add Alias feature and cleanup ChRoot feature packaging

openssh/openssh.patch

@@ -22,78 +22,6 @@ Index: auth-pam.h
  #endif
  
  void start_pam(const char *);
-Index: session.c
---- session.c.orig	2004-02-23 14:01:27.000000000 +0100
-+++ session.c	2004-02-24 20:25:23.000000000 +0100
-@@ -1270,6 +1270,26 @@
- 			exit(1);
- 		}
- 		endgrent();
-+# ifdef USE_CHROOT
-+		{
-+			char *user_dir;
-+			char *new_root;
-+			user_dir = xstrdup(pw->pw_dir);
-+			new_root = user_dir + 1;
-+			while ((new_root = strchr(new_root, '.')) != NULL) {
-+			    new_root--;
-+			    if (strncmp(new_root, "/./", 3) == 0) {
-+			        *new_root = '\0';
-+			        new_root += 2;
-+			        if (chroot(user_dir) == -1)
-+			            fatal("Couldn't chroot to user directory \"%s\"", user_dir);
-+			        pw->pw_dir = new_root;
-+			        break;
-+			    }
-+			    new_root += 2;
-+			}
-+		}
-+# endif /* USE_CHROOT */
- # ifdef USE_PAM
- 		/*
- 		 * PAM credentials may take the form of supplementary groups.
-Index: sftp-server.c
---- sftp-server.c.orig	2004-02-23 23:19:15.000000000 +0100
-+++ sftp-server.c	2004-02-24 20:25:23.000000000 +0100
-@@ -1029,6 +1029,38 @@
- 	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
- 
-+#ifdef USE_CHROOT
-+{
-+	char *user_dir;
-+	char *new_root;
-+	user_dir = getenv("HOME");
-+	if (user_dir == NULL)
-+		fatal("HOME variable not found in environment");
-+	new_root = user_dir + 1;
-+	while ((new_root = strchr(new_root, '.')) != NULL) {
-+		new_root--;
-+		if (strncmp(new_root, "/./", 3) == 0) {
-+			*new_root = '\0';
-+			new_root += 2;
-+			if (geteuid() == 0) {
-+				/* chroot to subdir and adjust HOME for remaining path */
-+				if (chroot(user_dir) == -1)
-+					fatal("Couldn't chroot to user directory \"%s\": %s", user_dir, strerror(errno));
-+				if (setuid(getuid()) == -1)
-+					fatal("Couldn't drop privileges: %s", strerror(errno));
-+				setenv("HOME", new_root, 1);
-+			}
-+			else {
-+				/* ignore chroot request and adjust HOME for preceeding path */
-+				setenv("HOME", user_dir, 1);
-+			}
-+			break;
-+		}
-+		new_root += 2;
-+	}
-+}
-+#endif /* USE_CHROOT */
-+
- 	in = dup(STDIN_FILENO);
- 	out = dup(STDOUT_FILENO);
- 
 Index: version.h
 --- version.h.orig	2004-02-23 23:24:02.000000000 +0100
 +++ version.h	2004-02-24 20:25:23.000000000 +0100

