[117114] trunk/dports/net/openssh/files
cal at macports.org
cal at macports.org
Sun Feb 16 14:12:24 PST 2014
Revision: 117114
https://trac.macports.org/changeset/117114
Author: cal at macports.org
Date: 2014-02-16 14:12:23 -0800 (Sun, 16 Feb 2014)
Log Message:
-----------
openssh: delete unused patchfiles
Some of those might still be useful, but it's such an uncommented mess that I'd rather like to start from scratch with the sources from opensource.apple.com rather than fix this mess.
Removed Paths:
-------------
trunk/dports/net/openssh/files/AJ-5229538+5383306+5446006+5567447+5806868_keychain.patch
trunk/dports/net/openssh/files/AJ-5491854-fix_unsafe_usage_of_getpwuid.patch
trunk/dports/net/openssh/files/DVG-3977221_manpage_tweaks.patch
trunk/dports/net/openssh/files/DVG-4122722+5277818_new_EA.patch
trunk/dports/net/openssh/files/DVG-4135812_add_SACLSupport_to_sshd_conf_manpage.patch
trunk/dports/net/openssh/files/DVG-4157448+4920695_corrected_UsePAM_comment.patch
trunk/dports/net/openssh/files/DVG-4212542_auth_error_logging_fix.patch
trunk/dports/net/openssh/files/DVG-4648874_preserve_EA_mtime.patch
trunk/dports/net/openssh/files/DVG-4694589_16_group_limit_fix.patch
trunk/dports/net/openssh/files/DVG-4748610+4897588_ssh-agent_via_launchd.patch
trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI.patch
trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI_for_pre-Leopard---BuildPhase.patch
trunk/dports/net/openssh/files/DVG-4920695_remove_nullok_comment_for_pre-Leopard---BuildPhase.patch
trunk/dports/net/openssh/files/DVG-5258734_pty_permission_fix.patch
trunk/dports/net/openssh/files/DVG-5462402_enable_SSH1_for_pre-Leopard---BuildPhase.patch
trunk/dports/net/openssh/files/DVG-5755519_use_GSS_C_NO_NAME_with_gss_acquire_cred.patch
trunk/dports/net/openssh/files/patch-clientloop.c.diff
trunk/dports/net/openssh/files/patch-pwdup.diff
trunk/dports/net/openssh/files/sacl.patch
Deleted: trunk/dports/net/openssh/files/AJ-5229538+5383306+5446006+5567447+5806868_keychain.patch
===================================================================
--- trunk/dports/net/openssh/files/AJ-5229538+5383306+5446006+5567447+5806868_keychain.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/AJ-5229538+5383306+5446006+5567447+5806868_keychain.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,1457 +0,0 @@
-diff -uNr ../openssh-5.0p1.orig/Makefile.in ./Makefile.in
---- ../openssh-5.0p1.orig/Makefile.in 2008-03-12 18:41:31.000000000 -0700
-+++ ./Makefile.in 2008-04-15 18:32:47.000000000 -0700
-@@ -56,6 +56,7 @@
- XAUTH_PATH=@XAUTH_PATH@
- LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
- EXEEXT=@EXEEXT@
-+KEYCHAIN_LDFLAGS=@KEYCHAIN_LDFLAGS@
-
- INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
- INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
-@@ -88,6 +89,8 @@
- loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
- audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o
-
-+KEYCHAINOBJS=keychain.o
-+
- MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
- MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
- MANTYPE = @MANTYPE@
-@@ -119,6 +122,7 @@
- $(LIBSSH_OBJS): Makefile.in config.h
- $(SSHOBJS): Makefile.in config.h
- $(SSHDOBJS): Makefile.in config.h
-+$(KEYCHAINOBJS): Makefile.in config.h
-
- .c.o:
- $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-@@ -132,8 +136,8 @@
- $(AR) rv $@ $(LIBSSH_OBJS)
- $(RANLIB) $@
-
--ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(KEYCHAINOBJS)
-+ $(LD) -o $@ $(SSHOBJS) $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
- sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
-@@ -141,11 +145,11 @@
- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
- $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
--ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
-- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(KEYCHAINOBJS)
-+ $(LD) -o $@ ssh-add.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
--ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o
-- $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o $(KEYCHAINOBJS)
-+ $(LD) -o $@ ssh-agent.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
- ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-diff -uNr ../openssh-5.0p1.orig/authfd.c ./authfd.c
---- ../openssh-5.0p1.orig/authfd.c 2006-08-31 22:38:36.000000000 -0700
-+++ ./authfd.c 2008-04-15 18:32:47.000000000 -0700
-@@ -652,6 +652,29 @@
- return decode_reply(type);
- }
-
-+/*
-+ * Adds identities using passphrases stored in the keychain. This call is not
-+ * meant to be used by normal applications.
-+ */
-+
-+int
-+ssh_add_from_keychain(AuthenticationConnection *auth)
-+{
-+ Buffer msg;
-+ int type;
-+
-+ buffer_init(&msg);
-+ buffer_put_char(&msg, SSH_AGENTC_ADD_FROM_KEYCHAIN);
-+
-+ if (ssh_request_reply(auth, &msg, &msg) == 0) {
-+ buffer_free(&msg);
-+ return 0;
-+ }
-+ type = buffer_get_char(&msg);
-+ buffer_free(&msg);
-+ return decode_reply(type);
-+}
-+
- int
- decode_reply(int type)
- {
-diff -uNr ../openssh-5.0p1.orig/authfd.h ./authfd.h
---- ../openssh-5.0p1.orig/authfd.h 2006-08-04 19:39:39.000000000 -0700
-+++ ./authfd.h 2008-04-15 18:32:47.000000000 -0700
-@@ -49,6 +49,9 @@
- #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
- #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
-
-+/* keychain */
-+#define SSH_AGENTC_ADD_FROM_KEYCHAIN 27
-+
- #define SSH_AGENT_CONSTRAIN_LIFETIME 1
- #define SSH_AGENT_CONSTRAIN_CONFIRM 2
-
-diff -uNr ../openssh-5.0p1.orig/configure ./configure
---- ../openssh-5.0p1.orig/configure 2008-04-03 03:01:50.000000000 -0700
-+++ ./configure 2008-04-15 18:32:47.000000000 -0700
-@@ -723,6 +723,7 @@
- mansubdir
- user_path
- piddir
-+KEYCHAIN_LDFLAGS
- LIBOBJS
- LTLIBOBJS'
- ac_subst_files=''
-@@ -1364,6 +1365,7 @@
- --with-bsd-auth Enable BSD auth support
- --with-pid-dir=PATH Specify location of ssh.pid file
- --with-lastlog=FILE|DIR specify lastlog location common locations
-+ --with-keychain=apple Use Mac OS X Keychain
-
- Some influential environment variables:
- CC C compiler command
-@@ -7133,6 +7135,7 @@
- #define DISABLE_FD_PASSING 1
- _ACEOF
-
-+ KEYCHAIN="apple"
- ;;
- *-*-dgux*)
- cat >>confdefs.h <<\_ACEOF
-@@ -28605,6 +28608,181 @@
- echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;}
- fi
-
-+# Check whether --with-keychain was given.
-+if test "${with_keychain+set}" = set; then
-+ withval=$with_keychain;
-+ case "$withval" in
-+ apple|no)
-+ KEYCHAIN=$withval
-+ ;;
-+ *)
-+ { { echo "$as_me:$LINENO: error: invalid keychain type: $withval" >&5
-+echo "$as_me: error: invalid keychain type: $withval" >&2;}
-+ { (exit 1); exit 1; }; }
-+ ;;
-+ esac
-+
-+
-+fi
-+
-+if test ! -z "$KEYCHAIN" -a "$KEYCHAIN" != "no"; then
-+ case "$KEYCHAIN" in
-+ apple)
-+
-+for ac_header in Security/Security.h
-+do
-+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
-+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+fi
-+ac_res=`eval echo '${'$as_ac_Header'}'`
-+ { echo "$as_me:$LINENO: result: $ac_res" >&5
-+echo "${ECHO_T}$ac_res" >&6; }
-+else
-+ # Is the header compilable?
-+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+$ac_includes_default
-+#include <$ac_header>
-+_ACEOF
-+rm -f conftest.$ac_objext
-+if { (ac_try="$ac_compile"
-+case "(($ac_try" in
-+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-+ *) ac_try_echo=$ac_try;;
-+esac
-+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-+ (eval "$ac_compile") 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } && {
-+ test -z "$ac_c_werror_flag" ||
-+ test ! -s conftest.err
-+ } && test -s conftest.$ac_objext; then
-+ ac_header_compiler=yes
-+else
-+ echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ ac_header_compiler=no
-+fi
-+
-+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-+echo "${ECHO_T}$ac_header_compiler" >&6; }
-+
-+# Is the header present?
-+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+#include <$ac_header>
-+_ACEOF
-+if { (ac_try="$ac_cpp conftest.$ac_ext"
-+case "(($ac_try" in
-+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-+ *) ac_try_echo=$ac_try;;
-+esac
-+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } >/dev/null && {
-+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-+ test ! -s conftest.err
-+ }; then
-+ ac_header_preproc=yes
-+else
-+ echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ ac_header_preproc=no
-+fi
-+
-+rm -f conftest.err conftest.$ac_ext
-+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-+echo "${ECHO_T}$ac_header_preproc" >&6; }
-+
-+# So? What about this header?
-+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-+ yes:no: )
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-+ ac_header_preproc=yes
-+ ;;
-+ no:yes:* )
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-+ ( cat <<\_ASBOX
-+## ------------------------------------------- ##
-+## Report this to openssh-unix-dev at mindrot.org ##
-+## ------------------------------------------- ##
-+_ASBOX
-+ ) | sed "s/^/$as_me: WARNING: /" >&2
-+ ;;
-+esac
-+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+else
-+ eval "$as_ac_Header=\$ac_header_preproc"
-+fi
-+ac_res=`eval echo '${'$as_ac_Header'}'`
-+ { echo "$as_me:$LINENO: result: $ac_res" >&5
-+echo "${ECHO_T}$ac_res" >&6; }
-+
-+fi
-+if test `eval echo '${'$as_ac_Header'}'` = yes; then
-+ cat >>confdefs.h <<_ACEOF
-+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-+_ACEOF
-+
-+ CPPFLAGS="$CPPFLAGS -D__APPLE_KEYCHAIN__"
-+ KEYCHAIN_LDFLAGS="-framework Security -framework CoreFoundation"
-+
-+
-+else
-+ { echo "$as_me:$LINENO: WARNING: Security framework not found. Disabling Mac OS X Keychain support." >&5
-+echo "$as_me: WARNING: Security framework not found. Disabling Mac OS X Keychain support." >&2;}
-+fi
-+
-+done
-+
-+ ;;
-+ esac
-+fi
- CFLAGS="$CFLAGS $werror_flags"
-
-
-@@ -29230,7 +29408,6 @@
- _ACEOF
-
-
--
- ac_delim='%!_!# '
- for ac_last_try in false false false false false :; do
- cat >conf$$subs.sed <<_ACEOF
-@@ -29382,11 +29559,12 @@
- mansubdir!$mansubdir$ac_delim
- user_path!$user_path$ac_delim
- piddir!$piddir$ac_delim
-+KEYCHAIN_LDFLAGS!$KEYCHAIN_LDFLAGS$ac_delim
- LIBOBJS!$LIBOBJS$ac_delim
- LTLIBOBJS!$LTLIBOBJS$ac_delim
- _ACEOF
-
-- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 12; then
-+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
- break
- elif $ac_last_try; then
- { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-diff -uNr ../openssh-5.0p1.orig/configure.ac ./configure.ac
---- ../openssh-5.0p1.orig/configure.ac 2008-03-26 18:33:07.000000000 -0700
-+++ ./configure.ac 2008-04-15 18:32:47.000000000 -0700
-@@ -594,6 +594,7 @@
- AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
- AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
- [Prepend the address family to IP tunnel traffic])
-+ KEYCHAIN="apple"
- ;;
- *-*-freebsd*)
- check_for_libcrypt_later=1
-@@ -4035,6 +4036,33 @@
- AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
- fi
-
-+dnl Keychain support
-+AC_ARG_WITH(keychain,
-+ [ --with-keychain=apple Use Mac OS X Keychain],
-+ [
-+ case "$withval" in
-+ apple|no)
-+ KEYCHAIN=$withval
-+ ;;
-+ *)
-+ AC_MSG_ERROR(invalid keychain type: $withval)
-+ ;;
-+ esac
-+ ]
-+)
-+if test ! -z "$KEYCHAIN" -a "$KEYCHAIN" != "no"; then
-+ case "$KEYCHAIN" in
-+ apple)
-+ AC_CHECK_HEADERS(Security/Security.h, [
-+ CPPFLAGS="$CPPFLAGS -D__APPLE_KEYCHAIN__"
-+ KEYCHAIN_LDFLAGS="-framework Security -framework CoreFoundation"
-+ AC_SUBST(KEYCHAIN_LDFLAGS)
-+ ],
-+ AC_MSG_WARN([Security framework not found. Disabling Mac OS X Keychain support.]))
