rtyler
/
pkgsrc-wip
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

openssh8: remove INTERIX related patches. 

They make updating difficult, and I doubt we have real world interix
users. It's likely bitrotted.

Don't do our own assumptions that unistd.h is not available, more than
upstream - I suspect all pkgsrc systems have it.

For upstreaming, we'll need to rationalize a system that exists and
can build openssh. I don't know of one, let's drop this.
This commit is contained in:
coypu 2019-05-01 20:28:53 +03:00
parent 554a43f4ec
commit 854f67d5f6
11 changed files with 5 additions and 363 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openssh/distinfo
View File

@ -5,25 +5,18 @@ RMD160 (openssh-8.0p1.tar.gz) = 9c0d0d97a5f9f97329bf334725dfbad53576d612
SHA512 (openssh-8.0p1.tar.gz) = e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
Size (openssh-8.0p1.tar.gz) = 1597697 bytes
SHA1 (patch-Makefile.in) = 13502b825c13c98b2ba3b84ff4bae9aa664b76b1
SHA1 (patch-auth-passwd.c) = f2906091185c84d0dbb26e6b8fa0de30934816bd
SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
SHA1 (patch-auth.c) = ec68a8a66b9838ba136f8181b93eb38f5b3d3249
SHA1 (patch-auth2.c) = c57e5fe3d6fed73e6b26a8e4e4c63f36d8e20535
SHA1 (patch-auth.c) = 194e3293fdc18b93014041d379d57df172716e1c
SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e
SHA1 (patch-config.h.in) = 926507ea281568e06385e16cbd3c8b907f2baa3f
SHA1 (patch-configure.ac) = 4500549c9b85eb5502101f1043ccb85154df04b7
SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4
SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda
SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c
SHA1 (patch-loginrec.c) = 77a925b43967c0e6f4a984faa98d2b635b64e0a8
SHA1 (patch-openbsd-compat_bsd-openpty.c) = 80e076a18a0f9ba211ecd4bc5853ce01899568ae
SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4
SHA1 (patch-openbsd-compat_port-tun.c) = 4b1b55b7fdc319e011d249ee336301b17a589228
SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
SHA1 (patch-session.c) = 2538d6f825bff1be325207285cdfac89f73ff264
SHA1 (patch-sftp-common.c) = bd3c726c056116da7673fb4649e5e7afa9db9ec3
SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
SHA1 (patch-sshd.c) = 4dfe5ff525617d5d3743672f14811213eb5b6635
SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
SHA1 (patch-uidswap.c) = 6c68624cfd6ff3c2386008ff336c4d7da78195f4
SHA1 (patch-sshd.c) = 825eeec13608859852f4cfdeaceedce21bd2f164

27
openssh/patches/patch-auth-passwd.c
View File

@ -1,27 +0,0 @@
$NetBSD: patch-auth-passwd.c,v 1.5 2019/01/18 20:13:37 tnn Exp $
Replace uid 0 with ROOTUID macro
--- auth-passwd.c.orig 2018-10-17 00:01:20.000000000 +0000
+++ auth-passwd.c
@@ -87,7 +87,7 @@ auth_password(struct ssh *ssh, const cha
return 0;
#ifndef HAVE_CYGWIN
- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ if (pw->pw_uid == ROOTUID && options.permit_root_login != PERMIT_YES)
ok = 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
@@ -122,7 +122,11 @@ auth_password(struct ssh *ssh, const cha
authctxt->force_pwchange = 1;
}
#endif
+#ifdef HAVE_INTERIX
+ result = (!setuser(pw->pw_name, password, SU_CHECK));
+#else
result = sys_auth_passwd(ssh, password);
+#endif
if (authctxt->force_pwchange)
auth_restrict_session(ssh);
return (result && ok);

33
openssh/patches/patch-auth-rhosts.c
View File

@ -1,33 +0,0 @@
$NetBSD: patch-auth-rhosts.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
Replace uid 0 with ROOTUID macro
--- auth-rhosts.c.orig 2015-08-21 04:49:03.000000000 +0000
+++ auth-rhosts.c
@@ -242,7 +242,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
* If not logging in as superuser, try /etc/hosts.equiv and
* shosts.equiv.
*/
- if (pw->pw_uid == 0)
+ if (pw->pw_uid == ROOTUID)
debug3("%s: root user, ignoring system hosts files", __func__);
else {
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
@@ -271,7 +271,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
return 0;
}
if (options.strict_modes &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
logit("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
@@ -298,7 +298,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
* allowing access to their account by anyone.
*/
if (options.strict_modes &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
pw->pw_name, buf);

10
openssh/patches/patch-auth.c
View File

@ -1,21 +1,11 @@
$NetBSD: patch-auth.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
* Replace uid 0 with ROOTUID macro.
* Use login_getpwclass() instead of login_getclass() so that the root
vs. default login class distinction is made correctly, from FrrrBSD's
ports.
--- auth.c.orig 2019-05-01 11:28:52.028281617 +0000
+++ auth.c
@@ -472,7 +472,7 @@ check_key_in_hostfiles(struct passwd *pw
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
logit("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
@@ -599,7 +599,7 @@ getpwnamallow(struct ssh *ssh, const cha
if (!allowed_user(ssh, pw))
return (NULL);

