From 8a6b401c8934b6ab3a22f7853aee965027ff986f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Fri, 21 Apr 2006 23:41:20 +0000 Subject: [PATCH] - orphaned, outdated Changed files: openssh-3.4p1-owl-pam_userpass.diff -> 1.2 openssh-PAM_NEW_AUTHTOK.patch -> 1.7 openssh-buffer_c_overflow.patch -> 1.3 openssh-pam-age.patch -> 1.2 openssh-pam-limits.patch -> 1.2 openssh-pam_chauthtok.patch -> 1.2 openssh-session-keepalive.patch -> 1.2 openssh-set_12.patch -> 1.4 --- openssh-3.4p1-owl-pam_userpass.diff | 209 ---------------------------- openssh-PAM_NEW_AUTHTOK.patch | 56 -------- openssh-buffer_c_overflow.patch | 24 ---- openssh-pam-age.patch | 168 ---------------------- openssh-pam-limits.patch | 104 -------------- openssh-pam_chauthtok.patch | 19 --- openssh-session-keepalive.patch | 167 ---------------------- openssh-set_12.patch | 50 ------- 8 files changed, 797 deletions(-) delete mode 100644 openssh-3.4p1-owl-pam_userpass.diff delete mode 100644 openssh-PAM_NEW_AUTHTOK.patch delete mode 100644 openssh-buffer_c_overflow.patch delete mode 100644 openssh-pam-age.patch delete mode 100644 openssh-pam-limits.patch delete mode 100644 openssh-pam_chauthtok.patch delete mode 100644 openssh-session-keepalive.patch delete mode 100644 openssh-set_12.patch diff --git a/openssh-3.4p1-owl-pam_userpass.diff b/openssh-3.4p1-owl-pam_userpass.diff deleted file mode 100644 index 16899ee..0000000 --- a/openssh-3.4p1-owl-pam_userpass.diff +++ /dev/null @@ -1,209 +0,0 @@ -diff -urN openssh-3.4p1-owl-always-auth/Makefile.in openssh-3.4p1/Makefile.in ---- openssh-3.4p1-owl-always-auth/Makefile.in Wed Jun 26 03:45:42 2002 -+++ openssh-3.4p1/Makefile.in Mon Jul 1 23:11:30 2002 -@@ -64,7 +64,7 @@ - - SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o - --SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o -+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o appl_userpass.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o - - MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out - MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 -diff -urN openssh-3.4p1-owl-always-auth/_pam_userpass.h openssh-3.4p1/_pam_userpass.h ---- openssh-3.4p1-owl-always-auth/_pam_userpass.h Thu Jan 1 03:00:00 1970 -+++ openssh-3.4p1/_pam_userpass.h Mon Jul 1 23:11:30 2002 -@@ -0,0 +1,12 @@ -+#ifndef __PAM_USERPASS_H -+#define __PAM_USERPASS_H -+ -+#define USERPASS_AGENT_ID "userpass" -+#define USERPASS_AGENT_ID_LENGTH 8 -+ -+#define USERPASS_USER_MASK 0x03 -+#define USERPASS_USER_REQUIRED 1 -+#define USERPASS_USER_KNOWN 2 -+#define USERPASS_USER_FIXED 3 -+ -+#endif -diff -urN openssh-3.4p1-owl-always-auth/appl_userpass.c openssh-3.4p1/appl_userpass.c ---- openssh-3.4p1-owl-always-auth/appl_userpass.c Thu Jan 1 03:00:00 1970 -+++ openssh-3.4p1/appl_userpass.c Mon Jul 1 23:11:30 2002 -@@ -0,0 +1,59 @@ -+#include -+#include -+ -+#include -+#include -+ -+#ifndef PAM_BP_RCONTROL -+/* Linux-PAM prior to 0.74 */ -+#define PAM_BP_RCONTROL PAM_BP_CONTROL -+#define PAM_BP_WDATA PAM_BP_DATA -+#define PAM_BP_RDATA PAM_BP_DATA -+#endif -+ -+#include "_pam_userpass.h" -+#include "pam_userpass.h" -+ -+int pam_userpass_conv(int num_msg, const struct pam_message **msg, -+ struct pam_response **resp, void *appdata_ptr) -+{ -+ pam_userpass_t *userpass = (pam_userpass_t *)appdata_ptr; -+ pamc_bp_t prompt; -+ const char *input; -+ char *output; -+ char flags; -+ -+ if (num_msg != 1 || msg[0]->msg_style != PAM_BINARY_PROMPT) -+ return PAM_CONV_ERR; -+ -+ prompt = (pamc_bp_t)msg[0]->msg; -+ input = PAM_BP_RDATA(prompt); -+ -+ if (PAM_BP_RCONTROL(prompt) != PAM_BPC_SELECT || -+ strncmp(input, USERPASS_AGENT_ID "/", USERPASS_AGENT_ID_LENGTH + 1)) -+ return PAM_CONV_ERR; -+ -+ flags = input[USERPASS_AGENT_ID_LENGTH + 1]; -+ input += USERPASS_AGENT_ID_LENGTH + 1 + 1; -+ -+ if ((flags & USERPASS_USER_MASK) == USERPASS_USER_FIXED && -+ strcmp(input, userpass->user)) -+ return PAM_CONV_AGAIN; -+ -+ if (!(*resp = malloc(sizeof(struct pam_response)))) -+ return PAM_CONV_ERR; -+ -+ prompt = NULL; -+ PAM_BP_RENEW(&prompt, PAM_BPC_DONE, -+ strlen(userpass->user) + 1 + strlen(userpass->pass)); -+ output = PAM_BP_WDATA(prompt); -+ -+ strcpy(output, userpass->user); -+ output += strlen(output) + 1; -+ memcpy(output, userpass->pass, strlen(userpass->pass)); -+ -+ (*resp)[0].resp_retcode = 0; -+ (*resp)[0].resp = (char *)prompt; -+ -+ return PAM_SUCCESS; -+} -diff -urN openssh-3.4p1-owl-always-auth/auth-pam.c openssh-3.4p1/auth-pam.c ---- openssh-3.4p1-owl-always-auth/auth-pam.c Mon Jul 1 23:09:55 2002 -+++ openssh-3.4p1/auth-pam.c Mon Jul 1 23:38:11 2002 -@@ -34,6 +34,9 @@ - #include "canohost.h" - #include "readpass.h" - -+#include -+#include "pam_userpass.h" -+ - extern char *__progname; - - RCSID("$Id$"); -@@ -45,13 +48,13 @@ - struct pam_response **resp, void *appdata_ptr); - - /* module-local variables */ -+static pam_userpass_t userpass; - static struct pam_conv conv = { - do_pam_conversation, -- NULL -+ &userpass - }; - static char *__pam_msg = NULL; - static pam_handle_t *__pamh = NULL; --static const char *__pampasswd = NULL; - - /* states for do_pam_conversation() */ - enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; -@@ -83,18 +86,45 @@ - * PAM conversation function. - * There are two states this can run in. - * -- * INITIAL_LOGIN mode simply feeds the password from the client into -- * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output -- * messages with into __pam_msg. This is used during initial -- * authentication to bypass the normal PAM password prompt. -+ * INITIAL_LOGIN mode simply feeds the username and the password from -+ * the client into PAM via Linux-PAM binary prompts and queues any text -+ * messages for printing later. - * -- * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase() -- * and outputs messages to stderr. This mode is used if pam_chauthtok() -- * is called to update expired passwords. -+ * OTHER mode is a regular PAM conversation. This mode is used if -+ * pam_chauthtok() is called to update expired passwords. - */ - static int do_pam_conversation(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) - { -+ if (pamstate == INITIAL_LOGIN) { -+ int i, status; -+ -+ status = pam_userpass_conv(num_msg, msg, resp, appdata_ptr); -+ if (status != PAM_CONV_ERR) -+ return status; -+ -+ if (!