-+ ;;
-+ esac
-+fi
-+
- dnl Adding -Werror to CFLAGS early prevents configure tests from running.
- dnl Add now.
- CFLAGS="$CFLAGS $werror_flags"
-diff -uNr ../openssh-5.0p1.orig/keychain.c ./keychain.c
---- ../openssh-5.0p1.orig/keychain.c 1969-12-31 16:00:00.000000000 -0800
-+++ ./keychain.c 2008-04-15 18:32:47.000000000 -0700
-@@ -0,0 +1,675 @@
-+/*
-+ * Copyright (c) 2007 Apple Inc. All rights reserved.
-+ *
-+ * @APPLE_BSD_LICENSE_HEADER_START@
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of its
-+ * contributors may be used to endorse or promote products derived from
-+ * this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ * @APPLE_BSD_LICENSE_HEADER_END@
-+ */
-+
-+#include "includes.h"
-+
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include "xmalloc.h"
-+#include "key.h"
-+#include "authfd.h"
-+
-+#if defined(__APPLE_KEYCHAIN__)
-+
-+#include <CoreFoundation/CoreFoundation.h>
-+#include <Security/Security.h>
-+#include <Security/SecPassword.h>
-+
-+#endif
-+
-+/*
-+ * Platform-specific helper functions.
-+ */
-+
-+#if defined(__APPLE_KEYCHAIN__)
-+
-+static int get_boolean_preference(const char *key, int default_value,
-+ int foreground)
-+{
-+ int value = default_value;
-+ CFStringRef keyRef = NULL;
-+ CFPropertyListRef valueRef = NULL;
-+
-+ keyRef = CFStringCreateWithCString(NULL, key, kCFStringEncodingUTF8);
-+ if (keyRef != NULL)
-+ valueRef = CFPreferencesCopyAppValue(keyRef,
-+ CFSTR("org.openbsd.openssh"));
-+ if (valueRef != NULL)
-+ if (CFGetTypeID(valueRef) == CFBooleanGetTypeID())
-+ value = CFBooleanGetValue(valueRef);
-+ else if (foreground)
-+ fprintf(stderr, "Ignoring nonboolean %s preference.\n", key);
-+
-+ if (keyRef)
-+ CFRelease(keyRef);
-+ if (valueRef)
-+ CFRelease(valueRef);
-+
-+ return value;
-+}
-+
-+#endif
-+
-+/*
-+ * Store the passphrase for a given identity in the keychain.
-+ */
-+void
-+store_in_keychain(const char *filename, const char *passphrase)
-+{
-+
-+#if defined(__APPLE_KEYCHAIN__)
-+
-+ /*
-+ * store_in_keychain
-+ * Mac OS X implementation
-+ */
-+
-+ CFStringRef cfstr_relative_filename = NULL;
-+ CFURLRef cfurl_relative_filename = NULL, cfurl_filename = NULL;
-+ CFStringRef cfstr_filename = NULL;
-+ CFDataRef cfdata_filename = NULL;
-+ CFIndex filename_len;
-+ UInt8 *label = NULL;
-+ UInt8 *utf8_filename;
-+ OSStatus rv;
-+ SecKeychainItemRef itemRef = NULL;
-+ SecTrustedApplicationRef apps[] = {NULL, NULL, NULL};
-+ CFArrayRef trustedlist = NULL;
-+ SecAccessRef initialAccess = NULL;
-+
-+ /* Bail out if KeychainIntegration preference is -bool NO */
-+ if (get_boolean_preference("KeychainIntegration", 1, 1) == 0) {
-+ fprintf(stderr, "Keychain integration is disabled.\n");
-+ goto err;
-+ }
-+
-+ /* Interpret filename with the correct encoding. */
-+ if ((cfstr_relative_filename =
-+ CFStringCreateWithFileSystemRepresentation(NULL, filename)) == NULL)
-+ {
-+ fprintf(stderr, "CFStringCreateWithFileSystemRepresentation failed\n");
-+ goto err;
-+ }
-+ if ((cfurl_relative_filename = CFURLCreateWithFileSystemPath(NULL,
-+ cfstr_relative_filename, kCFURLPOSIXPathStyle, false)) == NULL) {
-+ fprintf(stderr, "CFURLCreateWithFileSystemPath failed\n");
-+ goto err;
-+ }
-+ if ((cfurl_filename = CFURLCopyAbsoluteURL(cfurl_relative_filename)) ==
-+ NULL) {
-+ fprintf(stderr, "CFURLCopyAbsoluteURL failed\n");
-+ goto err;
-+ }
-+ if ((cfstr_filename = CFURLCopyFileSystemPath(cfurl_filename,
-+ kCFURLPOSIXPathStyle)) == NULL) {
-+ fprintf(stderr, "CFURLCopyFileSystemPath failed\n");
-+ goto err;
-+ }
-+ if ((cfdata_filename = CFStringCreateExternalRepresentation(NULL,
-+ cfstr_filename, kCFStringEncodingUTF8, 0)) == NULL) {
-+ fprintf(stderr, "CFStringCreateExternalRepresentation failed\n");
-+ goto err;
-+ }
-+ filename_len = CFDataGetLength(cfdata_filename);
-+ if ((label = xmalloc(filename_len + 5)) == NULL) {
-+ fprintf(stderr, "xmalloc failed\n");
-+ goto err;
-+ }
-+ memcpy(label, "SSH: ", 5);
-+ utf8_filename = label + 5;
-+ CFDataGetBytes(cfdata_filename, CFRangeMake(0, filename_len),
-+ utf8_filename);
-+
-+ /* Check if we already have this passphrase. */
-+ rv = SecKeychainFindGenericPassword(NULL, 3, "SSH", filename_len,
-+ (char *)utf8_filename, NULL, NULL, &itemRef);
-+ if (rv == errSecItemNotFound) {
-+ /* Add a new keychain item. */
-+ SecKeychainAttribute attrs[] = {
-+ {kSecLabelItemAttr, filename_len + 5, label},
-+ {kSecServiceItemAttr, 3, "SSH"},
-+ {kSecAccountItemAttr, filename_len, utf8_filename}
-+ };
-+ SecKeychainAttributeList attrList =
-+ {sizeof(attrs) / sizeof(attrs[0]), attrs};
-+ if (SecTrustedApplicationCreateFromPath("/opt/local/bin/ssh-agent",
-+ &apps[0]) != noErr ||
-+ SecTrustedApplicationCreateFromPath("/opt/local/bin/ssh-add",
-+ &apps[1]) != noErr ||
-+ SecTrustedApplicationCreateFromPath("/opt/local/bin/ssh",
-+ &apps[2]) != noErr) {
-+ fprintf(stderr, "SecTrustedApplicationCreateFromPath failed\n");
-+ goto err;
-+ }
-+ if ((trustedlist = CFArrayCreate(NULL, (const void **)apps,
-+ sizeof(apps) / sizeof(apps[0]), &kCFTypeArrayCallBacks)) ==
-+ NULL) {
-+ fprintf(stderr, "CFArrayCreate failed\n");
-+ goto err;
-+ }
-+ if (SecAccessCreate(cfstr_filename, trustedlist,
-+ &initialAccess) != noErr) {
-+ fprintf(stderr, "SecAccessCreate failed\n");
-+ goto err;
-+ }
-+ if (SecKeychainItemCreateFromContent(
-+ kSecGenericPasswordItemClass, &attrList, strlen(passphrase),
-+ passphrase, NULL, initialAccess, NULL) == noErr)
-+ fprintf(stderr, "Passphrase stored in keychain: %s\n", filename);
-+ else
-+ fprintf(stderr, "Could not create keychain item\n");
-+ } else if (rv == noErr) {
-+ /* Update an existing keychain item. */
-+ if (SecKeychainItemModifyAttributesAndData(itemRef, NULL,
-+ strlen(passphrase), passphrase) == noErr)
-+ fprintf(stderr, "Passphrase updated in keychain: %s\n", filename);
-+ else
-+ fprintf(stderr, "Could not modify keychain item\n");
-+ } else
-+ fprintf(stderr, "Could not access keychain\n");
-+
-+err: /* Clean up. */
-+ if (cfstr_relative_filename)
-+ CFRelease(cfstr_relative_filename);
-+ if (cfurl_relative_filename)
-+ CFRelease(cfurl_relative_filename);
-+ if (cfurl_filename)
-+ CFRelease(cfurl_filename);
-+ if (cfstr_filename)
-+ CFRelease(cfstr_filename);
-+ if (cfdata_filename)
-+ CFRelease(cfdata_filename);
-+ if (label)
-+ xfree(label);
-+ if (itemRef)
-+ CFRelease(itemRef);
-+ if (apps[0])
-+ CFRelease(apps[0]);
-+ if (apps[1])
-+ CFRelease(apps[1]);
-+ if (apps[2])
-+ CFRelease(apps[2]);
-+ if (trustedlist)
-+ CFRelease(trustedlist);
-+ if (initialAccess)
-+ CFRelease(initialAccess);
-+
-+#else
-+
-+ /*
-+ * store_in_keychain
-+ * no keychain implementation
-+ */
-+
-+ fprintf(stderr, "Keychain is not available on this system\n");
-+
-+#endif
-+
-+}
-+
-+/*
-+ * Remove the passphrase for a given identity from the keychain.
-+ */
-+void
-+remove_from_keychain(const char *filename)
-+{
-+
-+#if defined(__APPLE_KEYCHAIN__)
-+
-+ /*
-+ * remove_from_keychain
-+ * Mac OS X implementation
-+ */
-+
-+ CFStringRef cfstr_relative_filename = NULL;
-+ CFURLRef cfurl_relative_filename = NULL, cfurl_filename = NULL;
-+ CFStringRef cfstr_filename = NULL;
-+ CFDataRef cfdata_filename = NULL;
-+ CFIndex filename_len;
-+ const UInt8 *utf8_filename;
-+ OSStatus rv;
-+ SecKeychainItemRef itemRef = NULL;
-+
-+ /* Bail out if KeychainIntegration preference is -bool NO */
-+ if (get_boolean_preference("KeychainIntegration", 1, 1) == 0) {
-+ fprintf(stderr, "Keychain integration is disabled.\n");
-+ goto err;
-+ }
-+
-+ /* Interpret filename with the correct encoding. */
-+ if ((cfstr_relative_filename =
-+ CFStringCreateWithFileSystemRepresentation(NULL, filename)) == NULL)
-+ {
-+ fprintf(stderr, "CFStringCreateWithFileSystemRepresentation failed\n");
-+ goto err;
-+ }
-+ if ((cfurl_relative_filename = CFURLCreateWithFileSystemPath(NULL,
-+ cfstr_relative_filename, kCFURLPOSIXPathStyle, false)) == NULL) {
-+ fprintf(stderr, "CFURLCreateWithFileSystemPath failed\n");
-+ goto err;
-+ }
-+ if ((cfurl_filename = CFURLCopyAbsoluteURL(cfurl_relative_filename)) ==
-+ NULL) {
-+ fprintf(stderr, "CFURLCopyAbsoluteURL failed\n");
-+ goto err;
-+ }
-+ if ((cfstr_filename = CFURLCopyFileSystemPath(cfurl_filename,
-+ kCFURLPOSIXPathStyle)) == NULL) {
-+ fprintf(stderr, "CFURLCopyFileSystemPath failed\n");
-+ goto err;
-+ }
-+ if ((cfdata_filename = CFStringCreateExternalRepresentation(NULL,
-+ cfstr_filename, kCFStringEncodingUTF8, 0)) == NULL) {
-+ fprintf(stderr, "CFStringCreateExternalRepresentation failed\n");
-+ goto err;
-+ }
-+ filename_len = CFDataGetLength(cfdata_filename);
-+ utf8_filename = CFDataGetBytePtr(cfdata_filename);
-+
-+ /* Check if we already have this passphrase. */
-+ rv = SecKeychainFindGenericPassword(NULL, 3, "SSH", filename_len,
-+ (const char *)utf8_filename, NULL, NULL, &itemRef);
-+ if (rv == noErr) {
-+ /* Remove the passphrase from the keychain. */
-+ if (SecKeychainItemDelete(itemRef) == noErr)
-+ fprintf(stderr, "Passphrase removed from keychain: %s\n", filename);
-+ else
-+ fprintf(stderr, "Could not remove keychain item\n");
-+ } else if (rv != errSecItemNotFound)
-+ fprintf(stderr, "Could not access keychain\n");
-+
-+err: /* Clean up. */
-+ if (cfstr_relative_filename)
-+ CFRelease(cfstr_relative_filename);
-+ if (cfurl_relative_filename)
-+ CFRelease(cfurl_relative_filename);
-+ if (cfurl_filename)
-+ CFRelease(cfurl_filename);
-+ if (cfstr_filename)
-+ CFRelease(cfstr_filename);
-+ if (cfdata_filename)
-+ CFRelease(cfdata_filename);
-+ if (itemRef)
-+ CFRelease(itemRef);
-+
-+#else
-+
-+ /*
-+ * remove_from_keychain
-+ * no keychain implementation
-+ */
-+
-+ fprintf(stderr, "Keychain is not available on this system\n");
-+
-+#endif
-+
-+}
-+
-+/*
-+ * Add identities to ssh-agent using passphrases stored in the keychain.
