[gsi-openssh/el5] Change package name gsissh → gsi-openssh Based on openssh-4.3p2-72.el5_7.5
Mattias Ellert
ellert at fedoraproject.org
Thu Nov 17 19:30:34 UTC 2011
commit 98c611fce88bcbce7fabfb5991b0b78a156fa734
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Thu Nov 17 19:52:38 2011 +0100
Change package name gsissh → gsi-openssh
Based on openssh-4.3p2-72.el5_7.5
.gitignore | 1 +
README.sshd-and-gsisshd | 12 +
gsi-openssh.spec | 468 +++++
gsisshd.sysconfig | 16 +
openssh-3.8.1p1-krb5-config.patch | 16 +
openssh-3.9p1-askpass-keep-above.patch | 11 +
openssh-3.9p1-cve-2006-5051.patch | 11 +
openssh-3.9p1-log-in-chroot.patch | 53 +
openssh-3.9p1-no-log-signal.patch | 32 +
openssh-3.9p1-noinitlog.patch | 11 +
openssh-3.9p1-safe-stop.patch | 41 +
openssh-3.9p1-scp-manpage.patch | 17 +
openssh-3.9p1-skip-used.patch | 12 +
openssh-4.0p1-exit-deadlock.patch | 13 +
openssh-4.2p1-askpass-progress.patch | 78 +
openssh-4.2p1-pam-no-stack.patch | 16 +
openssh-4.3p1-audit.patch | 186 ++
openssh-4.3p1-fromto-remote.patch | 15 +
openssh-4.3p1-redhat.patch | 99 +
openssh-4.3p1-vendor.patch | 148 ++
openssh-4.3p2-allow-ip-opts.patch | 59 +
openssh-4.3p2-askpass-grab-info.patch | 18 +
openssh-4.3p2-biguid.patch | 12 +
openssh-4.3p2-buffer-len.patch | 144 ++
openssh-4.3p2-cbc.patch | 360 ++++
openssh-4.3p2-chroot.patch | 547 ++++++
openssh-4.3p2-configure-typo.patch | 10 +
openssh-4.3p2-coverity-memleaks.patch | 123 ++
openssh-4.3p2-crypto-audit.patch | 641 +++++++
openssh-4.3p2-cve-2006-4924.patch | 96 +
openssh-4.3p2-cve-2006-5052.patch | 102 ++
openssh-4.3p2-cve-2006-5794.patch | 33 +
openssh-4.3p2-cve-2007-3102.patch | 62 +
openssh-4.3p2-cve-2007-4752.patch | 50 +
openssh-4.3p2-engine.patch | 147 ++
openssh-4.3p2-entropy.patch | 211 +++
openssh-4.3p2-fips.patch | 656 +++++++
openssh-4.3p2-forced.patch | 121 ++
openssh-4.3p2-gsissh.patch | 3111 ++++++++++++++++++++++++++++++++
openssh-4.3p2-gssapi-canohost.patch | 25 +
openssh-4.3p2-gssapi-no-spnego.patch | 67 +
openssh-4.3p2-hangexit.patch | 94 +
openssh-4.3p2-init-status.patch | 12 +
openssh-4.3p2-initscript.patch | 29 +
openssh-4.3p2-keygen.patch | 27 +
openssh-4.3p2-latency.patch | 110 ++
openssh-4.3p2-localtime.patch | 11 +
openssh-4.3p2-mls.patch | 229 +++
openssh-4.3p2-no-dup-logs.patch | 167 ++
openssh-4.3p2-no-v6only.patch | 11 +
openssh-4.3p2-nss-keys.patch | 1394 ++++++++++++++
openssh-4.3p2-pam-session.patch | 129 ++
openssh-4.3p2-randclean.patch | 13 +
openssh-4.3p2-scp-print-err.patch | 27 +
openssh-4.3p2-selinux-rolechg.patch | 256 +++
openssh-4.3p2-selinux.patch | 411 +++++
openssh-4.3p2-sftp-drain-acks.patch | 68 +
openssh-4.3p2-sftp-log.patch | 836 +++++++++
openssh-4.3p2-skip-initial.patch | 26 +
openssh-4.3p2-sshsocketleak.patch | 13 +
openssh-4.3p2-stderr.patch | 149 ++
openssh-4.3p2-unblock-signals.patch | 42 +
openssh-nukeacss.sh | 19 +
sources | 1 +
64 files changed, 11925 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..e931757 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/*.tar.bz2
diff --git a/README.sshd-and-gsisshd b/README.sshd-and-gsisshd
new file mode 100644
index 0000000..15f6d87
--- /dev/null
+++ b/README.sshd-and-gsisshd
@@ -0,0 +1,12 @@
+The regular sshd daemon and the gsi enabled gsisshd daemon can not
+both listen for connections on the same port.
+
+You can either deactivate the regular sshd before starting gsisshd or
+change the configuration of gsisshd to use a different port than the
+standard ssh port number 22. Common choices for an alternative port
+number are 23, 222 or 2222.
+
+If you configure gsisshd to only accept gsi connections and not accept
+other types of connections that require the existence of the ssh host
+keys, you can turn off the generation of these keys in
+/etc/sysconfig/gsisshd.
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
new file mode 100644
index 0000000..cf6813b
--- /dev/null
+++ b/gsi-openssh.spec
@@ -0,0 +1,468 @@
+# gsissh is openssh with support for GSI authentication
+# This gsissh specfile is based on the openssh specfile
+
+%global WITH_SELINUX 1
+%if %{WITH_SELINUX}
+# Audit patch applicable only over SELinux patch
+%global WITH_AUDIT 1
+%else
+%global WITH_AUDIT 0
+%endif
+
+# OpenSSH privilege separation requires a user & group ID
+%global sshd_uid 74
+%global sshd_gid 74
+
+# Build position-independent executables (requires toolchain support)?
+%global pie 1
+
+# Do we want kerberos5 support (1=yes 0=no)
+# It is not possible to support kerberos5 and GSI at the same time
+%global kerberos5 0
+
+# Do we want GSI support (1=yes 0=no)
+%global gsi 1
+
+# Do we want NSS tokens support
+%global nss 1
+
+# Whether or not /sbin/nologin exists.
+%global nologin 1
+
+Summary: An implementation of the SSH protocol with GSI authentication
+Name: gsi-openssh
+Version: 4.3p2
+Release: 3%{?dist}
+Provides: gsissh = %{version}-%{release}
+Obsoletes: gsissh < 4.3p2-3
+URL: http://www.openssh.com/portable.html
+#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
+# This package differs from the upstream OpenSSH tarball in that it
+# removes the ACSS cipher.
+Source0: openssh-%{version}-noacss.tar.bz2
+Source1: openssh-nukeacss.sh
+Source7: gsisshd.sysconfig
+Source99: README.sshd-and-gsisshd
+Patch0: openssh-4.3p1-redhat.patch
+Patch2: openssh-4.3p2-skip-initial.patch
+Patch3: openssh-3.8.1p1-krb5-config.patch
+Patch4: openssh-4.3p1-vendor.patch
+Patch5: openssh-3.9p1-noinitlog.patch
+Patch12: openssh-4.3p2-selinux.patch
+Patch16: openssh-4.3p1-audit.patch
+Patch21: openssh-3.9p1-safe-stop.patch
+Patch22: openssh-3.9p1-askpass-keep-above.patch
+Patch23: openssh-3.9p1-no-log-signal.patch
+Patch24: openssh-4.3p1-fromto-remote.patch
+Patch25: openssh-4.3p2-scp-print-err.patch
+Patch26: openssh-4.2p1-pam-no-stack.patch
+Patch27: openssh-3.9p1-log-in-chroot.patch
+Patch30: openssh-4.0p1-exit-deadlock.patch
+Patch31: openssh-3.9p1-skip-used.patch
+Patch35: openssh-4.2p1-askpass-progress.patch
+Patch36: openssh-4.3p2-buffer-len.patch
+Patch37: openssh-4.3p2-configure-typo.patch
+Patch38: openssh-4.3p2-askpass-grab-info.patch
+Patch39: openssh-4.3p2-no-v6only.patch
+Patch40: openssh-4.3p2-coverity-memleaks.patch
+Patch41: openssh-4.3p2-gssapi-no-spnego.patch
+Patch42: openssh-4.3p2-no-dup-logs.patch
+Patch43: openssh-4.3p2-localtime.patch
+Patch44: openssh-4.3p2-allow-ip-opts.patch
+Patch45: openssh-4.3p2-cve-2006-4924.patch
+Patch46: openssh-3.9p1-cve-2006-5051.patch
+Patch47: openssh-4.3p2-cve-2006-5794.patch
+Patch48: openssh-4.3p2-initscript.patch
+Patch49: openssh-4.3p2-pam-session.patch
+Patch50: openssh-4.3p2-gssapi-canohost.patch
+Patch51: openssh-4.3p2-mls.patch
+Patch52: openssh-4.3p2-selinux-rolechg.patch
+Patch53: openssh-4.3p2-cve-2006-5052.patch
+Patch54: openssh-4.3p2-nss-keys.patch
+Patch55: openssh-4.3p2-cve-2007-3102.patch
+Patch56: openssh-4.3p2-sftp-drain-acks.patch
+Patch57: openssh-4.3p2-cve-2007-4752.patch
+Patch58: openssh-4.3p2-fips.patch
+Patch59: openssh-3.9p1-scp-manpage.patch
+Patch60: openssh-4.3p2-latency.patch
+Patch61: openssh-4.3p2-init-status.patch
+Patch62: openssh-4.3p2-sftp-log.patch
+Patch63: openssh-4.3p2-chroot.patch
+Patch64: openssh-4.3p2-hangexit.patch
+Patch65: openssh-4.3p2-cbc.patch
+Patch66: openssh-4.3p2-keygen.patch
+Patch67: openssh-4.3p2-sshsocketleak.patch
+Patch68: openssh-4.3p2-randclean.patch
+Patch69: openssh-4.3p2-stderr.patch
+Patch70: openssh-4.3p2-forced.patch
+Patch71: openssh-4.3p2-engine.patch
+Patch73: openssh-4.3p2-biguid.patch
+Patch74: openssh-4.3p2-crypto-audit.patch
+Patch76: openssh-4.3p2-entropy.patch
+
+# This is the patch that adds GSI support
+# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-4.3p2.patch
+Patch98: openssh-4.3p2-gsissh.patch
+
+# The gsissh server has problems with blocked signals in threaded globus libs
+# This patch from OSG resolves these problems
+Patch99: openssh-4.3p2-unblock-signals.patch
+
+License: BSD
+Group: Applications/Internet
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+%if %{nologin}
+Requires: /sbin/nologin
+%endif
+
+Requires: initscripts >= 5.20
+# We must require the FIPS version of openssl
+Requires: openssl >= 0.9.8e
+
+BuildRequires: autoconf, automake, perl, tcp_wrappers, zlib-devel
+BuildRequires: audit-libs-devel >= 1.7.18
+BuildRequires: util-linux, groff, man
+BuildRequires: pam-devel
+BuildRequires: fipscheck-devel
+BuildRequires: openssl-devel >= 0.9.8e
+
+%if %{kerberos5}
+BuildRequires: krb5-devel
+%endif
+
+%if %{gsi}
+BuildRequires: globus-gss-assist-devel
+%endif
+
+%if %{nss}
+BuildRequires: nss-devel
+%endif
+
+%if %{WITH_SELINUX}
+Requires: libselinux >= 1.27.7
+BuildRequires: libselinux-devel >= 1.27.7
+%endif
+
+%if %{WITH_AUDIT}
+Requires: audit-libs >= 1.0.8
+BuildRequires: audit-libs >= 1.0.8
+%endif
+
+BuildRequires: xauth
+
+%package clients
+Summary: SSH client applications with GSI authentication
+Provides: gsissh-clients = %{version}-%{release}
+Obsoletes: gsissh-clients < 4.3p2-3
+Requires: %{name} = %{version}-%{release}
+Group: Applications/Internet
+
+%package server
+Summary: SSH server daemon with GSI authentication
+Provides: gsissh-server = %{version}-%{release}
+Obsoletes: gsissh-server < 4.3p2-3
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires(post): chkconfig >= 0.9, /sbin/service
+Requires(pre): /usr/sbin/useradd
+Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so
+
+%description
+SSH (Secure SHell) is a program for logging into and executing
+commands on a remote machine. SSH is intended to replace rlogin and
+rsh, and to provide secure encrypted communications between two
+untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's version of the last free version of SSH, bringing
+it up to date in terms of security and features.
+
+This version of OpenSSH has been modified to support GSI authentication.
+
+This package includes the core files necessary for both the gsissh
+client and server. To make this package useful, you should also
+install gsi-openssh-clients, gsi-openssh-server, or both.
+
+%description clients
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package includes
+the clients necessary to make encrypted connections to SSH servers.
+
+This version of OpenSSH has been modified to support GSI authentication.
+
+%description server
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+the secure shell daemon (sshd). The sshd daemon allows SSH clients to
+securely connect to your SSH server.
+
+This version of OpenSSH has been modified to support GSI authentication.
+
+%prep
+
+%setup -q -n openssh-%{version}
+%patch0 -p1 -b .redhat
+%patch2 -p1 -b .skip-initial
+%patch3 -p1 -b .krb5-config
+%patch4 -p1 -b .vendor
+%patch5 -p1 -b .noinitlog
+
+%if %{WITH_SELINUX}
+#SELinux
+%patch12 -p1 -b .selinux
+%endif
+
+%if %{WITH_AUDIT}
+%patch16 -p1 -b .audit
+%endif
+
+%patch21 -p1 -b .safe-stop
+%patch22 -p1 -b .keep-above
+%patch23 -p1 -b .signal
+%patch24 -p1 -b .fromto-remote
+%patch25 -p1 -b .print-err
+%patch26 -p1 -b .stack
+%patch27 -p1 -b .log-chroot
+%patch30 -p1 -b .exit-deadlock
+%patch31 -p1 -b .skip-used
+%patch35 -p1 -b .progress
+%patch36 -p0 -b .buffer-len
+%patch37 -p1 -b .typo
+%patch38 -p1 -b .grab-info
+%patch39 -p1 -b .no-v6only
+%patch40 -p1 -b .memleaks
+%patch41 -p1 -b .no-spnego
+%patch42 -p1 -b .no-dups
+%patch43 -p1 -b .localtime
+%patch44 -p1 -b .ip-opts
+%patch45 -p1 -b .deattack-dos
+%patch46 -p1 -b .sig-no-cleanup
+%patch47 -p1 -b .verify
+%patch48 -p1 -b .initscript
+%patch49 -p1 -b .pam-sesssion
+%patch50 -p1 -b .canohost
+%patch51 -p1 -b .mls
+%patch52 -p1 -b .rolechg
+%patch53 -p1 -b .cve-2006-5052
+%patch54 -p1 -b .nss-keys
+%patch55 -p1 -b .inject-fix
+%patch56 -p1 -b .drain-acks
+%patch57 -p1 -b .cve-2007-4752
+%patch58 -p1 -b .fips
+%patch59 -p0 -b .manpage
+%patch60 -p1 -b .latency
+%patch61 -p1 -b .status
+%patch62 -p1 -b .sftp-log
+%patch63 -p1 -b .chroot
+%patch64 -p1 -b .hangexit
+%patch65 -p1 -b .cbc
+%patch66 -p1 -b .keygen
+%patch67 -p0 -b .socketleak
+%patch68 -p1 -b .randclean
+%patch69 -p1 -b .stderr
+%patch70 -p1 -b .forced
+%patch71 -p1 -b .engine
+%patch73 -p1 -b .biguid
+%patch74 -p1 -b .cryptoaudit
+%patch76 -p1 -b .entropy
+%patch98 -p1 -b .gsi
+%patch99 -p1 -b .signals
+
+sed 's/sshd.pid/gsisshd.pid/' -i pathnames.h
+sed 's!$(piddir)/sshd.pid!$(piddir)/gsisshd.pid!' -i Makefile.in
+
+cp -p %{SOURCE99} .
+
+autoreconf
+
+%build
+CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
+%if %{pie}
+%ifarch s390 s390x sparc sparc64
+CFLAGS="$CFLAGS -fPIE"
+%else
+CFLAGS="$CFLAGS -fpie"
+%endif
+export CFLAGS
+LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
+%endif
+%if %{kerberos5}
+krb5_prefix=`krb5-config --prefix`
+if test "$krb5_prefix" != "%{_prefix}" ; then
+ CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
+ CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
+ LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
+else
+ krb5_prefix=
+ CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
+ CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
+fi
+%endif
+
+%configure \
+ --sysconfdir=%{_sysconfdir}/gsissh \
+ --libexecdir=%{_libexecdir}/gsissh \
+ --datadir=%{_datadir}/gsissh \
+ --with-tcp-wrappers \
+ --with-rsh=%{_bindir}/rsh \
+ --with-default-path=/usr/local/bin:/bin:/usr/bin \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+ --with-privsep-path=%{_var}/empty/gsisshd \
+ --enable-vendor-patchlevel="FC-%{version}-%{release}" \
+ --disable-strip \
+ --without-zlib-version-check \
+ --with-ssl-engine \
+%if %{nss}
+ --with-nss \
+%endif
+ --with-pam \
+%if %{WITH_SELINUX}
+ --with-selinux \
+%endif
+%if %{WITH_AUDIT}
+ --with-linux-audit \
+%endif
+%if %{kerberos5}
+ --with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
+%else
+ --without-kerberos5 \
+%endif
+%if %{gsi}
+ --with-gsi
+%else
+ --without-gsi
+%endif
+
+make SSH_PROGRAM=%{_bindir}/gsissh \
+ ASKPASS_PROGRAM=%{_libexecdir}/openssh/ssh-askpass
+
+# Add generation of HMAC checksums of the final stripped binaries
+%define __spec_install_post \
+ %{?__debug_package:%{__debug_install_post}} \
+ %{__arch_install_post} \
+ %{__os_install_post} \
+ fipshmac $RPM_BUILD_ROOT%{_bindir}/gsissh \
+ fipshmac $RPM_BUILD_ROOT%{_sbindir}/gsisshd \
+%{nil}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/gsissh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/gsissh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/gsisshd/etc
+make install DESTDIR=$RPM_BUILD_ROOT
+
+touch $RPM_BUILD_ROOT%{_var}/empty/gsisshd/etc/localtime
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/sysconfig/
+install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -d $RPM_BUILD_ROOT%{_libexecdir}/gsissh
+install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/gsisshd
+install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/gsisshd
+install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/gsisshd
+
+rm $RPM_BUILD_ROOT%{_bindir}/ssh-add
+rm $RPM_BUILD_ROOT%{_bindir}/ssh-agent
+rm $RPM_BUILD_ROOT%{_bindir}/ssh-keyscan
+rm $RPM_BUILD_ROOT%{_mandir}/man1/ssh-add.1*
+rm $RPM_BUILD_ROOT%{_mandir}/man1/ssh-agent.1*
+rm $RPM_BUILD_ROOT%{_mandir}/man1/ssh-keyscan.1*
+rm $RPM_BUILD_ROOT%{_datadir}/gsissh/Ssh.bin
+
+for f in $RPM_BUILD_ROOT%{_bindir}/* \
+ $RPM_BUILD_ROOT%{_sbindir}/* \
+ $RPM_BUILD_ROOT%{_mandir}/man*/* ; do
+ mv $f `dirname $f`/gsi`basename $f`
+done
+ln -sf gsissh $RPM_BUILD_ROOT%{_bindir}/gsislogin
+ln -sf gsissh.1 $RPM_BUILD_ROOT%{_mandir}/man1/gsislogin.1
+
+perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
+
+rm -f README.nss.nss-keys
+%if ! %{nss}
+rm -f README.nss
+%endif
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre server
+getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
+%if %{nologin}
+getent passwd sshd >/dev/null || \
+ useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
+ -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
+%else
+getent passwd sshd >/dev/null || \
+ useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
+ -s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || :
+%endif
+
+%post server
+/sbin/chkconfig --add gsisshd
+
+%postun server
+/sbin/service gsisshd condrestart > /dev/null 2>&1 || :
+
+%preun server
+if [ "$1" = 0 ]
+then
+ /sbin/service gsisshd stop > /dev/null 2>&1 || :
+ /sbin/chkconfig --del gsisshd
+fi
+
+%files
+%defattr(-,root,root)
+%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
+%attr(0755,root,root) %dir %{_sysconfdir}/gsissh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gsissh/moduli
+%attr(0755,root,root) %{_bindir}/gsissh-keygen
+%attr(0644,root,root) %{_mandir}/man1/gsissh-keygen.1*
+%attr(0755,root,root) %dir %{_libexecdir}/gsissh
+%attr(4755,root,root) %{_libexecdir}/gsissh/ssh-keysign
+%attr(0644,root,root) %{_mandir}/man8/gsissh-keysign.8*
+
+%files clients
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/gsissh
+%attr(0644,root,root) %{_bindir}/.gsissh.hmac
+%attr(0644,root,root) %{_mandir}/man1/gsissh.1*
+%attr(0755,root,root) %{_bindir}/gsiscp
+%attr(0644,root,root) %{_mandir}/man1/gsiscp.1*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/gsissh/ssh_config
+%attr(0755,root,root) %{_bindir}/gsislogin
+%attr(0644,root,root) %{_mandir}/man1/gsislogin.1*
+%attr(0644,root,root) %{_mandir}/man5/gsissh_config.5*
+%attr(0755,root,root) %{_bindir}/gsisftp
+%attr(0644,root,root) %{_mandir}/man1/gsisftp.1*
+
+%files server
+%defattr(-,root,root)
+%dir %attr(0711,root,root) %{_var}/empty/gsisshd
+%dir %attr(0755,root,root) %{_var}/empty/gsisshd/etc
+%ghost %verify(not md5 size mtime) %{_var}/empty/gsisshd/etc/localtime
+%attr(0755,root,root) %{_sbindir}/gsisshd
+%attr(0644,root,root) %{_sbindir}/.gsisshd.hmac
+%attr(0755,root,root) %{_libexecdir}/gsissh/sftp-server
+%attr(0644,root,root) %{_mandir}/man5/gsisshd_config.5*
+%attr(0644,root,root) %{_mandir}/man8/gsisshd.8*
+%attr(0644,root,root) %{_mandir}/man8/gsisftp-server.8*
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gsissh/sshd_config
+%attr(0644,root,root) %config(noreplace) /etc/pam.d/gsisshd
+%attr(0755,root,root) /etc/rc.d/init.d/gsisshd
+%attr(0640,root,root) %config(noreplace) /etc/sysconfig/gsisshd
+
+%changelog
+* Thu Oct 06 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.3p2-3
+- Change package name gsissh → gsi-openssh
+- Based on openssh-4.3p2-72.el5_7.5
+
+* Wed Aug 10 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.3p2-2
+- Add patch from OSG to resolve threading problems in the server
+- Based on openssh-4.3p2-72.el5_6.3
+
+* Sun Mar 06 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.3p2-1
+- Inital packaging
+- Based on openssh-4.3p2-72.el5
diff --git a/gsisshd.sysconfig b/gsisshd.sysconfig
new file mode 100644
index 0000000..cdc3d39
--- /dev/null
+++ b/gsisshd.sysconfig
@@ -0,0 +1,16 @@
+# Configuration file for the sshd service.
+
+# The server keys are automatically generated if they ommited
+# to change the automatic creation uncomment the approprite
+# line.
+
+# AUTOCREATE_SERVER_KEYS=RSAONLY
+# AUTOCREATE_SERVER_KEYS=NO
+AUTOCREATE_SERVER_KEYS=YES
+
+# Do not change this option unless you have hardware random
+# generator and you REALLY know what you are doing/
+
+export SSH_USE_STRONG_RNG=0
+# export SSH_USE_STRONG_RNG=1
+
diff --git a/openssh-3.8.1p1-krb5-config.patch b/openssh-3.8.1p1-krb5-config.patch
new file mode 100644
index 0000000..f284632
--- /dev/null
+++ b/openssh-3.8.1p1-krb5-config.patch
@@ -0,0 +1,16 @@
+Search the path for krb5-config if the prefix wasn't specified.
+--- openssh-3.8p1/configure.ac 2004-02-26 21:17:12.000000000 -0500
++++ openssh-3.8p1/configure.ac 2004-02-26 21:17:06.000000000 -0500
+@@ -2077,8 +2077,10 @@
+ KRB5_MSG="yes"
+
+ AC_MSG_CHECKING(for krb5-config)
+- if test -x $KRB5ROOT/bin/krb5-config ; then
+- KRB5CONF=$KRB5ROOT/bin/krb5-config
++ AC_PATH_PROG([KRB5CONF],[krb5-config],
++ [$KRB5ROOT/bin/krb5-config],
++ [$KRB5ROOT/bin:$PATH])
++ if test -x $KRB5CONF ; then
+ AC_MSG_RESULT($KRB5CONF)
+
+ AC_MSG_CHECKING(for gssapi support)
diff --git a/openssh-3.9p1-askpass-keep-above.patch b/openssh-3.9p1-askpass-keep-above.patch
new file mode 100644
index 0000000..1b9f48c
--- /dev/null
+++ b/openssh-3.9p1-askpass-keep-above.patch
@@ -0,0 +1,11 @@
+--- openssh-3.9p1/contrib/gnome-ssh-askpass2.c.keep-above 2003-11-21 13:48:56.000000000 +0100
++++ openssh-3.9p1/contrib/gnome-ssh-askpass2.c 2005-02-08 08:44:02.099739294 +0100
+@@ -119,6 +119,8 @@
+ g_signal_connect(G_OBJECT(entry), "activate",
+ G_CALLBACK(ok_dialog), dialog);
+
++ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
++
+ /* Grab focus */
+ gtk_widget_show_now(dialog);
+ if (grab_pointer) {
diff --git a/openssh-3.9p1-cve-2006-5051.patch b/openssh-3.9p1-cve-2006-5051.patch
new file mode 100644
index 0000000..ab56f26
--- /dev/null
+++ b/openssh-3.9p1-cve-2006-5051.patch
@@ -0,0 +1,11 @@
+--- openssh-3.9p1/sshd.c.sig-no-cleanup 2006-09-27 13:33:35.000000000 +0200
++++ openssh-3.9p1/sshd.c 2006-09-28 09:58:35.000000000 +0200
+@@ -317,7 +317,7 @@
+ if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
+ kill(pmonitor->m_pid, SIGALRM);
+
+- cleanup_exit(SIGALRM);
++ _exit(SIGALRM);
+ }
+
+ /*
diff --git a/openssh-3.9p1-log-in-chroot.patch b/openssh-3.9p1-log-in-chroot.patch
new file mode 100644
index 0000000..222487b
--- /dev/null
+++ b/openssh-3.9p1-log-in-chroot.patch
@@ -0,0 +1,53 @@
+--- openssh-3.9p1/log.h.log-chroot 2006-02-22 10:54:04.000000000 +0100
++++ openssh-3.9p1/log.h 2006-02-22 10:53:29.000000000 +0100
+@@ -63,4 +63,6 @@
+
+ void do_log(LogLevel, const char *, va_list);
+ void cleanup_exit(int) __dead;
++
++void open_log(void);
+ #endif
+--- openssh-3.9p1/log.c.log-chroot 2006-02-22 13:29:48.000000000 +0100
++++ openssh-3.9p1/log.c 2006-02-22 10:56:01.000000000 +0100
+@@ -48,6 +48,7 @@
+ static int log_on_stderr = 1;
+ static int log_facility = LOG_AUTH;
+ static char *argv0;
++static int log_fd_keep;
+
+ extern char *__progname;
+
+@@ -330,9 +331,20 @@
+ syslog_r(pri, &sdata, "%.500s", fmtbuf);
+ closelog_r(&sdata);
+ #else
++ if (!log_fd_keep) {
+ openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
++ }
+ syslog(pri, "%.500s", fmtbuf);
++ if (!log_fd_keep) {
+ closelog();
++ }
+ #endif
+ }
+ }
++
++void
++open_log(void)
++{
++ openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
++ log_fd_keep = 1;
++}
+--- openssh-3.9p1/sshd.c.log-chroot 2006-01-11 13:42:32.000000000 +0100
++++ openssh-3.9p1/sshd.c 2006-02-22 18:58:24.000000000 +0100
+@@ -565,6 +565,10 @@
+ memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ endpwent();
+
++ /* Open the syslog permanently so the chrooted process still
++ can write to syslog. */
++ open_log();
++
+ /* Change our root directory */
+ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
+ fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
diff --git a/openssh-3.9p1-no-log-signal.patch b/openssh-3.9p1-no-log-signal.patch
new file mode 100644
index 0000000..ff24619
--- /dev/null
+++ b/openssh-3.9p1-no-log-signal.patch
@@ -0,0 +1,32 @@
+Don't use syslog in signal handler as syslog is not signal handler safe. It
+can for example deadlock if another syslog call is interrupted.
+--- openssh-4.3p1/serverloop.c.signal 2005-12-31 06:33:37.000000000 +0100
++++ openssh-4.3p1/serverloop.c 2006-02-06 20:01:27.000000000 +0100
+@@ -146,7 +146,6 @@
+ sigchld_handler(int sig)
+ {
+ int save_errno = errno;
+- debug("Received SIGCHLD.");
+ child_terminated = 1;
+ #ifndef _UNICOS
+ mysignal(SIGCHLD, sigchld_handler);
+@@ -749,6 +748,7 @@
+ sigaddset(&nset, SIGCHLD);
+ sigprocmask(SIG_BLOCK, &nset, &oset);
+ if (child_terminated) {
++ debug("Received SIGCHLD.");
+ while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
+ (pid < 0 && errno == EINTR))
+ if (pid > 0)
+--- openssh-4.3p1/sshd.c.signal 2006-02-01 17:08:17.000000000 +0100
++++ openssh-4.3p1/sshd.c 2006-02-01 17:08:17.000000000 +0100
+@@ -311,8 +311,7 @@
+ if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
+ kill(pmonitor->m_pid, SIGALRM);
+
+- /* Log error and exit. */
+- fatal("Timeout before authentication for %s", get_remote_ipaddr());
++ cleanup_exit(SIGALRM);
+ }
+
+ /*
diff --git a/openssh-3.9p1-noinitlog.patch b/openssh-3.9p1-noinitlog.patch
new file mode 100644
index 0000000..6358a79
--- /dev/null
+++ b/openssh-3.9p1-noinitlog.patch
@@ -0,0 +1,11 @@
+--- openssh-3.9p1/contrib/redhat/sshd.init.foo 2005-01-03 17:22:08.326317216 -0500
++++ openssh-3.9p1/contrib/redhat/sshd.init 2005-01-03 17:22:20.483469048 -0500
+@@ -104,7 +104,7 @@
+ do_dsa_keygen
+
+ echo -n $"Starting $prog:"
+- initlog -c "$SSHD $OPTIONS" && success || failure
++ $SSHD $OPTIONS && success || failure
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
+ echo
diff --git a/openssh-3.9p1-safe-stop.patch b/openssh-3.9p1-safe-stop.patch
new file mode 100644
index 0000000..ecdfb3e
--- /dev/null
+++ b/openssh-3.9p1-safe-stop.patch
@@ -0,0 +1,41 @@
+--- openssh-3.9p1/contrib/redhat/sshd.init.safe-stop 2005-02-09 13:37:16.365130833 +0100
++++ openssh-3.9p1/contrib/redhat/sshd.init 2005-02-09 15:16:39.618877653 +0100
+@@ -103,7 +103,7 @@
+ do_rsa_keygen
+ do_dsa_keygen
+
+- echo -n $"Starting $prog:"
++ echo -n $"Starting $prog: "
+ $SSHD $OPTIONS && success || failure
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
+@@ -112,8 +112,12 @@
+
+ stop()
+ {
+- echo -n $"Stopping $prog:"
+- killproc $SSHD -TERM
++ echo -n $"Stopping $prog: "
++ if [ -n "`pidfileofproc $SSHD`" ] ; then
++ killproc $SSHD -TERM
++ else
++ failure $"Stopping $prog"
++ fi
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
+ echo
+@@ -121,8 +125,12 @@
+
+ reload()
+ {
+- echo -n $"Reloading $prog:"
+- killproc $SSHD -HUP
++ echo -n $"Reloading $prog: "
++ if [ -n "`pidfileofproc $SSHD`" ] ; then
++ killproc $SSHD -HUP
++ else
++ failure $"Reloading $prog"
++ fi
+ RETVAL=$?
+ echo
+ }
diff --git a/openssh-3.9p1-scp-manpage.patch b/openssh-3.9p1-scp-manpage.patch
new file mode 100644
index 0000000..325f9a2
--- /dev/null
+++ b/openssh-3.9p1-scp-manpage.patch
@@ -0,0 +1,17 @@
+--- scp.orig 2007-12-22 20:37:27.000000000 +0100
++++ scp.1 2007-12-22 20:36:42.000000000 +0100
+@@ -60,6 +60,14 @@
+ that the file is to be copied to/from that host.
+ Copies between two remote hosts are permitted.
+ .Pp
++When copying a source file to a target file which already exists,
++.Nm
++will replace the contents of the target file (keeping the inode).
++.Pp
++If the target file does not yet exist, an empty file with the target
++file name is created, then filled with the source file contents.
++No attempt is made at "near-atomic" transfer using temporary files.
++.Pp
+ The options are as follows:
+ .Bl -tag -width Ds
+ .It Fl 1
diff --git a/openssh-3.9p1-skip-used.patch b/openssh-3.9p1-skip-used.patch
new file mode 100644
index 0000000..95ba3d1
--- /dev/null
+++ b/openssh-3.9p1-skip-used.patch
@@ -0,0 +1,12 @@
+--- openssh-3.9p1/channels.c.skip-used 2005-07-08 22:42:35.000000000 +0200
++++ openssh-3.9p1/channels.c 2005-07-25 21:34:29.000000000 +0200
+@@ -2653,9 +2653,6 @@
+ debug2("bind port %d: %.100s", port, strerror(errno));
+ close(sock);
+
+- if (ai->ai_next)
+- continue;
+-
+ for (n = 0; n < num_socks; n++) {
+ close(socks[n]);
+ }
diff --git a/openssh-4.0p1-exit-deadlock.patch b/openssh-4.0p1-exit-deadlock.patch
new file mode 100644
index 0000000..66246d3
--- /dev/null
+++ b/openssh-4.0p1-exit-deadlock.patch
@@ -0,0 +1,13 @@
+--- openssh-4.0p1/channels.c.exit-deadlock 2005-03-01 11:24:33.000000000 +0100
++++ openssh-4.0p1/channels.c 2005-04-05 22:25:15.197226237 +0200
+@@ -1403,6 +1403,10 @@
+ u_int dlen;
+ int len;
+
++ if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
++ debug("channel %d: forcing write", c->self);
++ FD_SET(c->wfd, writeset);
++ }
+ /* Send buffered output data to the socket. */
+ if (c->wfd != -1 &&
+ FD_ISSET(c->wfd, writeset) &&
diff --git a/openssh-4.2p1-askpass-progress.patch b/openssh-4.2p1-askpass-progress.patch
new file mode 100644
index 0000000..c4a50b2
--- /dev/null
+++ b/openssh-4.2p1-askpass-progress.patch
@@ -0,0 +1,78 @@
+--- openssh-4.2p1/contrib/gnome-ssh-askpass2.c.progress 2005-11-28 11:11:24.000000000 +0100
++++ openssh-4.2p1/contrib/gnome-ssh-askpass2.c 2005-12-20 15:22:42.000000000 +0100
+@@ -53,6 +53,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <X11/Xlib.h>
++#include <glib.h>
+ #include <gtk/gtk.h>
+ #include <gdk/gdkx.h>
+
+@@ -83,13 +84,24 @@
+ gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+ }
+
++static void
++move_progress(GtkWidget *entry, gpointer progress)
++{
++ gdouble step;
++ g_return_if_fail(GTK_IS_PROGRESS_BAR(progress));
++
++ step = g_random_double_range(0.03, 0.1);
++ gtk_progress_bar_set_pulse_step(GTK_PROGRESS_BAR(progress), step);
++ gtk_progress_bar_pulse(GTK_PROGRESS_BAR(progress));
++}
++
+ static int
+ passphrase_dialog(char *message)
+ {
+ const char *failed;
+ char *passphrase, *local;
+ int result, grab_tries, grab_server, grab_pointer;
+- GtkWidget *dialog, *entry;
++ GtkWidget *dialog, *entry, *progress, *hbox;
+ GdkGrabStatus status;
+
+ grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+@@ -102,13 +114,31 @@
+ "%s",
+ message);
+
++ hbox = gtk_hbox_new(FALSE, 0);
++ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
++ FALSE, 0);
++ gtk_widget_show(hbox);
++
+ entry = gtk_entry_new();
+- gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
++ gtk_box_pack_start(GTK_BOX(hbox), entry, TRUE,
+ FALSE, 0);
++ gtk_entry_set_width_chars(GTK_ENTRY(entry), 2);
+ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ gtk_widget_grab_focus(entry);
+ gtk_widget_show(entry);
+
++ hbox = gtk_hbox_new(FALSE, 0);
++ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
++ FALSE, 8);
++ gtk_widget_show(hbox);
++
++ progress = gtk_progress_bar_new();
++
++ gtk_progress_bar_set_text(GTK_PROGRESS_BAR(progress), "Passphrase length hidden intentionally");
++ gtk_box_pack_start(GTK_BOX(hbox), progress, TRUE,
++ TRUE, 5);
++ gtk_widget_show(progress);
++
+ gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+ gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
+@@ -118,6 +148,8 @@
+ gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+ g_signal_connect(G_OBJECT(entry), "activate",
+ G_CALLBACK(ok_dialog), dialog);
++ g_signal_connect(G_OBJECT(entry), "changed",
++ G_CALLBACK(move_progress), progress);
+
+ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+
diff --git a/openssh-4.2p1-pam-no-stack.patch b/openssh-4.2p1-pam-no-stack.patch
new file mode 100644
index 0000000..7299ac3
--- /dev/null
+++ b/openssh-4.2p1-pam-no-stack.patch
@@ -0,0 +1,16 @@
+--- openssh-4.2p1/contrib/redhat/sshd.pam.stack 2004-07-21 03:01:41.000000000 +0200
++++ openssh-4.2p1/contrib/redhat/sshd.pam 2005-10-07 14:18:50.000000000 +0200
+@@ -1,6 +1,8 @@
+ #%PAM-1.0
+-auth required pam_stack.so service=system-auth
+-auth required pam_nologin.so
+-account required pam_stack.so service=system-auth
+-password required pam_stack.so service=system-auth
+-session required pam_stack.so service=system-auth
++auth include system-auth
++account required pam_nologin.so
++account include system-auth
++password include system-auth
++session optional pam_keyinit.so force revoke
++session include system-auth
++session required pam_loginuid.so
diff --git a/openssh-4.3p1-audit.patch b/openssh-4.3p1-audit.patch
new file mode 100644
index 0000000..0bf744c
--- /dev/null
+++ b/openssh-4.3p1-audit.patch
@@ -0,0 +1,186 @@
+--- openssh-4.3p1/loginrec.c.audit 2005-11-22 09:55:13.000000000 +0100
++++ openssh-4.3p1/loginrec.c 2006-02-01 16:54:40.000000000 +0100
+@@ -157,6 +157,10 @@
+ #include "auth.h"
+ #include "buffer.h"
+
++#ifdef HAVE_LINUX_AUDIT
++# include <libaudit.h>
++#endif
++
+ #ifdef HAVE_UTIL_H
+ # include <util.h>
+ #endif
+@@ -185,6 +189,9 @@
+ int utmpx_write_entry(struct logininfo *li);
+ int wtmp_write_entry(struct logininfo *li);
+ int wtmpx_write_entry(struct logininfo *li);
++#ifdef HAVE_LINUX_AUDIT
++int linux_audit_write_entry(struct logininfo *li);
++#endif
+ int lastlog_write_entry(struct logininfo *li);
+ int syslogin_write_entry(struct logininfo *li);
+
+@@ -423,6 +430,10 @@
+
+ /* set the timestamp */
+ login_set_current_time(li);
++#ifdef HAVE_LINUX_AUDIT
++ if (linux_audit_write_entry(li) == 0)
++ fatal("linux_audit_write_entry failed: %s", strerror(errno));
++#endif
+ #ifdef USE_LOGIN
+ syslogin_write_entry(li);
+ #endif
+@@ -1377,6 +1388,51 @@
+ }
+ #endif /* USE_WTMPX */
+
++#ifdef HAVE_LINUX_AUDIT
++int
++linux_audit_record_event(int uid, const char *username,
++ const char *hostname, const char *ip, const char *ttyn, int success)
++{
++ char buf[64];
++ int audit_fd, rc;
++
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return 1; /* No audit support in kernel */
++ else
++ return 0; /* Must prevent login */
++ }
++ if (username == NULL)
++ snprintf(buf, sizeof(buf), "uid=%d", uid);
++ else
++ snprintf(buf, sizeof(buf), "acct=%s", username);
++ rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
++ buf, hostname, ip, ttyn, success);
++ close(audit_fd);
++ if (rc >= 0)
++ return 1;
++ else
++ return 0;
++}
++
++int
++linux_audit_write_entry(struct logininfo *li)
++{
++ switch(li->type) {
++ case LTYPE_LOGIN:
++ return (linux_audit_record_event(li->uid, NULL, li->hostname,
++ NULL, li->line, 1));
++ case LTYPE_LOGOUT:
++ return (1); /* We only care about logins */
++ default:
++ logit("%s: invalid type field", __func__);
++ return (0);
++ }
++}
++#endif /* HAVE_LINUX_AUDIT */
++
+ /**
+ ** Low-level libutil login() functions
+ **/
+--- openssh-4.3p1/loginrec.h.audit 2005-06-19 02:19:44.000000000 +0200
++++ openssh-4.3p1/loginrec.h 2006-02-01 16:53:47.000000000 +0100
+@@ -133,5 +133,9 @@
+ char *line_abbrevname(char *dst, const char *src, int dstsize);
+
+ void record_failed_login(const char *, const char *, const char *);
++#ifdef HAVE_LINUX_AUDIT
++int linux_audit_record_event(int uid, const char *username,
++ const char *hostname, const char *ip, const char *ttyn, int success);
++#endif /* HAVE_LINUX_AUDIT */
+
+ #endif /* _HAVE_LOGINREC_H_ */
+--- openssh-4.3p1/Makefile.in.audit 2006-02-01 16:53:47.000000000 +0100
++++ openssh-4.3p1/Makefile.in 2006-02-01 16:53:47.000000000 +0100
+@@ -44,6 +44,7 @@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ LIBSELINUX=@LIBSELINUX@
++LIBAUDIT=@LIBAUDIT@
+ LIBEDIT=@LIBEDIT@
+ LIBPAM=@LIBPAM@
+ LIBWRAP=@LIBWRAP@
+@@ -137,7 +138,7 @@
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS)
++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBS)
+
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+--- openssh-4.3p1/config.h.in.audit 2006-02-01 12:33:49.000000000 +0100
++++ openssh-4.3p1/config.h.in 2006-02-01 16:53:47.000000000 +0100
+@@ -1253,6 +1253,9 @@
+ /* Define if you want IRIX project management */
+ #undef WITH_IRIX_PROJECT
+
++/* Define if you want Linux audit support. */
++#undef HAVE_LINUX_AUDIT
++
+ /* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+ #undef WORDS_BIGENDIAN
+--- openssh-4.3p1/configure.ac.audit 2006-02-01 16:53:47.000000000 +0100
++++ openssh-4.3p1/configure.ac 2006-02-01 16:53:47.000000000 +0100
+@@ -2959,6 +2959,20 @@
+ ])
+ AC_SUBST(LIBSELINUX)
+
++# Check whether user wants Linux audit support
++LINUX_AUDIT_MSG="no"
++LIBAUDIT=""
++AC_ARG_WITH(linux-audit,
++ [ --with-linux-audit Enable Linux audit support],
++ [ if test "x$withval" != "xno" ; then
++ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
++ LINUX_AUDIT_MSG="yes"
++ AC_CHECK_HEADERS(libaudit.h)
++ LIBAUDIT="-laudit"
++ fi
++ ])
++AC_SUBST(LIBAUDIT)
++
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ AC_ARG_WITH(kerberos5,
+@@ -3786,6 +3800,7 @@
+ echo " PAM support: $PAM_MSG"
+ echo " KerberosV support: $KRB5_MSG"
+ echo " SELinux support: $SELINUX_MSG"
++echo " Linux audit support: $LINUX_AUDIT_MSG"
+ echo " Smartcard support: $SCARD_MSG"
+ echo " S/KEY support: $SKEY_MSG"
+ echo " TCP Wrappers support: $TCPW_MSG"
+--- openssh-4.3p1/auth.c.audit 2005-08-31 18:59:49.000000000 +0200
++++ openssh-4.3p1/auth.c 2006-02-01 16:53:47.000000000 +0100
+@@ -260,6 +260,12 @@
+ record_failed_login(authctxt->user,
+ get_canonical_hostname(options.use_dns), "ssh");
+ #endif
++#if HAVE_LINUX_AUDIT
++ if (authenticated == 0 && !authctxt->postponed) {
++ linux_audit_record_event(-1, authctxt->user, NULL,
++ get_remote_ipaddr(), "sshd", 0);
++ }
++#endif
+ #ifdef SSH_AUDIT_EVENTS
+ if (authenticated == 0 && !authctxt->postponed) {
+ ssh_audit_event_t event;
+@@ -500,6 +506,10 @@
+ record_failed_login(user,
+ get_canonical_hostname(options.use_dns), "ssh");
+ #endif
++#ifdef HAVE_LINUX_AUDIT
++ linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(),
++ "sshd", 0);
++#endif
+ #ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_INVALID_USER);
+ #endif /* SSH_AUDIT_EVENTS */
diff --git a/openssh-4.3p1-fromto-remote.patch b/openssh-4.3p1-fromto-remote.patch
new file mode 100644
index 0000000..ccb3d6e
--- /dev/null
+++ b/openssh-4.3p1-fromto-remote.patch
@@ -0,0 +1,15 @@
+--- openssh-4.3p2/scp.c.fromto-remote 2006-01-31 12:11:38.000000000 +0100
++++ openssh-4.3p2/scp.c 2006-04-14 10:09:56.000000000 +0200
+@@ -446,7 +446,11 @@
+ addargs(&alist, "-v");
+ addargs(&alist, "-x");
+ addargs(&alist, "-oClearAllForwardings yes");
+- addargs(&alist, "-n");
++ if (isatty(fileno(stdin))) {
++ addargs(&alist, "-t");
++ } else {
++ addargs(&alist, "-n");
++ }
+
+ *src++ = 0;
+ if (*src == 0)
diff --git a/openssh-4.3p1-redhat.patch b/openssh-4.3p1-redhat.patch
new file mode 100644
index 0000000..4ac9693
--- /dev/null
+++ b/openssh-4.3p1-redhat.patch
@@ -0,0 +1,99 @@
+--- openssh-4.3p1/sshd_config.0.redhat 2006-02-01 12:33:53.000000000 +0100
++++ openssh-4.3p1/sshd_config.0 2006-02-01 16:24:43.000000000 +0100
+@@ -371,9 +371,9 @@
+
+ SyslogFacility
+ Gives the facility code that is used when logging messages from
+- sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0, LO-
+- CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
+- fault is AUTH.
++ sshd. The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
++ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++ The default is AUTH.
+
+ TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages
+--- openssh-4.3p1/sshd_config.redhat 2005-12-13 09:29:03.000000000 +0100
++++ openssh-4.3p1/sshd_config 2006-02-01 16:24:43.000000000 +0100
+@@ -12,6 +12,7 @@
+
+ #Port 22
+ #Protocol 2,1
++Protocol 2
+ #AddressFamily any
+ #ListenAddress 0.0.0.0
+ #ListenAddress ::
+@@ -29,6 +30,7 @@
+ # Logging
+ # obsoletes QuietMode and FascistLogging
+ #SyslogFacility AUTH
++SyslogFacility AUTHPRIV
+ #LogLevel INFO
+
+ # Authentication:
+@@ -55,9 +57,11 @@
+ # To disable tunneled clear text passwords, change to no here!
+ #PasswordAuthentication yes
+ #PermitEmptyPasswords no
++PasswordAuthentication yes
+
+ # Change to no to disable s/key passwords
+ #ChallengeResponseAuthentication yes
++ChallengeResponseAuthentication no
+
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -67,7 +71,9 @@
+
+ # GSSAPI options
+ #GSSAPIAuthentication no
++GSSAPIAuthentication yes
+ #GSSAPICleanupCredentials yes
++GSSAPICleanupCredentials yes
+
+ # Set this to 'yes' to enable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+@@ -78,10 +84,16 @@
+ # session checks to run without PAM authentication, then enable this but set
+ # ChallengeResponseAuthentication=no
+ #UsePAM no
++UsePAM yes
+
++# Accept locale-related environment variables
++AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++AcceptEnv LC_IDENTIFICATION LC_ALL
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+ #X11Forwarding no
++X11Forwarding yes
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PrintMotd yes
+--- openssh-4.3p1/ssh_config.redhat 2005-12-13 09:29:03.000000000 +0100
++++ openssh-4.3p1/ssh_config 2006-02-01 16:26:37.000000000 +0100
+@@ -40,3 +40,13 @@
+ # Tunnel no
+ # TunnelDevice any:any
+ # PermitLocalCommand no
++Host *
++ GSSAPIAuthentication yes
++# If this option is set to yes then remote X11 clients will have full access
++# to the original X11 display. As virtually no X11 client supports the untrusted
++# mode correctly we set this to yes.
++ ForwardX11Trusted yes
++# Send locale-related environment variables
++ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++ SendEnv LC_IDENTIFICATION LC_ALL
+--- openssh-4.3p1/sshd_config.5.redhat 2006-01-03 08:47:31.000000000 +0100
++++ openssh-4.3p1/sshd_config.5 2006-02-01 16:24:43.000000000 +0100
+@@ -620,7 +620,7 @@
+ .It Cm SyslogFacility
+ Gives the facility code that is used when logging messages from
+ .Nm sshd .
+-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+ .It Cm TCPKeepAlive
diff --git a/openssh-4.3p1-vendor.patch b/openssh-4.3p1-vendor.patch
new file mode 100644
index 0000000..8189399
--- /dev/null
+++ b/openssh-4.3p1-vendor.patch
@@ -0,0 +1,148 @@
+Add a --enable-vendor-patchlevel option which, if the
+new-but-disabled-by-default ShowPatchLevel option is enabled,
+will append a build-time-specified string to the SSH version
+string. Based heavily on a patch by Frank Hirtz, modified to
+trigger through configure.
+--- openssh-4.3p1/servconf.h.vendor 2005-12-13 09:29:03.000000000 +0100
++++ openssh-4.3p1/servconf.h 2006-02-01 16:51:56.000000000 +0100
+@@ -120,6 +120,7 @@
+ int max_startups;
+ int max_authtries;
+ char *banner; /* SSH-2 banner message */
++ int show_patchlevel; /* Show vendor patch level to clients */
+ int use_dns;
+ int client_alive_interval; /*
+ * poke the client this often to
+--- openssh-4.3p1/sshd_config.vendor 2006-02-01 16:29:52.000000000 +0100
++++ openssh-4.3p1/sshd_config 2006-02-01 16:42:01.000000000 +0100
+@@ -101,6 +101,7 @@
+ #Compression delayed
+ #ClientAliveInterval 0
+ #ClientAliveCountMax 3
++#ShowPatchLevel no
+ #UseDNS yes
+ #PidFile /var/run/sshd.pid
+ #MaxStartups 10
+--- openssh-4.3p1/sshd.c.vendor 2005-12-24 04:59:12.000000000 +0100
++++ openssh-4.3p1/sshd.c 2006-02-01 16:29:52.000000000 +0100
+@@ -377,7 +377,8 @@
+ major = PROTOCOL_MAJOR_1;
+ minor = PROTOCOL_MINOR_1;
+ }
+- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
++ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor,
++ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION);
+ server_version_string = xstrdup(buf);
+
+ /* Send our protocol version identification. */
+@@ -1089,7 +1090,8 @@
+ exit(1);
+ }
+
+- debug("sshd version %.100s", SSH_RELEASE);
++ debug("sshd version %.100s",
++ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
+
+ /* load private host keys */
+ sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+--- openssh-4.3p1/configure.ac.vendor 2006-02-01 16:29:52.000000000 +0100
++++ openssh-4.3p1/configure.ac 2006-02-01 16:29:52.000000000 +0100
+@@ -3521,6 +3521,12 @@
+ fi
+ ]
+ )
++AC_ARG_ENABLE(vendor-patchlevel,
++ [ --enable-vendor-patchlevel=TAG specify a vendor patch level],
++ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
++ SSH_VENDOR_PATCHLEVEL="$enableval"],
++ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
++ SSH_VENDOR_PATCHLEVEL=none])
+
+ dnl lastlog, [uw]tmpx? detection
+ dnl NOTE: set the paths in the platform section to avoid the
+@@ -3774,6 +3780,7 @@
+ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo " BSD Auth support: $BSD_AUTH_MSG"
+ echo " Random number source: $RAND_MSG"
++echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
+ if test ! -z "$USE_RAND_HELPER" ; then
+ echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
+ fi
+--- openssh-4.3p1/sshd_config.0.vendor 2006-02-01 16:29:52.000000000 +0100
++++ openssh-4.3p1/sshd_config.0 2006-02-01 16:29:52.000000000 +0100
+@@ -354,6 +354,11 @@
+ Defines the number of bits in the ephemeral protocol version 1
+ server key. The minimum value is 512, and the default is 768.