(*resp = malloc(num_msg * sizeof(struct pam_response)))) -+ return PAM_CONV_ERR; -+ for (i = 0; i < num_msg; i++) { -+ switch (msg[i]->msg_style) { -+ case PAM_ERROR_MSG: -+ case PAM_TEXT_INFO: -+ message_cat(&__pam_msg, msg[i]->msg); -+ (*resp)[i].resp_retcode = PAM_SUCCESS; -+ (*resp)[i].resp = NULL; -+ continue; -+ default: -+ free(*resp); -+ *resp = NULL; -+ return PAM_CONV_ERR; -+ } -+ } -+ return PAM_SUCCESS; -+ } -+ -+ return misc_conv(num_msg, msg, resp, appdata_ptr); -+ -+#if 0 - struct pam_response *reply; - int count; - char buf[1024]; -@@ -170,6 +200,7 @@ - *resp = reply; - - return PAM_SUCCESS; -+#endif - } - - /* Called at exit to cleanly shutdown PAM */ -@@ -221,7 +252,8 @@ - if (*password == '\0' && options.permit_empty_passwd == 0) - return 0; - -- __pampasswd = password; -+ userpass.user = pw ? pw->pw_name : "ILLEGAL USER"; -+ userpass.pass = password; - - pamstate = INITIAL_LOGIN; - pam_retval = do_pam_authenticate( -diff -urN openssh-3.4p1-owl-always-auth/pam_userpass.h openssh-3.4p1/pam_userpass.h ---- openssh-3.4p1-owl-always-auth/pam_userpass.h Thu Jan 1 03:00:00 1970 -+++ openssh-3.4p1/pam_userpass.h Mon Jul 1 23:11:30 2002 -@@ -0,0 +1,14 @@ -+#ifndef _PAM_USERPASS_H -+#define _PAM_USERPASS_H -+ -+#include -+ -+typedef struct { -+ const char *user; -+ const char *pass; -+} pam_userpass_t; -+ -+extern int pam_userpass_conv(int num_msg, const struct pam_message **msg, -+ struct pam_response **resp, void *appdata_ptr); -+ -+#endif diff --git a/openssh-PAM_NEW_AUTHTOK.patch b/openssh-PAM_NEW_AUTHTOK.patch deleted file mode 100644 index 93dee61..0000000 --- a/openssh-PAM_NEW_AUTHTOK.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -Naur openssh-2.1.1p1/auth-pam.c openssh-2.1.1p1-p/auth-pam.c ---- openssh-2.1.1p1/auth-pam.c Wed May 31 03:20:12 2000 -+++ openssh-2.1.1p1-p/auth-pam.c Mon Jun 12 16:31:42 2000 -@@ -18,6 +18,8 @@ - #define NEW_AUTHTOK_MSG \ - "Warning: You password has expired, please change it now" - -+extern char *forced_command; -+ - /* Callbacks */ - static int pamconv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr); -@@ -123,6 +125,9 @@ - debug("PAM Password authentication accepted for user \"%.100s\"", - pw->pw_name); - return 1; -+ } else if (pam_retval == PAM_NEW_AUTHTOK_REQD) { -+ debug("PAM (expired)Password authentication accepted for user \"%.100s\"", pw->pw_name); -+ return 1; - } else { - debug("PAM Password authentication for \"%.100s\" failed: %s", - pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); -@@ -159,6 +164,9 @@ - break; - case PAM_NEW_AUTHTOK_REQD: - pam_msg_cat(NEW_AUTHTOK_MSG); -+ forced_command = xmalloc(strlen("/usr/bin/passwd") + 1); -+ strcpy(forced_command, "/usr/bin/passwd"); -+/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */ - break; - default: - log("PAM rejected by account configuration: %.200s", -@@ -184,10 +192,9 @@ - } - - pam_retval = pam_open_session((pam_handle_t *)pamh, 0); -- if (pam_retval != PAM_SUCCESS) { -+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD)) - fatal("PAM session setup failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); -- } - } - - /* Set PAM credentials */ -@@ -197,10 +204,9 @@ - - debug("PAM establishing creds"); - pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED); -- if (pam_retval != PAM_SUCCESS) { -+ if ((pam_retval != PAM_SUCCESS) && (pam_retval != PAM_NEW_AUTHTOK_REQD)) - fatal("PAM setcred failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); -- } - } - - /* Cleanly shutdown PAM */ diff --git a/openssh-buffer_c_overflow.patch b/openssh-buffer_c_overflow.patch deleted file mode 100644 index 206d092..0000000 --- a/openssh-buffer_c_overflow.