-+ * Returns zero on success and nonzero on failure.
-+ * add_identity is a callback into ssh-agent. It takes a filename and a
-+ * passphrase, and attempts to add the identity to the agent. It returns
-+ * zero on success and nonzero on failure.
-+ */
-+int
-+add_identities_using_keychain(int (*add_identity)(const char *, const char *))
-+{
-+
-+#if defined(__APPLE_KEYCHAIN__)
-+
-+ /*
-+ * add_identities_using_keychain
-+ * Mac OS X implementation
-+ */
-+
-+ OSStatus rv;
-+ SecKeychainSearchRef searchRef;
-+ SecKeychainItemRef itemRef;
-+ UInt32 length;
-+ void *data;
-+ CFIndex maxsize;
-+
-+ /* Bail out if KeychainIntegration preference is -bool NO */
-+ if (get_boolean_preference("KeychainIntegration", 1, 0) == 0)
-+ return 0;
-+
-+ /* Search for SSH passphrases in the keychain */
-+ SecKeychainAttribute attrs[] = {
-+ {kSecServiceItemAttr, 3, "SSH"}
-+ };
-+ SecKeychainAttributeList attrList =
-+ {sizeof(attrs) / sizeof(attrs[0]), attrs};
-+ if ((rv = SecKeychainSearchCreateFromAttributes(NULL,
-+ kSecGenericPasswordItemClass, &attrList, &searchRef)) != noErr)
-+ return 0;
-+
-+ /* Iterate through the search results. */
-+ while ((rv = SecKeychainSearchCopyNext(searchRef, &itemRef)) == noErr) {
-+ UInt32 tag = kSecAccountItemAttr;
-+ UInt32 format = kSecFormatUnknown;
-+ SecKeychainAttributeInfo info = {1, &tag, &format};
-+ SecKeychainAttributeList *itemAttrList = NULL;
-+ CFStringRef cfstr_filename = NULL;
-+ char *filename = NULL;
-+ char *passphrase = NULL;
-+
-+ /* Retrieve filename and passphrase. */
-+ if ((rv = SecKeychainItemCopyAttributesAndData(itemRef, &info,
-+ NULL, &itemAttrList, &length, &data)) != noErr)
-+ goto err;
-+ if (itemAttrList->count != 1)
-+ goto err;
-+ cfstr_filename = CFStringCreateWithBytes(NULL,
-+ itemAttrList->attr->data, itemAttrList->attr->length,
-+ kCFStringEncodingUTF8, true);
-+ maxsize = CFStringGetMaximumSizeOfFileSystemRepresentation(
-+ cfstr_filename);
-+ if ((filename = xmalloc(maxsize)) == NULL)
-+ goto err;
-+ if (CFStringGetFileSystemRepresentation(cfstr_filename,
-+ filename, maxsize) == false)
-+ goto err;
-+ if ((passphrase = xmalloc(length + 1)) == NULL)
-+ goto err;
-+ memcpy(passphrase, data, length);
-+ passphrase[length] = '\0';
-+
-+ /* Add the identity. */
-+ add_identity(filename, passphrase);
-+
-+err: /* Clean up. */
-+ if (itemRef)
-+ CFRelease(itemRef);
-+ if (cfstr_filename)
-+ CFRelease(cfstr_filename);
-+ if (filename)
-+ xfree(filename);
-+ if (passphrase)
-+ xfree(passphrase);
-+ if (itemAttrList)
-+ SecKeychainItemFreeAttributesAndData(itemAttrList,
-+ data);
-+ }
-+
-+ CFRelease(searchRef);
-+
-+ return 0;
-+
-+#else
-+
-+ /*
-+ * add_identities_using_keychain
-+ * no implementation
-+ */
-+
-+ return 1;
-+
-+#endif
-+
-+}
-+
-+/*
-+ * Prompt the user for a key's passphrase. The user will be offered the option
-+ * of storing the passphrase in their keychain. Returns the passphrase
-+ * (which the caller is responsible for xfreeing), or NULL if this function
-+ * fails or is not implemented. If this function is not implemented, ssh will
-+ * fall back on the standard read_passphrase function, and the user will need
-+ * to use ssh-add -K to add their keys to the keychain.
-+ */
-+char *
-+keychain_read_passphrase(const char *filename)
-+{
-+
-+#if defined(__APPLE_KEYCHAIN__)
-+
-+ /*
-+ * keychain_read_passphrase
-+ * Mac OS X implementation
-+ */
-+
-+ CFStringRef cfstr_relative_filename = NULL;
-+ CFURLRef cfurl_relative_filename = NULL, cfurl_filename = NULL;
-+ CFStringRef cfstr_filename = NULL;
-+ CFDataRef cfdata_filename = NULL;
-+ CFIndex filename_len;
-+ UInt8 *label = NULL;
-+ UInt8 *utf8_filename;
-+ SecPasswordRef passRef = NULL;
-+ SecTrustedApplicationRef apps[] = {NULL, NULL, NULL};
-+ CFArrayRef trustedlist = NULL;
-+ SecAccessRef initialAccess = NULL;
-+ CFURLRef path = NULL;
-+ CFStringRef pathFinal = NULL;
-+ CFURLRef bundle_url = NULL;
-+ CFBundleRef bundle = NULL;
-+ CFStringRef promptTemplate = NULL, prompt = NULL;
-+ UInt32 length;
-+ const void *data;
-+ AuthenticationConnection *ac = NULL;
-+ char *result = NULL;
-+
-+ /* Bail out if KeychainIntegration preference is -bool NO */
-+ if (get_boolean_preference("KeychainIntegration", 1, 1) == 0)
-+ goto err;
-+
-+ /* Bail out if the user set AskPassGUI preference to -bool NO */
-+ if (get_boolean_preference("AskPassGUI", 1, 1) == 0)
-+ goto err;
-+
-+ /* Bail out if we can't communicate with ssh-agent */
-+ if ((ac = ssh_get_authentication_connection()) == NULL)
-+ goto err;
-+
-+ /* Interpret filename with the correct encoding. */
-+ if ((cfstr_relative_filename =
-+ CFStringCreateWithFileSystemRepresentation(NULL, filename)) == NULL)
-+ {
-+ fprintf(stderr, "CFStringCreateWithFileSystemRepresentation failed\n");
-+ goto err;
-+ }
-+ if ((cfurl_relative_filename = CFURLCreateWithFileSystemPath(NULL,
-+ cfstr_relative_filename, kCFURLPOSIXPathStyle, false)) == NULL) {
-+ fprintf(stderr, "CFURLCreateWithFileSystemPath failed\n");
-+ goto err;
-+ }
-+ if ((cfurl_filename = CFURLCopyAbsoluteURL(cfurl_relative_filename)) ==
-+ NULL) {
-+ fprintf(stderr, "CFURLCopyAbsoluteURL failed\n");
-+ goto err;
-+ }
-+ if ((cfstr_filename = CFURLCopyFileSystemPath(cfurl_filename,
-+ kCFURLPOSIXPathStyle)) == NULL) {
-+ fprintf(stderr, "CFURLCopyFileSystemPath failed\n");
-+ goto err;
-+ }
-+ if ((cfdata_filename = CFStringCreateExternalRepresentation(NULL,
-+ cfstr_filename, kCFStringEncodingUTF8, 0)) == NULL) {
-+ fprintf(stderr, "CFStringCreateExternalRepresentation failed\n");
-+ goto err;
-+ }
-+ filename_len = CFDataGetLength(cfdata_filename);
-+ if ((label = xmalloc(filename_len + 5)) == NULL) {
-+ fprintf(stderr, "xmalloc failed\n");
-+ goto err;
-+ }
-+ memcpy(label, "SSH: ", 5);
-+ utf8_filename = label + 5;
-+ CFDataGetBytes(cfdata_filename, CFRangeMake(0, filename_len),
-+ utf8_filename);
-+
-+ /* Build a SecPasswordRef. */
-+ SecKeychainAttribute searchAttrs[] = {
-+ {kSecServiceItemAttr, 3, "SSH"},
-+ {kSecAccountItemAttr, filename_len, utf8_filename}
-+ };
-+ SecKeychainAttributeList searchAttrList =
-+ {sizeof(searchAttrs) / sizeof(searchAttrs[0]), searchAttrs};
-+ SecKeychainAttribute attrs[] = {
-+ {kSecLabelItemAttr, filename_len + 5, label},
-+ {kSecServiceItemAttr, 3, "SSH"},
-+ {kSecAccountItemAttr, filename_len, utf8_filename}
-+ };
-+ SecKeychainAttributeList attrList =
-+ {sizeof(attrs) / sizeof(attrs[0]), attrs};
-+ if (SecGenericPasswordCreate(&searchAttrList, &attrList, &passRef) !=
-+ noErr) {
-+ fprintf(stderr, "SecGenericPasswordCreate failed\n");
-+ goto err;
-+ }
-+ if (SecTrustedApplicationCreateFromPath("/opt/local/bin/ssh-agent", &apps[0])
-+ != noErr ||
-+ SecTrustedApplicationCreateFromPath("/opt/local/bin/ssh-add", &apps[1])
-+ != noErr ||
-+ SecTrustedApplicationCreateFromPath("/opt/local/bin/ssh", &apps[2])
-+ != noErr) {
-+ fprintf(stderr, "SecTrustedApplicationCreateFromPath failed\n");
-+ goto err;
-+ }
-+ if ((trustedlist = CFArrayCreate(NULL, (const void **)apps,
-+ sizeof(apps) / sizeof(apps[0]), &kCFTypeArrayCallBacks)) == NULL) {
-+ fprintf(stderr, "CFArrayCreate failed\n");
-+ goto err;
-+ }
-+ if (SecAccessCreate(cfstr_filename, trustedlist, &initialAccess)
-+ != noErr) {
-+ fprintf(stderr, "SecAccessCreate failed\n");
-+ goto err;
-+ }
-+ if (SecPasswordSetInitialAccess(passRef, initialAccess) != noErr) {
-+ fprintf(stderr, "SecPasswordSetInitialAccess failed\n");
-+ goto err;
-+ }
-+
-+ /* Request the passphrase from the user. */
-+ if ((path = CFURLCreateFromFileSystemRepresentation(NULL,
-+ (UInt8 *)filename, strlen(filename), false)) == NULL) {
-+ fprintf(stderr, "CFURLCreateFromFileSystemRepresentation failed\n");
-+ goto err;
-+ }
-+ if ((pathFinal = CFURLCopyLastPathComponent(path)) == NULL) {
-+ fprintf(stderr, "CFURLCopyLastPathComponent failed\n");
-+ goto err;
-+ }
-+ if (!((bundle_url = CFURLCreateWithFileSystemPath(NULL,
-+ CFSTR("/System/Library/CoreServices/"), kCFURLPOSIXPathStyle, true))
-+ != NULL && (bundle = CFBundleCreate(NULL, bundle_url)) != NULL &&
-+ (promptTemplate = CFCopyLocalizedStringFromTableInBundle(
-+ CFSTR("Enter your password for the SSH key \"%@\"."),
-+ CFSTR("OpenSSH"), bundle, "Text of the dialog asking the user for"
-+ "their passphrase. The %@ will be replaced with the filename of a"
-+ "specific key.")) != NULL) &&
-+ (promptTemplate = CFStringCreateCopy(NULL,
-+ CFSTR("Enter your password for the SSH key \"%@\"."))) == NULL) {
-+ fprintf(stderr, "CFStringCreateCopy failed\n");
-+ goto err;
-+ }
-+ if ((prompt = CFStringCreateWithFormat(NULL, NULL, promptTemplate,
-+ pathFinal)) == NULL) {
-+ fprintf(stderr, "CFStringCreateWithFormat failed\n");
-+ goto err;
-+ }
-+ switch (SecPasswordAction(passRef, prompt,
-+ kSecPasswordGet|kSecPasswordFail, &length, &data)) {
-+ case noErr:
-+ result = xmalloc(length + 1);
-+ memcpy(result, data, length);
-+ result[length] = '\0';
-+
-+ /* Save password in keychain if requested. */
-+ if (SecPasswordAction(passRef, CFSTR(""), kSecPasswordSet,
-+ &length, &data) == noErr)
-+ ssh_add_from_keychain(ac);
-+ break;
-+ case errAuthorizationCanceled:
-+ result = xmalloc(1);
-+ *result = '\0';
-+ break;
-+ default:
-+ goto err;
-+ }
-+
-+err: /* Clean up. */
-+ if (cfstr_relative_filename)
-+ CFRelease(cfstr_relative_filename);
-+ if (cfurl_relative_filename)
-+ CFRelease(cfurl_relative_filename);
-+ if (cfurl_filename)
-+ CFRelease(cfurl_filename);
-+ if (cfstr_filename)
-+ CFRelease(cfstr_filename);
-+ if (cfdata_filename)
-+ CFRelease(cfdata_filename);
-+ if (label)
-+ xfree(label);
-+ if (passRef)
-+ CFRelease(passRef);
-+ if (apps[0])
-+ CFRelease(apps[0]);
-+ if (apps[1])
-+ CFRelease(apps[1]);
-+ if (apps[2])
-+ CFRelease(apps[2]);
-+ if (trustedlist)
-+ CFRelease(trustedlist);
-+ if (initialAccess)
-+ CFRelease(initialAccess);
-+ if (path)
-+ CFRelease(path);
-+ if (pathFinal)
-+ CFRelease(pathFinal);
-+ if (bundle_url)
-+ CFRelease(bundle_url);
-+ if (bundle)
-+ CFRelease(bundle);
-+ if (promptTemplate)
-+ CFRelease(promptTemplate);
-+ if (prompt)
-+ CFRelease(prompt);
-+ if (ac)
-+ ssh_close_authentication_connection(ac);
-+
-+ return result;
-+
-+#else
-+
-+ /*
-+ * keychain_read_passphrase
-+ * no implementation
-+ */
-+
-+ return NULL;
-+
-+#endif
-+
-+}
-diff -uNr ../openssh-5.0p1.orig/keychain.h ./keychain.h
---- ../openssh-5.0p1.orig/keychain.h 1969-12-31 16:00:00.000000000 -0800
-+++ ./keychain.h 2008-04-15 18:32:47.000000000 -0700
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (c) 2007 Apple Inc. All rights reserved.