+
++ ShowPatchLevel
++ Specifies whether sshd will display the specific patch level of
++ the binary in the server identification string. The patch level
++ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
++
+ StrictModes
+ Specifies whether sshd should check file modes and ownership of
+ the user's files and home directory before accepting login. This
+--- openssh-4.3p1/servconf.c.vendor 2005-12-13 09:33:20.000000000 +0100
++++ openssh-4.3p1/servconf.c 2006-02-01 16:51:16.000000000 +0100
+@@ -95,6 +95,7 @@
+ options->max_startups = -1;
+ options->max_authtries = -1;
+ options->banner = NULL;
++ options->show_patchlevel = -1;
+ options->use_dns = -1;
+ options->client_alive_interval = -1;
+ options->client_alive_count_max = -1;
+@@ -233,6 +234,9 @@
+ if (options->permit_tun == -1)
+ options->permit_tun = SSH_TUNMODE_NO;
+
++ if (options->show_patchlevel == -1)
++ options->show_patchlevel = 0;
++
+ /* Turn privilege separation on by default */
+ if (use_privsep == -1)
+ use_privsep = 1;
+@@ -275,6 +279,7 @@
+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sUsePrivilegeSeparation,
++ sShowPatchLevel,
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
+@@ -367,6 +372,7 @@
+ { "maxstartups", sMaxStartups },
+ { "maxauthtries", sMaxAuthTries },
+ { "banner", sBanner },
++ { "showpatchlevel", sShowPatchLevel},
+ { "usedns", sUseDNS },
+ { "verifyreversemapping", sDeprecated },
+ { "reversemappingcheck", sDeprecated },
+@@ -807,6 +813,10 @@
+ intptr = &use_privsep;
+ goto parse_flag;
+
++ case sShowPatchLevel:
++ intptr = &options->show_patchlevel;
++ goto parse_flag;
++
+ case sAllowUsers:
+ while ((arg = strdelim(&cp)) && *arg != '\0') {
+ if (options->num_allow_users >= MAX_ALLOW_USERS)
+--- openssh-4.3p1/sshd_config.5.vendor 2006-02-01 16:29:52.000000000 +0100
++++ openssh-4.3p1/sshd_config.5 2006-02-01 16:29:52.000000000 +0100
+@@ -597,6 +597,14 @@
+ .It Cm ServerKeyBits
+ Defines the number of bits in the ephemeral protocol version 1 server key.
+ The minimum value is 512, and the default is 768.
++.It Cm ShowPatchLevel
++Specifies whether
++.Nm sshd
++will display the patch level of the binary in the identification string.
++The patch level is set at compile-time.
++The default is
++.Dq no .
++This option applies to protocol version 1 only.
+ .It Cm StrictModes
+ Specifies whether
+ .Nm sshd
diff --git a/openssh-4.3p2-allow-ip-opts.patch b/openssh-4.3p2-allow-ip-opts.patch
new file mode 100644
index 0000000..9413dd8
--- /dev/null
+++ b/openssh-4.3p2-allow-ip-opts.patch
@@ -0,0 +1,59 @@
+From: Paul Moore <paul.moore at hp.com>
+Subject: OpenSSH: fix option handling on incoming connections
+
+OpenSSH rejects incoming connections if any IP options are present when the
+comments state that they are only concerned with source routing options. This
+connection rejection causes problems with CIPSO which uses IP options to tag
+packets with security attributes.
+
+This patch modifies the check_ip_options() function to only fail if loose or
+strict source routing options are present, all other options are allowed.
+
+Signed-off-by: Paul Moore <paul.moore at hp.com>
+
+---
+ canohost.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+Index: openssh-4.3p2/canohost.c
+===================================================================
+--- openssh-4.3p2.orig/canohost.c
++++ openssh-4.3p2/canohost.c
+@@ -146,6 +146,7 @@ check_ip_options(int sock, char *ipaddr)
+ u_int i;
+ int ipproto;
+ struct protoent *ip;
++ u_int opt_iter;
+
+ if ((ip = getprotobyname("ip")) != NULL)
+ ipproto = ip->p_proto;
+@@ -154,13 +155,23 @@ check_ip_options(int sock, char *ipaddr)
+ option_size = sizeof(options);
+ if (getsockopt(sock, ipproto, IP_OPTIONS, options,
+ &option_size) >= 0 && option_size != 0) {
+- text[0] = '\0';
+- for (i = 0; i < option_size; i++)
+- snprintf(text + i*3, sizeof(text) - i*3,
+- " %2.2x", options[i]);
+- fatal("Connection from %.100s with IP options:%.800s",
+- ipaddr, text);
++ opt_iter = 0;
++ do {
++ /* Fail, fatally, if we detect either loose or strict
++ * source routing options. */
++ if (options[opt_iter] == 131 ||
++ options[opt_iter] == 137)
++ goto fail;
++ opt_iter += options[opt_iter + 1] + 2;
++ } while (opt_iter < option_size);
+ }
++ return;
++
++fail:
++ text[0] = '\0';
++ for (i = 0; i < option_size; i++)
++ snprintf(text + i*3, sizeof(text) - i*3, " %2.2x", options[i]);
++ fatal("Connection from %.100s with IP options:%.800s", ipaddr, text);
+ #endif /* IP_OPTIONS */
+ }
+
diff --git a/openssh-4.3p2-askpass-grab-info.patch b/openssh-4.3p2-askpass-grab-info.patch
new file mode 100644
index 0000000..e9dc835
--- /dev/null
+++ b/openssh-4.3p2-askpass-grab-info.patch
@@ -0,0 +1,18 @@
+--- openssh-4.3p2/contrib/gnome-ssh-askpass2.c.grab-info 2006-07-17 15:10:11.000000000 +0200
++++ openssh-4.3p2/contrib/gnome-ssh-askpass2.c 2006-07-17 15:25:04.000000000 +0200
+@@ -65,9 +65,12 @@
+ err = gtk_message_dialog_new(NULL, 0,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+- "Could not grab %s. "
+- "A malicious client may be eavesdropping "
+- "on your session.", what);
++ "SSH password dialog could not grab the %s input.\n"
++ "This might be caused by application such as screensaver, "
++ "however it could also mean that someone may be eavesdropping "
++ "on your session.\n"
++ "Either close the application which grabs the %s or "
++ "log out and log in again to prevent this from happening.", what, what);
+ gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+ gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
+ TRUE);
diff --git a/openssh-4.3p2-biguid.patch b/openssh-4.3p2-biguid.patch
new file mode 100644
index 0000000..168f2f5
--- /dev/null
+++ b/openssh-4.3p2-biguid.patch
@@ -0,0 +1,12 @@
+diff -up openssh-4.3p2/loginrec.c.biguid openssh-4.3p2/loginrec.c
+--- openssh-4.3p2/loginrec.c.biguid 2010-07-27 15:31:32.000000000 +0200
++++ openssh-4.3p2/loginrec.c 2010-07-28 09:00:41.000000000 +0200
+@@ -1599,7 +1599,7 @@ lastlog_openseek(struct logininfo *li, i
+
+ if (type == LL_FILE) {
+ /* find this uid's offset in the lastlog file */
+- offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
++ offset = (off_t) ((long)(unsigned)li->uid * sizeof(struct lastlog));
+
+ if (lseek(*fd, offset, SEEK_SET) != offset) {
+ logit("%s: %s->lseek(): %s", __func__,
diff --git a/openssh-4.3p2-buffer-len.patch b/openssh-4.3p2-buffer-len.patch
new file mode 100644
index 0000000..84a0363
--- /dev/null
+++ b/openssh-4.3p2-buffer-len.patch
@@ -0,0 +1,144 @@
+Index: buffer.c
+===================================================================
+RCS file: /var/cvs/openssh/buffer.c,v
+retrieving revision 1.26
+diff -u -p -r1.26 buffer.c
+--- buffer.c 26 Mar 2006 03:24:49 -0000 1.26
++++ buffer.c 5 Apr 2006 02:30:16 -0000
+@@ -18,6 +18,10 @@
+ #include "buffer.h"
+ #include "log.h"
+
++#define BUFFER_MAX_CHUNK 0x100000
++#define BUFFER_MAX_LEN 0xa00000
++#define BUFFER_ALLOCSZ 0x008000
++
+ /* Initializes the buffer structure. */
+
+ void
+@@ -66,6 +70,23 @@ buffer_append(Buffer *buffer, const void
+ memcpy(p, data, len);
+ }
+
++static int
++buffer_compact(Buffer *buffer)
++{
++ /*
++ * If the buffer is quite empty, but all data is at the end, move the
++ * data to the beginning.
++ */
++ if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
++ memmove(buffer->buf, buffer->buf + buffer->offset,
++ buffer->end - buffer->offset);
++ buffer->end -= buffer->offset;
++ buffer->offset = 0;
++ return (1);
++ }
++ return (0);
++}
++
+ /*
+ * Appends space to the buffer, expanding the buffer if necessary. This does
+ * not actually copy the data into the buffer, but instead returns a pointer
+@@ -93,20 +114,13 @@ restart:
+ buffer->end += len;
+ return p;
+ }
+- /*
+- * If the buffer is quite empty, but all data is at the end, move the
+- * data to the beginning and retry.
+- */
+- if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
+- memmove(buffer->buf, buffer->buf + buffer->offset,
+- buffer->end - buffer->offset);
+- buffer->end -= buffer->offset;
+- buffer->offset = 0;
++
++ /* Compact data back to the start of the buffer if necessary */
++ if (buffer_compact(buffer))
+ goto restart;
+- }
+- /* Increase the size of the buffer and retry. */
+
+- newlen = buffer->alloc + len + 32768;
++ /* Increase the size of the buffer and retry. */
++ newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
+ if (newlen > BUFFER_MAX_LEN)
+ fatal("buffer_append_space: alloc %u not supported",
+ newlen);
+@@ -114,6 +128,27 @@ restart:
+ buffer->alloc = newlen;
+ goto restart;
+ /* NOTREACHED */
++}
++
++/*
++ * Check whether an allocation of 'len' will fit in the buffer
++ * This must follow the same math as buffer_append_space
++ */
++int
++buffer_check_alloc(Buffer *buffer, u_int len)
++{
++ if (buffer->offset == buffer->end) {
++ buffer->offset = 0;
++ buffer->end = 0;
++ }
++ restart:
++ if (buffer->end + len < buffer->alloc)
++ return (1);
++ if (buffer_compact(buffer))
++ goto restart;
++ if (roundup(buffer->alloc + len, BUFFER_ALLOCSZ) <= BUFFER_MAX_LEN)
++ return (1);
++ return (0);
+ }
+
+ /* Returns the number of bytes of data in the buffer. */
+Index: buffer.h
+===================================================================
+RCS file: /var/cvs/openssh/buffer.h,v
+retrieving revision 1.14
+diff -u -p -r1.14 buffer.h
+--- buffer.h 26 Mar 2006 03:30:01 -0000 1.14
++++ buffer.h 4 Apr 2006 00:39:16 -0000
+@@ -23,9 +23,6 @@ typedef struct {
+ u_int end; /* Offset of last byte containing data. */
+ } Buffer;
+
+-#define BUFFER_MAX_CHUNK 0x100000
+-#define BUFFER_MAX_LEN 0xa00000
+-
+ void buffer_init(Buffer *);
+ void buffer_clear(Buffer *);
+ void buffer_free(Buffer *);
+@@ -35,6 +32,8 @@ void *buffer_ptr(Buffer *);
+
+ void buffer_append(Buffer *, const void *, u_int);
+ void *buffer_append_space(Buffer *, u_int);
++
++int buffer_check_alloc(Buffer *, u_int);
+
+ void buffer_get(Buffer *, void *, u_int);
+
+Index: channels.c
+===================================================================
+RCS file: /var/cvs/openssh/channels.c,v
+retrieving revision 1.228
+diff -u -p -r1.228 channels.c
+--- channels.c 31 Mar 2006 12:11:44 -0000 1.228
++++ channels.c 5 Apr 2006 02:30:36 -0000
+@@ -747,12 +747,10 @@ channel_pre_open(Channel *c, fd_set *rea
+ {
+ u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+
+- /* check buffer limits */
+- limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
+-
+ if (c->istate == CHAN_INPUT_OPEN &&
+ limit > 0 &&
+- buffer_len(&c->input) < limit)
++ buffer_len(&c->input) < limit &&
++ buffer_check_alloc(&c->input, CHAN_RBUF))
+ FD_SET(c->rfd, readset);
+ if (c->ostate == CHAN_OUTPUT_OPEN ||
+ c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
diff --git a/openssh-4.3p2-cbc.patch b/openssh-4.3p2-cbc.patch
new file mode 100644
index 0000000..979c3a4
--- /dev/null
+++ b/openssh-4.3p2-cbc.patch
@@ -0,0 +1,360 @@
+diff -up openssh-4.3p2/cipher.c.cbc openssh-4.3p2/cipher.c
+--- openssh-4.3p2/cipher.c.cbc 2010-12-15 11:37:24.000000000 +0100
++++ openssh-4.3p2/cipher.c 2010-12-15 11:37:26.000000000 +0100
+@@ -61,47 +61,48 @@ struct Cipher {
+ u_int block_size;
+ u_int key_len;
+ u_int discard_len;
++ u_int cbc_mode;
+ const EVP_CIPHER *(*evptype)(void);
+ } ciphers[] = {
+- { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
+- { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
+- { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
+- { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
+-
+- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
+- { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
+- { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
+- { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
+- { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
+- { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
+- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
+- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
+- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
++ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
++ { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
++ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
++ { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
++
++ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
++ { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
++ { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
++ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
++ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
++ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
++ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
++ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
++ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+ { "rijndael-cbc at lysator.liu.se",
+- SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
+- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
+- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
++ SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
++ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
++ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
++ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
+ #ifdef USE_CIPHER_ACSS
+- { "acss at openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
++ { "acss at openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
+ #endif
+- { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
++ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
+ };
+
+ struct Cipher fips_ciphers[] = {
+- { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
+- { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
++ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
++ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
+
+- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
+- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
+- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
+- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
++ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
++ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
++ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
++ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+ { "rijndael-cbc at lysator.liu.se",
+- SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
+- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
+- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
+- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
+- { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
++ SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
++ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
++ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
++ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
++ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
+ };
+
+ /*--*/
+@@ -125,6 +126,12 @@ cipher_get_number(const Cipher *c)
+ }
+
+ u_int
++cipher_is_cbc(const Cipher *c)
++{
++ return (c->cbc_mode);
++}
++
++u_int
+ cipher_mask_ssh1(int client)
+ {
+ u_int mask = 0;
+diff -up openssh-4.3p2/cipher.h.cbc openssh-4.3p2/cipher.h
+--- openssh-4.3p2/cipher.h.cbc 2010-12-15 11:37:24.000000000 +0100
++++ openssh-4.3p2/cipher.h 2010-12-15 11:37:26.000000000 +0100
+@@ -81,6 +81,7 @@ void cipher_cleanup(CipherContext *);
+ int cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
+ u_int cipher_blocksize(const Cipher *);
+ u_int cipher_keylen(const Cipher *);
++u_int cipher_is_cbc(const Cipher *);
+
+ u_int cipher_get_number(const Cipher *);
+ void cipher_get_keyiv(CipherContext *, u_char *, u_int);
+diff -up openssh-4.3p2/myproposal.h.cbc openssh-4.3p2/myproposal.h
+--- openssh-4.3p2/myproposal.h.cbc 2010-12-15 11:37:24.000000000 +0100
++++ openssh-4.3p2/myproposal.h 2010-12-15 11:37:26.000000000 +0100
+@@ -27,11 +27,12 @@
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+ #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
++
+ #define KEX_DEFAULT_ENCRYPT \
++ "aes128-ctr,aes192-ctr,aes256-ctr," \
++ "arcfour256,arcfour128," \
+ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
+- "arcfour128,arcfour256,arcfour," \
+- "aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se," \
+- "aes128-ctr,aes192-ctr,aes256-ctr"
++ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
+ #define KEX_DEFAULT_MAC \
+ "hmac-md5,hmac-sha1,hmac-ripemd160," \
+ "hmac-ripemd160 at openssh.com," \
+diff -up openssh-4.3p2/packet.c.cbc openssh-4.3p2/packet.c
+--- openssh-4.3p2/packet.c.cbc 2010-12-15 11:37:22.000000000 +0100
++++ openssh-4.3p2/packet.c 2010-12-15 11:37:26.000000000 +0100
+@@ -70,6 +70,8 @@ RCSID("$OpenBSD: packet.c,v 1.120 2005/1
+ #define DBG(x)
+ #endif
+
++#define PACKET_MAX_SIZE (256 * 1024)
++
+ /*
+ * This variable contains the file descriptors used for communicating with
+ * the other side. connection_in is used for reading; connection_out for
+@@ -122,6 +124,8 @@ static int server_side = 0;
+ /* Set to true if we are authenticated. */
+ static int after_authentication = 0;
+
++int client_alive_timeouts = 0;
++
+ /* Session key information for Encryption and MAC */
+ Newkeys *newkeys[MODE_MAX];
+ static struct packet_state {
+@@ -140,6 +144,10 @@ static u_int ssh1_keylen;
+ /* roundup current message to extra_pad bytes */
+ static u_char extra_pad = 0;
+
++/* XXX discard incoming data after MAC error */
++static u_int packet_discard = 0;
++static Mac *packet_discard_mac = NULL;
++
+ struct packet {
+ TAILQ_ENTRY(packet) next;
+ u_char type;
+@@ -175,6 +183,36 @@ packet_set_connection(int fd_in, int fd_
+ }
+ }
+
++static void
++packet_stop_discard(void)
++{
++ if (packet_discard_mac) {
++ char buf[1024];
++
++ memset(buf, 'a', sizeof(buf));
++ while (buffer_len(&incoming_packet) < PACKET_MAX_SIZE)
++ buffer_append(&incoming_packet, buf, sizeof(buf));
++ (void) mac_compute(packet_discard_mac,
++ p_read.seqnr,
++ buffer_ptr(&incoming_packet),
++ PACKET_MAX_SIZE);
++ }
++ logit("Finished discarding for %.200s", get_remote_ipaddr());
++ cleanup_exit(255);
++}
++
++static void
++packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard)
++{
++ if (enc == NULL || !cipher_is_cbc(enc->cipher))
++ packet_disconnect("Packet corrupt");
++ if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled)
++ packet_discard_mac = mac;
++ if (buffer_len(&input) >= discard)
++ packet_stop_discard();
++ packet_discard = discard - buffer_len(&input);
++}
++
+ /* Returns 1 if remote host is connected via socket, 0 if not. */
+
+ int
+@@ -1046,6 +1084,9 @@ packet_read_poll2(u_int32_t *seqnr_p)
+ Mac *mac = NULL;
+ Comp *comp = NULL;
+
++ if (packet_discard)
++ return SSH_MSG_NONE;
++
+ if (newkeys[MODE_IN] != NULL) {
+ enc = &newkeys[MODE_IN]->enc;
+ mac = &newkeys[MODE_IN]->mac;
+@@ -1067,11 +1108,14 @@ packet_read_poll2(u_int32_t *seqnr_p)
+ block_size);
+ cp = buffer_ptr(&incoming_packet);
+ packet_length = GET_32BIT(cp);
+- if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
++ if (packet_length < 1 + 4 || packet_length > PACKET_MAX_SIZE) {
+ #ifdef PACKET_DEBUG
+ buffer_dump(&incoming_packet);
+ #endif
+- packet_disconnect("Bad packet length %u.", packet_length);
++ logit("Bad packet length %u.", packet_length);
++ packet_start_discard(enc, mac, packet_length,
++ PACKET_MAX_SIZE);
++ return SSH_MSG_NONE;
+ }
+ DBG(debug("input: packet len %u", packet_length+4));
+ buffer_consume(&input, block_size);
+@@ -1080,9 +1124,13 @@ packet_read_poll2(u_int32_t *seqnr_p)
+ need = 4 + packet_length - block_size;
+ DBG(debug("partial packet %d, need %d, maclen %d", block_size,
+ need, maclen));
+- if (need % block_size != 0)
+- fatal("padding error: need %d block %d mod %d",
++ if (need % block_size != 0) {
++ logit("padding error: need %d block %d mod %d",
+ need, block_size, need % block_size);
++ packet_start_discard(enc, mac, packet_length,
++ PACKET_MAX_SIZE - block_size);
++ return SSH_MSG_NONE;
++ }
+ /*
+ * check if the entire packet has been received and
+ * decrypt into incoming_packet
+@@ -1104,11 +1152,19 @@ packet_read_poll2(u_int32_t *seqnr_p)
+ macbuf = mac_compute(mac, p_read.seqnr,
+ buffer_ptr(&incoming_packet),
+ buffer_len(&incoming_packet));
+- if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
+- packet_disconnect("Corrupted MAC on input.");
++ if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) {
++ logit("Corrupted MAC on input.");
++ if (need > PACKET_MAX_SIZE)
++ fatal("internal error need %d", need);
++ packet_start_discard(enc, mac, packet_length,
++ PACKET_MAX_SIZE - need);
++ return SSH_MSG_NONE;
++ }
++
+ DBG(debug("MAC #%d ok", p_read.seqnr));
+ buffer_consume(&input, mac->mac_len);
+ }
++ /* XXX now it's safe to use fatal/packet_disconnect */
+ if (seqnr_p != NULL)
+ *seqnr_p = p_read.seqnr;
+ if (++p_read.seqnr == 0)
+@@ -1240,6 +1296,13 @@ packet_read_poll(void)
+ void
+ packet_process_incoming(const char *buf, u_int len)
+ {
++ if (packet_discard) {
++ client_alive_timeouts = 0; /* ?? */
++ if (len >= packet_discard)
++ packet_stop_discard();
++ packet_discard -= len;
++ return;
++ }
+ buffer_append(&input, buf, len);
+ }
+
+diff -up openssh-4.3p2/packet.h.cbc openssh-4.3p2/packet.h
+--- openssh-4.3p2/packet.h.cbc 2005-07-26 13:54:56.000000000 +0200
++++ openssh-4.3p2/packet.h 2010-12-15 11:37:26.000000000 +0100
+@@ -84,6 +84,7 @@ void tty_make_modes(int, struct termios
+ void tty_parse_modes(int, int *);
+
+ extern u_int max_packet_size;
++extern int client_alive_timeouts;
+ int packet_set_maxsize(u_int);
+ #define packet_get_maxsize() max_packet_size
+
+diff -up openssh-4.3p2/serverloop.c.cbc openssh-4.3p2/serverloop.c
+--- openssh-4.3p2/serverloop.c.cbc 2010-12-15 11:37:26.000000000 +0100
++++ openssh-4.3p2/serverloop.c 2010-12-15 11:37:26.000000000 +0100
+@@ -82,7 +82,6 @@ static int connection_in; /* Connection
+ static int connection_out; /* Connection to client (output). */
+ static int connection_closed = 0; /* Connection to client closed. */
+ static u_int buffer_high; /* "Soft" max buffer size. */
+-static int client_alive_timeouts = 0;
+
+ /*
+ * This SIGCHLD kludge is used to detect when the child exits. The server
+diff -up openssh-4.3p2/ssh_config.0.cbc openssh-4.3p2/ssh_config.0
+--- openssh-4.3p2/ssh_config.0.cbc 2006-02-11 01:07:39.000000000 +0100
++++ openssh-4.3p2/ssh_config.0 2010-12-15 11:47:31.000000000 +0100
+@@ -89,9 +89,9 @@ DESCRIPTION
+ ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
+ and ``cast128-cbc''. The default is
+
+- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
+- arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+- aes192-ctr,aes256-ctr''
++ ``aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
++ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
++ aes256-cbc,arcfour''
+
+ ClearAllForwardings
+ Specifies that all local, remote and dynamic port forwardings
+diff -up openssh-4.3p2/ssh_config.5.cbc openssh-4.3p2/ssh_config.5
+--- openssh-4.3p2/ssh_config.5.cbc 2006-01-31 11:39:03.000000000 +0100
++++ openssh-4.3p2/ssh_config.5 2010-12-15 11:46:27.000000000 +0100
+@@ -202,9 +202,9 @@ and
+ .Dq cast128-cbc .
+ The default is
+ .Bd -literal
+- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
+- arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+- aes192-ctr,aes256-ctr''
++ ``aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
++ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
++ aes256-cbc,arcfour''
+ .Ed
+ .It Cm ClearAllForwardings
+ Specifies that all local, remote and dynamic port forwardings
+diff -up openssh-4.3p2/sshd_config.0.cbc openssh-4.3p2/sshd_config.0
+--- openssh-4.3p2/sshd_config.0.cbc 2010-12-15 11:37:26.000000000 +0100
++++ openssh-4.3p2/sshd_config.0 2010-12-15 11:43:33.000000000 +0100
+@@ -109,9 +109,9 @@ DESCRIPTION
+ ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
+ ``cast128-cbc''. The default is
+
+- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
+- arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+- aes192-ctr,aes256-ctr''
++ ``aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
++ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
++ aes256-cbc,arcfour''
+
+ ClientAliveCountMax
+ Sets the number of client alive messages (see below) which may be
+diff -up openssh-4.3p2/sshd_config.5.cbc openssh-4.3p2/sshd_config.5
+--- openssh-4.3p2/sshd_config.5.cbc 2010-12-15 11:37:26.000000000 +0100
++++ openssh-4.3p2/sshd_config.5 2010-12-15 11:47:54.000000000 +0100
+@@ -219,9 +219,9 @@ and
+ .Dq cast128-cbc .
+ The default is
+ .Bd -literal
+- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
+- arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
+- aes192-ctr,aes256-ctr''
++ ``aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
++ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
++ aes256-cbc,arcfour''
+ .Ed
+ .It Cm ClientAliveCountMax
+ Sets the number of client alive messages (see below) which may be
diff --git a/openssh-4.3p2-chroot.patch b/openssh-4.3p2-chroot.patch
new file mode 100644
index 0000000..9b6172a
--- /dev/null
+++ b/openssh-4.3p2-chroot.patch
@@ -0,0 +1,547 @@
+diff -urN openssh-4.3p1.orig/servconf.c openssh-4.3p1/servconf.c
+--- openssh-4.3p1.orig/servconf.c 2005-12-13 09:33:20.000000000 +0100
++++ openssh-4.3p1/servconf.c 2009-03-26 01:55:24.000000000 +0100
+@@ -103,6 +103,7 @@
+ options->authorized_keys_file2 = NULL;
+ options->num_accept_env = 0;
+ options->permit_tun = -1;
++ options->chroot_directory = NULL;
+
+ /* Needs to be accessable in many places */
+ use_privsep = -1;
+@@ -279,7 +280,7 @@
+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sUsePrivilegeSeparation,
+- sShowPatchLevel,
++ sShowPatchLevel, sChrootDirectory,
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
+@@ -383,6 +384,7 @@
+ { "useprivilegeseparation", sUsePrivilegeSeparation},
+ { "acceptenv", sAcceptEnv },
+ { "permittunnel", sPermitTunnel },
++ { "chrootdirectory", sChrootDirectory },
+ { NULL, sBadOption }
+ };
+
+@@ -1010,6 +1012,17 @@
+ *intptr = value;
+ break;
+
++ case sChrootDirectory:
++ charptr = &options->chroot_directory;
++
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing file name.",
++ filename, linenum);
++ if (*charptr == NULL)
++ *charptr = xstrdup(arg);
++ break;
++
+ case sDeprecated:
+ logit("%s line %d: Deprecated option %s",
+ filename, linenum, arg);
+diff -urN openssh-4.3p1.orig/servconf.h openssh-4.3p1/servconf.h
+--- openssh-4.3p1.orig/servconf.h 2005-12-13 09:29:03.000000000 +0100
++++ openssh-4.3p1/servconf.h 2009-03-26 01:50:26.000000000 +0100
+@@ -37,6 +37,9 @@
+
+ #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
+
++/* Magic name for internal sftp-server */
++#define INTERNAL_SFTP_NAME "internal-sftp"
++
+ typedef struct {
+ u_int num_ports;
+ u_int ports_from_cmdline;
+@@ -139,6 +142,8 @@
+ int use_pam; /* Enable auth via PAM */
+
+ int permit_tun;
++
++ char *chroot_directory;
+ } ServerOptions;
+
+ void initialize_server_options(ServerOptions *);
+ void initialize_server_options(ServerOptions *);
+diff -urN openssh-4.3p1.orig/session.c openssh-4.3p1/session.c
+--- openssh-4.3p1.orig/session.c 2005-12-24 04:59:12.000000000 +0100
++++ openssh-4.3p1/session.c 2009-03-26 02:10:21.000000000 +0100
+@@ -55,9 +55,11 @@
+ #include "sshlogin.h"
+ #include "serverloop.h"
+ #include "canohost.h"
++#include "misc.h"
+ #include "session.h"
+ #include "kex.h"
+ #include "monitor_wrap.h"
++#include "sftp.h"
+
+ #include "selinux.h"
+
+@@ -106,9 +108,13 @@
+ const char *original_command = NULL;
+
+ /* data */
+-#define MAX_SESSIONS 10
++#define MAX_SESSIONS 20
+ Session sessions[MAX_SESSIONS];
+
++#define SUBSYSTEM_NONE 0
++#define SUBSYSTEM_EXT 1
++#define SUBSYSTEM_INT_SFTP 2
++
+ #ifdef HAVE_LOGIN_CAP
+ login_cap_t *lc;
+ #endif
+@@ -1236,10 +1242,67 @@
+ }
+ }
+
++/*
++ * Chroot into a directory after checking it for safety: all path components
++ * must be root-owned directories with strict permissions.
++ */
++static void
++safely_chroot(const char *path)
++{
++ const char *cp;
++ char component[MAXPATHLEN];
++ struct stat st;
++
++ if (*path != '/')
++ fatal("chroot path does not begin at root");
++ if (strlen(path) >= sizeof(component))
++ fatal("chroot path too long");
++
++ /*
++ * Descend the path, checking that each component is a
++ * root-owned directory with strict permissions.
++ */
++ for (cp = path; cp != NULL;) {
++ if ((cp = strchr(cp, '/')) == NULL)
++ strlcpy(component, path, sizeof(component));
++ else {
++ cp++;
++ memcpy(component, path, cp - path);
++ component[cp - path] = '\0';
++ }
++
++ debug3("%s: checking '%s'", __func__, component);
++
++ if (stat(component, &st) != 0)
++ fatal("%s: stat(\"%s\"): %s", __func__,
++ component, strerror(errno));
++ if (st.st_uid != 0 || (st.st_mode & 022) != 0)
++ fatal("bad ownership or modes for chroot "
++ "directory %s\"%s\"",
++ cp == NULL ? "" : "component ", component);
++ if (!S_ISDIR(st.st_mode))
++ fatal("chroot path %s\"%s\" is not a directory",
++ cp == NULL ? "" : "component ", component);
++
++ }
++
++ if (chdir(path) == -1)
++ fatal("Unable to chdir to chroot path \"%s\": "
++ "%s", path, strerror(errno));
++ if (chroot(path) == -1)
++ fatal("chroot(\"%s\"): %s", path, strerror(errno));
++ if (chdir("/") == -1)
++ fatal("%s: chdir(/) after chroot: %s",
++ __func__, strerror(errno));
++ verbose("Changed root directory to \"%s\"", path);
++}
++
+ /* Set login name, uid, gid, and groups. */
+ void
+ do_setusercontext(struct passwd *pw)
+ {
++ char *chroot_path, *tmp;
++
+ #ifndef HAVE_CYGWIN
+ if (getuid() == 0 || geteuid() == 0)
+ #endif /* HAVE_CYGWIN */
+@@ -1303,6 +1367,18 @@
+ exit(1);
+ }
+ #endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
++
++ if (options.chroot_directory != NULL &&
++ strcasecmp(options.chroot_directory, "none") != 0) {
++ tmp = tilde_expand_filename(options.chroot_directory,
++ pw->pw_uid);
++ chroot_path = percent_expand(tmp, "h", pw->pw_dir,
++ "u", pw->pw_name, (char *)NULL);
++ safely_chroot(chroot_path);
++ free(tmp);
++ free(chroot_path);
++ }
++
+ /* Permanently switch to the desired uid. */
+ permanently_set_uid(pw);
+ #endif
+@@ -1397,14 +1473,16 @@
+ * environment, closing extra file descriptors, setting the user and group
+ * ids, and executing the command or shell.
+ */
++#define ARGV_MAX 10
+ void
+ do_child(Session *s, const char *command)
+ {
+ extern char **environ;
+ char **env;
+- char *argv[10];
++ char *argv[ARGV_MAX];
+ const char *shell, *shell0, *hostname = NULL;
+ struct passwd *pw = s->pw;
++ int r = 0;
+
+ /* remove hostkey from the child's memory */
+ destroy_sensitive_data();
+@@ -1520,12 +1598,16 @@
+
+ /* Change current directory to the user's home directory. */
+ if (chdir(pw->pw_dir) < 0) {
+- fprintf(stderr, "Could not chdir to home directory %s: %s\n",
+- pw->pw_dir, strerror(errno));
++ /* Suppress missing homedir warning for chroot case */
+ #ifdef HAVE_LOGIN_CAP
+- if (login_getcapbool(lc, "requirehome", 0))
+- exit(1);
++ r = login_getcapbool(lc, "requirehome", 0);
+ #endif
++ if (r || options.chroot_directory == NULL)
++ fprintf(stderr, "Could not chdir to home "
++ "directory %s: %s\n", pw->pw_dir,
++ strerror(errno));
++ if (r)
++ exit(1);
+ }
+
+ if (!options.use_login)
+@@ -1534,6 +1616,22 @@
+ /* restore SIGPIPE for child */
+ signal(SIGPIPE, SIG_DFL);
+
++ if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
++ extern int optind, optreset;
++ int i;
++ char *p, *args;
++
++ setproctitle("%s at internal-sftp-server", s->pw->pw_name);
++ args = strdup(command ? command : "sftp-server");
++ for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
++ if (i < ARGV_MAX - 1)
++ argv[i++] = p;
++ argv[i] = NULL;
++ optind = optreset = 1;
++ __progname = argv[0];
++ exit(sftp_server_main(i, argv, s->pw));
++ }
++
+ if (options.use_login) {
+ launch_login(pw, hostname);
+ /* NEVERREACHED */
+@@ -1806,13 +1904,16 @@
+ if (strcmp(subsys, options.subsystem_name[i]) == 0) {
+ prog = options.subsystem_command[i];
+ cmd = options.subsystem_args[i];
+- if (stat(prog, &st) < 0) {
++ if (!strcmp(INTERNAL_SFTP_NAME, prog)) {
++ s->is_subsystem = SUBSYSTEM_INT_SFTP;
++ } else if (stat(prog, &st) < 0) {
+ error("subsystem: cannot stat %s: %s", prog,
+ strerror(errno));
+ break;
++ } else {
++ s->is_subsystem = SUBSYSTEM_EXT;
+ }
+ debug("subsystem: exec() %s", cmd);
+- s->is_subsystem = 1;
+ do_exec(s, cmd);
+ success = 1;
+ break;
+diff -urN openssh-4.3p1.orig/sshd_config openssh-4.3p1/sshd_config
+--- openssh-4.3p1.orig/sshd_config 2005-12-13 09:29:03.000000000 +0100
++++ openssh-4.3p1/sshd_config 2009-03-26 01:37:12.000000000 +0100
+@@ -97,6 +97,7 @@
+ #PidFile /var/run/sshd.pid
+ #MaxStartups 10
+ #PermitTunnel no
++#ChrootDirectory none
+
+ # no default banner path
+ #Banner /some/path
+diff -urN openssh-4.3p1.orig/sshd_config.0 openssh-4.3p1/sshd_config.0
+--- openssh-4.3p1.orig/sshd_config.0 2006-02-01 12:33:53.000000000 +0100
++++ openssh-4.3p1/sshd_config.0 2009-03-26 01:36:09.000000000 +0100
+@@ -79,6 +79,28 @@
+ All authentication styles from login.conf(5) are supported. The
+ default is ``yes''.
+
++ ChrootDirectory
++ Specifies a path to chroot(2) to after authentication. This
++ path, and all its components, must be root-owned directories that
++ are not writable by any other user or group.
++
++ The path may contain the following tokens that are expanded at
++ runtime once the connecting user has been authenticated: %% is
++ replaced by a literal '%', %h is replaced by the home directory
++ of the user being authenticated, and %u is replaced by the user-
++ name of that user.
++
++ The ChrootDirectory must contain the necessary files and directo-
++ ries to support the users' session. For an interactive session
++ this requires at least a shell, typically sh(1), and basic /dev
++ nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
++ arandom(4) and tty(4) devices. For file transfer sessions using
++ ``sftp'', no additional configuration of the environment is nec-
++ essary if the in-process sftp server is used (see Subsystem for
++ details).
++
++ The default is not to chroot(2).
++
+ Ciphers
+ Specifies the ciphers allowed for protocol version 2. Multiple
+ ciphers must be comma-separated. The supported ciphers are
+@@ -369,10 +391,17 @@
+ Subsystem
+ Configures an external subsystem (e.g., file transfer daemon).
+ Arguments should be a subsystem name and a command to execute up-
+- on subsystem request. The command sftp-server(8) implements the
+- ``sftp'' file transfer subsystem. By default no subsystems are
+- defined. Note that this option applies to protocol version 2 on-
+- ly.
++ on subsystem request.
++
++ The command sftp-server(8) implements the ``sftp'' file transfer
++ subsystem.
++
++ Alternately the name ``internal-sftp'' implements an in-process
++ ``sftp'' server. This may simplify configurations using
++ ChrootDirectory to force a different filesystem root on clients.
++
++ By default no subsystems are defined. Note that this option ap-
++ plies to protocol version 2 only.
+
+ SyslogFacility
+ Gives the facility code that is used when logging messages from
+diff -urN openssh-4.3p1.orig/sshd_config.5 openssh-4.3p1/sshd_config.5
+--- openssh-4.3p1.orig/sshd_config.5 2006-01-03 08:47:31.000000000 +0100
++++ openssh-4.3p1/sshd_config.5 2009-03-26 01:36:09.000000000 +0100
+@@ -157,6 +157,49 @@
+ are supported.
+ The default is
+ .Dq yes .
++.It Cm ChrootDirectory
++Specifies a path to
++.Xr chroot 2
++to after authentication.
++This path, and all its components, must be root-owned directories that are
++not writable by any other user or group.
++.Pp
++The path may contain the following tokens that are expanded at runtime once
++the connecting user has been authenticated: %% is replaced by a literal '%',
++%h is replaced by the home directory of the user being authenticated, and
++%u is replaced by the username of that user.
++.Pp
++The
++.Cm ChrootDirectory
++must contain the necessary files and directories to support the
++users' session.
++For an interactive session this requires at least a shell, typically
++.Xr sh 1 ,
++and basic
++.Pa /dev
++nodes such as
++.Xr null 4 ,
++.Xr zero 4 ,
++.Xr stdin 4 ,
++.Xr stdout 4 ,
++.Xr stderr 4 ,
++.Xr arandom 4
++and
++.Xr tty 4
++devices.
++For file transfer sessions using
++.Dq sftp ,
++no additional configuration of the environment is necessary if the
++in-process sftp server is used (see
++.Dq internal-sftp
++will force the use of an in-process sftp server that requires no support
++files when used with
++.Cm ChrootDirectory .
++.Cm Subsystem
++for details).
++.Pp
++The default is not to
++.Xr chroot 2 .
+ .It Cm Ciphers
+ Specifies the ciphers allowed for protocol version 2.
+ Multiple ciphers must be comma-separated.
+@@ -251,6 +294,11 @@
+ If the pattern takes the form USER at HOST then USER and HOST
+ are separately checked, restricting logins to particular
+ users from particular hosts.
++Specifying a command of
++.Dq internal-sftp
++will force the use of an in-process sftp server that requires no support
++files when used with
++.Cm ChrootDirectory .
+ .It Cm GatewayPorts
+ Specifies whether remote hosts are allowed to connect to ports
+ forwarded for the client.
+@@ -618,11 +666,22 @@
+ Configures an external subsystem (e.g., file transfer daemon).
+ Arguments should be a subsystem name and a command (with optional arguments)
+ to execute upon subsystem request.
++.Pp
+ The command
+ .Xr sftp-server 8
+ implements the
+ .Dq sftp
+ file transfer subsystem.
++.Pp
++Alternately the name
++.Dq internal-sftp
++implements an in-process
++.Dq sftp
++server.
++This may simplify configurations using
++.Cm ChrootDirectory
++to force a different filesystem root on clients.
++.Pp
+ By default no subsystems are defined.
+ Note that this option applies to protocol version 2 only.
+ .It Cm SyslogFacility
+diff -urN openssh-4.3p1.orig/sftp.h openssh-4.3p1/sftp.h
+--- openssh-4.3p1.orig/sftp.h 2005-12-13 09:33:20.000000000 +0100
++++ openssh-4.3p1/sftp.h 2009-03-26 01:55:24.000000000 +0100
+@@ -90,3 +90,7 @@
+ #define SSH2_FX_CONNECTION_LOST 7
+ #define SSH2_FX_OP_UNSUPPORTED 8
+ #define SSH2_FX_MAX 8
++
++struct passwd;
++
++int sftp_server_main(int, char **, struct passwd *);
+diff -urN openssh-4.3p1.orig/sftp-server.c openssh-4.3p1/sftp-server.c
+--- openssh-4.3p1.orig/sftp-server.c 2005-12-13 09:33:20.000000000 +0100
++++ openssh-4.3p1/sftp-server.c 2009-03-26 01:55:24.000000000 +0100
+@@ -1195,7 +1195,7 @@
+ }
+
+ int
+-main(int argc, char **argv)
++sftp_server_main(int argc, char **argv, struct passwd *user_pw)
+ {
+ fd_set *rset, *wset;
+ int in, out, max, ch, skipargs = 0, log_stderr = 0;
+@@ -1206,9 +1206,6 @@
+ extern char *optarg;
+ extern char *__progname;
+
+- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+- sanitise_stdfd();
+-
+ __progname = ssh_get_progname(argv[0]);
+ log_init(__progname, log_level, log_facility, log_stderr);
+
+@@ -1253,15 +1250,11 @@
+ } else
+ client_addr = xstrdup("UNKNOWN");
+
+- if ((pw = getpwuid(getuid())) == NULL)
+- fatal("No user found for uid %lu", (u_long)getuid());
+- pw = pwcopy(pw);
++ pw = pwcopy(user_pw);
+
+ logit("session opened for local user %s from [%s]",
+ pw->pw_name, client_addr);
+
+- handle_init();
+-
+ in = dup(STDIN_FILENO);
+ out = dup(STDOUT_FILENO);
+
+diff -urN openssh-4.7p1/sftp-server-main.c openssh-4.9p1/sftp-server-main.c
+--- openssh-4.7p1/sftp-server-main.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-4.9p1/sftp-server-main.c 2008-03-27 00:45:49.000000000 +0100
+@@ -0,0 +1,50 @@
++/* $OpenBSD: sftp-server-main.c,v 1.3 2008/03/26 23:44:41 djm Exp $ */
++/*
++ * Copyright (c) 2008 Markus Friedl. All rights reserved.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include "includes.h"
++
++#include <sys/types.h>
++#include <pwd.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <unistd.h>
++
++#include "log.h"
++#include "sftp.h"
++#include "misc.h"
++
++void
++cleanup_exit(int i)
++{
++ sftp_server_cleanup_exit(i);
++}
++
++int
++main(int argc, char **argv)
++{
++ struct passwd *user_pw;
++
++ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
++ sanitise_stdfd();
++
++ if ((user_pw = getpwuid(getuid())) == NULL) {
++ fprintf(stderr, "No user found for uid %lu", (u_long)getuid());
++ return 1;
++ }
++
++ return (sftp_server_main(argc, argv, user_pw));
++}
+diff -urN openssh-4.3p1.orig/Makefile.in openssh-4.3p1/Makefile.in
+--- openssh-4.3p1.orig/Makefile.in 2005-12-13 09:33:20.000000000 +0100
++++ openssh-4.3p1/Makefile.in 2009-03-26 01:55:24.000000000 +0100
+@@ -88,7 +88,7 @@
+ auth-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+- audit.o audit-bsm.o
++ audit.o audit-bsm.o sftp-server.o sftp-common.o
+
+ MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
+ MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
+@@ -158,8 +158,8 @@
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+
+-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
+- $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
++ $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+ $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
diff --git a/openssh-4.3p2-configure-typo.patch b/openssh-4.3p2-configure-typo.patch
new file mode 100644
index 0000000..0a864eb
--- /dev/null
+++ b/openssh-4.3p2-configure-typo.patch
@@ -0,0 +1,10 @@
+--- openssh-4.3p2/configure.ac.typo 2006-07-17 13:29:27.000000000 +0200
++++ openssh-4.3p2/configure.ac 2006-07-17 13:29:45.000000000 +0200
+@@ -1608,6 +1608,7 @@
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ],
++ [
+ AC_MSG_RESULT(cross-compiling, assuming no)
+ ]
+ )
diff --git a/openssh-4.3p2-coverity-memleaks.patch b/openssh-4.3p2-coverity-memleaks.patch
new file mode 100644
index 0000000..103fd48
--- /dev/null
+++ b/openssh-4.3p2-coverity-memleaks.patch
@@ -0,0 +1,123 @@
+Some memleaks fixes from coverity scan taken from upstream CVS
+--- openssh/auth2-gss.c 2005/11/05 05:07:05 1.13
++++ openssh/auth2-gss.c 2006/03/25 14:04:53 1.14
+@@ -100,6 +100,8 @@
+ }
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
++ if (ctxt != NULL)
++ ssh_gssapi_delete_ctx(&ctxt);
+ xfree(doid);
+ return (0);
+ }
+--- openssh/gss-genr.c 2005/11/05 05:07:05 1.7
++++ openssh/gss-genr.c 2006/03/25 14:05:23 1.8
+@@ -72,7 +72,11 @@
+ void
+ ssh_gssapi_error(Gssctxt *ctxt)
+ {
+- debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
++ char *s;
++
++ s = ssh_gssapi_last_error(ctxt, NULL, NULL);
++ debug("%s", s);
++ xfree(s);
+ }
+
+ char *
+@@ -231,11 +235,15 @@
+ gss_create_empty_oid_set(&status, &oidset);
+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
+
+- if (gethostname(lname, MAXHOSTNAMELEN))
++ if (gethostname(lname, MAXHOSTNAMELEN)) {
++ gss_release_oid_set(&status, &oidset);
+ return (-1);
++ }
+
+- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
++ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
++ gss_release_oid_set(&status, &oidset);
+ return (ctx->major);
++ }
+
+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+--- openssh/gss-serv.c 2006/03/15 01:20:04 1.14
++++ openssh/gss-serv.c 2006/03/25 14:05:44 1.15
+@@ -78,6 +78,8 @@
+ &supported_mechs[i]->oid, oidset);
+ i++;
+ }
++
++ gss_release_oid_set(&min_status, &supported);
+ }
+
+
+--- openssh/monitor.c 2006/03/26 03:58:56 1.96
++++ openssh/monitor.c 2006/03/26 04:01:55 1.97
+@@ -1021,6 +1021,10 @@
+ key_blobtype = type;
+ hostbased_cuser = cuser;
+ hostbased_chost = chost;
++ } else {
++ xfree(blob);
++ xfree(cuser);
++ xfree(chost);
+ }
+
+ debug3("%s: key %p is %s",
+--- openssh/sftp.c 2006/03/25 14:03:23 1.82
++++ openssh/sftp.c 2006/03/26 03:51:44 1.83
+@@ -548,6 +548,7 @@
+
+ if (g.gl_matchc == 1 && dst) {
+ /* If directory specified, append filename */
++ xfree(tmp);
+ if (is_dir(dst)) {
+ if (infer_path(g.gl_pathv[0], &tmp)) {
+ err = 1;
+@@ -572,8 +573,6 @@
+
+ out:
+ xfree(abs_src);
+- if (abs_dst)
+- xfree(abs_dst);
+ globfree(&g);
+ return(err);
+ }
+@@ -1289,6 +1288,7 @@
+ if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0) {
+ xfree(dir);
+ xfree(pwd);
++ xfree(conn);
+ return (-1);
+ }
+ } else {
+@@ -1301,6 +1301,7 @@
+ err = parse_dispatch_command(conn, cmd, &pwd, 1);
+ xfree(dir);
+ xfree(pwd);
++ xfree(conn);
+ return (err);
+ }
+ xfree(dir);
+@@ -1365,6 +1366,7 @@
+ break;
+ }
+ xfree(pwd);
++ xfree(conn);
+
+ #ifdef USE_LIBEDIT
+ if (el != NULL)
+--- openssh/serverloop.c 2006/03/25 14:03:23 1.131
++++ openssh/serverloop.c 2006/03/26 03:51:09 1.132
+@@ -1090,6 +1090,7 @@
+
+ success = channel_cancel_rport_listener(cancel_address,
+ cancel_port);
++ xfree(cancel_address);
+ }
+ if (want_reply) {
+ packet_start(success ?
