rpms/openssh/devel openssh-4.2p1-pam-auth-fail-info.patch, NONE, 1.1 openssh-4.2p1-pam-no-stack.patch, NONE, 1.1 openssh-4.2p1-scp-no-system.patch, NONE, 1.1 openssh-4.1p1-nologin.patch, 1.2, 1.3 openssh.spec, 1.65, 1.66 openssh-4.1p1-pam-loginuid.patch, 1.1, NONE

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Oct 7 12:29:19 UTC 2005


Author: tmraz

Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10729

Modified Files:
	openssh-4.1p1-nologin.patch openssh.spec 
Added Files:
	openssh-4.2p1-pam-auth-fail-info.patch 
	openssh-4.2p1-pam-no-stack.patch 
	openssh-4.2p1-scp-no-system.patch 
Removed Files:
	openssh-4.1p1-pam-loginuid.patch 
Log Message:
* Fri Oct  7 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-2
- use include instead of pam_stack in pam config
- use fork+exec instead of system in scp (#168167)
- upstream patch for displaying authentication errors


openssh-4.2p1-pam-auth-fail-info.patch:
 auth-pam.c |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletion(-)

--- NEW FILE openssh-4.2p1-pam-auth-fail-info.patch ---
Index: auth-pam.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
retrieving revision 1.121
diff -u -p -r1.121 auth-pam.c
--- auth-pam.c	20 Jan 2005 02:29:51 -0000	1.121
+++ auth-pam.c	2 May 2005 05:49:45 -0000
@@ -691,8 +691,18 @@ sshpam_query(void *ctx, char **name, cha
 			plen++;
 			xfree(msg);
 			break;
-		case PAM_SUCCESS:
 		case PAM_AUTH_ERR:
+			debug3("PAM: PAM_AUTH_ERR");
+			if (**prompts != NULL && strlen(**prompts) != 0) {
+				*info = **prompts;
+				**prompts = NULL;
+				*num = 0;
+				**echo_on = 0;
+				ctxt->pam_done = -1;
+				return 0;
+			}
+			/* FALLTHROUGH */
+		case PAM_SUCCESS:
 			if (**prompts != NULL) {
 				/* drain any accumulated messages */
 				debug("PAM: %s", **prompts);

openssh-4.2p1-pam-no-stack.patch:
 sshd.pam |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

--- NEW FILE openssh-4.2p1-pam-no-stack.patch ---
--- openssh-4.2p1/contrib/redhat/sshd.pam.stack	2004-07-21 03:01:41.000000000 +0200
+++ openssh-4.2p1/contrib/redhat/sshd.pam	2005-10-07 14:18:50.000000000 +0200
@@ -1,6 +1,7 @@
 #%PAM-1.0
-auth       required     pam_stack.so service=system-auth
-auth       required     pam_nologin.so
-account    required     pam_stack.so service=system-auth
-password   required     pam_stack.so service=system-auth
-session    required     pam_stack.so service=system-auth
+auth       include      system-auth
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+session    required     pam_loginuid.so

openssh-4.2p1-scp-no-system.patch:
 scp.c |  129 ++++++++++++++++++++++++++++++++++++++++++++++--------------------
 1 files changed, 90 insertions(+), 39 deletions(-)

--- NEW FILE openssh-4.2p1-scp-no-system.patch ---
--- openssh-4.2p1/scp.c.no-system	2005-09-06 15:27:10.000000000 +0200
+++ openssh-4.2p1/scp.c	2005-09-28 21:58:07.000000000 +0200
@@ -185,6 +185,46 @@
 	return 0;
 }
 
+int
+do_spawnwait(arglist *alist)
+{
+	int status;
+
+	if (verbose_mode) {
+		int i;
+		
+		fprintf(stderr, "Executing:");
+		for (i = 0; alist->list[i] != NULL; i++) {
+			fprintf(stderr, " %s", alist->list[i]);
+		}
+		fprintf(stderr, "\n");
+	}
+	/* Fork a child to execute the command. */
+	do_cmd_pid = fork();
+	if (do_cmd_pid == 0) {
+		/* Child. */
+
+		execvp(alist->list[0], alist->list);
+		perror(alist->list[0]);
+		exit(1);
+	} else if (do_cmd_pid == -1) {
+		fatal("fork: %s", strerror(errno));
+	}
+	signal(SIGTERM, killchild);
+	signal(SIGINT, killchild);
+	signal(SIGHUP, killchild);
+	
+	while (waitpid(do_cmd_pid, &status, 0) != do_cmd_pid) {
+	    if (errno != EINTR) {
+		fatal("waitpid: %s", strerror(errno));
+	    }
+	}
+	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+	    return 1;
+
+	return 0;
+}
+
 typedef struct {
 	size_t cnt;
 	char *buf;
@@ -360,10 +400,27 @@
 }
 