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- 1/buffer.c~ Tue Sep 16 16:18:17 2003 -+++ 1/buffer.c Tue Sep 16 16:26:59 2003 -@@ -69,6 +69,7 @@ - void * - buffer_append_space(Buffer *buffer, u_int len) - { -+ u_int newlen; - void *p; - - /* If the buffer is empty, start using it from the beginning. */ -@@ -95,8 +96,11 @@ - goto restart; - } - /* Increase the size of the buffer and retry. */ -- buffer->alloc += len + 32768; -- buffer->buf = xrealloc(buffer->buf, buffer->alloc); -+ newlen = buffer->alloc + len + 32768; -+ if (newlen > 0xa00000) -+ fatal("buffer_append_space: alloc %u not supported", newlen); -+ buffer->buf = xrealloc(buffer->buf, newlen); -+ buffer->alloc = newlen; - goto restart; - /* NOTREACHED */ - } diff --git a/openssh-pam-age.patch b/openssh-pam-age.patch deleted file mode 100644 index 78aeb63..0000000 --- a/openssh-pam-age.patch +++ /dev/null @@ -1,168 +0,0 @@ -diff -ur openssh-3.2.3p1/auth-pam.c openssh-3.2.3p1.new/auth-pam.c ---- openssh-3.2.3p1/auth-pam.c Wed May 8 04:27:56 2002 -+++ openssh-3.2.3p1.new/auth-pam.c Fri Jun 28 14:48:26 2002 -@@ -59,6 +59,7 @@ - static int password_change_required = 0; - /* remember whether the last pam_authenticate() succeeded or not */ - static int was_authenticated = 0; -+static int acct_mgmt_retval = -1; - - /* Remember what has been initialised */ - static int session_opened = 0; -@@ -72,10 +73,40 @@ - } - - /* start an authentication run */ --int do_pam_authenticate(int flags) -+int do_pam_authenticate(int flags, int can_age_pw_here) - { - int retval = pam_authenticate(__pamh, flags); -+ -+ was_authenticated = (retval == PAM_SUCCESS); -+ if (retval != PAM_SUCCESS) -+ return retval; -+ -+ acct_mgmt_retval = pam_acct_mgmt(__pamh, 0); -+ -+ if (acct_mgmt_retval == PAM_SUCCESS) -+ return PAM_SUCCESS; -+ -+ was_authenticated = 0; -+ if (acct_mgmt_retval != PAM_NEW_AUTHTOK_REQD) -+ return acct_mgmt_retval; -+ -+ /* (acct_mgmt_retval == PAM_NEW_AUTHTOK_REQD) */ -+ /* PAM auth token (password) is expired */ -+ -+ /* -+ * USERAUTH_PASSWORD_CHANGEREQ is not currently -+ * supported. Password aged users using password -+ * userauth are thrown out here. -+ */ -+ if (!can_age_pw_here) -+ return PAM_NEW_AUTHTOK_REQD; -+ -+ debug("do_pam_authenticate() - doing password aging"); -+ retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); - was_authenticated = (retval == PAM_SUCCESS); -+ if (retval == PAM_SUCCESS) -+ acct_mgmt_retval = PAM_SUCCESS; -+ - return retval; - } - -@@ -220,7 +251,8 @@ - - pamstate = INITIAL_LOGIN; - pam_retval = do_pam_authenticate( -- options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); -+ options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0, -+ 0); - if (pam_retval == PAM_SUCCESS) { - debug("PAM Password authentication accepted for " - "user \"%.100s\"", pw->pw_name); -@@ -248,19 +280,22 @@ - PAM_STRERROR(__pamh, pam_retval)); - } - -- pam_retval = pam_acct_mgmt(__pamh, 0); -+ /* do_pam_authenticate() may have called pam_acct_mgmt() already */ -+ pam_retval = acct_mgmt_retval; - debug2("pam_acct_mgmt() = %d", pam_retval); -+ if (pam_retval == -1) -+ pam_retval = pam_acct_mgmt(__pamh, 0); -+ - switch (pam_retval) { - case PAM_SUCCESS: - /* This is what we want */ - break; --#if 0 - case PAM_NEW_AUTHTOK_REQD: - message_cat(&__pam_msg, NEW_AUTHTOK_MSG); - /* flag that password change is necessary */ - password_change_required = 1; -+ return(0); /* Sorry, no TTY password aging */ - break; --#endif - default: - log("PAM rejected by account configuration[%d]: " - "%.200s", pam_retval, PAM_STRERROR(__pamh, -@@ -324,27 +359,6 @@ - return password_change_required; - } - --/* -- * Have user change authentication token if pam_acct_mgmt() indicated -- * it was expired. This needs to be called after an interactive -- * session is established and the user's pty is connected to -- * stdin/stout/stderr. -- */ --void do_pam_chauthtok(void) --{ -- int pam_retval; -- -- do_pam_set_conv(&conv); -- -- if (password_change_required) { -- pamstate = OTHER; -- pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); -- if (pam_retval != PAM_SUCCESS) -- fatal("PAM pam_chauthtok failed[%d]: %.200s", -- pam_retval, PAM_STRERROR(__pamh, pam_retval)); -- } --} -- - /* Cleanly shutdown PAM */ - void finish_pam(void) - { -diff -ur openssh-3.2.3p1/auth-pam.h openssh-3.2.3p1.new/auth-pam.h ---- openssh-3.2.3p1/auth-pam.h Thu Apr 4 21:02:28 2002 -+++ openssh-3.2.3p1.new/auth-pam.h Fri Jun 28 14:46:18 2002 -@@ -9,13 +9,12 @@ - void finish_pam(void); - int auth_pam_password(Authctxt *authctxt, const char *password); - char **fetch_pam_environment(void); --int do_pam_authenticate(int flags); -+int do_pam_authenticate(int flags, int can_age_pw_here); - int do_pam_account(char *username, char *remote_user); - void do_pam_session(char *username, const char *ttyname); - void do_pam_setcred(int init); - void print_pam_messages(void); - int is_pam_password_change_required(void); --void do_pam_chauthtok(void); - void do_pam_set_conv(struct pam_conv *); - void message_cat(char **p, const char *a); - -diff -ur openssh-3.2.3p1/auth2-pam.c openssh-3.2.3p1.new/auth2-pam.c ---- openssh-3.2.3p1/auth2-pam.c Fri Jun 28 14:48:46 2002 -+++ openssh-3.2.3p1.new/auth2-pam.c Fri Jun 28 14:46:18 2002 -@@ -42,7 +42,7 @@ - - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, - &input_userauth_info_response_pam); -- retval = (do_pam_authenticate(0) == PAM_SUCCESS); -+ retval = (do_pam_authenticate(0, 1) == PAM_SUCCESS); - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); - - return retval; -diff -ur openssh-3.2.3p1/session.c openssh-3.2.3p1.new/session.c ---- openssh-3.2.3p1/session.c Mon May 13 02:48:58 2002 -+++ openssh-3.2.3p1.new/session.c Fri Jun 28 14:46:18 2002 -@@ -645,17 +645,6 @@ - options.verify_reverse_mapping), - (struct sockaddr *)&from); - --#ifdef USE_PAM -- /* -- * If password change is needed, do it now. -- * This needs to occur before the ~/.hushlogin check. -- */ -- if (is_pam_password_change_required()) { -- print_pam_messages(); -- do_pam_chauthtok(); -- } --#endif -- - if (check_quietlogin(s, command)) - return; - diff --git a/openssh-pam-limits.patch b/openssh-pam-limits.patch deleted file mode 100644 index 8582e37..0000000 --- a/openssh-pam-limits.