+
diff --git a/openssh-4.3p2-crypto-audit.patch b/openssh-4.3p2-crypto-audit.patch
new file mode 100644
index 0000000..1bb340d
--- /dev/null
+++ b/openssh-4.3p2-crypto-audit.patch
@@ -0,0 +1,641 @@
+diff -up openssh-4.3p2/audit.c.cryptoaudit openssh-4.3p2/audit.c
+--- openssh-4.3p2/audit.c.cryptoaudit 2005-07-17 09:26:44.000000000 +0200
++++ openssh-4.3p2/audit.c 2010-12-09 18:48:44.000000000 +0100
+@@ -26,7 +26,6 @@
+
+ #include "includes.h"
+
+-#ifdef SSH_AUDIT_EVENTS
+
+ #include "audit.h"
+ #include "log.h"
+@@ -39,6 +38,8 @@
+ */
+ extern Authctxt *the_authctxt;
+
++#ifdef SSH_AUDIT_EVENTS
++
+ /* Maybe add the audit class to struct Authmethod? */
+ ssh_audit_event_t
+ audit_classify_auth(const char *method)
+@@ -62,6 +63,8 @@ audit_classify_auth(const char *method)
+ return SSH_AUDIT_UNKNOWN;
+ }
+
++#endif
++
+ /* helper to return supplied username */
+ const char *
+ audit_username(void)
+@@ -76,6 +79,8 @@ audit_username(void)
+ return (the_authctxt->user);
+ }
+
++#ifdef SSH_AUDIT_EVENTS
++
+ const char *
+ audit_event_lookup(ssh_audit_event_t ev)
+ {
+diff -up openssh-4.3p2/auth2-pubkey.c.cryptoaudit openssh-4.3p2/auth2-pubkey.c
+--- openssh-4.3p2/auth2-pubkey.c.cryptoaudit 2010-12-09 18:48:42.000000000 +0100
++++ openssh-4.3p2/auth2-pubkey.c 2010-12-09 21:46:44.000000000 +0100
+@@ -44,12 +44,99 @@ RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 20
+ #include "canohost.h"
+ #include "monitor_wrap.h"
+ #include "misc.h"
++#ifdef HAVE_LINUX_AUDIT
++#include <libaudit.h>
++#endif
+
+ /* import */
+ extern ServerOptions options;
+ extern u_char *session_id2;
+ extern u_int session_id2_len;
+
++#ifdef HAVE_LINUX_AUDIT
++#define AUDIT_LOG_SIZE 128
++
++const char * audit_username(void);
++
++int
++linux_audit_record_keyusage(const char *algorithm, unsigned size, char *fp, int rv)
++{
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd;
++ int rc = 0;
++
++ audit_fd = audit_open();
++ debug3("%s: user audit_fd %d",__func__, audit_fd);
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return 1; /* No audit support in kernel */
++ else
++ return 0; /* Must prevent login */
++ }
++ snprintf(buf, sizeof(buf), "pubkey_auth rport=%d", get_remote_port());
++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
++ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
++ if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
++ goto out;
++
++ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d",
++ algorithm, 8 * size, fp, get_remote_port());
++ debug3("%s: buf=%s", __func__, buf);
++ rc = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_KEY_USER, NULL,
++ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
++out:
++ audit_close(audit_fd);
++ debug3("%s: rc=%d", __func__, rc);
++ if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
++ return 0;
++ else
++ return 1;
++}
++#else
++#define linux_audit_record_keyusage(name,algorithm,fp,rv) do { ; } while (0)
++#endif
++
++int
++pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
++{
++ int rv;
++#ifdef HAVE_LINUX_AUDIT
++ char *fp;
++ unsigned size = 0;
++ const char *crypto_name[] = {
++ "ssh-rsa1",
++ "ssh-rsa",
++ "ssh-dsa",
++ "ssh-nss",
++ "unknown" };
++#endif
++
++ rv = key_verify(key, sig, slen, data, datalen);
++#ifdef HAVE_LINUX_AUDIT
++ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
++ switch(key->type) {
++ case KEY_RSA1:
++ case KEY_RSA:
++ size = RSA_size(key->rsa);
++ break;
++ case KEY_DSA:
++ size = DSA_size(key->dsa);
++ break;
++#ifdef HAVE_LIBNSS
++ case KEY_NSS:
++ size = SECKEY_SignatureLen(key->nss->pubk);
++ break;
++#endif
++ }
++
++ if (linux_audit_record_keyusage(crypto_name[key->type <= KEY_UNSPEC ? key->type : KEY_UNSPEC], size, fp, rv) == 0)
++ return 0;
++ xfree(fp);
++#endif
++ return rv;
++}
++
+ static int
+ userauth_pubkey(Authctxt *authctxt)
+ {
+diff -up openssh-4.3p2/auth-rsa.c.cryptoaudit openssh-4.3p2/auth-rsa.c
+--- openssh-4.3p2/auth-rsa.c.cryptoaudit 2005-06-17 04:59:35.000000000 +0200
++++ openssh-4.3p2/auth-rsa.c 2010-12-09 18:48:44.000000000 +0100
+@@ -35,6 +35,8 @@ RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/
+ #include "ssh.h"
+ #include "misc.h"
+
++int linux_audit_record_keyusage(const char *, unsigned, char *, int);
++
+ /* import */
+ extern ServerOptions options;
+
+@@ -77,7 +79,10 @@ auth_rsa_verify_response(Key *key, BIGNU
+ {
+ u_char buf[32], mdbuf[16];
+ MD5_CTX md;
+- int len;
++ int len, rv;
++#ifdef HAVE_LINUX_AUDIT
++ char *fp;
++#endif
+
+ /* don't allow short keys */
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+@@ -98,12 +103,16 @@ auth_rsa_verify_response(Key *key, BIGNU
+ MD5_Final(mdbuf, &md);
+
+ /* Verify that the response is the original challenge. */
+- if (memcmp(response, mdbuf, 16) != 0) {
+- /* Wrong answer. */
+- return (0);
++ rv = memcmp(response, mdbuf, 16) == 0;
++#ifdef HAVE_LINUX_AUDIT
++ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
++ if (linux_audit_record_keyusage("ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) {
++ debug("unsuccessful audit");
++ rv = 0;
+ }
+- /* Correct answer. */
+- return (1);
++ xfree(fp);
++#endif
++ return rv;
+ }
+
+ /*
+@@ -275,6 +284,7 @@ auth_rsa_key_allowed(struct passwd *pw,
+ *rkey = key;
+ else
+ key_free(key);
++
+ return (allowed);
+ }
+
+diff -up openssh-4.3p2/cipher.c.cryptoaudit openssh-4.3p2/cipher.c
+--- openssh-4.3p2/cipher.c.cryptoaudit 2010-12-09 18:48:43.000000000 +0100
++++ openssh-4.3p2/cipher.c 2010-12-09 18:48:44.000000000 +0100
+@@ -55,15 +55,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
+ extern const EVP_CIPHER *evp_aes_128_ctr(void);
+ extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+
+-struct Cipher {
+- char *name;
+- int number; /* for ssh1 only */
+- u_int block_size;
+- u_int key_len;
+- u_int discard_len;
+- u_int cbc_mode;
+- const EVP_CIPHER *(*evptype)(void);
+-} ciphers[] = {
++struct Cipher ciphers[] = {
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
+ { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
+diff -up openssh-4.3p2/cipher.h.cryptoaudit openssh-4.3p2/cipher.h
+--- openssh-4.3p2/cipher.h.cryptoaudit 2010-12-09 18:48:43.000000000 +0100
++++ openssh-4.3p2/cipher.h 2010-12-09 18:48:44.000000000 +0100
+@@ -61,7 +61,16 @@
+ typedef struct Cipher Cipher;
+ typedef struct CipherContext CipherContext;
+
+-struct Cipher;
++struct Cipher {
++ char *name;
++ int number; /* for ssh1 only */
++ u_int block_size;
++ u_int key_len;
++ u_int discard_len;
++ u_int cbc_mode;
++ const EVP_CIPHER *(*evptype)(void);
++};
++
+ struct CipherContext {
+ int plaintext;
+ EVP_CIPHER_CTX evp;
+diff -up openssh-4.3p2/kex.c.cryptoaudit openssh-4.3p2/kex.c
+--- openssh-4.3p2/kex.c.cryptoaudit 2005-11-05 05:19:36.000000000 +0100
++++ openssh-4.3p2/kex.c 2010-12-09 18:48:44.000000000 +0100
+@@ -44,6 +44,11 @@ RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04
+
+ #define KEX_COOKIE_LEN 16
+
++#ifdef HAVE_LINUX_AUDIT
++extern void linux_audit_unsupported(int);
++extern void linux_audit_kex(int, char *, char *, char *);
++#endif
++
+ /* prototype */
+ static void kex_kexinit_finish(Kex *);
+ static void kex_choose_conf(Kex *);
+@@ -243,8 +248,12 @@ static void
+ choose_enc(Enc *enc, char *client, char *server)
+ {
+ char *name = match_list(client, server, NULL);
+- if (name == NULL)
++ if (name == NULL) {
++#ifdef HAVE_LINUX_AUDIT
++ linux_audit_unsupported(0);
++#endif
+ fatal("no matching cipher found: client %s server %s", client, server);
++ }
+ if ((enc->cipher = cipher_by_name(name)) == NULL)
+ fatal("matching cipher is not supported: %s", name);
+ enc->name = name;
+@@ -258,8 +267,12 @@ static void
+ choose_mac(Mac *mac, char *client, char *server)
+ {
+ char *name = match_list(client, server, NULL);
+- if (name == NULL)
++ if (name == NULL) {
++#ifdef HAVE_LINUX_AUDIT
++ linux_audit_unsupported(1);
++#endif
+ fatal("no matching mac found: client %s server %s", client, server);
++ }
+ if (mac_init(mac, name) < 0)
+ fatal("unsupported mac %s", name);
+ /* truncate the key */
+@@ -273,8 +286,12 @@ static void
+ choose_comp(Comp *comp, char *client, char *server)
+ {
+ char *name = match_list(client, server, NULL);
+- if (name == NULL)
++ if (name == NULL) {
++#ifdef HAVE_LINUX_AUDIT
++ linux_audit_unsupported(2);
++#endif
+ fatal("no matching comp found: client %s server %s", client, server);
++ }
+ if (strcmp(name, "zlib at openssh.com") == 0) {
+ comp->type = COMP_DELAYED;
+ } else if (strcmp(name, "zlib") == 0) {
+@@ -379,6 +396,9 @@ kex_choose_conf(Kex *kex)
+ newkeys->enc.name,
+ newkeys->mac.name,
+ newkeys->comp.name);
++#ifdef HAVE_LINUX_AUDIT
++ linux_audit_kex(ctos, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name);
++#endif
+ }
+ choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
+ choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+diff -up /dev/null openssh-4.3p2/lkstub.c
+--- /dev/null 2010-12-04 01:37:10.480937212 +0100
++++ openssh-4.3p2/lkstub.c 2010-12-09 18:48:44.000000000 +0100
+@@ -0,0 +1,10 @@
++
++void
++linux_audit_unsupported(int n)
++{
++}
++
++void
++linux_audit_kex(int ctos, char *enc, char *mac, char *comp)
++{
++}
+diff -up openssh-4.3p2/Makefile.in.cryptoaudit openssh-4.3p2/Makefile.in
+--- openssh-4.3p2/Makefile.in.cryptoaudit 2010-12-09 18:48:43.000000000 +0100
++++ openssh-4.3p2/Makefile.in 2010-12-09 18:48:44.000000000 +0100
+@@ -73,7 +73,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
+ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
+- entropy.o scard-opensc.o gss-genr.o nsskeys.o
++ entropy.o scard-opensc.o gss-genr.o nsskeys.o lkstub.o
+
+ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o
+diff -up openssh-4.3p2/monitor.c.cryptoaudit openssh-4.3p2/monitor.c
+--- openssh-4.3p2/monitor.c.cryptoaudit 2010-12-09 18:48:41.000000000 +0100
++++ openssh-4.3p2/monitor.c 2010-12-09 18:48:44.000000000 +0100
+@@ -149,6 +149,9 @@ int mm_answer_audit_event(int, Buffer *)
+ int mm_answer_audit_command(int, Buffer *);
+ #endif
+
++int mm_answer_linux_audit_unsupported_body(int, Buffer *);
++int mm_answer_linux_audit_kex_body(int, Buffer *);
++
+ static Authctxt *authctxt;
+ static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
+
+@@ -179,6 +182,8 @@ struct mon_table {
+ #define MON_PERMIT 0x1000 /* Request is permitted */
+
+ struct mon_table mon_dispatch_proto20[] = {
++ {MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_linux_audit_unsupported_body},
++ {MONITOR_REQ_LINUX_AUDIT_KEX, MON_PERMIT, mm_answer_linux_audit_kex_body},
+ {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
+ {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
+ {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
+@@ -217,6 +222,8 @@ struct mon_table mon_dispatch_proto20[]
+ };
+
+ struct mon_table mon_dispatch_postauth20[] = {
++ {MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_linux_audit_unsupported_body},
++ {MONITOR_REQ_LINUX_AUDIT_KEX, MON_PERMIT, mm_answer_linux_audit_kex_body},
+ {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
+ {MONITOR_REQ_SIGN, 0, mm_answer_sign},
+ {MONITOR_REQ_PTY, 0, mm_answer_pty},
+@@ -230,6 +237,8 @@ struct mon_table mon_dispatch_postauth20
+ };
+
+ struct mon_table mon_dispatch_proto15[] = {
++ {MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_linux_audit_unsupported_body},
++ {MONITOR_REQ_LINUX_AUDIT_KEX, MON_PERMIT, mm_answer_linux_audit_kex_body},
+ {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
+ {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
+ {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
+@@ -261,6 +270,8 @@ struct mon_table mon_dispatch_proto15[]
+ };
+
+ struct mon_table mon_dispatch_postauth15[] = {
++ {MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_linux_audit_unsupported_body},
++ {MONITOR_REQ_LINUX_AUDIT_KEX, MON_PERMIT, mm_answer_linux_audit_kex_body},
+ {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
+ {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
+ {MONITOR_REQ_TERM, 0, mm_answer_term},
+@@ -1212,7 +1223,17 @@ mm_answer_keyverify(int sock, Buffer *m)
+ if (!valid_data)
+ fatal("%s: bad signature data blob", __func__);
+
+- verified = key_verify(key, signature, signaturelen, data, datalen);
++ switch (key_blobtype) {
++ case MM_USERKEY:
++ verified = pubkey_key_verify(key, signature, signaturelen, data, datalen);
++ break;
++ case MM_HOSTKEY:
++ verified = key_verify(key, signature, signaturelen, data, datalen);
++ break;
++ default:
++ verified = 0;
++ break;
++ }
+ debug3("%s: key %p signature %s",
+ __func__, key, (verified == 1) ? "verified" : "unverified");
+
+@@ -1955,3 +1976,39 @@ mm_answer_gss_userok(int sock, Buffer *m
+ return (authenticated);
+ }
+ #endif /* GSSAPI */
++
++void linux_audit_unsupported_body(int);
++void linux_audit_kex_body(int, char *);
++
++int
++mm_answer_linux_audit_unsupported_body(int sock, Buffer *m)
++{
++ int what;
++
++ what = buffer_get_int(m);
++
++ linux_audit_unsupported_body(what);
++
++ buffer_clear(m);
++
++ mm_request_send(sock, MONITOR_ANS_LINUX_AUDIT_UNSUPPORTED, m);
++ return 0;
++}
++
++int
++mm_answer_linux_audit_kex_body(int sock, Buffer *m)
++{
++ int ctos, len;
++ char *crypto;
++
++ ctos = buffer_get_int(m);
++ crypto = buffer_get_string(m, &len);
++
++ linux_audit_kex_body(ctos, crypto);
++
++ buffer_clear(m);
++
++ mm_request_send(sock, MONITOR_ANS_LINUX_AUDIT_KEX, m);
++ return 0;
++}
++
+diff -up openssh-4.3p2/monitor.h.cryptoaudit openssh-4.3p2/monitor.h
+--- openssh-4.3p2/monitor.h.cryptoaudit 2010-12-09 18:48:39.000000000 +0100
++++ openssh-4.3p2/monitor.h 2010-12-09 18:48:44.000000000 +0100
+@@ -29,6 +29,15 @@
+ #define _MONITOR_H_
+
+ enum monitor_reqtype {
++ MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, MONITOR_ANS_LINUX_AUDIT_UNSUPPORTED,
++ MONITOR_REQ_LINUX_AUDIT_KEX, MONITOR_ANS_LINUX_AUDIT_KEX,
++ MONITOR_REQ_KEYVERIFY, MONITOR_ANS_KEYVERIFY,
++ MONITOR_REQ_PAM_START,
++ MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
++ MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
++ MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
++ MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
++ MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
+ MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
+ MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,MONITOR_REQ_AUTHROLE,
+ MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
+@@ -40,7 +49,6 @@ enum monitor_reqtype {
+ MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY,
+ MONITOR_REQ_SKEYRESPOND, MONITOR_ANS_SKEYRESPOND,
+ MONITOR_REQ_KEYALLOWED, MONITOR_ANS_KEYALLOWED,
+- MONITOR_REQ_KEYVERIFY, MONITOR_ANS_KEYVERIFY,
+ MONITOR_REQ_KEYEXPORT,
+ MONITOR_REQ_PTY, MONITOR_ANS_PTY,
+ MONITOR_REQ_PTYCLEANUP,
+@@ -53,14 +61,8 @@ enum monitor_reqtype {
+ MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
+ MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
+ MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
+- MONITOR_REQ_PAM_START,
+- MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
+- MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
+- MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
+- MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
+- MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
+ MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
+- MONITOR_REQ_TERM
++ MONITOR_REQ_TERM,
+ };
+
+ struct mm_master;
+diff -up openssh-4.3p2/monitor_wrap.c.cryptoaudit openssh-4.3p2/monitor_wrap.c
+--- openssh-4.3p2/monitor_wrap.c.cryptoaudit 2010-12-09 18:48:39.000000000 +0100
++++ openssh-4.3p2/monitor_wrap.c 2010-12-09 18:48:45.000000000 +0100
+@@ -1233,3 +1233,34 @@ mm_ssh_gssapi_userok(char *user)
+ return (authenticated);
+ }
+ #endif /* GSSAPI */
++
++void
++mm_linux_audit_unsupported_body(int what)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ buffer_put_int(&m, what);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LINUX_AUDIT_UNSUPPORTED,
++ &m);
++
++ buffer_free(&m);
++}
++
++void
++mm_linux_audit_kex_body(int ctos, char *crypto)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ buffer_put_int(&m, ctos);
++ buffer_put_cstring(&m, crypto);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LINUX_AUDIT_KEX, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LINUX_AUDIT_KEX,
++ &m);
++
++ buffer_free(&m);
++}
+diff -up openssh-4.3p2/monitor_wrap.h.cryptoaudit openssh-4.3p2/monitor_wrap.h
+--- openssh-4.3p2/monitor_wrap.h.cryptoaudit 2010-12-09 18:48:40.000000000 +0100
++++ openssh-4.3p2/monitor_wrap.h 2010-12-09 18:48:45.000000000 +0100
+@@ -112,4 +112,8 @@ void *mm_zalloc(struct mm_master *, u_in
+ void mm_zfree(struct mm_master *, void *);
+ void mm_init_compression(struct mm_master *);
+
++/* linux audit */
++void mm_linux_audit_unsupported_body(int);
++void mm_linux_audit_kex_body(int, char *);
++
+ #endif /* _MM_H_ */
+diff -up openssh-4.3p2/serverloop.c.cryptoaudit openssh-4.3p2/serverloop.c
+--- openssh-4.3p2/serverloop.c.cryptoaudit 2010-12-09 18:48:43.000000000 +0100
++++ openssh-4.3p2/serverloop.c 2010-12-09 21:51:02.000000000 +0100
+@@ -55,6 +55,11 @@ RCSID("$OpenBSD: serverloop.c,v 1.124 20
+ #include "serverloop.h"
+ #include "misc.h"
+ #include "kex.h"
++#include "cipher.h"
++#include "monitor_wrap.h"
++#ifdef HAVE_LINUX_AUDIT
++#include <libaudit.h>
++#endif
+
+ extern ServerOptions options;
+
+@@ -895,6 +900,72 @@ server_input_window_size(int type, u_int
+ pty_change_window_size(fdin, row, col, xpixel, ypixel);
+ }
+
++#ifdef HAVE_LINUX_AUDIT
++#define AUDIT_LOG_SIZE 128
++
++void
++linux_audit_unsupported_body(int what)
++{
++ char buf[AUDIT_LOG_SIZE];
++ const static char *name[] = { "cipher", "mac", "comp" };
++ int audit_fd, audit_ok;
++
++ snprintf(buf, sizeof(buf), "unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d", name[what], get_remote_port(),
++ get_local_ipaddr(packet_get_connection_in()), get_local_port());
++ audit_fd = audit_open();
++ if (audit_fd < 0)
++ /* no problem, the next instruction will be fatal() */
++ return;
++ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL,
++ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 0);
++ audit_close(audit_fd);
++}
++
++void
++linux_audit_unsupported(int what)
++{
++ PRIVSEP(linux_audit_unsupported_body(what));
++}
++
++void
++linux_audit_kex_body(int ctos, char *crypto)
++{
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd, audit_ok;
++ const static char *direction[] = { "from-server", "from-client", "both" };
++
++ snprintf(buf, sizeof(buf), "start direction=%s %s", direction[ctos], crypto);
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return; /* No audit support in kernel */
++ else
++ fatal("cannot open audit"); /* Must prevent login */
++ }
++ audit_ok = audit_log_acct_message(audit_fd, AUDIT_CRYPTO_SESSION, NULL,
++ buf, NULL, -1, NULL, get_remote_ipaddr(), NULL, 1);
++ audit_close(audit_fd);
++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
++ fatal("cannot write into audit"); /* Must prevent login */
++}
++
++void
++linux_audit_kex(int ctos, char *enc, char *mac, char *comp)
++{
++ char buf[AUDIT_LOG_SIZE];
++ Cipher *cipher = cipher_by_name(enc);
++ int klen = 0;
++
++ if (cipher)
++ klen = cipher->key_len;
++
++ snprintf(buf, sizeof(buf), "cipher=%s ksize=%d rport=%d laddr=%s lport=%d", enc, 8 * klen,
++ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
++ PRIVSEP(linux_audit_kex_body(ctos, buf));
++}
++#endif
++
+ static Channel *
+ server_request_direct_tcpip(void)
+ {
+diff -up openssh-4.3p2/sshd.c.cryptoaudit openssh-4.3p2/sshd.c
+--- openssh-4.3p2/sshd.c.cryptoaudit 2010-12-09 18:48:44.000000000 +0100
++++ openssh-4.3p2/sshd.c 2010-12-09 18:48:45.000000000 +0100
+@@ -224,6 +224,8 @@ void demote_sensitive_data(void);
+ static void do_ssh1_kex(void);
+ static void do_ssh2_kex(void);
+
++extern void linux_audit_kex(int, char *, char *, char *);
++
+ /*
+ * Close all listening sockets
+ */
+@@ -1945,6 +1947,10 @@ do_ssh1_kex(void)
+ if (cookie[i] != packet_get_char())
+ packet_disconnect("IP Spoofing check bytes do not match.");
+
++#ifdef HAVE_LINUX_AUDIT
++ linux_audit_kex(2, cipher_name(cipher_type), "crc", "none");
++#endif
++
+ debug("Encryption type: %.200s", cipher_name(cipher_type));
+
+ /* Get the encrypted integer. */
diff --git a/openssh-4.3p2-cve-2006-4924.patch b/openssh-4.3p2-cve-2006-4924.patch
new file mode 100644
index 0000000..4bc9e8b
--- /dev/null
+++ b/openssh-4.3p2-cve-2006-4924.patch
@@ -0,0 +1,96 @@
+--- openssh-4.3p2/deattack.c.deattack-dos 2003-09-22 13:04:23.000000000 +0200
++++ openssh-4.3p2/deattack.c 2006-09-27 13:31:08.000000000 +0200
+@@ -27,6 +27,24 @@
+ #include "xmalloc.h"
+ #include "deattack.h"
+
++/*
++ * CRC attack detection has a worst-case behaviour that is O(N^3) over
++ * the number of identical blocks in a packet. This behaviour can be
++ * exploited to create a limited denial of service attack.
++ *
++ * However, because we are dealing with encrypted data, identical
++ * blocks should only occur every 2^35 maximally-sized packets or so.
++ * Consequently, we can detect this DoS by looking for identical blocks
++ * in a packet.
++ *
++ * The parameter below determines how many identical blocks we will
++ * accept in a single packet, trading off between attack detection and
++ * likelihood of terminating a legitimate connection. A value of 32
++ * corresponds to an average of 2^40 messages before an attack is
++ * misdetected
++ */
++#define MAX_IDENTICAL 32
++
+ /* SSH Constants */
+ #define SSH_MAXBLOCKS (32 * 1024)
+ #define SSH_BLOCKSIZE (8)
+@@ -87,7 +105,7 @@
+ static u_int16_t *h = (u_int16_t *) NULL;
+ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ u_int32_t i, j;
+- u_int32_t l;
++ u_int32_t l, same;
+ u_char *c;
+ u_char *d;
+
+@@ -133,7 +151,7 @@
+ if (IV)
+ h[HASH(IV) & (n - 1)] = HASH_IV;
+
+- for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
++ for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
+ for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
+ i = (i + 1) & (n - 1)) {
+ if (h[i] == HASH_IV) {
+@@ -144,6 +162,8 @@
+ break;
+ }
+ } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
++ if (++same > MAX_IDENTICAL)
++ return (DEATTACK_DOS_DETECTED);
+ if (check_crc(c, buf, len, IV))
+ return (DEATTACK_DETECTED);
+ else
+--- openssh-4.3p2/deattack.h.deattack-dos 2001-07-04 06:46:57.000000000 +0200
++++ openssh-4.3p2/deattack.h 2006-09-27 13:31:08.000000000 +0200
+@@ -25,6 +25,7 @@
+ /* Return codes */
+ #define DEATTACK_OK 0
+ #define DEATTACK_DETECTED 1
++#define DEATTACK_DOS_DETECTED 2
+
+ int detect_attack(u_char *, u_int32_t, u_char[8]);
+ #endif
+--- openssh-4.3p2/packet.c.deattack-dos 2005-11-05 05:15:00.000000000 +0100
++++ openssh-4.3p2/packet.c 2006-09-27 13:32:48.000000000 +0200
+@@ -669,6 +669,9 @@
+ */
+ after_authentication = 1;
+ for (mode = 0; mode < MODE_MAX; mode++) {
++ /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
++ if (newkeys[mode] == NULL)
++ continue;
+ comp = &newkeys[mode]->comp;
+ if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
+ packet_init_compression();
+@@ -978,9 +981,16 @@
+ * (C)1998 CORE-SDI, Buenos Aires Argentina
+ * Ariel Futoransky(futo at core-sdi.com)
+ */
+- if (!receive_context.plaintext &&
+- detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
+- packet_disconnect("crc32 compensation attack: network attack detected");
++ if (!receive_context.plaintext) {
++ switch (detect_attack(buffer_ptr(&input), padded_len, NULL)) {
++ case DEATTACK_DETECTED:
++ packet_disconnect("crc32 compensation attack: "
++ "network attack detected");
++ case DEATTACK_DOS_DETECTED:
++ packet_disconnect("deattack denial of "
++ "service detected");
++ }
++ }
+
+ /* Decrypt data to incoming_packet. */
+ buffer_clear(&incoming_packet);
diff --git a/openssh-4.3p2-cve-2006-5052.patch b/openssh-4.3p2-cve-2006-5052.patch
new file mode 100644
index 0000000..ad2402c
--- /dev/null
+++ b/openssh-4.3p2-cve-2006-5052.patch
@@ -0,0 +1,102 @@
+diff -ur openssh/auth.c openssh-4.3p2/auth.c
+--- openssh/auth.c 2007-03-29 12:37:41.000000000 +0200
++++ openssh-4.3p2/auth.c 2007-03-29 19:26:10.000000000 +0200
+@@ -57,6 +57,7 @@
+ extern ServerOptions options;
+ extern int use_privsep;
+ extern Buffer loginmsg;
++extern struct passwd *privsep_pw;
+
+ /* Debugging messages */
+ Buffer auth_debug;
+@@ -559,6 +560,8 @@
+ fake.pw_gecos = "NOUSER";
+ fake.pw_uid = (uid_t)-1;
+ fake.pw_gid = (gid_t)-1;
++ fake.pw_uid = privsep_pw->pw_uid;
++ fake.pw_gid = privsep_pw->pw_gid;
+ #ifdef HAVE_PW_CLASS_IN_PASSWD
+ fake.pw_class = "";
+ #endif
+diff -ur openssh/sshd.c openssh-4.3p2/sshd.c
+--- openssh/sshd.c 2007-03-29 12:37:41.000000000 +0200
++++ openssh-4.3p2/sshd.c 2007-03-29 19:31:45.000000000 +0200
+@@ -211,6 +211,9 @@
+ /* message to be displayed after login */
+ Buffer loginmsg;
+
++/* Unprivileged user */
++struct passwd *privsep_pw = NULL;
++
+ /* Prototypes for various functions defined later in this file. */
+ void destroy_sensitive_data(void);
+ void demote_sensitive_data(void);
+@@ -542,7 +545,6 @@
+ {
+ u_int32_t rnd[256];
+ gid_t gidset[1];
+- struct passwd *pw;
+ int i;
+
+ /* Enable challenge-response authentication for privilege separation */
+@@ -555,12 +557,6 @@
+ /* Demote the private keys to public keys. */
+ demote_sensitive_data();
+
+- if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+- fatal("Privilege separation user %s does not exist",
+- SSH_PRIVSEP_USER);
+- memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+- endpwent();
+-
+ /* Open the syslog permanently so the chrooted process still
+ can write to syslog. */
+ open_log();
+@@ -573,16 +569,16 @@
+ fatal("chdir(\"/\"): %s", strerror(errno));
+
+ /* Drop our privileges */
+- debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
+- (u_int)pw->pw_gid);
++ debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
++ (u_int)privsep_pw->pw_gid);
+ #if 0
+ /* XXX not ready, too heavy after chroot */
+- do_setusercontext(pw);
++ do_setusercontext(privsep_pw);
+ #else
+- gidset[0] = pw->pw_gid;
++ gidset[0] = privsep_pw->pw_gid;
+ if (setgroups(1, gidset) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
+- permanently_set_uid(pw);
++ permanently_set_uid(privsep_pw);
+ #endif
+ }
+
+@@ -1097,6 +1093,15 @@
+ debug("sshd version %.100s",
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
+
++ /* Store privilege separation user for later use */
++ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
++ fatal("Privilege separation user %s does not exist",
++ SSH_PRIVSEP_USER);
++ memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
++ strlcpy(privsep_pw->pw_passwd, "*", sizeof(privsep_pw->pw_passwd));
++ privsep_pw = pwcopy(privsep_pw);
++ endpwent();
++
+ /* load private host keys */
+ sensitive_data.host_keys = xmalloc(options.num_host_key_files *
+ sizeof(Key *));
+@@ -1167,9 +1172,6 @@
+ struct passwd *pw;
+ struct stat st;
+
+- if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+- fatal("Privilege separation user %s does not exist",
+- SSH_PRIVSEP_USER);
+ if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+ (S_ISDIR(st.st_mode) == 0))
+ fatal("Missing privilege separation directory: %s",
diff --git a/openssh-4.3p2-cve-2006-5794.patch b/openssh-4.3p2-cve-2006-5794.patch
new file mode 100644
index 0000000..6013859
--- /dev/null
+++ b/openssh-4.3p2-cve-2006-5794.patch
@@ -0,0 +1,33 @@
+Fix a bug in the sshd privilege separation monitor that weakened its
+verification of successful authenication. This bug is not known to be
+exploitable in the absence of additional vulnerabilities.
+
+--- openssh-4.3p2/monitor.c.verify 2006-11-10 10:40:37.000000000 +0100
++++ openssh-4.3p2/monitor.c 2006-11-10 10:42:32.000000000 +0100
+@@ -330,7 +330,7 @@
+ /* The first few requests do not require asynchronous access */
+ while (!authenticated) {
+ auth_method = "unknown";
+- authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
++ authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
+ if (authenticated) {
+ if (!(ent->flags & MON_AUTHDECIDE))
+ fatal("%s: unexpected authentication from %d",
+@@ -1214,7 +1214,7 @@
+
+ verified = key_verify(key, signature, signaturelen, data, datalen);
+ debug3("%s: key %p signature %s",
+- __func__, key, verified ? "verified" : "unverified");
++ __func__, key, (verified == 1) ? "verified" : "unverified");
+
+ key_free(key);
+ xfree(blob);
+@@ -1229,7 +1229,7 @@
+ buffer_put_int(m, verified);
+ mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
+
+- return (verified);
++ return (verified == 1);
+ }
+
+ static void
diff --git a/openssh-4.3p2-cve-2007-3102.patch b/openssh-4.3p2-cve-2007-3102.patch
new file mode 100644
index 0000000..9237b62
--- /dev/null
+++ b/openssh-4.3p2-cve-2007-3102.patch
@@ -0,0 +1,62 @@
+--- openssh-4.3p2/loginrec.c.inject-fix 2007-06-20 21:18:00.000000000 +0200
++++ openssh-4.3p2/loginrec.c 2007-07-13 15:25:35.000000000 +0200
+@@ -1389,11 +1389,44 @@
+ #endif /* USE_WTMPX */
+
+ #ifdef HAVE_LINUX_AUDIT
++static void
++_audit_hexscape(const char *what, char *where, unsigned int size)
++{
++ const char *ptr = what;
++ const char *hex = "0123456789ABCDEF";
++
++ while (*ptr) {
++ if (*ptr == '"' || *ptr < 0x21 || *ptr > 0x7E) {
++ unsigned int i;
++ ptr = what;
++ for (i = 0; *ptr && i+2 < size; i += 2) {
++ where[i] = hex[((unsigned)*ptr & 0xF0)>>4]; /* Upper nibble */
++ where[i+1] = hex[(unsigned)*ptr & 0x0F]; /* Lower nibble */
++ ptr++;
++ }
++ where[i] = '\0';
++ return;
++ }
++ ptr++;
++ }
++ where[0] = '"';
++ if ((unsigned)(ptr - what) < size - 3)
++ {
++ size = ptr - what + 3;
++ }
++ strncpy(where + 1, what, size - 3);
++ where[size-2] = '"';
++ where[size-1] = '\0';
++}
++
++#define AUDIT_LOG_SIZE 128
++#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8)
++
+ int
+ linux_audit_record_event(int uid, const char *username,
+ const char *hostname, const char *ip, const char *ttyn, int success)
+ {
+- char buf[64];
++ char buf[AUDIT_LOG_SIZE];
+ int audit_fd, rc;
+
+ audit_fd = audit_open();
+@@ -1406,8 +1439,11 @@
+ }
+ if (username == NULL)
+ snprintf(buf, sizeof(buf), "uid=%d", uid);
+- else
+- snprintf(buf, sizeof(buf), "acct=%s", username);
++ else {
++ char encoded[AUDIT_ACCT_SIZE];
++ _audit_hexscape(username, encoded, sizeof(encoded));
++ snprintf(buf, sizeof(buf), "acct=%s", encoded);
++ }
+ rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
+ buf, hostname, ip, ttyn, success);
+ close(audit_fd);
diff --git a/openssh-4.3p2-cve-2007-4752.patch b/openssh-4.3p2-cve-2007-4752.patch
new file mode 100644
index 0000000..cb81c2b
--- /dev/null
+++ b/openssh-4.3p2-cve-2007-4752.patch
@@ -0,0 +1,50 @@
+===================================================================
+RCS file: /usr/OpenBSD/cvs/src/usr.bin/ssh/clientloop.c,v
+retrieving revision 1.180
+retrieving revision 1.181
+diff -u -r1.180 -r1.181
+--- openssh-4.3p2/clientloop.c 2007/08/07 07:32:53 1.180
++++ openssh-4.3p2/clientloop.c 2007/08/15 08:14:46 1.181
+@@ -282,19 +282,29 @@
+ generated = 1;
+ }
+ }
+- snprintf(cmd, sizeof(cmd),
+- "%s %s%s list %s 2>" _PATH_DEVNULL,
+- xauth_path,
+- generated ? "-f " : "" ,
+- generated ? xauthfile : "",
+- display);
+- debug2("x11_get_proto: %s", cmd);
+- f = popen(cmd, "r");
+- if (f && fgets(line, sizeof(line), f) &&
+- sscanf(line, "%*s %511s %511s", proto, data) == 2)
+- got_data = 1;
+- if (f)
+- pclose(f);
++
++ /*
++ * When in untrusted mode, we read the cookie only if it was
++ * successfully generated as an untrusted one in the step
++ * above.
++ */
++ if (trusted || generated) {
++ snprintf(cmd, sizeof(cmd),
++ "%s %s%s list %s 2>" _PATH_DEVNULL,
++ xauth_path,
++ generated ? "-f " : "" ,
++ generated ? xauthfile : "",
++ display);
++ debug2("x11_get_proto: %s", cmd);
++ f = popen(cmd, "r");
++ if (f && fgets(line, sizeof(line), f) &&
++ sscanf(line, "%*s %511s %511s", proto, data) == 2)
++ got_data = 1;
++ if (f)
++ pclose(f);
++ } else
++ error("Warning: untrusted X11 forwarding setup failed: "
++ "xauth key data not generated");
+ }
+
+ if (do_unlink) {
diff --git a/openssh-4.3p2-engine.patch b/openssh-4.3p2-engine.patch
new file mode 100644
index 0000000..2220234
--- /dev/null
+++ b/openssh-4.3p2-engine.patch
@@ -0,0 +1,147 @@
+diff -up openssh-4.3p2/configure.ac.engine openssh-4.3p2/configure.ac
+--- openssh-4.3p2/configure.ac.engine 2010-06-01 13:57:07.000000000 +0200
++++ openssh-4.3p2/configure.ac 2010-06-01 13:57:08.000000000 +0200
+@@ -1834,6 +1834,24 @@ Also see contrib/findssl.sh for help ide
+ ]
+ )
+
++AC_ARG_WITH(ssl-engine,
++ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
++ [ if test "x$withval" != "xno" ; then
++ AC_MSG_CHECKING(for OpenSSL ENGINE support)
++ AC_TRY_COMPILE(
++ [ #include <openssl/engine.h>],
++ [
++int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
++ ],
++ [ AC_MSG_RESULT(yes)
++ AC_DEFINE(USE_OPENSSL_ENGINE, 1,
++ [Enable OpenSSL engine support])
++ ],
++ [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
++ )
++ fi ]
++)
++
+ # Check for OpenSSL without EVP_aes_{192,256}_cbc
+ AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
+ AC_COMPILE_IFELSE(
+diff -up openssh-4.3p2/openbsd-compat/openssl-compat.c.engine openssh-4.3p2/openbsd-compat/openssl-compat.c
+--- openssh-4.3p2/openbsd-compat/openssl-compat.c.engine 2005-06-17 13:15:21.000000000 +0200
++++ openssh-4.3p2/openbsd-compat/openssl-compat.c 2010-06-01 13:57:08.000000000 +0200
+@@ -21,6 +21,10 @@
+ #define SSH_DONT_REDEF_EVP
+ #include "openssl-compat.h"
+
++#ifdef USE_OPENSSL_ENGINE
++# include <openssl/engine.h>
++#endif
++
+ #ifdef SSH_OLD_EVP
+ int
+ ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
+@@ -44,3 +48,16 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
+ return 1;
+ }
+ #endif
++
++#ifdef USE_OPENSSL_ENGINE
++void
++ssh_SSLeay_add_all_algorithms(void)
++{
++ SSLeay_add_all_algorithms();
++
++ /* Enable use of crypto hardware */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ OPENSSL_config(NULL);
++}
++#endif
+diff -up openssh-4.3p2/openbsd-compat/openssl-compat.h.engine openssh-4.3p2/openbsd-compat/openssl-compat.h
+--- openssh-4.3p2/openbsd-compat/openssl-compat.h.engine 2005-12-19 07:40:40.000000000 +0100
++++ openssh-4.3p2/openbsd-compat/openssl-compat.h 2010-06-01 13:57:08.000000000 +0200
+@@ -54,10 +54,9 @@ extern const EVP_CIPHER *evp_acss(void);
+ * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
+ * implement the ssh_* equivalents.
+ */
+-#ifdef SSH_OLD_EVP
+-
+-# ifndef SSH_DONT_REDEF_EVP
++#ifndef SSH_DONT_REDEF_EVP
+
++# ifdef SSH_OLD_EVP
+ # ifdef EVP_Cipher
+ # undef EVP_Cipher
+ # endif
+@@ -67,8 +66,16 @@ extern const EVP_CIPHER *evp_acss(void);
+ # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
+ # endif
+
++# ifdef USE_OPENSSL_ENGINE
++# ifdef SSLeay_add_all_algorithms
++# undef SSLeay_add_all_algorithms
++# endif
++# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
++#endif
++
+ int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
+ unsigned char *, int);
+ int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
+ int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
++void ssh_SSLeay_add_all_algorithms(void);
+ #endif
+diff -up openssh-4.3p2/ssh-add.c.engine openssh-4.3p2/ssh-add.c
+--- openssh-4.3p2/ssh-add.c.engine 2010-06-01 13:57:08.000000000 +0200
++++ openssh-4.3p2/ssh-add.c 2010-06-01 13:57:08.000000000 +0200
+@@ -35,6 +35,7 @@
+ */
+
+ #include "includes.h"
++#include "openbsd-compat/openssl-compat.h"
+ RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $");
+
+ #include <openssl/evp.h>
+diff -up openssh-4.3p2/ssh-agent.c.engine openssh-4.3p2/ssh-agent.c
+--- openssh-4.3p2/ssh-agent.c.engine 2010-06-01 13:57:08.000000000 +0200
++++ openssh-4.3p2/ssh-agent.c 2010-06-01 13:57:08.000000000 +0200
+@@ -34,6 +34,7 @@
+ */
+
+ #include "includes.h"
++#include "openbsd-compat/openssl-compat.h"
+ #include "openbsd-compat/sys-queue.h"
+ RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $");
+
+diff -up openssh-4.3p2/ssh.c.engine openssh-4.3p2/ssh.c
+--- openssh-4.3p2/ssh.c.engine 2010-06-01 13:57:08.000000000 +0200
++++ openssh-4.3p2/ssh.c 2010-06-01 13:57:08.000000000 +0200
+@@ -40,6 +40,7 @@
+ */
+
+ #include "includes.h"
++#include "openbsd-compat/openssl-compat.h"
+ RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");
+
+ #include <openssl/evp.h>
+diff -up openssh-4.3p2/sshd.c.engine openssh-4.3p2/sshd.c
+--- openssh-4.3p2/sshd.c.engine 2010-06-01 13:57:08.000000000 +0200
++++ openssh-4.3p2/sshd.c 2010-06-01 13:57:08.000000000 +0200
+@@ -42,6 +42,7 @@
+ */
+
+ #include "includes.h"
++#include "openbsd-compat/openssl-compat.h"
+ RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
+
+ #include <openssl/dh.h>
+diff -up openssh-4.3p2/ssh-keygen.c.engine openssh-4.3p2/ssh-keygen.c
+--- openssh-4.3p2/ssh-keygen.c.engine 2010-06-01 13:57:08.000000000 +0200
++++ openssh-4.3p2/ssh-keygen.c 2010-06-01 13:57:15.000000000 +0200
+@@ -12,6 +12,7 @@
+ */
+
+ #include "includes.h"
++#include "openbsd-compat/openssl-compat.h"
+ RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $");
+
+ #include <openssl/evp.h>
diff --git a/openssh-4.3p2-entropy.patch b/openssh-4.3p2-entropy.patch
new file mode 100644
index 0000000..6859c9c
--- /dev/null
+++ b/openssh-4.3p2-entropy.patch
@@ -0,0 +1,211 @@
+diff -up openssh-4.3p2/entropy.c.entropy openssh-4.3p2/entropy.c
+--- openssh-4.3p2/entropy.c.entropy 2011-03-28 14:40:27.246649053 +0200
++++ openssh-4.3p2/entropy.c 2011-03-28 14:40:28.433649147 +0200
+@@ -132,6 +132,9 @@ seed_rng(void)
+ memset(buf, '\0', sizeof(buf));
+
+ #endif /* OPENSSL_PRNG_ONLY */
++#ifdef __linux__
++ linux_seed();
++#endif /* __linux__ */
+ if (RAND_status() != 1)
+ fatal("PRNG is not seeded");
+ }
+diff -up openssh-4.3p2/openbsd-compat/Makefile.in.entropy openssh-4.3p2/openbsd-compat/Makefile.in
+--- openssh-4.3p2/openbsd-compat/Makefile.in.entropy 2005-12-31 06:33:37.000000000 +0100
++++ openssh-4.3p2/openbsd-compat/Makefile.in 2011-03-28 14:40:28.461648952 +0200
+@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
+
+ COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+
+-PORTS=port-irix.o port-aix.o port-uw.o port-tun.o
++PORTS=port-aix.o port-irix.o port-linux-prng.o port-tun.o
+
+ .c.o:
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+diff -up /dev/null openssh-4.3p2/openbsd-compat/port-linux-prng.c
+--- /dev/null 2011-03-23 10:18:59.458402673 +0100
++++ openssh-4.3p2/openbsd-compat/port-linux-prng.c 2011-03-28 14:40:28.495648553 +0200
+@@ -0,0 +1,56 @@
++/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
++
++/*
++ * Copyright (c) 2005 Daniel Walsh <dwalsh at redhat.com>
++ * Copyright (c) 2006 Damien Miller <djm at openbsd.org>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++/*
++ * Linux-specific portability code - prng support
++ */
++
++#include "includes.h"
++
++#include <errno.h>
++#include <stdarg.h>
++#include <string.h>
++#include <stdio.h>
++#include <openssl/rand.h>
++
++#include "log.h"
++#include "xmalloc.h"
++#include "servconf.h"
++#include "key.h"
++#include "hostfile.h"
++#include "auth.h"
++
++void
++linux_seed(void)
++{
++ int len;
++ char *env = getenv("SSH_USE_STRONG_RNG");
++ char *random = "/dev/urandom";
++
++ if (env && !strcmp(env, "1"))
++ random = "/dev/random";
++
++ errno = 0;
++ if ((len = RAND_load_file(random, 48)) != 48) {
++ if (errno)
++ fatal ("cannot read from %s, %s", random, strerror(errno));
++ else
++ fatal ("EOF reading %s", random);
++ }
++}
+diff -up openssh-4.3p2/ssh.1.entropy openssh-4.3p2/ssh.1
+--- openssh-4.3p2/ssh.1.entropy 2006-01-31 11:47:59.000000000 +0100
++++ openssh-4.3p2/ssh.1 2011-03-28 14:40:28.521649077 +0200
+@@ -1196,6 +1196,15 @@ For more information, see the
+ .Cm PermitUserEnvironment
+ option in
+ .Xr sshd_config 5 .
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm /dev/urandom .
++If the
++.Cm SSH_USE_STRONG_RNG
++is set to
++.Cm 1 ,
++the OpenSSL random generator is reseeded from
++.Cm /dev/random .
+ .Sh FILES
+ .Bl -tag -width Ds -compact
+ .It ~/.rhosts
+diff -up openssh-4.3p2/ssh-add.1.entropy openssh-4.3p2/ssh-add.1
+--- openssh-4.3p2/ssh-add.1.entropy 2005-05-26 04:04:02.000000000 +0200
++++ openssh-4.3p2/ssh-add.1 2011-03-28 14:40:28.554648982 +0200
+@@ -139,6 +139,15 @@ to make this work.)
+ .It Ev SSH_AUTH_SOCK
+ Identifies the path of a unix-domain socket used to communicate with the
+ agent.
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm /dev/urandom .
++If the
++.Cm SSH_USE_STRONG_RNG
++is set to
++.Cm 1 ,
++the OpenSSL random generator is reseeded from
++.Cm /dev/random .
+ .El
+ .Sh FILES
+ .Bl -tag -width Ds
+diff -up openssh-4.3p2/ssh-agent.1.entropy openssh-4.3p2/ssh-agent.1
+--- openssh-4.3p2/ssh-agent.1.entropy 2005-11-28 07:05:40.000000000 +0100
++++ openssh-4.3p2/ssh-agent.1 2011-03-28 14:40:28.591648831 +0200
+@@ -191,6 +191,18 @@ authentication agent.
+ These sockets should only be readable by the owner.
+ The sockets should get automatically removed when the agent exits.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm /dev/urandom .
++If the
++.Cm SSH_USE_STRONG_RNG
++is set to
++.Cm 1 ,
++the OpenSSL random generator is reseeded from
++.Cm /dev/random .
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff -up openssh-4.3p2/sshd.8.entropy openssh-4.3p2/sshd.8
+--- openssh-4.3p2/sshd.8.entropy 2011-03-28 14:40:27.495648499 +0200
++++ openssh-4.3p2/sshd.8 2011-03-28 14:40:28.628648985 +0200
+@@ -830,6 +830,18 @@ This can be used to specify
+ machine-specific login-time initializations globally.
+ This file should be writable only by root, and should be world-readable.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm /dev/urandom .
++If the
++.Cm SSH_USE_STRONG_RNG
++is set to
++.Cm 1 ,
++the OpenSSL random generator is reseeded from
++.Cm /dev/random .
+ .Sh SEE ALSO
+ .Xr scp 1 ,
+ .Xr sftp 1 ,
+diff -up openssh-4.3p2/ssh-keygen.1.entropy openssh-4.3p2/ssh-keygen.1
+--- openssh-4.3p2/ssh-keygen.1.entropy 2005-11-28 06:41:47.000000000 +0100
++++ openssh-4.3p2/ssh-keygen.1 2011-03-28 14:40:28.660649024 +0200
+@@ -443,6 +443,18 @@ Contains Diffie-Hellman groups used for
+ The file format is described in
+ .Xr moduli 5 .
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm /dev/urandom .
++If the
++.Cm SSH_USE_STRONG_RNG
++is set to
++.Cm 1 ,
++the OpenSSL random generator is reseeded from
++.Cm /dev/random .
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff -up openssh-4.3p2/ssh-keysign.8.entropy openssh-4.3p2/ssh-keysign.8
+--- openssh-4.3p2/ssh-keysign.8.entropy 2003-06-11 14:04:39.000000000 +0200
++++ openssh-4.3p2/ssh-keysign.8 2011-03-28 14:40:28.692649083 +0200
+@@ -69,6 +69,18 @@ Since they are readable only by root,
+ .Nm
+ must be set-uid root if hostbased authentication is used.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm /dev/urandom .
++If the
++.Cm SSH_USE_STRONG_RNG
++is set to
++.Cm 1 ,
++the OpenSSL random generator is reseeded from
++.Cm /dev/random .
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-keygen 1 ,
diff --git a/openssh-4.3p2-fips.patch b/openssh-4.3p2-fips.patch
new file mode 100644
index 0000000..c7b1bdc
--- /dev/null
+++ b/openssh-4.3p2-fips.patch
@@ -0,0 +1,656 @@
+diff -up openssh-4.3p2/auth2-pubkey.c.fips openssh-4.3p2/auth2-pubkey.c
+--- openssh-4.3p2/auth2-pubkey.c.fips 2004-12-11 03:39:50.000000000 +0100
++++ openssh-4.3p2/auth2-pubkey.c 2009-05-15 18:26:05.000000000 +0200
+@@ -25,6 +25,8 @@
+ #include "includes.h"
+ RCSID("$OpenBSD: auth2-pubkey.c,v 1.9 2004/12/11 01:48:56 dtucker Exp $");
+
++#include <openssl/fips.h>
++
+ #include "ssh.h"
+ #include "ssh2.h"
+ #include "xmalloc.h"
+@@ -240,7 +242,7 @@ user_key_allowed2(struct passwd *pw, Key
+ found_key = 1;
+ debug("matching key found: file %s, line %lu",
+ file, linenum);
+- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
++ fp = key_fingerprint(found, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Found matching %s key: %s",
+ key_type(found), fp);
+ xfree(fp);
+diff -up openssh-4.3p2/authfile.c.fips openssh-4.3p2/authfile.c
+--- openssh-4.3p2/authfile.c.fips 2005-06-17 04:59:35.000000000 +0200
++++ openssh-4.3p2/authfile.c 2009-05-15 19:36:29.000000000 +0200
+@@ -131,8 +131,14 @@ key_save_private_rsa1(Key *key, const ch
+ /* Allocate space for the private part of the key in the buffer. */
+ cp = buffer_append_space(&encrypted, buffer_len(&buffer));
+
+- cipher_set_key_string(&ciphercontext, cipher, passphrase,
+- CIPHER_ENCRYPT);
++ if (cipher_set_key_string(&ciphercontext, cipher, passphrase,
++ CIPHER_ENCRYPT) < 0) {
++ error("cipher_set_key_string failed.");
++ buffer_free(&encrypted);
++ buffer_free(&buffer);
++ return 0;
++ }
++
+ cipher_crypt(&ciphercontext, cp,
+ buffer_ptr(&buffer), buffer_len(&buffer));
+ cipher_cleanup(&ciphercontext);
+@@ -404,8 +410,14 @@ key_load_private_rsa1(int fd, const char
+ cp = buffer_append_space(&decrypted, buffer_len(&buffer));
+
+ /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
+- cipher_set_key_string(&ciphercontext, cipher, passphrase,
+- CIPHER_DECRYPT);
++ if (cipher_set_key_string(&ciphercontext, cipher, passphrase,
++ CIPHER_DECRYPT) < 0) {
++ error("cipher_set_key_string failed.");
++ buffer_free(&decrypted);
++ buffer_free(&buffer);
++ goto fail;
++ }
++
+ cipher_crypt(&ciphercontext, cp,
+ buffer_ptr(&buffer), buffer_len(&buffer));
+ cipher_cleanup(&ciphercontext);
+diff -up openssh-4.3p2/cipher.c.fips openssh-4.3p2/cipher.c
+--- openssh-4.3p2/cipher.c.fips 2006-02-13 15:05:18.000000000 +0100
++++ openssh-4.3p2/cipher.c 2009-05-15 19:37:32.000000000 +0200
+@@ -42,6 +42,7 @@ RCSID("$OpenBSD: cipher.c,v 1.77 2005/07
+ #include "cipher.h"
+
+ #include <openssl/md5.h>
++#include <openssl/fips.h>
+
+ /* compatibility with old or broken OpenSSL versions */
+ #include "openbsd-compat/openssl-compat.h"
+@@ -87,6 +88,22 @@ struct Cipher {
+ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
+ };
+
++struct Cipher fips_ciphers[] = {
++ { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
++ { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
++
++ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
++ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
++ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
++ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
++ { "rijndael-cbc at lysator.liu.se",
++ SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
++ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
++ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
++ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
++ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
++};
++
+ /*--*/
+
+ u_int
+@@ -123,7 +140,7 @@ Cipher *
+ cipher_by_name(const char *name)
+ {
+ Cipher *c;
+- for (c = ciphers; c->name != NULL; c++)
++ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++)
+ if (strcmp(c->name, name) == 0)
+ return c;
+ return NULL;
+@@ -133,7 +150,7 @@ Cipher *
+ cipher_by_number(int id)
+ {
+ Cipher *c;
+- for (c = ciphers; c->name != NULL; c++)
++ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++)
+ if (c->number == id)
+ return c;
+ return NULL;
+@@ -177,7 +194,7 @@ cipher_number(const char *name)
+ Cipher *c;
+ if (name == NULL)
+ return -1;
+- for (c = ciphers; c->name != NULL; c++)
++ for (c = FIPS_mode() ? fips_ciphers : ciphers; c->name != NULL; c++)
+ if (strcasecmp(c->name, name) == 0)
+ return c->number;
+ return -1;
+@@ -284,14 +301,15 @@ cipher_cleanup(CipherContext *cc)
+ * passphrase and using the resulting 16 bytes as the key.