-+ *
-+ * @APPLE_BSD_LICENSE_HEADER_START@
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of its
-+ * contributors may be used to endorse or promote products derived from
-+ * this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ * @APPLE_BSD_LICENSE_HEADER_END@
-+ */
-+
-+/*
-+ * KEYCHAIN indicates that keychain functionality is present.
-+ * KEYCHAIN_* indicates the implementation to use, and implies KEYCHAIN.
-+ */
-+#if defined(__APPLE_KEYCHAIN__)
-+#define KEYCHAIN
-+#endif
-+
-+void store_in_keychain(const char *filename, const char *passphrase);
-+void remove_from_keychain(const char *filename);
-+int add_identities_using_keychain(
-+ int (*add_identity)(const char *, const char *));
-+char *keychain_read_passphrase(const char *filename);
-diff -uNr ../openssh-5.0p1.orig/ssh-add.0 ./ssh-add.0
---- ../openssh-5.0p1.orig/ssh-add.0 2008-04-03 03:01:50.000000000 -0700
-+++ ./ssh-add.0 2008-04-15 18:35:24.000000000 -0700
-@@ -1,10 +1,10 @@
- SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1)
-
- NAME
-- ssh-add - adds RSA or DSA identities to the authentication agent
-+ ssh-add -- adds RSA or DSA identities to the authentication agent
-
- SYNOPSIS
-- ssh-add [-cDdLlXx] [-t life] [file ...]
-+ ssh-add [-cDdLlXxKk] [-t life] [file ...]
- ssh-add -s reader
- ssh-add -e reader
-
-@@ -58,6 +58,13 @@
-
- -x Lock the agent with a password.
-
-+ -K When adding identities, each passphrase will also be stored in
-+ your keychain. When removing identities with -d, each passphrase
-+ will be removed from your keychain.
-+
-+ -k Add identities to the agent using any passphrases stored in your
-+ keychain.
-+
- ENVIRONMENT
- DISPLAY and SSH_ASKPASS
- If ssh-add needs a passphrase, it will read the passphrase from
-diff -uNr ../openssh-5.0p1.orig/ssh-add.1 ./ssh-add.1
---- ../openssh-5.0p1.orig/ssh-add.1 2007-06-12 07:00:27.000000000 -0700
-+++ ./ssh-add.1 2008-04-15 18:32:47.000000000 -0700
-@@ -45,7 +45,7 @@
- .Nd adds RSA or DSA identities to the authentication agent
- .Sh SYNOPSIS
- .Nm ssh-add
--.Op Fl cDdLlXx
-+.Op Fl cDdLlXxKk
- .Op Fl t Ar life
- .Op Ar
- .Nm ssh-add
-@@ -121,6 +121,12 @@
- Unlock the agent.
- .It Fl x
- Lock the agent with a password.
-+.It Fl K
-+When adding identities, each passphrase will also be stored in your
-+keychain. When removing identities with -d, each passphrase will be
-+removed from your keychain.
-+.It Fl k
-+Add identities to the agent using any passphrases stored in your keychain.
- .El
- .Sh ENVIRONMENT
- .Bl -tag -width Ds
-diff -uNr ../openssh-5.0p1.orig/ssh-add.c ./ssh-add.c
---- ../openssh-5.0p1.orig/ssh-add.c 2008-02-28 00:13:52.000000000 -0800
-+++ ./ssh-add.c 2008-04-15 18:32:47.000000000 -0700
-@@ -62,6 +62,7 @@
- #include "authfile.h"
- #include "pathnames.h"
- #include "misc.h"
-+#include "keychain.h"
-
- /* argv0 */
- extern char *__progname;
-@@ -93,12 +94,24 @@
- }
-
- static int
--delete_file(AuthenticationConnection *ac, const char *filename)
-+add_from_keychain(AuthenticationConnection *ac)
-+{
-+ if (ssh_add_from_keychain(ac) == 0)
-+ return -1;
-+
-+ fprintf(stderr, "Added keychain identities.\n");
-+ return 0;
-+}
-+
-+static int
-+delete_file(AuthenticationConnection *ac, int keychain, const char *filename)
- {
- Key *public;
- char *comment = NULL;
- int ret = -1;
-
-+ if (keychain)
-+ remove_from_keychain(filename);
- public = key_load_public(filename, &comment);
- if (public == NULL) {
- printf("Bad key file %s\n", filename);
-@@ -136,7 +149,7 @@
- }
-
- static int
--add_file(AuthenticationConnection *ac, const char *filename)
-+add_file(AuthenticationConnection *ac, int keychain, const char *filename)
- {
- Key *private;
- char *comment = NULL;
-@@ -159,11 +172,16 @@
-
- /* At first, try empty passphrase */
- private = key_load_private(filename, "", &comment);
-+ if (keychain && private != NULL)
-+ store_in_keychain(filename, "");
- if (comment == NULL)
- comment = xstrdup(filename);
- /* try last */
-- if (private == NULL && pass != NULL)
-+ if (private == NULL && pass != NULL) {
- private = key_load_private(filename, pass, NULL);
-+ if (keychain && private != NULL)
-+ store_in_keychain(filename, pass);
-+ }
- if (private == NULL) {
- /* clear passphrase since it did not work */
- clear_pass();
-@@ -177,8 +195,11 @@
- return -1;
- }
- private = key_load_private(filename, pass, &comment);
-- if (private != NULL)
-+ if (private != NULL) {
-+ if (keychain)
-+ store_in_keychain(filename, pass);
- break;
-+ }
- clear_pass();
- snprintf(msg, sizeof msg,
- "Bad passphrase, try again for %.200s: ", comment);
-@@ -295,13 +316,13 @@
- }
-
- static int
--do_file(AuthenticationConnection *ac, int deleting, char *file)
-+do_file(AuthenticationConnection *ac, int deleting, int keychain, char *file)
- {
- if (deleting) {
-- if (delete_file(ac, file) == -1)
-+ if (delete_file(ac, keychain, file) == -1)
- return -1;
- } else {
-- if (add_file(ac, file) == -1)
-+ if (add_file(ac, keychain, file) == -1)
- return -1;
- }
- return 0;
-@@ -324,6 +345,11 @@
- fprintf(stderr, " -s reader Add key in smartcard reader.\n");
- fprintf(stderr, " -e reader Remove key in smartcard reader.\n");
- #endif
-+#ifdef KEYCHAIN
-+ fprintf(stderr, " -k Add all identities stored in your keychain.\n");
-+ fprintf(stderr, " -K Store passphrases in your keychain.\n");
-+ fprintf(stderr, " With -d, remove passphrases from your keychain.\n");
-+#endif
- }
-
- int
-@@ -334,6 +360,7 @@
- AuthenticationConnection *ac = NULL;
- char *sc_reader_id = NULL;
- int i, ch, deleting = 0, ret = 0;
-+ int keychain = 0;
-
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- sanitise_stdfd();
-@@ -351,7 +378,7 @@
- "Could not open a connection to your authentication agent.\n");
- exit(2);
- }
-- while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
-+ while ((ch = getopt(argc, argv, "lLcdDxXe:s:kKt:")) != -1) {
- switch (ch) {
- case 'l':
- case 'L':
-@@ -373,6 +400,13 @@
- if (delete_all(ac) == -1)
- ret = 1;
- goto done;
-+ case 'k':
-+ if (add_from_keychain(ac) == -1)
-+ ret = 1;
-+ goto done;
-+ case 'K':
-+ keychain = 1;
-+ break;
- case 's':
- sc_reader_id = optarg;
- break;
-@@ -418,7 +452,7 @@
- default_files[i]);
- if (stat(buf, &st) < 0)
- continue;
-- if (do_file(ac, deleting, buf) == -1)
-+ if (do_file(ac, deleting, keychain, buf) == -1)
- ret = 1;
- else
- count++;
-@@ -427,7 +461,7 @@
- ret = 1;
- } else {
- for (i = 0; i < argc; i++) {
-- if (do_file(ac, deleting, argv[i]) == -1)
-+ if (do_file(ac, deleting, keychain, argv[i]) == -1)
- ret = 1;
- }
- }
-diff -uNr ../openssh-5.0p1.orig/ssh-agent.c ./ssh-agent.c
---- ../openssh-5.0p1.orig/ssh-agent.c 2008-02-28 00:13:52.000000000 -0800
-+++ ./ssh-agent.c 2008-04-15 18:32:47.000000000 -0700
-@@ -72,9 +72,11 @@
- #include "buffer.h"
- #include "key.h"
- #include "authfd.h"
-+#include "authfile.h"
- #include "compat.h"
- #include "log.h"
- #include "misc.h"
-+#include "keychain.h"
-
- #ifdef SMARTCARD
- #include "scard.h"
-@@ -703,6 +705,61 @@
- }
- #endif /* SMARTCARD */
-
-+static int
-+add_identity_callback(const char *filename, const char *passphrase)
-+{
-+ Key *k;
-+ int version;
-+ Idtab *tab;
-+
-+ if ((k = key_load_private(filename, passphrase, NULL)) == NULL)
-+ return 1;
-+ switch (k->type) {
-+ case KEY_RSA:
-+ case KEY_RSA1:
-+ if (RSA_blinding_on(k->rsa, NULL) != 1) {
-+ key_free(k);
-+ return 1;
-+ }
-+ break;
-+ }
-+ version = k->type == KEY_RSA1 ? 1 : 2;
-+ tab = idtab_lookup(version);
-+ if (lookup_identity(k, version) == NULL) {
-+ Identity *id = xmalloc(sizeof(Identity));
-+ id->key = k;
-+ id->comment = xstrdup(filename);
-+ if (id->comment == NULL) {
-+ key_free(k);
-+ return 1;
-+ }
-+ id->death = 0;
-+ id->confirm = 0;
-+ TAILQ_INSERT_TAIL(&tab->idlist, id, next);
-+ tab->nentries++;
-+ } else {
-+ key_free(k);
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+
-+static void
-+process_add_from_keychain(SocketEntry *e)
-+{
-+ int result;
-+
-+ result = add_identities_using_keychain(&add_identity_callback);
-+
-+ /* e will be NULL when ssh-agent adds keys on its own at startup */
-+ if (e) {
-+ buffer_put_int(&e->output, 1);
-+ buffer_put_char(&e->output,
-+ result ? SSH_AGENT_FAILURE : SSH_AGENT_SUCCESS);
-+ }
-+}
-+
- /* dispatch incoming messages */
-
- static void
-@@ -795,6 +852,9 @@
- process_remove_smartcard_key(e);
- break;
- #endif /* SMARTCARD */
-+ case SSH_AGENTC_ADD_FROM_KEYCHAIN:
-+ process_add_from_keychain(e);
-+ break;
- default:
- /* Unknown message. Respond with failure. */
- error("Unknown message %d", type);
-@@ -1258,6 +1318,10 @@
- signal(SIGTERM, cleanup_handler);
- nalloc = 0;
-
-+#ifdef KEYCHAIN
-+ process_add_from_keychain(NULL);
-+#endif
-+
- while (1) {
- prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
- result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
-diff -uNr ../openssh-5.0p1.orig/sshconnect1.c ./sshconnect1.c
---- ../openssh-5.0p1.orig/sshconnect1.c 2006-11-07 04:14:42.000000000 -0800
-+++ ./sshconnect1.c 2008-04-15 18:32:47.000000000 -0700
-@@ -47,6 +47,7 @@
- #include "canohost.h"
- #include "hostfile.h"
- #include "auth.h"
-+#include "keychain.h"
-
- /* Session id for the current session. */
- u_char session_id[16];
-@@ -260,7 +261,9 @@
- snprintf(buf, sizeof(buf),
- "Enter passphrase for RSA key '%.100s': ", comment);
- for (i = 0; i < options.number_of_password_prompts; i++) {
-- passphrase = read_passphrase(buf, 0);
-+ passphrase = keychain_read_passphrase(comment);
-+ if (passphrase == NULL)
-+ passphrase = read_passphrase(buf, 0);
- if (strcmp(passphrase, "") != 0) {
- private = key_load_private_type(KEY_RSA1,
- authfile, passphrase, NULL, NULL);
-diff -uNr ../openssh-5.0p1.orig/sshconnect2.c ./sshconnect2.c