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff -ur openssh-3.2.3p1.orig/session.c openssh-3.2.3p1/session.c ---- openssh-3.2.3p1.orig/session.c Mon May 13 02:48:58 2002 -+++ openssh-3.2.3p1/session.c Thu May 30 21:33:40 2002 -@@ -340,6 +340,44 @@ - } - } - -+struct _user_limits_struct { -+ int supported; -+ struct rlimit limit; -+}; -+ -+static int _save_limits(struct _user_limits_struct *pl) -+{ -+ int i, r; -+ int retval = 0; -+ -+ for(i = 0; i < RLIM_NLIMITS; i++) { -+ pl[i].supported = 0; -+ pl[i].limit.rlim_cur = RLIM_INFINITY; -+ pl[i].limit.rlim_max = RLIM_INFINITY; -+ r = getrlimit(i, &pl[i].limit); -+ if (r == -1) { -+ if (errno != EINVAL) { -+ retval = -1; -+ } -+ } else { -+ pl[i].supported = 1; -+ } -+ } -+ -+ return retval; -+} -+ -+static void _restore_limits(struct _user_limits_struct *pl) -+{ -+ int i; -+ int status; -+ -+ for (i=0; ipw->pw_name, NULL); - do_pam_setcred(1); - if (is_pam_password_change_required()) -@@ -430,6 +472,9 @@ - do_child(s, command); - /* NOTREACHED */ - } -+#if defined(USE_PAM) -+ _restore_limits(pl); -+#endif /* USE_PAM */ - #ifdef HAVE_CYGWIN - if (is_winnt) - cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); -@@ -481,6 +526,9 @@ - { - int fdout, ptyfd, ttyfd, ptymaster; - pid_t pid; -+#if defined(USE_PAM) -+ struct _user_limits_struct pl[RLIM_NLIMITS]; -+#endif /* USE_PAM */ - - if (s == NULL) - fatal("do_exec_pty: no session"); -@@ -488,6 +536,7 @@ - ttyfd = s->ttyfd; - - #if defined(USE_PAM) -+ _save_limits(pl); - do_pam_session(s->pw->pw_name, s->tty); - do_pam_setcred(1); - #endif -@@ -528,6 +577,9 @@ - do_child(s, command); - /* NOTREACHED */ - } -+#if defined(USE_PAM) -+ _restore_limits(pl); -+#endif /* USE_PAM */ - #ifdef HAVE_CYGWIN - if (is_winnt) - cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); diff --git a/openssh-pam_chauthtok.patch b/openssh-pam_chauthtok.patch deleted file mode 100644 index 99c25e1..0000000 --- a/openssh-pam_chauthtok.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- openssh-3.7.1p1/auth-pam.c~ Tue Sep 16 08:00:52 2003 -+++ openssh-3.7.1p1/auth-pam.c Thu Sep 18 17:25:02 2003 -@@ -599,6 +599,8 @@ - pam_chauthtok_conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) - { -+ return misc_conv(n, msg, resp, data); -+#if 0 - char input[PAM_MAX_MSG_SIZE]; - int i; - -@@ -635,6 +637,7 @@ - xfree(*resp); - *resp = NULL; - return (PAM_CONV_ERR); -+#endif - } - - /* diff --git a/openssh-session-keepalive.patch b/openssh-session-keepalive.patch deleted file mode 100644 index 3bf6107..0000000 --- a/openssh-session-keepalive.patch +++ /dev/null @@ -1,167 +0,0 @@ -diff -Nur openssh-3.2.3p1.orig/clientloop.c openssh-3.2.3p1-alive/clientloop.c ---- openssh-3.2.3p1.orig/clientloop.c Tue Apr 23 13:09:46 2002 -+++ openssh-3.2.3p1-alive/clientloop.c Sun Oct 13 18:32:06 2002 -@@ -321,6 +321,9 @@ - client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, - int *maxfdp, int *nallocp, int rekeying) - { -+ struct timeval tv, *tvp; -+ int ret; -+ - /* Add any selections by the channel mechanism. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); - -@@ -362,13 +365,30 @@ - /* - * Wait for something to happen. This will suspend the process until - * some selected descriptor can be read, written, or has some other -- * event pending. Note: if you want to implement SSH_MSG_IGNORE -- * messages to fool traffic analysis, this might be the place to do -- * it: just have a random timeout for the select, and send a random -- * SSH_MSG_IGNORE packet when the timeout expires. -+ * event pending. -+ * Set a random timeout for the select, and send a random SSH_MSG_IGNORE -+ * packet when the timeout expires to fool traffic analysis. - */ - -- if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) { -+ if (options.bogus_traffic_interval_max) { -+ u_int32_t rand = arc4random(); -+ u_int64_t timeusec; -+ static u_int64_t timebase = 0; -+ -+ if (!timebase) -+ timebase = (options.bogus_traffic_interval_max - -+ options.bogus_traffic_interval_min) * 1000000; -+ timeusec = timebase * rand / 0xffffffffUL; -+ timeusec += options.bogus_traffic_interval_min * 1000000; -+ tv.tv_sec = timeusec / 1000000; -+ tv.tv_usec = timeusec % 1000000; -+ tvp = &tv; -+ debug2("Will send SSH_MSG_IGNORE in %lu.%lu s", tv.tv_sec, tv.tv_usec); -+ } -+ else tvp = NULL; -+ -+ ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); -+ if (ret < 0) { - char buf[100]; - - /* -@@ -386,6 +406,12 @@ - buffer_append(&stderr_buffer, buf, strlen(buf)); - quit_pending = 1; - } -+ else if (ret == 0) { /* timeout */ -+ u_int32_t rand = arc4random(); -+ packet_send_ignore((rand & 0x3f) + 1); -+ packet_send(); -+ packet_write_wait(); -+ } - } - - static void -diff -Nur openssh-3.2.3p1.orig/readconf.c openssh-3.2.3p1-alive/readconf.c ---- openssh-3.2.3p1.orig/readconf.c Tue Feb 5 02:26:35 2002 -+++ openssh-3.2.3p1-alive/readconf.c Sun Oct 13 17:57:46 2002 -@@ -115,7 +115,8 @@ - oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, - oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, - oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, -- oClearAllForwardings, oNoHostAuthenticationForLocalhost -+ oClearAllForwardings, oNoHostAuthenticationForLocalhost, -+ oBogusTrafficIntervalMax, oBogusTrafficIntervalMin - } OpCodes; - - /* Textual representations of the tokens. */ -@@ -178,6 +179,8 @@ - { "compression", oCompression }, - { "compressionlevel", oCompressionLevel }, - { "keepalive", oKeepAlives }, -+ { "BogusTrafficIntervalMax", oBogusTrafficIntervalMax }, -+ { "BogusTrafficIntervalMin", oBogusTrafficIntervalMin }, - { "numberofpasswordprompts", oNumberOfPasswordPrompts }, - { "loglevel", oLogLevel }, - { "dynamicforward", oDynamicForward }, -@@ -420,6 +423,42 @@ - intptr = &options->no_host_authentication_for_localhost; - goto parse_flag; - -+ case oBogusTrafficIntervalMax: -+ intptr = &options->bogus_traffic_interval_max; -+ arg = strdelim(&s); -+ if (!arg || *arg == '\0') -+ fatal("%.200s line %d: Missing argument.", filename, linenum); -+ if (arg[0] < '0' || arg[0] > '9') -+ fatal("%.200s line %d: Bad number.", filename, linenum); -+ -+ /* Octal, decimal, or hex format? */ -+ value = strtol(arg, &endofnumber, 0); -+ if (arg == endofnumber) -+ fatal("%.200s line %d: Bad number.", filename, linenum); -+ if (*activep && *intptr == -1) -+ *intptr = value; -+ if (options->bogus_traffic_interval_min >= value) -+ fatal("%.200s line %d: Bad value.", filename, linenum); -+ break; -+ -+ case oBogusTrafficIntervalMin: -+ intptr = &options->bogus_traffic_interval_min; -+ arg = strdelim(&s); -+ if (!arg || *arg == '\0') -+ fatal("%.200s line %d: Missing argument.", filename, linenum); -+ if (arg[0] < '0' || arg[0] > '9') -+ fatal("%.200s line %d: Bad number.", filename, linenum); -+ -+ /* Octal, decimal, or