+ */
+
+-void
++int
+ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
+ const char *passphrase, int do_encrypt)
+ {
+ MD5_CTX md;
+ u_char digest[16];
+
+- MD5_Init(&md);
++ if (MD5_Init(&md) <= 0)
++ return -1;
+ MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
+ MD5_Final(digest, &md);
+
+@@ -299,6 +317,7 @@ cipher_set_key_string(CipherContext *cc,
+
+ memset(digest, 0, sizeof(digest));
+ memset(&md, 0, sizeof(md));
++ return 0;
+ }
+
+ /*
+diff -up openssh-4.3p2/cipher-ctr.c.fips openssh-4.3p2/cipher-ctr.c
+--- openssh-4.3p2/cipher-ctr.c.fips 2005-12-19 07:40:40.000000000 +0100
++++ openssh-4.3p2/cipher-ctr.c 2009-05-15 18:26:05.000000000 +0200
+@@ -141,7 +141,8 @@ evp_aes_128_ctr(void)
+ aes_ctr.do_cipher = ssh_aes_ctr;
+ #ifndef SSH_OLD_EVP
+ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
++ EVP_CIPH_FLAG_FIPS;
+ #endif
+ return (&aes_ctr);
+ }
+diff -up openssh-4.3p2/cipher.h.fips openssh-4.3p2/cipher.h
+--- openssh-4.3p2/cipher.h.fips 2004-08-12 14:40:25.000000000 +0200
++++ openssh-4.3p2/cipher.h 2009-05-15 19:37:53.000000000 +0200
+@@ -78,7 +78,7 @@ void cipher_init(CipherContext *, Ciphe
+ const u_char *, u_int, int);
+ void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
+ void cipher_cleanup(CipherContext *);
+-void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
++int cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
+ u_int cipher_blocksize(const Cipher *);
+ u_int cipher_keylen(const Cipher *);
+
+diff -up openssh-4.3p2/mac.c.fips openssh-4.3p2/mac.c
+--- openssh-4.3p2/mac.c.fips 2005-06-17 04:59:35.000000000 +0200
++++ openssh-4.3p2/mac.c 2009-05-15 18:26:05.000000000 +0200
+@@ -26,6 +26,7 @@
+ RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
+
+ #include <openssl/hmac.h>
++#include <openssl/fips.h>
+
+ #include "xmalloc.h"
+ #include "getput.h"
+@@ -34,11 +35,11 @@ RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17
+ #include "kex.h"
+ #include "mac.h"
+
+-struct {
++struct Macs {
+ char *name;
+ const EVP_MD * (*mdfunc)(void);
+ int truncatebits; /* truncate digest if != 0 */
+-} macs[] = {
++} all_macs[] = {
+ { "hmac-sha1", EVP_sha1, 0, },
+ { "hmac-sha1-96", EVP_sha1, 96 },
+ { "hmac-md5", EVP_md5, 0 },
+@@ -48,10 +49,16 @@ struct {
+ { NULL, NULL, 0 }
+ };
+
++struct Macs fips_macs[] = {
++ { "hmac-sha1", EVP_sha1, 0 },
++ { NULL, NULL, 0 }
++};
++
+ int
+ mac_init(Mac *mac, char *name)
+ {
+ int i, evp_len;
++ struct Macs *macs = FIPS_mode() ? fips_macs : all_macs;
+
+ for (i = 0; macs[i].name; i++) {
+ if (strcmp(name, macs[i].name) == 0) {
+diff -up openssh-4.3p2/Makefile.in.fips openssh-4.3p2/Makefile.in
+--- openssh-4.3p2/Makefile.in.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/Makefile.in 2009-05-15 18:26:05.000000000 +0200
+@@ -135,28 +135,28 @@ libssh.a: $(LIBSSH_OBJS)
+ $(RANLIB) $@
+
+ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBS)
++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) -lfipscheck $(LIBS)
+
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
+- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o
+- $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
+- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o
+- $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
++ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+
+ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
+ $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+diff -up openssh-4.3p2/myproposal.h.fips openssh-4.3p2/myproposal.h
+--- openssh-4.3p2/myproposal.h.fips 2005-07-26 13:54:56.000000000 +0200
++++ openssh-4.3p2/myproposal.h 2009-05-15 18:26:05.000000000 +0200
+@@ -38,7 +38,12 @@
+ "hmac-sha1-96,hmac-md5-96"
+ #define KEX_DEFAULT_COMP "none,zlib at openssh.com,zlib"
+ #define KEX_DEFAULT_LANG ""
+-
++#define KEX_FIPS_ENCRYPT \
++ "aes128-ctr,aes192-ctr,aes256-ctr," \
++ "aes128-cbc,3des-cbc," \
++ "aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se"
++#define KEX_FIPS_MAC \
++ "hmac-sha1"
+
+ static char *myproposal[PROPOSAL_MAX] = {
+ KEX_DEFAULT_KEX,
+diff -up openssh-4.3p2/nsskeys.c.fips openssh-4.3p2/nsskeys.c
+--- openssh-4.3p2/nsskeys.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/nsskeys.c 2009-05-15 18:26:05.000000000 +0200
+@@ -183,8 +183,8 @@ nss_convert_pubkey(Key *k)
+ break;
+ }
+
+- p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
+- debug("fingerprint %u %s", key_size(k), p);
++ p = key_fingerprint(k, SSH_FP_SHA1, SSH_FP_HEX);
++ debug("SHA1 fingerprint %u %s", key_size(k), p);
+ xfree(p);
+
+ return 0;
+diff -up openssh-4.3p2/openbsd-compat/bsd-arc4random.c.fips openssh-4.3p2/openbsd-compat/bsd-arc4random.c
+--- openssh-4.3p2/openbsd-compat/bsd-arc4random.c.fips 2005-02-16 03:01:28.000000000 +0100
++++ openssh-4.3p2/openbsd-compat/bsd-arc4random.c 2009-05-15 18:26:05.000000000 +0200
+@@ -34,6 +34,7 @@ RCSID("$Id: bsd-arc4random.c,v 1.10 2005
+ static int rc4_ready = 0;
+ static RC4_KEY rc4;
+
++#if 0
+ unsigned int
+ arc4random(void)
+ {
+@@ -77,4 +78,30 @@ arc4random_stir(void)
+
+ rc4_ready = REKEY_BYTES;
+ }
++#else
++unsigned int
++arc4random(void)
++{
++ unsigned int r = 0;
++ void *rp = &r;
++
++ if (!rc4_ready) {
++ arc4random_stir();
++ }
++ RAND_bytes(rp, sizeof(r));
++
++ return(r);
++}
++
++void
++arc4random_stir(void)
++{
++ unsigned char rand_buf[SEED_SIZE];
++
++ if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
++ fatal("Couldn't obtain random bytes (error %ld)",
++ ERR_get_error());
++ rc4_ready = 1;
++}
++#endif
+ #endif /* !HAVE_ARC4RANDOM */
+diff -up openssh-4.3p2/ssh-add.c.fips openssh-4.3p2/ssh-add.c
+--- openssh-4.3p2/ssh-add.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/ssh-add.c 2009-05-15 18:26:05.000000000 +0200
+@@ -38,6 +38,7 @@
+ RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $");
+
+ #include <openssl/evp.h>
++#include <openssl/fips.h>
+
+ #ifdef HAVE_LIBNSS
+ #include <nss.h>
+@@ -230,7 +231,7 @@ list_identities(AuthenticationConnection
+ key = ssh_get_next_identity(ac, &comment, version)) {
+ had_identities = 1;
+ if (do_fp) {
+- fp = key_fingerprint(key, SSH_FP_MD5,
++ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
+ SSH_FP_HEX);
+ printf("%d %s %s (%s)\n",
+ key_size(key), fp, comment, key_type(key));
+diff -up openssh-4.3p2/ssh-agent.c.fips openssh-4.3p2/ssh-agent.c
+--- openssh-4.3p2/ssh-agent.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/ssh-agent.c 2009-05-15 18:26:05.000000000 +0200
+@@ -39,6 +39,7 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.124 200
+
+ #include <openssl/evp.h>
+ #include <openssl/md5.h>
++#include <openssl/fips.h>
+
+ #include "ssh.h"
+ #include "rsa.h"
+@@ -175,9 +176,9 @@ confirm_key(Identity *id)
+ char *p;
+ int ret = -1;
+
+- p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
+- id->comment, p))
++ p = key_fingerprint(id->key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
++ if (ask_permission("Allow use of key %s?\nKey %sfingerprint %s.",
++ id->comment, FIPS_mode() ? "SHA1 " : "", p))
+ ret = 0;
+ xfree(p);
+
+diff -up openssh-4.3p2/ssh.c.fips openssh-4.3p2/ssh.c
+--- openssh-4.3p2/ssh.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/ssh.c 2009-05-15 19:39:41.000000000 +0200
+@@ -44,6 +44,8 @@ RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/2
+
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
++#include <openssl/fips.h>
++#include <fipscheck.h>
+
+ #include "ssh.h"
+ #include "ssh1.h"
+@@ -195,6 +197,10 @@ main(int ac, char **av)
+ sanitise_stdfd();
+
+ __progname = ssh_get_progname(av[0]);
++ SSLeay_add_all_algorithms();
++ if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) {
++ fatal("FIPS integrity verification test failed.");
++ }
+ init_rng();
+
+ /*
+@@ -250,6 +256,9 @@ again:
+ "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
+ switch (opt) {
+ case '1':
++ if (FIPS_mode()) {
++ fatal("Protocol 1 not allowed in the FIPS mode.");
++ }
+ options.protocol = SSH_PROTO_1;
+ break;
+ case '2':
+@@ -528,7 +537,6 @@ again:
+ if (!host)
+ usage();
+
+- SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ /* Initialize the command to execute on remote host. */
+@@ -609,6 +617,10 @@ again:
+
+ seed_rng();
+
++ if (FIPS_mode()) {
++ logit("FIPS mode initialized");
++ }
++
+ if (options.user == NULL)
+ options.user = xstrdup(pw->pw_name);
+
+@@ -648,6 +660,12 @@ again:
+ if (options.control_path != NULL)
+ control_client(options.control_path);
+
++ if (FIPS_mode()) {
++ options.protocol &= SSH_PROTO_2;
++ if (options.protocol == 0)
++ fatal("Protocol 2 disabled by configuration but required in the FIPS mode.");
++ }
++
+ /* Open a connection to the remote host. */
+ if (ssh_connect(host, &hostaddr, options.port,
+ options.address_family, options.connection_attempts,
+diff -up openssh-4.3p2/sshconnect2.c.fips openssh-4.3p2/sshconnect2.c
+--- openssh-4.3p2/sshconnect2.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/sshconnect2.c 2009-05-15 18:26:05.000000000 +0200
+@@ -25,6 +25,8 @@
+ #include "includes.h"
+ RCSID("$OpenBSD: sshconnect2.c,v 1.143 2005/10/14 02:17:59 stevesk Exp $");
+
++#include <openssl/fips.h>
++
+ #include "openbsd-compat/sys-queue.h"
+
+ #include "ssh.h"
+@@ -94,6 +96,10 @@ ssh_kex2(char *host, struct sockaddr *ho
+ if (options.ciphers != NULL) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
++ } else if (FIPS_mode()) {
++ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
++ myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_FIPS_ENCRYPT;
++
+ }
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
+@@ -109,7 +115,11 @@ ssh_kex2(char *host, struct sockaddr *ho
+ if (options.macs != NULL) {
+ myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+ myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
++ } else if (FIPS_mode()) {
++ myproposal[PROPOSAL_MAC_ALGS_CTOS] =
++ myproposal[PROPOSAL_MAC_ALGS_STOC] = KEX_FIPS_MAC;
+ }
++
+ if (options.hostkeyalgorithms != NULL)
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ options.hostkeyalgorithms;
+@@ -450,8 +460,8 @@ input_userauth_pk_ok(int type, u_int32_t
+ key->type, pktype);
+ goto done;
+ }
+- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+- debug2("input_userauth_pk_ok: fp %s", fp);
++ fp = key_fingerprint(key, SSH_FP_SHA1, SSH_FP_HEX);
++ debug2("input_userauth_pk_ok: SHA1 fp %s", fp);
+ xfree(fp);
+
+ /*
+diff -up openssh-4.3p2/sshconnect.c.fips openssh-4.3p2/sshconnect.c
+--- openssh-4.3p2/sshconnect.c.fips 2005-12-13 09:29:03.000000000 +0100
++++ openssh-4.3p2/sshconnect.c 2009-05-15 18:26:05.000000000 +0200
+@@ -16,6 +16,7 @@
+ RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
+
+ #include <openssl/bn.h>
++#include <openssl/fips.h>
+
+ #include "ssh.h"
+ #include "xmalloc.h"
+@@ -684,7 +685,7 @@ check_host_key(char *host, struct sockad
+ else
+ snprintf(msg1, sizeof(msg1), ".");
+ /* The default */
+- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
++ fp = key_fingerprint(host_key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ msg2[0] = '\0';
+ if (options.verify_host_key_dns) {
+ if (matching_host_key_dns)
+@@ -699,10 +700,10 @@ check_host_key(char *host, struct sockad
+ snprintf(msg, sizeof(msg),
+ "The authenticity of host '%.200s (%s)' can't be "
+ "established%s\n"
+- "%s key fingerprint is %s.\n%s"
++ "%s key %sfingerprint is %s.\n%s"
+ "Are you sure you want to continue connecting "
+ "(yes/no)? ",
+- host, ip, msg1, type, fp, msg2);
++ host, ip, msg1, type, FIPS_mode() ? "SHA1 " : "", fp, msg2);
+ xfree(fp);
+ if (!confirm(msg))
+ goto fail;
+@@ -969,12 +970,12 @@ show_key_from_file(const char *file, con
+ found = key_new(keytype);
+ if ((ret = lookup_key_in_hostfile_by_type(file, host,
+ keytype, found, &line))) {
+- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
++ fp = key_fingerprint(found, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ logit("WARNING: %s key found for host %s\n"
+ "in %s:%d\n"
+- "%s key fingerprint %s.",
++ "%s key %sfingerprint %s.",
+ key_type(found), host, file, line,
+- key_type(found), fp);
++ key_type(found), FIPS_mode() ? "SHA1 ":"", fp);
+ xfree(fp);
+ }
+ key_free(found);
+@@ -1020,7 +1021,7 @@ warn_changed_key(Key *host_key)
+ char *fp;
+ const char *type = key_type(host_key);
+
+- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
++ fp = key_fingerprint(host_key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+
+ error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+ error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
+@@ -1028,8 +1029,8 @@ warn_changed_key(Key *host_key)
+ error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
+ error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
+ error("It is also possible that the %s host key has just been changed.", type);
+- error("The fingerprint for the %s key sent by the remote host is\n%s.",
+- type, fp);
++ error("The %sfingerprint for the %s key sent by the remote host is\n%s.",
++ FIPS_mode() ? "SHA1 ":"", type, fp);
+ error("Please contact your system administrator.");
+
+ xfree(fp);
+diff -up openssh-4.3p2/sshd.c.fips openssh-4.3p2/sshd.c
+--- openssh-4.3p2/sshd.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/sshd.c 2009-05-15 19:41:15.000000000 +0200
+@@ -48,6 +48,8 @@ RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/
+ #include <openssl/bn.h>
+ #include <openssl/md5.h>
+ #include <openssl/rand.h>
++#include <openssl/fips.h>
++#include <fipscheck.h>
+ #ifdef HAVE_SECUREWARE
+ #include <sys/security.h>
+ #include <prot.h>
+@@ -899,6 +901,11 @@ main(int ac, char **av)
+ (void)set_auth_parameters(ac, av);
+ #endif
+ __progname = ssh_get_progname(av[0]);
++
++ SSLeay_add_all_algorithms();
++ if (FIPS_mode() && !FIPSCHECK_verify(NULL, NULL)) {
++ fatal("FIPS integrity verification test failed.");
++ }
+ init_rng();
+
+ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
+@@ -1031,8 +1038,6 @@ main(int ac, char **av)
+ else
+ closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
+
+- SSLeay_add_all_algorithms();
+-
+ /*
+ * Force logging to stderr until we have loaded the private host
+ * key (unless started from inetd)
+@@ -1130,6 +1135,10 @@ main(int ac, char **av)
+ debug("private host key: #%d type %d %s", i, key->type,
+ key_type(key));
+ }
++ if ((options.protocol & SSH_PROTO_1) && FIPS_mode()) {
++ logit("Disabling protocol version 1. Not allowed in the FIPS mode.");
++ options.protocol &= ~SSH_PROTO_1;
++ }
+ if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
+ logit("Disabling protocol version 1. Could not load host key");
+ options.protocol &= ~SSH_PROTO_1;
+@@ -1244,6 +1253,10 @@ main(int ac, char **av)
+ /* Initialize the random number generator. */
+ arc4random_stir();
+
++ if (FIPS_mode()) {
++ logit("FIPS mode initialized");
++ }
++
+ /* Chdir to the root directory so that the current disk can be
+ unmounted if desired. */
+ chdir("/");
+@@ -2030,6 +2043,9 @@ do_ssh2_kex(void)
+ if (options.ciphers != NULL) {
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
++ } else if (FIPS_mode()) {
++ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
++ myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_FIPS_ENCRYPT;
+ }
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
+@@ -2039,6 +2055,9 @@ do_ssh2_kex(void)
+ if (options.macs != NULL) {
+ myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+ myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
++ } else if (FIPS_mode()) {
++ myproposal[PROPOSAL_MAC_ALGS_CTOS] =
++ myproposal[PROPOSAL_MAC_ALGS_STOC] = KEX_FIPS_MAC;
+ }
+ if (options.compression == COMP_NONE) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+diff -up openssh-4.3p2/ssh-keygen.c.fips openssh-4.3p2/ssh-keygen.c
+--- openssh-4.3p2/ssh-keygen.c.fips 2009-05-15 18:26:05.000000000 +0200
++++ openssh-4.3p2/ssh-keygen.c 2009-05-15 18:26:05.000000000 +0200
+@@ -16,6 +16,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.135 20
+
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
++#include <openssl/fips.h>
+
+ #include "xmalloc.h"
+ #include "key.h"
+@@ -492,7 +493,7 @@ do_fingerprint(struct passwd *pw)
+ enum fp_type fptype;
+ struct stat st;
+
+- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
++ fptype = print_bubblebabble ? SSH_FP_SHA1 : FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5;
+ rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
+
+ if (!have_identity)
+@@ -1408,10 +1409,10 @@ passphrase_again:
+ fclose(f);
+
+ if (!quiet) {
+- char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
++ char *fp = key_fingerprint(public, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ printf("Your public key has been saved in %s.\n",
+ identity_file);
+- printf("The key fingerprint is:\n");
++ printf("The key %sfingerprint is:\n", FIPS_mode() ? "SHA1 " : "");
+ printf("%s %s\n", fp, comment);
+ xfree(fp);
+ }
diff --git a/openssh-4.3p2-forced.patch b/openssh-4.3p2-forced.patch
new file mode 100644
index 0000000..67f6990
--- /dev/null
+++ b/openssh-4.3p2-forced.patch
@@ -0,0 +1,121 @@
+diff -up openssh-4.3p2/servconf.c.forced openssh-4.3p2/servconf.c
+--- openssh-4.3p2/servconf.c.forced 2010-10-13 12:27:24.000000000 +0200
++++ openssh-4.3p2/servconf.c 2010-10-13 12:27:24.000000000 +0200
+@@ -107,6 +107,7 @@ initialize_server_options(ServerOptions
+
+ /* Needs to be accessable in many places */
+ use_privsep = -1;
++ options->adm_forced_command = NULL;
+ }
+
+ void
+@@ -279,6 +280,7 @@ typedef enum {
+ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
++ sForceCommand,
+ sUsePrivilegeSeparation,
+ sShowPatchLevel, sChrootDirectory,
+ sDeprecated, sUnsupported
+@@ -385,6 +387,7 @@ static struct {
+ { "acceptenv", sAcceptEnv },
+ { "permittunnel", sPermitTunnel },
+ { "chrootdirectory", sChrootDirectory },
++ { "forcecommand", sForceCommand },
+ { NULL, sBadOption }
+ };
+
+@@ -445,6 +448,8 @@ add_one_listen_addr(ServerOptions *optio
+ options->listen_addrs = aitop;
+ }
+
++#define WHITESPACE " \t\r\n"
++
+ int
+ process_server_config_line(ServerOptions *options, char *line,
+ const char *filename, int linenum)
+@@ -1023,6 +1028,15 @@ parse_flag:
+ *charptr = xstrdup(arg);
+ break;
+
++ case sForceCommand:
++ if (cp == NULL)
++ fatal("%.200s line %d: Missing argument.", filename,
++ linenum);
++ len = strspn(cp, WHITESPACE);
++ if (options->adm_forced_command == NULL)
++ options->adm_forced_command = xstrdup(cp + len);
++ return 0;
++
+ case sDeprecated:
+ logit("%s line %d: Deprecated option %s",
+ filename, linenum, arg);
+diff -up openssh-4.3p2/servconf.h.forced openssh-4.3p2/servconf.h
+--- openssh-4.3p2/servconf.h.forced 2010-10-13 12:27:24.000000000 +0200
++++ openssh-4.3p2/servconf.h 2010-10-13 12:27:24.000000000 +0200
+@@ -139,6 +139,8 @@ typedef struct {
+ char *authorized_keys_file; /* File containing public keys */
+ char *authorized_keys_file2;
+
++ char *adm_forced_command;
++
+ int use_pam; /* Enable auth via PAM */
+
+ int permit_tun;
+diff -up openssh-4.3p2/session.c.forced openssh-4.3p2/session.c
+--- openssh-4.3p2/session.c.forced 2010-10-13 12:27:24.000000000 +0200
++++ openssh-4.3p2/session.c 2010-10-13 12:27:24.000000000 +0200
+@@ -653,10 +653,14 @@ do_pre_login(Session *s)
+ void
+ do_exec(Session *s, const char *command)
+ {
+- if (forced_command) {
++ if (options.adm_forced_command) {
++ original_command = command;
++ command = options.adm_forced_command;
++ debug("Forced command (config) '%.900s'", command);
++ } else if (forced_command) {
+ original_command = command;
+ command = forced_command;
+- debug("Forced command '%.900s'", command);
++ debug("Forced command (key option) '%.900s'", command);
+ }
+
+ #ifdef SSH_AUDIT_EVENTS
+diff -up openssh-4.3p2/sshd.8.forced openssh-4.3p2/sshd.8
+--- openssh-4.3p2/sshd.8.forced 2006-02-01 12:05:43.000000000 +0100
++++ openssh-4.3p2/sshd.8 2010-10-13 12:27:24.000000000 +0200
+@@ -435,6 +435,14 @@ No spaces are permitted, except within d
+ The following option specifications are supported (note
+ that option keywords are case-insensitive):
+ .Bl -tag -width Ds
++.It Cm command="command"
++Specifies that the command is executed whenever this key is used for
++authentication.
++The command supplied by the user (if any) is ignored.
++Also note that this command may be superseded by either a
++.Xr sshd_config 5
++.Cm ForceCommand
++directive.
+ .It Cm from="pattern-list"
+ Specifies that in addition to public key authentication, the canonical name
+ of the remote host must be present in the comma-separated list of
+diff -up openssh-4.3p2/sshd_config.5.forced openssh-4.3p2/sshd_config.5
+--- openssh-4.3p2/sshd_config.5.forced 2010-10-13 12:34:04.000000000 +0200
++++ openssh-4.3p2/sshd_config.5 2010-10-13 12:34:37.000000000 +0200
+@@ -299,6 +299,15 @@ Specifying a command of
+ will force the use of an in-process sftp server that requires no support
+ files when used with
+ .Cm ChrootDirectory .
++.It Cm ForceCommand
++Forces the execution of the command specified by
++.Cm ForceCommand ,
++ignoring any command supplied by the client.
++The command is invoked by using the user's login shell with the -c option.
++This applies to shell, command, or subsystem execution.
++The command originally supplied by the client is available in the
++.Ev SSH_ORIGINAL_COMMAND
++environment variable.
+ .It Cm GatewayPorts
+ Specifies whether remote hosts are allowed to connect to ports
+ forwarded for the client.
diff --git a/openssh-4.3p2-gsissh.patch b/openssh-4.3p2-gsissh.patch
new file mode 100644
index 0000000..16fd2b0
--- /dev/null
+++ b/openssh-4.3p2-gsissh.patch
@@ -0,0 +1,3111 @@
+diff -Nur openssh-4.3p2.orig/auth2.c openssh-4.3p2/auth2.c
+--- openssh-4.3p2.orig/auth2.c 2011-08-11 17:32:55.620727472 +0200
++++ openssh-4.3p2/auth2.c 2011-08-11 17:34:10.819787356 +0200
+@@ -55,6 +55,7 @@
+ extern Authmethod method_kbdint;
+ extern Authmethod method_hostbased;
+ #ifdef GSSAPI
++extern Authmethod method_gsskeyex;
+ extern Authmethod method_gssapi;
+ #endif
+
+@@ -62,6 +63,7 @@
+ &method_none,
+ &method_pubkey,
+ #ifdef GSSAPI
++ &method_gsskeyex,
+ &method_gssapi,
+ #endif
+ &method_passwd,
+@@ -143,7 +145,27 @@
+ user = packet_get_string(NULL);
+ service = packet_get_string(NULL);
+ method = packet_get_string(NULL);
+- debug("userauth-request for user %s service %s method %s", user, service, method);
++
++#ifdef GSSAPI
++ if (user[0] == '\0') {
++ debug("received empty username for %s", method);
++ if (strcmp(method, "gssapi-keyex") == 0) {
++ char *lname = NULL;
++ PRIVSEP(ssh_gssapi_localname(&lname));
++ if (lname && lname[0] != '\0') {
++ xfree(user);
++ user = lname;
++ debug("set username to %s from gssapi context", user);
++ } else {
++ debug("failed to set username from gssapi context");
++ packet_send_debug("failed to set username from gssapi context");
++ }
++ }
++ }
++#endif
++
++ debug("userauth-request for user %s service %s method %s",
++ user[0] ? user : "<implicit>", service, method);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+
+ if ((role = strchr(user, '/')) != NULL)
+@@ -152,8 +174,26 @@
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = 0;
+
+- if (authctxt->attempt++ == 0) {
+- /* setup auth context */
++ /* If first time or username changed or implicit username,
++ setup/reset authentication context. */
++ if ((authctxt->attempt++ == 0) ||
++ (strcmp(user, authctxt->user) != 0) ||
++ (strcmp(user, "") == 0)) {
++ if (authctxt->user) {
++ xfree(authctxt->user);
++ authctxt->user = NULL;
++ }
++ authctxt->valid = 0;
++#ifdef GSSAPI
++ /* If we're going to set the username based on the
++ GSSAPI context later, then wait until then to
++ verify it. Just put in placeholders for now. */
++ if ((strcmp(user, "") == 0) &&
++ (strcmp(method, "gssapi-with-mic") == 0)) {
++ authctxt->pw = fakepw();
++ authctxt->user = xstrdup(user);
++ } else {
++#endif
+ authctxt->pw = PRIVSEP(getpwnamallow(user));
+ authctxt->user = xstrdup(user);
+ if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
+@@ -166,12 +206,18 @@
+ PRIVSEP(audit_event(SSH_INVALID_USER));
+ #endif
+ }
++#ifdef GSSAPI
++ } /* endif for setting username based on GSSAPI context */
++#endif
+ #ifdef USE_PAM
+ if (options.use_pam)
+ PRIVSEP(start_pam(authctxt));
+ #endif
+ setproctitle("%s%s", authctxt->valid ? user : "unknown",
+ use_privsep ? " [net]" : "");
++#ifdef GSSAPI
++ if (authctxt->attempt == 1) {
++#endif
+ authctxt->service = xstrdup(service);
+ authctxt->style = style ? xstrdup(style) : NULL;
+ authctxt->role = role ? xstrdup(role) : NULL;
+@@ -179,9 +225,12 @@
+ mm_inform_authserv(service, style);
+ mm_inform_authrole(role);
+ }
+- } else if (strcmp(user, authctxt->user) != 0 ||
+- strcmp(service, authctxt->service) != 0) {
+- packet_disconnect("Change of username or service not allowed: "
++#ifdef GSSAPI
++ } /* if (authctxt->attempt == 1) */
++#endif
++ }
++ if (strcmp(service, authctxt->service) != 0) {
++ packet_disconnect("Change of service not allowed: "
+ "(%s,%s) -> (%s,%s)",
+ authctxt->user, authctxt->service, user, service);
+ }
+@@ -194,6 +243,7 @@
+ #endif
+
+ authctxt->postponed = 0;
++ authctxt->server_caused_failure = 0;
+
+ /* try to authenticate user */
+ m = authmethod_lookup(method);
+@@ -264,7 +314,9 @@
+ /* now we can break out */
+ authctxt->success = 1;
+ } else {
+- if (authctxt->failures++ > options.max_authtries) {
++ /* Dont count server configuration issues against the client */
++ if (!authctxt->server_caused_failure &&
++ authctxt->failures++ > options.max_authtries) {
+ #ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+ #endif
+diff -Nur openssh-4.3p2.orig/auth2-gss.c openssh-4.3p2/auth2-gss.c
+--- openssh-4.3p2.orig/auth2-gss.c 2011-08-11 17:32:55.765725660 +0200
++++ openssh-4.3p2/auth2-gss.c 2011-08-11 17:34:10.820787343 +0200
+@@ -41,11 +41,59 @@
+
+ extern ServerOptions options;
+
++static void ssh_gssapi_userauth_error(Gssctxt *ctxt);
+ static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
+ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
+ static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+ static void input_gssapi_errtok(int, u_int32_t, void *);
+
++/*
++ * The 'gssapi_keyex' userauth mechanism.
++ */
++static int
++userauth_gsskeyex(Authctxt *authctxt)
++{
++ int authenticated = 0;
++ Buffer b, b2;
++ gss_buffer_desc mic, gssbuf, gssbuf2;
++ u_int len;
++
++ mic.value = packet_get_string(&len);
++ mic.length = len;
++
++ packet_check_eom();
++
++ ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
++ "gssapi-keyex");
++
++ gssbuf.value = buffer_ptr(&b);
++ gssbuf.length = buffer_len(&b);
++
++ /* client may have used empty username to determine target
++ name from GSSAPI context */
++ ssh_gssapi_buildmic(&b2, "", authctxt->service, "gssapi-keyex");
++
++ gssbuf2.value = buffer_ptr(&b2);
++ gssbuf2.length = buffer_len(&b2);
++
++ /* gss_kex_context is NULL with privsep, so we can't check it here */
++ if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
++ &gssbuf, &mic))) ||
++ !GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
++ &gssbuf2, &mic)))) {
++ if (authctxt->valid && authctxt->user && authctxt->user[0]) {
++ authenticated =
++ PRIVSEP(ssh_gssapi_userok(authctxt->user));
++ }
++ }
++
++ buffer_free(&b);
++ buffer_free(&b2);
++ xfree(mic.value);
++
++ return (authenticated);
++}
++
+ /*
+ * We only support those mechanisms that we know about (ie ones that we know
+ * how to check local user kuserok and the like)
+@@ -62,7 +110,10 @@
+ u_int len;
+ u_char *doid = NULL;
+
+- if (!authctxt->valid || authctxt->user == NULL)
++ /* authctxt->valid may be 0 if we haven't yet determined
++ username from gssapi context. */
++
++ if (authctxt->user == NULL)
+ return (0);
+
+ mechs = packet_get_int();
+@@ -96,6 +147,7 @@
+
+ if (!present) {
+ xfree(doid);
++ authctxt->server_caused_failure = 1;
+ return (0);
+ }
+
+@@ -103,6 +155,7 @@
+ if (ctxt != NULL)
+ ssh_gssapi_delete_ctx(&ctxt);
+ xfree(doid);
++ authctxt->server_caused_failure = 1;
+ return (0);
+ }
+
+@@ -130,7 +183,7 @@
+ Gssctxt *gssctxt;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+- OM_uint32 maj_status, min_status, flags;
++ OM_uint32 maj_status, min_status, flags = 0;
+ u_int len;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+@@ -148,6 +201,7 @@
+ xfree(recv_tok.value);
+
+ if (GSS_ERROR(maj_status)) {
++ ssh_gssapi_userauth_error(gssctxt);
+ if (send_tok.length != 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+ packet_put_string(send_tok.value, send_tok.length);
+@@ -211,6 +265,33 @@
+ gss_release_buffer(&maj_status, &send_tok);
+ }
+
++static void
++gssapi_set_implicit_username(Authctxt *authctxt)
++{
++ if ((authctxt->user == NULL) || (authctxt->user[0] == '\0')) {
++ char *lname = NULL;
++ PRIVSEP(ssh_gssapi_localname(&lname));
++ if (lname && lname[0] != '\0') {
++ if (authctxt->user) xfree(authctxt->user);
++ authctxt->user = lname;
++ debug("set username to %s from gssapi context", lname);
++ authctxt->pw = PRIVSEP(getpwnamallow(authctxt->user));
++ if (authctxt->pw) {
++ authctxt->valid = 1;
++ }
++ } else {
++ debug("failed to set username from gssapi context");
++ packet_send_debug("failed to set username from gssapi context");
++ }
++ }
++ if (authctxt->pw) {
++#ifdef USE_PAM
++ if (options.use_pam)
++ PRIVSEP(start_pam(authctxt));
++#endif
++ }
++}
++
+ /*
+ * This is called when the client thinks we've completed authentication.
+ * It should only be enabled in the dispatch handler by the function above,
+@@ -227,6 +308,8 @@
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
++ gssapi_set_implicit_username(authctxt);
++
+ gssctxt = authctxt->methoddata;
+
+ /*
+@@ -236,7 +319,12 @@
+
+ packet_check_eom();
+
+- authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
++ /* user should be set if valid but we double-check here */
++ if (authctxt->valid && authctxt->user && authctxt->user[0]) {
++ authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
++ } else {
++ authenticated = 0;
++ }
+
+ authctxt->postponed = 0;
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+@@ -259,6 +347,8 @@
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
++ gssapi_set_implicit_username(authctxt);
++
+ gssctxt = authctxt->methoddata;
+
+ mic.value = packet_get_string(&len);
+@@ -271,7 +361,12 @@
+ gssbuf.length = buffer_len(&b);
+
+ if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
+- authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
++ if (authctxt->valid && authctxt->user && authctxt->user[0]) {
++ authenticated =
++ PRIVSEP(ssh_gssapi_userok(authctxt->user));
++ } else {
++ authenticated = 0;
++ }
+ else
+ logit("GSSAPI MIC check failed");
+
+@@ -286,6 +381,29 @@
+ userauth_finish(authctxt, authenticated, "gssapi-with-mic");
+ }
+
++static void ssh_gssapi_userauth_error(Gssctxt *ctxt) {
++ char *errstr;
++ OM_uint32 maj,min;
++
++ errstr=PRIVSEP(ssh_gssapi_last_error(ctxt,&maj,&min));
++ if (errstr) {
++ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERROR);
++ packet_put_int(maj);
++ packet_put_int(min);
++ packet_put_cstring(errstr);
++ packet_put_cstring("");
++ packet_send();
++ packet_write_wait();
++ xfree(errstr);
++ }
++}
++
++Authmethod method_gsskeyex = {
++ "gssapi-keyex",
++ userauth_gsskeyex,
++ &options.gss_authentication
++};
++
+ Authmethod method_gssapi = {
+ "gssapi-with-mic",
+ userauth_gssapi,
+diff -Nur openssh-4.3p2.orig/auth.c openssh-4.3p2/auth.c
+--- openssh-4.3p2.orig/auth.c 2011-08-11 17:32:55.837724761 +0200
++++ openssh-4.3p2/auth.c 2011-08-11 17:34:10.869786731 +0200
+@@ -252,7 +252,8 @@
+ authmsg,
+ method,
+ authctxt->valid ? "" : "invalid user ",
+- authctxt->user,
++ (authctxt->user && authctxt->user[0]) ?
++ authctxt->user : "<implicit>",
+ get_remote_ipaddr(),
+ get_remote_port(),
+ info);
+@@ -472,7 +473,8 @@
+ pw = getpwnam(user);
+ if (pw == NULL) {
+ logit("Invalid user %.100s from %.100s",
+- user, get_remote_ipaddr());
++ (user && user[0]) ? user : "<implicit>",
++ get_remote_ipaddr());
+ #ifdef CUSTOM_FAILED_LOGIN
+ record_failed_login(user,
+ get_canonical_hostname(options.use_dns), "ssh");
+diff -Nur openssh-4.3p2.orig/auth.h openssh-4.3p2/auth.h
+--- openssh-4.3p2.orig/auth.h 2011-08-11 17:32:55.683726686 +0200
++++ openssh-4.3p2/auth.h 2011-08-11 17:34:10.869786731 +0200
+@@ -53,6 +53,7 @@
+ int valid; /* user exists and is allowed to login */
+ int attempt;
+ int failures;
++ int server_caused_failure;
+ int force_pwchange;
+ char *user; /* username sent by the client */
+ char *service;
+diff -Nur openssh-4.3p2.orig/auth-pam.c openssh-4.3p2/auth-pam.c
+--- openssh-4.3p2.orig/auth-pam.c 2011-08-11 17:32:55.814725047 +0200
++++ openssh-4.3p2/auth-pam.c 2011-08-11 17:34:10.871786705 +0200
+@@ -102,6 +102,10 @@
+ */
+ typedef pthread_t sp_pthread_t;
+ #else
++#define pthread_create openssh_pthread_create
++#define pthread_exit openssh_pthread_exit
++#define pthread_cancel openssh_pthread_cancel
++#define pthread_join openssh_pthread_join
+ typedef pid_t sp_pthread_t;
+ #endif
+
+diff -Nur openssh-4.3p2.orig/canohost.c openssh-4.3p2/canohost.c
+--- openssh-4.3p2.orig/canohost.c 2011-08-11 17:32:55.790725347 +0200
++++ openssh-4.3p2/canohost.c 2011-08-11 17:34:10.871786705 +0200
+@@ -412,3 +412,33 @@
+ {
+ return get_port(1);
+ }
++
++void
++resolve_localhost(char **host)
++{
++ struct hostent *hostinfo;
++
++ hostinfo = gethostbyname(*host);
++ if (hostinfo == NULL || hostinfo->h_name == NULL) {
++ debug("gethostbyname(%s) failed", *host);
++ return;
++ }
++ if (hostinfo->h_addrtype == AF_INET) {
++ struct in_addr addr;
++ addr = *(struct in_addr *)(hostinfo->h_addr);
++ if (ntohl(addr.s_addr) == INADDR_LOOPBACK) {
++ char buf[MAXHOSTNAMELEN];
++ if (gethostname(buf, sizeof(buf)) < 0) {
++ debug("gethostname() failed");
++ return;
++ }
++ hostinfo = gethostbyname(buf);
++ xfree(*host);
++ if (hostinfo == NULL || hostinfo->h_name == NULL) {
++ *host = xstrdup(buf);
++ } else {
++ *host = xstrdup(hostinfo->h_name);
++ }
++ }
++ }
++}
+diff -Nur openssh-4.3p2.orig/canohost.h openssh-4.3p2/canohost.h
+--- openssh-4.3p2.orig/canohost.h 2005-02-02 13:30:25.000000000 +0100
++++ openssh-4.3p2/canohost.h 2011-08-11 17:34:10.872786692 +0200
+@@ -24,4 +24,6 @@
+ int get_remote_port(void);
+ int get_local_port(void);
+
++void resolve_localhost(char **host);
++
+ void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
+diff -Nur openssh-4.3p2.orig/configure.ac openssh-4.3p2/configure.ac
+--- openssh-4.3p2.orig/configure.ac 2011-08-11 17:32:56.080721723 +0200
++++ openssh-4.3p2/configure.ac 2011-08-11 17:34:10.874786667 +0200
+@@ -3017,7 +3017,7 @@
+ LIBNSS_MSG="yes"
+ CPPFLAGS="$CPPFLAGS -I/usr/include/nss3 -I/usr/include/nspr4"
+ AC_CHECK_HEADERS(pk11pub.h)
+- LIBNSS="-lnss3"
++ LIBNSS="-lnss3 -lplc4"
+ fi
+ ])
+ AC_SUBST(LIBNSS)
+@@ -3111,6 +3111,13 @@
+ AC_CHECK_HEADER(gssapi_krb5.h, ,
+ [ CPPFLAGS="$oldCPP" ])
+
++ if test -n "$GSSAPI" ; then
++ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Kerberos.])
++ fi
++
++ if test -z "$GSSAPI"; then
++ GSSAPI="KRB5";
++ fi
+ fi
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+@@ -3130,6 +3137,37 @@
+ ]
+ )
+
++# Check whether the user wants GSI (Globus) support
++gsi="no"
++AC_ARG_WITH(gsi,
++ [ --with-gsi Enable Globus GSI authentication support],
++ [
++ gsi="$withval"
++ ]
++)
++
++if test "x$gsi" != "xno" ; then
++ # Globus GSSAPI configuration
++ AC_MSG_CHECKING(for Globus GSI)
++ AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
++
++ if test -n "$GSSAPI" ; then
++ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
++ fi
++
++ if test -z "$GSSAPI" ; then
++ GSSAPI="GSI"
++ fi
++
++ LIBS="$LIBS `pkg-config --libs globus-gss-assist`"
++ CPPFLAGS="$CPPFLAGS `pkg-config --cflags globus-gss-assist`"
++
++ AC_DEFINE(GSSAPI)
++ AC_DEFINE(HAVE_GSSAPI_H)
++
++ AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
++fi
++
+ # Looking for programs, paths and files
+
+ PRIVSEP_PATH=/var/empty
+diff -Nur openssh-4.3p2.orig/contrib/redhat/sshd.init openssh-4.3p2/contrib/redhat/sshd.init
+--- openssh-4.3p2.orig/contrib/redhat/sshd.init 2011-08-11 17:32:56.050722097 +0200
++++ openssh-4.3p2/contrib/redhat/sshd.init 2011-08-11 17:44:59.461678216 +0200
+@@ -1,33 +1,33 @@
+ #!/bin/bash
+ #
+-# Init file for OpenSSH server daemon
++# Init file for gsissh server daemon
+ #
+-# chkconfig: 2345 55 25
+-# description: OpenSSH server daemon
++# chkconfig: - 55 25
++# description: gsissh server daemon
+ #
+-# processname: sshd
+-# config: /etc/ssh/ssh_host_key
+-# config: /etc/ssh/ssh_host_key.pub
+-# config: /etc/ssh/ssh_random_seed
+-# config: /etc/ssh/sshd_config
+-# pidfile: /var/run/sshd.pid
++# processname: gsisshd
++# config: /etc/gsissh/ssh_host_key
++# config: /etc/gsissh/ssh_host_key.pub
++# config: /etc/gsissh/ssh_random_seed
++# config: /etc/gsissh/sshd_config
++# pidfile: /var/run/gsisshd.pid
+
+ # source function library
+ . /etc/rc.d/init.d/functions
+
+ # pull in sysconfig settings
+-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
++[ -f /etc/sysconfig/gsisshd ] && . /etc/sysconfig/gsisshd
+
+ RETVAL=0
+-prog="sshd"
++prog="gsisshd"
+
+ # Some functions to make the below more readable
+-KEYGEN=/usr/bin/ssh-keygen
+-SSHD=/usr/sbin/sshd
+-RSA1_KEY=/etc/ssh/ssh_host_key
+-RSA_KEY=/etc/ssh/ssh_host_rsa_key
+-DSA_KEY=/etc/ssh/ssh_host_dsa_key
+-PID_FILE=/var/run/sshd.pid
++KEYGEN=/usr/bin/gsissh-keygen
++SSHD=/usr/sbin/gsisshd
++RSA1_KEY=/etc/gsissh/ssh_host_key
++RSA_KEY=/etc/gsissh/ssh_host_rsa_key
++DSA_KEY=/etc/gsissh/ssh_host_dsa_key
++PID_FILE=/var/run/gsisshd.pid
+
+ runlevel=$(set -- $(runlevel); eval "echo \$$#" )
+
+@@ -104,16 +104,20 @@
+ start()
+ {
+ # Create keys if necessary
+- do_rsa1_keygen
+- do_rsa_keygen
+- do_dsa_keygen
++ if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
++ do_rsa_keygen
++ if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
++ do_rsa1_keygen
++ do_dsa_keygen
++ fi
++ fi
+
+- cp -af /etc/localtime /var/empty/sshd/etc
++ cp -af /etc/localtime /var/empty/gsisshd/etc
+
+ echo -n $"Starting $prog: "
+ $SSHD $OPTIONS && success || failure
+ RETVAL=$?
+- [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
++ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/gsisshd
+ echo
+ }
+
+@@ -131,7 +135,7 @@
+ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
+ killall $prog 2>/dev/null
+ fi
+- [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
++ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/gsisshd
+ echo
+ }
+
+@@ -162,7 +166,7 @@
+ reload
+ ;;
+ condrestart)
+- if [ -f /var/lock/subsys/sshd ] ; then
++ if [ -f /var/lock/subsys/gsisshd ] ; then
+ do_restart_sanity_check
+ if [ "$RETVAL" = 0 ] ; then
+ stop
+@@ -173,7 +177,7 @@
+ fi
+ ;;
+ status)
+- status -p $PID_FILE openssh-daemon
++ status -p $PID_FILE gsissh-daemon
+ RETVAL=$?
+ ;;
+ *)
+diff -Nur openssh-4.3p2.orig/gss-genr.c openssh-4.3p2/gss-genr.c
+--- openssh-4.3p2.orig/gss-genr.c 2011-08-11 17:32:55.775725534 +0200
++++ openssh-4.3p2/gss-genr.c 2011-08-11 17:34:10.918786118 +0200
+@@ -31,13 +31,155 @@
+ #include "xmalloc.h"
+ #include "bufaux.h"
+ #include "log.h"
++#include "canohost.h"
+ #include "ssh2.h"
++#include <openssl/evp.h>
+
+ #include "ssh-gss.h"
+
+ extern u_char *session_id2;
+ extern u_int session_id2_len;
+
++typedef struct {
++ char *encoded;
++ gss_OID oid;
++} ssh_gss_kex_mapping;
++
++/*
++ * XXX - It would be nice to find a more elegant way of handling the
++ * XXX passing of the key exchange context to the userauth routines
++ */
++
++Gssctxt *gss_kex_context = NULL;
++
++static ssh_gss_kex_mapping *gss_enc2oid = NULL;
++
++int
++ssh_gssapi_oid_table_ok() {
++ return (gss_enc2oid != NULL);
++}
++
++/*
++ * Return a list of the gss-group1-sha1 mechanisms supported by this program
++ *
++ * We test mechanisms to ensure that we can use them, to avoid starting
++ * a key exchange with a bad mechanism
++ */
++
++
++char *
++ssh_gssapi_client_mechanisms(const char *host) {
++ gss_OID_set gss_supported;
++ OM_uint32 min_status;
++
++ gss_indicate_mechs(&min_status, &gss_supported);
++
++ return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,
++ (void *)host));
++}
++
++char *
++ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
++ void *data) {
++ Buffer buf;
++ size_t i;
++ int oidpos, enclen;
++ char *mechs, *encoded;
++ u_char digest[EVP_MAX_MD_SIZE];
++ char deroid[2];
++ const EVP_MD *evp_md = EVP_md5();
++ EVP_MD_CTX md;
++
++ if (gss_enc2oid != NULL) {
++ for (i=0;gss_enc2oid[i].encoded!=NULL;i++)
++ xfree(gss_enc2oid[i].encoded);
++ xfree(gss_enc2oid);
++ }
++
++ gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping)*
++ (gss_supported->count + 1));
++
++ buffer_init(&buf);
++
++ oidpos = 0;
++ for (i = 0;i < gss_supported->count;i++) {
++ if (gss_supported->elements[i].length < 128 &&
++ (*check)(NULL, &(gss_supported->elements[i]), data)) {
++
++ deroid[0] = SSH_GSS_OIDTYPE;
++ deroid[1] = gss_supported->elements[i].length;
++
++ EVP_DigestInit(&md, evp_md);
++ EVP_DigestUpdate(&md, deroid, 2);
++ EVP_DigestUpdate(&md,
++ gss_supported->elements[i].elements,
++ gss_supported->elements[i].length);
++ EVP_DigestFinal(&md, digest, NULL);
++
++ encoded = xmalloc(EVP_MD_size(evp_md)*2);
++ enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
++ encoded, EVP_MD_size(evp_md)*2);
++
++ if (oidpos != 0)
++ buffer_put_char(&buf, ',');
++
++ buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
++ sizeof(KEX_GSS_GEX_SHA1_ID)-1);
++ buffer_append(&buf, encoded, enclen);
++ buffer_put_char(&buf,',');
++ buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID,
++ sizeof(KEX_GSS_GRP1_SHA1_ID)-1);
++ buffer_append(&buf, encoded, enclen);
++
++ gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
++ gss_enc2oid[oidpos].encoded = encoded;
++ oidpos++;
++ }
++ }
++ gss_enc2oid[oidpos].oid = NULL;
++ gss_enc2oid[oidpos].encoded = NULL;
++
++ buffer_put_char(&buf, '\0');
++
++ mechs = xmalloc(buffer_len(&buf));
++ buffer_get(&buf, mechs, buffer_len(&buf));
++ buffer_free(&buf);
++
++ if (strlen(mechs) == 0) {
++ xfree(mechs);
++ mechs = NULL;
++ }
++
++ return (mechs);
++}
++
++gss_OID
++ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int *gex) {
++ int i = 0;
++
++ if (strncmp(name, KEX_GSS_GRP1_SHA1_ID,
++ sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
++ name+=sizeof(KEX_GSS_GRP1_SHA1_ID)-1;
++ *gex = 0;
++ } else if (strncmp(name, KEX_GSS_GEX_SHA1_ID,
++ sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
++ name+=sizeof(KEX_GSS_GEX_SHA1_ID)-1;
++ *gex = 1;
++ } else {
++ return NULL;
++ }
++
++ while (gss_enc2oid[i].encoded != NULL &&
++ strcmp(name, gss_enc2oid[i].encoded) != 0) {
++ i++;
++ }
++
++ if (gss_enc2oid[i].oid != NULL && ctx != NULL)
++ ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
++
++ return gss_enc2oid[i].oid;
++}
++
+ /* Check that the OID in a data stream matches that in the context */
+ int
+ ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
+@@ -100,7 +242,7 @@
+ /* The GSSAPI error */
+ do {
+ gss_display_status(&lmin, ctxt->major,
+- GSS_C_GSS_CODE, GSS_C_NULL_OID, &ctx, &msg);
++ GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
+
+ buffer_append(&b, msg.value, msg.length);
+ buffer_put_char(&b, '\n');
+@@ -111,7 +253,7 @@
+ /* The mechanism specific error */
+ do {
+ gss_display_status(&lmin, ctxt->minor,
+- GSS_C_MECH_CODE, GSS_C_NULL_OID, &ctx, &msg);
++ GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
+
+ buffer_append(&b, msg.value, msg.length);
+ buffer_put_char(&b, '\n');
+@@ -207,15 +349,25 @@
+ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
+ {
+ gss_buffer_desc gssbuf;
++ char *xhost;
+
+- gssbuf.length = sizeof("host@") + strlen(host);
++ /* Make a copy of the host name, in case it was returned by a
++ * previous call to gethostbyname(). */
++ xhost = xstrdup(host);
++
++ /* Make sure we have the FQDN. Some GSSAPI implementations don't do
++ * this for us themselves */
++ resolve_localhost(&xhost);
++
++ gssbuf.length = sizeof("host@") + strlen(xhost);
+ gssbuf.value = xmalloc(gssbuf.length);
+- snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
++ snprintf(gssbuf.value, gssbuf.length, "host@%s", xhost);
+
+ if ((ctx->major = gss_import_name(&ctx->minor,
+ &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
+ ssh_gssapi_error(ctx);
+
++ xfree(xhost);
+ xfree(gssbuf.value);
+ return (ctx->major);
+ }
+@@ -256,6 +408,9 @@
+ OM_uint32
+ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+ {
++ if (ctx == NULL)
++ return -1;
++
+ if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
+ GSS_C_QOP_DEFAULT, buffer, hash)))
+ ssh_gssapi_error(ctx);
+@@ -263,6 +418,19 @@
+ return (ctx->major);
+ }
+
++/* Privileged when used by server */
++OM_uint32
++ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
++{
++ if (ctx == NULL)
++ return -1;
++
++ ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
++ gssbuf, gssmic, NULL);
++
++ return (ctx->major);
++}
++
+ void
+ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+ const char *context)
+@@ -291,6 +459,10 @@
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor;
+ gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
++ Gssctxt *intctx = NULL;
++
++ if (ctx == NULL)
++ ctx = &intctx;
+
+ /* RFC 4462 says we MUST NOT do SPNEGO */
+ if (oid->length == spnego_oid.length &&
+@@ -309,7 +481,7 @@
+ GSS_C_NO_BUFFER);
+ }
+
+- if (GSS_ERROR(major))
++ if (GSS_ERROR(major) || intctx != NULL)
+ ssh_gssapi_delete_ctx(ctx);
+
+ return (!GSS_ERROR(major));
+diff -Nur openssh-4.3p2.orig/gss-serv.c openssh-4.3p2/gss-serv.c
+--- openssh-4.3p2.orig/gss-serv.c 2011-08-11 17:32:55.766725647 +0200
++++ openssh-4.3p2/gss-serv.c 2011-08-11 17:34:10.926786018 +0200
+@@ -36,9 +36,12 @@
+ #include "servconf.h"
+ #include "xmalloc.h"
+ #include "getput.h"
++#include "monitor_wrap.h"
+
+ #include "ssh-gss.h"
+
++extern ServerOptions options;
++
+ static ssh_gssapi_client gssapi_client =
+ { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
+ GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
+@@ -49,14 +52,46 @@
+ #ifdef KRB5
+ extern ssh_gssapi_mech gssapi_kerberos_mech;
+ #endif
++#ifdef GSI
++extern ssh_gssapi_mech gssapi_gsi_mech;
++#endif
+
+ ssh_gssapi_mech* supported_mechs[]= {
+ #ifdef KRB5
+ &gssapi_kerberos_mech,
+ #endif
++#ifdef GSI
++ &gssapi_gsi_mech,
++#endif
+ &gssapi_null_mech,
+ };
+
++#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG
++static int limited = 0;
++#endif
++
++/* Unprivileged */
++char *
++ssh_gssapi_server_mechanisms() {
++ gss_OID_set supported;
++
++ ssh_gssapi_supported_oids(&supported);
++ return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
++ NULL));
++}
++
++/* Unprivileged */
++int
++ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, void *data) {
++ Gssctxt * ctx = NULL;
++ int res;
++
++ res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid)));
++ ssh_gssapi_delete_ctx(&ctx);
++
++ return (res);
++}
++
+ /* Unprivileged */
+ void
+ ssh_gssapi_supported_oids(gss_OID_set *oidset)
+@@ -67,7 +102,8 @@
+ gss_OID_set supported;
+
+ gss_create_empty_oid_set(&min_status, oidset);
+- gss_indicate_mechs(&min_status, &supported);
++ /* Ask privileged process what mechanisms it supports. */
++ PRIVSEP(gss_indicate_mechs(&min_status, &supported));
+
+ while (supported_mechs[i]->name != NULL) {
+ if (GSS_ERROR(gss_test_oid_set_member(&min_status,
+@@ -119,6 +155,10 @@
+ (*flags & GSS_C_INTEG_FLAG))) && (ctx->major == GSS_S_COMPLETE)) {
+ if (ssh_gssapi_getclient(ctx, &gssapi_client))
+ fatal("Couldn't convert client name");
++#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG
++ if (flags && (*flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG))
++ limited = 1;
++#endif
+ }
+
+ return (status);
+@@ -138,6 +178,17 @@
+
+ tok = ename->value;
+
++#ifdef GSI /* GSI gss_export_name() is broken. */
++ if ((ctx->oid->length == gssapi_gsi_mech.oid.length) &&
++ (memcmp(ctx->oid->elements, gssapi_gsi_mech.oid.elements,
++ gssapi_gsi_mech.oid.length) == 0)) {
++ name->length = ename->length;
++ name->value = xmalloc(ename->length + 1);
++ memcpy(name->value, ename->value, ename->length);
++ return GSS_S_COMPLETE;
++ }
++#endif
++
+ /*
+ * Check that ename is long enough for all of the fixed length
+ * header, and that the initial ID bytes are correct
+@@ -227,6 +278,10 @@
+ /* We can't copy this structure, so we just move the pointer to it */
+ client->creds = ctx->client_creds;
+ ctx->client_creds = GSS_C_NO_CREDENTIAL;
++
++ /* needed for globus_gss_assist_map_and_authorize() */
++ client->context = ctx->context;
++
+ return (ctx->major);
+ }
+
+@@ -279,6 +334,12 @@
+ debug("No suitable client data");
+ return 0;
+ }
++#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG
++ if (limited && options.gsi_allow_limited_proxy != 1) {
++ debug("limited proxy not acceptable for remote login");
++ return 0;
++ }
++#endif
+ if (gssapi_client.mech && gssapi_client.mech->userok)
+ if ((*gssapi_client.mech->userok)(&gssapi_client, user))
+ return 1;
+@@ -296,13 +357,21 @@
+ }
+
+ /* Privileged */
+-OM_uint32
+-ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
++int
++ssh_gssapi_localname(char **user)
+ {
+- ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
+- gssbuf, gssmic, NULL);
+-
+- return (ctx->major);
++ *user = NULL;
++ if (gssapi_client.displayname.length == 0 ||
++ gssapi_client.displayname.value == NULL) {
++ debug("No suitable client data");
++ return(0);
++ }
++ if (gssapi_client.mech && gssapi_client.mech->localname) {
++ return((*gssapi_client.mech->localname)(&gssapi_client,user));
++ } else {
++ debug("Unknown client authentication type");
++ }
++ return(0);
+ }
+
+ #endif
+diff -Nur openssh-4.3p2.orig/gss-serv-gsi.c openssh-4.3p2/gss-serv-gsi.c
+--- openssh-4.3p2.orig/gss-serv-gsi.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-4.3p2/gss-serv-gsi.c 2011-08-11 17:34:10.926786018 +0200
+@@ -0,0 +1,210 @@
++/*
++ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#ifdef GSSAPI
++#ifdef GSI
++
++#include "auth.h"
++#include "auth-pam.h"
++#include "xmalloc.h"
++#include "log.h"
++#include "servconf.h"
++
++#include "ssh-gss.h"
++
++extern ServerOptions options;
++
++#include <globus_gss_assist.h>
++
++static int ssh_gssapi_gsi_userok(ssh_gssapi_client *client, char *name);
++static int ssh_gssapi_gsi_localname(ssh_gssapi_client *client, char **user);
++static void ssh_gssapi_gsi_storecreds(ssh_gssapi_client *client);
++
++ssh_gssapi_mech gssapi_gsi_mech = {
++ "dZuIebMjgUqaxvbF7hDbAw==",
++ "GSI",
++ {9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"},
++ NULL,
++ &ssh_gssapi_gsi_userok,
++ &ssh_gssapi_gsi_localname,
++ &ssh_gssapi_gsi_storecreds
++};
++
++/*
++ * Check if this user is OK to login under GSI. User has been authenticated
++ * as identity in global 'client_name.value' and is trying to log in as passed
++ * username in 'name'.
++ *
++ * Returns non-zero if user is authorized, 0 otherwise.
++ */
++static int
++ssh_gssapi_gsi_userok(ssh_gssapi_client *client, char *name)
++{
++ int authorized = 0;
++ globus_result_t res;
++#ifdef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE
++ char lname[256] = "";
++#endif
++
++#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
++ if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
++ return 0;
++ }
++#endif
++
++/* use new globus_gss_assist_map_and_authorize() interface if available */
++#ifdef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE
++ debug("calling globus_gss_assist_map_and_authorize()");
++ if (GLOBUS_SUCCESS !=
++ (res = globus_gss_assist_map_and_authorize(client->context, "ssh",
++ name, lname, 256))) {
++ debug("%s", globus_error_print_chain(globus_error_get(res)));
++ } else if (strcmp(name, lname) != 0) {
++ debug("GSI user maps to %s, not %s", lname, name);
++ } else {
++ authorized = 1;
++ }
++#else
++ debug("calling globus_gss_assist_userok()");
++ if (GLOBUS_SUCCESS !=
++ (res = (globus_gss_assist_userok(client->displayname.value,
++ name)))) {
++ debug("%s", globus_error_print_chain(globus_error_get(res)));
++ } else {
++ authorized = 1;
++ }
++#endif
++
++ logit("GSI user %s is%s authorized as target user %s",
++ (char *) client->displayname.value, (authorized ? "" : " not"), name);
++
++ return authorized;
++}
++
++/*
++ * Return the local username associated with the GSI credentials.
++ */
++int
++ssh_gssapi_gsi_localname(ssh_gssapi_client *client, char **user)
++{
++ globus_result_t res;
++#ifdef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE
++ char lname[256] = "";
++#endif
++
++#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
++ if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
++ return 0;
++ }
++#endif
++
++/* use new globus_gss_assist_map_and_authorize() interface if available */
++#ifdef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE
++ debug("calling globus_gss_assist_map_and_authorize()");
++ if (GLOBUS_SUCCESS !=
++ (res = globus_gss_assist_map_and_authorize(client->context, "ssh",
++ NULL, lname, 256))) {
++ debug("%s", globus_error_print_chain(globus_error_get(res)));
++ logit("failed to map GSI user %s", (char *)client->displayname.value);
++ return 0;
++ }
++ *user = strdup(lname);
++#else
++ debug("calling globus_gss_assist_gridmap()");
++ if (GLOBUS_SUCCESS !=
++ (res = globus_gss_assist_gridmap(client->displayname.value, user))) {
++ debug("%s", globus_error_print_chain(globus_error_get(res)));
++ logit("failed to map GSI user %s", (char *)client->displayname.value);
++ return 0;
++ }
++#endif
++
++ logit("GSI user %s mapped to target user %s",
++ (char *) client->displayname.value, *user);
++
++ return 1;
++}
++
++/*
++ * Export GSI credentials to disk.
++ */
++static void
++ssh_gssapi_gsi_storecreds(ssh_gssapi_client *client)
++{
++ OM_uint32 major_status;
++ OM_uint32 minor_status;
++ gss_buffer_desc export_cred = GSS_C_EMPTY_BUFFER;
++ char * p;
++
++ if (!client || !client->creds) {
++ return;
++ }
++
++ major_status = gss_export_cred(&minor_status,
++ client->creds,
++ GSS_C_NO_OID,
++ 1,
++ &export_cred);
++ if (GSS_ERROR(major_status) && major_status != GSS_S_UNAVAILABLE) {
++ Gssctxt *ctx;
++ ssh_gssapi_build_ctx(&ctx);
++ ctx->major = major_status;
++ ctx->minor = minor_status;
++ ssh_gssapi_set_oid(ctx, &gssapi_gsi_mech.oid);
++ ssh_gssapi_error(ctx);
++ ssh_gssapi_delete_ctx(&ctx);
++ return;
++ }
++
++ p = strchr((char *) export_cred.value, '=');
++ if (p == NULL) {
++ logit("Failed to parse exported credentials string '%.100s'",
++ (char *)export_cred.value);
++ gss_release_buffer(&minor_status, &export_cred);
++ return;
++ }
++ *p++ = '\0';
++ if (strcmp((char *)export_cred.value,"X509_USER_DELEG_PROXY") == 0) {
++ client->store.envvar = strdup("X509_USER_PROXY");
++ } else {
++ client->store.envvar = strdup((char *)export_cred.value);
++ }
++ client->store.envval = strdup(p);
++#ifdef USE_PAM
++ if (options.use_pam)
++ do_pam_putenv(client->store.envvar, client->store.envval);
++#endif
++ if (strncmp(p, "FILE:", 5) == 0) {
++ p += 5;
++ }
++ if (access(p, R_OK) == 0) {
++ client->store.filename = strdup(p);
++ }
++ gss_release_buffer(&minor_status, &export_cred);
++}
++
++#endif /* GSI */
++#endif /* GSSAPI */
+diff -Nur openssh-4.3p2.orig/gss-serv-krb5.c openssh-4.3p2/gss-serv-krb5.c
+--- openssh-4.3p2.orig/gss-serv-krb5.c 2005-11-05 05:05:28.000000000 +0100
++++ openssh-4.3p2/gss-serv-krb5.c 2011-08-11 17:34:10.927786005 +0200
+@@ -41,9 +41,9 @@
+ #ifdef HEIMDAL
+ # include <krb5.h>
+ #else
+-# ifdef HAVE_GSSAPI_KRB5
++# ifdef HAVE_GSSAPI_KRB5_H
+ # include <gssapi_krb5.h>
+-# elif HAVE_GSSAPI_GSSAPI_KRB5
++# elif HAVE_GSSAPI_GSSAPI_KRB5_H
+ # include <gssapi/gssapi_krb5.h>
+ # endif
+ #endif
+@@ -100,7 +100,35 @@
+ return retval;
+ }
+
++/* Retrieve the local username associated with a set of Kerberos
++ * credentials. Hopefully we can use this for the 'empty' username
++ * logins discussed in the draft */
++static int
++ssh_gssapi_krb5_localname(ssh_gssapi_client *client, char **user) {
++ krb5_principal princ;
++ int retval;
++
++ if (ssh_gssapi_krb5_init() == 0)
++ return 0;
+
++ if ((retval=krb5_parse_name(krb_context, client->displayname.value,
++ &princ))) {
++ logit("krb5_parse_name(): %.100s",
++ krb5_get_err_text(krb_context,retval));
++ return 0;
++ }
++
++ /* We've got to return a malloc'd string */
++ *user = (char *)xmalloc(256);
++ if (krb5_aname_to_localname(krb_context, princ, 256, *user)) {
++ xfree(*user);
++ *user = NULL;
++ return(0);
++ }
++
++ return(1);
++}
++
+ /* This writes out any forwarded credentials from the structure populated
+ * during userauth. Called after we have setuid to the user */
+
+@@ -182,7 +210,7 @@
+ {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"},
+ NULL,
+ &ssh_gssapi_krb5_userok,
+- NULL,
++ &ssh_gssapi_krb5_localname,
+ &ssh_gssapi_krb5_storecreds
+ };
+
+diff -Nur openssh-4.3p2.orig/kex.c openssh-4.3p2/kex.c
+--- openssh-4.3p2.orig/kex.c 2011-08-11 17:32:56.099721484 +0200
++++ openssh-4.3p2/kex.c 2011-08-11 17:34:10.928785992 +0200
+@@ -42,6 +42,10 @@
+ #include "dispatch.h"
+ #include "monitor.h"
+
++#ifdef GSSAPI
++#include "ssh-gss.h"
++#endif
++
+ #define KEX_COOKIE_LEN 16
+
+ #ifdef HAVE_LINUX_AUDIT
+@@ -318,6 +322,16 @@
+ } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
+ k->kex_type = KEX_DH_GEX_SHA1;
+ k->evp_md = EVP_sha1();
++#ifdef GSSAPI
++ } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID,
++ sizeof(KEX_GSS_GEX_SHA1_ID)-1) == 0) {
++ k->kex_type = KEX_GSS_GEX_SHA1;
++ k->evp_md = EVP_sha1();
++ } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID,
++ sizeof(KEX_GSS_GRP1_SHA1_ID)-1) == 0) {
++ k->kex_type = KEX_GSS_GRP1_SHA1;
++ k->evp_md = EVP_sha1();
++#endif
+ } else
+ fatal("bad kex alg %s", k->name);
+ }
+diff -Nur openssh-4.3p2.orig/kexgssc.c openssh-4.3p2/kexgssc.c
+--- openssh-4.3p2.orig/kexgssc.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-4.3p2/kexgssc.c 2011-08-11 17:34:10.929785979 +0200
+@@ -0,0 +1,301 @@
++/*
++ * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#ifdef GSSAPI
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++
++#include "xmalloc.h"
++#include "buffer.h"
++#include "bufaux.h"
++#include "kex.h"
++#include "log.h"
++#include "packet.h"
++#include "dh.h"
++#include "canohost.h"
++#include "ssh2.h"
++#include "ssh-gss.h"
++
++void
++kexgss_client(Kex *kex) {
++ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
++ gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
++ Gssctxt *ctxt;
++ OM_uint32 maj_status, min_status, ret_flags;
++ u_int klen, kout, slen = 0, hashlen, strlen;
++ DH *dh;
++ BIGNUM *dh_server_pub = NULL;
++ BIGNUM *shared_secret = NULL;
++ BIGNUM *p = NULL;
++ BIGNUM *g = NULL;
++ u_char *kbuf, *hash;
++ u_char *serverhostkey = NULL;
++ char *msg;
++ char *lang;
++ int type = 0;
++ int first = 1;
++ int gex = 0;
++ int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
++
++ /* Initialise our GSSAPI world */
++ ssh_gssapi_build_ctx(&ctxt);
++ if (ssh_gssapi_id_kex(ctxt, kex->name, &gex) == NULL)
++ fatal("Couldn't identify host exchange");
++
++ if (ssh_gssapi_import_name(ctxt, kex->gss_host))
++ fatal("Couldn't import hostname");
++
++ if (gex) {
++ debug("Doing group exchange\n");
++ nbits = dh_estimate(kex->we_need * 8);
++ packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
++ packet_put_int(min);
++ packet_put_int(nbits);
++ packet_put_int(max);
++
++ packet_send();
++
++ packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
++
++ if ((p = BN_new()) == NULL)
++ fatal("BN_new() failed");
++ packet_get_bignum2(p);
++ if ((g = BN_new()) == NULL)
++ fatal("BN_new() failed");
++ packet_get_bignum2(g);
++ packet_check_eom();
++
++ if (BN_num_bits(p) < min || BN_num_bits(p) > max)
++ fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
++ min, BN_num_bits(p), max);
++
++ dh = dh_new_group(g, p);
++ } else {
++ dh = dh_new_group1();
++ }
++
++ /* Step 1 - e is dh->pub_key */
++ dh_gen_key(dh, kex->we_need * 8);
++
++ /* This is f, we initialise it now to make life easier */
++ dh_server_pub = BN_new();
++ if (dh_server_pub == NULL)
++ fatal("dh_server_pub == NULL");
++
++ token_ptr = GSS_C_NO_BUFFER;
++
++ do {
++ debug("Calling gss_init_sec_context");
++
++ maj_status = ssh_gssapi_init_ctx(ctxt,
++ kex->gss_deleg_creds, token_ptr, &send_tok,
++ &ret_flags);
++
++ if (GSS_ERROR(maj_status)) {
++ if (send_tok.length != 0) {
++ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++ packet_put_string(send_tok.value,
++ send_tok.length);
++ }
++ fatal("gss_init_context failed");
++ }
++
++ /* If we've got an old receive buffer get rid of it */
++ if (token_ptr != GSS_C_NO_BUFFER)
++ xfree(recv_tok.value);
++
++ if (maj_status == GSS_S_COMPLETE) {
++ /* If mutual state flag is not true, kex fails */
++ if (!(ret_flags & GSS_C_MUTUAL_FLAG))
++ fatal("Mutual authentication failed");
++
++ /* If integ avail flag is not true kex fails */
++ if (!(ret_flags & GSS_C_INTEG_FLAG))
++ fatal("Integrity check failed");
++ }
++
++ /*
++ * If we have data to send, then the last message that we
++ * received cannot have been a 'complete'.
++ */
++ if (send_tok.length != 0) {
++ if (first) {
++ packet_start(SSH2_MSG_KEXGSS_INIT);
++ packet_put_string(send_tok.value,
++ send_tok.length);
++ packet_put_bignum2(dh->pub_key);
++ first = 0;
++ } else {
++ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++ packet_put_string(send_tok.value,
++ send_tok.length);
++ }
++ packet_send();
++ gss_release_buffer(&min_status, &send_tok);
++
++ /* If we've sent them data, they should reply */
++ do {
++ type = packet_read();
++ if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
++ debug("Received KEXGSS_HOSTKEY");
++ if (serverhostkey)
++ fatal("Server host key received more than once");
++ serverhostkey =
++ packet_get_string(&slen);
++ }
++ } while (type == SSH2_MSG_KEXGSS_HOSTKEY);
++
++ switch (type) {
++ case SSH2_MSG_KEXGSS_CONTINUE:
++ debug("Received GSSAPI_CONTINUE");
++ if (maj_status == GSS_S_COMPLETE)
++ fatal("GSSAPI Continue received from server when complete");
++ recv_tok.value = packet_get_string(&strlen);
++ recv_tok.length = strlen;
++ break;
++ case SSH2_MSG_KEXGSS_COMPLETE:
++ debug("Received GSSAPI_COMPLETE");
++ packet_get_bignum2(dh_server_pub);
++ msg_tok.value = packet_get_string(&strlen);
++ msg_tok.length = strlen;
++
++ /* Is there a token included? */
++ if (packet_get_char()) {
++ recv_tok.value=
++ packet_get_string(&strlen);
++ recv_tok.length = strlen;
++ /* If we're already complete - protocol error */
++ if (maj_status == GSS_S_COMPLETE)
++ packet_disconnect("Protocol error: received token when complete");
++ } else {
++ /* No token included */
++ if (maj_status != GSS_S_COMPLETE)
++ packet_disconnect("Protocol error: did not receive final token");
++ }
++ break;
++ case SSH2_MSG_KEXGSS_ERROR:
++ debug("Received Error");
++ maj_status = packet_get_int();
++ min_status = packet_get_int();
++ msg = packet_get_string(NULL);
++ lang = packet_get_string(NULL);
++ fatal("GSSAPI Key Exchange Error: \n%s",msg);
++ default:
++ packet_disconnect("Protocol error: didn't expect packet type %d",
++ type);
++ }
++ token_ptr = &recv_tok;
++ } else {
++ /* No data, and not complete */
++ if (maj_status != GSS_S_COMPLETE)
++ fatal("Not complete, and no token output");
++ }
++ } while (maj_status & GSS_S_CONTINUE_NEEDED);
++
++ /*
++ * We _must_ have received a COMPLETE message in reply from the
++ * server, which will have set dh_server_pub and msg_tok
++ */
++
++ if (type != SSH2_MSG_KEXGSS_COMPLETE)
++ fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
++
++ /* Check f in range [1, p-1] */
++ if (!dh_pub_is_valid(dh, dh_server_pub))
++ packet_disconnect("bad server public DH value");
++
++ /* compute K=f^x mod p */
++ klen = DH_size(dh);
++ kbuf = xmalloc(klen);
++ kout = DH_compute_key(kbuf, dh_server_pub, dh);
++
++ shared_secret = BN_new();
++ BN_bin2bn(kbuf,kout, shared_secret);
++ memset(kbuf, 0, klen);
++ xfree(kbuf);
++
++ if (gex) {
++ kexgex_hash(
++ kex->evp_md,
++ kex->client_version_string,
++ kex->server_version_string,
++ buffer_ptr(&kex->my), buffer_len(&kex->my),
++ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++ serverhostkey, slen,
++ min, nbits, max,
++ dh->p, dh->g,
++ dh->pub_key,
++ dh_server_pub,
++ shared_secret,
++ &hash, &hashlen
++ );
++ } else {
++ /* The GSS hash is identical to the DH one */
++ kex_dh_hash( kex->client_version_string,
++ kex->server_version_string,
++ buffer_ptr(&kex->my), buffer_len(&kex->my),
++ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++ serverhostkey, slen, /* server host key */
++ dh->pub_key, /* e */
++ dh_server_pub, /* f */
++ shared_secret, /* K */
++ &hash, &hashlen
++ );
++ }
++
++ gssbuf.value = hash;
++ gssbuf.length = hashlen;
++
++ /* Verify that the hash matches the MIC we just got. */
++ if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
++ packet_disconnect("Hash's MIC didn't verify");
++
++ xfree(msg_tok.value);
++
++ DH_free(dh);
++ if (serverhostkey)
++ xfree(serverhostkey);
++ BN_clear_free(dh_server_pub);
++
++ /* save session id */
++ if (kex->session_id == NULL) {
++ kex->session_id_len = hashlen;
++ kex->session_id = xmalloc(kex->session_id_len);
++ memcpy(kex->session_id, hash, kex->session_id_len);
++ }
++
++ if (gss_kex_context == NULL)
++ gss_kex_context = ctxt;
++ else
++ ssh_gssapi_delete_ctx(&ctxt);
++
++ kex_derive_keys(kex, hash, hashlen, shared_secret);
++ BN_clear_free(shared_secret);
++ kex_finish(kex);
++}
++
++#endif /* GSSAPI */
+diff -Nur openssh-4.3p2.orig/kexgsss.c openssh-4.3p2/kexgsss.c
+--- openssh-4.3p2.orig/kexgsss.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-4.3p2/kexgsss.c 2011-08-11 17:34:10.930785967 +0200
+@@ -0,0 +1,280 @@
++/*
++ * Copyright (c) 2001-2005 Simon Wilkinson. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#ifdef GSSAPI
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++
++#include "xmalloc.h"
++#include "buffer.h"
++#include "bufaux.h"
++#include "kex.h"
++#include "log.h"
++#include "packet.h"
++#include "dh.h"
++#include "ssh2.h"
++#include "ssh-gss.h"
++#include "monitor_wrap.h"
++
++static void kex_gss_send_error(Gssctxt *ctxt);
++
++void
++kexgss_server(Kex *kex)
++{
++ OM_uint32 maj_status, min_status;
++
++ /*
++ * Some GSSAPI implementations use the input value of ret_flags (an
++ * output variable) as a means of triggering mechanism specific
++ * features. Initializing it to zero avoids inadvertently
++ * activating this non-standard behaviour.
++ */
++
++ OM_uint32 ret_flags = 0;
++ gss_buffer_desc gssbuf, recv_tok, msg_tok;
++ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
++ Gssctxt *ctxt = NULL;
++ u_int slen, klen, kout, hashlen;
++ u_char *kbuf, *hash;
++ DH *dh;
++ int min = -1, max = -1, nbits = -1;
++ BIGNUM *shared_secret = NULL;
++ BIGNUM *dh_client_pub = NULL;
++ int type = 0;
++ int gex;
++ gss_OID oid;
++
++ /* Initialise GSSAPI */
++
++ /* If we're rekeying, privsep means that some of the private structures
++ * in the GSSAPI code are no longer available. This kludges them back
++ * into life
++ */
++ if (!ssh_gssapi_oid_table_ok())
++ ssh_gssapi_server_mechanisms();
++
++ debug2("%s: Identifying %s", __func__, kex->name);
++ oid = ssh_gssapi_id_kex(NULL, kex->name, &gex);
++ if (oid == NULL)
++ fatal("Unknown gssapi mechanism");
++
++ debug2("%s: Acquiring credentials", __func__);
++
++ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid)))) {
++ kex_gss_send_error(ctxt);
++ fatal("Unable to acquire credentials for the server");
++ }
++
++ if (gex) {
++ debug("Doing group exchange");
++ packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
++ min = packet_get_int();
++ nbits = packet_get_int();
++ max = packet_get_int();
++ min = MAX(DH_GRP_MIN, min);
++ max = MIN(DH_GRP_MAX, max);
++ packet_check_eom();
++ if (max < min || nbits < min || max < nbits)
++ fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
++ min, nbits, max);
++ dh = PRIVSEP(choose_dh(min, nbits, max));
++ if (dh == NULL)
++ packet_disconnect("Protocol error: no matching group found");
++
++ packet_start(SSH2_MSG_KEXGSS_GROUP);
++ packet_put_bignum2(dh->p);
++ packet_put_bignum2(dh->g);
++ packet_send();
++
++ packet_write_wait();
++
++ } else {
++ dh = dh_new_group1();
++ }
++ dh_gen_key(dh, kex->we_need * 8);
++
++ do {
++ debug("Wait SSH2_MSG_GSSAPI_INIT");
++ type = packet_read();
++ switch(type) {
++ case SSH2_MSG_KEXGSS_INIT:
++ if (dh_client_pub != NULL)
++ fatal("Received KEXGSS_INIT after initialising");
++ recv_tok.value = packet_get_string(&slen);
++ recv_tok.length = slen;
++
++ if ((dh_client_pub = BN_new()) == NULL)
++ fatal("dh_client_pub == NULL");
++
++ packet_get_bignum2(dh_client_pub);
++
++ /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
++ break;
++ case SSH2_MSG_KEXGSS_CONTINUE:
++ recv_tok.value = packet_get_string(&slen);
++ recv_tok.length = slen;
++ break;
++ default:
++ packet_disconnect(
++ "Protocol error: didn't expect packet type %d",
++ type);
++ }
++
++ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok,
++ &send_tok, &ret_flags));
++
++ xfree(recv_tok.value);
++
++ if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
++ fatal("Zero length token output when incomplete");
++
++ if (dh_client_pub == NULL)
++ fatal("No client public key");
++
++ if (maj_status & GSS_S_CONTINUE_NEEDED) {
++ debug("Sending GSSAPI_CONTINUE");
++ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++ packet_put_string(send_tok.value, send_tok.length);
++ packet_send();
++ gss_release_buffer(&min_status, &send_tok);
++ }
++ } while (maj_status & GSS_S_CONTINUE_NEEDED);
++
++ if (GSS_ERROR(maj_status)) {
++ kex_gss_send_error(ctxt);
++ if (send_tok.length > 0) {
++ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
++ packet_put_string(send_tok.value, send_tok.length);
++ packet_send();
++ }
++ packet_disconnect("GSSAPI Key Exchange handshake failed");
++ }
++
++ if (!(ret_flags & GSS_C_MUTUAL_FLAG))
++ fatal("Mutual Authentication flag wasn't set");
++
++ if (!(ret_flags & GSS_C_INTEG_FLAG))
++ fatal("Integrity flag wasn't set");
++
++ if (!dh_pub_is_valid(dh, dh_client_pub))
++ packet_disconnect("bad client public DH value");
++
++ klen = DH_size(dh);
++ kbuf = xmalloc(klen);
++ kout = DH_compute_key(kbuf, dh_client_pub, dh);
++
++ shared_secret = BN_new();
++ BN_bin2bn(kbuf, kout, shared_secret);
++ memset(kbuf, 0, klen);
++ xfree(kbuf);
++
++ if (gex) {
++ kexgex_hash(
++ kex->evp_md,
++ kex->client_version_string, kex->server_version_string,
++ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++ buffer_ptr(&kex->my), buffer_len(&kex->my),
++ NULL, 0,
++ min, nbits, max,
++ dh->p, dh->g,
++ dh_client_pub,
++ dh->pub_key,
++ shared_secret,
++ &hash, &hashlen
++ );
++ }
++ else {
++ /* The GSSAPI hash is identical to the Diffie Helman one */
++ kex_dh_hash(
++ kex->client_version_string, kex->server_version_string,
++ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
++ buffer_ptr(&kex->my), buffer_len(&kex->my),
++ NULL, 0, /* Change this if we start sending host keys */
++ dh_client_pub, dh->pub_key, shared_secret,
++ &hash, &hashlen
++ );
++ }
++ BN_free(dh_client_pub);
++
++ if (kex->session_id == NULL) {
++ kex->session_id_len = hashlen;
++ kex->session_id = xmalloc(kex->session_id_len);
++ memcpy(kex->session_id, hash, kex->session_id_len);
++ }
++
++ gssbuf.value = hash;
++ gssbuf.length = hashlen;
++
++ if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok))))
++ fatal("Couldn't get MIC");
++
++ packet_start(SSH2_MSG_KEXGSS_COMPLETE);
++ packet_put_bignum2(dh->pub_key);
++ packet_put_string((char *)msg_tok.value,msg_tok.length);
++
++ if (send_tok.length != 0) {
++ packet_put_char(1); /* true */
++ packet_put_string((char *)send_tok.value, send_tok.length);
++ } else {
++ packet_put_char(0); /* false */
++ }
++ packet_send();
++
++ gss_release_buffer(&min_status, &send_tok);
++ gss_release_buffer(&min_status, &msg_tok);
++
++ if (gss_kex_context == NULL)
++ gss_kex_context = ctxt;
++ else
++ ssh_gssapi_delete_ctx(&ctxt);
++
++ DH_free(dh);
++
++ kex_derive_keys(kex, hash, hashlen, shared_secret);
++ BN_clear_free(shared_secret);
++ kex_finish(kex);
++}
++
++static void
++kex_gss_send_error(Gssctxt *ctxt) {
++ char *errstr;
++ OM_uint32 maj,min;
++
++ errstr=PRIVSEP(ssh_gssapi_last_error(ctxt,&maj,&min));
++ if (errstr) {
++ packet_start(SSH2_MSG_KEXGSS_ERROR);
++ packet_put_int(maj);
++ packet_put_int(min);
++ packet_put_cstring(errstr);
++ packet_put_cstring("");
++ packet_send();
++ packet_write_wait();
++ /* XXX - We should probably log the error locally here */
++ xfree(errstr);
++ }
++}
++#endif /* GSSAPI */
+diff -Nur openssh-4.3p2.orig/kex.h openssh-4.3p2/kex.h
+--- openssh-4.3p2.orig/kex.h 2005-11-05 05:19:36.000000000 +0100
++++ openssh-4.3p2/kex.h 2011-08-11 17:34:10.930785967 +0200
+@@ -63,6 +63,8 @@
+ KEX_DH_GRP1_SHA1,
+ KEX_DH_GRP14_SHA1,
+ KEX_DH_GEX_SHA1,
++ KEX_GSS_GRP1_SHA1,
++ KEX_GSS_GEX_SHA1,
+ KEX_MAX
+ };
+
+@@ -115,6 +117,11 @@
+ int done;
+ int flags;
+ const EVP_MD *evp_md;
++#ifdef GSSAPI
++ int gss_deleg_creds;
++ int gss_trust_dns;
++ char *gss_host;
++#endif
+ char *client_version_string;
+ char *server_version_string;
+ int (*verify_host_key)(Key *);
+@@ -137,6 +144,11 @@
+ void kexgex_client(Kex *);
+ void kexgex_server(Kex *);
+
++#ifdef GSSAPI
++void kexgss_client(Kex *);
++void kexgss_server(Kex *);
++#endif
++
+ void
+ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
+diff -Nur openssh-4.3p2.orig/key.c openssh-4.3p2/key.c
+--- openssh-4.3p2.orig/key.c 2011-08-11 17:32:55.858724498 +0200
++++ openssh-4.3p2/key.c 2011-08-11 17:34:10.931785955 +0200
+@@ -712,6 +712,8 @@
+ return KEY_RSA;
+ } else if (strcmp(name, "ssh-dss") == 0) {
+ return KEY_DSA;
++ } else if (strcmp(name, "null") == 0) {
++ return KEY_NULL;
+ }
+ debug2("key_type_from_name: unknown key type '%s'", name);
+ return KEY_UNSPEC;
+diff -Nur openssh-4.3p2.orig/key.h openssh-4.3p2/key.h
+--- openssh-4.3p2.orig/key.h 2011-08-11 17:32:55.853724559 +0200
++++ openssh-4.3p2/key.h 2011-08-11 17:34:10.964785541 +0200
+@@ -40,6 +40,7 @@
+ KEY_RSA,
+ KEY_DSA,
+ KEY_NSS,
++ KEY_NULL,
+ KEY_UNSPEC
+ };
+ enum fp_type {
+diff -Nur openssh-4.3p2.orig/Makefile.in openssh-4.3p2/Makefile.in
+--- openssh-4.3p2.orig/Makefile.in 2011-08-11 17:32:56.101721459 +0200
++++ openssh-4.3p2/Makefile.in 2011-08-11 17:34:10.966785517 +0200
+@@ -73,7 +73,7 @@
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
+ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
+- entropy.o scard-opensc.o gss-genr.o nsskeys.o lkstub.o
++ entropy.o scard-opensc.o gss-genr.o nsskeys.o kexgssc.o lkstub.o
+
+ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o
+@@ -86,7 +86,8 @@
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
+ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
+ auth-krb5.o \
+- auth2-gss.o gss-serv.o gss-serv-krb5.o \
++ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
++ gss-serv-gsi.o \
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ audit.o audit-bsm.o sftp-server.o sftp-common.o
+
+diff -Nur openssh-4.3p2.orig/misc.c openssh-4.3p2/misc.c
+--- openssh-4.3p2.orig/misc.c 2006-01-31 11:49:28.000000000 +0100
++++ openssh-4.3p2/misc.c 2011-08-11 17:34:10.967785505 +0200
+@@ -124,11 +124,14 @@
+ /* Characters considered whitespace in strsep calls. */
+ #define WHITESPACE " \t\r\n"
+
++/* Characters considered as quotations. */
++#define QUOTES "'\""
++
+ /* return next token in configuration line */
+ char *
+ strdelim(char **s)
+ {
+- char *old;
++ char *old, *p, *q;
+ int wspace = 0;
+
+ if (*s == NULL)
+@@ -136,6 +139,21 @@
+
+ old = *s;
+
++ if ((q=strchr(QUOTES, (int) *old)) && *q)
++ {
++ /* find next quote character, point old to start of quoted
++ * string */
++ for (p = ++old; *p && *p != *q; p++)
++ ;
++
++ /* find start of next token */
++ *s = (*p) ? p + strspn(p + 1, WHITESPACE) + 1 : NULL;
++
++ /* terminate 'old' token */
++ *p = '\0';
++ return (old);
++ }
++
+ *s = strpbrk(*s, WHITESPACE "=");
+ if (*s == NULL)
+ return (old);
+diff -Nur openssh-4.3p2.orig/monitor.c openssh-4.3p2/monitor.c
+--- openssh-4.3p2.orig/monitor.c 2011-08-11 17:32:56.101721459 +0200
++++ openssh-4.3p2/monitor.c 2011-08-11 17:34:10.969785481 +0200
+@@ -142,6 +142,10 @@
+ int mm_answer_gss_accept_ctx(int, Buffer *);
+ int mm_answer_gss_userok(int, Buffer *);
+ int mm_answer_gss_checkmic(int, Buffer *);
++int mm_answer_gss_sign(int, Buffer *);
++int mm_answer_gss_error(int, Buffer *);
++int mm_answer_gss_indicate_mechs(int, Buffer *);
++int mm_answer_gss_localname(int, Buffer *);
+ #endif
+
+ #ifdef SSH_AUDIT_EVENTS
+@@ -186,13 +190,13 @@
+ {MONITOR_REQ_LINUX_AUDIT_KEX, MON_PERMIT, mm_answer_linux_audit_kex_body},
+ {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
+ {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
+- {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
++ {MONITOR_REQ_PWNAM, MON_AUTH, mm_answer_pwnamallow},
+ {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
+ {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
+ {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
+ #ifdef USE_PAM
+- {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
++ {MONITOR_REQ_PAM_START, MON_ISAUTH, mm_answer_pam_start},
+ {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
+ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
+ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
+@@ -217,6 +221,10 @@
+ {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+ {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+ {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
++ {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
++ {MONITOR_REQ_GSSERR, MON_ISAUTH | MON_ONCE, mm_answer_gss_error},
++ {MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
++ {MONITOR_REQ_GSSLOCALNAME, MON_ISAUTH, mm_answer_gss_localname},
+ #endif
+ {0, 0, NULL}
+ };
+@@ -224,6 +232,13 @@
+ struct mon_table mon_dispatch_postauth20[] = {
+ {MONITOR_REQ_LINUX_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_linux_audit_unsupported_body},
+ {MONITOR_REQ_LINUX_AUDIT_KEX, MON_PERMIT, mm_answer_linux_audit_kex_body},
++#ifdef GSSAPI
++ {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
++ {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
++ {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
++ {MONITOR_REQ_GSSERR, 0, mm_answer_gss_error},
++ {MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
++#endif
+ {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
+ {MONITOR_REQ_SIGN, 0, mm_answer_sign},
+ {MONITOR_REQ_PTY, 0, mm_answer_pty},
+@@ -256,7 +271,7 @@
+ {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
+ #endif
+ #ifdef USE_PAM
+- {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
++ {MONITOR_REQ_PAM_START, MON_ISAUTH, mm_answer_pam_start},
+ {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
+ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
+ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
+@@ -332,6 +347,12 @@
+ /* Permit requests for moduli and signatures */
+ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
++#ifdef GSSAPI
++ /* and for the GSSAPI key exchange */
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
++#endif
+ } else {
+ mon_dispatch = mon_dispatch_proto15;
+
+@@ -408,6 +429,12 @@
+ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
++#ifdef GSSAPI
++ /* and for the GSSAPI key exchange */
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
++#endif
+ } else {
+ mon_dispatch = mon_dispatch_postauth15;
+ monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
+@@ -596,13 +623,12 @@
+
+ debug3("%s", __func__);
+
+- if (authctxt->attempt++ != 0)
+- fatal("%s: multiple attempts for getpwnam", __func__);
+-
+ username = buffer_get_string(m, NULL);
+
+ pwent = getpwnamallow(username);
+
++ if (authctxt->user)
++ xfree(authctxt->user);
+ authctxt->user = xstrdup(username);
+ setproctitle("%s [priv]", pwent ? username : "unknown");
+ xfree(username);
+@@ -1683,6 +1709,10 @@
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
++#ifdef GSSAPI
++ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++#endif
+ kex->server = 1;
+ kex->hostkey_type = buffer_get_int(m);
+ kex->kex_type = buffer_get_int(m);
+@@ -1925,6 +1955,7 @@
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+ }
+ return (0);
+ }
+@@ -1975,6 +2006,106 @@
+ /* Monitor loop will terminate if authenticated */
+ return (authenticated);
+ }
++
++int
++mm_answer_gss_sign(int socket, Buffer *m)
++{
++ gss_buffer_desc data;
++ gss_buffer_desc hash = GSS_C_EMPTY_BUFFER;
++ OM_uint32 major, minor;
++ u_int len;
++
++ data.value = buffer_get_string(m, &len);
++ data.length = len;
++ if (data.length != 20)
++ fatal("%s: data length incorrect: %d", __func__, data.length);
++
++ /* Save the session ID on the first time around */
++ if (session_id2_len == 0) {
++ session_id2_len = data.length;
++ session_id2 = xmalloc(session_id2_len);
++ memcpy(session_id2, data.value, session_id2_len);
++ }
++ major = ssh_gssapi_sign(gsscontext, &data, &hash);
++
++ xfree(data.value);
++
++ buffer_clear(m);
++ buffer_put_int(m, major);
++ buffer_put_string(m, hash.value, hash.length);
++
++ mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
++
++ gss_release_buffer(&minor, &hash);
++
++ /* Turn on getpwnam permissions */
++ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
++
++ return (0);
++}
++
++int
++mm_answer_gss_error(int socket, Buffer *m) {
++ OM_uint32 major,minor;
++ char *msg;
++
++ msg=ssh_gssapi_last_error(gsscontext,&major,&minor);
++ buffer_clear(m);
++ buffer_put_int(m,major);
++ buffer_put_int(m,minor);
++ buffer_put_cstring(m,msg);
++
++ mm_request_send(socket,MONITOR_ANS_GSSERR,m);
++
++ xfree(msg);
++
++ return(0);
++}
++
++int
++mm_answer_gss_indicate_mechs(int socket, Buffer *m) {
++ OM_uint32 major,minor;
++ gss_OID_set mech_set;
++ size_t i;
++
++ major=gss_indicate_mechs(&minor, &mech_set);
++
++ buffer_clear(m);
++ buffer_put_int(m, major);
++ buffer_put_int(m, mech_set->count);
++ for (i=0; i < mech_set->count; i++) {
++ buffer_put_string(m, mech_set->elements[i].elements,
++ mech_set->elements[i].length);
++ }
++
++ gss_release_oid_set(&minor,&mech_set);
++
++ mm_request_send(socket,MONITOR_ANS_GSSMECHS,m);
++
++ return(0);
++}
++
++int
++mm_answer_gss_localname(int socket, Buffer *m) {
++ char *name;
++
++ ssh_gssapi_localname(&name);
++
++ buffer_clear(m);
++ if (name) {
++ buffer_put_cstring(m, name);
++ debug3("%s: sending result %s", __func__, name);
++ xfree(name);
++ } else {
++ buffer_put_cstring(m, "");
++ debug3("%s: sending result \"\"", __func__);
++ }
++
++ mm_request_send(socket, MONITOR_ANS_GSSLOCALNAME, m);
++
++ return(0);
++}
++
+ #endif /* GSSAPI */
+
+ void linux_audit_unsupported_body(int);
+diff -Nur openssh-4.3p2.orig/monitor.h openssh-4.3p2/monitor.h
+--- openssh-4.3p2.orig/monitor.h 2011-08-11 17:32:56.103721435 +0200
++++ openssh-4.3p2/monitor.h 2011-08-11 17:34:10.970785468 +0200
+@@ -60,7 +60,11 @@
+ MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP,
+ MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
+ MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
+- MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
++ MONITOR_REQ_GSSMECHS, MONITOR_ANS_GSSMECHS,
++ MONITOR_REQ_GSSLOCALNAME, MONITOR_ANS_GSSLOCALNAME,
++ MONITOR_REQ_GSSERR, MONITOR_ANS_GSSERR,
++ MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
++ MONITOR_REQ_GSSSIGN, MONITOR_ANS_GSSSIGN,
+ MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
+ MONITOR_REQ_TERM,
+ };
+diff -Nur openssh-4.3p2.orig/monitor_wrap.c openssh-4.3p2/monitor_wrap.c
+--- openssh-4.3p2.orig/monitor_wrap.c 2011-08-11 17:32:56.104721423 +0200
++++ openssh-4.3p2/monitor_wrap.c 2011-08-11 17:34:10.971785455 +0200
+@@ -1232,6 +1232,106 @@
+ debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+ return (authenticated);
+ }
++
++OM_uint32
++mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
++{
++ Buffer m;
++ OM_uint32 major;
++ u_int len;
++
++ buffer_init(&m);
++ buffer_put_string(&m, data->value, data->length);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
++
++ major = buffer_get_int(&m);
++ hash->value = buffer_get_string(&m, &len);
++ hash->length = len;
++
++ buffer_free(&m);
++
++ return(major);
++}
++
++char *
++mm_ssh_gssapi_last_error(Gssctxt *ctx, OM_uint32 *major, OM_uint32 *minor) {
++ Buffer m;
++ OM_uint32 maj,min;
++ char *errstr;
++
++ buffer_init(&m);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSERR, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSERR, &m);
++
++ maj = buffer_get_int(&m);
++ min = buffer_get_int(&m);
++
++ if (major) *major=maj;
++ if (minor) *minor=min;
++
++ errstr=buffer_get_string(&m,NULL);
++
++ buffer_free(&m);
++
++ return(errstr);
++}
++
++OM_uint32
++mm_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
++{
++ Buffer m;
++ OM_uint32 major,minor;
++ int count;
++ gss_OID_desc oid;
++ u_int length;
++
++ buffer_init(&m);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSMECHS, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSMECHS,
++ &m);
++ major=buffer_get_int(&m);
++ count=buffer_get_int(&m);
++
++ gss_create_empty_oid_set(&minor,mech_set);
++ while(count-->0) {
++ oid.elements=buffer_get_string(&m,&length);
++ oid.length=length;
++ gss_add_oid_set_member(&minor,&oid,mech_set);
++ }
++
++ buffer_free(&m);
++
++ return(major);
++}
++
++int
++mm_ssh_gssapi_localname(char **lname)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
++
++ debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
++ &m);
++
++ *lname = buffer_get_string(&m, NULL);
++
++ buffer_free(&m);
++ if (lname[0] == '\0') {
++ debug3("%s: gssapi identity mapping failed", __func__);
++ } else {
++ debug3("%s: gssapi identity mapped to %s", __func__, *lname);
++ }
++
++ return(0);
++}
++
+ #endif /* GSSAPI */
+
+ void
+diff -Nur openssh-4.3p2.orig/monitor_wrap.h openssh-4.3p2/monitor_wrap.h
+--- openssh-4.3p2.orig/monitor_wrap.h 2011-08-11 17:32:56.104721423 +0200
++++ openssh-4.3p2/monitor_wrap.h 2011-08-11 17:34:10.972785442 +0200
+@@ -64,6 +64,11 @@
+ gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
+ int mm_ssh_gssapi_userok(char *user);
+ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
++OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
++int mm_ssh_gssapi_localname(char **user);
++OM_uint32 mm_gss_indicate_mechs(OM_uint32 *minor_status,
++ gss_OID_set *mech_set);
++char *mm_ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
+ #endif
+
+ #ifdef USE_PAM
+diff -Nur openssh-4.3p2.orig/readconf.c openssh-4.3p2/readconf.c
+--- openssh-4.3p2.orig/readconf.c 2011-08-11 17:32:55.918723748 +0200
++++ openssh-4.3p2/readconf.c 2011-08-11 17:34:10.973785429 +0200
+@@ -110,6 +110,8 @@
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++ oGssKeyEx,
++ oGssTrustDns,
+ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
+ oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+@@ -145,10 +147,14 @@
+ { "afstokenpassing", oUnsupported },
+ #if defined(GSSAPI)
+ { "gssapiauthentication", oGssAuthentication },
++ { "gssapikeyexchange", oGssKeyEx },
+ { "gssapidelegatecredentials", oGssDelegateCreds },
++ { "gssapitrustdns", oGssTrustDns },
+ #else
+ { "gssapiauthentication", oUnsupported },
++ { "gssapikeyexchange", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
++ { "gssapitrustdns", oUnsupported },
+ #endif
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
+@@ -424,10 +430,18 @@
+ intptr = &options->gss_authentication;
+ goto parse_flag;
+
++ case oGssKeyEx:
++ intptr = &options->gss_keyex;
++ goto parse_flag;
++
+ case oGssDelegateCreds:
+ intptr = &options->gss_deleg_creds;
+ goto parse_flag;
+
++ case oGssTrustDns:
++ intptr = &options->gss_trust_dns;
++ goto parse_flag;
++
+ case oBatchMode:
+ intptr = &options->batch_mode;
+ goto parse_flag;
+@@ -986,7 +1000,9 @@
+ options->pubkey_authentication = -1;
+ options->challenge_response_authentication = -1;
+ options->gss_authentication = -1;
++ options->gss_keyex = -1;
+ options->gss_deleg_creds = -1;
++ options->gss_trust_dns = -1;
+ options->password_authentication = -1;
+ options->kbd_interactive_authentication = -1;
+ options->kbd_interactive_devices = NULL;
+@@ -1074,9 +1090,13 @@
+ if (options->challenge_response_authentication == -1)
+ options->challenge_response_authentication = 1;
+ if (options->gss_authentication == -1)
+- options->gss_authentication = 0;
++ options->gss_authentication = 1;
++ if (options->gss_keyex == -1)
++ options->gss_keyex = 1;
+ if (options->gss_deleg_creds == -1)
+- options->gss_deleg_creds = 0;
++ options->gss_deleg_creds = 1;
++ if (options->gss_trust_dns == -1)
++ options->gss_trust_dns = 1;
+ if (options->password_authentication == -1)
+ options->password_authentication = 1;
+ if (options->kbd_interactive_authentication == -1)
+diff -Nur openssh-4.3p2.orig/readconf.h openssh-4.3p2/readconf.h
+--- openssh-4.3p2.orig/readconf.h 2011-08-11 17:32:55.855724535 +0200
++++ openssh-4.3p2/readconf.h 2011-08-11 17:34:10.974785416 +0200
+@@ -45,7 +45,9 @@
+ int challenge_response_authentication;
+ /* Try S/Key or TIS, authentication. */
+ int gss_authentication; /* Try GSS authentication */
++ int gss_keyex;
+ int gss_deleg_creds; /* Delegate GSS credentials */
++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
+ int password_authentication; /* Try password
+ * authentication. */
+ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
+@@ -76,6 +78,8 @@
+ char *host_key_alias; /* hostname alias for .ssh/known_hosts */
+ char *proxy_command; /* Proxy command for connecting the host. */
+ char *user; /* User to log in as. */
++ int implicit; /* Login user was not specified.
++ Server may choose based on authctxt. */
+ int escape_char; /* Escape character; -2 = none */
+
+ char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */
+diff -Nur openssh-4.3p2.orig/servconf.c openssh-4.3p2/servconf.c
+--- openssh-4.3p2.orig/servconf.c 2011-08-11 17:32:56.068721871 +0200
++++ openssh-4.3p2/servconf.c 2011-08-11 17:34:10.974785416 +0200
+@@ -72,7 +72,9 @@
+ options->kerberos_ticket_cleanup = -1;
+ options->kerberos_get_afs_token = -1;
+ options->gss_authentication=-1;
++ options->gss_keyex = -1;
+ options->gss_cleanup_creds = -1;
++ options->gsi_allow_limited_proxy = -1;
+ options->password_authentication = -1;
+ options->kbd_interactive_authentication = -1;
+ options->challenge_response_authentication = -1;
+@@ -189,9 +191,13 @@
+ if (options->kerberos_get_afs_token == -1)
+ options->kerberos_get_afs_token = 0;
+ if (options->gss_authentication == -1)
+- options->gss_authentication = 0;
++ options->gss_authentication = 1;
++ if (options->gss_keyex == -1)
++ options->gss_keyex = 1;
+ if (options->gss_cleanup_creds == -1)
+ options->gss_cleanup_creds = 1;
++ if (options->gsi_allow_limited_proxy == -1)
++ options->gsi_allow_limited_proxy = 0;
+ if (options->password_authentication == -1)
+ options->password_authentication = 1;
+ if (options->kbd_interactive_authentication == -1)
+@@ -279,6 +285,8 @@
+ sBanner, sUseDNS, sHostbasedAuthentication,
+ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
++ sGssKeyEx,
++ sGsiAllowLimitedProxy,
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sForceCommand,
+ sUsePrivilegeSeparation,
+@@ -335,10 +343,18 @@
+ { "afstokenpassing", sUnsupported },
+ #ifdef GSSAPI
+ { "gssapiauthentication", sGssAuthentication },
++ { "gssapikeyexchange", sGssKeyEx },
+ { "gssapicleanupcredentials", sGssCleanupCreds },
++#ifdef GSI
++ { "gsiallowlimitedproxy", sGsiAllowLimitedProxy },
++#else
++ { "gsiallowlimitedproxy", sUnsupported },
++#endif
+ #else
+ { "gssapiauthentication", sUnsupported },
++ { "gssapikeyexchange", sUnsupported },
+ { "gssapicleanupcredentials", sUnsupported },
++ { "gsiallowlimitedproxy", sUnsupported },
+ #endif
+ { "passwordauthentication", sPasswordAuthentication },
+ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
+@@ -687,10 +703,18 @@
+ intptr = &options->gss_authentication;
+ goto parse_flag;
+
++ case sGssKeyEx:
++ intptr = &options->gss_keyex;
++ goto parse_flag;
++
+ case sGssCleanupCreds:
+ intptr = &options->gss_cleanup_creds;
+ goto parse_flag;
+
++ case sGsiAllowLimitedProxy:
++ intptr = &options->gsi_allow_limited_proxy;
++ goto parse_flag;
++
+ case sPasswordAuthentication:
+ intptr = &options->password_authentication;
+ goto parse_flag;
+diff -Nur openssh-4.3p2.orig/servconf.h openssh-4.3p2/servconf.h
+--- openssh-4.3p2.orig/servconf.h 2011-08-11 17:32:56.069721859 +0200
++++ openssh-4.3p2/servconf.h 2011-08-11 17:34:10.975785404 +0200
+@@ -91,7 +91,9 @@
+ int kerberos_get_afs_token; /* If true, try to get AFS token if
+ * authenticated with Kerberos. */
+ int gss_authentication; /* If true, permit GSSAPI authentication */
++ int gss_keyex; /* If true, permit GSSAPI key exchange */
+ int gss_cleanup_creds; /* If true, destroy cred cache on logout */
++ int gsi_allow_limited_proxy; /* If true, accept limited proxies */
+ int password_authentication; /* If true, permit password
+ * authentication. */
+ int kbd_interactive_authentication; /* If true, permit */
+diff -Nur openssh-4.3p2.orig/ssh.c openssh-4.3p2/ssh.c
+--- openssh-4.3p2.orig/ssh.c 2011-08-11 17:32:56.085721659 +0200
++++ openssh-4.3p2/ssh.c 2011-08-11 17:34:10.976785392 +0200
+@@ -599,6 +599,29 @@
+ fatal("Can't open user config file %.100s: "
+ "%.100s", config, strerror(errno));
+ } else {
++ /*
++ * Since the config file parsing code aborts if it sees
++ * options it doesn't recognize, allow users to put
++ * options specific to compile-time add-ons in alternate
++ * config files so their primary config file will
++ * interoperate SSH versions that don't support those
++ * options.
++ */
++#ifdef GSSAPI
++ snprintf(buf, sizeof buf, "%.100s/%.100s.gssapi", pw->pw_dir,
++ _PATH_SSH_USER_CONFFILE);
++ (void)read_config_file(buf, host, &options, 1);
++#ifdef GSI
++ snprintf(buf, sizeof buf, "%.100s/%.100s.gsi", pw->pw_dir,
++ _PATH_SSH_USER_CONFFILE);
++ (void)read_config_file(buf, host, &options, 1);
++#endif
++#if defined(KRB5)
++ snprintf(buf, sizeof buf, "%.100s/%.100s.krb", pw->pw_dir,
++ _PATH_SSH_USER_CONFFILE);
++ (void)read_config_file(buf, host, &options, 1);
++#endif
++#endif
+ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+ _PATH_SSH_USER_CONFFILE);
+ (void)read_config_file(buf, host, &options, 1);
+@@ -622,8 +645,12 @@
+ logit("FIPS mode initialized");
+ }
+
+- if (options.user == NULL)
++ if (options.user == NULL) {
+ options.user = xstrdup(pw->pw_name);
++ options.implicit = 1;
++ } else {
++ options.implicit = 0;
++ }
+
+ if (options.hostname != NULL)
+ host = options.hostname;
+diff -Nur openssh-4.3p2.orig/ssh_config.5 openssh-4.3p2/ssh_config.5
+--- openssh-4.3p2.orig/ssh_config.5 2011-08-11 17:32:55.987722884 +0200
++++ openssh-4.3p2/ssh_config.5 2011-08-11 17:34:10.977785380 +0200
+@@ -57,6 +57,12 @@
+ user's configuration file
+ .Pq Pa ~/.ssh/config
+ .It
++GSSAPI configuration file
++.Pq Pa $HOME/.ssh/config.gssapi
++.It
++Kerberos configuration file
++.Pq Pa $HOME/.ssh/config.krb
++.It
+ system-wide configuration file
+ .Pq Pa /etc/ssh/ssh_config
+ .El
+@@ -464,13 +470,29 @@
+ .It Cm GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+ The default is
+-.Dq no .
++.Dq yes .
++Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIKeyExchange
++Specifies whether key exchange based on GSSAPI may be used. When using
++GSSAPI key exchange the server need not have a host key.
++The default is
++.Dq yes .
+ Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPIDelegateCredentials
+ Forward (delegate) credentials to the server.
+ The default is
+-.Dq no .
++.Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPITrustDns
++Set to
++.Dq yes to indicate that the DNS is trusted to securely canonicalize
++the name of the host being connected to. If
++.Dq no, the hostname entered on the
++command line will be passed untouched to the GSSAPI library.
++The default is
++.Dq yes .
++This option only applies to protocol version 2 connections using GSSAPI
++key exchange.
+ .It Cm HashKnownHosts
+ Indicates that
+ .Nm ssh
+@@ -657,7 +679,7 @@
+ over another method (e.g.\&
+ .Cm password )
+ The default for this option is:
+-.Dq hostbased,publickey,keyboard-interactive,password .
++.Dq gssapi-keyex,gssapi-with-mic,hostbased,publickey,keyboard-interactive,password .