---- ../openssh-5.0p1.orig/sshconnect2.c 2008-02-10 03:25:53.000000000 -0800
-+++ ./sshconnect2.c 2008-04-15 18:32:47.000000000 -0700
-@@ -64,6 +64,7 @@
- #include "msg.h"
- #include "pathnames.h"
- #include "uidswap.h"
-+#include "keychain.h"
-
- #ifdef GSSAPI
- #include "ssh-gss.h"
-@@ -990,7 +991,9 @@
- snprintf(prompt, sizeof prompt,
- "Enter passphrase for key '%.100s': ", filename);
- for (i = 0; i < options.number_of_password_prompts; i++) {
-- passphrase = read_passphrase(prompt, 0);
-+ passphrase = keychain_read_passphrase(filename);
-+ if (passphrase == NULL)
-+ passphrase = read_passphrase(prompt, 0);
- if (strcmp(passphrase, "") != 0) {
- private = key_load_private_type(KEY_UNSPEC,
- filename, passphrase, NULL, NULL);
Deleted: trunk/dports/net/openssh/files/AJ-5491854-fix_unsafe_usage_of_getpwuid.patch
===================================================================
--- trunk/dports/net/openssh/files/AJ-5491854-fix_unsafe_usage_of_getpwuid.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/AJ-5491854-fix_unsafe_usage_of_getpwuid.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,32 +0,0 @@
-diff -ru ../openssh-4.5p1.old/ssh-add.c ./ssh-add.c
---- ../openssh-4.5p1.old/ssh-add.c 2006-08-31 22:38:37.000000000 -0700
-+++ ./ssh-add.c 2007-09-21 13:11:56.000000000 -0700
-@@ -402,6 +402,7 @@
- if (argc == 0) {
- char buf[MAXPATHLEN];
- struct passwd *pw;
-+ char *pw_dir;
- struct stat st;
- int count = 0;
-
-@@ -412,8 +413,10 @@
- goto done;
- }
-
-+ pw_dir = xstrdup(pw->pw_dir);
-+
- for (i = 0; default_files[i]; i++) {
-- snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
-+ snprintf(buf, sizeof(buf), "%s/%s", pw_dir,
- default_files[i]);
- if (stat(buf, &st) < 0)
- continue;
-@@ -424,6 +427,8 @@
- }
- if (count == 0)
- ret = 1;
-+
-+ xfree(pw_dir);
- } else {
- for (i = 0; i < argc; i++) {
- if (do_file(ac, deleting, argv[i]) == -1)
Deleted: trunk/dports/net/openssh/files/DVG-3977221_manpage_tweaks.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-3977221_manpage_tweaks.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-3977221_manpage_tweaks.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,54 +0,0 @@
-diff -uNr ../openssh-4.7p1.orig/sshd.0 ./sshd.0
---- ../openssh-4.7p1.orig/sshd.0 2007-09-03 23:50:10.000000000 -0700
-+++ ./sshd.0 2007-09-05 20:44:16.000000000 -0700
-@@ -527,8 +527,8 @@
-
- SEE ALSO
- scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
-- ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5),
-- sshd_config(5), inetd(8), sftp-server(8)
-+ ssh-keyscan(1), chroot(2), hosts_access(5), sshd_config(5)
-+ sftp-server(8)
-
- AUTHORS
- OpenSSH is a derivative of the original and free ssh 1.2.12 release by
-diff -uNr ../openssh-4.7p1.orig/sshd.8 ./sshd.8
---- ../openssh-4.7p1.orig/sshd.8 2007-08-16 16:42:33.000000000 -0700
-+++ ./sshd.8 2007-09-05 20:43:10.000000000 -0700
-@@ -833,10 +833,7 @@
- .Xr ssh-keyscan 1 ,
- .Xr chroot 2 ,
- .Xr hosts_access 5 ,
--.Xr login.conf 5 ,
--.Xr moduli 5 ,
- .Xr sshd_config 5 ,
--.Xr inetd 8 ,
- .Xr sftp-server 8
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
-diff -uNr ../openssh-4.7p1.orig/sshd_config.0 ./sshd_config.0
---- ../openssh-4.7p1.orig/sshd_config.0 2007-09-03 23:50:11.000000000 -0700
-+++ ./sshd_config.0 2007-09-05 20:44:58.000000000 -0700
-@@ -84,8 +84,7 @@
-
- ChallengeResponseAuthentication
- Specifies whether challenge-response authentication is allowed.
-- All authentication styles from login.conf(5) are supported. The
-- default is ``yes''.
-+ The default is ``yes''.
-
- Ciphers
- Specifies the ciphers allowed for protocol version 2. Multiple
-diff -uNr ../openssh-4.7p1.orig/sshd_config.5 ./sshd_config.5
---- ../openssh-4.7p1.orig/sshd_config.5 2007-06-10 21:07:13.000000000 -0700
-+++ ./sshd_config.5 2007-09-05 20:45:25.000000000 -0700
-@@ -167,9 +167,6 @@
- By default, no banner is displayed.
- .It Cm ChallengeResponseAuthentication
- Specifies whether challenge-response authentication is allowed.
--All authentication styles from
--.Xr login.conf 5
--are supported.
- The default is
- .Dq yes .
- .It Cm Ciphers
Deleted: trunk/dports/net/openssh/files/DVG-4122722+5277818_new_EA.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4122722+5277818_new_EA.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4122722+5277818_new_EA.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,537 +0,0 @@
-diff -ruN ../openssh-4.7p1/config.h.in ./config.h.in
---- ../openssh-4.7p1/config.h.in 2007-09-03 23:50:04.000000000 -0700
-+++ ./config.h.in 2007-10-01 20:02:51.000000000 -0700
-@@ -56,6 +56,18 @@
- /* Define if your snprintf is busted */
- #undef BROKEN_SNPRINTF
-
-+/* platform uses an in-memory credentials cache */
-+#undef USE_CCAPI
-+
-+/* platform has a Security Authorization Session API */
-+#undef USE_SECURITY_SESSION_API
-+
-+/* Define to 1 if you have the `copyfile' function. */
-+#undef HAVE_COPYFILE
-+
-+/* Define to 1 if you have the <copyfile.h> header file. */
-+#undef HAVE_COPYFILE_H
-+
- /* updwtmpx is broken (if present) */
- #undef BROKEN_UPDWTMPX
-
-diff -ruN ../openssh-4.7p1/configure ./configure
---- ../openssh-4.7p1/configure 2007-09-03 23:50:09.000000000 -0700
-+++ ./configure 2007-10-01 20:02:51.000000000 -0700
-@@ -28390,6 +28390,259 @@
- CFLAGS="$CFLAGS $werror_flags"
-
-
-+for ac_func in copyfile
-+do
-+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-+echo "$as_me:$LINENO: checking for $ac_func" >&5
-+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-+if eval "test \"\${$as_ac_var+set}\" = set"; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+else
-+ cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
-+#define $ac_func innocuous_$ac_func
-+
-+/* System header to define __stub macros and hopefully few prototypes,
-+ which can conflict with char $ac_func (); below.
-+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-+ <limits.h> exists even on freestanding compilers. */
-+
-+#ifdef __STDC__
-+# include <limits.h>
-+#else
-+# include <assert.h>
-+#endif
-+
-+#undef $ac_func
-+
-+/* Override any gcc2 internal prototype to avoid an error. */
-+#ifdef __cplusplus
-+extern "C"
-+{
-+#endif
-+/* We use char because int might match the return type of a gcc2
-+ builtin and then its argument prototype would still apply. */
-+char $ac_func ();
-+/* The GNU C library defines this for functions which it implements
-+ to always fail with ENOSYS. Some functions are actually named
-+ something starting with __ and the normal name is an alias. */
-+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-+choke me
-+#else
-+char (*f) () = $ac_func;
-+#endif
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+int
-+main ()
-+{
-+return f != $ac_func;
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+rm -f conftest.$ac_objext conftest$ac_exeext
-+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-+ (eval $ac_link) 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } &&
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
-+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); }; } &&
-+ { ac_try='test -s conftest$ac_exeext'
-+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); }; }; then
-+ eval "$as_ac_var=yes"
-+else
-+ echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+eval "$as_ac_var=no"
-+fi
-+rm -f conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-+fi
-+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-+if test `eval echo '${'$as_ac_var'}'` = yes; then
-+ cat >>confdefs.h <<_ACEOF
-+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-+_ACEOF
-+
-+fi
-+done
-+
-+
-+for ac_header in copyfile.h
-+do
-+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-+if eval "test \"\${$as_ac_Header+set}\" = set"; then
-+ echo "$as_me:$LINENO: checking for $ac_header" >&5
-+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-+if eval "test \"\${$as_ac_Header+set}\" = set"; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+fi
-+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-+else
-+ # Is the header compilable?
-+echo "$as_me:$LINENO: checking $ac_header usability" >&5
-+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+$ac_includes_default
-+#include <$ac_header>
-+_ACEOF
-+rm -f conftest.$ac_objext
-+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-+ (eval $ac_compile) 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } &&
-+ { ac_try='test -z "$ac_c_werror_flag"
-+ || test ! -s conftest.err'
-+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); }; } &&
-+ { ac_try='test -s conftest.$ac_objext'
-+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-+ (eval $ac_try) 2>&5
-+ ac_status=$?
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); }; }; then
-+ ac_header_compiler=yes
-+else
-+ echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ac_header_compiler=no
-+fi
-+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-+echo "${ECHO_T}$ac_header_compiler" >&6
-+
-+# Is the header present?
-+echo "$as_me:$LINENO: checking $ac_header presence" >&5
-+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+#include <$ac_header>
-+_ACEOF
-+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-+ (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } >/dev/null; then
-+ if test -s conftest.err; then
-+ ac_cpp_err=$ac_c_preproc_warn_flag
-+ ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-+ else
-+ ac_cpp_err=
-+ fi
-+else
-+ ac_cpp_err=yes
-+fi
-+if test -z "$ac_cpp_err"; then
-+ ac_header_preproc=yes
-+else
-+ echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ ac_header_preproc=no
-+fi
-+rm -f conftest.err conftest.$ac_ext
-+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-+echo "${ECHO_T}$ac_header_preproc" >&6
-+
-+# So? What about this header?
