLOG_H */ @@ -1251,6 +1453,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_SYS_UN_H 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_VFS_H */ + /* Define to 1 if you have the `tcgetpgrp' function. */ #define HAVE_TCGETPGRP 1 @@ -1270,7 +1475,7 @@ /* #undef HAVE_TIME_IN_UTMPX */ /* Define to 1 if you have the `timingsafe_bcmp' function. */ -/* #undef HAVE_TIMINGSAFE_BCMP */ +#define HAVE_TIMINGSAFE_BCMP 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_TMPDIR_H */ @@ -1329,6 +1534,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_UTIL_H 1 +/* Define to 1 if you have the `utimensat' function. */ +#define HAVE_UTIMENSAT 1 + /* Define to 1 if you have the `utimes' function. */ #define HAVE_UTIMES 1 @@ -1448,7 +1656,7 @@ /* #undef LLONG_MIN */ /* Account locked with pw(1) */ -/* #undef LOCKED_PASSWD_PREFIX */ +#define LOCKED_PASSWD_PREFIX "*LOCKED*" /* String used in /etc/passwd to denote locked account */ /* #undef LOCKED_PASSWD_STRING */ @@ -1456,31 +1664,21 @@ /* String used in /etc/passwd to denote locked account */ /* #undef LOCKED_PASSWD_SUBSTR */ -/* Some versions of /bin/login need the TERM supplied on the commandline */ -/* #undef LOGIN_NEEDS_TERM */ - /* Some systems need a utmpx entry for /bin/login to work */ /* #undef LOGIN_NEEDS_UTMPX */ -/* Define if your login program cannot handle end of options ("--") */ -/* #undef LOGIN_NO_ENDOPT */ - -/* If your header files don't define LOGIN_PROGRAM, then use this (detected) - from environment and PATH */ -#define LOGIN_PROGRAM_FALLBACK "/usr/bin/login" - /* Set this to your mail directory if you do not have _PATH_MAILDIR */ /* #undef MAIL_DIRECTORY */ /* Need setpgrp to acquire controlling tty */ /* #undef NEED_SETPGRP */ +/* compiler does not accept __attribute__ on prototype args */ +/* #undef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS */ + /* compiler does not accept __attribute__ on return types */ /* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */ -/* Define if you don't want to use lastlog in session.c */ -/* #undef NO_SSH_LASTLOG */ - /* Define to disable UID restoration test */ /* #undef NO_UID_RESTORATION_TEST */ @@ -1526,6 +1724,9 @@ /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "openssh" +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + /* Define to the version of this package. */ #define PACKAGE_VERSION "Portable" @@ -1573,7 +1774,7 @@ /* #undef SANDBOX_SKIP_RLIMIT_FSIZE */ /* define if setrlimit RLIMIT_NOFILE breaks things */ -/* #undef SANDBOX_SKIP_RLIMIT_NOFILE */ +#define SANDBOX_SKIP_RLIMIT_NOFILE 1 /* Sandbox using Solaris/Illumos privileges */ /* #undef SANDBOX_SOLARIS */ @@ -1599,12 +1800,6 @@ /* The size of `short int', as computed by sizeof. */ #define SIZEOF_SHORT_INT 2 -/* Define if you want S/Key support */ -/* #undef SKEY */ - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -/* #undef SKEYCHALLENGE_4ARG */ - /* Define as const if snprintf() can declare const char *fmt */ #define SNPRINTF_CONST const @@ -1615,6 +1810,9 @@ /* Define if sshd somehow reacquires a controlling TTY after setsid() */ /* #undef SSHD_ACQUIRES_CTTY */ +/* sshd PAM service name */ +/* #undef SSHD_PAM_SERVICE */ + /* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ /* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */ @@ -1654,6 +1852,9 @@ /* syslog_r function is safe to use in in a signal handler */ /* #undef SYSLOG_R_SAFE_IN_SIGHAND */ +/* Support routing domains using Linux VRF */ +/* #undef SYS_RDOMAIN_LINUX */ + /* Support passwords > 8 chars */ /* #undef UNIXWARE_LONG_PASSWORDS */ @@ -1699,7 +1900,7 @@ /* Define if you want to enable AIX4's authenticate function */ /* #undef WITH_AIXAUTHENTICATE */ -/* Define if you have/want arrays (cluster-wide session managment, not C +/* Define if you have/want arrays (cluster-wide session management, not C arrays) */ /* #undef WITH_IRIX_ARRAY */ @@ -1718,15 +1919,27 @@ /* Define if you want SELinux support. */ /* #undef WITH_SELINUX */ -/* include SSH protocol version 1 support */ -/* #undef WITH_SSH1 */ - -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -/* #undef WORDS_BIGENDIAN */ +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif /* Define if xauth is found in your path */ -/* #undef XAUTH_PATH */ +#ifndef XAUTH_PATH +#define XAUTH_PATH "/usr/local/bin/xauth" +#endif + +/* Enable large inode numbers on Mac OS X 10.5. */ +#ifndef _DARWIN_USE_64_BIT_INODE +# define _DARWIN_USE_64_BIT_INODE 1 +#endif /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ @@ -1746,11 +1959,20 @@ /* Define if we don't have struct __res_state in resolv.h */ /* #undef __res_state */ +/* Define to rpl_calloc if the replacement function should be used. */ +/* #undef calloc */ + /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus /* #undef inline */ #endif +/* Define to rpl_malloc if the replacement function should be used. */ +/* #undef malloc */ + +/* Define to rpl_realloc if the replacement function should be used. */ +/* #undef realloc */ + /* type to use in place of socklen_t if not defined */ /* #undef socklen_t */ diff --git a/libexec/sftp-server/Makefile b/libexec/sftp-server/Makefile index 5276badc71..15ca5127b5 100644 --- a/libexec/sftp-server/Makefile +++ b/libexec/sftp-server/Makefile @@ -1,12 +1,10 @@ # $FreeBSD: src/secure/libexec/sftp-server/Makefile,v 1.1.2.3 2002/07/03 22:13:22 des Exp $ PROG= sftp-server -SRCS= sftp-server.c sftp-common.c sftp-server-main.c +SRCS= sftp-server.c +SRCS+= sftp-common.c sftp-server-main.c MAN= sftp-server.8 WARNS?= 3 -# Portability layer -SRCS+= fmt_scaled.c - .include "../../Makefile.ssh.common" .include diff --git a/libexec/ssh-keysign/Makefile b/libexec/ssh-keysign/Makefile index 9787a6a0ac..0fbb89f383 100644 --- a/libexec/ssh-keysign/Makefile +++ b/libexec/ssh-keysign/Makefile @@ -1,9 +1,8 @@ # $FreeBSD: src/secure/libexec/ssh-keysign/Makefile,v 1.1.2.2 2003/02/03 17:31:12 des Exp $ -# $DragonFly: src/secure/libexec/ssh-keysign/Makefile,v 1.5 2008/04/07 01:20:18 pavalos Exp $ PROG= ssh-keysign -SRCS= ssh-keysign.c readconf.c -SRCS+= fmt_scaled.c +SRCS= ssh-keysign.c +SRCS+= readconf.c uidswap.c MAN= ssh-keysign.8 .if defined(ENABLE_SUID_SSH) BINMODE=4511 diff --git a/libexec/ssh-pkcs11-helper/Makefile b/libexec/ssh-pkcs11-helper/Makefile index 3179e34a62..540ea39889 100644 --- a/libexec/ssh-pkcs11-helper/Makefile +++ b/libexec/ssh-pkcs11-helper/Makefile @@ -1,5 +1,7 @@ PROG= ssh-pkcs11-helper -SRCS= ssh-pkcs11-helper.c ssh-pkcs11.c +SRCS= ssh-pkcs11-helper.c +# disabled: +#SRCS+= ssh-pkcs11.c MAN= ssh-pkcs11-helper.8 WARNS= 3 diff --git a/usr.bin/scp/Makefile b/usr.bin/scp/Makefile index 7fc111e14d..2a40ff5466 100644 --- a/usr.bin/scp/Makefile +++ b/usr.bin/scp/Makefile @@ -1,8 +1,8 @@ # $FreeBSD: src/secure/usr.bin/scp/Makefile,v 1.2.2.3 2002/07/03 22:20:29 des Exp $ -# $DragonFly: src/secure/usr.bin/scp/Makefile,v 1.3 2004/07/31 19:03:01 geekgod Exp $ PROG= scp -SRCS= scp.c progressmeter.c bufaux.c +SRCS= scp.c +SRCS+= progressmeter.c WARNS?= 3 .include "../../Makefile.ssh.common" diff --git a/usr.bin/sftp/Makefile b/usr.bin/sftp/Makefile index cca4efd6e6..743ce81362 100644 --- a/usr.bin/sftp/Makefile +++ b/usr.bin/sftp/Makefile @@ -1,12 +1,10 @@ # $FreeBSD: src/secure/usr.bin/sftp/Makefile,v 1.1.2.3 2002/07/03 22:20:30 des Exp $ PROG= sftp -SRCS= progressmeter.c sftp.c sftp-client.c sftp-common.c sftp-glob.c +SRCS= sftp.c +SRCS+= progressmeter.c sftp-client.c sftp-common.c sftp-glob.c WARNS?