+ .It Cm Protocol
+ Specifies the protocol versions
+ .Nm ssh
+diff -Nur openssh-4.3p2.orig/sshconnect2.c openssh-4.3p2/sshconnect2.c
+--- openssh-4.3p2.orig/sshconnect2.c 2011-08-11 17:32:55.895724035 +0200
++++ openssh-4.3p2/sshconnect2.c 2011-08-11 17:34:10.978785368 +0200
+@@ -60,6 +60,7 @@
+ extern char *client_version_string;
+ extern char *server_version_string;
+ extern Options options;
++extern Kex *xxx_kex;
+
+ /*
+ * SSH2 key exchange
+@@ -86,9 +87,36 @@
+ {
+ Kex *kex;
+
++#ifdef GSSAPI
++ char *orig = NULL, *gss = NULL;
++ int len;
++ char *gss_host = NULL;
++#endif
++
+ xxx_host = host;
+ xxx_hostaddr = hostaddr;
+
++#ifdef GSSAPI
++ if (options.gss_keyex) {
++ /* Add the GSSAPI mechanisms currently supported on
++ * this client to the key exchange algorithm proposal */
++ orig = myproposal[PROPOSAL_KEX_ALGS];
++ if (options.gss_trust_dns)
++ gss_host = (char *)get_canonical_hostname(1);
++ else
++ gss_host = host;
++
++ gss = ssh_gssapi_client_mechanisms(gss_host);
++ if (gss) {
++ debug("Offering GSSAPI proposal: %s", gss);
++ len = strlen(orig) + strlen(gss) + 2;
++ myproposal[PROPOSAL_KEX_ALGS] = xmalloc(len);
++ snprintf(myproposal[PROPOSAL_KEX_ALGS], len,
++ "%s,%s", gss, orig);
++ }
++ }
++#endif
++
+ if (options.ciphers == (char *)-1) {
+ logit("No valid ciphers for protocol version 2 given, using defaults.");
+ options.ciphers = NULL;
+@@ -124,6 +152,18 @@
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ options.hostkeyalgorithms;
+
++#ifdef GSSAPI
++ /* If we've got GSSAPI algorithms, then we also support the
++ * 'null' hostkey, as a last resort */
++ if (options.gss_keyex && gss) {
++ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
++ len = strlen(orig) + sizeof(",null");
++ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xmalloc(len);
++ snprintf(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], len,
++ "%s,null", orig);
++ }
++#endif
++
+ if (options.rekey_limit)
+ packet_set_rekey_limit(options.rekey_limit);
+
+@@ -132,10 +172,20 @@
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
++#ifdef GSSAPI
++ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
++ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
++#endif
+ kex->client_version_string=client_version_string;
+ kex->server_version_string=server_version_string;
+ kex->verify_host_key=&verify_host_key_callback;
+
++#ifdef GSSAPI
++ kex->gss_deleg_creds = options.gss_deleg_creds;
++ kex->gss_trust_dns = options.gss_trust_dns;
++ kex->gss_host = gss_host;
++#endif
++
+ xxx_kex = kex;
+
+ dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
+@@ -218,6 +268,7 @@
+ void input_gssapi_hash(int type, u_int32_t, void *);
+ void input_gssapi_error(int, u_int32_t, void *);
+ void input_gssapi_errtok(int, u_int32_t, void *);
++int userauth_gsskeyex(Authctxt *authctxt);
+ #endif
+
+ void userauth(Authctxt *, char *);
+@@ -233,6 +284,10 @@
+
+ Authmethod authmethods[] = {
+ #ifdef GSSAPI
++ {"gssapi-keyex",
++ userauth_gsskeyex,
++ &options.gss_authentication,
++ NULL},
+ {"gssapi-with-mic",
+ userauth_gssapi,
+ &options.gss_authentication,
+@@ -497,11 +552,23 @@
+ int ok = 0;
+ char* remotehost = NULL;
+ const char* canonicalhost = get_canonical_hostname(1);
++ char *gss_host;
++
++ if (!options.gss_authentication) {
++ verbose("GSSAPI authentication disabled.");
++ return 0;
++ }
++
+ if ( strcmp( canonicalhost, "UNKNOWN" ) == 0 )
+ remotehost = authctxt->host;
+ else
+ remotehost = canonicalhost;
+
++ if (options.gss_trust_dns)
++ gss_host = remotehost;
++ else
++ gss_host = authctxt->host;
++
+ /* Try one GSSAPI method at a time, rather than sending them all at
+ * once. */
+
+@@ -513,7 +580,7 @@
+ /* My DER encoding requires length<128 */
+ if (gss_supported->elements[mech].length < 128 &&
+ ssh_gssapi_check_mechanism(&gssctxt,
+- &gss_supported->elements[mech], remotehost)) {
++ &gss_supported->elements[mech], gss_host)) {
+ ok = 1; /* Mechanism works */
+ } else {
+ mech++;
+@@ -717,6 +784,73 @@
+ xfree(msg);
+ xfree(lang);
+ }
++
++#ifdef GSI
++extern
++const gss_OID_desc * const gss_mech_globus_gssapi_openssl;
++#define is_gsi_oid(oid) \
++ (oid->length == gss_mech_globus_gssapi_openssl->length && \
++ (memcmp(oid->elements, gss_mech_globus_gssapi_openssl->elements, \
++ oid->length) == 0))
++#endif
++
++int
++userauth_gsskeyex(Authctxt *authctxt)
++{
++ Buffer b;
++ gss_buffer_desc gssbuf;
++ gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
++ OM_uint32 ms;
++
++ static int attempt = 0;
++ if (attempt++ >= 1)
++ return (0);
++
++ if (gss_kex_context == NULL) {
++ debug("No valid Key exchange context");
++ return (0);
++ }
++
++#ifdef GSI
++ if (options.implicit && is_gsi_oid(gss_kex_context->oid)) {
++ ssh_gssapi_buildmic(&b, "", authctxt->service, "gssapi-keyex");
++ } else {
++#endif
++ ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
++ "gssapi-keyex");
++#ifdef GSI
++ }
++#endif
++
++ gssbuf.value = buffer_ptr(&b);
++ gssbuf.length = buffer_len(&b);
++
++ if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
++ buffer_free(&b);
++ return (0);
++ }
++
++ packet_start(SSH2_MSG_USERAUTH_REQUEST);
++#ifdef GSI
++ if (options.implicit && is_gsi_oid(gss_kex_context->oid)) {
++ packet_put_cstring("");
++ } else {
++#endif
++ packet_put_cstring(authctxt->server_user);
++#ifdef GSI
++ }
++#endif
++ packet_put_cstring(authctxt->service);
++ packet_put_cstring(authctxt->method->name);
++ packet_put_string(mic.value, mic.length);
++ packet_send();
++
++ buffer_free(&b);
++ gss_release_buffer(&ms, &mic);
++
++ return (1);
++}
++
+ #endif /* GSSAPI */
+
+ int
+diff -Nur openssh-4.3p2.orig/sshd.c openssh-4.3p2/sshd.c
+--- openssh-4.3p2.orig/sshd.c 2011-08-11 17:32:56.107721384 +0200
++++ openssh-4.3p2/sshd.c 2011-08-11 17:34:10.978785368 +0200
+@@ -1146,10 +1146,13 @@
+ logit("Disabling protocol version 1. Could not load host key");
+ options.protocol &= ~SSH_PROTO_1;
+ }
++#ifndef GSSAPI
++ /* The GSSAPI key exchange can run without a host key */
+ if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
+ logit("Disabling protocol version 2. Could not load host key");
+ options.protocol &= ~SSH_PROTO_2;
+ }
++#endif
+ if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
+ logit("sshd: no hostkeys available -- exiting.");
+ exit(1);
+@@ -2076,11 +2079,59 @@
+
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
+
++#ifdef GSSAPI
++ {
++ char *orig;
++ char *gss = NULL;
++ char *newstr = NULL;
++ orig = myproposal[PROPOSAL_KEX_ALGS];
++
++ /*
++ * If we don't have a host key, then there's no point advertising
++ * the other key exchange algorithms
++ */
++
++ if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
++ orig = NULL;
++
++ if (options.gss_keyex)
++ gss = ssh_gssapi_server_mechanisms();
++ else
++ gss = NULL;
++
++ if (gss && orig) {
++ int len = strlen(orig) + strlen(gss) + 2;
++ newstr = xmalloc(len);
++ snprintf(newstr, len, "%s,%s", gss, orig);
++ } else if (gss) {
++ newstr = gss;
++ } else if (orig) {
++ newstr = orig;
++ }
++ /*
++ * If we've got GSSAPI mechanisms, then we've got the 'null' host
++ * key alg, but we can't tell people about it unless its the only
++ * host key algorithm we support
++ */
++ if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
++ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
++
++ if (newstr)
++ myproposal[PROPOSAL_KEX_ALGS] = newstr;
++ else
++ fatal("No supported key exchange algorithms");
++ }
++#endif
++
+ /* start key exchange */
+ kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
++#ifdef GSSAPI
++ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++#endif
+ kex->server = 1;
+ kex->client_version_string=client_version_string;
+ kex->server_version_string=server_version_string;
+diff -Nur openssh-4.3p2.orig/sshd_config.5 openssh-4.3p2/sshd_config.5
+--- openssh-4.3p2.orig/sshd_config.5 2011-08-11 17:32:56.073721810 +0200
++++ openssh-4.3p2/sshd_config.5 2011-08-11 17:34:10.979785356 +0200
+@@ -332,7 +332,13 @@
+ .It Cm GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+ The default is
+-.Dq no .
++.Dq yes .
++Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIKeyExchange
++Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
++doesn't rely on ssh keys to verify host identity.
++The default is
++.Dq yes .
+ Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPICleanupCredentials
+ Specifies whether to automatically destroy the user's credentials cache
+@@ -340,6 +346,11 @@
+ The default is
+ .Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSIAllowLimitedProxy
++Specifies whether to accept limited proxy credentials for
++authentication.
++The default is
++.Dq no .
+ .It Cm HostbasedAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication together
+ with successful public key client host authentication is allowed
+diff -Nur openssh-4.3p2.orig/ssh-gss.h openssh-4.3p2/ssh-gss.h
+--- openssh-4.3p2.orig/ssh-gss.h 2011-08-11 17:32:55.777725510 +0200
++++ openssh-4.3p2/ssh-gss.h 2011-08-11 17:34:10.980785343 +0200
+@@ -62,6 +62,16 @@
+
+ #define SSH_GSS_OIDTYPE 0x06
+
++#define SSH2_MSG_KEXGSS_INIT 30
++#define SSH2_MSG_KEXGSS_CONTINUE 31
++#define SSH2_MSG_KEXGSS_COMPLETE 32
++#define SSH2_MSG_KEXGSS_HOSTKEY 33
++#define SSH2_MSG_KEXGSS_ERROR 34
++#define SSH2_MSG_KEXGSS_GROUPREQ 40
++#define SSH2_MSG_KEXGSS_GROUP 41
++#define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-"
++#define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-"
++
+ typedef struct {
+ char *filename;
+ char *envvar;
+@@ -75,6 +85,7 @@
+ gss_cred_id_t creds;
+ struct ssh_gssapi_mech_struct *mech;
+ ssh_gssapi_ccache store;
++ gss_ctx_id_t context;
+ } ssh_gssapi_client;
+
+ typedef struct ssh_gssapi_mech_struct {
+@@ -92,13 +103,14 @@
+ OM_uint32 minor; /* both */
+ gss_ctx_id_t context; /* both */
+ gss_name_t name; /* both */
+- gss_OID oid; /* client */
++ gss_OID oid; /* both */
+ gss_cred_id_t creds; /* server */
+ gss_name_t client; /* server */
+ gss_cred_id_t client_creds; /* server */
+ } Gssctxt;
+
+ extern ssh_gssapi_mech *supported_mechs[];
++extern Gssctxt *gss_kex_context;
+
+ int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
+ void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
+@@ -122,12 +134,22 @@
+ void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
+ int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
+
++int ssh_gssapi_localname(char **name);
++
++typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, void *);
++char *ssh_gssapi_client_mechanisms(const char *host);
++char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, void *);
++gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int *);
++
+ /* In the server */
++int ssh_gssapi_server_check_mech(Gssctxt **, gss_OID, void *);
+ int ssh_gssapi_userok(char *name);
+ OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
+ void ssh_gssapi_do_child(char ***, u_int *);
+ void ssh_gssapi_cleanup_creds(void);
+ void ssh_gssapi_storecreds(void);
++char * ssh_gssapi_server_mechanisms(void);
++int ssh_gssapi_oid_table_ok();
+
+ #endif /* GSSAPI */
+
+diff -Nur openssh-4.3p2.orig/version.h openssh-4.3p2/version.h
+--- openssh-4.3p2.orig/version.h 2006-02-11 01:00:45.000000000 +0100
++++ openssh-4.3p2/version.h 2011-08-11 17:34:10.980785343 +0200
+@@ -1,6 +1,19 @@
+ /* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */
+
++#ifdef GSI
++#define GSI_VERSION " GSI"
++#else
++#define GSI_VERSION ""
++#endif
++
++#ifdef KRB5
++#define KRB5_VERSION " KRB5"
++#else
++#define KRB5_VERSION ""
++#endif
++
+ #define SSH_VERSION "OpenSSH_4.3"
+
+ #define SSH_PORTABLE "p2"
+-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
++#define SSH_RELEASE SSH_VERSION SSH_PORTABLE " NCSA_GSSAPI_20060726" \
++ GSI_VERSION KRB5_VERSION
diff --git a/openssh-4.3p2-gssapi-canohost.patch b/openssh-4.3p2-gssapi-canohost.patch
new file mode 100644
index 0000000..2ad07d5
--- /dev/null
+++ b/openssh-4.3p2-gssapi-canohost.patch
@@ -0,0 +1,25 @@
+diff -up openssh-5.3p1/sshconnect2.c.canohost openssh-5.3p1/sshconnect2.c
+--- openssh-5.3p1/sshconnect2.c.canohost 2009-03-05 14:58:22.000000000 +0100
++++ openssh-5.3p1/sshconnect2.c 2009-11-02 11:55:00.000000000 +0100
+@@ -542,6 +542,12 @@ userauth_gssapi(Authctxt *authctxt)
+ static u_int mech = 0;
+ OM_uint32 min;
+ int ok = 0;
++ char* remotehost = NULL;
++ const char* canonicalhost = get_canonical_hostname(1);
++ if ( strcmp( canonicalhost, "UNKNOWN" ) == 0 )
++ remotehost = authctxt->host;
++ else
++ remotehost = canonicalhost;
+
+ /* Try one GSSAPI method at a time, rather than sending them all at
+ * once. */
+@@ -554,7 +560,7 @@ userauth_gssapi(Authctxt *authctxt)
+ /* My DER encoding requires length<128 */
+ if (gss_supported->elements[mech].length < 128 &&
+ ssh_gssapi_check_mechanism(&gssctxt,
+- &gss_supported->elements[mech], authctxt->host)) {
++ &gss_supported->elements[mech], remotehost)) {
+ ok = 1; /* Mechanism works */
+ } else {
+ mech++;
diff --git a/openssh-4.3p2-gssapi-no-spnego.patch b/openssh-4.3p2-gssapi-no-spnego.patch
new file mode 100644
index 0000000..d690f45
--- /dev/null
+++ b/openssh-4.3p2-gssapi-no-spnego.patch
@@ -0,0 +1,67 @@
+--- openssh-4.3p2/gss-genr.c.no-spnego 2006-09-27 11:40:35.000000000 +0200
++++ openssh-4.3p2/gss-genr.c 2006-09-27 11:47:28.000000000 +0200
+@@ -285,4 +285,34 @@
+ return (ssh_gssapi_acquire_cred(*ctx));
+ }
+
++int
++ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
++{
++ gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
++ OM_uint32 major, minor;
++ gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
++
++ /* RFC 4462 says we MUST NOT do SPNEGO */
++ if (oid->length == spnego_oid.length &&
++ (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0))
++ return 0;
++
++ ssh_gssapi_build_ctx(ctx);
++ ssh_gssapi_set_oid(*ctx, oid);
++ major = ssh_gssapi_import_name(*ctx, host);
++ if (!GSS_ERROR(major)) {
++ major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
++ NULL);
++ gss_release_buffer(&minor, &token);
++ if ((*ctx)->context != GSS_C_NO_CONTEXT)
++ gss_delete_sec_context(&minor, &(*ctx)->context,
++ GSS_C_NO_BUFFER);
++ }
++
++ if (GSS_ERROR(major))
++ ssh_gssapi_delete_ctx(ctx);
++
++ return (!GSS_ERROR(major));
++}
++
+ #endif /* GSSAPI */
+--- openssh-4.3p2/sshconnect2.c.no-spnego 2005-11-05 05:07:33.000000000 +0100
++++ openssh-4.3p2/sshconnect2.c 2006-09-27 11:40:35.000000000 +0200
+@@ -494,15 +494,10 @@
+
+ /* Check to see if the mechanism is usable before we offer it */
+ while (mech < gss_supported->count && !ok) {
+- if (gssctxt)
+- ssh_gssapi_delete_ctx(&gssctxt);
+- ssh_gssapi_build_ctx(&gssctxt);
+- ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]);
+-
+ /* My DER encoding requires length<128 */
+ if (gss_supported->elements[mech].length < 128 &&
+- !GSS_ERROR(ssh_gssapi_import_name(gssctxt,
+- authctxt->host))) {
++ ssh_gssapi_check_mechanism(&gssctxt,
++ &gss_supported->elements[mech], authctxt->host)) {
+ ok = 1; /* Mechanism works */
+ } else {
+ mech++;
+--- openssh-4.3p2/ssh-gss.h.no-spnego 2004-06-22 04:56:02.000000000 +0200
++++ openssh-4.3p2/ssh-gss.h 2006-09-27 11:40:35.000000000 +0200
+@@ -120,6 +120,7 @@
+ OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
+ OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
+ void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
++int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
+
+ /* In the server */
+ int ssh_gssapi_userok(char *name);
diff --git a/openssh-4.3p2-hangexit.patch b/openssh-4.3p2-hangexit.patch
new file mode 100644
index 0000000..67e4938
--- /dev/null
+++ b/openssh-4.3p2-hangexit.patch
@@ -0,0 +1,94 @@
+diff -up openssh-4.3p2/channels.c.hangexit openssh-4.3p2/channels.c
+--- openssh-4.3p2/channels.c.hangexit 2009-04-08 03:53:26.000000000 -0700
++++ openssh-4.3p2/channels.c 2009-04-08 03:53:26.000000000 -0700
+@@ -1413,12 +1413,13 @@
+ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
+ {
+ char buf[CHAN_RBUF];
+- int len;
++ int len, force;
+
+- if (c->rfd != -1 &&
+- FD_ISSET(c->rfd, readset)) {
++ force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED;
++ if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
+ len = read(c->rfd, buf, sizeof(buf));
+- if (len < 0 && (errno == EINTR || errno == EAGAIN))
++ if (len < 0 && (errno == EINTR ||
++ ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
+ return 1;
+ if (len <= 0) {
+ debug2("channel %d: read<=0 rfd %d len %d",
+@@ -1566,11 +1569,12 @@
+ c->local_consumed += len;
+ }
+ } else if (c->extended_usage == CHAN_EXTENDED_READ &&
+- FD_ISSET(c->efd, readset)) {
++ (c->detach_close || FD_ISSET(c->efd, readset))) {
+ len = read(c->efd, buf, sizeof(buf));
+ debug2("channel %d: read %d from efd %d",
+ c->self, len, c->efd);
+- if (len < 0 && (errno == EINTR || errno == EAGAIN))
++ if (len < 0 && (errno == EINTR ||
++ (errno == EAGAIN && !c->detach_close)))
+ return 1;
+ if (len <= 0) {
+ debug2("channel %d: closing read-efd %d",
+diff -up openssh-4.3p2/serverloop.c.hangexit openssh-4.3p2/serverloop.c
+--- openssh-4.3p2/serverloop.c.hangexit 2009-04-08 03:53:26.000000000 -0700
++++ openssh-4.3p2/serverloop.c 2009-04-08 03:53:26.000000000 -0700
+@@ -254,6 +254,7 @@ wait_until_can_do_something(fd_set **rea
+ struct timeval tv, *tvp;
+ int ret;
+ int client_alive_scheduled = 0;
++ int program_alive_scheduled = 0;
+
+ /*
+ * if using client_alive, set the max timeout accordingly,
+@@ -291,6 +292,7 @@ wait_until_can_do_something(fd_set **rea
+ * the client, try to get some more data from the program.
+ */
+ if (packet_not_very_much_data_to_write()) {
++ program_alive_scheduled = child_terminated;
+ if (!fdout_eof)
+ FD_SET(fdout, *readsetp);
+ if (!fderr_eof)
+@@ -336,8 +338,16 @@ wait_until_can_do_something(fd_set **rea
+ memset(*writesetp, 0, *nallocp);
+ if (errno != EINTR)
+ error("select: %.100s", strerror(errno));
+- } else if (ret == 0 && client_alive_scheduled)
+- client_alive_check();
++ } else {
++ if (ret == 0 && client_alive_scheduled)
++ client_alive_check();
++ if (!compat20 && program_alive_scheduled && fdin_is_tty) {
++ if (!fdout_eof)
++ FD_SET(fdout, *readsetp);
++ if (!fderr_eof)
++ FD_SET(fderr, *readsetp);
++ }
++ }
+
+ notify_done(*readsetp);
+ }
+@@ -380,7 +390,8 @@ process_input(fd_set * readset)
+ /* Read and buffer any available stdout data from the program. */
+ if (!fdout_eof && FD_ISSET(fdout, readset)) {
+ len = read(fdout, buf, sizeof(buf));
+- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
++ if (len < 0 && (errno == EINTR ||
++ (errno == EAGAIN && !child_terminated))) {
+ /* do nothing */
+ } else if (len <= 0) {
+ fdout_eof = 1;
+@@ -392,7 +403,8 @@ process_input(fd_set * readset)
+ /* Read and buffer any available stderr data from the program. */
+ if (!fderr_eof && FD_ISSET(fderr, readset)) {
+ len = read(fderr, buf, sizeof(buf));
+- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
++ if (len < 0 && (errno == EINTR ||
++ (errno == EAGAIN && !child_terminated))) {
+ /* do nothing */
+ } else if (len <= 0) {
+ fderr_eof = 1;
diff --git a/openssh-4.3p2-init-status.patch b/openssh-4.3p2-init-status.patch
new file mode 100644
index 0000000..577e000
--- /dev/null
+++ b/openssh-4.3p2-init-status.patch
@@ -0,0 +1,12 @@
+diff -up openssh-4.3p2/contrib/redhat/sshd.init.status openssh-4.3p2/contrib/redhat/sshd.init
+--- openssh-4.3p2/contrib/redhat/sshd.init.status 2008-09-11 12:10:51.000000000 +0200
++++ openssh-4.3p2/contrib/redhat/sshd.init 2008-09-11 12:40:57.000000000 +0200
+@@ -170,7 +170,7 @@ case "$1" in
+ fi
+ ;;
+ status)
+- status $SSHD
++ status -p $PID_FILE openssh-daemon
+ RETVAL=$?
+ ;;
+ *)
diff --git a/openssh-4.3p2-initscript.patch b/openssh-4.3p2-initscript.patch
new file mode 100644
index 0000000..d918fb7
--- /dev/null
+++ b/openssh-4.3p2-initscript.patch
@@ -0,0 +1,29 @@
+--- openssh-4.3p2/contrib/redhat/sshd.init.initscript 2006-11-10 11:07:53.000000000 +0100
++++ openssh-4.3p2/contrib/redhat/sshd.init 2006-11-10 11:08:25.000000000 +0100
+@@ -29,6 +29,8 @@
+ DSA_KEY=/etc/ssh/ssh_host_dsa_key
+ PID_FILE=/var/run/sshd.pid
+
++runlevel=$(set -- $(runlevel); eval "echo \$$#" )
++
+ do_rsa1_keygen() {
+ if [ ! -s $RSA1_KEY ]; then
+ echo -n $"Generating SSH1 RSA host key: "
+@@ -116,11 +118,16 @@
+ {
+ echo -n $"Stopping $prog: "
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
+- killproc $SSHD -TERM
++ killproc $SSHD
+ else
+ failure $"Stopping $prog"
+ fi
+ RETVAL=$?
++ # if we are in halt or reboot runlevel kill all running sessions
++ # so the TCP connections are closed cleanly
++ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
++ killall $prog 2>/dev/null
++ fi
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
+ echo
+ }
diff --git a/openssh-4.3p2-keygen.patch b/openssh-4.3p2-keygen.patch
new file mode 100644
index 0000000..dbee3e0
--- /dev/null
+++ b/openssh-4.3p2-keygen.patch
@@ -0,0 +1,27 @@
+diff -up openssh-4.3p2/contrib/redhat/sshd.init.keygen openssh-4.3p2/contrib/redhat/sshd.init
+--- openssh-4.3p2/contrib/redhat/sshd.init.keygen 2009-11-05 13:57:51.000000000 +0100
++++ openssh-4.3p2/contrib/redhat/sshd.init 2009-11-05 14:02:04.000000000 +0100
+@@ -34,6 +34,7 @@ runlevel=$(set -- $(runlevel); eval "ech
+ do_rsa1_keygen() {
+ if [ ! -s $RSA1_KEY ]; then
+ echo -n $"Generating SSH1 RSA host key: "
++ rm -f $RSA1_KEY
+ if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
+@@ -53,6 +54,7 @@ do_rsa1_keygen() {
+ do_rsa_keygen() {
+ if [ ! -s $RSA_KEY ]; then
+ echo -n $"Generating SSH2 RSA host key: "
++ rm -f $RSA_KEY
+ if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
+@@ -72,6 +74,7 @@ do_rsa_keygen() {
+ do_dsa_keygen() {
+ if [ ! -s $DSA_KEY ]; then
+ echo -n $"Generating SSH2 DSA host key: "
++ rm -f $DSA_KEY
+ if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
diff --git a/openssh-4.3p2-latency.patch b/openssh-4.3p2-latency.patch
new file mode 100644
index 0000000..4a7fc8d
--- /dev/null
+++ b/openssh-4.3p2-latency.patch
@@ -0,0 +1,110 @@
+diff -up openssh-4.3p2/channels.c.latency openssh-4.3p2/channels.c
+--- openssh-4.3p2/channels.c.latency 2008-09-11 12:10:51.000000000 +0200
++++ openssh-4.3p2/channels.c 2008-09-11 13:39:51.000000000 +0200
+@@ -1615,7 +1615,9 @@ channel_check_window(Channel *c)
+ {
+ if (c->type == SSH_CHANNEL_OPEN &&
+ !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
+- c->local_window < c->local_window_max/2 &&
++ ((c->local_window_max - c->local_window >
++ c->local_maxpacket*3) ||
++ c->local_window < c->local_window_max/2) &&
+ c->local_consumed > 0) {
+ packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+ packet_put_int(c->remote_id);
+diff -up openssh-4.3p2/sftp.1.latency openssh-4.3p2/sftp.1
+--- openssh-4.3p2/sftp.1.latency 2006-01-20 01:31:47.000000000 +0100
++++ openssh-4.3p2/sftp.1 2008-09-11 13:43:17.000000000 +0200
+@@ -203,7 +203,7 @@ This option may be useful in debugging t
+ Specify how many requests may be outstanding at any one time.
+ Increasing this may slightly improve file transfer speed
+ but will increase memory usage.
+-The default is 16 outstanding requests.
++The default is 64 outstanding requests.
+ .It Fl S Ar program
+ Name of the
+ .Ar program
+diff -up openssh-4.3p2/channels.h.latency openssh-4.3p2/channels.h
+--- openssh-4.3p2/channels.h.latency 2005-12-31 06:22:32.000000000 +0100
++++ openssh-4.3p2/channels.h 2008-09-11 12:31:50.000000000 +0200
+@@ -124,9 +124,9 @@ struct Channel {
+
+ /* default window/packet sizes for tcp/x11-fwd-channel */
+ #define CHAN_SES_PACKET_DEFAULT (32*1024)
+-#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
++#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
+ #define CHAN_TCP_PACKET_DEFAULT (32*1024)
+-#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
++#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
+ #define CHAN_X11_PACKET_DEFAULT (16*1024)
+ #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
+
+diff -up openssh-4.3p2/sftp-server.c.latency openssh-4.3p2/sftp-server.c
+--- openssh-4.3p2/sftp-server.c.latency 2006-01-02 13:40:51.000000000 +0100
++++ openssh-4.3p2/sftp-server.c 2008-09-11 14:00:28.000000000 +0200
+@@ -1074,7 +1074,15 @@ main(int ac, char **av)
+ memset(rset, 0, set_size);
+ memset(wset, 0, set_size);
+
+- FD_SET(in, rset);
++ /*
++ * Ensure that we can read a full buffer and handle
++ * the worst-case length packet it can generate,
++ * otherwise apply backpressure by stopping reads.
++ */
++ if (buffer_check_alloc(&iqueue, 4*4096) &&
++ buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
++ FD_SET(in, rset);
++
+ olen = buffer_len(&oqueue);
+ if (olen > 0)
+ FD_SET(out, wset);
+@@ -1109,7 +1117,13 @@ main(int ac, char **av)
+ buffer_consume(&oqueue, len);
+ }
+ }
+- /* process requests from client */
+- process();
++
++ /*
++ * Process requests from client if we can fit the results
++ * into the output buffer, otherwise stop processing input
++ * and let the output queue drain.
++ */
++ if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH))
++ process();
+ }
+ }
+diff -up openssh-4.3p2/sftp.c.latency openssh-4.3p2/sftp.c
+--- openssh-4.3p2/sftp.c.latency 2008-09-11 12:10:51.000000000 +0200
++++ openssh-4.3p2/sftp.c 2008-09-11 13:30:16.000000000 +0200
+@@ -44,7 +44,7 @@ int batchmode = 0;
+ size_t copy_buffer_len = 32768;
+
+ /* Number of concurrent outstanding requests */
+-size_t num_requests = 16;
++size_t num_requests = 64;
+
+ /* PID of ssh transport process */
+ static pid_t sshpid = -1;
+diff -up openssh-4.3p2/clientloop.c.latency openssh-4.3p2/clientloop.c
+--- openssh-4.3p2/clientloop.c.latency 2008-09-11 12:10:51.000000000 +0200
++++ openssh-4.3p2/clientloop.c 2008-09-11 12:35:36.000000000 +0200
+@@ -1681,7 +1681,7 @@ client_request_forwarded_tcpip(const cha
+ }
+ c = channel_new("forwarded-tcpip",
+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
++ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ originator_address, 1);
+ xfree(originator_address);
+ xfree(listen_address);
+@@ -1739,7 +1739,7 @@ client_request_agent(const char *request
+ return NULL;
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
++ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ "authentication agent connection", 1);
+ c->force_drain = 1;
+ return c;
diff --git a/openssh-4.3p2-localtime.patch b/openssh-4.3p2-localtime.patch
new file mode 100644
index 0000000..1fdd89f
--- /dev/null
+++ b/openssh-4.3p2-localtime.patch
@@ -0,0 +1,11 @@
+--- openssh-4.3p2/contrib/redhat/sshd.init.localtime 2006-08-23 14:50:05.000000000 +0200
++++ openssh-4.3p2/contrib/redhat/sshd.init 2006-08-23 22:08:13.000000000 +0200
+@@ -102,6 +102,8 @@
+ do_rsa1_keygen
+ do_rsa_keygen
+ do_dsa_keygen
++
++ cp -af /etc/localtime /var/empty/sshd/etc
+
+ echo -n $"Starting $prog: "
+ $SSHD $OPTIONS && success || failure
diff --git a/openssh-4.3p2-mls.patch b/openssh-4.3p2-mls.patch
new file mode 100644
index 0000000..0fa6926
--- /dev/null
+++ b/openssh-4.3p2-mls.patch
@@ -0,0 +1,229 @@
+--- openssh-4.3p2/selinux.c.mls 2007-01-11 14:22:40.000000000 +0100
++++ openssh-4.3p2/selinux.c 2007-01-11 20:25:27.000000000 +0100
+@@ -1,6 +1,7 @@
+ #include "includes.h"
+ #include "auth.h"
+ #include "log.h"
++#include "xmalloc.h"
+
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+@@ -8,23 +9,147 @@
+ #include <selinux/context.h>
+ #include <selinux/get_context_list.h>
+ #include <selinux/get_default_type.h>
++#include <selinux/av_permissions.h>
++
++#ifdef HAVE_LINUX_AUDIT
++#include <libaudit.h>
++#include <sys/select.h>
++#include <errno.h>
++#endif
++
+ extern Authctxt *the_authctxt;
++extern int inetd_flag;
++extern int rexeced_flag;
++
++/* Send audit message */
++static int send_audit_message(int success, security_context_t default_context,
++ security_context_t selected_context)
++{
++ int rc=0;
++#ifdef HAVE_LINUX_AUDIT
++ char *msg = NULL;
++ int audit_fd = audit_open();
++ security_context_t default_raw=NULL;
++ security_context_t selected_raw=NULL;
++ rc = -1;
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return 0; /* No audit support in kernel */
++ error("Error connecting to audit system.");
++ return rc;
++ }
++ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
++ error("Error translating default context.");
++ goto out;
++ }
++ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
++ error("Error translating selected context.");
++ goto out;
++ }
++ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
++ default_context ? default_raw : "?",
++ selected_context ? selected_raw : "?") < 0) {
++ error("Error allocating memory.");
++ goto out;
++ }
++ if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
++ msg, NULL, NULL, NULL, success) <= 0) {
++ error("Error sending audit message.");
++ goto out;
++ }
++ rc = 0;
++ out:
++ free(msg);
++ freecon(default_raw);
++ freecon(selected_raw);
++ close(audit_fd);
++#endif
++ return rc;
++}
++/* from Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c */
++static int mls_range_allowed(security_context_t src, security_context_t dst)
++{
++ struct av_decision avd;
++ int retval;
++ unsigned int bit = CONTEXT__CONTAINS;
++
++ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
++ if (retval || ((bit & avd.allowed) != bit))
++ return 0;
++
++ return 1;
++}
++
++static int get_user_context(const char *user, const char *role, const char *level,
++ security_context_t *context) {
++ if (role != NULL && role[0])
++ return get_default_context_with_rolelevel(user, role, level, NULL, context);
++ else
++ return get_default_context_with_level(user, level, NULL, context);
++}
+
+ static const security_context_t selinux_get_user_context(const char *name) {
+ security_context_t user_context=NULL;
++ security_context_t default_context=NULL;
++ char *seuser=NULL;
+ char *role=NULL;
+ int ret=-1;
+- char *seuser=NULL;
+- char *level=NULL;
+-
+- if (the_authctxt)
+- role=the_authctxt->role;
++ char *dlevel=NULL;
++ const char *rlevel=NULL;
++ context_t con=NULL;
++
++ if (the_authctxt) {
++ if (the_authctxt->role != NULL) {
++ char *slash;
++ role = xstrdup(the_authctxt->role);
++ if ((slash = strchr(role, '/')) != NULL) {
++ *slash = '\0';
++ rlevel = slash + 1;
++ }
++ }
++ }
++
++ ret = getseuserbyname(name, &seuser, &dlevel);
++
++ if (ret >= 0) {
++ ret = get_user_context(seuser, role, dlevel, &default_context);
++ }
++
++ if (ret >= 0) {
++ /* If launched from xinetd, we must use current level */
++ if (inetd_flag && !rexeced_flag) {
++ security_context_t sshd_context=NULL;
++
++ if (getcon(&sshd_context) < 0)
++ fatal("failed to allocate security context");
++
++ con = context_new(sshd_context);
++ rlevel = context_range_get(con);
++ freecon(sshd_context);
+
+- if (getseuserbyname(name, &seuser, &level)==0) {
+- if (role != NULL && role[0])
+- ret=get_default_context_with_rolelevel(seuser, role, level,NULL,&user_context);
+- else
+- ret=get_default_context_with_level(seuser, level, NULL,&user_context);
++ debug("selinux_get_user_context: current connection level '%s'", rlevel);
++ }
++
++ if (rlevel != NULL && rlevel[0]) {
++ ret = get_user_context(seuser, role, rlevel, &user_context);
++
++ if (ret >= 0) {
++ if (mls_range_allowed(default_context, user_context)) {
++ send_audit_message(1, default_context, user_context);
++ logit("permit MLS level %s (user range %s)", rlevel, dlevel);
++ } else {
++ send_audit_message(0, default_context, user_context);
++ if (security_getenforce() > 0)
++ fatal("deny MLS level %s (user range %s)", rlevel, dlevel);
++ else
++ error("deny MLS level %s (user range %s). Continuing in permissive mode", rlevel, dlevel);
++ }
++ }
++ freecon(default_context);
++ } else {
++ user_context = default_context;
++ }
+ }
+
+ if ( ret < 0 ) {
+@@ -32,7 +157,13 @@
+ fatal("Failed to get default security context for %s.", name);
+ else
+ error("Failed to get default security context for %s. Continuing in permissive mode", name);
+- }
++ }
++
++ if (con)
++ context_free(con);
++ free(role);
++ free(seuser);
++ free(dlevel);
+ return user_context;
+ }
+
+@@ -40,11 +171,15 @@
+ if (is_selinux_enabled() > 0) {
+ security_context_t new_tty_context=NULL, user_context=NULL, old_tty_context=NULL;
+
+- user_context=selinux_get_user_context(name);
++ if (getexeccon(&user_context) < 0) {
++ error("getexeccon() failed: %.100s", strerror(errno));
++ return;
++ }
+
+ if (getfilecon(tty, &old_tty_context) < 0) {
+ error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
+ } else {
++ debug("user_context: %s old_tty_context: %s", user_context, old_tty_context);
+ if (security_compute_relabel(user_context,old_tty_context,
+ SECCLASS_CHR_FILE,
+ &new_tty_context) != 0) {
+--- openssh-4.3p2/sshd.c.mls 2007-01-11 14:22:40.000000000 +0100
++++ openssh-4.3p2/sshd.c 2007-01-11 14:22:40.000000000 +0100
+@@ -85,6 +85,7 @@
+ #include "monitor.h"
+ #include "monitor_wrap.h"
+ #include "monitor_fdpass.h"
++#include "selinux.h"
+
+ #ifdef LIBWRAP
+ #include <tcpd.h>
+@@ -1752,6 +1753,7 @@
+ restore_uid();
+ }
+ #endif
++ setup_selinux_exec_context(authctxt->pw->pw_name);
+ #ifdef USE_PAM
+ if (options.use_pam) {
+ do_pam_setcred(1);
+--- openssh-4.3p2/session.c.mls 2007-01-11 14:22:40.000000000 +0100
++++ openssh-4.3p2/session.c 2007-01-11 14:22:40.000000000 +0100
+@@ -1313,8 +1313,6 @@
+ #endif
+ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+-
+- setup_selinux_exec_context(pw->pw_name);
+ }
+
+ static void
diff --git a/openssh-4.3p2-no-dup-logs.patch b/openssh-4.3p2-no-dup-logs.patch
new file mode 100644
index 0000000..607697a
--- /dev/null
+++ b/openssh-4.3p2-no-dup-logs.patch
@@ -0,0 +1,167 @@
+Don't log duplicate auth messages in the system log.
+--- openssh-4.3p2/auth.c.no-dups 2006-08-23 14:50:05.000000000 +0200
++++ openssh-4.3p2/auth.c 2006-08-23 14:51:14.000000000 +0200
+@@ -55,6 +55,7 @@
+
+ /* import */
+ extern ServerOptions options;
++extern int use_privsep;
+ extern Buffer loginmsg;
+
+ /* Debugging messages */
+@@ -231,6 +232,9 @@
+ void (*authlog) (const char *fmt,...) = verbose;
+ char *authmsg;
+
++ if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
++ return;
++
+ /* Raise logging level */
+ if (authenticated == 1 ||
+ !authctxt->valid ||
+@@ -267,42 +271,8 @@
+ }
+ #endif
+ #ifdef SSH_AUDIT_EVENTS
+- if (authenticated == 0 && !authctxt->postponed) {
+- ssh_audit_event_t event;
+-
+- debug3("audit failed auth attempt, method %s euid %d",
+- method, (int)geteuid());
+- /*
+- * Because the auth loop is used in both monitor and slave,
+- * we must be careful to send each event only once and with
+- * enough privs to write the event.
+- */
+- event = audit_classify_auth(method);
+- switch(event) {
+- case SSH_AUTH_FAIL_NONE:
+- case SSH_AUTH_FAIL_PASSWD:
+- case SSH_AUTH_FAIL_KBDINT:
+- if (geteuid() == 0)
+- audit_event(event);
+- break;
+- case SSH_AUTH_FAIL_PUBKEY:
+- case SSH_AUTH_FAIL_HOSTBASED:
+- case SSH_AUTH_FAIL_GSSAPI:
+- /*
+- * This is required to handle the case where privsep
+- * is enabled but it's root logging in, since
+- * use_privsep won't be cleared until after a
+- * successful login.
+- */
+- if (geteuid() == 0)
+- audit_event(event);
+- else
+- PRIVSEP(audit_event(event));
+- break;
+- default:
+- error("unknown authentication audit event %d", event);
+- }
+- }
++ if (authenticated == 0 && !authctxt->postponed)
++ audit_event(audit_classify_auth(method));
+ #endif
+ }
+
+--- openssh-4.3p2/monitor.c.no-dups 2006-08-23 14:50:42.000000000 +0200
++++ openssh-4.3p2/monitor.c 2006-08-23 14:51:14.000000000 +0200
+@@ -172,6 +172,7 @@
+ #define MON_ISAUTH 0x0004 /* Required for Authentication */
+ #define MON_AUTHDECIDE 0x0008 /* Decides Authentication */
+ #define MON_ONCE 0x0010 /* Disable after calling */
++#define MON_ALOG 0x0020 /* Log auth attempt without authenticating */
+
+ #define MON_AUTH (MON_ISAUTH|MON_AUTHDECIDE)
+
+@@ -233,8 +234,8 @@
+ {MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
+ {MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
+ {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
+- {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH, mm_answer_rsa_keyallowed},
+- {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
++ {MONITOR_REQ_RSAKEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_rsa_keyallowed},
++ {MONITOR_REQ_KEYALLOWED, MON_ISAUTH|MON_ALOG, mm_answer_keyallowed},
+ {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
+ {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
+ #ifdef BSD_AUTH
+@@ -328,6 +329,7 @@
+
+ /* The first few requests do not require asynchronous access */
+ while (!authenticated) {
++ auth_method = "unknown";
+ authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+ if (authenticated) {
+ if (!(ent->flags & MON_AUTHDECIDE))
+@@ -350,7 +352,7 @@
+ #endif
+ }
+
+- if (ent->flags & MON_AUTHDECIDE) {
++ if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
+ auth_log(authctxt, authenticated, auth_method,
+ compat20 ? " ssh2" : "");
+ if (!authenticated)
+@@ -360,6 +362,8 @@
+
+ if (!authctxt->valid)
+ fatal("%s: authenticated invalid user", __func__);
++ if (strcmp(auth_method, "unknown") == 0)
++ fatal("%s: authentication method name unknown", __func__);
+
+ debug("%s: %s has been authenticated by privileged process",
+ __func__, authctxt->user);
+@@ -913,6 +917,7 @@
+ xfree(prompts);
+ if (echo_on != NULL)
+ xfree(echo_on);
++ auth_method = "keyboard-interactive/pam";
+ mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
+ return (0);
+ }
+@@ -955,6 +960,7 @@
+ (sshpam_device.free_ctx)(sshpam_ctxt);
+ buffer_clear(m);
+ mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
++ auth_method = "keyboard-interactive/pam";
+ return (sshpam_authok == sshpam_ctxt);
+ }
+ #endif
+@@ -1000,17 +1006,20 @@
+ case MM_USERKEY:
+ allowed = options.pubkey_authentication &&
+ user_key_allowed(authctxt->pw, key);
++ auth_method = "publickey";
+ break;
+ case MM_HOSTKEY:
+ allowed = options.hostbased_authentication &&
+ hostbased_key_allowed(authctxt->pw,
+ cuser, chost, key);
++ auth_method = "hostbased";
+ break;
+ case MM_RSAHOSTKEY:
+ key->type = KEY_RSA1; /* XXX */
+ allowed = options.rhosts_rsa_authentication &&
+ auth_rhosts_rsa_key_allowed(authctxt->pw,
+ cuser, chost, key);
++ auth_method = "rsa";
+ break;
+ default:
+ fatal("%s: unknown key type %d", __func__, type);
+@@ -1031,6 +1040,8 @@
+ hostbased_cuser = cuser;
+ hostbased_chost = chost;
+ } else {
++ /* Log failed attempt */
++ auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");
+ xfree(blob);
+ xfree(cuser);
+ xfree(chost);
+@@ -1398,6 +1409,7 @@
+
+ debug3("%s entering", __func__);
+
++ auth_method = "rsa";
+ if (options.rsa_authentication && authctxt->valid) {
+ if ((client_n = BN_new()) == NULL)
+ fatal("%s: BN_new", __func__);
diff --git a/openssh-4.3p2-no-v6only.patch b/openssh-4.3p2-no-v6only.patch
new file mode 100644
index 0000000..a789812
--- /dev/null
+++ b/openssh-4.3p2-no-v6only.patch
@@ -0,0 +1,11 @@
+--- openssh-4.3p2/channels.c.no-v6only 2006-07-17 15:39:31.000000000 +0200
++++ openssh-4.3p2/channels.c 2006-08-08 12:44:51.000000000 +0200
+@@ -2794,7 +2794,7 @@
+ }
+ }
+ #ifdef IPV6_V6ONLY
+- if (ai->ai_family == AF_INET6) {
++ if (x11_use_localhost && ai->ai_family == AF_INET6) {
+ int on = 1;
+ if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
+ error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
diff --git a/openssh-4.3p2-nss-keys.patch b/openssh-4.3p2-nss-keys.patch
new file mode 100644
index 0000000..ccb7915
--- /dev/null
+++ b/openssh-4.3p2-nss-keys.patch
@@ -0,0 +1,1394 @@
+--- openssh-4.3p2/ssh-rsa.c.nss-keys 2005-06-17 04:59:35.000000000 +0200
++++ openssh-4.3p2/ssh-rsa.c 2007-06-20 20:09:35.000000000 +0200
+@@ -27,6 +27,10 @@
+ #include "compat.h"
+ #include "ssh.h"
+
++#ifdef HAVE_LIBNSS
++#include <cryptohi.h>
++#endif
++
+ static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
+
+ /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
+@@ -45,6 +49,38 @@
+ error("ssh_rsa_sign: no RSA key");
+ return -1;
+ }
++
++ slen = RSA_size(key->rsa);
++ sig = xmalloc(slen);
++
++#ifdef HAVE_LIBNSS
++ if (key->flags & KEY_FLAG_NSS) {
++ SECItem sigitem;
++ SECOidTag alg;
++
++ memset(&sigitem, 0, sizeof(sigitem));
++ alg = (datafellows & SSH_BUG_RSASIGMD5) ?
++ SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION :
++ SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
++
++ if (SEC_SignData(&sigitem, (u_char *)data, datalen, key->nss->privk,
++ alg) != SECSuccess) {
++ error("ssh_rsa_sign: sign failed");
++ return -1;
++ }
++ if (sigitem.len > slen) {
++ error("ssh_rsa_sign: slen %u slen2 %u", slen, sigitem.len);
++ xfree(sig);
++ SECITEM_ZfreeItem(&sigitem, PR_FALSE);
++ return -1;
++ }
++ if (sigitem.len < slen) {
++ memset(sig, 0, slen - sigitem.len);
++ }
++ memcpy(sig+slen-sigitem.len, sigitem.data, sigitem.len);
++ SECITEM_ZfreeItem(&sigitem, PR_FALSE);
++ } else {
++#endif
+ nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
+ if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+ error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+@@ -54,9 +90,6 @@
+ EVP_DigestUpdate(&md, data, datalen);
+ EVP_DigestFinal(&md, digest, &dlen);
+
+- slen = RSA_size(key->rsa);
+- sig = xmalloc(slen);
+-
+ ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
+ memset(digest, 'd', sizeof(digest));
+
+@@ -77,6 +110,9 @@
+ xfree(sig);
+ return -1;
+ }
++#ifdef HAVE_LIBNSS
++ }
++#endif
+ /* encode signature */
+ buffer_init(&b);
+ buffer_put_cstring(&b, "ssh-rsa");
+--- /dev/null 2007-06-20 14:56:05.942081985 +0200
++++ openssh-4.3p2/README.nss 2007-06-20 20:09:35.000000000 +0200
+@@ -0,0 +1,38 @@
++How to use NSS tokens with OpenSSH?
++
++This version of OpenSSH contains experimental support for authentication using
++keys stored in tokens stored in NSS database. This for example includes any
++PKCS#11 tokens which are installed in your NSS database.
++
++As the code is experimental and preliminary only SSH protocol 2 is supported.
++The NSS certificate and token databases are looked for in the ~/.ssh
++directory or in a directory specified by environment variable NSS_DB_PATH.
++
++Common operations:
++
++(1) tell the ssh client to use the NSS keys:
++
++ $ ssh -o 'UseNSS yes' otherhost
++
++ if you want to use a specific token:
++
++ $ ssh -o 'UseNSS yes' -o 'NSS Token My PKCS11 Token' otherhost
++
++(2) or tell the agent to use the NSS keys:
++
++ $ ssh-add -n
++
++ if you want to use a specific token:
++
++ $ ssh-add -n -T 'My PKCS11 Token'
++
++(3) extract the public key from token so it can be added to the
++server:
++
++ $ ssh-keygen -n
++
++ if you want to use a specific token and/or key:
++
++ $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID'
++
++Tomas Mraz, Red Hat, Inc.
+--- openssh-4.3p2/Makefile.in.nss-keys 2007-04-03 11:01:04.000000000 +0200
++++ openssh-4.3p2/Makefile.in 2007-06-20 20:09:35.000000000 +0200
+@@ -42,7 +42,7 @@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+-LIBS=@LIBS@
++LIBS=@LIBS@ @LIBNSS@
+ LIBSELINUX=@LIBSELINUX@
+ LIBAUDIT=@LIBAUDIT@
+ LIBEDIT=@LIBEDIT@
+@@ -73,7 +73,7 @@
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
+ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
+- entropy.o scard-opensc.o gss-genr.o
++ entropy.o scard-opensc.o gss-genr.o nsskeys.o
+
+ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o
+--- openssh-4.3p2/ssh.c.nss-keys 2005-12-31 06:33:37.000000000 +0100
++++ openssh-4.3p2/ssh.c 2007-06-20 20:19:28.000000000 +0200
+@@ -76,6 +76,9 @@
+ #ifdef SMARTCARD
+ #include "scard.h"
+ #endif
++#ifdef HAVE_LIBNSS
++#include "nsskeys.h"
++#endif
+
+ extern char *__progname;
+
+@@ -1179,6 +1182,10 @@
+ char *filename;
+ int i = 0;
+ Key *public;
++#if defined(SMARTCARD) || defined(HAVE_LIBNSS)
++ Key **keys;
++#endif
++
+ #ifdef SMARTCARD
+ Key **keys;
+
+@@ -1202,6 +1209,26 @@
+ xfree(keys);
+ }
+ #endif /* SMARTCARD */
++#ifdef HAVE_LIBNSS
++ if (options.use_nss &&
++ options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
++ (keys = nss_get_keys(options.nss_token, NULL, NULL)) != NULL) {
++ int count;
++ for (count = 0; keys[count] != NULL; count++) {
++ memmove(&options.identity_files[1], &options.identity_files[0],
++ sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
++ memmove(&options.identity_keys[1], &options.identity_keys[0],
++ sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
++ options.num_identity_files++;
++ options.identity_keys[0] = keys[count];
++ options.identity_files[0] = nss_get_key_label(keys[count]);
++ }
++ if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
++ options.num_identity_files = SSH_MAX_IDENTITY_FILES;
++ i += count;
++ xfree(keys);
++ }
++#endif /* HAVE_LIBNSS */
+ for (; i < options.num_identity_files; i++) {
+ filename = tilde_expand_filename(options.identity_files[i],
+ original_real_uid);
+@@ -1212,6 +1239,7 @@
+ options.identity_files[i] = filename;
+ options.identity_keys[i] = public;
+ }
++ debug("loaded %d keys", options.num_identity_files);
+ }
+
+ static void
+--- openssh-4.3p2/ssh-agent.c.nss-keys 2005-11-05 05:15:00.000000000 +0100
++++ openssh-4.3p2/ssh-agent.c 2007-06-20 20:09:35.000000000 +0200
+@@ -56,6 +56,10 @@
+ #include "scard.h"
+ #endif
+
++#ifdef HAVE_LIBNSS
++#include "nsskeys.h"
++#endif
++
+ #if defined(HAVE_SYS_PRCTL_H)
+ #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
+ #endif
+@@ -667,6 +671,114 @@
+ }
+ #endif /* SMARTCARD */
+
++#ifdef HAVE_LIBNSS
++static void
++process_add_nss_key (SocketEntry *e)
++{
++ char *tokenname = NULL, *keyname = NULL, *password = NULL;
++ int i, version, success = 0, death = 0, confirm = 0;
++ Key **keys, *k;
++ Identity *id;
++ Idtab *tab;
++
++ tokenname = buffer_get_string(&e->request, NULL);
++ keyname = buffer_get_string(&e->request, NULL);
++ password = buffer_get_string(&e->request, NULL);
++
++ while (buffer_len(&e->request)) {
++ switch (buffer_get_char(&e->request)) {
++ case SSH_AGENT_CONSTRAIN_LIFETIME:
++ death = time(NULL) + buffer_get_int(&e->request);
++ break;
++ case SSH_AGENT_CONSTRAIN_CONFIRM:
++ confirm = 1;
++ break;
++ default:
++ break;
++ }
++ }
++ if (lifetime && !death)
++ death = time(NULL) + lifetime;
++
++ keys = nss_get_keys(tokenname, keyname, password);
++ /* password is owned by keys[0] now */
++ xfree(tokenname);
++ xfree(keyname);
++
++ if (keys == NULL) {
++ memset(password, 0, strlen(password));
++ xfree(password);
++ error("nss_get_keys failed");
++ goto send;
++ }
++ for (i = 0; keys[i] != NULL; i++) {
++ k = keys[i];
++ version = k->type == KEY_RSA1 ? 1 : 2;
++ tab = idtab_lookup(version);
++ if (lookup_identity(k, version) == NULL) {
++ id = xmalloc(sizeof(Identity));
++ id->key = k;
++ id->comment = nss_get_key_label(k);
++ id->death = death;
++ id->confirm = confirm;
++ TAILQ_INSERT_TAIL(&tab->idlist, id, next);
++ tab->nentries++;
++ success = 1;
++ } else {
++ key_free(k);
++ }
++ keys[i] = NULL;
++ }
++ xfree(keys);
++send:
++ buffer_put_int(&e->output, 1);
++ buffer_put_char(&e->output,
++ success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
++}
++
++static void
++process_remove_nss_key(SocketEntry *e)
++{
++ char *tokenname = NULL, *keyname = NULL, *password = NULL;
++ int i, version, success = 0;
++ Key **keys, *k = NULL;
++ Identity *id;
++ Idtab *tab;
++
++ tokenname = buffer_get_string(&e->request, NULL);
++ keyname = buffer_get_string(&e->request, NULL);
++ password = buffer_get_string(&e->request, NULL);
++
++ keys = nss_get_keys(tokenname, keyname, password);
++ xfree(tokenname);
++ xfree(keyname);
++ xfree(password);
++
++ if (keys == NULL || keys[0] == NULL) {
++ error("nss_get_keys failed");
++ goto send;
++ }
++ for (i = 0; keys[i] != NULL; i++) {
++ k = keys[i];
++ version = k->type == KEY_RSA1 ? 1 : 2;
++ if ((id = lookup_identity(k, version)) != NULL) {
++ tab = idtab_lookup(version);
++ TAILQ_REMOVE(&tab->idlist, id, next);
++ tab->nentries--;
++ free_identity(id);
++ success = 1;
++ }
++ key_free(k);
++ keys[i] = NULL;
++ }
++ xfree(keys);
++send:
++ buffer_put_int(&e->output, 1);
++ buffer_put_char(&e->output,
++ success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
++}
++#endif /* HAVE_LIBNSS */
++
+ /* dispatch incoming messages */
+
+ static void
+@@ -762,6 +874,15 @@
+ process_remove_smartcard_key(e);
+ break;
+ #endif /* SMARTCARD */
++#ifdef HAVE_LIBNSS
++ case SSH_AGENTC_ADD_NSS_KEY:
++ case SSH_AGENTC_ADD_NSS_KEY_CONSTRAINED:
++ process_add_nss_key(e);
++ break;
++ case SSH_AGENTC_REMOVE_NSS_KEY:
++ process_remove_nss_key(e);
++ break;
++#endif /* SMARTCARD */
+ default:
+ /* Unknown message. Respond with failure. */
+ error("Unknown message %d", type);
+--- openssh-4.3p2/readconf.c.nss-keys 2005-12-13 09:33:20.000000000 +0100
++++ openssh-4.3p2/readconf.c 2007-06-20 20:09:35.000000000 +0200
+@@ -106,6 +106,7 @@
+ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
+ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
++ oUseNSS, oNSSToken,
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+@@ -190,6 +191,13 @@
+ #else
+ { "smartcarddevice", oUnsupported },
+ #endif
++#ifdef HAVE_LIBNSS
++ { "usenss", oUseNSS },
++ { "nsstoken", oNSSToken },
++#else
++ { "usenss", oUnsupported },
++ { "nsstoken", oNSSToken },
++#endif
+ { "clearallforwardings", oClearAllForwardings },
+ { "enablesshkeysign", oEnableSSHKeysign },
+ { "verifyhostkeydns", oVerifyHostKeyDNS },
+@@ -562,6 +570,14 @@
+ charptr = &options->smartcard_device;
+ goto parse_string;
+
++ case oUseNSS:
++ intptr = &options->use_nss;
++ goto parse_flag;
++
++ case oNSSToken:
++ charptr = &options->nss_token;
++ goto parse_command;
++
+ case oProxyCommand:
+ charptr = &options->proxy_command;
+ parse_command:
+@@ -1009,6 +1025,8 @@
+ options->preferred_authentications = NULL;
+ options->bind_address = NULL;
+ options->smartcard_device = NULL;
++ options->use_nss = -1;
++ options->nss_token = NULL;
+ options->enable_ssh_keysign = - 1;
+ options->no_host_authentication_for_localhost = - 1;
+ options->identities_only = - 1;
+@@ -1135,6 +1153,8 @@
+ options->no_host_authentication_for_localhost = 0;
+ if (options->identities_only == -1)
+ options->identities_only = 0;
++ if (options->use_nss == -1)
++ options->use_nss = 0;
+ if (options->enable_ssh_keysign == -1)
+ options->enable_ssh_keysign = 0;
+ if (options->rekey_limit == -1)
+--- openssh-4.3p2/configure.ac.nss-keys 2007-04-03 11:01:04.000000000 +0200
++++ openssh-4.3p2/configure.ac 2007-06-20 20:09:35.000000000 +0200
+@@ -2989,6 +2989,21 @@
+ ])
+ AC_SUBST(LIBAUDIT)
+
++# Check whether user wants NSS support
++LIBNSS_MSG="no"
++LIBNSS=""
++AC_ARG_WITH(nss,
++ [ --with-nss Enable NSS support],
++ [ if test "x$withval" != "xno" ; then
++ AC_DEFINE(HAVE_LIBNSS,1,[Define if you want NSS support.])
++ LIBNSS_MSG="yes"
++ CPPFLAGS="$CPPFLAGS -I/usr/include/nss3 -I/usr/include/nspr4"
++ AC_CHECK_HEADERS(pk11pub.h)
++ LIBNSS="-lnss3"
++ fi
++ ])
++AC_SUBST(LIBNSS)
++
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ AC_ARG_WITH(kerberos5,
+@@ -3817,6 +3832,7 @@
+ echo " KerberosV support: $KRB5_MSG"
+ echo " SELinux support: $SELINUX_MSG"
+ echo " Linux audit support: $LINUX_AUDIT_MSG"
++echo " NSS support: $LIBNSS_MSG"
+ echo " Smartcard support: $SCARD_MSG"
+ echo " S/KEY support: $SKEY_MSG"
+ echo " TCP Wrappers support: $TCPW_MSG"
+--- openssh-4.3p2/key.h.nss-keys 2003-11-17 11:18:23.000000000 +0100
++++ openssh-4.3p2/key.h 2007-06-20 20:09:35.000000000 +0200
+@@ -29,11 +29,17 @@
+ #include <openssl/rsa.h>
+ #include <openssl/dsa.h>
+
++#ifdef HAVE_LIBNSS
++#include <nss.h>
++#include <keyhi.h>
++#endif
++
+ typedef struct Key Key;
+ enum types {
+ KEY_RSA1,
+ KEY_RSA,
+ KEY_DSA,
++ KEY_NSS,
+ KEY_UNSPEC
+ };
+ enum fp_type {
+@@ -47,16 +53,30 @@
+
+ /* key is stored in external hardware */
+ #define KEY_FLAG_EXT 0x0001
++#define KEY_FLAG_NSS 0x0002
++
++#ifdef HAVE_LIBNSS
++typedef struct NSSKey NSSKey;
++struct NSSKey {
++ SECKEYPrivateKey *privk;
++ SECKEYPublicKey *pubk;
++};
++#endif
+
+ struct Key {
+ int type;
+ int flags;
+ RSA *rsa;
+ DSA *dsa;
++#ifdef HAVE_LIBNSS
++ NSSKey *nss;
++#endif
+ };
+
+ Key *key_new(int);
+ Key *key_new_private(int);
++Key *key_new_nss(int);
++Key *key_new_nss_copy(int, const Key *);
+ void key_free(Key *);
+ Key *key_demote(const Key *);
+ int key_equal(const Key *, const Key *);
+--- openssh-4.3p2/ssh-add.c.nss-keys 2005-11-22 09:37:09.000000000 +0100
++++ openssh-4.3p2/ssh-add.c 2007-06-20 20:15:26.000000000 +0200
+@@ -39,11 +39,19 @@
+
+ #include <openssl/evp.h>
+
++#ifdef HAVE_LIBNSS
++#include <nss.h>
++#include <secmod.h>
++#include <pk11pub.h>
++#include <keyhi.h>
++#include <cert.h>
++#endif
+ #include "ssh.h"
+ #include "rsa.h"
+ #include "log.h"
+ #include "xmalloc.h"
+ #include "key.h"
++#include "nsskeys.h"
+ #include "authfd.h"
+ #include "authfile.h"
+ #include "pathnames.h"
+@@ -284,6 +292,117 @@
+ return 0;
+ }
+
++#ifdef HAVE_LIBNSS
++static char *
++password_cb(PK11SlotInfo *slot, PRBool retry, void *arg)
++{
++ char **passcache = arg;
++ char *password, *p2 = NULL;
++ char *prompt;
++
++ if (retry)
++ return NULL;
++
++ if (asprintf(&prompt, "Enter passphrase for token %s: ",
++ PK11_GetTokenName(slot)) < 0)
++ fatal("password_cb: asprintf failed");
++
++ password = read_passphrase(prompt, RP_ALLOW_STDIN);
++
++ if (password != NULL && (p2=PL_strdup(password)) == NULL) {
++ memset(password, 0, strlen(password));
++ fatal("password_cb: PL_strdup failed");
++ }
++
++ if (passcache != NULL) {
++ if (*passcache != NULL) {
++ memset(*passcache, 0, strlen(*passcache));
++ xfree(*passcache);
++ }
++ *passcache = password;
++ } else {
++ memset(password, 0, strlen(password));
++ xfree(password);
++ }
++
++ return p2;
++}
++
++static int
++add_slot_keys(AuthenticationConnection *ac, PK11SlotInfo *slot, int add)
++{
++ SECKEYPrivateKeyList *list;
++ SECKEYPrivateKeyListNode *node;
++ char *passcache = NULL;
++ char *tokenname;
++
++ int count = 0;
++
++ if (PK11_NeedLogin(slot))
++ PK11_Authenticate(slot, PR_TRUE, &passcache);
++
++ if ((list=PK11_ListPrivKeysInSlot(slot, NULL, NULL)) == NULL) {
++ return 0;
++ }
++
++ tokenname = PK11_GetTokenName(slot);
++
++ for (node=PRIVKEY_LIST_HEAD(list); !PRIVKEY_LIST_END(node, list);
++ node=PRIVKEY_LIST_NEXT(node)) {
++ char *keyname;
++ SECKEYPublicKey *pub;
++
++ keyname = PK11_GetPrivateKeyNickname(node->key);
++ if (keyname == NULL || *keyname == '\0') {
++ /* no nickname to refer to */
++ CERTCertificate *cert;
++ char *kn;
++ cert = PK11_GetCertFromPrivateKey(node->key);
++ if (cert == NULL)
++ continue;
++ kn = strchr(cert->nickname, ':');
++ if (kn == NULL)
++ kn = cert->nickname;
++ else
++ kn++;
++ keyname = PORT_Strdup(kn);
++ CERT_DestroyCertificate(cert);
++ if (keyname == NULL)
++ continue;
++ }
++ pub = SECKEY_ConvertToPublicKey(node->key);
++ if (pub == NULL) {
++ fprintf(stderr, "No public key for: %s:%s\n",
++ tokenname, keyname);
++ continue; /* not possible to obtain public key */
++ }
++ SECKEY_DestroyPublicKey(pub);
++
++ if (ssh_update_nss_key(ac, add, tokenname, keyname,
++ passcache?passcache:"", lifetime, confirm)) {
++ fprintf(stderr, "Key %s: %s:%s\n",
++ add?"added":"removed", tokenname, keyname);
++ count++;
++ } else {
++ fprintf(stderr, "Could not %s key: %s:%s\n",
++ add?"add":"remove", tokenname, keyname);
++ }
++
++ PORT_Free(keyname);
++ count++;
++ }
++
++ if (passcache != NULL) {
++ memset(passcache, 0, strlen(passcache));
++ xfree(passcache);
++ }
++
++ SECKEY_DestroyPrivateKeyList(list);
++
++ return count;
++}
++#endif
++
+ static void
+ usage(void)
+ {
+@@ -311,6 +430,10 @@
+ AuthenticationConnection *ac = NULL;
+ char *sc_reader_id = NULL;
+ int i, ch, deleting = 0, ret = 0;
++#ifdef HAVE_LIBNSS
++ char *token_id = NULL;
++ int use_nss = 0;
++#endif
+
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+@@ -328,7 +451,7 @@
+ "Could not open a connection to your authentication agent.\n");
+ exit(2);
+ }
+- while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
++ while ((ch = getopt(argc, argv, "lLcdDnxXe:s:t:T:")) != -1) {
+ switch (ch) {
+ case 'l':
+ case 'L':
+@@ -352,7 +475,11 @@
+ if (delete_all(ac) == -1)
+ ret = 1;
+ goto done;
++#ifdef HAVE_LIBNSS
++ case 'n':
++ use_nss = 1;
+ break;
++#endif
+ case 's':
+ sc_reader_id = optarg;
+ break;
+@@ -367,6 +494,11 @@
+ goto done;
+ }
+ break;
++#ifdef HAVE_LIBNSS
++ case 'T':
++ token_id = optarg;
++ break;
++#endif
+ default:
+ usage();
+ ret = 1;
+@@ -380,6 +512,40 @@
+ ret = 1;
+ goto done;
+ }
++#ifdef HAVE_LIBNSS
++ if (use_nss) {
++ PK11SlotList *slots;
++ PK11SlotListElement *sle;
++ int count = 0;
++ if (nss_init(password_cb) == -1) {
++ fprintf(stderr, "Failed to initialize NSS library\n");
++ ret = 1;
++ goto done;
++ }
++
++ if ((slots=PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE,
++ NULL)) == NULL) {
++ fprintf(stderr, "No tokens found\n");
++ ret = 1;
++ goto nss_done;
++ }
++
++ for (sle = slots->head; sle; sle = sle->next) {
++ int rv;
++ if ((rv=add_slot_keys(ac, sle->slot, !deleting)) == -1) {
++ ret = 1;
++ }
++ count += rv;
++ }
++ if (count == 0) {
++ ret = 1;
++ }
++nss_done:
++ NSS_Shutdown();
++ clear_pass();
++ goto done;
++ }
++#endif
+ if (argc == 0) {
+ char buf[MAXPATHLEN];
+ struct passwd *pw;
+--- openssh-4.3p2/readconf.h.nss-keys 2005-12-13 09:29:02.000000000 +0100
++++ openssh-4.3p2/readconf.h 2007-06-20 20:09:35.000000000 +0200
+@@ -85,6 +85,8 @@
+ char *preferred_authentications;
+ char *bind_address; /* local socket address for connection to sshd */
+ char *smartcard_device; /* Smartcard reader device */
++ int use_nss; /* Use NSS library for keys */
++ char *nss_token; /* Look for NSS keys on token */
+ int verify_host_key_dns; /* Verify host key using DNS */
+
+ int num_identity_files; /* Number of files for RSA/DSA identities. */
+--- /dev/null 2007-06-20 14:56:05.942081985 +0200
++++ openssh-4.3p2/nsskeys.h 2007-06-20 20:09:35.000000000 +0200
+@@ -0,0 +1,39 @@
++/*
++ * Copyright (c) 2001 Markus Friedl. All rights reserved.
++ * Copyright (c) 2007 Red Hat, Inc. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef NSSKEYS_H
++#define NSSKEYS_H
++#ifdef HAVE_LIBNSS
++#include <pk11func.h>
++#include <prtypes.h>
++
++int nss_init(PK11PasswordFunc);
++Key **nss_get_keys(const char *, const char *, char *);
++char *nss_get_key_label(Key *);
++/*void sc_close(void);*/
++/*int sc_put_key(Key *, const char *);*/
++
++#endif
++#endif
+--- openssh-4.3p2/authfd.h.nss-keys 2003-11-21 13:48:55.000000000 +0100
++++ openssh-4.3p2/authfd.h 2007-06-20 20:09:35.000000000 +0200
+@@ -51,6 +51,12 @@
+ #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
+ #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
+
++/* nss */
++#define SSH_AGENTC_ADD_NSS_KEY 30
++#define SSH_AGENTC_REMOVE_NSS_KEY 31
++#define SSH_AGENTC_ADD_NSS_KEY_CONSTRAINED 32
++
++
+ #define SSH_AGENT_CONSTRAIN_LIFETIME 1
+ #define SSH_AGENT_CONSTRAIN_CONFIRM 2
+
+@@ -85,6 +91,8 @@
+ int ssh_lock_agent(AuthenticationConnection *, int, const char *);
+ int ssh_update_card(AuthenticationConnection *, int, const char *,
+ const char *, u_int, u_int);
++int ssh_update_nss_key(AuthenticationConnection *, int, const char *,
++ const char *, const char *, u_int, u_int);
+
+ int
+ ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
+--- openssh-4.3p2/authfd.c.nss-keys 2005-06-17 04:59:35.000000000 +0200
++++ openssh-4.3p2/authfd.c 2007-06-20 20:09:35.000000000 +0200
+@@ -617,6 +617,45 @@
+ return decode_reply(type);
+ }
+
++int
++ssh_update_nss_key(AuthenticationConnection *auth, int add,
++ const char *tokenname, const char *keyname,
++ const char *pass, u_int life, u_int confirm)
++{
++ Buffer msg;
++ int type, constrained = (life || confirm);
++
++ if (add) {
++ type = constrained ?
++ SSH_AGENTC_ADD_NSS_KEY_CONSTRAINED :
++ SSH_AGENTC_ADD_NSS_KEY;
++ } else
++ type = SSH_AGENTC_REMOVE_NSS_KEY;
++
++ buffer_init(&msg);
++ buffer_put_char(&msg, type);
++ buffer_put_cstring(&msg, tokenname);
++ buffer_put_cstring(&msg, keyname);
++ buffer_put_cstring(&msg, pass);
++
++ if (constrained) {
++ if (life != 0) {
++ buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
++ buffer_put_int(&msg, life);
++ }
++ if (confirm != 0)
++ buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
++ }
++
++ if (ssh_request_reply(auth, &msg, &msg) == 0) {
++ buffer_free(&msg);
++ return 0;
++ }
++ type = buffer_get_char(&msg);
++ buffer_free(&msg);
++ return decode_reply(type);
++}
++
+ /*
+ * Removes all identities from the agent. This call is not meant to be used
+ * by normal applications.
+--- openssh-4.3p2/ssh-dss.c.nss-keys 2003-11-17 11:18:23.000000000 +0100
++++ openssh-4.3p2/ssh-dss.c 2007-06-20 20:09:35.000000000 +0200
+@@ -35,6 +35,10 @@
+ #include "log.h"
+ #include "key.h"
+
++#ifdef HAVE_LIBNSS
++#include <cryptohi.h>
++#endif
++
+ #define INTBLOB_LEN 20
+ #define SIGBLOB_LEN (2*INTBLOB_LEN)
+
+@@ -53,6 +57,34 @@
+ error("ssh_dss_sign: no DSA key");
+ return -1;
+ }
++#ifdef HAVE_LIBNSS
++ if (key->flags & KEY_FLAG_NSS) {
++ SECItem sigitem;
++ SECItem *rawsig;
++
++ memset(&sigitem, 0, sizeof(sigitem));
++ if (SEC_SignData(&sigitem, (u_char *)data, datalen, key->nss->privk,
++ SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) != SECSuccess) {
++ error("ssh_dss_sign: sign failed");
++ return -1;
++ }
++
++ if ((rawsig=DSAU_DecodeDerSig(&sigitem)) == NULL) {
++ error("ssh_dss_sign: der decode failed");
++ SECITEM_ZfreeItem(&sigitem, PR_FALSE);
++ return -1;
++ }
++ SECITEM_ZfreeItem(&sigitem, PR_FALSE);
++ if (rawsig->len != SIGBLOB_LEN) {
++ error("ssh_dss_sign: unsupported signature length %d",
++ rawsig->len);
++ SECITEM_ZfreeItem(rawsig, PR_TRUE);
++ return -1;
++ }
++ memcpy(sigblob, rawsig->data, SIGBLOB_LEN);
++ SECITEM_ZfreeItem(rawsig, PR_TRUE);
++ } else {
++#endif
+ EVP_DigestInit(&md, evp_md);
+ EVP_DigestUpdate(&md, data, datalen);
+ EVP_DigestFinal(&md, digest, &dlen);
+@@ -76,7 +108,9 @@
+ BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
+ DSA_SIG_free(sig);
+-
++#ifdef HAVE_LIBNSS
++ }
++#endif
+ if (datafellows & SSH_BUG_SIGBLOB) {
+ if (lenp != NULL)
+ *lenp = SIGBLOB_LEN;
+--- openssh-4.3p2/key.c.nss-keys 2005-06-17 04:59:35.000000000 +0200
++++ openssh-4.3p2/key.c 2007-06-20 20:09:35.000000000 +0200
+@@ -88,6 +88,55 @@
+ return k;
+ }
+
++#ifdef HAVE_LIBNSS
++Key *
++key_new_nss(int type)
++{
++ Key *k = key_new(type);
++
++ k->nss = xmalloc(sizeof(*k->nss));
++ memset(k->nss, 0, sizeof(*k->nss));
++ k->flags = KEY_FLAG_EXT | KEY_FLAG_NSS;
++
++ return k;
++}
++
++Key *
++key_new_nss_copy(int type, const Key *c)
++{
++ Key *k = key_new_nss(type);
++
++ switch (k->type) {
++ case KEY_RSA:
++ if ((BN_copy(k->rsa->n, c->rsa->n) == NULL) ||
++ (BN_copy(k->rsa->e, c->rsa->e) == NULL))
++ fatal("key_new_nss_copy: BN_copy failed");
++ break;
++ case KEY_DSA:
++ if ((BN_copy(k->dsa->p, c->rsa->p) == NULL) ||
++ (BN_copy(k->dsa->q, c->dsa->q) == NULL) ||
++ (BN_copy(k->dsa->g, c->dsa->g) == NULL) ||
++ (BN_copy(k->dsa->pub_key, c->dsa->pub_key) == NULL))
++ fatal("key_new_nss_copy: BN_copy failed");
++ break;
++ }
++
++ k->nss->privk = SECKEY_CopyPrivateKey(c->nss->privk);
++ if (k->nss->privk == NULL)
++ fatal("key_new_nss_copy: SECKEY_CopyPrivateKey failed");
++
++ k->nss->pubk = SECKEY_CopyPublicKey(c->nss->pubk);
++ if (k->nss->pubk == NULL)
++ fatal("key_new_nss_copy: SECKEY_CopyPublicKey failed");
++
++ if (c->nss->privk->wincx)
++ k->nss->privk->wincx = xstrdup(c->nss->privk->wincx);
++
++ return k;
++}
++#endif
++
++
+ Key *
+ key_new_private(int type)
+ {
+@@ -141,6 +190,19 @@
+ fatal("key_free: bad key type %d", k->type);
+ break;
+ }
++#ifdef HAVE_LIBNSS
++ if (k->flags & KEY_FLAG_NSS) {
++ if (k->nss->privk->wincx != NULL) {
++ memset(k->nss->privk->wincx, 0,
++ strlen(k->nss->privk->wincx));
++ xfree(k->nss->privk->wincx);
++ k->nss->privk->wincx = NULL;
++ }
++ SECKEY_DestroyPrivateKey(k->nss->privk);
++ SECKEY_DestroyPublicKey(k->nss->pubk);
++ xfree(k->nss);
++ }
++#endif
+ xfree(k);
+ }
+
+--- /dev/null 2007-06-20 14:56:05.942081985 +0200
++++ openssh-4.3p2/nsskeys.c 2007-06-20 20:09:35.000000000 +0200
+@@ -0,0 +1,327 @@
++/*
++ * Copyright (c) 2001 Markus Friedl. All rights reserved.
++ * Copyright (c) 2007 Red Hat, Inc. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "includes.h"
++#ifdef HAVE_LIBNSS
++
++#include <sys/types.h>
++
++#include <stdarg.h>
++#include <string.h>
++#include <unistd.h>
++
++#include <openssl/evp.h>
++
++#include <nss.h>
++#include <keyhi.h>
++#include <pk11pub.h>
++#include <cert.h>
++
++#include "xmalloc.h"
++#include "key.h"
++#include "log.h"
++#include "misc.h"
++#include "nsskeys.h"
++#include "pathnames.h"
++
++static char *
++password_cb(PK11SlotInfo *slot, PRBool retry, void *arg)
++{
++ char *password = arg;
++ if (retry || password == NULL)
++ return NULL;
++
++ return PL_strdup(password);
++}
++
++int
++nss_init(PK11PasswordFunc pwfn)
++{
++ char *dbpath;
++ char buf[MAXPATHLEN];
++
++ if (NSS_IsInitialized())
++ return 0;
++
++ if ((dbpath=getenv("NSS_DB_PATH")) == NULL) {
++ struct passwd *pw;
++ if ((pw = getpwuid(getuid())) == NULL ||
++ pw->pw_dir == NULL) {
++ return -1;
++ }
++ snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
++ _PATH_SSH_USER_DIR);
++ dbpath = buf;
++ }
++
++ if (NSS_Init(dbpath) != SECSuccess)
++ return -1;
++
++ if (pwfn == NULL) {
++ pwfn = password_cb;
++ }
++
++ PK11_SetPasswordFunc(pwfn);
++
++ return 0;
++}
++
++static Key *
++make_key_from_privkey(SECKEYPrivateKey *privk, char *password)
++{
++ Key *k;
++ switch (SECKEY_GetPrivateKeyType(privk)) {
++ case rsaKey:
++ k = key_new_nss(KEY_RSA);
++ break;
++ case dsaKey:
++ k = key_new_nss(KEY_DSA);
++ break;
++ default:
++ return NULL;
++ }
++ k->nss->pubk = SECKEY_ConvertToPublicKey(privk);
++ if (k->nss->pubk != NULL) {
++ k->nss->privk = SECKEY_CopyPrivateKey(privk);
++ }
++ if (k->nss->privk != NULL) {
++ if (password != NULL) {
++ k->nss->privk->wincx = xstrdup(password);
++ }
++ return k;
++ }
++ key_free(k);
++ return NULL;
++}
++
++static Key **
++add_key_to_list(Key *k, Key **keys, size_t *i, size_t *allocated)
++{
++ if (*allocated < *i + 2) {
++ *allocated += 16;
++ keys = xrealloc(keys, *allocated * sizeof(k));
++ }
++ keys[*i] = k;
++ (*i)++;
++ keys[*i] = NULL;
++ return keys;
++}
++
++static int
++nss_convert_pubkey(Key *k)
++{
++ u_char *n;
++ unsigned int len;
++ char *p;
++
++ switch (k->type) {
++ case KEY_RSA:
++ n = k->nss->pubk->u.rsa.modulus.data;
++ len = k->nss->pubk->u.rsa.modulus.len;
++
++ if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
++ fatal("nss_convert_pubkey: BN_bin2bn failed");
++ }
++
++ n = k->nss->pubk->u.rsa.publicExponent.data;
++ len = k->nss->pubk->u.rsa.publicExponent.len;
++
++ if (BN_bin2bn(n, len, k->rsa->e) == NULL) {
++ fatal("nss_convert_pubkey: BN_bin2bn failed");
++ }
++ break;
++ case KEY_DSA:
++ n = k->nss->pubk->u.dsa.params.prime.data;
++ len = k->nss->pubk->u.dsa.params.prime.len;
++
++ if (BN_bin2bn(n, len, k->dsa->p) == NULL) {
++ fatal("nss_convert_pubkey: BN_bin2bn failed");
++ }
++
++ n = k->nss->pubk->u.dsa.params.subPrime.data;
++ len = k->nss->pubk->u.dsa.params.subPrime.len;
++
++ if (BN_bin2bn(n, len, k->dsa->q) == NULL) {
++ fatal("nss_convert_pubkey: BN_bin2bn failed");
++ }
++
++ n = k->nss->pubk->u.dsa.params.base.data;
++ len = k->nss->pubk->u.dsa.params.base.len;
++
++ if (BN_bin2bn(n, len, k->dsa->g) == NULL) {
++ fatal("nss_convert_pubkey: BN_bin2bn failed");
++ }
++
++ n = k->nss->pubk->u.dsa.publicValue.data;
++ len = k->nss->pubk->u.dsa.publicValue.len;
++
++ if (BN_bin2bn(n, len, k->dsa->pub_key) == NULL) {
++ fatal("nss_convert_pubkey: BN_bin2bn failed");
++ }
++ break;
++ }
++
++ p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
++ debug("fingerprint %u %s", key_size(k), p);
++ xfree(p);
++
++ return 0;
++}
++
++static Key **
++nss_find_privkeys(const char *tokenname, const char *keyname,
++ char *password)
++{
++ Key *k = NULL;
++ Key **keys = NULL;
++ PK11SlotList *slots;
++ PK11SlotListElement *sle;
++ size_t allocated = 0;
++ size_t i = 0;
++
++ if ((slots=PK11_FindSlotsByNames(NULL, NULL, tokenname, PR_TRUE)) == NULL) {
++ if (tokenname == NULL) {
++ debug("No NSS token found");
++ } else {
++ debug("NSS token not found: %s", tokenname);
++ }
++ return NULL;
++ }
++
++ for (sle = slots->head; sle; sle = sle->next) {
++ SECKEYPrivateKeyList *list;
++ SECKEYPrivateKeyListNode *node;
++ char *tmppass = password;
++
++ if (PK11_NeedLogin(sle->slot)) {
++ if (password == NULL) {
++ char *prompt;
++ if (asprintf(&prompt, "Enter passphrase for token %s: ",
++ PK11_GetTokenName(sle->slot)) < 0)
++ fatal("password_cb: asprintf failed");
++ tmppass = read_passphrase(prompt, RP_ALLOW_STDIN);
++ }
++ PK11_Authenticate(sle->slot, PR_TRUE, tmppass);
++ }
++
++ debug("Looking for: %s:%s", tokenname, keyname);
++ list = PK11_ListPrivKeysInSlot(sle->slot, (char *)keyname,
++ tmppass);
++ if (list == NULL && keyname != NULL) {
++ char *fooname;
++ /* NSS bug workaround */
++ if (asprintf(&fooname, "%s~", keyname) < 0) {
++ error("nss_find_privkey: asprintf failed");
++ PK11_FreeSlotList(slots);
++ return NULL;
++ }
++ list = PK11_ListPrivKeysInSlot(sle->slot, fooname,
++ tmppass);
++ free(fooname);
++ }
++ if (list == NULL && keyname != NULL) {
++ CERTCertificate *cert;
++ SECKEYPrivateKey *privk;
++ cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
++ (char *)keyname);
++ if (cert == NULL)
++ goto cleanup;
++ privk = PK11_FindPrivateKeyFromCert(sle->slot, cert, tmppass);
++ CERT_DestroyCertificate(cert);
++ if (privk == NULL)
++ goto cleanup;
++ if ((k=make_key_from_privkey(privk, tmppass)) != NULL) {
++ nss_convert_pubkey(k);
++ keys = add_key_to_list(k, keys, &i, &allocated);
++ }
++ SECKEY_DestroyPrivateKey(privk);
++ } else {
++ if (list == NULL)
++ goto cleanup;
++ for (node=PRIVKEY_LIST_HEAD(list); !PRIVKEY_LIST_END(node, list);
++ node=PRIVKEY_LIST_NEXT(node))
++ if ((k=make_key_from_privkey(node->key, tmppass)) != NULL) {
++ nss_convert_pubkey(k);
++ keys = add_key_to_list(k, keys, &i, &allocated);
++ }
++ SECKEY_DestroyPrivateKeyList(list);
++ }
++cleanup:
++ if (password == NULL && tmppass != NULL) {
++ memset(tmppass, 0, strlen(tmppass));
++ xfree(tmppass);
++ }
++ }
++ PK11_FreeSlotList(slots);
++
++ return keys;
++}
++
++Key **
++nss_get_keys(const char *tokenname, const char *keyname,
++ char *password)
++{
++ Key **keys;
++
++ if (nss_init(NULL) == -1) {
++ error("Failed to initialize NSS library");
++ return NULL;
++ }
++
++ keys = nss_find_privkeys(tokenname, keyname, password);
++ if (keys == NULL && keyname != NULL) {
++ error("Cannot find key in nss, token removed");
++ return NULL;
++ }
++#if 0
++ keys = xcalloc(3, sizeof(Key *));
++
++ if (k->type == KEY_RSA) {
++ n = key_new_nss_copy(KEY_RSA1, k);
++
++ keys[0] = n;
++ keys[1] = k;
++ keys[2] = NULL;
++ } else {
++ keys[0] = k;
++ keys[1] = NULL;
++ }
++#endif
++ return keys;
++}
++
++char *
++nss_get_key_label(Key *key)
++{
++ char *label, *nickname;
++
++ nickname = PK11_GetPrivateKeyNickname(key->nss->privk);
++ label = xstrdup(nickname);
++ PORT_Free(nickname);
++
++ return label;
++}
++
++#endif /* HAVE_LIBNSS */
+--- openssh-4.3p2/ssh-keygen.c.nss-keys 2005-11-29 03:10:25.000000000 +0100
++++ openssh-4.3p2/ssh-keygen.c 2007-06-20 20:22:11.000000000 +0200
+@@ -35,6 +35,11 @@
+ #endif
+ #include "dns.h"
+
++#ifdef HAVE_LIBNSS
++#include <nss.h>
++#include "nsskeys.h"
++#endif
++
+ /* Number of bits in the RSA/DSA key. This value can be set on the command line. */
+ #define DEFAULT_BITS 2048
+ #define DEFAULT_BITS_DSA 1024
+@@ -456,6 +461,26 @@
+ }
+ #endif /* SMARTCARD */
+
++#ifdef HAVE_LIBNSS
++static void
++do_nss_download(struct passwd *pw, const char *tokenname, const char *keyname)
++{
++ Key **keys = NULL;
++ int i;
++
++ keys = nss_get_keys(tokenname, keyname, NULL);
++ if (keys == NULL)
++ fatal("cannot find public key in NSS");
++ for (i = 0; keys[i]; i++) {
++ key_write(keys[i], stdout);
++ key_free(keys[i]);
++ fprintf(stdout, "\n");
++ }
++ xfree(keys);
++ exit(0);
++}
++#endif /* HAVE_LIBNSS */
++
+ static void
+ do_fingerprint(struct passwd *pw)
+ {
+@@ -1009,7 +1034,8 @@
+ Key *private, *public;
+ struct passwd *pw;
+ struct stat st;
+- int opt, type, fd, download = 0;
++ int opt, type, fd, download = 1;
++ int use_nss = 0;
+ u_int32_t memory = 0, generator_wanted = 0, trials = 100;
+ int do_gen_candidates = 0, do_screen_candidates = 0;
+ int log_level = SYSLOG_LEVEL_INFO;
+@@ -1043,7 +1069,7 @@
+ }
+
+ while ((opt = getopt(ac, av,
+- "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
++ "degiqpclnBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
+ switch (opt) {
+ case 'b':
+ bits = strtonum(optarg, 768, 32768, &errstr);
+@@ -1083,6 +1109,10 @@
+ case 'g':
+ print_generic = 1;
+ break;
++ case 'n':
++ use_nss = 1;
++ download = 1;
++ break;
+ case 'P':
+ identity_passphrase = optarg;
+ break;
+@@ -1114,9 +1144,10 @@
+ case 't':
+ key_type_name = optarg;
+ break;
+- case 'D':
+- download = 1;
+ case 'U':
++ download = 0;
++ /*FALLTHROUGH*/
++ case 'D':
+ reader_id = optarg;
+ break;
+ case 'v':
+@@ -1200,6 +1231,17 @@
+ if (rr_hostname != NULL) {
+ do_print_resource_record(pw, rr_hostname);
+ }
++
++ if (use_nss) {
++#ifdef HAVE_LIBNSS
++ if (download)
++ do_nss_download(pw, reader_id, identity_file);
++ else
++ fatal("no support for NSS key upload.");
++#else
++ fatal("no support for NSS keys.");
++#endif
++ }
+ if (reader_id != NULL) {
+ #ifdef SMARTCARD
+ if (download)
diff --git a/openssh-4.3p2-pam-session.patch b/openssh-4.3p2-pam-session.patch
new file mode 100644
index 0000000..2772c81
--- /dev/null
+++ b/openssh-4.3p2-pam-session.patch
@@ -0,0 +1,129 @@
+--- openssh-4.3p2/auth-pam.c.pam-session 2006-11-27 17:39:08.000000000 +0100
++++ openssh-4.3p2/auth-pam.c 2006-11-27 19:31:41.000000000 +0100
+@@ -563,15 +563,17 @@
+ void
+ sshpam_cleanup(void)
+ {
+- debug("PAM: cleanup");
+- if (sshpam_handle == NULL)
++ if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
+ return;
++ debug("PAM: cleanup");
+ pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
+ if (sshpam_cred_established) {
++ debug("PAM: deleting credentials");
+ pam_setcred(sshpam_handle, PAM_DELETE_CRED);
+ sshpam_cred_established = 0;
+ }
+ if (sshpam_session_open) {
++ debug("PAM: closing session");
+ pam_close_session(sshpam_handle, PAM_SILENT);
+ sshpam_session_open = 0;
+ }
+--- openssh-4.3p2/sshd.c.pam-session 2006-11-27 17:29:44.000000000 +0100
++++ openssh-4.3p2/sshd.c 2006-11-28 21:21:52.000000000 +0100
+@@ -1745,7 +1745,21 @@
+ audit_event(SSH_AUTH_SUCCESS);
+ #endif
+
+- /*
++#ifdef GSSAPI
++ if (options.gss_authentication) {
++ temporarily_use_uid(authctxt->pw);
++ ssh_gssapi_storecreds();
++ restore_uid();
++ }
++#endif
++#ifdef USE_PAM
++ if (options.use_pam) {
++ do_pam_setcred(1);
++ do_pam_session();
++ }
++#endif
++
++ /*
+ * In privilege separation, we fork another child and prepare
+ * file descriptor passing.
+ */
+--- openssh-4.3p2/monitor.c.pam-session 2006-11-27 17:29:44.000000000 +0100
++++ openssh-4.3p2/monitor.c 2006-11-28 14:01:23.000000000 +0100
+@@ -1539,6 +1539,11 @@
+ /* The child is terminating */
+ session_destroy_all(&mm_session_close);
+
++#ifdef USE_PAM
++ if (options.use_pam)
++ sshpam_cleanup();
++#endif
++
+ while (waitpid(pmonitor->m_pid, &status, 0) == -1)
+ if (errno != EINTR)
+ exit(1);
+--- openssh-4.3p2/session.c.pam-session 2006-11-27 17:29:43.000000000 +0100
++++ openssh-4.3p2/session.c 2006-11-28 21:17:56.000000000 +0100
+@@ -395,11 +395,6 @@
+
+ session_proctitle(s);
+
+-#if defined(USE_PAM)
+- if (options.use_pam && !use_privsep)
+- do_pam_setcred(1);
+-#endif /* USE_PAM */
+-
+ /* Fork the child. */
+ if ((pid = fork()) == 0) {
+ is_child = 1;
+@@ -530,14 +525,6 @@
+ ptyfd = s->ptyfd;
+ ttyfd = s->ttyfd;
+
+-#if defined(USE_PAM)
+- if (options.use_pam) {
+- do_pam_set_tty(s->tty);
+- if (!use_privsep)
+- do_pam_setcred(1);
+- }
+-#endif
+-
+ /* Fork the child. */
+ if ((pid = fork()) == 0) {
+ is_child = 1;
+@@ -1266,16 +1253,8 @@
+ # ifdef __bsdi__
+ setpgid(0, 0);
+ # endif
+-#ifdef GSSAPI
+- if (options.gss_authentication) {
+- temporarily_use_uid(pw);
+- ssh_gssapi_storecreds();
+- restore_uid();
+- }
+-#endif
+ # ifdef USE_PAM
+ if (options.use_pam) {
+- do_pam_session();
+ do_pam_setcred(0);
+ }
+ # endif /* USE_PAM */
+@@ -1303,13 +1282,6 @@
+ exit(1);
+ }
+ endgrent();
+-#ifdef GSSAPI
+- if (options.gss_authentication) {
+- temporarily_use_uid(pw);
+- ssh_gssapi_storecreds();
+- restore_uid();
+- }
+-#endif
+ # ifdef USE_PAM
+ /*
+ * PAM credentials may take the form of supplementary groups.
+@@ -1317,7 +1289,6 @@
+ * Reestablish them here.
+ */
+ if (options.use_pam) {
+- do_pam_session();
+ do_pam_setcred(0);
+ }
+ # endif /* USE_PAM */
diff --git a/openssh-4.3p2-randclean.patch b/openssh-4.3p2-randclean.patch
new file mode 100644
index 0000000..f73de31
--- /dev/null
+++ b/openssh-4.3p2-randclean.patch
@@ -0,0 +1,13 @@
+diff -up openssh-4.3p2/entropy.c.randclean openssh-4.3p2/entropy.c
+--- openssh-4.3p2/entropy.c.randclean 2010-01-22 15:40:13.000000000 +0100
++++ openssh-4.3p2/entropy.c 2010-01-22 15:40:24.000000000 +0100
+@@ -147,6 +147,9 @@ init_rng(void)
+ fatal("OpenSSL version mismatch. Built against %lx, you "
+ "have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
+
++ /* clean the PRNG status when exiting the program */
++ atexit(RAND_cleanup);
++
+ #ifndef OPENSSL_PRNG_ONLY
+ original_uid = getuid();
+ original_euid = geteuid();
diff --git a/openssh-4.3p2-scp-print-err.patch b/openssh-4.3p2-scp-print-err.patch
new file mode 100644
index 0000000..8c520d4
--- /dev/null
+++ b/openssh-4.3p2-scp-print-err.patch
@@ -0,0 +1,27 @@
+--- openssh-4.3p2/scp.c.print-err 2006-02-13 15:06:01.000000000 +0100
++++ openssh-4.3p2/scp.c 2006-02-21 16:47:04.000000000 +0100
+@@ -1097,15 +1097,15 @@
+ va_list ap;
+
+ ++errs;
+- if (fp == NULL && !(fp = fdopen(remout, "w")))
+- return;
+- (void) fprintf(fp, "%c", 0x01);
+- (void) fprintf(fp, "scp: ");
+- va_start(ap, fmt);
+- (void) vfprintf(fp, fmt, ap);
+- va_end(ap);
+- (void) fprintf(fp, "\n");
+- (void) fflush(fp);
++ if (fp != NULL || (fp = fdopen(remout, "w"))) {
++ (void) fprintf(fp, "%c", 0x01);
++ (void) fprintf(fp, "scp: ");
++ va_start(ap, fmt);
++ (void) vfprintf(fp, fmt, ap);
++ va_end(ap);
++ (void) fprintf(fp, "\n");
++ (void) fflush(fp);
++ }
+
+ if (!iamremote) {
+ va_start(ap, fmt);
diff --git a/openssh-4.3p2-selinux-rolechg.patch b/openssh-4.3p2-selinux-rolechg.patch
new file mode 100644
index 0000000..1a2fd90
--- /dev/null
+++ b/openssh-4.3p2-selinux-rolechg.patch
@@ -0,0 +1,256 @@
+--- openssh-4.3p2/selinux.c.rolechg 2007-04-03 11:01:05.000000000 +0200
++++ openssh-4.3p2/selinux.c 2007-04-03 16:09:49.000000000 +0200
+@@ -41,15 +41,15 @@
+ }
+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
+ error("Error translating default context.");
+- goto out;
++ default_raw = NULL;
+ }
+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
+ error("Error translating selected context.");
+- goto out;
++ selected_raw = NULL;
+ }
+ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
+- default_context ? default_raw : "?",
+- selected_context ? selected_raw : "?") < 0) {
++ default_raw ? default_raw : (default_context ? default_context : "?"),
++ selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
+ error("Error allocating memory.");
+ goto out;
+ }
+@@ -74,6 +74,7 @@
+ int retval;
+ unsigned int bit = CONTEXT__CONTAINS;
+
++ debug("mls_range_allowed: src:%s dst:%s", src, dst);
+ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
+ if (retval || ((bit & avd.allowed) != bit))
+ return 0;
+@@ -82,16 +83,81 @@
+ }
+
+ static int get_user_context(const char *user, const char *role, const char *level,
+- security_context_t *context) {
+- if (role != NULL && role[0])
+- return get_default_context_with_rolelevel(user, role, level, NULL, context);
+- else
+- return get_default_context_with_level(user, level, NULL, context);
++ security_context_t *context) {
++ if (level == NULL || level[0] == '\0' ||
++ get_default_context_with_level(user, level, NULL, context) != 0) {
++ /* User may have requested a level completely outside of his
++ allowed range. We get a context just for auditing as the
++ range check below will certainly fail for default context. */
++ if (get_default_context(user, NULL, context) != 0) {
++ *context = NULL;
++ return -1;
++ }
++ }
++ if (role != NULL && role[0]) {
++ context_t con;
++ char *type=NULL;
++ if (get_default_type(role, &type) != 0) {
++ error("get_default_type: failed to get default type for '%s'",
++ role);
++ goto out;
++ }
++ con = context_new(*context);
++ if (!con) {
++ goto out;
++ }
++ context_role_set(con, role);
++ context_type_set(con, type);
++ freecon(*context);
++ *context = strdup(context_str(con));
++ context_free(con);
++ if (!*context)
++ return -1;
++ }
++ if (level != NULL && level[0]) {
++ /* verify that the requested range is obtained */
++ context_t con;
++ security_context_t obtained_raw;
++ security_context_t requested_raw;
++ con = context_new(*context);
++ if (!con) {
++ goto out;
++ }
++ context_range_set(con, level);
++ if (selinux_trans_to_raw_context(*context, &obtained_raw) < 0) {
++ context_free(con);
++ goto out;
++ }
++ if (selinux_trans_to_raw_context(context_str(con), &requested_raw) < 0) {
++ freecon(obtained_raw);
++ context_free(con);
++ goto out;
++ }
++
++ debug("get_user_context: obtained context '%s' requested context '%s'",
++ obtained_raw, requested_raw);
++ if (strcmp(obtained_raw, requested_raw)) {
++ /* set the context to the real requested one but fail */
++ freecon(requested_raw);
++ freecon(obtained_raw);
++ freecon(*context);
++ *context = strdup(context_str(con));
++ context_free(con);
++ return -1;
++ }
++ freecon(requested_raw);
++ freecon(obtained_raw);
++ context_free(con);
++ }
++ return 0;
++ out:
++ freecon(*context);
++ *context = NULL;
++ return -1;
+ }
+
+-static const security_context_t selinux_get_user_context(const char *name) {
+- security_context_t user_context=NULL;
+- security_context_t default_context=NULL;
++static int selinux_get_user_context(const char *name,
++ security_context_t *default_context, security_context_t *user_context) {
+ char *seuser=NULL;
+ char *role=NULL;
+ int ret=-1;
+@@ -99,6 +165,8 @@
+ const char *rlevel=NULL;
+ context_t con=NULL;
+
++ *default_context = NULL;
++ *user_context = NULL;
+ if (the_authctxt) {
+ if (the_authctxt->role != NULL) {
+ char *slash;
+@@ -113,7 +181,7 @@
+ ret = getseuserbyname(name, &seuser, &dlevel);
+
+ if (ret >= 0) {
+- ret = get_user_context(seuser, role, dlevel, &default_context);
++ ret = get_default_context_with_level(seuser, dlevel, NULL, default_context);
+ }
+
+ if (ret >= 0) {
+@@ -121,42 +189,45 @@
+ if (inetd_flag && !rexeced_flag) {
+ security_context_t sshd_context=NULL;
+
+- if (getcon(&sshd_context) < 0)
++ if (getcon_raw(&sshd_context) < 0)
+ fatal("failed to allocate security context");
+
+ con = context_new(sshd_context);
+ rlevel = context_range_get(con);
+ freecon(sshd_context);
+-
++ if (rlevel !=NULL && dlevel != NULL && strcmp(rlevel, dlevel) == 0)
++ /* we actually don't change level */
++ rlevel = NULL;
++
+ debug("selinux_get_user_context: current connection level '%s'", rlevel);
+ }
+
+- if (rlevel != NULL && rlevel[0]) {
+- ret = get_user_context(seuser, role, rlevel, &user_context);
++ if ((rlevel != NULL && rlevel[0]) || (role != NULL && role[0])) {
++ ret = get_user_context(seuser, role, rlevel, user_context);
+
+- if (ret >= 0) {
+- if (mls_range_allowed(default_context, user_context)) {
+- send_audit_message(1, default_context, user_context);
++ if (ret >= 0 && rlevel != NULL && rlevel[0]) {
++ security_context_t default_level_context = *default_context;
++ if (role != NULL && role[0]) {
++ if (get_user_context(seuser, role, dlevel, &default_level_context) < 0)
++ default_level_context = *default_context;
++ }
++ /* verify that the requested range is contained in the user range */
++ if (mls_range_allowed(default_level_context, *user_context)) {
+ logit("permit MLS level %s (user range %s)", rlevel, dlevel);
+ } else {
+- send_audit_message(0, default_context, user_context);
+- if (security_getenforce() > 0)
+- fatal("deny MLS level %s (user range %s)", rlevel, dlevel);
+- else
+- error("deny MLS level %s (user range %s). Continuing in permissive mode", rlevel, dlevel);
++ ret = -1;
++ error("deny MLS level %s (user range %s)", rlevel, dlevel);
+ }
++ if (default_level_context != *default_context)
++ freecon(default_level_context);
+ }
+- freecon(default_context);
+ } else {
+- user_context = default_context;
++ *user_context = *default_context;
+ }
+ }
+
+ if ( ret < 0 ) {
+- if (security_getenforce() > 0)
+- fatal("Failed to get default security context for %s.", name);
+- else
+- error("Failed to get default security context for %s. Continuing in permissive mode", name);
++ error("Failed to get default security context for %s.", name);
+ }
+
+ if (con)
+@@ -164,7 +235,7 @@
+ free(role);
+ free(seuser);
+ free(dlevel);
+- return user_context;
++ return ret;
+ }
+
+ void setup_selinux_pty(const char *name, const char *tty) {
+@@ -201,18 +272,37 @@
+ }
+
+ void setup_selinux_exec_context(char *name) {
+-
+ if (is_selinux_enabled() > 0) {
+- security_context_t user_context=selinux_get_user_context(name);
+- if (setexeccon(user_context)) {
+- if (security_getenforce() > 0)
+- fatal("Failed to set exec security context %s for %s.", user_context, name);
++ int ret = 0;
++ security_context_t default_context = NULL;
++ security_context_t user_context = NULL;
++ ret = selinux_get_user_context(name, &default_context, &user_context);
++ if (ret >= 0) {
++ ret = setexeccon(user_context);
++ if (ret < 0) {
++ error("Failed to set exec security context %s for %s.", user_context, name);
++ }
++ }
++ if (user_context == NULL) {
++ user_context = default_context;
++ }
++ if (ret < 0 || user_context != default_context) {
++ /* audit just the case when user changed a role or there was
++ a failure */
++ send_audit_message(ret >= 0, default_context, user_context);
++ }
++ if (ret < 0) {
++ if (security_getenforce() > 0)
++ fatal("SELinux failure. Aborting connection.");
+ else
+- error("Failed to set exec security context %s for %s. Continuing in permissive mode", user_context, name);
++ error("SELinux failure. Continuing in permissive mode.");
+ }
+- if (user_context) {
++ if (user_context && user_context != default_context) {
+ freecon(user_context);
+ }
++ if (default_context) {
++ freecon(default_context);
++ }
+ }
+ }
+
diff --git a/openssh-4.3p2-selinux.patch b/openssh-4.3p2-selinux.patch
new file mode 100644
index 0000000..a889395
--- /dev/null
+++ b/openssh-4.3p2-selinux.patch
@@ -0,0 +1,411 @@
+--- /dev/null 2005-10-16 17:38:47.999906500 -0400
++++ openssh-4.2p1/selinux.c 2005-10-18 15:52:16.000000000 -0400
+@@ -0,0 +1,84 @@
++#include "includes.h"
++#include "auth.h"
++#include "log.h"
++
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/flask.h>
++#include <selinux/context.h>
++#include <selinux/get_context_list.h>
++#include <selinux/get_default_type.h>
++extern Authctxt *the_authctxt;
++
++static const security_context_t selinux_get_user_context(const char *name) {
++ security_context_t user_context=NULL;
++ char *role=NULL;
++ int ret=-1;
++ char *seuser=NULL;
++ char *level=NULL;
++
++ if (the_authctxt)
++ role=the_authctxt->role;
++
++ if (getseuserbyname(name, &seuser, &level)==0) {
++ if (role != NULL && role[0])
++ ret=get_default_context_with_rolelevel(seuser, role, level,NULL,&user_context);
++ else
++ ret=get_default_context_with_level(seuser, level, NULL,&user_context);
++ }
++
++ if ( ret < 0 ) {
++ if (security_getenforce() > 0)
++ fatal("Failed to get default security context for %s.", name);
++ else
++ error("Failed to get default security context for %s. Continuing in permissive mode", name);
++ }
++ return user_context;
++}
++
++void setup_selinux_pty(const char *name, const char *tty) {
++ if (is_selinux_enabled() > 0) {
++ security_context_t new_tty_context=NULL, user_context=NULL, old_tty_context=NULL;
++
++ user_context=selinux_get_user_context(name);
++
++ if (getfilecon(tty, &old_tty_context) < 0) {
++ error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
++ } else {
++ if (security_compute_relabel(user_context,old_tty_context,
++ SECCLASS_CHR_FILE,
++ &new_tty_context) != 0) {
++ error("security_compute_relabel(%.100s) failed: %.100s", tty,
++ strerror(errno));
++ } else {
++ if (setfilecon (tty, new_tty_context) != 0)
++ error("setfilecon(%.100s, %s) failed: %.100s",
++ tty, new_tty_context,
++ strerror(errno));
++ freecon(new_tty_context);
++ }
++ freecon(old_tty_context);
++ }
++ if (user_context) {
++ freecon(user_context);
++ }
++ }
++}
++
++void setup_selinux_exec_context(char *name) {
++
++ if (is_selinux_enabled() > 0) {
++ security_context_t user_context=selinux_get_user_context(name);
++ if (setexeccon(user_context)) {
++ if (security_getenforce() > 0)
++ fatal("Failed to set exec security context %s for %s.", user_context, name);
++ else
++ error("Failed to set exec security context %s for %s. Continuing in permissive mode", user_context, name);
++ }
++ if (user_context) {
++ freecon(user_context);
++ }
++ }
++}
++
++#endif /* WITH_SELINUX */
+--- openssh-4.2p1/monitor.h.selinux 2005-02-02 08:20:53.000000000 -0500
++++ openssh-4.2p1/monitor.h 2005-10-18 15:50:12.000000000 -0400
+@@ -30,7 +30,7 @@
+
+ enum monitor_reqtype {
+ MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
+- MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
++ MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,MONITOR_REQ_AUTHROLE,
+ MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
+ MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
+ MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
+--- openssh-4.2p1/contrib/redhat/sshd.init.selinux 2005-10-18 15:50:12.000000000 -0400
++++ openssh-4.2p1/contrib/redhat/sshd.init 2005-10-18 15:50:12.000000000 -0400
+@@ -35,6 +35,9 @@
+ if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
++ if [ -x /sbin/restorecon ]; then
++ /sbin/restorecon $RSA1_KEY.pub
++ fi
+ success $"RSA1 key generation"
+ echo
+ else
+@@ -51,6 +54,9 @@
+ if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
++ if [ -x /sbin/restorecon ]; then
++ /sbin/restorecon $RSA_KEY.pub
++ fi
+ success $"RSA key generation"
+ echo
+ else
+@@ -67,6 +73,9 @@
+ if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
++ if [ -x /sbin/restorecon ]; then
++ /sbin/restorecon $DSA_KEY.pub
++ fi
+ success $"DSA key generation"
+ echo
+ else
+--- openssh-4.2p1/monitor.c.selinux 2005-07-17 03:53:31.000000000 -0400
++++ openssh-4.2p1/monitor.c 2005-10-18 15:50:12.000000000 -0400
+@@ -111,6 +111,7 @@
+ int mm_answer_pwnamallow(int, Buffer *);
+ int mm_answer_auth2_read_banner(int, Buffer *);
+ int mm_answer_authserv(int, Buffer *);
++int mm_answer_authrole(int, Buffer *);
+ int mm_answer_authpassword(int, Buffer *);
+ int mm_answer_bsdauthquery(int, Buffer *);
+ int mm_answer_bsdauthrespond(int, Buffer *);
+@@ -181,6 +182,7 @@
+ {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
+ {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
+ {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
++ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
+ {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
+ {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
+ #ifdef USE_PAM
+@@ -623,6 +625,7 @@
+ else {
+ /* Allow service/style information on the auth context */
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
+ }
+
+@@ -671,6 +674,23 @@
+ }
+
+ int
++mm_answer_authrole(int sock, Buffer *m)
++{
++ monitor_permit_authentications(1);
++
++ authctxt->role = buffer_get_string(m, NULL);
++ debug3("%s: role=%s",
++ __func__, authctxt->role);
++
++ if (strlen(authctxt->role) == 0) {
++ xfree(authctxt->role);
++ authctxt->role = NULL;
++ }
++
++ return (0);
++}
++
++int
+ mm_answer_authpassword(int sock, Buffer *m)
+ {
+ static int call_count;
+--- openssh-4.2p1/monitor_wrap.c.selinux 2005-07-17 03:53:31.000000000 -0400
++++ openssh-4.2p1/monitor_wrap.c 2005-10-18 15:50:12.000000000 -0400
+@@ -272,6 +272,23 @@
+ buffer_free(&m);
+ }
+
++/* Inform the privileged process about role */
++
++void
++mm_inform_authrole(char *role)
++{
++ Buffer m;
++
++ debug3("%s entering", __func__);
++
++ buffer_init(&m);
++ buffer_put_cstring(&m, role ? role : "");
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
++
++ buffer_free(&m);
++}
++
+ /* Do the password authentication */
+ int
+ mm_auth_password(Authctxt *authctxt, char *password)
+--- openssh-4.2p1/Makefile.in.selinux 2005-05-29 03:22:29.000000000 -0400
++++ openssh-4.2p1/Makefile.in 2005-10-18 15:50:12.000000000 -0400
+@@ -43,6 +43,7 @@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
++LIBSELINUX=@LIBSELINUX@
+ LIBEDIT=@LIBEDIT@
+ LIBPAM=@LIBPAM@
+ LIBWRAP=@LIBWRAP@
+@@ -77,7 +78,7 @@
+ sshconnect.o sshconnect1.o sshconnect2.o
+
+ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+- sshpty.o sshlogin.o servconf.o serverloop.o \
++ sshpty.o sshlogin.o servconf.o serverloop.o selinux.o \
+ auth.o auth1.o auth2.o auth-options.o session.o \
+ auth-chall.o auth2-chall.o groupaccess.o \
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+@@ -136,7 +137,7 @@
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS)
+
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+--- openssh-4.2p1/auth2.c.selinux 2005-07-17 03:26:44.000000000 -0400
++++ openssh-4.2p1/auth2.c 2005-10-18 15:50:12.000000000 -0400
+@@ -134,7 +134,7 @@
+ {
+ Authctxt *authctxt = ctxt;
+ Authmethod *m = NULL;
+- char *user, *service, *method, *style = NULL;
++ char *user, *service, *method, *style = NULL, *role = NULL;
+ int authenticated = 0;
+
+ if (authctxt == NULL)
+@@ -146,6 +146,9 @@
+ debug("userauth-request for user %s service %s method %s", user, service, method);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+
++ if ((role = strchr(user, '/')) != NULL)
++ *role++ = 0;
++
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = 0;
+
+@@ -175,8 +178,11 @@
+ use_privsep ? " [net]" : "");
+ authctxt->service = xstrdup(service);
+ authctxt->style = style ? xstrdup(style) : NULL;
+- if (use_privsep)
++ authctxt->role = role ? xstrdup(role) : NULL;
++ if (use_privsep) {
+ mm_inform_authserv(service, style);
++ mm_inform_authrole(role);
++ }
+ } else if (strcmp(user, authctxt->user) != 0 ||
+ strcmp(service, authctxt->service) != 0) {
+ packet_disconnect("Change of username or service not allowed: "
+--- openssh-4.2p1/auth1.c.selinux 2005-10-18 15:50:12.000000000 -0400
++++ openssh-4.2p1/auth1.c 2005-10-18 15:50:12.000000000 -0400
+@@ -370,7 +370,7 @@
+ do_authentication(Authctxt *authctxt)
+ {
+ u_int ulen;
+- char *user, *style = NULL;
++ char *user, *style = NULL, *role=NULL;
+
+ /* Get the name of the user that we wish to log in as. */
+ packet_read_expect(SSH_CMSG_USER);
+@@ -379,11 +379,19 @@
+ user = packet_get_string(&ulen);
+ packet_check_eom();
+
++ if ((role = strchr(user, '/')) != NULL)
++ *role++ = '\0';
++
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = '\0';
++ else
++ if (role && (style = strchr(role, ':')) != NULL)
++ *style++ = '\0';
++
+
+ authctxt->user = user;
+ authctxt->style = style;
++ authctxt->role = role;
+
+ /* Verify that the user is a valid user. */
+ if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
+--- openssh-4.2p1/sshpty.c.selinux 2005-05-27 07:13:41.000000000 -0400
++++ openssh-4.2p1/sshpty.c 2005-10-18 15:50:12.000000000 -0400
+@@ -22,6 +22,8 @@
+ #include "log.h"
+ #include "misc.h"
+
++#include "selinux.h"
++
+ #ifdef HAVE_PTY_H
+ # include <pty.h>
+ #endif
+@@ -200,6 +202,8 @@
+ fatal("stat(%.100s) failed: %.100s", tty,
+ strerror(errno));
+
++ setup_selinux_pty(pw->pw_name, tty);
++
+ if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+ if (chown(tty, pw->pw_uid, gid) < 0) {
+ if (errno == EROFS &&
+--- openssh-4.2p1/configure.ac.selinux 2005-10-18 15:50:12.000000000 -0400
++++ openssh-4.2p1/configure.ac 2005-10-18 15:50:12.000000000 -0400
+@@ -2667,6 +2667,28 @@
+ [#include <arpa/nameser.h>])
+ ])
+
++# Check whether user wants SELinux support
++SELINUX_MSG="no"
++LIBSELINUX=""
++AC_ARG_WITH(selinux,
++ [ --with-selinux[[=LIBSELINUX-PATH]] Enable SELinux support],
++ [ if test "x$withval" != "xno" ; then
++ if test "x$withval" != "xyes"; then
++ CPPFLAGS="$CPPFLAGS -I${withval}/include"
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++ fi
++ fi
++ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
++ SELINUX_MSG="yes"
++ AC_CHECK_HEADERS(selinux.h)
++ LIBSELINUX="-lselinux"
++ fi
++ ])
++AC_SUBST(LIBSELINUX)
++
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ AC_ARG_WITH(kerberos5,
+@@ -3459,6 +3481,7 @@
+ echo " Manpage format: $MANTYPE"
+ echo " PAM support: $PAM_MSG"
+ echo " KerberosV support: $KRB5_MSG"
++echo " SELinux support: $SELINUX_MSG"
+ echo " Smartcard support: $SCARD_MSG"
+ echo " S/KEY support: $SKEY_MSG"
+ echo " TCP Wrappers support: $TCPW_MSG"
+--- openssh-4.2p1/session.c.selinux 2005-08-31 12:59:49.000000000 -0400
++++ openssh-4.2p1/session.c 2005-10-18 15:50:12.000000000 -0400
+@@ -59,6 +59,8 @@
+ #include "kex.h"
+ #include "monitor_wrap.h"
+
++#include "selinux.h"
++
+ #if defined(KRB5) && defined(USE_AFS)
+ #include <kafs.h>
+ #endif
+@@ -1349,6 +1351,8 @@
+ #endif
+ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
++
++ setup_selinux_exec_context(pw->pw_name);
+ }
+
+ static void
+--- openssh-4.2p1/auth.h.selinux 2005-07-06 21:50:20.000000000 -0400
++++ openssh-4.2p1/auth.h 2005-10-18 15:50:12.000000000 -0400
+@@ -58,6 +58,7 @@
+ char *service;
+ struct passwd *pw; /* set if 'valid' */
+ char *style;
++ char *role;
+ void *kbdintctxt;
+ #ifdef BSD_AUTH
+ auth_session_t *as;
+--- openssh-4.2p1/monitor_wrap.h.selinux 2005-02-08 05:52:48.000000000 -0500
++++ openssh-4.2p1/monitor_wrap.h 2005-10-18 15:50:12.000000000 -0400
+@@ -44,6 +44,7 @@
+ DH *mm_choose_dh(int, int, int);
+ int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
+ void mm_inform_authserv(char *, char *);
++void mm_inform_authrole(char *);
+ struct passwd *mm_getpwnamallow(const char *);
+ char *mm_auth2_read_banner(void);
+ int mm_auth_password(struct Authctxt *, char *);
+--- /dev/null 2005-10-16 17:38:47.999906500 -0400
++++ openssh-4.2p1/selinux.h 2005-10-18 15:50:12.000000000 -0400
+@@ -0,0 +1,10 @@
++#ifndef __SELINUX_H_
++#define __SELINUX_H_
++#ifdef WITH_SELINUX
++extern void setup_selinux_pty(const char *name, const char *tty);
++extern void setup_selinux_exec_context(const char *name);
++#else
++static inline void setup_selinux_pty(const char *name, const char *tty) {}
++static inline void setup_selinux_exec_context(const char *name) {}
++#endif /* WITH_SELINUX */
++#endif /* __SELINUX_H_ */
diff --git a/openssh-4.3p2-sftp-drain-acks.patch b/openssh-4.3p2-sftp-drain-acks.patch
new file mode 100644
index 0000000..5c9c204
--- /dev/null
+++ b/openssh-4.3p2-sftp-drain-acks.patch
@@ -0,0 +1,68 @@
+diff -up openssh-4.3p2/sftp-client.c.drain-acks openssh-4.3p2/sftp-client.c
+--- openssh-4.3p2/sftp-client.c.drain-acks 2006-01-02 13:40:51.000000000 +0100
++++ openssh-4.3p2/sftp-client.c 2008-01-15 11:18:29.000000000 +0100
+@@ -974,7 +974,8 @@ int
+ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
+ int pflag)
+ {
+- int local_fd, status;
++ int local_fd;
++ int status = SSH2_FX_OK;
+ u_int handle_len, id, type;
+ u_int64_t offset;
+ char *handle, *data;
+@@ -1056,7 +1057,7 @@ do_upload(struct sftp_conn *conn, char *
+ * Simulate an EOF on interrupt, allowing ACKs from the
+ * server to drain.