-+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-+ yes:no: )
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-+ ac_header_preproc=yes
-+ ;;
-+ no:yes:* )
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-+ (
-+ cat <<\_ASBOX
-+## ------------------------------------------- ##
-+## Report this to openssh-unix-dev at mindrot.org ##
-+## ------------------------------------------- ##
-+_ASBOX
-+ ) |
-+ sed "s/^/$as_me: WARNING: /" >&2
-+ ;;
-+esac
-+echo "$as_me:$LINENO: checking for $ac_header" >&5
-+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-+if eval "test \"\${$as_ac_Header+set}\" = set"; then
-+ echo $ECHO_N "(cached) $ECHO_C" >&6
-+else
-+ eval "$as_ac_Header=\$ac_header_preproc"
-+fi
-+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-+
-+fi
-+if test `eval echo '${'$as_ac_Header'}'` = yes; then
-+ cat >>confdefs.h <<_ACEOF
-+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-+_ACEOF
-+
-+fi
-+
-+done
-+
-+
-+
- ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh"
-
- cat >confcache <<\_ACEOF
-diff -ruN ../openssh-4.7p1/configure.ac ./configure.ac
---- ../openssh-4.7p1/configure.ac 2007-08-09 21:36:12.000000000 -0700
-+++ ./configure.ac 2007-10-01 20:02:51.000000000 -0700
-@@ -3982,6 +3982,9 @@
- dnl Add now.
- CFLAGS="$CFLAGS $werror_flags"
-
-+AC_CHECK_FUNCS(copyfile)
-+AC_CHECK_HEADERS(copyfile.h)
-+
- AC_EXEEXT
- AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
- openbsd-compat/Makefile openbsd-compat/regress/Makefile \
-diff -ruN ../openssh-4.7p1/scp.1 ./scp.1
---- ../openssh-4.7p1/scp.1 2007-08-07 21:29:58.000000000 -0700
-+++ ./scp.1 2007-10-01 20:02:51.000000000 -0700
-@@ -20,7 +20,7 @@
- .Sh SYNOPSIS
- .Nm scp
- .Bk -words
--.Op Fl 1246BCpqrv
-+.Op Fl 1246BCEpqrv
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
-@@ -87,6 +87,8 @@
- flag to
- .Xr ssh 1
- to enable compression.
-+.It Fl E
-+Preserves extended attributes, resource forks, and ACLs. Requires both ends to be running Mac OS X 10.4 or later.
- .It Fl c Ar cipher
- Selects the cipher to use for encrypting the data transfer.
- This option is directly passed to
-diff -ruN ../openssh-4.7p1/scp.c ./scp.c
---- ../openssh-4.7p1/scp.c 2007-08-07 21:29:58.000000000 -0700
-+++ ./scp.c 2007-10-01 20:29:54.000000000 -0700
-@@ -107,6 +107,11 @@
- #include "misc.h"
- #include "progressmeter.h"
-
-+#ifdef HAVE_COPYFILE_H
-+#include <libgen.h>
-+#include <copyfile.h>
-+#endif
-+
- extern char *__progname;
-
- int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout);
-@@ -134,6 +139,12 @@
- /* This is used to store the pid of ssh_program */
- pid_t do_cmd_pid = -1;
-
-+#ifdef HAVE_COPYFILE
-+int copy_xattr = 0;
-+int md_flag = 0;
-+#endif
-+
-+
- static void
- killchild(int signo)
- {
-@@ -313,7 +324,11 @@
- addargs(&args, "-oClearAllForwardings yes");
-
- fflag = tflag = 0;
-+#if HAVE_COPYFILE
-+ while ((ch = getopt(argc, argv, "dfl:prtvBCEc:i:P:q1246S:o:F:")) != -1)
-+#else
- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
-+#endif
- switch (ch) {
- /* User-visible flags. */
- case '1':
-@@ -359,6 +374,11 @@
- showprogress = 0;
- break;
-
-+#ifdef HAVE_COPYFILE
-+ case 'E':
-+ copy_xattr = 1;
-+ break;
-+#endif
- /* Server options. */
- case 'd':
- targetshouldbedirectory = 1;
-@@ -408,7 +428,12 @@
- remin = remout = -1;
- do_cmd_pid = -1;
- /* Command to be executed on remote system using "ssh". */
-+#if HAVE_COPYFILE
-+ (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s%s",
-+ copy_xattr ? " -E" : "",
-+#else
- (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s",
-+#endif
- verbose_mode ? " -v" : "",
- iamrecursive ? " -r" : "", pflag ? " -p" : "",
- targetshouldbedirectory ? " -d" : "");
-@@ -587,6 +612,10 @@
- int fd = -1, haderr, indx;
- char *last, *name, buf[2048], encname[MAXPATHLEN];
- int len;
-+#if HAVE_COPYFILE
-+ char md_name[MAXPATHLEN];
-+ char *md_tmp;
-+#endif
-
- for (indx = 0; indx < argc; ++indx) {
- name = argv[indx];
-@@ -594,12 +623,26 @@
- len = strlen(name);
- while (len > 1 && name[len-1] == '/')
- name[--len] = '\0';
-+#if HAVE_COPYFILE
-+md_next:
-+ statbytes = 0;
-+ if (md_flag) {
-+ fd = open(md_tmp, O_RDONLY, 0);
-+ unlink(md_tmp);
-+ free(md_tmp);
-+ if (fd < 0)
-+ goto syserr;
-+ } else {
-+#endif
- if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0)
- goto syserr;
- if (strchr(name, '\n') != NULL) {
- strnvis(encname, name, sizeof(encname), VIS_NL);
- name = encname;
- }
-+#if HAVE_COPYFILE
-+ }
-+#endif
- if (fstat(fd, &stb) < 0) {
- syserr: run_err("%s: %s", name, strerror(errno));
- goto next;
-@@ -688,6 +731,36 @@
- else
- run_err("%s: %s", name, strerror(haderr));
- (void) response();
-+#ifdef HAVE_COPYFILE
-+ if (copy_xattr && md_flag == 0)
-+ {
-+ if (!copyfile(name, NULL, 0,
-+ COPYFILE_ACL | COPYFILE_XATTR | COPYFILE_CHECK))
-+ continue;
-+
-+ /*
-+ * this file will hold the actual metadata
-+ * to be transferred
-+ */
-+ md_tmp = strdup("/tmp/scp.md.XXXXXX");
-+ md_tmp = mktemp(md_tmp);
-+
-+ if(copyfile(name, md_tmp, 0,
-+ COPYFILE_ACL | COPYFILE_XATTR | COPYFILE_PACK) == 0)
-+ {
-+ /*
-+ * this is the fake name to display
-+ */
-+ snprintf(md_name, sizeof md_name, "%s/._%s", dirname(name), basename(name));
-+ name = md_name;
-+ md_flag = 1;
-+ if (verbose_mode)
-+ fprintf(stderr, "copyfile(%s, %s, PACK)\n", name, md_tmp);
-+ goto md_next;
-+ }
-+ } else
-+ md_flag = 0;
-+#endif
- }
- }
-
-@@ -836,6 +909,10 @@
- if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
- targisdir = 1;
- for (first = 1;; first = 0) {
-+#if HAVE_COPYFILE
-+ char md_src[MAXPATHLEN];
-+ char md_dst[MAXPATHLEN];
-+#endif
- cp = buf;
- if (atomicio(read, remin, cp, 1) != 1)
- return;
-@@ -969,6 +1046,32 @@
- }
- omode = mode;
- mode |= S_IWRITE;
-+
-+#if HAVE_COPYFILE
-+ if (copy_xattr && !strncmp(basename(curfile), "._", 2))
-+ {
-+ int mdfd;
-+ if (targisdir)
-+ {
-+ snprintf(md_src, sizeof md_src, "%s.XXXXXX", np);
-+ snprintf(md_dst, sizeof md_dst, "%s/%s",
-+ dirname(np), basename(np) + 2);
-+ if((mdfd = mkstemp(md_src)) < 0)
-+ continue;
-+ }
-+ else
-+ {
-+ snprintf(md_src, sizeof md_src, "%s/._%s.XXXXXX",
-+ dirname(np), basename(np));
-+ snprintf(md_dst, sizeof md_dst, "%s", np);
-+ if((mdfd = mkstemp(md_src)) < 0)
-+ continue;
-+ }
-+ if (mdfd >= 0)
-+ close(mdfd);
-+ np = md_src;
-+ }
-+#endif
- if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
- bad: run_err("%s: %s", np, strerror(errno));
- continue;
-@@ -1057,6 +1160,21 @@
- wrerrno = errno;
- }
- (void) response();
-+#ifdef HAVE_COPYFILE
-+ if (copy_xattr && strncmp(basename(np), "._", 2) == 0)
-+ {
-+ if (verbose_mode)
-+ fprintf(stderr, "copyfile(%s, %s, UNPACK)\n", md_src, md_dst);
-+ if(!copyfile(md_src, md_dst, 0,
-+ COPYFILE_ACL | COPYFILE_XATTR | COPYFILE_UNPACK) < 0)
-+ {
-+ snprintf(md_dst, sizeof md_dst, "%s/._%s",
-+ dirname(md_dst), basename(md_dst));
-+ rename(md_src, md_dst);
-+ } else
-+ unlink(md_src);
-+ } else
-+#endif
- if (setimes && wrerr == NO) {
- setimes = 0;
- if (utimes(np, tv) < 0) {
-@@ -1118,7 +1236,11 @@
- usage(void)
- {
- (void) fprintf(stderr,
-+#if HAVE_COPYFILE
-+ "usage: scp [-1246BCEpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
-+#else
- "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
-+#endif
- " [-l limit] [-o ssh_option] [-P port] [-S program]\n"
- " [[user@]host1:]file1 ... [[user@]host2:]file2\n");
- exit(1);
Deleted: trunk/dports/net/openssh/files/DVG-4135812_add_SACLSupport_to_sshd_conf_manpage.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4135812_add_SACLSupport_to_sshd_conf_manpage.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4135812_add_SACLSupport_to_sshd_conf_manpage.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,25 +0,0 @@
-diff -uNr ../openssh-4.7p1.orig/sshd_config.0 ./sshd_config.0
---- ../openssh-4.7p1.orig/sshd_config.0 2007-09-03 23:50:11.000000000 -0700
-+++ ./sshd_config.0 2008-01-31 17:32:40.000000000 -0800
-@@ -414,6 +414,9 @@
- fault is ``yes''. This option applies to protocol version 1 on-
- ly.
-
-+ SACLSupport
-+ Enables use of Service ACLs on Mac OS X.
-+
- ServerKeyBits
- Defines the number of bits in the ephemeral protocol version 1
- server key. The minimum value is 512, and the default is 768.
-diff -uNr ../openssh-4.7p1.orig/sshd_config.5 ./sshd_config.5
---- ../openssh-4.7p1.orig/sshd_config.5 2007-06-10 21:07:13.000000000 -0700
-+++ ./sshd_config.5 2008-01-31 17:33:17.000000000 -0800
-@@ -722,6 +722,8 @@
- The default is
- .Dq yes .
- This option applies to protocol version 1 only.
-+.It Cm SACLSupport
-+Enables use of Service ACLs on Mac OS X.
- .It Cm ServerKeyBits
- Defines the number of bits in the ephemeral protocol version 1 server key.
- The minimum value is 512, and the default is 768.
Deleted: trunk/dports/net/openssh/files/DVG-4157448+4920695_corrected_UsePAM_comment.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4157448+4920695_corrected_UsePAM_comment.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4157448+4920695_corrected_UsePAM_comment.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,25 +0,0 @@
-diff -uNr ../openssh-4.5p1.orig/sshd_config ./sshd_config
---- ../openssh-4.5p1.orig/sshd_config 2006-07-23 21:06:47.000000000 -0700
-+++ ./sshd_config 2007-01-11 17:05:47.000000000 -0800
-@@ -52,7 +52,8 @@
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
-
--# To disable tunneled clear text passwords, change to no here!
-+# To disable tunneled clear text passwords, change to no here! Also,
-+# remember to set the UsePAM setting to 'no'.
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
-
-@@ -78,7 +79,10 @@
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
--#UsePAM no
-+# Also, PAM will deny null passwords by default. If you need to allow
-+# null passwords, add the " nullok" option to the end of the
-+# securityserver.so line in /etc/pam.d/sshd.
