openssh/openssh-8.4p1-vendordir.patch

203 lines
7.1 KiB
Diff
Raw Normal View History

Gemeinsame Unterverzeichnisse: openssh-8.4p1/contrib und openssh-8.4p1-vendor/contrib.
Index: openssh-8.9p1/dh.c
===================================================================
--- openssh-8.9p1.orig/dh.c
+++ openssh-8.9p1/dh.c
@@ -54,7 +54,17 @@ void dh_set_moduli_file(const char *file
static const char * get_moduli_filename(void)
{
- return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
+ struct stat st;
+
+ if (moduli_filename)
+ return moduli_filename;
+
+ if (stat(_PATH_VENDOR_DH_MODULI, &st) == 0 &&
+ stat(_PATH_DH_MODULI, &st) == -1) {
+ return _PATH_VENDOR_DH_MODULI;
+ }
+
+ return _PATH_DH_MODULI;
}
static int
Index: openssh-8.9p1/pathnames.h
===================================================================
--- openssh-8.9p1.orig/pathnames.h
+++ openssh-8.9p1/pathnames.h
@@ -18,6 +18,8 @@
#define SSHDIR ETCDIR "/ssh"
#endif
+#define VENDORDIR "/usr/etc/ssh"
+
#ifndef _PATH_SSH_PIDDIR
#define _PATH_SSH_PIDDIR "/var/run"
#endif
@@ -35,13 +37,17 @@
* should be world-readable.
*/
#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config"
+#define _PATH_SERVER_VENDOR_CONFIG_FILE VENDORDIR "/sshd_config"
#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config"
+#define _PATH_HOST_VENDOR_CONFIG_FILE VENDORDIR "/ssh_config"
#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
#define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key"
#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
#define _PATH_DH_MODULI SSHDIR "/moduli"
+#define _PATH_VENDOR_DH_MODULI VENDORDIR "/moduli"
+
#ifndef _PATH_SSH_PROGRAM
#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
Index: openssh-8.9p1/ssh.c
===================================================================
--- openssh-8.9p1.orig/ssh.c
+++ openssh-8.9p1/ssh.c
@@ -549,6 +549,7 @@ static void
process_config_files(const char *host_name, struct passwd *pw, int final_pass,
int *want_final_pass)
{
+ struct stat st;
char buf[PATH_MAX];
int r;
@@ -567,10 +568,23 @@ process_config_files(const char *host_na
&options, SSHCONF_CHECKPERM | SSHCONF_USERCONF |
(final_pass ? SSHCONF_FINAL : 0), want_final_pass);
- /* Read systemwide configuration file after user config. */
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
- host, host_name, &options,
- final_pass ? SSHCONF_FINAL : 0, want_final_pass);
+ /* If only the vendor configuration file exists, use that.
+ * Else use the standard configuration file.
+ */
+ if (stat(_PATH_HOST_VENDOR_CONFIG_FILE, &st) == 0 &&
+ stat(_PATH_HOST_CONFIG_FILE, &st) == -1) {
+ /* Read vendor distributed configuration file. */
+ (void)read_config_file(_PATH_HOST_VENDOR_CONFIG_FILE,
+ pw, host, host_name, &options,
+ final_pass ? SSHCONF_FINAL : 0,
+ want_final_pass);
+ } else {
+ /* Read systemwide configuration file after user config. */
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
+ host, host_name, &options,
+ final_pass ? SSHCONF_FINAL : 0,
+ want_final_pass);
+ }
}
}
Index: openssh-8.9p1/ssh_config.5
===================================================================
--- openssh-8.9p1.orig/ssh_config.5
+++ openssh-8.9p1/ssh_config.5
@@ -54,6 +54,9 @@ user's configuration file
.It
system-wide configuration file
.Pq Pa /etc/ssh/ssh_config
+.It
+vendor configuration file
+.Pq Pa /usr/etc/ssh/ssh_config
.El
.Pp
Unless noted otherwise, for each parameter, the first obtained value
@@ -2220,6 +2223,11 @@ This file provides defaults for those
values that are not specified in the user's configuration file, and
for those users who do not have a configuration file.
This file must be world-readable.
+.It Pa /usr/etc/ssh/ssh_config
+Vendor specific configuraiton file.
+This file provides the vendor defaults and is used as fallback if the
+.Ic /etc/ssh/ssh_config
+configuration file does not exist.
.El
.Sh SEE ALSO
.Xr ssh 1
Index: openssh-8.9p1/sshd.c
===================================================================
--- openssh-8.9p1.orig/sshd.c
+++ openssh-8.9p1/sshd.c
@@ -1201,7 +1201,8 @@ prepare_proctitle(int ac, char **av)
extern char *optarg;
extern int optind;
int log_stderr = 0, inetd_flag = 0, test_flag = 0, no_daemon_flag = 0;
- char *config_file_name = _PATH_SERVER_CONFIG_FILE;
+ char *config_file_name = NULL;
+ struct stat st;
int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0;
int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0;
int devnull, config_s[2] = { -1 , -1 }, have_connection_info = 0;
@@ -1806,7 +1807,21 @@ main(int ac, char **av)
/* Fetch our configuration */
if ((cfg = sshbuf_new()) == NULL)
fatal("sshbuf_new config failed");
+ if (config_file_name == NULL) {
+ /* If only the vendor configuration file exists, use that.
+ * Else use the standard configuration file.
+ */
+ if (stat(_PATH_SERVER_VENDOR_CONFIG_FILE, &st) == 0 &&
+ stat(_PATH_SERVER_CONFIG_FILE, &st) == -1) {
+ /* fill with global distributor settings */
+ config_file_name = _PATH_SERVER_VENDOR_CONFIG_FILE;
+ } else {
+ /* load global admin settings */
+ config_file_name = _PATH_SERVER_CONFIG_FILE;
+ }
+ load_server_config(config_file_name, cfg);
- if (strcasecmp(config_file_name, "none") != 0)
+ } else if (strcasecmp(config_file_name, "none") != 0)
+ /* load config specified on commandline */
load_server_config(config_file_name, cfg);
parse_server_config(&options, config_file_name, cfg,
Index: openssh-8.9p1/sshd_config.5
===================================================================
--- openssh-8.9p1.orig/sshd_config.5
+++ openssh-8.9p1/sshd_config.5
@@ -44,7 +44,9 @@
.Xr sshd 8
reads configuration data from
.Pa /etc/ssh/sshd_config
-(or the file specified with
+(
+.Pa /usr/etc/ssh/sshd_config
+if the file does not exist or the file specified with
.Fl f
on the command line).
The file contains keyword-argument pairs, one per line.
Index: openssh-8.9p1/ssh-keysign.c
===================================================================
--- openssh-8.9p1.orig/ssh-keysign.c
+++ openssh-8.9p1/ssh-keysign.c
@@ -186,6 +186,7 @@ main(int argc, char **argv)
u_char *signature, *data, rver;
char *host, *fp, *pkalg;
size_t slen, dlen;
+ struct stat st;
if (pledge("stdio rpath getpw dns id", NULL) != 0)
fatal("%s: pledge: %s", __progname, strerror(errno));
@@ -219,8 +220,14 @@ main(int argc, char **argv)
/* verify that ssh-keysign is enabled by the admin */
initialize_options(&options);
- (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
- &options, 0, NULL);
+
+ if (stat(_PATH_HOST_CONFIG_FILE, &st) == 0)
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
+ &options, 0, NULL);
+ else
+ (void)read_config_file(_PATH_HOST_VENDOR_CONFIG_FILE, pw, "", "",
+ &options, 0, NULL);
+
(void)fill_default_options(&options);
if (options.enable_ssh_keysign != 1)
fatal("ssh-keysign not enabled in %s",