pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/openssh nb5: Rework Interix support, based o...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/d0e92864f868
branches:  trunk
changeset: 490373:d0e92864f868
user:      tv <tv%pkgsrc.org@localhost>
date:      Mon Mar 07 23:29:49 2005 +0000

description:
nb5:  Rework Interix support, based on work done by Interop Systems
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.

sshd now works.  Most permissions checks work properly.  Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).

diffstat:

 security/openssh/MESSAGE.Interix  |   20 +++++++
 security/openssh/Makefile         |   28 +++++++--
 security/openssh/distinfo         |   40 +++++++------
 security/openssh/patches/patch-aa |   44 ++++++++++++--
 security/openssh/patches/patch-ab |   21 ++++--
 security/openssh/patches/patch-ac |   33 ++++++++++-
 security/openssh/patches/patch-ad |   15 ++++-
 security/openssh/patches/patch-ae |   32 ++++------
 security/openssh/patches/patch-af |   37 ++++++++----
 security/openssh/patches/patch-ag |   26 ++++----
 security/openssh/patches/patch-ai |   28 +++-----
 security/openssh/patches/patch-aj |   67 +++++++++-------------
 security/openssh/patches/patch-ak |   61 +++++++++-----------
 security/openssh/patches/patch-al |   41 ++++++++------
 security/openssh/patches/patch-am |   24 ++++----
 security/openssh/patches/patch-an |   83 +++++++++++-----------------
 security/openssh/patches/patch-ao |  108 ++++++++++++++++++++++++++++---------
 security/openssh/patches/patch-ap |   29 ++++-----
 security/openssh/patches/patch-aq |   31 +++++++---
 security/openssh/patches/patch-ar |   70 ++++++++++++++++--------
 security/openssh/patches/patch-as |   20 +++++++
 security/openssh/patches/patch-at |   16 +++++
 security/openssh/patches/patch-au |   22 +++++++
 security/openssh/patches/patch-av |   56 +++++++++++++++++++
 24 files changed, 614 insertions(+), 338 deletions(-)

diffs (truncated from 1191 to 300 lines):

diff -r fb11f42dfa46 -r d0e92864f868 security/openssh/MESSAGE.Interix
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/openssh/MESSAGE.Interix  Mon Mar 07 23:29:49 2005 +0000
@@ -0,0 +1,20 @@
+===========================================================================
+$NetBSD: MESSAGE.Interix,v 1.1 2005/03/07 23:29:49 tv Exp $
+
+OpenSSH on Interix has some important caveats:
+
+* Hostname resolution uses the BIND resolver library rather than Windows
+  native lookup services.  This requires that /etc/resolv.conf be set up
+  properly with a "nameserver" line; see resolv.conf(5).  In most
+  installations, this was generated automatically when Services for UNIX
+  was installed (based on the name server in use at that time).
+
+* Currently, UsePrivilegeSeparation does not work properly, so it defaults
+  to "no" on Interix.
+
+* Network drives and encrypted local files may not be accessible after
+  logging in through sshd thanks to the way the Windows security API works.
+  A workaround is to "exec su USERNAME" after logging in, which will use
+  the password to create a proper Windows access credential key.
+
+===========================================================================
diff -r fb11f42dfa46 -r d0e92864f868 security/openssh/Makefile
--- a/security/openssh/Makefile Mon Mar 07 22:21:15 2005 +0000
+++ b/security/openssh/Makefile Mon Mar 07 23:29:49 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.146 2004/12/28 02:47:49 reed Exp $
+# $NetBSD: Makefile,v 1.147 2005/03/07 23:29:49 tv Exp $
 
 DISTNAME=              openssh-3.9p1
 PKGNAME=               openssh-3.9.1
-PKGREVISION=           4
+PKGREVISION=           5
 SVR4_PKGNAME=          ossh
 CATEGORIES=            security
 MASTER_SITES=          ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
@@ -34,11 +34,26 @@
 
