20010105
- (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
diff --git a/ChangeLog b/ChangeLog
index eb20349..7135018 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+20010105
+ - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
+
20010104
- (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
work by Chris Vaughan <vaughan99@yahoo.com>
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
new file mode 100644
index 0000000..3191c67
--- /dev/null
+++ b/contrib/caldera/openssh.spec
@@ -0,0 +1,334 @@
+# Version of OpenSSH
+%define oversion 2.3.0p2
+
+# Version of ssh-askpass
+%define aversion 1.1.1
+
+# Do we want to disable building of x11-askpass? (1=yes 0=no)
+%define no_x11_askpass 0
+
+# Do we want to disable building of gnome-askpass? (1=yes 0=no)
+%define no_gnome_askpass 1
+
+# Do we want to include contributed programs? (1=yes 0=no)
+%define contrib_programs 1
+
+Summary: OpenSSH free Secure Shell (SSH) implementation
+Name: openssh
+Version: %{oversion}
+Release: 1
+Packager: Damien Miller <djm@mindrot.org>
+URL: http://www.openssh.com/
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz
+Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
+Copyright: BSD
+Group: Applications/Internet
+BuildRoot: /var/tmp/openssh-%{Version}-buildroot
+#BuildRoot: /tmp/openssh-%{Version}-buildroot
+Obsoletes: ssh
+PreReq: openssl >= 0.9.5a
+Requires: openssl >= 0.9.5a
+BuildPreReq: perl, openssl-devel, tcp_wrappers
+BuildPreReq: /bin/login, /usr/bin/rsh, /usr/include/security/pam_appl.h
+%if ! %{no_gnome_askpass}
+BuildPreReq: gnome-libs-devel
+%endif
+
+%package clients
+Summary: OpenSSH Secure Shell protocol clients
+Requires: openssh = %{Version}-%{release}
+Group: Applications/Internet
+Obsoletes: ssh-clients
+
+%package server
+Summary: OpenSSH Secure Shell protocol server (sshd)
+Group: System Environment/Daemons
+Obsoletes: ssh-server
+#PreReq: openssh chkconfig >= 0.9
+
+%package askpass
+Summary: OpenSSH X11 passphrase dialog
+Group: Applications/Internet
+Requires: openssh = %{Version}-%{release}
+Obsoletes: ssh-extras
+
+%package askpass-gnome
+Summary: OpenSSH GNOME passphrase dialog
+Group: Applications/Internet
+Requires: openssh = %{Version}-%{release}
+Obsoletes: ssh-extras
+
+%description
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to separate libraries (OpenSSL).
+
+This package includes the core files necessary for both the OpenSSH
+client and server. To make this package useful, you should also
+install openssh-clients, openssh-server, or both.
+
+%description clients
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to separate libraries (OpenSSL).
+
+This package includes the clients necessary to make encrypted connections
+to SSH servers.
+
+%description server
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to separate libraries (OpenSSL).
+
+This package contains the secure shell daemon. The sshd is the server
+part of the secure shell protocol and allows ssh clients to connect to
+your host.
+
+%description askpass
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to separate libraries (OpenSSL).
+
+This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
+dialog.
+
+%description askpass-gnome
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to separate libraries (OpenSSL).
+
+This package contains the GNOME passphrase dialog.
+
+%prep
+
+%setup -a 1
+
+%build
+
+%define _sysconfdir /etc/ssh
+
+CFLAGS="$RPM_OPT_FLAGS" \
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=%{_libexecdir}/openssh \
+ --with-tcp-wrappers \
+ --with-ipv4-default \
+ --with-rsh=/usr/bin/rsh
+
+make
+
+%if ! %{no_x11_askpass}
+cd x11-ssh-askpass-%{aversion}
+xmkmf -a
+make
+cd ..
+%endif
+
+%if ! %{no_gnome_askpass}
+cd contrib
+gcc -O -g `gnome-config --cflags gnome gnomeui` \
+ gnome-ssh-askpass.c -o gnome-ssh-askpass \
+ `gnome-config --libs gnome gnomeui`
+cd ..
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT/
+
+# setup the environment we want
+perl -pi -e "s,PermitRootLogin yes,PermitRootLogin no,;" \
+ -e "s,X11Forwarding no,X11Forwarding yes,;" \
+ -e "s,CheckMail no,CheckMail yes,;" \
+ -e "s,^#Subsystem sftp,Subsystem sftp,;" \
+ $RPM_BUILD_ROOT/etc/ssh/sshd_config
+
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -d $RPM_BUILD_ROOT/etc/sysconfig/daemons
+install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
+install -d $RPM_BUILD_ROOT/usr/local/bin
+install -d $RPM_BUILD_ROOT/usr/local/man/man1
+install -m644 contrib/caldera/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -m755 contrib/caldera/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+install -m755 contrib/caldera/sshd.daemons $RPM_BUILD_ROOT/etc/sysconfig/daemons/sshd
+perl -pi -e "s,\@OPENSSH_VERSION\@,%{Name}-%{Version},g" \
+ $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+perl -pi -e "s,\@OPENSSH_VERSION\@,%{Name}-%{Version},g" \
+ $RPM_BUILD_ROOT/etc/sysconfig/daemons/sshd
+%if %{contrib_programs}
+install -m755 contrib/make-ssh-known-hosts.pl $RPM_BUILD_ROOT/usr/local/bin
+install -m644 contrib/make-ssh-known-hosts.1 $RPM_BUILD_ROOT/usr/local/man/man1
+install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/local/bin
+install -m644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT/usr/local/man/man1
+%endif
+
+%if ! %{no_x11_askpass}
+install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/x11-ssh-askpass
+ln -s /usr/libexec/openssh/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/ssh-askpass
+install -d $RPM_BUILD_ROOT/usr/X11R6/man/man1
+install -c -m 0444 x11-ssh-askpass-%{aversion}/x11-ssh-askpass.man $RPM_BUILD_ROOT/usr/X11R6/man/man1/x11-ssh-askpass.1x
+ln -s /usr/X11R6/man/man1/x11-ssh-askpass.1x $RPM_BUILD_ROOT/usr/X11R6/man/man1/ssh-askpass.1x
+%endif
+
+%if ! %{no_gnome_askpass}
+install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/gnome-ssh-askpass
+%endif
+
+%clean
+##rm -rf $RPM_BUILD_ROOT
+
+%post server
+if [ "$1" = 1 ]; then
+ echo "Creating SSH stop/start scripts in the rc directories..."
+# /sbin/chkconfig --add sshd
+ lisa --SysV-init install sshd S90 2:3:4:5 K05 0:1:6
+fi
+if test -r /var/run/sshd.pid
+then
+ echo "Restarting the running SSH daemon..."
+ /etc/rc.d/init.d/sshd restart >&2
+else
+ echo "Starting the SSH daemon..."
+ /etc/rc.d/init.d/sshd start >&2
+fi
+
+%preun server
+if [ "$1" = 0 ] ; then
+ echo "Stopping the SSH daemon..."
+ /etc/rc.d/init.d/sshd stop >&2
+ echo "Removing SSH stop/start scripts from the rc directories..."
+# /sbin/chkconfig --del sshd
+ lisa --SysV-init remove sshd $1
+fi
+
+%files
+%defattr(-,root,root)
+%doc ChangeLog OVERVIEW README* INSTALL
+%doc CREDITS LICENCE
+%attr(0755,root,root) %{_bindir}/ssh-keygen
+%attr(0755,root,root) %{_bindir}/scp
+%attr(0755,root,root) %{_bindir}/ssh-keyscan
+%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %{_mandir}/man1/scp.1*
+%attr(0755,root,root) %dir %{_sysconfdir}
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/primes
+%attr(0755,root,root) %dir %{_libexecdir}/openssh
+
+%files clients
+%defattr(-,root,root)
+%attr(4755,root,root) %{_bindir}/ssh
+%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(0755,root,root) %{_bindir}/ssh-add
+%attr(0644,root,root) %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config
+%attr(-,root,root) %{_bindir}/slogin
+%attr(-,root,root) %{_mandir}/man1/slogin.1*
+%if %{contrib_programs}
+%attr(0755,root,root) /usr/local/bin/make-ssh-known-hosts.pl
+%attr(0644,root,root) /usr/local/man/man1/make-ssh-known-hosts.1
+%attr(0755,root,root) /usr/local/bin/ssh-copy-id
+%attr(0644,root,root) /usr/local/man/man1/ssh-copy-id.1
+%endif
+
+%files server
+%defattr(-,root,root)
+%attr(0751,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
+%attr(0644,root,root) %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
+%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
+%attr(0755,root,root) %config /etc/sysconfig/daemons/sshd
+
+%if ! %{no_x11_askpass}
+%files askpass
+%defattr(-,root,root)
+%doc x11-ssh-askpass-%{aversion}/README
+%doc x11-ssh-askpass-%{aversion}/ChangeLog
+%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
+%attr(0644,root,root) /usr/X11R6/man/man1/x11-ssh-askpass.1x