openssh/openssh.patch.alias

@@ -0,0 +1,198 @@
+Index: servconf.c
+--- servconf.c.orig	Fri Jan 23 12:03:10 2004
++++ servconf.c	Fri Mar 12 12:28:21 2004
+@@ -101,6 +101,9 @@
+ 	options->client_alive_count_max = -1;
+ 	options->authorized_keys_file = NULL;
+ 	options->authorized_keys_file2 = NULL;
++#ifdef USE_ALIAS
++	options->num_alias = 0;
++#endif
+ 
+ 	/* Needs to be accessable in many places */
+ 	use_privsep = -1;
+@@ -268,6 +271,9 @@
+ 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ 	sGssAuthentication, sGssCleanupCreds,
+ 	sUsePrivilegeSeparation,
++#ifdef USE_ALIAS
++	sAlias,
++#endif
+ 	sDeprecated, sUnsupported
+ } ServerOpCodes;
+ 
+@@ -366,6 +372,9 @@
+ 	{ "authorizedkeysfile", sAuthorizedKeysFile },
+ 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
+ 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
++#ifdef USE_ALIAS
++	{ "alias", sAlias },
++#endif
+ 	{ NULL, sBadOption }
+ };
+ 
+@@ -898,6 +907,26 @@
+ 		while (arg)
+ 		    arg = strdelim(&cp);
+ 		break;
++
++#ifdef USE_ALIAS
++	case sAlias:
++		if (options->num_alias >= MAX_ALIAS) {
++			fatal("%s line %d: too many user alias defined.",
++			    filename, linenum);
++		}
++		arg = strdelim(&cp);
++		if (arg == NULL || arg[0] == '\0')
++			fatal("%s line %d: missing user name alias(es).",
++			    filename, linenum);
++		options->alias[options->num_alias].alias = xstrdup(arg);
++		arg = strdelim(&cp);
++		if (arg == NULL || arg[0] == '\0')
++			fatal("%s line %d: missing user name to map alias '%s' to.",
++			    filename, linenum, options->alias[options->num_alias].alias);
++		options->alias[options->num_alias].user = xstrdup(arg);
++		options->num_alias++;
++		break;
++#endif
+ 
+ 	case sUnsupported:
+ 		logit("%s line %d: Unsupported option %s",
+Index: servconf.h
+--- servconf.h.orig	Wed Dec 31 01:37:34 2003
++++ servconf.h	Fri Mar 12 11:36:15 2004
+@@ -125,6 +125,14 @@
+ 	char   *authorized_keys_file;	/* File containing public keys */
+ 	char   *authorized_keys_file2;
+ 	int	use_pam;		/* Enable auth via PAM */
++#ifdef USE_ALIAS
++#define MAX_ALIAS 256
++	u_int num_alias;
++	struct {
++		char *alias;  /* the alias list to match */
++		char *user;   /* the username to map to */
++	} alias[MAX_ALIAS];
++#endif
+ }       ServerOptions;
+ 
+ void	 initialize_server_options(ServerOptions *);
+Index: auth1.c
+--- auth1.c.orig	Sat Nov 22 04:15:30 2003
++++ auth1.c	Fri Mar 12 12:30:48 2004
+@@ -26,6 +26,9 @@
+ #include "session.h"
+ #include "uidswap.h"
+ #include "monitor_wrap.h"
++#ifdef USE_ALIAS
++#include "match.h"
++#endif
+ 
+ /* import */
+ extern ServerOptions options;
+@@ -280,6 +283,10 @@
+ {
+ 	u_int ulen;
+ 	char *user, *style = NULL;
++#ifdef USE_ALIAS
++	int i, n;
++	char *cp;
++#endif
+ 
+ 	/* Get the name of the user that we wish to log in as. */
+ 	packet_read_expect(SSH_CMSG_USER);
+@@ -290,6 +297,25 @@
+ 
+ 	if ((style = strchr(user, ':')) != NULL)
+ 		*style++ = '\0';
++
++#ifdef USE_ALIAS
++	for (i = 0; i < options.num_alias; i++) {
++		if (match_pattern_list(user, options.alias[i].alias, strlen(options.alias[i].alias), 0) == 1) {
++			if (style != NULL) {
++				n = strlen(options.alias[i].user) + 1 + strlen(style) + 1;
++				cp = xmalloc(n);
++				snprintf(cp, n, "%s:%s", options.alias[i].user, style);
++				style = strchr(cp, ':');
++				*style++ = '\0';
++			}
++			else
++				cp = xstrdup(options.alias[i].user);
++			xfree(user);
++			user = cp;
++			break;
++		}
++	}
++#endif
+ 
+ 	authctxt->user = user;
+ 	authctxt->style = style;
+Index: auth2.c
+--- auth2.c.orig	Mon Nov 17 11:13:41 2003
++++ auth2.c	Fri Mar 12 12:30:48 2004
+@@ -35,6 +35,9 @@
+ #include "dispatch.h"
+ #include "pathnames.h"
+ #include "monitor_wrap.h"
++#ifdef USE_ALIAS
++#include "match.h"
++#endif
+ 
+ #ifdef GSSAPI
+ #include "ssh-gss.h"
+@@ -134,6 +137,10 @@
+ 	Authmethod *m = NULL;
+ 	char *user, *service, *method, *style = NULL;
+ 	int authenticated = 0;
++#ifdef USE_ALIAS
++	int i, n;
++	char *cp;
++#endif
+ 
+ 	if (authctxt == NULL)
+ 		fatal("input_userauth_request: no authctxt");
+@@ -146,6 +153,25 @@
+ 
+ 	if ((style = strchr(user, ':')) != NULL)
+ 		*style++ = 0;
++
++#ifdef USE_ALIAS
++	for (i = 0; i < options.num_alias; i++) {
++		if (match_pattern_list(user, options.alias[i].alias, strlen(options.alias[i].alias), 0) == 1) {
++			if (style != NULL) {
++				n = strlen(options.alias[i].user) + 1 + strlen(style) + 1;
++				cp = xmalloc(n);
++				snprintf(cp, n, "%s:%s", options.alias[i].user, style);
++				style = strchr(cp, ':');
++				*style++ = '\0';
++			}
++			else
++				cp = xstrdup(options.alias[i].user);
++			xfree(user);
++			user = cp;
++			break;
++		}
++	}
++#endif
+ 
+ 	if (authctxt->attempt++ == 0) {
+ 		/* setup auth context */
+Index: sshd_config.5
+--- sshd_config.5.orig	Wed Feb 18 04:31:24 2004
++++ sshd_config.5	Fri Mar 12 11:44:55 2004
+@@ -61,6 +61,16 @@
+ keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
+ .Bl -tag -width Ds
++.It Cm Alias
++Specifies an optional mapping of a list of user name aliases onto
++real user names.  The first argument is a comma separated list of
++user name aliases (optionally prefixed with '!' for negation) to
++match. The characters `*' and `?' can be used as wildcards in the
++alias patterns.  The second argument is the real user name onto
++which the aliases are mapped. This allows the use of appealing
++virtual login names (like `anonymous') instead of their physical
++counterparts (like `anoncvs').
++.Pp
+ .It Cm AllowGroups
+ This keyword can be followed by a list of group name patterns, separated
+ by spaces.

