1 From 02ca99dfcbeade2367a527b5024137946914d4fc Mon Sep 17 00:00:00 2001
2 From: Alex Wilson <alex.wilson@joyent.com>
3 Date: Thu, 15 Oct 2015 16:02:37 -0700
4 Subject: [PATCH 35/36] Let us put a fallback copy of DH moduli in a system
5 path
6
7 Live distributions like SmartOS can't keep and update default
8 config in directories like /etc/ssh very easily, so we should
9 put the default "moduli" file in a system path and fall back to
10 that if we can't find one in the SSHKEYDIR.
11 ---
12 Makefile.in | 17 +++++------------
13 configure.ac | 15 +++++++++++++++
14 dh.c | 3 +++
15 3 files changed, 23 insertions(+), 12 deletions(-)
16
17 diff --git a/Makefile.in b/Makefile.in
18 index 5e05771..afe15c8 100644
19 --- a/Makefile.in
20 +++ b/Makefile.in
21 @@ -19,6 +19,7 @@ piddir=@piddir@
22 srcdir=@srcdir@
23 top_srcdir=@top_srcdir@
24 keydir=@keydir@
25 +modulidir=@modulidir@
26
27 DESTDIR=
28 VPATH=@srcdir@
29 @@ -139,8 +140,8 @@ PATHSUBS = \
30 -e 's|/etc/ssh/ssh_host_rsa_key|$(keydir)/ssh_host_rsa_key|g' \
31 -e 's|/etc/ssh/ssh_host_ed25519_key|$(keydir)/ssh_host_ed25519_key|g' \
32 -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
33 - -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
34 - -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
35 + -e 's|/etc/moduli|$(modulidir)/moduli|g' \
36 + -e 's|/etc/ssh/moduli|$(modulidir)/moduli|g' \
37 -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
38 -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
39 -e 's|/var/empty|$(PRIVSEP_PATH)|g' \
40 @@ -367,6 +368,8 @@ install-files:
41 $(INSTALL) -m 555 smf/method.sh $(SMFMETHODDIR)/sshd
42 $(INSTALL) -m 444 smf/manifest.xml $(SMFNETMANIDIR)/ssh.xml
43 mkdir -p $(DESTDIR)$(keydir)
44 + $(srcdir)/mkinstalldirs $(DESTDIR)$(modulidir)
45 + $(INSTALL) -m 644 moduli.out $(DESTDIR)$(modulidir)/moduli
46
47 install-sysconf:
48 if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
49 @@ -382,16 +385,6 @@ install-sysconf:
50 else \
51 echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
52 fi
53 - @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
54 - if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
55 - echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
56 - mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \
57 - else \
58 - $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \
59 - fi ; \
60 - else \
61 - echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
62 - fi
63
64 host-key: ssh-keygen$(EXEEXT)
65 @if [ -z "$(DESTDIR)" ] ; then \
66 diff --git a/configure.ac b/configure.ac
67 index 0097431..c5da202 100644
68 --- a/configure.ac
69 +++ b/configure.ac
70 @@ -4713,6 +4713,21 @@ AC_DEFINE_UNQUOTED([SSHKEYDIR], ["$keydir"],
71 [Specify location of SSH host keys])
72 AC_SUBST([keydir])
73
74 +modulidir=$sysconfdir
75 +AC_ARG_WITH([sys-moduli],
76 + [ --with-sys-moduli=PATH Specify location for system default moduli],
77 + [
78 + if test -n "$withval" && test "x$withval" != "xno" && \
79 + test "x${withval}" != "xyes"; then
80 + sysmoduli=$withval
81 + modulidir=`dirname $sysmoduli`
82 + AC_DEFINE_UNQUOTED([_PATH_SYS_MODULI], ["$sysmoduli"],
83 + [Specify location for system default moduli])
84 + fi
85 + ]
86 +)
87 +AC_SUBST([modulidir])
88 +
89 dnl allow user to disable some login recording features
90 AC_ARG_ENABLE([lastlog],
91 [ --disable-lastlog disable use of lastlog even if detected [no]],
92 diff --git a/dh.c b/dh.c
93 index 4c639ac..a1a0639 100644
94 --- a/dh.c
95 +++ b/dh.c
96 @@ -152,6 +152,9 @@ choose_dh(int min, int wantbits, int max)
97 struct dhgroup dhg;
98
99 if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
100 +#if defined(_PATH_SYS_MODULI)
101 + (f = fopen(_PATH_SYS_MODULI, "r")) == NULL &&
102 +#endif
103 (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
104 logit("WARNING: %s does not exist, using fixed modulus",
105 _PATH_DH_MODULI);
106 --
107 2.5.4 (Apple Git-61)
108