-+#UsePAM yes
-
- #AllowTcpForwarding yes
- #GatewayPorts no
Deleted: trunk/dports/net/openssh/files/DVG-4212542_auth_error_logging_fix.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4212542_auth_error_logging_fix.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4212542_auth_error_logging_fix.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,12 +0,0 @@
-diff -uNr ../openssh-4.3p2.orig/sshd_config ./sshd_config
---- ../openssh-4.3p2.orig/sshd_config 2005-12-13 00:29:03.000000000 -0800
-+++ ./sshd_config 2006-10-18 16:47:04.000000000 -0700
-@@ -28,7 +28,7 @@
-
- # Logging
- # obsoletes QuietMode and FascistLogging
--#SyslogFacility AUTH
-+SyslogFacility AUTHPRIV
- #LogLevel INFO
-
- # Authentication:
Deleted: trunk/dports/net/openssh/files/DVG-4648874_preserve_EA_mtime.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4648874_preserve_EA_mtime.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4648874_preserve_EA_mtime.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,18 +0,0 @@
-diff -uNr ../openssh-4.5p1.orig/scp.c ./scp.c
---- ../openssh-4.5p1.orig/scp.c 2006-12-12 13:08:35.000000000 -0800
-+++ ./scp.c 2006-12-12 15:53:57.000000000 -0800
-@@ -1163,6 +1163,14 @@
- rename(md_src, md_dst);
- } else
- unlink(md_src);
-+ if (setimes && wrerr == NO) {
-+ setimes = 0;
-+ if (utimes(md_dst, tv) < 0) {
-+ run_err("%s: set times: %s",
-+ np, strerror(errno));
-+ wrerr = DISPLAYED;
-+ }
-+ }
- } else
- #endif
- if (setimes && wrerr == NO) {
Deleted: trunk/dports/net/openssh/files/DVG-4694589_16_group_limit_fix.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4694589_16_group_limit_fix.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4694589_16_group_limit_fix.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,13 +0,0 @@
-diff -uNr ../openssh-4.5p1.orig/uidswap.c ./uidswap.c
---- ../openssh-4.5p1.orig/uidswap.c 2006-08-04 19:39:41.000000000 -0700
-+++ ./uidswap.c 2007-01-12 19:26:22.000000000 -0800
-@@ -233,6 +239,9 @@
- fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
- #endif
-
-+ if (initgroups(pw->pw_name, pw->pw_gid) < 0)
-+ fatal("setgid %.100s %u: %.100s", pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
-+
- #if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
- if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
- fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
Deleted: trunk/dports/net/openssh/files/DVG-4748610+4897588_ssh-agent_via_launchd.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4748610+4897588_ssh-agent_via_launchd.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4748610+4897588_ssh-agent_via_launchd.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,146 +0,0 @@
-diff -ru ../openssh-4.7p1.old/ssh-agent.c ./ssh-agent.c
---- ../openssh-4.7p1.old/ssh-agent.c 2007-03-21 02:45:07.000000000 -0700
-+++ ./ssh-agent.c 2007-10-01 01:01:39.000000000 -0700
-@@ -64,6 +64,9 @@
- #include <time.h>
- #include <string.h>
- #include <unistd.h>
-+#ifdef __APPLE_LAUNCHD__
-+#include <launch.h>
-+#endif
-
- #include "xmalloc.h"
- #include "ssh.h"
-@@ -1031,7 +1034,11 @@
- int
- main(int ac, char **av)
- {
-+#ifdef __APPLE_LAUNCHD__
-+ int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, l_flag = 0;
-+#else
- int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
-+#endif
- int sock, fd, ch, result, saved_errno;
- u_int nalloc;
- char *shell, *format, *pidstr, *agentsocket = NULL;
-@@ -1065,7 +1072,11 @@
- init_rng();
- seed_rng();
-
-+#ifdef __APPLE_LAUNCHD__
-+ while ((ch = getopt(ac, av, "cdklsa:t:")) != -1) {
-+#else
- while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
-+#endif
- switch (ch) {
- case 'c':
- if (s_flag)
-@@ -1075,6 +1086,11 @@
- case 'k':
- k_flag++;
- break;
-+#ifdef __APPLE_LAUNCHD__
-+ case 'l':
-+ l_flag++;
-+ break;
-+#endif
- case 's':
- if (c_flag)
- usage();
-@@ -1101,7 +1117,11 @@
- ac -= optind;
- av += optind;
-
-+#ifdef __APPPLE_LAUNCHD__
-+ if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || l_flag))
-+#else
- if (ac > 0 && (c_flag || k_flag || s_flag || d_flag))
-+#endif
- usage();
-
- if (ac == 0 && !c_flag && !s_flag) {
-@@ -1157,6 +1177,53 @@
- * Create socket early so it will exist before command gets run from
- * the parent.
- */
-+#ifdef __APPLE_LAUNCHD__
-+ if (l_flag) {
-+ launch_data_t resp, msg, tmp;
-+ size_t listeners_i;
-+
-+ msg = launch_data_new_string(LAUNCH_KEY_CHECKIN);
-+
-+ resp = launch_msg(msg);
-+
-+ if (NULL == resp) {
-+ perror("launch_msg");
-+ exit(1);
-+ }
-+ launch_data_free(msg);
-+ switch (launch_data_get_type(resp)) {
-+ case LAUNCH_DATA_ERRNO:
-+ errno = launch_data_get_errno(resp);
-+ perror("launch_msg response");
-+ exit(1);
-+ case LAUNCH_DATA_DICTIONARY:
-+ break;
-+ default:
-+ fprintf(stderr, "launch_msg unknown response");
-+ exit(1);
-+ }
-+ tmp = launch_data_dict_lookup(resp, LAUNCH_JOBKEY_SOCKETS);
-+
-+ if (NULL == tmp) {
-+ fprintf(stderr, "no sockets\n");
-+ exit(1);
-+ }
-+
-+ tmp = launch_data_dict_lookup(tmp, "Listeners");
-+
-+ if (NULL == tmp) {
-+ fprintf(stderr, "no known listeners\n");
-+ exit(1);
-+ }
-+
-+ for (listeners_i = 0; listeners_i < launch_data_array_get_count(tmp); listeners_i++) {
-+ launch_data_t obj_at_ind = launch_data_array_get_index(tmp, listeners_i);
-+ new_socket(AUTH_SOCKET, launch_data_get_fd(obj_at_ind));
-+ }
-+
-+ launch_data_free(resp);
-+ } else {
-+#endif
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0) {
- perror("socket");
-@@ -1178,6 +1245,9 @@
- perror("listen");
- cleanup_exit(1);
- }
-+#ifdef __APPLE_LAUNCHD__
-+ }
-+#endif
-
- /*
- * Fork, and have the parent execute the command, if any, or present
-@@ -1191,6 +1261,12 @@
- printf("echo Agent pid %ld;\n", (long)parent_pid);
- goto skip;
- }
-+
-+#ifdef __APPLE_LAUNCHD__
-+ if (l_flag)
-+ goto skip2;
-+#endif
-+
- pid = fork();
- if (pid == -1) {
- perror("fork");
-@@ -1246,6 +1322,7 @@
-
- skip:
- new_socket(AUTH_SOCKET, sock);
-+skip2:
- if (ac > 0)
- parent_alive_interval = 10;
- idtab_init();
Deleted: trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,42 +0,0 @@
-diff -uNr ../openssh-4.5p1.orig/readconf.c ./readconf.c
---- ../openssh-4.5p1.orig/readconf.c 2006-12-05 21:05:28.000000000 -0800
-+++ ./readconf.c 2006-12-05 21:10:59.000000000 -0800
-@@ -1113,10 +1113,17 @@
- options->pubkey_authentication = 1;
- if (options->challenge_response_authentication == -1)
- options->challenge_response_authentication = 1;
-+#ifdef __APPLE_GSSAPI_ENABLE__
-+ if (options->gss_authentication == -1)
-+ options->gss_authentication = 1;
-+ if (options->gss_keyex == -1)
-+ options->gss_keyex = 1;
-+#else
- if (options->gss_authentication == -1)
- options->gss_authentication = 0;
- if (options->gss_keyex == -1)
- options->gss_keyex = 0;
-+#endif
- if (options->gss_deleg_creds == -1)
- options->gss_deleg_creds = 0;
- if (options->gss_trust_dns == -1)
-diff -uNr ../openssh-4.5p1.orig/servconf.c ./servconf.c
---- ../openssh-4.5p1.orig/servconf.c 2006-12-05 21:05:28.000000000 -0800
-+++ ./servconf.c 2006-12-05 21:08:44.000000000 -0800
-@@ -204,10 +204,17 @@
- options->kerberos_ticket_cleanup = 1;
- if (options->kerberos_get_afs_token == -1)
- options->kerberos_get_afs_token = 0;
-+#ifdef __APPLE_GSSAPI_ENABLE__
-+ if (options->gss_authentication == -1)
-+ options->gss_authentication = 1;
-+ if (options->gss_keyex == -1)
-+ options->gss_keyex = 1;
-+#else
- if (options->gss_authentication == -1)
- options->gss_authentication = 0;
- if (options->gss_keyex == -1)
- options->gss_keyex = 0;
-+#endif
- if (options->gss_cleanup_creds == -1)
- options->gss_cleanup_creds = 1;
- if (options->gss_strict_acceptor == -1)
Deleted: trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI_for_pre-Leopard---BuildPhase.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI_for_pre-Leopard---BuildPhase.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4853931_enable_GSSAPI_for_pre-Leopard---BuildPhase.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,69 +0,0 @@
-diff -ur ../OpenSSH-5729681~obj.orig/ssh_config.5.out ./ssh_config.5.out
---- ../OpenSSH-5729681~obj.orig/ssh_config.5.out 2008-02-07 13:25:33.000000000 -0800
-+++ ./ssh_config.5.out 2008-02-07 13:31:16.000000000 -0800
-@@ -475,13 +475,13 @@
- .It Cm GSSAPIAuthentication
- Specifies whether user authentication based on GSSAPI is allowed.
- The default is
--.Dq no .
-+.Dq yes .
- Note that this option applies to protocol version 2 only.
- .It Cm GSSAPIKeyExchange
- Specifies whether key exchange based on GSSAPI may be used. When using
- GSSAPI key exchange the server need not have a host key.
- The default is
--.Dq no .
-+.Dq yes .
- Note that this option applies to protocol version 2 only.
- .It Cm GSSAPIDelegateCredentials
- Forward (delegate) credentials to the server.
-diff -ur ../OpenSSH-5729681~obj.orig/ssh_config.out ./ssh_config.out
---- ../OpenSSH-5729681~obj.orig/ssh_config.out 2008-02-07 13:25:32.000000000 -0800
-+++ ./ssh_config.out 2008-02-07 13:29:57.000000000 -0800
-@@ -24,9 +24,9 @@
- # RSAAuthentication yes
- # PasswordAuthentication yes
- # HostbasedAuthentication no
--# GSSAPIAuthentication no
-+# GSSAPIAuthentication yes
- # GSSAPIDelegateCredentials no
--# GSSAPIKeyExchange no
-+# GSSAPIKeyExchange yes
- # GSSAPITrustDNS no
- # BatchMode no
- # CheckHostIP yes
-diff -ur ../OpenSSH-5729681~obj.orig/sshd_config.5.out ./sshd_config.5.out
---- ../OpenSSH-5729681~obj.orig/sshd_config.5.out 2008-02-07 13:25:33.000000000 -0800
-+++ ./sshd_config.5.out 2008-02-07 13:31:43.000000000 -0800
-@@ -313,13 +313,13 @@
- .It Cm GSSAPIAuthentication
- Specifies whether user authentication based on GSSAPI is allowed.
- The default is
--.Dq no .
-+.Dq yes .
- Note that this option applies to protocol version 2 only.
- .It Cm GSSAPIKeyExchange
- Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
- doesn't rely on ssh keys to verify host identity.
- The default is
--.Dq no .
-+.Dq yes .
- Note that this option applies to protocol version 2 only.