openssh/openssh.patch.chroot

@@ -0,0 +1,72 @@
+Index: session.c
+--- session.c.orig	2004-02-23 14:01:27.000000000 +0100
++++ session.c	2004-02-24 20:25:23.000000000 +0100
+@@ -1270,6 +1270,26 @@
+ 			exit(1);
+ 		}
+ 		endgrent();
++# ifdef USE_CHROOT
++		{
++			char *user_dir;
++			char *new_root;
++			user_dir = xstrdup(pw->pw_dir);
++			new_root = user_dir + 1;
++			while ((new_root = strchr(new_root, '.')) != NULL) {
++			    new_root--;
++			    if (strncmp(new_root, "/./", 3) == 0) {
++			        *new_root = '\0';
++			        new_root += 2;
++			        if (chroot(user_dir) == -1)
++			            fatal("Couldn't chroot to user directory \"%s\"", user_dir);
++			        pw->pw_dir = new_root;
++			        break;
++			    }
++			    new_root += 2;
++			}
++		}
++# endif /* USE_CHROOT */
+ # ifdef USE_PAM
+ 		/*
+ 		 * PAM credentials may take the form of supplementary groups.
+Index: sftp-server.c
+--- sftp-server.c.orig	2004-02-23 23:19:15.000000000 +0100
++++ sftp-server.c	2004-02-24 20:25:23.000000000 +0100
+@@ -1029,6 +1029,38 @@
+ 	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+ #endif
+ 
++#ifdef USE_CHROOT
++{
++	char *user_dir;
++	char *new_root;
++	user_dir = getenv("HOME");
++	if (user_dir == NULL)
++		fatal("HOME variable not found in environment");
++	new_root = user_dir + 1;
++	while ((new_root = strchr(new_root, '.')) != NULL) {
++		new_root--;
++		if (strncmp(new_root, "/./", 3) == 0) {
++			*new_root = '\0';
++			new_root += 2;
++			if (geteuid() == 0) {
++				/* chroot to subdir and adjust HOME for remaining path */
++				if (chroot(user_dir) == -1)
++					fatal("Couldn't chroot to user directory \"%s\": %s", user_dir, strerror(errno));
++				if (setuid(getuid()) == -1)
++					fatal("Couldn't drop privileges: %s", strerror(errno));
++				setenv("HOME", new_root, 1);
++			}
++			else {
++				/* ignore chroot request and adjust HOME for preceeding path */
++				setenv("HOME", user_dir, 1);
++			}
++			break;
++		}
++		new_root += 2;
++	}
++}
++#endif /* USE_CHROOT */
++
+ 	in = dup(STDIN_FILENO);
+ 	out = dup(STDOUT_FILENO);
+ 

openssh/openssh.spec

@@ -42,7 +42,7 @@ Class:        CORE
 Group:        Security
 License:      BSD
 Version:      %{V_base}%{V_portable}
-Release:      20040225
+Release:      20040312
 
 #   package options
 %option       with_fsl      yes
@@ -50,6 +50,7 @@ Release:      20040225
 %option       with_skey     no
 %option       with_x11      no
 %option       with_chroot   no
+%option       with_alias    no
 %option       with_watchdog no
 %option       with_ldap     no
 %option       with_wrap     no
@@ -65,8 +66,10 @@ Source6:      ssh-keyman
 Source7:      ssh-keyman.1
 Source8:      ssh-keyman.pod
 Patch0:       openssh.patch
-Patch1:       http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-%{V_watchdog}-watchdog.patch.tgz
-Patch2:       http://ldappubkey.gcu-squad.org/%{V_ldap_vers1}/ldappubkey-ossh%{V_ldap_base}-%{V_ldap_vers2}.patch
+Patch1:       openssh.patch.chroot
+Patch2:       openssh.patch.alias
+Patch3:       http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-%{V_watchdog}-watchdog.patch.tgz
+Patch4:       http://ldappubkey.gcu-squad.org/%{V_ldap_vers1}/ldappubkey-ossh%{V_ldap_base}-%{V_ldap_vers2}.patch
 
 #   build information
 Prefix:       %{l_prefix}
@@ -128,10 +131,16 @@ AutoReqProv:  no
 %prep
     #   unpack and patch distribution
     %setup -q
-    %patch -p0
+    %patch -p0 -P 0
     %{l_shtool} subst \
         -e 's;@l_openpkg_release@;%{l_openpkg_release -F "OpenPKG-%s"};' \
         version.h
+%if "%{with_chroot}" == "yes"
+    %patch -p0 -P 1
+%endif
+%if "%{with_alias}" == "yes"
+    %patch -p0 -P 2
+%endif
 %if "%{with_watchdog}" == "yes"
     %{l_gzip} -d -c %{SOURCE openssh-%{V_watchdog}-watchdog.patch.tgz} | %{l_tar} xf -
     %{l_patch} -p0 <openssh-%{V_watchdog}-watchdog.patch
@@ -147,6 +156,9 @@ AutoReqProv:  no
 %if "%{with_chroot}" == "yes"
     cflags="$cflags -DUSE_CHROOT"
 %endif
+%if "%{with_alias}" == "yes"
+    cflags="$cflags -DUSE_ALIAS"
+%endif
 %if "%{with_pam}" == "yes"
     cflags="$cflags -I`%{l_prefix}/etc/rc --query pam_incdir`"
     ldflags="$ldflags -L`%{l_prefix}/etc/rc --query pam_libdir`"