+ */
+- if (interrupted)
++ if (interrupted || status != SSH2_FX_OK)
+ len = 0;
+ else do
+ len = read(local_fd, data, conn->transfer_buflen);
+@@ -1113,15 +1114,6 @@ do_upload(struct sftp_conn *conn, char *
+ fatal("Can't find request for ID %u", r_id);
+ TAILQ_REMOVE(&acks, ack, tq);
+
+- if (status != SSH2_FX_OK) {
+- error("Couldn't write to remote file \"%s\": %s",
+- remote_path, fx2txt(status));
+- do_close(conn, handle, handle_len);
+- close(local_fd);
+- xfree(data);
+- xfree(ack);
+- goto done;
+- }
+ debug3("In write loop, ack for %u %u bytes at %llu",
+ ack->id, ack->len, (unsigned long long)ack->offset);
+ ++ackid;
+@@ -1133,21 +1125,25 @@ do_upload(struct sftp_conn *conn, char *
+ stop_progress_meter();
+ xfree(data);
+
++ if (status != SSH2_FX_OK) {
++ error("Couldn't write to remote file \"%s\": %s",
++ remote_path, fx2txt(status));
++ status = -1;
++ }
++
+ if (close(local_fd) == -1) {
+ error("Couldn't close local file \"%s\": %s", local_path,
+ strerror(errno));
+- do_close(conn, handle, handle_len);
+ status = -1;
+- goto done;
+ }
+
+ /* Override umask and utimes if asked */
+ if (pflag)
+ do_fsetstat(conn, handle, handle_len, &a);
+
+- status = do_close(conn, handle, handle_len);
++ if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
++ status = -1;
+
+-done:
+ xfree(handle);
+ buffer_free(&msg);
+ return(status);
diff --git a/openssh-4.3p2-sftp-log.patch b/openssh-4.3p2-sftp-log.patch
new file mode 100644
index 0000000..25fbe84
--- /dev/null
+++ b/openssh-4.3p2-sftp-log.patch
@@ -0,0 +1,836 @@
+diff -up openssh-4.3p2/servconf.c.sftp-log openssh-4.3p2/servconf.c
+--- openssh-4.3p2/servconf.c.sftp-log 2008-09-11 21:19:00.000000000 +0200
++++ openssh-4.3p2/servconf.c 2008-10-02 16:34:02.000000000 +0200
+@@ -452,6 +452,7 @@ process_server_config_line(ServerOptions
+ ServerOpCodes opcode;
+ u_short port;
+ u_int i;
++ size_t len;
+
+ cp = line;
+ arg = strdelim(&cp);
+@@ -784,7 +785,7 @@ parse_flag:
+ goto parse_flag;
+
+ case sLogFacility:
+- intptr = (int *) &options->log_facility;
++ intptr = (void *) &options->log_facility;
+ arg = strdelim(&cp);
+ value = log_facility_number(arg);
+ if (value == SYSLOG_FACILITY_NOT_SET)
+@@ -795,7 +796,7 @@ parse_flag:
+ break;
+
+ case sLogLevel:
+- intptr = (int *) &options->log_level;
++ intptr = (void *) &options->log_level;
+ arg = strdelim(&cp);
+ value = log_level_number(arg);
+ if (value == SYSLOG_LEVEL_NOT_SET)
+@@ -910,6 +911,17 @@ parse_flag:
+ fatal("%s line %d: Missing subsystem command.",
+ filename, linenum);
+ options->subsystem_command[options->num_subsystems] = xstrdup(arg);
++
++ /* Collect arguments (separate to executable) */
++ p = xstrdup(arg);
++ len = strlen(p) + 1;
++ while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
++ len += 1 + strlen(arg);
++ p = xrealloc(p, len);
++ strlcat(p, " ", len);
++ strlcat(p, arg, len);
++ }
++ options->subsystem_args[options->num_subsystems] = p;
+ options->num_subsystems++;
+ break;
+
+diff -up openssh-4.3p2/servconf.h.sftp-log openssh-4.3p2/servconf.h
+--- openssh-4.3p2/servconf.h.sftp-log 2008-09-11 21:19:00.000000000 +0200
++++ openssh-4.3p2/servconf.h 2008-10-02 16:28:29.000000000 +0200
+@@ -111,6 +111,7 @@ typedef struct {
+ u_int num_subsystems;
+ char *subsystem_name[MAX_SUBSYSTEMS];
+ char *subsystem_command[MAX_SUBSYSTEMS];
++ char *subsystem_args[MAX_SUBSYSTEMS];
+
+ u_int num_accept_env;
+ char *accept_env[MAX_ACCEPT_ENV];
+diff -up openssh-4.3p2/readconf.c.sftp-log openssh-4.3p2/readconf.c
+--- openssh-4.3p2/readconf.c.sftp-log 2008-09-11 21:19:00.000000000 +0200
++++ openssh-4.3p2/readconf.c 2008-09-11 21:19:00.000000000 +0200
+@@ -669,7 +669,7 @@ parse_int:
+ break;
+
+ case oLogLevel:
+- intptr = (int *) &options->log_level;
++ intptr = (void *) &options->log_level;
+ arg = strdelim(&s);
+ value = log_level_number(arg);
+ if (value == SYSLOG_LEVEL_NOT_SET)
+diff -up openssh-4.3p2/session.c.sftp-log openssh-4.3p2/session.c
+--- openssh-4.3p2/session.c.sftp-log 2008-09-11 21:19:00.000000000 +0200
++++ openssh-4.3p2/session.c 2008-10-02 16:39:09.000000000 +0200
+@@ -1796,7 +1796,7 @@ session_subsystem_req(Session *s)
+ struct stat st;
+ u_int len;
+ int success = 0;
+- char *cmd, *subsys = packet_get_string(&len);
++ char *prog, *cmd, *subsys = packet_get_string(&len);
+ u_int i;
+
+ packet_check_eom();
+@@ -1804,9 +1804,10 @@ session_subsystem_req(Session *s)
+
+ for (i = 0; i < options.num_subsystems; i++) {
+ if (strcmp(subsys, options.subsystem_name[i]) == 0) {
+- cmd = options.subsystem_command[i];
+- if (stat(cmd, &st) < 0) {
+- error("subsystem: cannot stat %s: %s", cmd,
++ prog = options.subsystem_command[i];
++ cmd = options.subsystem_args[i];
++ if (stat(prog, &st) < 0) {
++ error("subsystem: cannot stat %s: %s", prog,
+ strerror(errno));
+ break;
+ }
+diff -up openssh-4.3p2/sftp-server.8.sftp-log openssh-4.3p2/sftp-server.8
+--- openssh-4.3p2/sftp-server.8.sftp-log 2003-10-15 07:50:43.000000000 +0200
++++ openssh-4.3p2/sftp-server.8 2008-09-11 21:19:00.000000000 +0200
+@@ -30,6 +30,8 @@
+ .Nd SFTP server subsystem
+ .Sh SYNOPSIS
+ .Nm sftp-server
++.Op Fl f Ar log_facility
++.Op Fl l Ar log_level
+ .Sh DESCRIPTION
+ .Nm
+ is a program that speaks the server side of SFTP protocol
+@@ -40,9 +42,46 @@ is not intended to be called directly, b
+ using the
+ .Cm Subsystem
+ option.
++.Pp
++Command-line flags to
++.Nm
++should be specified in the
++.Cm Subsystem
++declaration.
+ See
+ .Xr sshd_config 5
+ for more information.
++.Pp
++Valid options are:
++.Bl -tag -width Ds
++.It Fl f Ar log_facility
++Specifies the facility code that is used when logging messages from
++.Nm .
++The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++The default is AUTH.
++.It Fl l Ar log_level
++Specifies which messages will be logged by
++.Nm .
++The possible values are:
++QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
++INFO and VERBOSE log transactions that
++.Nm
++performs on behalf of the client.
++DEBUG and DEBUG1 are equivalent.
++DEBUG2 and DEBUG3 each specify higher levels of debugging output.
++The default is ERROR.
++.El
++.Pp
++For logging to work,
++.Nm
++must be able to access
++.Pa /dev/log .
++Use of
++.Nm
++in a chroot configuation therefore requires that
++.Xr syslogd 8
++establish a logging socket inside the chroot directory.
+ .Sh SEE ALSO
+ .Xr sftp 1 ,
+ .Xr ssh 1 ,
+diff -up openssh-4.3p2/sshd_config.5.sftp-log openssh-4.3p2/sshd_config.5
+--- openssh-4.3p2/sshd_config.5.sftp-log 2008-09-11 21:19:00.000000000 +0200
++++ openssh-4.3p2/sshd_config.5 2008-10-02 16:33:23.000000000 +0200
+@@ -616,8 +616,8 @@ The default is
+ .Dq yes .
+ .It Cm Subsystem
+ Configures an external subsystem (e.g., file transfer daemon).
+-Arguments should be a subsystem name and a command to execute upon subsystem
+-request.
++Arguments should be a subsystem name and a command (with optional arguments)
++to execute upon subsystem request.
+ The command
+ .Xr sftp-server 8
+ implements the
+diff -up openssh-4.3p2/sftp-server.c.sftp-log openssh-4.3p2/sftp-server.c
+--- openssh-4.3p2/sftp-server.c.sftp-log 2008-09-11 21:19:00.000000000 +0200
++++ openssh-4.3p2/sftp-server.c 2008-09-11 21:19:00.000000000 +0200
+@@ -22,6 +22,7 @@ RCSID("$OpenBSD: sftp-server.c,v 1.50 20
+ #include "log.h"
+ #include "xmalloc.h"
+ #include "misc.h"
++#include "uidswap.h"
+
+ #include "sftp.h"
+ #include "sftp-common.h"
+@@ -32,7 +33,12 @@ RCSID("$OpenBSD: sftp-server.c,v 1.50 20
+ #define get_string(lenp) buffer_get_string(&iqueue, lenp);
+ #define TRACE debug
+
+-extern char *__progname;
++/* Our verbosity */
++LogLevel log_level = SYSLOG_LEVEL_ERROR;
++
++/* Our client */
++struct passwd *pw = NULL;
++char *client_addr = NULL;
+
+ /* input and output queue */
+ Buffer iqueue;
+@@ -104,6 +110,33 @@ flags_from_portable(int pflags)
+ return flags;
+ }
+
++static const char *
++string_from_portable(int pflags)
++{
++ static char ret[128];
++
++ *ret = '\0';
++
++#define PAPPEND(str) { \
++ if (*ret != '\0') \
++ strlcat(ret, ",", sizeof(ret)); \
++ strlcat(ret, str, sizeof(ret)); \
++ }
++
++ if (pflags & SSH2_FXF_READ)
++ PAPPEND("READ")
++ if (pflags & SSH2_FXF_WRITE)
++ PAPPEND("WRITE")
++ if (pflags & SSH2_FXF_CREAT)
++ PAPPEND("CREATE")
++ if (pflags & SSH2_FXF_TRUNC)
++ PAPPEND("TRUNCATE")
++ if (pflags & SSH2_FXF_EXCL)
++ PAPPEND("EXCL")
++
++ return ret;
++}
++
+ static Attrib *
+ get_attrib(void)
+ {
+@@ -118,6 +151,7 @@ struct Handle {
+ DIR *dirp;
+ int fd;
+ char *name;
++ u_int64_t bytes_read, bytes_write;
+ };
+
+ enum {
+@@ -148,6 +182,7 @@ handle_new(int use, const char *name, in
+ handles[i].dirp = dirp;
+ handles[i].fd = fd;
+ handles[i].name = xstrdup(name);
++ handles[i].bytes_read = handles[i].bytes_write = 0;
+ return i;
+ }
+ }
+@@ -211,6 +246,36 @@ handle_to_fd(int handle)
+ return -1;
+ }
+
++static void
++handle_update_read(int handle, ssize_t bytes)
++{
++ if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0)
++ handles[handle].bytes_read += bytes;
++}
++
++static void
++handle_update_write(int handle, ssize_t bytes)
++{
++ if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0)
++ handles[handle].bytes_write += bytes;
++}
++
++static u_int64_t
++handle_bytes_read(int handle)
++{
++ if (handle_is_ok(handle, HANDLE_FILE))
++ return (handles[handle].bytes_read);
++ return 0;
++}
++
++static u_int64_t
++handle_bytes_write(int handle)
++{
++ if (handle_is_ok(handle, HANDLE_FILE))
++ return (handles[handle].bytes_write);
++ return 0;
++}
++
+ static int
+ handle_close(int handle)
+ {
+@@ -230,6 +295,32 @@ handle_close(int handle)
+ return ret;
+ }
+
++static void
++handle_log_close(int handle, char *emsg)
++{
++ if (handle_is_ok(handle, HANDLE_FILE)) {
++ logit("%s%sclose \"%s\" bytes read %llu written %llu",
++ emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
++ handle_to_name(handle),
++ (unsigned long long)handle_bytes_read(handle),
++ (unsigned long long)handle_bytes_write(handle));
++ } else {
++ logit("%s%sclosedir \"%s\"",
++ emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ",
++ handle_to_name(handle));
++ }
++}
++
++static void
++handle_log_exit(void)
++{
++ u_int i;
++
++ for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
++ if (handles[i].use != HANDLE_UNUSED)
++ handle_log_close(i, "forced");
++}
++
+ static int
+ get_handle(void)
+ {
+@@ -256,10 +347,9 @@ send_msg(Buffer *m)
+ buffer_consume(m, mlen);
+ }
+
+-static void
+-send_status(u_int32_t id, u_int32_t status)
++static const char *
++status_to_message(u_int32_t status)
+ {
+- Buffer msg;
+ const char *status_messages[] = {
+ "Success", /* SSH_FX_OK */
+ "End of file", /* SSH_FX_EOF */
+@@ -272,15 +362,24 @@ send_status(u_int32_t id, u_int32_t stat
+ "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */
+ "Unknown error" /* Others */
+ };
++ return (status_messages[MIN(status,SSH2_FX_MAX)]);
++}
++
++static void
++send_status(u_int32_t id, u_int32_t status)
++{
++ Buffer msg;
+
+- TRACE("sent status id %u error %u", id, status);
++ debug3("request %u: sent status %u", id, status);
++ if (log_level > SYSLOG_LEVEL_VERBOSE ||
++ (status != SSH2_FX_OK && status != SSH2_FX_EOF))
++ logit("sent status %s", status_to_message(status));
+ buffer_init(&msg);
+ buffer_put_char(&msg, SSH2_FXP_STATUS);
+ buffer_put_int(&msg, id);
+ buffer_put_int(&msg, status);
+ if (version >= 3) {
+- buffer_put_cstring(&msg,
+- status_messages[MIN(status,SSH2_FX_MAX)]);
++ buffer_put_cstring(&msg, status_to_message(status));
+ buffer_put_cstring(&msg, "");
+ }
+ send_msg(&msg);
+@@ -302,7 +401,7 @@ send_data_or_handle(char type, u_int32_t
+ static void
+ send_data(u_int32_t id, const char *data, int dlen)
+ {
+- TRACE("sent data id %u len %d", id, dlen);
++ debug("request %u: sent data len %d", id, dlen);
+ send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
+ }
+
+@@ -313,7 +412,7 @@ send_handle(u_int32_t id, int handle)
+ int hlen;
+
+ handle_to_string(handle, &string, &hlen);
+- TRACE("sent handle id %u handle %d", id, handle);
++ debug("request %u: sent handle handle %d", id, handle);
+ send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
+ xfree(string);
+ }
+@@ -328,7 +427,7 @@ send_names(u_int32_t id, int count, cons
+ buffer_put_char(&msg, SSH2_FXP_NAME);
+ buffer_put_int(&msg, id);
+ buffer_put_int(&msg, count);
+- TRACE("sent names id %u count %d", id, count);
++ debug("request %u: sent names count %d", id, count);
+ for (i = 0; i < count; i++) {
+ buffer_put_cstring(&msg, stats[i].name);
+ buffer_put_cstring(&msg, stats[i].long_name);
+@@ -343,7 +442,7 @@ send_attrib(u_int32_t id, const Attrib *
+ {
+ Buffer msg;
+
+- TRACE("sent attrib id %u have 0x%x", id, a->flags);
++ debug("request %u: sent attrib have 0x%x", id, a->flags);
+ buffer_init(&msg);
+ buffer_put_char(&msg, SSH2_FXP_ATTRS);
+ buffer_put_int(&msg, id);
+@@ -360,7 +459,7 @@ process_init(void)
+ Buffer msg;
+
+ version = get_int();
+- TRACE("client version %d", version);
++ verbose("received client version %d", version);
+ buffer_init(&msg);
+ buffer_put_char(&msg, SSH2_FXP_VERSION);
+ buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
+@@ -379,10 +478,12 @@ process_open(void)
+ id = get_int();
+ name = get_string(NULL);
+ pflags = get_int(); /* portable flags */
++ debug3("request %u: open flags %d", id, pflags);
+ a = get_attrib();
+ flags = flags_from_portable(pflags);
+ mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
+- TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
++ logit("open \"%s\" flags %s mode 0%o",
++ name, string_from_portable(pflags), mode);
+ fd = open(name, flags, mode);
+ if (fd < 0) {
+ status = errno_to_portable(errno);
+@@ -408,7 +509,8 @@ process_close(void)
+
+ id = get_int();
+ handle = get_handle();
+- TRACE("close id %u handle %d", id, handle);
++ debug3("request %u: close handle %u", id, handle);
++ handle_log_close(handle, NULL);
+ ret = handle_close(handle);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ send_status(id, status);
+@@ -427,11 +529,11 @@ process_read(void)
+ off = get_int64();
+ len = get_int();
+
+- TRACE("read id %u handle %d off %llu len %d", id, handle,
+- (unsigned long long)off, len);
++ debug("request %u: read \"%s\" (handle %d) off %llu len %d",
++ id, handle_to_name(handle), handle, (unsigned long long)off, len);
+ if (len > sizeof buf) {
+ len = sizeof buf;
+- logit("read change len %d", len);
++ debug2("read change len %d", len);
+ }
+ fd = handle_to_fd(handle);
+ if (fd >= 0) {
+@@ -447,6 +549,7 @@ process_read(void)
+ } else {
+ send_data(id, buf, ret);
+ status = SSH2_FX_OK;
++ handle_update_read(handle, ret);
+ }
+ }
+ }
+@@ -468,8 +571,8 @@ process_write(void)
+ off = get_int64();
+ data = get_string(&len);
+
+- TRACE("write id %u handle %d off %llu len %d", id, handle,
+- (unsigned long long)off, len);
++ debug("request %u: write \"%s\" (handle %d) off %llu len %d",
++ id, handle_to_name(handle), handle, (unsigned long long)off, len);
+ fd = handle_to_fd(handle);
+ if (fd >= 0) {
+ if (lseek(fd, off, SEEK_SET) < 0) {
+@@ -483,8 +586,9 @@ process_write(void)
+ status = errno_to_portable(errno);
+ } else if ((size_t)ret == len) {
+ status = SSH2_FX_OK;
++ handle_update_write(handle, ret);
+ } else {
+- logit("nothing at all written");
++ debug2("nothing at all written");
+ }
+ }
+ }
+@@ -503,7 +607,8 @@ process_do_stat(int do_lstat)
+
+ id = get_int();
+ name = get_string(NULL);
+- TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
++ debug3("request %u: %sstat", id, do_lstat ? "l" : "");
++ verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
+ ret = do_lstat ? lstat(name, &st) : stat(name, &st);
+ if (ret < 0) {
+ status = errno_to_portable(errno);
+@@ -539,7 +644,8 @@ process_fstat(void)
+
+ id = get_int();
+ handle = get_handle();
+- TRACE("fstat id %u handle %d", id, handle);
++ debug("request %u: fstat \"%s\" (handle %u)",
++ id, handle_to_name(handle), handle);
+ fd = handle_to_fd(handle);
+ if (fd >= 0) {
+ ret = fstat(fd, &st);
+@@ -578,23 +684,34 @@ process_setstat(void)
+ id = get_int();
+ name = get_string(NULL);
+ a = get_attrib();
+- TRACE("setstat id %u name %s", id, name);
++ debug("request %u: setstat name \"%s\"", id, name);
+ if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
++ logit("set \"%s\" size %llu",
++ name, (unsigned long long)a->size);
+ ret = truncate(name, a->size);
+ if (ret == -1)
+ status = errno_to_portable(errno);
+ }
+ if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
++ logit("set \"%s\" mode %04o", name, a->perm);
+ ret = chmod(name, a->perm & 0777);
+ if (ret == -1)
+ status = errno_to_portable(errno);
+ }
+ if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
++ char buf[64];
++ time_t t = a->mtime;
++
++ strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S",
++ localtime(&t));
++ logit("set \"%s\" modtime %s", name, buf);
+ ret = utimes(name, attrib_to_tv(a));
+ if (ret == -1)
+ status = errno_to_portable(errno);
+ }
+ if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
++ logit("set \"%s\" owner %lu group %lu", name,
++ (u_long)a->uid, (u_long)a->gid);
+ ret = chown(name, a->uid, a->gid);
+ if (ret == -1)
+ status = errno_to_portable(errno);
+@@ -610,23 +727,26 @@ process_fsetstat(void)
+ u_int32_t id;
+ int handle, fd, ret;
+ int status = SSH2_FX_OK;
+- char *name;
+
+ id = get_int();
+ handle = get_handle();
+ a = get_attrib();
+- TRACE("fsetstat id %u handle %d", id, handle);
++ debug("request %u: fsetstat handle %d", id, handle);
+ fd = handle_to_fd(handle);
+- name = handle_to_name(handle);
+- if (fd < 0 || name == NULL) {
++ if (fd < 0) {
+ status = SSH2_FX_FAILURE;
+ } else {
++ char *name = handle_to_name(handle);
++
+ if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
++ logit("set \"%s\" size %llu",
++ name, (unsigned long long)a->size);
+ ret = ftruncate(fd, a->size);
+ if (ret == -1)
+ status = errno_to_portable(errno);
+ }
+ if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
++ logit("set \"%s\" mode %04o", name, a->perm);
+ #ifdef HAVE_FCHMOD
+ ret = fchmod(fd, a->perm & 0777);
+ #else
+@@ -636,6 +756,12 @@ process_fsetstat(void)
+ status = errno_to_portable(errno);
+ }
+ if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
++ char buf[64];
++ time_t t = a->mtime;
++
++ strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S",
++ localtime(&t));
++ logit("set \"%s\" modtime %s", name, buf);
+ #ifdef HAVE_FUTIMES
+ ret = futimes(fd, attrib_to_tv(a));
+ #else
+@@ -645,6 +771,8 @@ process_fsetstat(void)
+ status = errno_to_portable(errno);
+ }
+ if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
++ logit("set \"%s\" owner %lu group %lu", name,
++ (u_long)a->uid, (u_long)a->gid);
+ #ifdef HAVE_FCHOWN
+ ret = fchown(fd, a->uid, a->gid);
+ #else
+@@ -667,7 +795,8 @@ process_opendir(void)
+
+ id = get_int();
+ path = get_string(NULL);
+- TRACE("opendir id %u path %s", id, path);
++ debug3("request %u: opendir", id);
++ logit("opendir \"%s\"", path);
+ dirp = opendir(path);
+ if (dirp == NULL) {
+ status = errno_to_portable(errno);
+@@ -697,7 +826,8 @@ process_readdir(void)
+
+ id = get_int();
+ handle = get_handle();
+- TRACE("readdir id %u handle %d", id, handle);
++ debug("request %u: readdir \"%s\" (handle %d)", id,
++ handle_to_name(handle), handle);
+ dirp = handle_to_dir(handle);
+ path = handle_to_name(handle);
+ if (dirp == NULL || path == NULL) {
+@@ -751,7 +881,8 @@ process_remove(void)
+
+ id = get_int();
+ name = get_string(NULL);
+- TRACE("remove id %u name %s", id, name);
++ debug3("request %u: remove", id);
++ logit("remove name \"%s\"", name);
+ ret = unlink(name);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ send_status(id, status);
+@@ -771,7 +902,8 @@ process_mkdir(void)
+ a = get_attrib();
+ mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
+ a->perm & 0777 : 0777;
+- TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
++ debug3("request %u: mkdir", id);
++ logit("mkdir name \"%s\" mode 0%o", name, mode);
+ ret = mkdir(name, mode);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ send_status(id, status);
+@@ -787,7 +919,8 @@ process_rmdir(void)
+
+ id = get_int();
+ name = get_string(NULL);
+- TRACE("rmdir id %u name %s", id, name);
++ debug3("request %u: rmdir", id);
++ logit("rmdir name \"%s\"", name);
+ ret = rmdir(name);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ send_status(id, status);
+@@ -807,7 +940,8 @@ process_realpath(void)
+ xfree(path);
+ path = xstrdup(".");
+ }
+- TRACE("realpath id %u path %s", id, path);
++ debug3("request %u: realpath", id);
++ verbose("realpath \"%s\"", path);
+ if (realpath(path, resolvedname) == NULL) {
+ send_status(id, errno_to_portable(errno));
+ } else {
+@@ -830,7 +964,8 @@ process_rename(void)
+ id = get_int();
+ oldpath = get_string(NULL);
+ newpath = get_string(NULL);
+- TRACE("rename id %u old %s new %s", id, oldpath, newpath);
++ debug3("request %u: rename", id);
++ logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
+ status = SSH2_FX_FAILURE;
+ if (lstat(oldpath, &sb) == -1)
+ status = errno_to_portable(errno);
+@@ -885,7 +1020,8 @@ process_readlink(void)
+
+ id = get_int();
+ path = get_string(NULL);
+- TRACE("readlink id %u path %s", id, path);
++ debug3("request %u: readlink", id);
++ verbose("readlink \"%s\"", path);
+ if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1)
+ send_status(id, errno_to_portable(errno));
+ else {
+@@ -909,7 +1045,8 @@ process_symlink(void)
+ id = get_int();
+ oldpath = get_string(NULL);
+ newpath = get_string(NULL);
+- TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
++ debug3("request %u: symlink", id);
++ logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
+ /* this will fail if 'newpath' exists */
+ ret = symlink(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+@@ -947,8 +1084,9 @@ process(void)
+ cp = buffer_ptr(&iqueue);
+ msg_len = GET_32BIT(cp);
+ if (msg_len > SFTP_MAX_MSG_LENGTH) {
+- error("bad message ");
+- exit(11);
++ error("bad message from %s local user %s",
++ client_addr, pw->pw_name);
++ sftp_server_cleanup_exit(11);
+ }
+ if (buf_len < msg_len + 4)
+ return;
+@@ -1021,33 +1159,108 @@ process(void)
+ break;
+ }
+ /* discard the remaining bytes from the current packet */
+- if (buf_len < buffer_len(&iqueue))
+- fatal("iqueue grows");
++ if (buf_len < buffer_len(&iqueue)) {
++ error("iqueue grew unexpectedly");
++ sftp_server_cleanup_exit(255);
++ }
+ consumed = buf_len - buffer_len(&iqueue);
+- if (msg_len < consumed)
+- fatal("msg_len %d < consumed %d", msg_len, consumed);
++ if (msg_len < consumed) {
++ error("msg_len %d < consumed %d", msg_len, consumed);
++ sftp_server_cleanup_exit(255);
++ }
+ if (msg_len > consumed)
+ buffer_consume(&iqueue, msg_len - consumed);
+ }
+
++/* Cleanup handler that logs active handles upon normal exit */
++void
++sftp_server_cleanup_exit(int i)
++{
++ if (pw != NULL && client_addr != NULL) {
++ handle_log_exit();
++ logit("session closed for local user %s from [%s]",
++ pw->pw_name, client_addr);
++ }
++ _exit(i);
++}
++
++static void
++sftp_server_usage(void)
++{
++ extern char *__progname;
++
++ fprintf(stderr,
++ "usage: %s [-he] [-l log_level] [-f log_facility]\n", __progname);
++ exit(1);
++}
++
+ int
+-main(int ac, char **av)
++main(int argc, char **argv)
+ {
+ fd_set *rset, *wset;
+- int in, out, max;
++ int in, out, max, ch, skipargs = 0, log_stderr = 0;
+ ssize_t len, olen, set_size;
++ SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
++ char *cp;
++
++ extern char *optarg;
++ extern char *__progname;
+
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
+- /* XXX should use getopt */
++ __progname = ssh_get_progname(argv[0]);
++ log_init(__progname, log_level, log_facility, log_stderr);
+
+- __progname = ssh_get_progname(av[0]);
+- handle_init();
++ while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) {
++ switch (ch) {
++ case 'c':
++ /*
++ * Ignore all arguments if we are invoked as a
++ * shell using "sftp-server -c command"
++ */
++ skipargs = 1;
++ break;
++ case 'e':
++ log_stderr = 1;
++ break;
++ case 'l':
++ log_level = log_level_number(optarg);
++ if (log_level == SYSLOG_LEVEL_NOT_SET)
++ error("Invalid log level \"%s\"", optarg);
++ break;
++ case 'f':
++ log_facility = log_facility_number(optarg);
++ if (log_facility == SYSLOG_FACILITY_NOT_SET)
++ error("Invalid log facility \"%s\"", optarg);
++ break;
++ case 'h':
++ default:
++ sftp_server_usage();
++ }
++ }
+
+-#ifdef DEBUG_SFTP_SERVER
+- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+-#endif
++ log_init(__progname, log_level, log_facility, log_stderr);
++
++ if ((cp = getenv("SSH_CONNECTION")) != NULL) {
++ client_addr = xstrdup(cp);
++ if ((cp = strchr(client_addr, ' ')) == NULL) {
++ error("Malformed SSH_CONNECTION variable: \"%s\"",
++ getenv("SSH_CONNECTION"));
++ sftp_server_cleanup_exit(255);
++ }
++ *cp = '\0';
++ } else
++ client_addr = xstrdup("UNKNOWN");
++
++ if ((pw = getpwuid(getuid())) == NULL)
++ fatal("No user found for uid %lu", (u_long)getuid());
++ pw = pwcopy(pw);
++
++ logit("session opened for local user %s from [%s]",
++ pw->pw_name, client_addr);
++
++ handle_init();
+
+ in = dup(STDIN_FILENO);
+ out = dup(STDOUT_FILENO);
+@@ -1090,7 +1303,8 @@ main(int ac, char **av)
+ if (select(max+1, rset, wset, NULL, NULL) < 0) {
+ if (errno == EINTR)
+ continue;
+- exit(2);
++ error("select: %s", strerror(errno));
++ sftp_server_cleanup_exit(2);
+ }
+
+ /* copy stdin to iqueue */
+@@ -1099,10 +1313,10 @@ main(int ac, char **av)
+ len = read(in, buf, sizeof buf);
+ if (len == 0) {
+ debug("read eof");
+- exit(0);
++ sftp_server_cleanup_exit(0);
+ } else if (len < 0) {
+- error("read error");
+- exit(1);
++ error("read: %s", strerror(errno));
++ sftp_server_cleanup_exit(1);
+ } else {
+ buffer_append(&iqueue, buf, len);
+ }
+@@ -1111,8 +1325,8 @@ main(int ac, char **av)
+ if (FD_ISSET(out, wset)) {
+ len = write(out, buffer_ptr(&oqueue), olen);
+ if (len < 0) {
+- error("write error");
+- exit(1);
++ error("write: %s", strerror(errno));
++ sftp_server_cleanup_exit(1);
+ } else {
+ buffer_consume(&oqueue, len);
+ }
diff --git a/openssh-4.3p2-skip-initial.patch b/openssh-4.3p2-skip-initial.patch
new file mode 100644
index 0000000..30108a9
--- /dev/null
+++ b/openssh-4.3p2-skip-initial.patch
@@ -0,0 +1,26 @@
+Skip the initial empty-password check if permit_empty_passwd is disabled. This
+doesn't change the timing profiles of the host because the additional condition
+check which can short-circuit the call to pam_authenticate() has no dependency
+on the identity of the user who is being authenticated.
+--- openssh-3.8p1/auth1.c 2004-02-26 21:05:25.000000000 -0500
++++ openssh-3.8p1/auth1.c 2004-02-26 21:05:20.000000000 -0500
+@@ -76,7 +76,7 @@
+ authctxt->valid ? "" : "invalid user ", authctxt->user);
+
+ /* If the user has no password, accept authentication immediately. */
+- if (options.password_authentication &&
++ if (options.permit_empty_passwd && options.password_authentication &&
+ #ifdef KRB5
+ (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
+ #endif
+--- openssh-3.8p1/auth2-none.c 2004-02-26 21:07:34.000000000 -0500
++++ openssh-3.8p1/auth2-none.c 2004-02-26 21:07:28.000000000 -0500
+@@ -100,7 +100,7 @@
+ if (check_nt_auth(1, authctxt->pw) == 0)
+ return (0);
+ #endif
+- if (options.password_authentication)
++ if (options.permit_empty_passwd && options.password_authentication)
+ return (PRIVSEP(auth_password(authctxt, "")));
+ return (0);
+ }
diff --git a/openssh-4.3p2-sshsocketleak.patch b/openssh-4.3p2-sshsocketleak.patch
new file mode 100644
index 0000000..27752ef
--- /dev/null
+++ b/openssh-4.3p2-sshsocketleak.patch
@@ -0,0 +1,13 @@
+--- session.c.orig 2009-10-21 17:22:37.000000000 +0200
++++ session.c 2009-10-21 17:23:41.000000000 +0200
+@@ -507,6 +507,10 @@
+ */
+ if (compat20) {
+ session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]);
++ /* close err[1] to not leak the socket if this inside a subsystem */
++ if (s->is_subsystem) {
++ close(err[1]);
++ }
+ } else {
+ server_loop(pid, inout[1], inout[1], err[1]);
+ /* server_loop has closed inout[1] and err[1]. */
diff --git a/openssh-4.3p2-stderr.patch b/openssh-4.3p2-stderr.patch
new file mode 100644
index 0000000..0d7fb63
--- /dev/null
+++ b/openssh-4.3p2-stderr.patch
@@ -0,0 +1,149 @@
+diff -up openssh-4.3p2/channels.c.stderr openssh-4.3p2/channels.c
+--- openssh-4.3p2/channels.c.stderr 2010-06-28 10:44:07.000000000 +0200
++++ openssh-4.3p2/channels.c 2010-06-28 10:44:07.000000000 +0200
+@@ -771,8 +771,9 @@ channel_pre_open(Channel *c, fd_set * re
+ if (c->extended_usage == CHAN_EXTENDED_WRITE &&
+ buffer_len(&c->extended) > 0)
+ FD_SET(c->efd, writeset);
+- else if (!(c->flags & CHAN_EOF_SENT) &&
+- c->extended_usage == CHAN_EXTENDED_READ &&
++ else if (c->efd != -1 && !(c->flags & CHAN_EOF_SENT) &&
++ (c->extended_usage == CHAN_EXTENDED_READ ||
++ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
+ buffer_len(&c->extended) < c->remote_window)
+ FD_SET(c->efd, readset);
+ }
+@@ -1566,7 +1567,9 @@ channel_handle_efd(Channel *c, fd_set *
+ buffer_consume(&c->extended, len);
+ c->local_consumed += len;
+ }
+- } else if (c->extended_usage == CHAN_EXTENDED_READ &&
++ } else if (c->efd != -1 &&
++ (c->extended_usage == CHAN_EXTENDED_READ ||
++ c->extended_usage == CHAN_EXTENDED_IGNORE) &&
+ (c->detach_close || FD_ISSET(c->efd, readset))) {
+ len = read(c->efd, buf, sizeof(buf));
+ debug2("channel %d: read %d from efd %d",
+@@ -1579,7 +1582,11 @@ channel_handle_efd(Channel *c, fd_set *
+ c->self, c->efd);
+ channel_close_fd(&c->efd);
+ } else {
+- buffer_append(&c->extended, buf, len);
++ if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
++ debug3("channel %d: discard efd",
++ c->self);
++ } else
++ buffer_append(&c->extended, buf, len);
+ }
+ }
+ }
+diff -up openssh-4.3p2/session.c.stderr openssh-4.3p2/session.c
+--- openssh-4.3p2/session.c.stderr 2010-06-28 10:44:07.000000000 +0200
++++ openssh-4.3p2/session.c 2010-06-28 10:47:38.000000000 +0200
+@@ -63,6 +63,7 @@ RCSID("$OpenBSD: session.c,v 1.191 2005/
+
+ #include "selinux.h"
+
++#include <fcntl.h>
+ #if defined(KRB5) && defined(USE_AFS)
+ #include <kafs.h>
+ #endif
+@@ -74,7 +75,7 @@ RCSID("$OpenBSD: session.c,v 1.191 2005/
+ /* func */
+
+ Session *session_new(void);
+-void session_set_fds(Session *, int, int, int);
++void session_set_fds(Session *, int, int, int, int, int);
+ void session_pty_cleanup(Session *);
+ void session_proctitle(Session *);
+ int session_setup_x11fwd(Session *);
+@@ -381,23 +382,33 @@ void
+ do_exec_no_pty(Session *s, const char *command)
+ {
+ pid_t pid;
++ int ignore_fderr = 0;
+
+ #ifdef USE_PIPES
+ int pin[2], pout[2], perr[2];
++
++ if (s == NULL)
++ fatal("do_exec_no_pty: no session");
++
+ /* Allocate pipes for communicating with the program. */
+ if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
+ packet_disconnect("Could not create pipes: %.100s",
+ strerror(errno));
+ #else /* USE_PIPES */
+ int inout[2], err[2];
++
++ if (s == NULL)
++ fatal("do_exec_no_pty: no session");
++
+ /* Uses socket pairs to communicate with the program. */
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
+ socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
+ packet_disconnect("Could not create socket pairs: %.100s",
+ strerror(errno));
+ #endif /* USE_PIPES */
+- if (s == NULL)
+- fatal("do_exec_no_pty: no session");
++
++ if (s->is_subsystem)
++ ignore_fderr = 1;
+
+ session_proctitle(s);
+
+@@ -479,11 +490,7 @@ do_exec_no_pty(Session *s, const char *c
+ close(perr[1]);
+
+ if (compat20) {
+- if (s->is_subsystem) {
+- close(perr[0]);
+- perr[0] = -1;
+- }
+- session_set_fds(s, pin[1], pout[0], perr[0]);
++ session_set_fds(s, pin[1], pout[0], perr[0], ignore_fderr, 0);
+ } else {
+ /* Enter the interactive session. */
+ server_loop(pid, pin[1], pout[0], perr[0]);
+@@ -506,11 +513,7 @@ do_exec_no_pty(Session *s, const char *c
+ * handle the case that fdin and fdout are the same.
+ */
+ if (compat20) {
+- session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]);
+- /* close err[1] to not leak the socket if this inside a subsystem */
+- if (s->is_subsystem) {
+- close(err[1]);
+- }
++ session_set_fds(s, inout[1], inout[1], err[1], ignore_fderr, 0);
+ } else {
+ server_loop(pid, inout[1], inout[1], err[1]);
+ /* server_loop has closed inout[1] and err[1]. */
+@@ -608,7 +611,7 @@ do_exec_pty(Session *s, const char *comm
+ /* Enter interactive session. */
+ packet_set_interactive(1);
+ if (compat20) {
+- session_set_fds(s, ptyfd, fdout, -1);
++ session_set_fds(s, ptyfd, fdout, -1, 1, 1);
+ } else {
+ server_loop(pid, ptyfd, fdout, -1);
+ /* server_loop _has_ closed ptyfd and fdout. */
+@@ -2085,7 +2088,8 @@ session_input_channel_req(Channel *c, co
+ }
+
+ void
+-session_set_fds(Session *s, int fdin, int fdout, int fderr)
++session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
++ int is_tty)
+ {
+ if (!compat20)
+ fatal("session_set_fds: called for proto != 2.0");
+@@ -2097,7 +2101,7 @@ session_set_fds(Session *s, int fdin, in
+ fatal("no channel for session %d", s->self);
+ channel_set_fds(s->chanid,
+ fdout, fdin, fderr,
+- fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
++ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ 1,
+ CHAN_SES_WINDOW_DEFAULT);
+ }
diff --git a/openssh-4.3p2-unblock-signals.patch b/openssh-4.3p2-unblock-signals.patch
new file mode 100644
index 0000000..3df2fe8
--- /dev/null
+++ b/openssh-4.3p2-unblock-signals.patch
@@ -0,0 +1,42 @@
+diff -ur openssh-4.3p2.orig/gss-serv-gsi.c openssh-4.3p2/gss-serv-gsi.c
+--- openssh-4.3p2.orig/gss-serv-gsi.c 2011-08-10 13:38:12.138969932 +0200
++++ openssh-4.3p2/gss-serv-gsi.c 2011-08-10 13:41:52.560976081 +0200
+@@ -53,6 +53,22 @@
+ &ssh_gssapi_gsi_storecreds
+ };
+
++static
++void
++undo_globus_signal_blocking()
++{
++ sigset_t mysigset;
++ sigemptyset(&mysigset);
++ sigaddset(&mysigset, SIGCHLD);
++ sigaddset(&mysigset, SIGTERM);
++ sigaddset(&mysigset, SIGALRM);
++ sigaddset(&mysigset, SIGHUP);
++ sigaddset(&mysigset, SIGTERM);
++ sigaddset(&mysigset, SIGQUIT);
++ sigaddset(&mysigset, SIGINT);
++ sigprocmask(SIG_UNBLOCK, &mysigset, NULL);
++}
++
+ /*
+ * Check if this user is OK to login under GSI. User has been authenticated
+ * as identity in global 'client_name.value' and is trying to log in as passed
+@@ -73,6 +89,7 @@
+ if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
+ return 0;
+ }
++ undo_globus_signal_blocking();
+ #endif
+
+ /* use new globus_gss_assist_map_and_authorize() interface if available */
+@@ -119,6 +136,7 @@
+ if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
+ return 0;
+ }
++ undo_globus_signal_blocking();
+ #endif
+
+ /* use new globus_gss_assist_map_and_authorize() interface if available */
diff --git a/openssh-nukeacss.sh b/openssh-nukeacss.sh
new file mode 100755
index 0000000..ccc1354
--- /dev/null
+++ b/openssh-nukeacss.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# Remove the ACSS implementation from OpenSSH, and disable its use so that the
+# rest of the package can still be built.
+#
+> acss.c
+patch -sp0 << EOF
+--- cipher.c.orig 2005-07-17 09:02:10.000000000 +0200
++++ cipher.c 2005-09-06 14:52:06.000000000 +0200
+@@ -45,6 +45,8 @@
+
+ /* compatibility with old or broken OpenSSL versions */
+ #include "openbsd-compat/openssl-compat.h"
++#undef USE_CIPHER_ACSS
++#define EVP_acss NULL
+
+ extern const EVP_CIPHER *evp_ssh1_bf(void);
+ extern const EVP_CIPHER *evp_ssh1_3des(void);
+EOF
diff --git a/sources b/sources
index e69de29..47e5239 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+8dcce96be628a67ce992f089d9db81ff openssh-4.3p2-noacss.tar.bz2
More information about the scm-commits
mailing list