15
openssh/patches/patch-auth2.c
View File

@ -1,15 +0,0 @@
$NetBSD: patch-auth2.c,v 1.7 2019/01/18 20:13:37 tnn Exp $
Replace uid 0 with ROOTUID macro
--- auth2.c.orig 2018-10-17 00:01:20.000000000 +0000
+++ auth2.c
@@ -352,7 +352,7 @@ userauth_finish(struct ssh *ssh, int aut
fatal("INTERNAL ERROR: authenticated and postponed");
/* Special handling for root */
- if (authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
!auth_root_allowed(ssh, method)) {
authenticated = 0;
#ifdef SSH_AUDIT_EVENTS

11
openssh/patches/patch-loginrec.c
View File

@ -4,17 +4,6 @@ Interix support and related fixes. Fix build on FreeBSD.
--- loginrec.c.orig 2015-08-21 04:49:03.000000000 +0000
+++ loginrec.c
@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con
int
login_write(struct logininfo *li)
{
-#ifndef HAVE_CYGWIN
- if (geteuid() != 0) {
+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
+ if (geteuid() != ROOTUID) {
logit("Attempt to write login records by non-root user (aborting)");
return (1);
}
@@ -441,7 +441,7 @@ login_write(struct logininfo *li)
/* set the timestamp */

65
openssh/patches/patch-session.c
View File

@ -1,65 +0,0 @@
$NetBSD: patch-session.c,v 1.9 2019/01/18 20:13:37 tnn Exp $
* Interix support.
--- session.c.orig 2018-10-17 00:01:20.000000000 +0000
+++ session.c
@@ -959,7 +959,7 @@ read_etc_default_login(char ***env, u_in
if (tmpenv == NULL)
return;
- if (uid == 0)
+ if (uid == ROOTUID)
var = child_get_env(tmpenv, "SUPATH");
else
var = child_get_env(tmpenv, "PATH");
@@ -1077,7 +1077,7 @@ do_setup_env(struct ssh *ssh, Session *s
# endif /* HAVE_ETC_DEFAULT_LOGIN */
if (path == NULL || *path == '\0') {
child_set_env(&env, &envsize, "PATH",
- s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
+ s->pw->pw_uid == ROOTUID ? SUPERUSER_PATH : _PATH_STDPATH);
}
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
@@ -1209,6 +1209,17 @@ do_setup_env(struct ssh *ssh, Session *s
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);
+#ifdef HAVE_INTERIX
+ {
+ /* copy standard Windows environment, then apply changes */
+ env_t *winenv = env_login(pw);
+ env_putarray(winenv, env, ENV_OVERRIDE);
+
+ /* swap over to altered environment as a traditional array */
+ env = env_array(winenv);
+ }
+#endif
+
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
@@ -1400,11 +1411,13 @@ do_setusercontext(struct passwd *pw)
perror("setgid");
exit(1);
}
+# if !defined(HAVE_INTERIX)
/* Initialize the group list. */
if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
perror("initgroups");
exit(1);
}
+# endif /* !HAVE_INTERIX */
endgrent();
#endif
@@ -2275,7 +2288,7 @@ session_pty_cleanup2(Session *s)
record_logout(s->pid, s->tty, s->pw->pw_name);
/* Release the pseudo-tty. */
- if (getuid() == 0)
+ if (getuid() == ROOTUID)
pty_release(s->tty);
/*

14
openssh/patches/patch-sftp-common.c
View File

@ -1,14 +0,0 @@
$NetBSD$
--- sftp-common.c.orig 2019-04-17 22:52:57.000000000 +0000
+++ sftp-common.c
@@ -36,7 +36,9 @@
#include <string.h>
#include <time.h>
#include <stdarg.h>
+#ifdef HAVE_UNISTD_H
#include <unistd.h>
+#endif
#ifdef HAVE_UTIL_H
#include <util.h>
#endif

