[oi-userland.git] / components / network / hpn-ssh / patches / 0027-Set-default-sshd-options-based-on-etc-default-login.patch
| blob | b17374ba702f0ecd1c1dc58dba111b374845950b |
1 --- hpn-ssh-hpn-18.4.2/pathnames.h.orig
2 +++ hpn-ssh-hpn-18.4.2/pathnames.h
3 @@ -42,6 +42,7 @@
4 #define _PATH_HOST_XMSS_KEY_FILE SSHDIR "/ssh_host_xmss_key"
5 #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
6 #define _PATH_DH_MODULI SSHDIR "/moduli"
7 +#define _PATH_DEFAULT_LOGIN ETCDIR "/default/login"
9 #ifndef _PATH_SSH_PROGRAM
10 #define _PATH_SSH_PROGRAM "/usr/bin/hpnssh"
11 --- hpn-ssh-hpn-18.4.2/servconf.c.orig
12 +++ hpn-ssh-hpn-18.4.2/servconf.c
13 @@ -36,6 +36,7 @@
14 #include <unistd.h>
15 #include <limits.h>
16 #include <stdarg.h>
17 +#include <deflt.h>
18 #include <errno.h>
19 #ifdef HAVE_UTIL_H
20 #include <util.h>
21 @@ -224,6 +225,64 @@
22 return o == NULL || strcasecmp(o, "none") == 0;
23 }
25 +/*
26 + * Reads /etc/default/login and defaults several ServerOptions:
27 + *
28 + * PermitRootLogin
29 + * PermitEmptyPasswords
30 + * LoginGraceTime
31 + *
32 + * CONSOLE=* -> PermitRootLogin=without-password
33 + * #CONSOLE=* -> PermitRootLogin=yes
34 + *
35 + * PASSREQ=YES -> PermitEmptyPasswords=no
36 + * PASSREQ=NO -> PermitEmptyPasswords=yes
37 + * #PASSREQ=* -> PermitEmptyPasswords=no
38 + *
39 + * TIMEOUT=<secs> -> LoginGraceTime=<secs>
40 + * #TIMEOUT=<secs> -> LoginGraceTime=300
41 + */
42 +static void
43 +deflt_fill_default_server_options(ServerOptions *options)
44 +{
45 + int flags;
46 + char *ptr;
47 +
48 + if (defopen(_PATH_DEFAULT_LOGIN))
49 + return;
50 +
51 + /* Ignore case */
52 + flags = defcntl(DC_GETFLAGS, 0);
53 + TURNOFF(flags, DC_CASE);
54 + (void) defcntl(DC_SETFLAGS, flags);
55 +
56 + if (options->permit_root_login == PERMIT_NOT_SET &&
57 + (ptr = defread("CONSOLE=")) != NULL)
58 + options->permit_root_login = PERMIT_NO_PASSWD;
59 +
60 + if (options->permit_empty_passwd == -1 &&
61 + (ptr = defread("PASSREQ=")) != NULL) {
62 + if (strcasecmp("YES", ptr) == 0)
63 + options->permit_empty_passwd = 0;
64 + else if (strcasecmp("NO", ptr) == 0)
65 + options->permit_empty_passwd = 1;
66 + }
67 +
68 + if (options->max_authtries == -1 &&
69 + (ptr = defread("RETRIES=")) != NULL) {
70 + options->max_authtries = atoi(ptr);
71 + }
72 +
73 + if (options->login_grace_time == -1) {
74 + if ((ptr = defread("TIMEOUT=")) != NULL)
75 + options->login_grace_time = (unsigned)atoi(ptr);
76 + else
77 + options->login_grace_time = 300;
78 + }
79 +
80 + (void) defopen((char *)NULL);
81 +}
82 +
83 static void
84 assemble_algorithms(ServerOptions *o)
85 {
86 @@ -304,6 +363,8 @@
87 options->use_pam = 0;
88 #endif
90 + deflt_fill_default_server_options(options);
91 +
92 /* Standard Options */
93 if (options->num_host_key_files == 0) {
94 /* fill default hostkeys for protocols */
95 --- hpn-ssh-hpn-18.4.2/hpnsshd_config.5.orig
96 +++ hpn-ssh-hpn-18.4.2/hpnsshd_config.5
97 @@ -1349,7 +1349,14 @@
98 connection.
99 Once the number of failures reaches half this value,
100 additional failures are logged.
101 -The default is 6.
102 +The default is 6, or the value given by
103 +.Dq RETRIES=
104 +in the file
105 +.Pa /etc/default/login ,
106 +if available
107 +.Po see
108 +.Xr login 1
109 +.Pc .
110 .It Cm MaxSessions
111 Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
112 sessions permitted per network connection.
113 @@ -1437,7 +1444,14 @@
114 When password authentication is allowed, it specifies whether the
115 server allows login to accounts with empty password strings.
116 The default is
117 -.Cm no .
118 +.Cm no
119 +unless
120 +.Dq PASSREQ=YES
121 +is present in
122 +.Pa /etc/default/login
123 +.Po see
124 +.Xr login 1
125 +.Pc .
126 .It Cm PermitListen
127 Specifies the addresses/ports on which a remote TCP port forwarding may listen.
128 The listen specification must be one of the following forms: