openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45211 Commits
1 Branch
2 Tags
597 MiB
 
 
 
 
 
 
Tree: 5f3bb1bc15
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f3bb1bc15'
${ noResults }
openpkg-packages/openssh/openssh.patch.alias

197 lines
5.3 KiB
Raw Blame History

Index: auth1.c
--- auth1.c.orig 2010-08-31 14:36:39.000000000 +0200
+++ auth1.c 2011-12-11 10:37:35.000000000 +0100
@@ -40,6 +40,9 @@
#endif
#include "monitor_wrap.h"
#include "buffer.h"
+#ifdef USE_ALIAS
+#include "match.h"
+#endif
/* import */
extern ServerOptions options;
@@ -384,6 +387,10 @@
{
u_int ulen;
char *user, *style = NULL;
+#ifdef USE_ALIAS
+ int i, n;
+ char *cp;
+#endif
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
@@ -395,6 +402,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
+#ifdef USE_ALIAS
+ for (i = 0; i < options.num_alias; i++) {
+ if (match_pattern_list(user, options.alias[i].alias, strlen(options.alias[i].alias), 0) == 1) {
+ if (style != NULL) {
+ n = strlen(options.alias[i].user) + 1 + strlen(style) + 1;
+ cp = xmalloc(n);
+ snprintf(cp, n, "%s:%s", options.alias[i].user, style);
+ style = strchr(cp, ':');
+ *style++ = '\0';
+ }
+ else
+ cp = xstrdup(options.alias[i].user);
+ xfree(user);
+ user = cp;
+ break;
+ }
+ }
+#endif
+
authctxt->user = user;
authctxt->style = style;
Index: auth2.c
--- auth2.c.orig 2011-05-05 06:04:11.000000000 +0200
+++ auth2.c 2011-12-11 10:37:35.000000000 +0100
@@ -49,6 +49,9 @@
#include "dispatch.h"
#include "pathnames.h"
#include "buffer.h"
+#ifdef USE_ALIAS
+#include "match.h"
+#endif
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -217,6 +220,10 @@
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
+#ifdef USE_ALIAS
+ int i, n;
+ char *cp;
+#endif
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -230,6 +237,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
+#ifdef USE_ALIAS
+ for (i = 0; i < options.num_alias; i++) {
+ if (match_pattern_list(user, options.alias[i].alias, strlen(options.alias[i].alias), 0) == 1) {
+ if (style != NULL) {
+ n = strlen(options.alias[i].user) + 1 + strlen(style) + 1;
+ cp = xmalloc(n);
+ snprintf(cp, n, "%s:%s", options.alias[i].user, style);
+ style = strchr(cp, ':');
+ *style++ = '\0';
+ }
+ else
+ cp = xstrdup(options.alias[i].user);
+ xfree(user);
+ user = cp;
+ break;
+ }
+ }
+#endif
+
if (authctxt->attempt++ == 0) {
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(user));
Index: servconf.c
--- servconf.c.orig 2011-06-23 00:30:03.000000000 +0200
+++ servconf.c 2011-12-11 10:37:35.000000000 +0100
@@ -138,6 +138,9 @@
options->authorized_principals_file = NULL;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
+#ifdef USE_ALIAS
+ options->num_alias = 0;
+#endif
}
void
@@ -324,6 +327,9 @@
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sKexAlgorithms, sIPQoS,
+#ifdef USE_ALIAS
+ sAlias,
+#endif
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -448,6 +454,9 @@
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
+#ifdef USE_ALIAS
+ { "alias", sAlias },
+#endif
{ NULL, sBadOption, 0 }
};
@@ -1402,6 +1411,26 @@
arg = strdelim(&cp);
break;
+#ifdef USE_ALIAS
+ case sAlias:
+ if (options->num_alias >= MAX_ALIAS) {
+ fatal("%s line %d: too many user alias defined.",
+ filename, linenum);
+ }
+ arg = strdelim(&cp);
+ if (arg == NULL || arg[0] == '\0')
+ fatal("%s line %d: missing user name alias(es).",
+ filename, linenum);
+ options->alias[options->num_alias].alias = xstrdup(arg);
+ arg = strdelim(&cp);
+ if (arg == NULL || arg[0] == '\0')
+ fatal("%s line %d: missing user name to map alias '%s' to.",
+ filename, linenum, options->alias[options->num_alias].alias);
+ options->alias[options->num_alias].user = xstrdup(arg);
+ options->num_alias++;
+ break;
+#endif
+
case sUnsupported:
logit("%s line %d: Unsupported option %s",
filename, linenum, arg);
Index: servconf.h
--- servconf.h.orig 2011-06-23 00:30:03.000000000 +0200
+++ servconf.h 2011-12-11 10:37:35.000000000 +0100
@@ -166,6 +166,14 @@
char *revoked_keys_file;
char *trusted_user_ca_keys;
char *authorized_principals_file;
+#ifdef USE_ALIAS
+#define MAX_ALIAS 256
+ u_int num_alias;
+ struct {
+ char *alias; /* the alias list to match */
+ char *user; /* the username to map to */
+ } alias[MAX_ALIAS];
+#endif
} ServerOptions;
/*
Index: sshd_config.5
--- sshd_config.5.orig 2011-08-05 22:17:33.000000000 +0200
+++ sshd_config.5 2011-12-11 10:37:35.000000000 +0100
@@ -103,6 +103,15 @@
Note that disabling agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.
+.It Cm Alias
+Specifies an optional mapping of a list of user name aliases onto
+real user names. The first argument is a comma separated list of
+user name aliases (optionally prefixed with '!' for negation) to
+match. The characters `*' and `?' can be used as wildcards in the
+alias patterns. The second argument is the real user name onto
+which the aliases are mapped. This allows the use of appealing
+virtual login names (like `anonymous') instead of their physical
+counterparts (like `anoncvs').
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.