hex format? */ -+ value = strtol(arg, &endofnumber, 0); -+ if (arg == endofnumber) -+ fatal("%.200s line %d: Bad number.", filename, linenum); -+ if (*activep && *intptr == -1) -+ *intptr = value; -+ if (options->bogus_traffic_interval_max <= value) -+ fatal("%.200s line %d: Bad value.", filename, linenum); -+ break; -+ - case oNumberOfPasswordPrompts: - intptr = &options->number_of_password_prompts; - goto parse_int; -@@ -772,6 +811,8 @@ - options->strict_host_key_checking = -1; - options->compression = -1; - options->keepalives = -1; -+ options->bogus_traffic_interval_max = -1; -+ options->bogus_traffic_interval_min = -1; - options->compression_level = -1; - options->port = -1; - options->connection_attempts = -1; -@@ -863,6 +904,10 @@ - options->compression = 0; - if (options->keepalives == -1) - options->keepalives = 1; -+ if (options->bogus_traffic_interval_max == -1) -+ options->bogus_traffic_interval_max = 0; -+ if (options->bogus_traffic_interval_min == -1) -+ options->bogus_traffic_interval_min = 0; - if (options->compression_level == -1) - options->compression_level = 6; - if (options->port == -1) -diff -Nur openssh-3.2.3p1.orig/readconf.h openssh-3.2.3p1-alive/readconf.h ---- openssh-3.2.3p1.orig/readconf.h Tue Mar 5 02:53:05 2002 -+++ openssh-3.2.3p1-alive/readconf.h Sun Oct 13 19:09:02 2002 -@@ -63,6 +63,16 @@ - int compression_level; /* Compression level 1 (fast) to 9 - * (best). */ - int keepalives; /* Set SO_KEEPALIVE. */ -+ int bogus_traffic_interval_max;/* -+ * max time value of SSH_MSG_IGNORE -+ * interval -+ */ -+ int bogus_traffic_interval_min;/* -+ * min time value of SSH_MSG_IGNORE -+ * interval -+ */ -+ int pam_authentication_via_kbd_int; -+ - LogLevel log_level; /* Level for logging. */ - - int port; /* Port to connect. */ diff --git a/openssh-set_12.patch b/openssh-set_12.patch deleted file mode 100644 index 5aca3c3..0000000 --- a/openssh-set_12.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- openssh-3.3p1/scp.c.orig Fri Jun 21 02:41:52 2002 -+++ openssh-3.3p1/scp.c Sun Jun 23 21:29:30 2002 -@@ -233,9 +233,11 @@ - addargs(&args, "-oClearAllForwardings yes"); - - fflag = tflag = 0; -- while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1) -+ while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q1246S:o:F:")) != -1) - switch (ch) { - /* User-visible flags. */ -+ case '1': -+ case '2': - case '4': - case '6': - case 'C': -@@ -955,7 +957,7 @@ - usage(void) - { - (void) fprintf(stderr, -- "usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n" -+ "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n" - " [-c cipher] [-i identity] [-o option]\n" - " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); - exit(1); ---- openssh-2.9.9p2/scp.1.orig Tue Sep 18 07:56:57 2001 -+++ openssh-2.9.9p2/scp.1 Fri Sep 28 05:30:54 2001 -@@ -19,7 +19,7 @@ - .Nd secure copy (remote file copy program) - .Sh SYNOPSIS - .Nm scp --.Op Fl pqrvBC46 -+.Op Fl pqrvBC1246 - .Op Fl F Ar ssh_config - .Op Fl S Ar program - .Op Fl P Ar port -@@ -125,6 +125,14 @@ - command-line flag. For example, forcing the use of protocol - version 1 is specified using - .Ic scp -oProtocol=1 . -+.It Fl 1 -+Forces -+.Nm -+to use SSH1 only. -+.It Fl 2 -+Forces -+.Nm -+to use SSH2 only. - .It Fl 4 - Forces - .Nm -- 2.44.0