summaryrefslogtreecommitdiff
path: root/bugfix-openssh-add-option-check-username-splash.patch
diff options
context:
space:
mode:
Diffstat (limited to 'bugfix-openssh-add-option-check-username-splash.patch')
-rw-r--r--bugfix-openssh-add-option-check-username-splash.patch36
1 files changed, 20 insertions, 16 deletions
diff --git a/bugfix-openssh-add-option-check-username-splash.patch b/bugfix-openssh-add-option-check-username-splash.patch
index 1c8af38..9293230 100644
--- a/bugfix-openssh-add-option-check-username-splash.patch
+++ b/bugfix-openssh-add-option-check-username-splash.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] openssh: add option check username splash
add a check to inhibit username contains splash
add an option 'CheckUserSplash' so that user can turn off
this check
+
---
auth2.c | 4 +++-
servconf.c | 8 ++++++++
@@ -14,10 +15,10 @@ this check
4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/auth2.c b/auth2.c
-index 4d574bb..c480aab 100644
+index 4adc502..956b9cf 100644
--- a/auth2.c
+++ b/auth2.c
-@@ -278,11 +278,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
+@@ -282,11 +282,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
debug("userauth-request for user %s service %s method %s", user, service, method);
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
@@ -33,10 +34,10 @@ index 4d574bb..c480aab 100644
*style++ = 0;
diff --git a/servconf.c b/servconf.c
-index bcf69fd..b8340d8 100644
+index 7001d56..76147f9 100644
--- a/servconf.c
+++ b/servconf.c
-@@ -199,6 +199,7 @@ initialize_server_options(ServerOptions *options)
+@@ -195,6 +195,7 @@ initialize_server_options(ServerOptions *options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
@@ -44,7 +45,7 @@ index bcf69fd..b8340d8 100644
options->fingerprint_hash = -1;
options->disable_forwarding = -1;
options->expose_userauth_info = -1;
-@@ -456,6 +457,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -473,6 +474,8 @@ fill_default_server_options(ServerOptions *options)
options->ip_qos_bulk = IPTOS_DSCP_CS1;
if (options->version_addendum == NULL)
options->version_addendum = xstrdup("");
@@ -53,15 +54,15 @@ index bcf69fd..b8340d8 100644
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
options->fwd_opts.streamlocal_bind_mask = 0177;
if (options->fwd_opts.streamlocal_bind_unlink == -1)
-@@ -557,6 +560,7 @@ typedef enum {
+@@ -574,6 +577,7 @@ typedef enum {
+ sStreamLocalBindMask, sStreamLocalBindUnlink,
sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
- sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,
-+ sCheckUserSplash,
++ sCheckUserSplash,
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
-@@ -730,6 +734,7 @@ static struct {
+@@ -740,6 +744,7 @@ static struct {
{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
@@ -69,7 +70,7 @@ index bcf69fd..b8340d8 100644
{ "rdomain", sRDomain, SSHCFG_ALL },
{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
-@@ -1443,6 +1448,9 @@ process_server_config_line_depth(ServerOptions *options, char *line,
+@@ -1360,6 +1365,9 @@ process_server_config_line_depth(ServerOptions *options, char *line,
case sUsePAM:
intptr = &options->use_pam;
goto parse_flag;
@@ -80,22 +81,25 @@ index bcf69fd..b8340d8 100644
/* Standard Options */
case sBadOption:
diff --git a/servconf.h b/servconf.h
-index ccc0181..cb57dac 100644
+index a3827e5..2c16b5a 100644
--- a/servconf.h
+++ b/servconf.h
-@@ -237,6 +237,7 @@ typedef struct {
+@@ -226,6 +226,7 @@ typedef struct {
int fingerprint_hash;
int expose_userauth_info;
u_int64_t timing_secret;
-+ int check_user_splash; /* check whether splash exists in username, if exist, disable login */
++ int check_user_splash; /* check whether splash exists in username, if exist, disable login */
char *sk_provider;
- int required_rsa_size; /* minimum size of RSA keys */
+ } ServerOptions;
diff --git a/sshd_config b/sshd_config
-index 9851748..d57f11d 100644
+index ebc28b3..b121450 100644
--- a/sshd_config
+++ b/sshd_config
-@@ -128,3 +128,5 @@ Subsystem sftp /usr/libexec/sftp-server
+@@ -125,6 +125,8 @@ Subsystem sftp /usr/libexec/sftp-server
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-29 23:35:20 +0000