- .It Cm GSSAPICleanupCredentials
- Specifies whether to automatically destroy the user's credentials cache
-diff -ur ../OpenSSH-5729681~obj.orig/sshd_config.out ./sshd_config.out
---- ../OpenSSH-5729681~obj.orig/sshd_config.out 2008-02-07 13:26:28.000000000 -0800
-+++ ./sshd_config.out 2008-02-07 13:30:22.000000000 -0800
-@@ -70,10 +70,10 @@
- #KerberosGetAFSToken no
-
- # GSSAPI options
--#GSSAPIAuthentication no
-+#GSSAPIAuthentication yes
- #GSSAPICleanupCredentials yes
- #GSSAPIStrictAcceptorCheck yes
--#GSSAPIKeyExchange no
-+#GSSAPIKeyExchange yes
-
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
Deleted: trunk/dports/net/openssh/files/DVG-4920695_remove_nullok_comment_for_pre-Leopard---BuildPhase.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-4920695_remove_nullok_comment_for_pre-Leopard---BuildPhase.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-4920695_remove_nullok_comment_for_pre-Leopard---BuildPhase.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,13 +0,0 @@
-diff -uNr ../openssh-4.7p1.orig/sshd_config ./sshd_config
---- ../openssh-4.7p1.orig/sshd_config.out 2008-02-06 10:27:36.000000000 -0800
-+++ ./sshd_config.out 2008-02-06 10:26:39.000000000 -0800
-@@ -83,9 +83,6 @@
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
--# Also, PAM will deny null passwords by default. If you need to allow
--# null passwords, add the " nullok" option to the end of the
--# securityserver.so line in /etc/pam.d/sshd.
- #UsePAM yes
-
- #AllowTcpForwarding yes
Deleted: trunk/dports/net/openssh/files/DVG-5258734_pty_permission_fix.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-5258734_pty_permission_fix.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-5258734_pty_permission_fix.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,26 +0,0 @@
-diff -uNr ../openssh-4.5p1.orig/session.c ./session.c
---- ../openssh-4.5p1.orig/session.c 2006-10-23 10:01:56.000000000 -0700
-+++ ./session.c 2007-06-15 11:23:17.000000000 -0700
-@@ -1846,8 +1846,10 @@
- n_bytes = packet_remaining();
- tty_parse_modes(s->ttyfd, &n_bytes);
-
-+#ifndef __APPLE_PRIVPTY__
- if (!use_privsep)
- pty_setowner(s->pw, s->tty);
-+#endif
-
- /* Set window size from the packet. */
- pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
-@@ -2085,9 +2087,11 @@
- if (s->pid != 0)
- record_logout(s->pid, s->tty, s->pw->pw_name);
-
-+#ifndef __APPLE_PRIVPTY__
- /* Release the pseudo-tty. */
- if (getuid() == 0)
- pty_release(s->tty);
-+#endif
-
- /*
- * Close the server side of the socket pairs. We must do this after
Deleted: trunk/dports/net/openssh/files/DVG-5462402_enable_SSH1_for_pre-Leopard---BuildPhase.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-5462402_enable_SSH1_for_pre-Leopard---BuildPhase.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-5462402_enable_SSH1_for_pre-Leopard---BuildPhase.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,19 +0,0 @@
---- ../openssh-4.7p1/sshd_config.out 2007-03-21 02:42:25.000000000 -0700
-+++ ./sshd_config.out 2006-07-23 21:06:47.000000000 -0700
-@@ -11,15 +11,11 @@
- # default value.
-
- #Port 22
-+#Protocol 2,1
- #AddressFamily any
- #ListenAddress 0.0.0.0
- #ListenAddress ::
-
--# Disable legacy (protocol version 1) support in the server for new
--# installations. In future the default will change to require explicit
--# activation of protocol 1
--Protocol 2
--
- # HostKey for protocol version 1
- #HostKey /etc/ssh/ssh_host_key
- # HostKeys for protocol version 2
Deleted: trunk/dports/net/openssh/files/DVG-5755519_use_GSS_C_NO_NAME_with_gss_acquire_cred.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-5755519_use_GSS_C_NO_NAME_with_gss_acquire_cred.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/DVG-5755519_use_GSS_C_NO_NAME_with_gss_acquire_cred.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,12 +0,0 @@
-diff -uNr ../openssh-5.0p1.orig/gss-serv.c ./gss-serv.c
---- ../openssh-5.0p1.orig/gss-serv.c 2008-04-15 17:48:41.000000000 -0700
-+++ ./gss-serv.c 2008-04-15 17:49:27.000000000 -0700
-@@ -99,7 +99,7 @@
- }
-
- if ((ctx->major = gss_acquire_cred(&ctx->minor,
-- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+ GSS_C_NO_NAME, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
- NULL, NULL)))
- ssh_gssapi_error(ctx);
-
Deleted: trunk/dports/net/openssh/files/patch-clientloop.c.diff
===================================================================
--- trunk/dports/net/openssh/files/patch-clientloop.c.diff 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/patch-clientloop.c.diff 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,13 +0,0 @@
---- clientloop.c.orig 2011-02-18 13:18:36.000000000 -0600
-+++ clientloop.c 2011-02-18 13:19:11.000000000 -0600
-@@ -391,8 +391,10 @@
- if (!got_data) {
- u_int32_t rnd = 0;
-
-+ /*
- logit("Warning: No xauth data; "
- "using fake authentication data for X11 forwarding.");
-+ */
- strlcpy(proto, SSH_X11_PROTO, sizeof proto);
- for (i = 0; i < 16; i++) {
- if (i % 4 == 0)
Deleted: trunk/dports/net/openssh/files/patch-pwdup.diff
===================================================================
--- trunk/dports/net/openssh/files/patch-pwdup.diff 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/patch-pwdup.diff 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,74 +0,0 @@
-Index: ssh.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
-retrieving revision 1.305
-diff -u -p -r1.305 ssh.c
---- ssh.c 29 Oct 2007 06:54:50 -0000 1.305
-+++ ssh.c 3 Nov 2007 00:32:14 -0000
-@@ -1239,6 +1239,7 @@ load_public_identity_files(void)
- #endif /* SMARTCARD */
- if ((pw = getpwuid(original_real_uid)) == NULL)
- fatal("load_public_identity_files: getpwuid failed");
-+ pw = pwcopy(pw);
- if (gethostname(thishost, sizeof(thishost)) == -1)
- fatal("load_public_identity_files: gethostname: %s",
- strerror(errno));
-@@ -1256,6 +1257,7 @@ load_public_identity_files(void)
- options.identity_files[i] = filename;
- options.identity_keys[i] = public;
- }
-+ pwfree(pw);
- }
-
- static void
-Index: misc.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/misc.c,v
-retrieving revision 1.65
-diff -u -p -r1.65 misc.c
---- misc.c 23 Nov 2006 01:35:11 -0000 1.65
-+++ misc.c 3 Nov 2007 00:32:14 -0000
-@@ -197,6 +197,28 @@ pwcopy(struct passwd *pw)
- return copy;
- }
-
-+void
-+pwfree(struct passwd *pw)
-+{
-+#define PW_CLEAR_FREE(f) \
-+ do { \
-+ if (pw->f != NULL) { \
-+ bzero(pw->f, strlen(pw->f)); \
-+ xfree(pw->f); \
-+ } \
-+ } while (0)
-+
-+ PW_CLEAR_FREE(pw_name);
-+ PW_CLEAR_FREE(pw_passwd);
-+ PW_CLEAR_FREE(pw_gecos);
-+ PW_CLEAR_FREE(pw_class);
-+ PW_CLEAR_FREE(pw_dir);
-+ PW_CLEAR_FREE(pw_shell);
-+ bzero(pw, sizeof(*pw));
-+ xfree(pw);
-+#undef PW_CLEAR_FREE
-+}
-+
- /*
- * Convert ASCII string to TCP/IP port number.
- * Port must be >0 and <=65535.
-Index: misc.h
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/misc.h,v
-retrieving revision 1.36
-diff -u -p -r1.36 misc.h
---- misc.h 18 Aug 2006 10:27:16 -0000 1.36
-+++ misc.h 3 Nov 2007 00:32:14 -0000
-@@ -35,6 +35,7 @@ char *tohex(const void *, size_t);
- void sanitise_stdfd(void);
-
- struct passwd *pwcopy(struct passwd *);
-+void pwfree(struct passwd *);
-
- typedef struct arglist arglist;
- struct arglist {
Deleted: trunk/dports/net/openssh/files/sacl.patch
===================================================================
--- trunk/dports/net/openssh/files/sacl.patch 2014-02-16 22:07:59 UTC (rev 117113)
+++ trunk/dports/net/openssh/files/sacl.patch 2014-02-16 22:12:23 UTC (rev 117114)
@@ -1,124 +0,0 @@
-diff -Naur ../openssh-4.4p1.orig/auth.c ./auth.c
---- ../openssh-4.4p1.orig/auth.c 2006-09-06 17:36:43.000000000 -0700
-+++ ./auth.c 2006-10-19 17:22:43.000000000 -0700
-@@ -45,6 +45,11 @@
- #ifdef HAVE_LIBGEN_H
- #include <libgen.h>
- #endif
-+
-+#ifdef __APPLE_SACL__
-+#include <membershipPriv.h>
-+#endif
-+
- #include <stdarg.h>
- #include <stdio.h>
- #include <string.h>
-@@ -233,6 +238,46 @@
- }
- ga_free();
- }
-+
-+ if( options.sacl_support )
-+ {
-+#ifdef __APPLE_SACL__
-+ /*
-+ * Here we check with memberd if the Service ACLs allow this user to
-+ * use the ssh service.
-+ */
-+
-+ debug("Checking with Service ACLs for ssh login restrictions");
-+
-+ uuid_t user_uuid;
-+ int isMember = 0;
-+ int mbrErr = 0;
-+
-+ // get the uuid
-+ if ( mbr_user_name_to_uuid(pw->pw_name, user_uuid) )
-+ {
-+ debug("call to mbr_user_name_to_uuid with <%s> failed to retrieve user_uuid", pw->pw_name);
-+ return 0;
-+ }
-+ debug("call to mbr_user_name_to_uuid with <%s> suceeded to retrieve user_uuid", pw->pw_name);
-+
-+ // check the sacl
-+ if((mbrErr = mbr_check_service_membership(user_uuid, "ssh", &isMember)))
-+ {
-+ debug("Called mbr_check_service_membership with isMember <%d> with status <%d>", isMember, mbrErr);
-+ if(mbrErr == ENOENT) // no ACL exists
-+ {
-+ return 1;
-+ } else {
-+ return 0;
-+ }
-+ }
-+ debug("Call to mbr_check_service_membership failed with status <%d>", mbrErr);
-+ return isMember;
-+#endif /* __APPLE_SACL__ */
-+ }
-+
-+
-
- #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
- if (!sys_auth_allowed_user(pw, &loginmsg))
-diff -Naur ../openssh-4.4p1.orig/servconf.c ./servconf.c
---- ../openssh-4.4p1.orig/servconf.c 2006-08-18 07:23:15.000000000 -0700
-+++ ./servconf.c 2006-10-19 17:24:47.000000000 -0700
-@@ -97,6 +97,7 @@
- options->permit_empty_passwd = -1;
- options->permit_user_env = -1;
- options->use_login = -1;
-+ options->sacl_support = -1;
- options->compression = -1;
- options->allow_tcp_forwarding = -1;
- options->num_allow_users = 0;
-@@ -293,6 +294,7 @@
- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen, sForceCommand,
- sUsePrivilegeSeparation,
-+ sSACLSupport,
- sDeprecated, sUnsupported
- } ServerOpCodes;
-
-@@ -398,6 +400,7 @@
- { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
- { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
- { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
-+ { "saclsupport", sSACLSupport },
- { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
- { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
- { "match", sMatch, SSHCFG_ALL },
-@@ -912,6 +915,10 @@
- charptr = &options->xauth_location;
- goto parse_filename;
-
-+ case sSACLSupport:
-+ intptr = &options->sacl_support;
-+ goto parse_flag;
-+
- case sStrictModes:
- intptr = &options->strict_modes;
- goto parse_flag;
-diff -Naur ../openssh-4.4p1.orig/servconf.h ./servconf.h
---- ../openssh-4.4p1.orig/servconf.h 2006-08-18 07:23:15.000000000 -0700
-+++ ./servconf.h 2006-10-19 17:25:18.000000000 -0700
-@@ -137,6 +137,7 @@
- char *adm_forced_command;
-
- int use_pam; /* Enable auth via PAM */
-+ int sacl_support; /* Enable use of SACLs */
-
- int permit_tun;
-
-diff -Naur ../openssh-4.4p1.orig/sshd_config ./sshd_config
---- ../openssh-4.4p1.orig/sshd_config 2006-07-23 21:06:47.000000000 -0700
-+++ ./sshd_config 2006-10-19 17:26:01.000000000 -0700
-@@ -56,6 +56,9 @@
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
-
-+# SACL options
-+#SACLSupport yes
-+
- # Change to no to disable s/key passwords
- #ChallengeResponseAuthentication yes
-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20140216/08f4faf8/attachment-0001.html>
More information about the macports-changes
mailing list