openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76206 Commits
1 Branch
2 Tags
576 MiB
 
 
 
 
 
 
Tree: c92b54f40a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c92b54f40a'
${ noResults }
openpkg-packages/openssh/openssh.patch.alias

147 lines
4.3 KiB
Raw Blame History

Index: auth2.c
--- auth2.c.orig 2018-08-23 07:41:42.000000000 +0200
+++ auth2.c 2018-09-01 10:12:20.709881000 +0200
@@ -52,6 +52,9 @@
#include "pathnames.h"
#include "sshbuf.h"
#include "ssherr.h"
+#ifdef USE_ALIAS
+#include "match.h"
+#endif
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -258,6 +261,10 @@
char *user, *service, *method, *style = NULL;
int authenticated = 0;
double tstart = monotime_double();
+#ifdef USE_ALIAS
+ int i, n;
+ char *cp;
+#endif
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -271,6 +278,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
+#ifdef USE_ALIAS
+ for (i = 0; i < options.num_alias; i++) {
+ if (match_pattern_list(user, options.alias[i].alias, strlen(options.alias[i].alias), 0) == 1) {
+ if (style != NULL) {
+ n = strlen(options.alias[i].user) + 1 + strlen(style) + 1;
+ cp = xmalloc(n);
+ snprintf(cp, n, "%s:%s", options.alias[i].user, style);
+ style = strchr(cp, ':');
+ *style++ = '\0';
+ }
+ else
+ cp = xstrdup(options.alias[i].user);
+ free(user);
+ user = cp;
+ break;
+ }
+ }
+#endif
+
if (authctxt->attempt++ == 0) {
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(user));
Index: servconf.c
--- servconf.c.orig 2018-08-23 07:41:42.000000000 +0200
+++ servconf.c 2018-09-01 10:12:43.858285000 +0200
@@ -179,6 +179,9 @@
options->fingerprint_hash = -1;
options->disable_forwarding = -1;
options->expose_userauth_info = -1;
+#ifdef USE_ALIAS
+ options->num_alias = 0;
+#endif
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -493,6 +496,9 @@
sStreamLocalBindMask, sStreamLocalBindUnlink,
sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
sExposeAuthInfo, sRDomain,
+#ifdef USE_ALIAS
+ sAlias,
+#endif
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
@@ -640,6 +646,9 @@
{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
{ "rdomain", sRDomain, SSHCFG_ALL },
+#ifdef USE_ALIAS
+ { "alias", sAlias },
+#endif
{ NULL, sBadOption, 0 }
};
@@ -2140,6 +2149,26 @@
*charptr = xstrdup(arg);
break;
+#ifdef USE_ALIAS
+ case sAlias:
+ if (options->num_alias >= MAX_ALIAS) {
+ fatal("%s line %d: too many user alias defined.",
+ filename, linenum);
+ }
+ arg = strdelim(&cp);
+ if (arg == NULL || arg[0] == '\0')
+ fatal("%s line %d: missing user name alias(es).",
+ filename, linenum);
+ options->alias[options->num_alias].alias = xstrdup(arg);
+ arg = strdelim(&cp);
+ if (arg == NULL || arg[0] == '\0')
+ fatal("%s line %d: missing user name to map alias '%s' to.",
+ filename, linenum, options->alias[options->num_alias].alias);
+ options->alias[options->num_alias].user = xstrdup(arg);
+ options->num_alias++;
+ break;
+#endif
+
case sDeprecated:
case sIgnore:
case sUnsupported:
Index: servconf.h
--- servconf.h.orig 2018-09-01 10:07:54.166385000 +0200
+++ servconf.h 2018-09-01 10:12:58.979187000 +0200
@@ -209,6 +209,14 @@
int fingerprint_hash;
int expose_userauth_info;
u_int64_t timing_secret;
+#ifdef USE_ALIAS
+#define MAX_ALIAS 256
+ u_int num_alias;
+ struct {
+ char *alias; /* the alias list to match */
+ char *user; /* the username to map to */
+ } alias[MAX_ALIAS];
+#endif
} ServerOptions;
/* Information about the incoming connection as used by Match */
Index: sshd_config.5
--- sshd_config.5.orig 2018-08-23 07:41:42.000000000 +0200
+++ sshd_config.5 2018-09-01 10:07:54.167149000 +0200
@@ -106,6 +106,15 @@
Note that disabling agent forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.
+.It Cm Alias
+Specifies an optional mapping of a list of user name aliases onto
+real user names. The first argument is a comma separated list of
+user name aliases (optionally prefixed with '!' for negation) to
+match. The characters `*' and `?' can be used as wildcards in the
+alias patterns. The second argument is the real user name onto
+which the aliases are mapped. This allows the use of appealing
+virtual login names (like `anonymous') instead of their physical
+counterparts (like `anoncvs').
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.