 void
+clearargs(arglist *alist)
+{
+	int i = alist->num;
+	while (i > 0) {
+		i--;
+		if (alist->list[i]) {
+			xfree(alist->list[i]);
+			alist->list[i] = NULL;
+		}
+	}
+	alist->num = 0;
+}
+
+void
 toremote(char *targ, int argc, char **argv)
 {
 	int i, len;
 	char *bp, *host, *src, *suser, *thost, *tuser, *arg;
+	arglist alist;
+	memset(&alist, 0, sizeof(alist));
+
 
 	*targ++ = 0;
 	if (*targ == 0)
@@ -381,20 +438,26 @@
 		tuser = NULL;
 	}
 
+	if (tuser && !okname(tuser)) {
+		xfree(arg);
+		return;
+	}
+
 	for (i = 0; i < argc - 1; i++) {
 		src = colon(argv[i]);
 		if (src) {	/* remote to remote */
-			static char *ssh_options =
-			    "-x -o'ClearAllForwardings yes'";
+			clearargs(&alist);
+			addargs(&alist, "%s", ssh_program);
+			if (verbose_mode)
+				addargs(&alist, "-v");
+			addargs(&alist, "-x");
+			addargs(&alist, "-oClearAllForwardings yes");
+			addargs(&alist, "-t");
 			*src++ = 0;
 			if (*src == 0)
 				src = ".";
 			host = strrchr(argv[i], '@');
-			len = strlen(ssh_program) + strlen(argv[i]) +
-			    strlen(src) + (tuser ? strlen(tuser) : 0) +
-			    strlen(thost) + strlen(targ) +
-			    strlen(ssh_options) + CMDNEEDS + 20;
-			bp = xmalloc(len);
+			
 			if (host) {
 				*host++ = 0;
 				host = cleanhostname(host);
@@ -402,35 +465,22 @@
 				if (*suser == '\0')
 					suser = pwd->pw_name;
 				else if (!okname(suser)) {
-					xfree(bp);
-					continue;
-				}
-				if (tuser && !okname(tuser)) {
-					xfree(bp);
 					continue;
 				}
-				snprintf(bp, len,
-				    "%s%s %s -t "
-				    "-l %s %s %s %s '%s%s%s:%s'",
-				    ssh_program, verbose_mode ? " -v" : "",
-				    ssh_options, suser, host, cmd, src,
-				    tuser ? tuser : "", tuser ? "@" : "",
-				    thost, targ);
+				addargs(&alist, "-l");
+				addargs(&alist, "%s", suser);
 			} else {
 				host = cleanhostname(argv[i]);
-				snprintf(bp, len,
-				    "exec %s%s %s -t %s "
-				    "%s %s '%s%s%s:%s'",
-				    ssh_program, verbose_mode ? " -v" : "",
-				    ssh_options, host, cmd, src,
+			}
+			
+			addargs(&alist, "%s", host);
+			addargs(&alist, "%s", cmd);
+			addargs(&alist, "%s", src);
+			addargs(&alist, "%s%s%s:%s",
 				    tuser ? tuser : "", tuser ? "@" : "",
 				    thost, targ);
-			}
-			if (verbose_mode)
-				fprintf(stderr, "Executing: %s\n", bp);
-			if (system(bp) != 0)
+			if (do_spawnwait(&alist) != 0)
 				errs = 1;
-			(void) xfree(bp);
 		} else {	/* local to remote */
 			if (remin == -1) {
 				len = strlen(targ) + CMDNEEDS + 20;
@@ -454,20 +504,21 @@
 {
 	int i, len;
 	char *bp, *host, *src, *suser;
+	arglist alist;
+	memset(&alist, 0, sizeof(alist));
 