 INSTALL_TARGET=                install-nokeys
 PLIST_SRC=             # empty
+
+.if ${OPSYS} == "Interix"
+
+# normal MESSAGE does not apply, as privsep is not in use
+MESSAGE_SRC=           ${.CURDIR}/MESSAGE.Interix
+BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind /usr/local/lib/bind
+CONFIGURE_ENV+=                ac_cv_func_openpty=no
+CONFIGURE_ENV+=                ac_cv_type_struct_timespec=yes
+CPPFLAGS+=             -I/usr/local/include/bind
+LDFLAGS+=              -L/usr/local/lib/bind
+LIBS+=                 -lbind -ldb -lcrypt
+
+.else # not Interix
+
 MESSAGE_SRC=           ${.CURDIR}/MESSAGE
-
 PKG_USERS=             ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN}
 PKG_GROUPS=             ${OPENSSH_GROUP}:${OPENSSH_GID}
 
+.endif
+
 SSH_PID_DIR=           ${VARBASE}/run  # default directory for PID files
 
 PKG_SYSCONFSUBDIR=     ssh
@@ -55,8 +70,11 @@
 CONFIGURE_ARGS+=       --with-pid-dir=${SSH_PID_DIR}
 CONFIGURE_ARGS+=       --with-ssl-dir=${SSLBASE}
 CONFIGURE_ARGS+=       --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
+
+.if ${OPSYS} != "Interix"
 CONFIGURE_ARGS+=       --with-privsep-path=${OPENSSH_CHROOT}
 CONFIGURE_ARGS+=       --with-privsep-user=${OPENSSH_USER}
+.endif
 
 # the openssh configure script finds and uses ${LD} if defined and
 # defaults to ${CC} if not. we override LD here, since running the
@@ -64,10 +82,6 @@
 #
 CONFIGURE_ENV+=                LD=${CC:Q}
 
-.if ${OPSYS} == "Interix"
-CONFIGURE_ENV+=                ac_cv_type_struct_timespec=yes
-.endif
-
 # Enable S/Key support on NetBSD, Darwin, and Solaris.
 .if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
 .  include "../../security/skey/buildlink3.mk"
diff -r fb11f42dfa46 -r d0e92864f868 security/openssh/distinfo
--- a/security/openssh/distinfo Mon Mar 07 22:21:15 2005 +0000
+++ b/security/openssh/distinfo Mon Mar 07 23:29:49 2005 +0000
@@ -1,25 +1,29 @@
-$NetBSD: distinfo,v 1.38 2005/02/24 13:10:08 agc Exp $
+$NetBSD: distinfo,v 1.39 2005/03/07 23:29:49 tv Exp $
 
