1 files deleted
3 files modified
| | |
| | | COMPONENT_NAME= openssh |
| | | # OpenSSH <x>.<y>p<n> => IPS <x>.<y>.0.<n> |
| | | # OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n> |
| | | COMPONENT_VERSION= 9.3.0.2 |
| | | HUMAN_VERSION= 9.3p2 |
| | | COMPONENT_REVISION= 1 |
| | | COMPONENT_VERSION= 9.4.0.1 |
| | | HUMAN_VERSION= 9.4p1 |
| | | COMPONENT_SUMMARY= OpenSSH client and associated utilities |
| | | COMPONENT_SRC= $(COMPONENT_NAME)-$(HUMAN_VERSION) |
| | | COMPONENT_PROJECT_URL= https://www.openssh.org |
| | | COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz |
| | | COMPONENT_ARCHIVE_HASH= sha256:200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 |
| | | COMPONENT_ARCHIVE_HASH= sha256:3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85 |
| | | COMPONENT_ARCHIVE_URL= https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE) |
| | | COMPONENT_FMRI= network/ssh |
| | | COMPONENT_LICENSE= BSD, BSD-like |
| | |
| | | diff -wpruN '--exclude=*.orig' a~/readconf.c a/readconf.c |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/readconf.c a/readconf.c |
| | | --- a~/readconf.c 1970-01-01 00:00:00 |
| | | +++ a/readconf.c 1970-01-01 00:00:00 |
| | | @@ -164,6 +164,9 @@ typedef enum { |
| | | @@ -167,6 +167,9 @@ typedef enum { |
| | | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
| | | oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, |
| | | oHashKnownHosts, |
| | |
| | | oTunnel, oTunnelDevice, |
| | | oLocalCommand, oPermitLocalCommand, oRemoteCommand, |
| | | oVisualHostKey, |
| | | @@ -289,6 +292,9 @@ static struct { |
| | | @@ -294,6 +297,9 @@ static struct { |
| | | { "controlpersist", oControlPersist }, |
| | | { "hashknownhosts", oHashKnownHosts }, |
| | | { "include", oInclude }, |
| | |
| | | { "tunnel", oTunnel }, |
| | | { "tunneldevice", oTunnelDevice }, |
| | | { "localcommand", oLocalCommand }, |
| | | @@ -921,6 +927,17 @@ parse_multistate_value(const char *arg, |
| | | @@ -1005,6 +1011,17 @@ parse_multistate_value(const char *arg, |
| | | return -1; |
| | | } |
| | | |
| | |
| | | /* |
| | | * Processes a single option line as used in the configuration files. This |
| | | * only sets those values that have not already been set. |
| | | @@ -2181,6 +2198,13 @@ parse_pubkey_algos: |
| | | @@ -2280,6 +2297,13 @@ parse_pubkey_algos: |
| | | intptr = &options->required_rsa_size; |
| | | goto parse_int; |
| | | |
| | |
| | | case oDeprecated: |
| | | debug("%s line %d: Deprecated option \"%s\"", |
| | | filename, linenum, keyword); |
| | | @@ -2416,6 +2440,9 @@ initialize_options(Options * options) |
| | | @@ -2516,6 +2540,9 @@ initialize_options(Options * options) |
| | | options->stdin_null = -1; |
| | | options->fork_after_authentication = -1; |
| | | options->proxy_use_fdpass = -1; |
| | |
| | | options->ignored_unknown = NULL; |
| | | options->num_canonical_domains = 0; |
| | | options->num_permitted_cnames = 0; |
| | | @@ -2616,6 +2643,10 @@ fill_default_options(Options * options) |
| | | @@ -2718,6 +2745,10 @@ fill_default_options(Options * options) |
| | | options->canonicalize_fallback_local = 1; |
| | | if (options->canonicalize_hostname == -1) |
| | | options->canonicalize_hostname = SSH_CANONICALISE_NO; |
| | |
| | | if (options->fingerprint_hash == -1) |
| | | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| | | #ifdef ENABLE_SK_INTERNAL |
| | | diff -wpruN '--exclude=*.orig' a~/readconf.h a/readconf.h |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/readconf.h a/readconf.h |
| | | --- a~/readconf.h 1970-01-01 00:00:00 |
| | | +++ a/readconf.h 1970-01-01 00:00:00 |
| | | @@ -179,6 +179,9 @@ typedef struct { |
| | | int required_rsa_size; /* minimum size of RSA keys */ |
| | | @@ -182,6 +182,9 @@ typedef struct { |
| | | int enable_escape_commandline; /* ~C commandline */ |
| | | |
| | | char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ |
| | | +#ifdef DISABLE_BANNER |
| | |
| | | } Options; |
| | | |
| | | #define SSH_PUBKEY_AUTH_NO 0x00 |
| | | @@ -219,6 +222,12 @@ typedef struct { |
| | | @@ -222,6 +225,12 @@ typedef struct { |
| | | #define SSH_STRICT_HOSTKEY_YES 2 |
| | | #define SSH_STRICT_HOSTKEY_ASK 3 |
| | | |
| | |
| | | const char *kex_default_pk_alg(void); |
| | | char *ssh_connection_hash(const char *thishost, const char *host, |
| | | const char *portstr, const char *user); |
| | | diff -wpruN '--exclude=*.orig' a~/ssh_config.5 a/ssh_config.5 |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/ssh_config.5 a/ssh_config.5 |