 	for (i = 0; i < argc - 1; i++) {
 		if (!(src = colon(argv[i]))) {	/* Local to local. */
-			len = strlen(_PATH_CP) + strlen(argv[i]) +
-			    strlen(argv[argc - 1]) + 20;
-			bp = xmalloc(len);
-			(void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
-			    iamrecursive ? " -r" : "", pflag ? " -p" : "",
-			    argv[i], argv[argc - 1]);
-			if (verbose_mode)
-				fprintf(stderr, "Executing: %s\n", bp);
-			if (system(bp))
+			clearargs(&alist);
+			addargs(&alist, "%s", _PATH_CP);
+			if (iamrecursive)
+				addargs(&alist, "-r");
+			if (pflag)
+				addargs(&alist, "-p");
+			addargs(&alist, "%s", argv[i]);
+			addargs(&alist, "%s", argv[argc-1]);
+			if (do_spawnwait(&alist))
 				++errs;
-			(void) xfree(bp);
 			continue;
 		}
 		*src++ = 0;

openssh-4.1p1-nologin.patch:
 monitor.c |    4 +---
 session.c |    4 ++++
 2 files changed, 5 insertions(+), 3 deletions(-)

Index: openssh-4.1p1-nologin.patch
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh-4.1p1-nologin.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- openssh-4.1p1-nologin.patch	29 Jun 2005 11:24:36 -0000	1.2
+++ openssh-4.1p1-nologin.patch	7 Oct 2005 12:29:15 -0000	1.3
@@ -1,13 +1,3 @@
---- openssh-4.1p1/contrib/redhat/sshd.pam.nologin	2005-06-29 11:30:56.000000000 +0200
-+++ openssh-4.1p1/contrib/redhat/sshd.pam	2005-06-29 11:30:56.000000000 +0200
-@@ -1,6 +1,6 @@
- #%PAM-1.0
- auth       required     pam_stack.so service=system-auth
--auth       required     pam_nologin.so
-+account    required     pam_nologin.so
- account    required     pam_stack.so service=system-auth
- password   required     pam_stack.so service=system-auth
- session    required     pam_stack.so service=system-auth
 --- openssh-4.1p1/session.c.nologin	2005-06-29 11:30:56.000000000 +0200
 +++ openssh-4.1p1/session.c	2005-06-29 11:30:56.000000000 +0200
 @@ -1236,6 +1236,10 @@


Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- openssh.spec	6 Sep 2005 19:55:17 -0000	1.65
+++ openssh.spec	7 Oct 2005 12:29:15 -0000	1.66
@@ -74,7 +74,7 @@
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
 Name: openssh
 Version: 4.2p1
-%define rel 1
+%define rel 2
 %if %{rescue}
 Release: %{rel}rescue
 %else
@@ -102,10 +102,12 @@
 Patch23: openssh-3.9p1-no-log-signal.patch
 Patch24: openssh-3.9p1-fromto-remote.patch
 Patch26: openssh-4.0p1-krb5-valid.patch
-Patch27: openssh-4.1p1-pam-loginuid.patch
+Patch27: openssh-4.2p1-pam-stack.patch
 Patch28: openssh-4.1p1-nologin.patch
 Patch30: openssh-4.0p1-exit-deadlock.patch
 Patch31: openssh-3.9p1-skip-used.patch
+Patch32: openssh-4.2p1-pam-auth-fail-info.patch
+Patch33: openssh-4.2p1-scp-no-system.patch
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -243,10 +245,12 @@
 %patch23 -p1 -b .signal
 %patch24 -p1 -b .fromto-remote
 %patch26 -p0 -b .krb5-valid
-%patch27 -p1 -b .loginuid
+%patch27 -p1 -b .stack
 %patch28 -p1 -b .nologin
 %patch30 -p1 -b .exit-deadlock
 %patch31 -p1 -b .skip-used
+%patch32 -p1 -b .auth-fail-info
+%patch33 -p1 -b .no-system
 
 autoreconf
 
@@ -524,6 +528,11 @@
 %endif
 
 %changelog
+* Fri Oct  7 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-2
+- use include instead of pam_stack in pam config
+- use fork+exec instead of system in scp (#168167)
+- upstream patch for displaying authentication errors
+
 * Tue Sep 06 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-1
 - upgrade to a new upstream version
 


--- openssh-4.1p1-pam-loginuid.patch DELETED ---




More information about the fedora-cvs-commits mailing list