]>
Commit | Line | Data |
---|---|---|
9d8fd3ad SS |
1 | diff -up openssh-5.9p0/configure.ac.vendor openssh-5.9p0/configure.ac |
2 | --- openssh-5.9p0/configure.ac.vendor 2011-09-03 20:24:29.899501572 +0200 | |
3 | +++ openssh-5.9p0/configure.ac 2011-09-03 20:24:39.153501595 +0200 | |
4 | @@ -4131,6 +4131,12 @@ AC_ARG_WITH([lastlog], | |
5 | fi | |
6 | ] | |
7 | ) | |
8 | +AC_ARG_ENABLE(vendor-patchlevel, | |
9 | + [ --enable-vendor-patchlevel=TAG specify a vendor patch level], | |
10 | + [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.]) | |
11 | + SSH_VENDOR_PATCHLEVEL="$enableval"], | |
12 | + [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.]) | |
13 | + SSH_VENDOR_PATCHLEVEL=none]) | |
14 | ||
15 | dnl lastlog, [uw]tmpx? detection | |
16 | dnl NOTE: set the paths in the platform section to avoid the | |
17 | @@ -4357,6 +4363,7 @@ echo " Translate v4 in v6 hack | |
18 | echo " BSD Auth support: $BSD_AUTH_MSG" | |
19 | echo " Random number source: $RAND_MSG" | |
20 | echo " Privsep sandbox style: $SANDBOX_STYLE" | |
21 | +echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL" | |
22 | ||
23 | echo "" | |
24 | ||
25 | diff -up openssh-5.9p0/servconf.c.vendor openssh-5.9p0/servconf.c | |
26 | --- openssh-5.9p0/servconf.c.vendor 2011-09-03 20:24:29.080500853 +0200 | |
27 | +++ openssh-5.9p0/servconf.c 2011-09-03 20:27:15.727564566 +0200 | |
28 | @@ -130,6 +130,7 @@ initialize_server_options(ServerOptions | |
29 | options->max_authtries = -1; | |
30 | options->max_sessions = -1; | |
31 | options->banner = NULL; | |
32 | + options->show_patchlevel = -1; | |
33 | options->use_dns = -1; | |
34 | options->client_alive_interval = -1; | |
35 | options->client_alive_count_max = -1; | |
36 | @@ -300,6 +301,8 @@ fill_default_server_options(ServerOption | |
37 | options->ip_qos_interactive = IPTOS_LOWDELAY; | |
38 | if (options->ip_qos_bulk == -1) | |
39 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | |
40 | + if (options->show_patchlevel == -1) | |
41 | + options->show_patchlevel = 0; | |
42 | ||
43 | /* Turn privilege separation on by default */ | |
44 | if (use_privsep == -1) | |
45 | @@ -338,7 +341,7 @@ typedef enum { | |
46 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | |
47 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, | |
48 | sMaxStartups, sMaxAuthTries, sMaxSessions, | |
49 | - sBanner, sUseDNS, sHostbasedAuthentication, | |
50 | + sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication, | |
51 | sHostbasedUsesNameFromPacketOnly, sTwoFactorAuthentication, | |
52 | sSecondPubkeyAuthentication, sSecondGssAuthentication, | |
53 | sSecondPasswordAuthentication, sSecondKbdInteractiveAuthentication, | |
54 | @@ -470,6 +473,7 @@ static struct { | |
55 | { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, | |
56 | { "maxsessions", sMaxSessions, SSHCFG_ALL }, | |
57 | { "banner", sBanner, SSHCFG_ALL }, | |
58 | + { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL }, | |
59 | { "usedns", sUseDNS, SSHCFG_GLOBAL }, | |
60 | { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, | |
61 | { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, | |
62 | @@ -1152,6 +1156,10 @@ process_server_config_line(ServerOptions | |
63 | multistate_ptr = multistate_privsep; | |
64 | goto parse_multistate; | |
65 | ||
66 | + case sShowPatchLevel: | |
67 | + intptr = &options->show_patchlevel; | |
68 | + goto parse_flag; | |
69 | + | |
70 | case sAllowUsers: | |
71 | while ((arg = strdelim(&cp)) && *arg != '\0') { | |
72 | if (options->num_allow_users >= MAX_ALLOW_USERS) | |
73 | @@ -1849,6 +1857,7 @@ dump_config(ServerOptions *o) | |
74 | dump_cfg_fmtint(sUseLogin, o->use_login); | |
75 | dump_cfg_fmtint(sCompression, o->compression); | |
76 | dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); | |
77 | + dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); | |
78 | dump_cfg_fmtint(sUseDNS, o->use_dns); | |