= 3 -# Portability layer -SRCS+= fmt_scaled.c - DPADD+= ${LIBEDIT} ${LIBNCURSES} LDADD+= -lprivate_edit -lprivate_ncurses # LDFLAGS is set to same value by Makefile.ssh.common so avoid duplication diff --git a/usr.bin/ssh-agent/Makefile b/usr.bin/ssh-agent/Makefile index 5142114735..dc731fbe95 100644 --- a/usr.bin/ssh-agent/Makefile +++ b/usr.bin/ssh-agent/Makefile @@ -1,9 +1,10 @@ # $FreeBSD: src/secure/usr.bin/ssh-agent/Makefile,v 1.2.2.3 2002/07/03 22:20:31 des Exp $ -# $DragonFly: src/secure/usr.bin/ssh-agent/Makefile,v 1.4 2008/04/07 01:20:18 pavalos Exp $ PROG= ssh-agent -SRCS= ssh-agent.c ssh-pkcs11-client.c +SRCS= ssh-agent.c WARNS?= 3 +# not needed: ssh-pkcs11-client.c + .include "../../Makefile.ssh.common" .include diff --git a/usr.bin/ssh/Makefile b/usr.bin/ssh/Makefile index f86d0c713f..54333f35da 100644 --- a/usr.bin/ssh/Makefile +++ b/usr.bin/ssh/Makefile @@ -6,9 +6,9 @@ MAN= ssh.1 ssh_config.5 MLINKS= ssh.1 slogin.1 WARNS?= 2 -SRCS= ssh.c readconf.c clientloop.c sshtty.c \ - sshconnect.c sshconnect2.c mux.c -SRCS+= fmt_scaled.c +SRCS= ssh.c +SRCS+= clientloop.c mux.c readconf.c \ + sshconnect.c sshconnect2.c sshtty.c .include "../../Makefile.ssh.common" .include diff --git a/usr.sbin/sshd/Makefile b/usr.sbin/sshd/Makefile index 3172656619..fd0b272688 100644 --- a/usr.sbin/sshd/Makefile +++ b/usr.sbin/sshd/Makefile @@ -1,32 +1,26 @@ -# $FreeBSD: src/secure/usr.sbin/sshd/Makefile,v 1.5.2.9 2003/02/03 17:31:12 des Exp $ - PROG= sshd -SRCS= sshd.c auth-rhosts.c auth-passwd.c \ - audit.c audit-bsm.c platform.c \ - sshpty.c sshlogin.c servconf.c serverloop.c \ - auth.c auth2.c auth-options.c session.c \ - auth2-chall.c groupaccess.c \ - auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ - auth2-none.c auth2-passwd.c auth2-pubkey.c \ - monitor.c monitor_wrap.c auth-krb5.c \ - auth2-gss.c gss-serv.c gss-serv-krb5.c \ - loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ - sftp-server.c sftp-common.c \ - sandbox-rlimit.c +SRCS= sshd.c + +.PATH: ${.CURDIR}/../../crypto/openssh +SRCS+= auth.c auth-options.c auth-pam.c auth-passwd.c auth-rhosts.c \ + auth2.c auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c \ + auth2-passwd.c auth2-pubkey.c groupaccess.c loginrec.c \ + monitor.c monitor_wrap.c platform.c \ + sandbox-rlimit.c servconf.c serverloop.c session.c \ + sftp-common.c sftp-server.c sshlogin.c sshpty.c uidswap.c + +# not needed: +# audit-bsm.c audit-linux.c audit.c auth-bsdauth.c auth-krb5.c auth-shadow.c auth-sia.c +# auth2-gss.c gss-serv-krb5.c gss-serv.c md5crypt.c +# sandbox-capsicum.c sandbox-darwin.c sandbox-null.c sandbox-pledge.c +# sandbox-seccomp-filter.c sandbox-solaris.c sandbox-systrace.c WARNS?= 3 -# Portability layer -SRCS+= fmt_scaled.c MAN= sshd.8 sshd_config.5 -# Passwd routine -SRCS+= auth-passwd-freebsd.c -CFLAGS+=-DCUSTOM_SYS_AUTH_PASSWD - -# Flags for PAM -CFLAGS+=-DUSE_PAM -DHAVE_SECURITY_PAM_APPL_H \ - -DHAVE_PAM_GETENVLIST -DHAVE_PAM_PUTENV +CFLAGS+= -DUSE_PAM +#CFLAGS+= -DHAVE_SECURITY_PAM_APPL_H -DHAVE_PAM_GETENVLIST -DHAVE_PAM_PUTENV LDADD+= -lopie DPADD+= ${LIBOPIE} diff --git a/usr.sbin/sshd/auth-passwd-freebsd.c b/usr.sbin/sshd/auth-passwd-freebsd.c deleted file mode 100644 index eb966d6f3f..0000000000 --- a/usr.sbin/sshd/auth-passwd-freebsd.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * $DragonFly: src/secure/usr.sbin/sshd/auth-passwd-freebsd.c,v 1.2 2006/09/28 18:42:50 corecode Exp $ - */ - -#include -#include - -#include "buffer.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" - -int -sys_auth_passwd(Authctxt *authctxt, const char *password) -{ - struct passwd *pw = authctxt->pw; - char *encrypted_password; - char *pw_password = pw->pw_passwd; - - /* Check for users with no password. */ - if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) - return (1); - - /* Encrypt the candidate password using the proper salt. */ - encrypted_password = crypt(password, - (pw_password[0] && pw_password[1]) ? pw_password : "xx"); - - /* - * Authentication is accepted if the encrypted passwords - * are identical. - */ - return (strcmp(encrypted_password, pw_password) == 0); -} -- 2.41.0