| | | --- a~/ssh_config.5 1970-01-01 00:00:00 |
| | | +++ a/ssh_config.5 1970-01-01 00:00:00 |
| | | @@ -611,6 +611,14 @@ If set to a time in seconds, or a time i |
| | | @@ -633,6 +633,14 @@ If set to a time in seconds, or a time i |
| | | then the backgrounded master connection will automatically terminate |
| | | after it has remained idle (with no client connections) for the |
| | | specified time. |
| | |
| | | .It Cm DynamicForward |
| | | Specifies that a TCP port on the local machine be forwarded |
| | | over the secure channel, and the application |
| | | diff -wpruN '--exclude=*.orig' a~/sshconnect2.c a/sshconnect2.c |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/sshconnect2.c a/sshconnect2.c |
| | | --- a~/sshconnect2.c 1970-01-01 00:00:00 |
| | | +++ a/sshconnect2.c 1970-01-01 00:00:00 |
| | | @@ -85,6 +85,10 @@ extern char *client_version_string; |
| | | @@ -84,6 +84,10 @@ extern char *client_version_string; |
| | | extern char *server_version_string; |
| | | extern Options options; |
| | | |
| | |
| | | /* |
| | | * SSH2 key exchange |
| | | */ |
| | | @@ -603,8 +607,28 @@ input_userauth_banner(int type, u_int32_ |
| | | @@ -585,8 +589,28 @@ input_userauth_banner(int type, u_int32_ |
| | | if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 || |
| | | (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) |
| | | goto out; |
| | |
| | | SunSSH, allowing an in-process shared library to be called |
| | | into to check public keys for authentication. |
| | | |
| | | diff -wpruN '--exclude=*.orig' a~/auth2-pubkey.c a/auth2-pubkey.c |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/auth2-pubkey.c a/auth2-pubkey.c |
| | | --- a~/auth2-pubkey.c 1970-01-01 00:00:00 |
| | | +++ a/auth2-pubkey.c 1970-01-01 00:00:00 |
| | | @@ -23,6 +23,11 @@ |
| | |
| | | static int |
| | | userauth_pubkey(struct ssh *ssh, const char *method) |
| | | { |
| | | @@ -747,6 +763,124 @@ user_key_command_allowed2(struct passwd |
| | | @@ -745,6 +761,124 @@ user_key_command_allowed2(struct passwd |
| | | return found_key; |
| | | } |
| | | |
| | |
| | | /* |
| | | * Check whether key authenticates and authorises the user. |
| | | */ |
| | | @@ -792,6 +926,10 @@ user_key_allowed(struct ssh *ssh, struct |
| | | @@ -796,6 +930,10 @@ user_key_allowed(struct ssh *ssh, struct |
| | | sshauthopt_free(opts); |
| | | opts = NULL; |
| | | |
| | |
| | | + return success; |
| | | + |
| | | if ((success = user_key_command_allowed2(pw, key, remote_ip, |
| | | remote_host, &opts)) != 0) |
| | | remote_host, conn_id, rdomain, &opts)) != 0) |
| | | goto out; |
| | | diff -wpruN '--exclude=*.orig' a~/servconf.c a/servconf.c |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/servconf.c a/servconf.c |
| | | --- a~/servconf.c 1970-01-01 00:00:00 |
| | | +++ a/servconf.c 1970-01-01 00:00:00 |
| | | @@ -211,6 +211,7 @@ initialize_server_options(ServerOptions |
| | | @@ -209,6 +209,7 @@ initialize_server_options(ServerOptions |
| | | */ |
| | | options->pam_service_per_authmethod = 1; |
| | | #endif |
| | |
| | | } |
| | | |
| | | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
| | | @@ -559,6 +560,7 @@ typedef enum { |
| | | @@ -557,6 +558,7 @@ typedef enum { |
| | | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, |
| | | sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, |
| | | sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout, |
| | |
| | | sDeprecated, sIgnore, sUnsupported |
| | | } ServerOpCodes; |
| | | |
| | | @@ -725,6 +727,7 @@ static struct { |
| | | @@ -723,6 +725,7 @@ static struct { |
| | | { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, |
| | | { "rdomain", sRDomain, SSHCFG_ALL }, |
| | | { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, |
| | |
| | | { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, |
| | | { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, |
| | | { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, |
| | | @@ -2626,6 +2629,18 @@ process_server_config_line_depth(ServerO |
| | | @@ -2631,6 +2634,18 @@ process_server_config_line_depth(ServerO |
| | | } |
| | | break; |
| | | |
| | |
| | | case sDeprecated: |
| | | case sIgnore: |
| | | case sUnsupported: |
| | | diff -wpruN '--exclude=*.orig' a~/servconf.h a/servconf.h |
| | | diff -wpruN --no-dereference '--exclude=*.orig' a~/servconf.h a/servconf.h |
| | | --- a~/servconf.h 1970-01-01 00:00:00 |
| | | +++ a/servconf.h 1970-01-01 00:00:00 |
| | | @@ -237,6 +237,7 @@ typedef struct { |