+%attr(-,root,root) /usr/X11R6/man/man1/ssh-askpass.1x
+%endif
+
+%if ! %{no_gnome_askpass}
+%files askpass-gnome
+%defattr(-,root,root)
+%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+%changelog
+* Mon Oct 18 2000 Damien Miller <djm@mindrot.org>
+- Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
+ Redhat 7.0 spec file
+* Tue Sep 05 2000 Damien Miller <djm@mindrot.org>
+- Use RPM configure macro
+* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
+- Some surgery to sshd.init (generate keys at runtime)
+- Cleanup of groups and removal of keygen calls
+* Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
+- Make building of X11-askpass and gnome-askpass optional
+* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
+- Glob manpages to catch compressed files
+* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
+- Added Jim Knoble's <jmknoble@pobox.com> askpass
+* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
+* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
+- Added 'Obsoletes' directives
+* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
+- Use make install
+- Subpackages
+* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
+- Renamed init script
+* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
+- Back to old binary names
+* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
+- Use autoconf
+- New binary names
+* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
+
diff --git a/contrib/caldera/sshd.daemons b/contrib/caldera/sshd.daemons
new file mode 100644
index 0000000..b751504
--- /dev/null
+++ b/contrib/caldera/sshd.daemons
@@ -0,0 +1,6 @@
+IDENT=sshd
+SHORT="sshd"
+DESCRIPTIVE="@OPENSSH_VERSION@"
+DAEMON=/usr/sbin/sshd
+# DAEMON_ARGS="-p some_other_port"
+ONBOOT=yes
diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init
new file mode 100755
index 0000000..1764339
--- /dev/null
+++ b/contrib/caldera/sshd.init
@@ -0,0 +1,99 @@
+#! /bin/sh
+#
+# Generic network daemon RC script. If installed as /etc/rc.d/init.d/foobar,
+# it source /etc/sysconfig/daemons/foobar and looks at the
+# variable definitions (Bourne shell syntax). Variables marked with an
+# asterisk are required.
+#
+# * IDENT=sshd
+# DESCRIPTIVE="@OPENSSH_VERSION@"
+# * DAEMON=/usr/sbin/sshd
+# DAEMON_ARGS="-p some_other_port"
+# ONBOOT=yes
+#
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+# Source function library, check sysconfig/daemon file and source it.
+. /etc/rc.d/init.d/functions
+
+[ -x $DAEMON ] || exit 0
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+do_rsa1_keygen() {
+ if ! test -f $RSA1_KEY ; then
+ echo -n "Generating SSH1 RSA host key: "
+ if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ echo "RSA1 key generation success"
+ else
+ echo "RSA1 key generation failure"
+ exit 1
+ fi
+ fi
+}
+do_rsa_keygen() {
+ if ! test -f $RSA_KEY ; then
+ echo -n "Generating SSH2 RSA host key: "
+ if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ echo "RSA key generation success"
+ else
+ echo "RSA key generation failure"
+ exit 1
+ fi
+ fi
+}
+do_dsa_keygen() {
+ if ! test -f $DSA_KEY ; then
+ echo -n "Generating SSH2 DSA host key: "
+ if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ echo "DSA key generation success"
+ else
+ echo "DSA key generation failure"
+ exit 1
+ fi
+ fi
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ # Create keys if necessary
+ do_rsa1_keygen
+ do_rsa_keygen
+ do_dsa_keygen
+
+ # Start daemons.
+ [ ! -e $LOCK ] || exit 1
+ echo -n "Starting $SUBSYS services: "
+ start-stop-daemon -S -n $IDENT -x $DAEMON -- $DAEMON_ARGS
+ sleep 1
+ echo .
+ touch $LOCK
+ ;;
+ stop)
+ # Stop daemons.
+ [ -e $LOCK ] || exit 0
+ echo -n "Stopping $SUBSYS services: "
+ start-stop-daemon -K -n $IDENT -x $DAEMON
+ echo
+ rm -f $LOCK
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: $SUBSYS {start|stop|restart}"
+ exit 1
+esac
+
+exit 0
diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam
new file mode 100644
index 0000000..26dcb34
--- /dev/null
+++ b/contrib/caldera/sshd.pam
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_pwdb.so shadow nodelay
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_pwdb.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+session required /lib/security/pam_pwdb.so
+session required /lib/security/pam_limits.so