79
openssh/patches/patch-sshd.c
View File

@ -16,35 +16,7 @@ $NetBSD$
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -235,7 +242,11 @@ static int *startup_flags = NULL; /* Ind
static int startup_pipe = -1; /* in child */
/* variables used for privilege separation */
+#ifdef HAVE_INTERIX
+int use_privsep = 0;
+#else
int use_privsep = -1;
+#endif
struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1;
static int privsep_chroot = 1;
@@ -467,10 +478,15 @@ privsep_preauth_child(void)
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
(u_int)privsep_pw->pw_gid);
+#ifdef HAVE_INTERIX
+ if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE))
+ fatal("setuser: %.100s", strerror(errno));
+#else
gidset[0] = privsep_pw->pw_gid;
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(privsep_pw);
+#endif /* HAVE_INTERIX */
}
}
@@ -534,10 +550,17 @@ privsep_preauth(struct ssh *ssh)
@@ -534,10 +541,17 @@ privsep_preauth(struct ssh *ssh)
/* Arrange for logging to be sent to the monitor */
set_log_handler(mm_log_handler, pmonitor);
@ -62,54 +34,7 @@ $NetBSD$
return 0;
}
@@ -549,7 +572,7 @@ privsep_postauth(struct ssh *ssh, Authct
#ifdef DISABLE_FD_PASSING
if (1) {
#else
- if (authctxt->pw->pw_uid == 0) {
+ if (authctxt->pw->pw_uid == ROOTUID) {
#endif
/* File descriptor passing is broken or root login */
use_privsep = 0;
@@ -1454,7 +1477,7 @@ main(int ac, char **av)
av = saved_argv;
#endif
- if (geteuid() == 0 && setgroups(0, NULL) == -1)
+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -1686,7 +1709,7 @@ main(int ac, char **av)
);
/* Store privilege separation user for later use if required. */
- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
+ privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID);
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
if (privsep_chroot || options.kerberos_authentication)
fatal("Privilege separation user %s does not exist",
@@ -1830,7 +1853,7 @@ main(int ac, char **av)
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
@@ -1858,8 +1881,10 @@ main(int ac, char **av)
* to create a file, and we can't control the code in every
* module which might be used).
*/
+#ifndef HAVE_INTERIX
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
+#endif
if (rexec_flag) {
if (rexec_argc < 0)
@@ -2053,6 +2078,25 @@ main(int ac, char **av)
@@ -2053,6 +2067,25 @@ main(int ac, char **av)
audit_connection_from(remote_ip, remote_port);
#endif

24
openssh/patches/patch-sshpty.c
View File

@ -1,24 +0,0 @@
$NetBSD: patch-sshpty.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
Replace uid 0 with ROOTUID macro
--- sshpty.c.orig 2015-08-21 04:49:03.000000000 +0000
+++ sshpty.c
@@ -86,7 +86,7 @@ void
pty_release(const char *tty)
{
#if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY)
- if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
+ if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0)
error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
if (chmod(tty, (mode_t) 0666) < 0)
error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
@@ -215,7 +215,7 @@ pty_setowner(struct passwd *pw, const ch
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(tty, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
- (st.st_uid == pw->pw_uid || st.st_uid == 0))
+ (st.st_uid == pw->pw_uid || st.st_uid == ROOTUID))
debug("chown(%.100s, %u, %u) failed: %.100s",
tty, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));

77
openssh/patches/patch-uidswap.c
View File

@ -1,77 +0,0 @@
$NetBSD: patch-uidswap.c,v 1.6 2019/01/18 20:13:37 tnn Exp $
Interix support
--- uidswap.c.orig 2018-10-17 00:01:20.000000000 +0000
+++ uidswap.c
@@ -68,13 +68,13 @@ temporarily_use_uid(struct passwd *pw)
(u_int)pw->pw_uid, (u_int)pw->pw_gid,
(u_int)saved_euid, (u_int)saved_egid);
#ifndef HAVE_CYGWIN
- if (saved_euid != 0) {
+ if (saved_euid != ROOTUID) {
privileged = 0;
return;
}
#endif
#else
- if (geteuid() != 0) {
+ if (geteuid() != ROOTUID) {
privileged = 0;
return;
}
@@ -98,10 +98,11 @@ temporarily_use_uid(struct passwd *pw)
/* set and save the user's groups */
if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) {
+#ifndef HAVE_INTERIX
if (initgroups(pw->pw_name, pw->pw_gid) < 0)
fatal("initgroups: %s: %.100s", pw->pw_name,
strerror(errno));
-
+#endif
user_groupslen = getgroups(0, NULL);
if (user_groupslen < 0)
fatal("getgroups: %.100s", strerror(errno));
@@ -116,9 +117,11 @@ temporarily_use_uid(struct passwd *pw)
}
user_groups_uid = pw->pw_uid;
}
+#ifndef HAVE_INTERIX
/* Set the effective uid to the given (unprivileged) uid. */
if (setgroups(user_groupslen, user_groups) < 0)
fatal("setgroups: %.100s", strerror(errno));
+#endif
#ifndef SAVED_IDS_WORK_WITH_SETEUID
/* Propagate the privileged gid to all of our gids. */
if (setgid(getegid()) < 0)
@@ -166,8 +169,10 @@ restore_uid(void)
setgid(getgid());
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
+#ifndef HAVE_INTERIX
if (setgroups(saved_egroupslen, saved_egroups) < 0)
fatal("setgroups: %.100s", strerror(errno));
+#endif
temporarily_use_uid_effective = 0;
}
@@ -190,6 +195,10 @@ permanently_set_uid(struct passwd *pw)
debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if defined(HAVE_INTERIX)
+ if (setuser(pw->pw_name, NULL, SU_COMPLETE))
+ fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
+#else
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
@@ -226,6 +235,7 @@ permanently_set_uid(struct passwd *pw)
(setuid(old_uid) != -1 || seteuid(old_uid) != -1))
fatal("%s: was able to restore old [e]uid", __func__);
#endif
+#endif /* HAVE_INTERIX */
/* Verify UID drop was successful */
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {