openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84393 Commits
1 Branch
2 Tags
575 MiB
 
 
 
 
 
 
Tree: b1dc55e4ac
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b1dc55e4ac'
${ noResults }
openpkg-packages/openssh/openssh.patch.alias

147 lines
4.3 KiB
Raw Blame History

Index: auth2.c
--- auth2.c.orig 2019-10-09 02:31:03.000000000 +0200
+++ auth2.c 2019-10-09 23:03:07.620858000 +0200
@@ -58,6 +58,9 @@
#endif
#include "monitor_wrap.h"
#include "digest.h"
+#ifdef USE_ALIAS
+#include "match.h"
+#endif
/* import */
extern ServerOptions options;
@@ -266,6 +269,10 @@
char *user = NULL, *service = NULL, *method = NULL, *style = NULL;
int r, authenticated = 0;
double tstart = monotime_double();
+#ifdef USE_ALIAS
+ int i, n;
+ char *cp;
+#endif
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -280,6 +287,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
+#ifdef USE_ALIAS
+ for (i = 0; i < options.num_alias; i++) {
+ if (match_pattern_list(user, options.alias[i].alias, strlen(options.alias[i].alias), 0) == 1) {
+ if (style != NULL) {
+ n = strlen(options.alias[i].user) + 1 + strlen(style) + 1;
+ cp = xmalloc(n);
+ snprintf(cp, n, "%s:%s", options.alias[i].user, style);
+ style = strchr(cp, ':');
+ *style++ = '\0';
+ }
+ else
+ cp = xstrdup(options.alias[i].user);
+ free(user);
+ user = cp;
+ break;
+ }
+ }
+#endif
+
if (authctxt->attempt++ == 0) {
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
Index: servconf.c
--- servconf.c.orig 2019-10-09 02:31:03.000000000 +0200
+++ servconf.c 2019-10-09 23:02:49.385146000 +0200
@@ -180,6 +180,9 @@
options->fingerprint_hash = -1;
options->disable_forwarding = -1;
options->expose_userauth_info = -1;
+#ifdef USE_ALIAS
+ options->num_alias = 0;
+#endif
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -510,6 +513,9 @@
sStreamLocalBindMask, sStreamLocalBindUnlink,
sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
sExposeAuthInfo, sRDomain,
+#ifdef USE_ALIAS
+ sAlias,
+#endif
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
@@ -658,6 +664,9 @@
{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
{ "rdomain", sRDomain, SSHCFG_ALL },
{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
+#ifdef USE_ALIAS
+ { "alias", sAlias },
+#endif
{ NULL, sBadOption, 0 }
};
@@ -2173,6 +2182,26 @@
*charptr = xstrdup(arg);
break;
+#ifdef USE_ALIAS
+ case sAlias:
+ if (options->num_alias >= MAX_ALIAS) {
+ fatal("%s line %d: too many user alias defined.",
+ filename, linenum);
+ }
+ arg = strdelim(&cp);
+ if (arg == NULL || arg[0] == '\0')
+ fatal("%s line %d: missing user name alias(es).",
+ filename, linenum);
+ options->alias[options->num_alias].alias = xstrdup(arg);
+ arg = strdelim(&cp);
+ if (arg == NULL || arg[0] == '\0')
+ fatal("%s line %d: missing user name to map alias '%s' to.",
+ filename, linenum, options->alias[options->num_alias].alias);
+ options->alias[options->num_alias].user = xstrdup(arg);
+ options->num_alias++;
+ break;
+#endif
+
case sDeprecated:
case sIgnore:
case sUnsupported:
Index: servconf.h
--- servconf.h.orig 2019-10-09 02:31:03.000000000 +0200
+++ servconf.h 2019-10-09 23:02:49.385581000 +0200
@@ -211,6 +211,14 @@
int fingerprint_hash;
int expose_userauth_info;
u_int64_t timing_secret;
+#ifdef USE_ALIAS
+#define MAX_ALIAS 256
+ u_int num_alias;
+ struct {
+ char *alias; /* the alias list to match */
+ char *user; /* the username to map to */
+ } alias[MAX_ALIAS];
+#endif
} ServerOptions;
/* Information about the incoming connection as used by Match */
Index: sshd_config.5
--- sshd_config.5.orig 2019-10-09 02:31:03.000000000 +0200
+++ sshd_config.5 2019-10-09 23:02:49.386206000 +0200
@@ -106,6 +106,15 @@
Note that disabling agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.
+.It Cm Alias
+Specifies an optional mapping of a list of user name aliases onto
+real user names. The first argument is a comma separated list of
+user name aliases (optionally prefixed with '!' for negation) to
+match. The characters `*' and `?' can be used as wildcards in the
+alias patterns. The second argument is the real user name onto
+which the aliases are mapped. This allows the use of appealing
+virtual login names (like `anonymous') instead of their physical
+counterparts (like `anoncvs').
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.