203 lines
7.1 KiB
Diff
203 lines
7.1 KiB
Diff
|
Gemeinsame Unterverzeichnisse: openssh-8.4p1/contrib und openssh-8.4p1-vendor/contrib.
|
||
|
Index: openssh-8.9p1/dh.c
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/dh.c
|
||
|
+++ openssh-8.9p1/dh.c
|
||
|
@@ -54,7 +54,17 @@ void dh_set_moduli_file(const char *file
|
||
|
|
||
|
static const char * get_moduli_filename(void)
|
||
|
{
|
||
|
- return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
|
||
|
+ struct stat st;
|
||
|
+
|
||
|
+ if (moduli_filename)
|
||
|
+ return moduli_filename;
|
||
|
+
|
||
|
+ if (stat(_PATH_VENDOR_DH_MODULI, &st) == 0 &&
|
||
|
+ stat(_PATH_DH_MODULI, &st) == -1) {
|
||
|
+ return _PATH_VENDOR_DH_MODULI;
|
||
|
+ }
|
||
|
+
|
||
|
+ return _PATH_DH_MODULI;
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
Index: openssh-8.9p1/pathnames.h
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/pathnames.h
|
||
|
+++ openssh-8.9p1/pathnames.h
|
||
|
@@ -18,6 +18,8 @@
|
||
|
#define SSHDIR ETCDIR "/ssh"
|
||
|
#endif
|
||
|
|
||
|
+#define VENDORDIR "/usr/etc/ssh"
|
||
|
+
|
||
|
#ifndef _PATH_SSH_PIDDIR
|
||
|
#define _PATH_SSH_PIDDIR "/var/run"
|
||
|
#endif
|
||
|
@@ -35,13 +37,17 @@
|
||
|
* should be world-readable.
|
||
|
*/
|
||
|
#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config"
|
||
|
+#define _PATH_SERVER_VENDOR_CONFIG_FILE VENDORDIR "/sshd_config"
|
||
|
#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config"
|
||
|
+#define _PATH_HOST_VENDOR_CONFIG_FILE VENDORDIR "/ssh_config"
|
||
|
#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
|
||
|
#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
|
||
|
#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
|
||
|
#define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key"
|
||
|
#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
|
||
|
#define _PATH_DH_MODULI SSHDIR "/moduli"
|
||
|
+#define _PATH_VENDOR_DH_MODULI VENDORDIR "/moduli"
|
||
|
+
|
||
|
|
||
|
#ifndef _PATH_SSH_PROGRAM
|
||
|
#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
|
||
|
Index: openssh-8.9p1/ssh.c
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/ssh.c
|
||
|
+++ openssh-8.9p1/ssh.c
|
||
|
@@ -549,6 +549,7 @@ static void
|
||
|
process_config_files(const char *host_name, struct passwd *pw, int final_pass,
|
||
|
int *want_final_pass)
|
||
|
{
|
||
|
+ struct stat st;
|
||
|
char buf[PATH_MAX];
|
||
|
int r;
|
||
|
|
||
|
@@ -567,10 +568,23 @@ process_config_files(const char *host_na
|
||
|
&options, SSHCONF_CHECKPERM | SSHCONF_USERCONF |
|
||
|
(final_pass ? SSHCONF_FINAL : 0), want_final_pass);
|
||
|
|
||
|
- /* Read systemwide configuration file after user config. */
|
||
|
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
|
||
|
- host, host_name, &options,
|
||
|
- final_pass ? SSHCONF_FINAL : 0, want_final_pass);
|
||
|
+ /* If only the vendor configuration file exists, use that.
|
||
|
+ * Else use the standard configuration file.
|
||
|
+ */
|
||
|
+ if (stat(_PATH_HOST_VENDOR_CONFIG_FILE, &st) == 0 &&
|
||
|
+ stat(_PATH_HOST_CONFIG_FILE, &st) == -1) {
|
||
|
+ /* Read vendor distributed configuration file. */
|
||
|
+ (void)read_config_file(_PATH_HOST_VENDOR_CONFIG_FILE,
|
||
|
+ pw, host, host_name, &options,
|
||
|
+ final_pass ? SSHCONF_FINAL : 0,
|
||
|
+ want_final_pass);
|
||
|
+ } else {
|
||
|
+ /* Read systemwide configuration file after user config. */
|
||
|
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
|
||
|
+ host, host_name, &options,
|
||
|
+ final_pass ? SSHCONF_FINAL : 0,
|
||
|
+ want_final_pass);
|
||
|
+ }
|
||
|
}
|
||
|
}
|
||
|
|
||
|
Index: openssh-8.9p1/ssh_config.5
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/ssh_config.5
|
||
|
+++ openssh-8.9p1/ssh_config.5
|
||
|
@@ -54,6 +54,9 @@ user's configuration file
|
||
|
.It
|
||
|
system-wide configuration file
|
||
|
.Pq Pa /etc/ssh/ssh_config
|
||
|
+.It
|
||
|
+vendor configuration file
|
||
|
+.Pq Pa /usr/etc/ssh/ssh_config
|
||
|
.El
|
||
|
.Pp
|
||
|
Unless noted otherwise, for each parameter, the first obtained value
|
||
|
@@ -2220,6 +2223,11 @@ This file provides defaults for those
|
||
|
values that are not specified in the user's configuration file, and
|
||
|
for those users who do not have a configuration file.