 SHA1 (openssh-3.9p1.tar.gz) = 80b19d83a9d4717f5c38b2d950501e1471f60afc
 RMD160 (openssh-3.9p1.tar.gz) = e4abf280a18e3ae046d0dee19dab919bba8e5568
 Size (openssh-3.9p1.tar.gz) = 854027 bytes
 SHA1 (openssh-3.9p1-hpn.diff) = 1821c590b9b5effa3750ebf0166fe3f22d00faad
 Size (openssh-3.9p1-hpn.diff) = 8387 bytes
-SHA1 (patch-aa) = 5d0b1cf5cf92e0d314e6458b225074a73f35f857
-SHA1 (patch-ab) = 662440f96d38e43b0c8de7bef260f82d8b7ab737
-SHA1 (patch-ac) = 3ad72f42b066ef1f48e276bccd438da2d6fde980
-SHA1 (patch-ad) = 6a0c4edd2217f22f7c9622fb38124287e93c5fc8
-SHA1 (patch-ae) = fece020b1c2432f4ac5b62104be808aa3f70ea22
-SHA1 (patch-af) = 444fadaafdb45adc1008cbf106cd28c075700616
-SHA1 (patch-ag) = d0c93842739da39b588acdb0449a2562e05497d3
+SHA1 (patch-aa) = 6bceb5b0480727c6c4e0cf662fa85cffebf91bdb
+SHA1 (patch-ab) = f43a6b627a4f2b8ecd74b016ce29b5f8091d877e
+SHA1 (patch-ac) = d851513c2a115358671bf9efafab1e3ee9166088
+SHA1 (patch-ad) = 9f862bc0bdcb7285ffaf2b7f2685e363ff8daba3
+SHA1 (patch-ae) = d7bcee7a84457c96951c3da82aa689fa818a07b6
+SHA1 (patch-af) = ec6b439a3a4a0d2e5b13685c4d94deb26bbece45
+SHA1 (patch-ag) = dbdbefa00b2ec7e6ee3cf4441d1fc817ecefc742
 SHA1 (patch-ah) = 85a8f0fa5ddf13f8342faaff6bf81fcd3ad6648a
-SHA1 (patch-ai) = da31e53b3ccbef24abc6418ee466f1e43fdd7447
-SHA1 (patch-aj) = ea07f23e66863e78bbe2cfced747795cb6c2f7ba
-SHA1 (patch-ak) = fe65dbf8771f6515d32ed994723b979f8e3211d6
-SHA1 (patch-al) = 5a0aed20f0c75b5bbcf4abce1e50d1ced3990ca7
-SHA1 (patch-am) = a88eb34b83789453b8e212b14f33d8e98d153667
-SHA1 (patch-an) = 4694cd36c85d76fe42411600a482dcfa1421f704
-SHA1 (patch-ao) = 00750c5f80bced34c54558cbd5ad3b96384e0d00
-SHA1 (patch-ap) = ba0a85060632dfa3939b7316f0acecfa3100082d
-SHA1 (patch-aq) = ee466164b653f521445884e119627f4927fabbe0
-SHA1 (patch-ar) = 1c551d1459cd690a2d5c5383a2b1726707df9134
+SHA1 (patch-ai) = ccc43f0523bf2b0e28d7e169eda59b1ff1a2215b
+SHA1 (patch-aj) = 44f2b11949a4dea6a8760b8397db5360b64bf01f
+SHA1 (patch-ak) = 6140fe665aa84ab8127e0d9ede44945f196392e4
+SHA1 (patch-al) = 3168440d9e584a504b21802edb4dbeb58e87e8d2
+SHA1 (patch-am) = 50e46970b8eff07b931a34313d863e13af838440
+SHA1 (patch-an) = 1ffc3704bf925f87fb787c93f6f10d1b0c06bdd0
+SHA1 (patch-ao) = 0677e5f8a1a9a2f6b600789ff3fea627af472bc0
+SHA1 (patch-ap) = b006a1b49f19ab322fc179a1f2e4238807a64b87
+SHA1 (patch-aq) = 3786a41a974d6583f379350068a762a725b8334d
+SHA1 (patch-ar) = 90f2534c0fb01f7909ee88c7849092a9e7882a7d
+SHA1 (patch-as) = ecb23bc4c07d8ac7599b6f6576ad39bb4dcedbab
+SHA1 (patch-at) = c6b85eb24279f18a430b86aeda3f8d2fa1c8d018
+SHA1 (patch-au) = 2a8926edfb65a8ecf7786411cee3d1723247764b
+SHA1 (patch-av) = ef8fca98fad60cad4ba4197e8579544f37a4fcee
diff -r fb11f42dfa46 -r d0e92864f868 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Mon Mar 07 22:21:15 2005 +0000
+++ b/security/openssh/patches/patch-aa Mon Mar 07 23:29:49 2005 +0000
@@ -1,16 +1,44 @@
-$NetBSD: patch-aa,v 1.36 2004/08/31 11:27:11 wiz Exp $
+$NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $
 
---- configure.orig     2004-08-17 14:54:53.000000000 +0200
+--- configure.orig     2004-08-17 08:54:53.000000000 -0400
 +++ configure
-@@ -6101,8 +6101,18 @@ _ACEOF
+@@ -6101,8 +6101,46 @@ _ACEOF
  _ACEOF
  
        ;;
 +
 +*-*-interix3)
-+      cat >>confdefs.h <<\EOF
++      cat >>confdefs.h <<\_ACEOF
++#define HAVE_INTERIX 1
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
++#define DISABLE_FD_PASSING 1
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
++#define DISABLE_SHADOW 1
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
++#define IP_TOS_IS_BROKEN 1
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
 +#define MISSING_HOWMANY 1
-+EOF
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
++#define NO_IPPORT_RESERVED_CONCEPT 1
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
++#define SETGROUPS_NOOP 1
++_ACEOF
++
++      cat >>confdefs.h <<\_ACEOF
++#define USE_PIPES 1
++_ACEOF
 +
 +      ;;
  esac
@@ -21,7 +49,7 @@
  # Allow user to specify flags
  
  # Check whether --with-cflags or --without-cflags was given.
-@@ -23790,12 +23800,19 @@ fi
+@@ -23790,12 +23828,19 @@ fi
  rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_utmpx_location"; then
        if test x"$system_utmpx_path" = x"no" ; then
@@ -44,7 +72,7 @@
        cat >>confdefs.h <<_ACEOF
  #define CONF_UTMPX_FILE "$conf_utmpx_location"
  _ACEOF
-@@ -23864,12 +23881,20 @@ fi
+@@ -23864,12 +23909,20 @@ fi
  rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_wtmpx_location"; then
        if test x"$system_wtmpx_path" = x"no" ; then
@@ -67,7 +95,7 @@
        cat >>confdefs.h <<_ACEOF
  #define CONF_WTMPX_FILE "$conf_wtmpx_location"
  _ACEOF
-@@ -25091,7 +25116,7 @@ echo "OpenSSH has been configured with t
+@@ -25091,7 +25144,7 @@ echo "OpenSSH has been configured with t
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff -r fb11f42dfa46 -r d0e92864f868 security/openssh/patches/patch-ab
--- a/security/openssh/patches/patch-ab Mon Mar 07 22:21:15 2005 +0000
+++ b/security/openssh/patches/patch-ab Mon Mar 07 23:29:49 2005 +0000
@@ -1,14 +1,21 @@
-$NetBSD: patch-ab,v 1.19 2004/08/31 11:27:12 wiz Exp $
+$NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $
 
---- configure.ac.orig  2004-08-16 15:12:06.000000000 +0200
+--- configure.ac.orig  2004-08-16 09:12:06.000000000 -0400
 +++ configure.ac
-@@ -469,8 +469,15 @@ mips-sony-bsd|mips-sony-newsos4)
+@@ -469,8 +469,22 @@ mips-sony-bsd|mips-sony-newsos4)
        AC_DEFINE(MISSING_HOWMANY)
        AC_DEFINE(MISSING_FD_MASK)
        ;;
 +
-+*-*-interix3)
++*-*-interix3*)
++      AC_DEFINE(HAVE_INTERIX)
++      AC_DEFINE(DISABLE_FD_PASSING)
++      AC_DEFINE(DISABLE_SHADOW)
++      AC_DEFINE(IP_TOS_IS_BROKEN)
 +      AC_DEFINE(MISSING_HOWMANY)
++      AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
++      AC_DEFINE(SETGROUPS_NOOP)
++      AC_DEFINE(USE_PIPES)
 +      ;;
  esac
  
@@ -18,7 +25,7 @@
  # Allow user to specify flags
  AC_ARG_WITH(cflags,
        [  --with-cflags           Specify additional flags to pass to compiler],
-@@ -2885,9 +2892,17 @@ AC_TRY_COMPILE([
+@@ -2885,9 +2899,17 @@ AC_TRY_COMPILE([
  )
  if test -z "$conf_utmpx_location"; then
        if test x"$system_utmpx_path" = x"no" ; then
@@ -38,7 +45,7 @@
        AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
  fi    
  
-@@ -2910,9 +2925,17 @@ AC_TRY_COMPILE([
+@@ -2910,9 +2932,17 @@ AC_TRY_COMPILE([
  )
  if test -z "$conf_wtmpx_location"; then
        if test x"$system_wtmpx_path" = x"no" ; then
@@ -58,7 +65,7 @@
        AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
  fi    
  
-@@ -2953,7 +2976,7 @@ echo "OpenSSH has been configured with t
+@@ -2953,7 +2983,7 @@ echo "OpenSSH has been configured with t
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff -r fb11f42dfa46 -r d0e92864f868 security/openssh/patches/patch-ac
--- a/security/openssh/patches/patch-ac Mon Mar 07 22:21:15 2005 +0000
+++ b/security/openssh/patches/patch-ac Mon Mar 07 23:29:49 2005 +0000
@@ -1,8 +1,35 @@
-$NetBSD: patch-ac,v 1.11 2004/08/31 11:27:12 wiz Exp $
+$NetBSD: patch-ac,v 1.12 2005/03/07 23:29:49 tv Exp $
 
---- defines.h.orig     2004-06-22 05:27:16.000000000 +0200
+--- defines.h.orig     2004-06-21 23:27:16.000000000 -0400
 +++ defines.h
-@@ -591,6 +591,24 @@ struct winsize {
+@@ -30,6 +30,15 @@
+ 
+ /* Constants */
+ 
++#ifdef HAVE_INTERIX
++/* Interix has a special concept of "administrator". */
++# define ROOTUID      197108
++# define ROOTGID      131616
++#else
++# define ROOTUID      0
++# define ROOTGID      0
++#endif
++



Home | Main Index | Thread Index | Old Index