79 | dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); | |
80 | dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); | |
81 | diff -up openssh-5.9p0/servconf.h.vendor openssh-5.9p0/servconf.h | |
82 | --- openssh-5.9p0/servconf.h.vendor 2011-09-03 20:24:29.179632045 +0200 | |
83 | +++ openssh-5.9p0/servconf.h 2011-09-03 20:24:39.426502323 +0200 | |
84 | @@ -148,6 +148,7 @@ typedef struct { | |
85 | int max_authtries; | |
86 | int max_sessions; | |
87 | char *banner; /* SSH-2 banner message */ | |
88 | + int show_patchlevel; /* Show vendor patch level to clients */ | |
89 | int use_dns; | |
90 | int client_alive_interval; /* | |
91 | * poke the client this often to | |
92 | diff -up openssh-5.9p0/sshd.c.vendor openssh-5.9p0/sshd.c | |
93 | --- openssh-5.9p0/sshd.c.vendor 2011-09-03 20:24:35.987501565 +0200 | |
94 | +++ openssh-5.9p0/sshd.c 2011-09-03 20:24:39.542501643 +0200 | |
95 | @@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in | |
96 | minor = PROTOCOL_MINOR_1; | |
97 | } | |
98 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | |
99 | - SSH_VERSION, newline); | |
100 | + (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, newline); | |
101 | server_version_string = xstrdup(buf); | |
102 | ||
103 | /* Send our protocol version identification. */ | |
104 | @@ -1627,7 +1627,8 @@ main(int ac, char **av) | |
105 | exit(1); | |
106 | } | |
107 | ||
108 | - debug("sshd version %.100s", SSH_RELEASE); | |
109 | + debug("sshd version %.100s", | |
110 | + (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE); | |
111 | ||
112 | /* Store privilege separation user for later use if required. */ | |
113 | if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { | |
114 | diff -up openssh-5.9p0/sshd_config.0.vendor openssh-5.9p0/sshd_config.0 | |
115 | --- openssh-5.9p0/sshd_config.0.vendor 2011-09-03 20:24:37.524438185 +0200 | |
116 | +++ openssh-5.9p0/sshd_config.0 2011-09-03 20:24:39.677508255 +0200 | |
117 | @@ -556,6 +556,11 @@ DESCRIPTION | |
118 | Defines the number of bits in the ephemeral protocol version 1 | |
119 | server key. The minimum value is 512, and the default is 1024. | |
120 | ||
121 | + ShowPatchLevel | |
122 | + Specifies whether sshd will display the specific patch level of | |
123 | + the binary in the server identification string. The patch level | |
124 | + is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^]. | |
125 | + | |
126 | StrictModes | |
127 | Specifies whether sshd(8) should check file modes and ownership | |
128 | of the user's files and home directory before accepting login. | |
129 | diff -up openssh-5.9p0/sshd_config.5.vendor openssh-5.9p0/sshd_config.5 | |
130 | --- openssh-5.9p0/sshd_config.5.vendor 2011-09-03 20:24:37.640442022 +0200 | |
131 | +++ openssh-5.9p0/sshd_config.5 2011-09-03 20:24:40.176544206 +0200 | |
132 | @@ -952,6 +952,14 @@ This option applies to protocol version | |
133 | .It Cm ServerKeyBits | |
134 | Defines the number of bits in the ephemeral protocol version 1 server key. | |
135 | The minimum value is 512, and the default is 1024. | |
136 | +.It Cm ShowPatchLevel | |
137 | +Specifies whether | |
138 | +.Nm sshd | |
139 | +will display the patch level of the binary in the identification string. | |
140 | +The patch level is set at compile-time. | |
141 | +The default is | |
142 | +.Dq no . | |
143 | +This option applies to protocol version 1 only. | |
144 | .It Cm StrictModes | |
145 | Specifies whether | |
146 | .Xr sshd 8 | |
147 | diff -up openssh-5.9p0/sshd_config.vendor openssh-5.9p0/sshd_config | |
148 | --- openssh-5.9p0/sshd_config.vendor 2011-09-03 20:24:37.770439735 +0200 | |
149 | +++ openssh-5.9p0/sshd_config 2011-09-03 20:24:40.278628002 +0200 | |
150 | @@ -120,6 +120,7 @@ X11Forwarding yes | |
151 | #Compression delayed | |
152 | #ClientAliveInterval 0 | |
153 | #ClientAliveCountMax 3 | |
154 | +#ShowPatchLevel no | |
155 | #UseDNS yes | |
156 | #PidFile /var/run/sshd.pid | |
157 | #MaxStartups 10 |