|
||
|
This file must be world-readable.
|
||
|
+.It Pa /usr/etc/ssh/ssh_config
|
||
|
+Vendor specific configuraiton file.
|
||
|
+This file provides the vendor defaults and is used as fallback if the
|
||
|
+.Ic /etc/ssh/ssh_config
|
||
|
+configuration file does not exist.
|
||
|
.El
|
||
|
.Sh SEE ALSO
|
||
|
.Xr ssh 1
|
||
|
Index: openssh-8.9p1/sshd.c
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/sshd.c
|
||
|
+++ openssh-8.9p1/sshd.c
|
||
|
@@ -1201,7 +1201,8 @@ prepare_proctitle(int ac, char **av)
|
||
|
extern char *optarg;
|
||
|
extern int optind;
|
||
|
int log_stderr = 0, inetd_flag = 0, test_flag = 0, no_daemon_flag = 0;
|
||
|
- char *config_file_name = _PATH_SERVER_CONFIG_FILE;
|
||
|
+ char *config_file_name = NULL;
|
||
|
+ struct stat st;
|
||
|
int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0;
|
||
|
int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0;
|
||
|
int devnull, config_s[2] = { -1 , -1 }, have_connection_info = 0;
|
||
|
@@ -1806,7 +1807,21 @@ main(int ac, char **av)
|
||
|
/* Fetch our configuration */
|
||
|
if ((cfg = sshbuf_new()) == NULL)
|
||
|
fatal("sshbuf_new config failed");
|
||
|
+ if (config_file_name == NULL) {
|
||
|
+ /* If only the vendor configuration file exists, use that.
|
||
|
+ * Else use the standard configuration file.
|
||
|
+ */
|
||
|
+ if (stat(_PATH_SERVER_VENDOR_CONFIG_FILE, &st) == 0 &&
|
||
|
+ stat(_PATH_SERVER_CONFIG_FILE, &st) == -1) {
|
||
|
+ /* fill with global distributor settings */
|
||
|
+ config_file_name = _PATH_SERVER_VENDOR_CONFIG_FILE;
|
||
|
+ } else {
|
||
|
+ /* load global admin settings */
|
||
|
+ config_file_name = _PATH_SERVER_CONFIG_FILE;
|
||
|
+ }
|
||
|
+ load_server_config(config_file_name, cfg);
|
||
|
- if (strcasecmp(config_file_name, "none") != 0)
|
||
|
+ } else if (strcasecmp(config_file_name, "none") != 0)
|
||
|
+ /* load config specified on commandline */
|
||
|
load_server_config(config_file_name, cfg);
|
||
|
|
||
|
parse_server_config(&options, config_file_name, cfg,
|
||
|
Index: openssh-8.9p1/sshd_config.5
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/sshd_config.5
|
||
|
+++ openssh-8.9p1/sshd_config.5
|
||
|
@@ -44,7 +44,9 @@
|
||
|
.Xr sshd 8
|
||
|
reads configuration data from
|
||
|
.Pa /etc/ssh/sshd_config
|
||
|
-(or the file specified with
|
||
|
+(
|
||
|
+.Pa /usr/etc/ssh/sshd_config
|
||
|
+if the file does not exist or the file specified with
|
||
|
.Fl f
|
||
|
on the command line).
|
||
|
The file contains keyword-argument pairs, one per line.
|
||
|
Index: openssh-8.9p1/ssh-keysign.c
|
||
|
===================================================================
|
||
|
--- openssh-8.9p1.orig/ssh-keysign.c
|
||
|
+++ openssh-8.9p1/ssh-keysign.c
|
||
|
@@ -186,6 +186,7 @@ main(int argc, char **argv)
|
||
|
u_char *signature, *data, rver;
|
||
|
char *host, *fp, *pkalg;
|
||
|
size_t slen, dlen;
|
||
|
+ struct stat st;
|
||
|
|
||
|
if (pledge("stdio rpath getpw dns id", NULL) != 0)
|
||
|
fatal("%s: pledge: %s", __progname, strerror(errno));
|
||
|
@@ -219,8 +220,14 @@ main(int argc, char **argv)
|
||
|
|
||
|
/* verify that ssh-keysign is enabled by the admin */
|
||
|
initialize_options(&options);
|
||
|
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
|
||
|
- &options, 0, NULL);
|
||
|
+
|
||
|
+ if (stat(_PATH_HOST_CONFIG_FILE, &st) == 0)
|
||
|
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
|
||
|
+ &options, 0, NULL);
|
||
|
+ else
|
||
|
+ (void)read_config_file(_PATH_HOST_VENDOR_CONFIG_FILE, pw, "", "",
|
||
|
+ &options, 0, NULL);
|
||
|
+
|
||
|
(void)fill_default_options(&options);
|
||
|
if (options.enable_ssh_keysign != 1)
|
||
|
fatal("ssh-keysign not enabled in %s",
|