File openssh-8.4p1-vendordir.patch of Package openssh

Gemeinsame Unterverzeichnisse: openssh-8.4p1/contrib und openssh-8.4p1-vendor/contrib.
Index: openssh-8.9p1/dh.c
===================================================================
--- openssh-8.9p1.orig/dh.c
+++ openssh-8.9p1/dh.c
@@ -54,7 +54,17 @@ void dh_set_moduli_file(const char *file
 
 static const char * get_moduli_filename(void)
 {
-	return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
+	struct stat st;
+
+	if (moduli_filename)
+		return moduli_filename;
+
+	if (stat(_PATH_VENDOR_DH_MODULI, &st) == 0 &&
+	    stat(_PATH_DH_MODULI, &st) == -1) {
+	        return _PATH_VENDOR_DH_MODULI;
+	}
+
+	return _PATH_DH_MODULI;
 }
 
 static int
Index: openssh-8.9p1/pathnames.h
===================================================================
--- openssh-8.9p1.orig/pathnames.h
+++ openssh-8.9p1/pathnames.h
@@ -18,6 +18,8 @@
 #define SSHDIR				ETCDIR "/ssh"
 #endif
 
+#define VENDORDIR			"/usr/etc/ssh"
+
 #ifndef _PATH_SSH_PIDDIR
 #define _PATH_SSH_PIDDIR		"/var/run"
 #endif
@@ -35,13 +37,17 @@
  * should be world-readable.
  */
 #define _PATH_SERVER_CONFIG_FILE	SSHDIR "/sshd_config"
+#define _PATH_SERVER_VENDOR_CONFIG_FILE	VENDORDIR "/sshd_config"
 #define _PATH_HOST_CONFIG_FILE		SSHDIR "/ssh_config"
+#define _PATH_HOST_VENDOR_CONFIG_FILE   VENDORDIR "/ssh_config"
 #define _PATH_HOST_DSA_KEY_FILE		SSHDIR "/ssh_host_dsa_key"
 #define _PATH_HOST_ECDSA_KEY_FILE	SSHDIR "/ssh_host_ecdsa_key"
 #define _PATH_HOST_ED25519_KEY_FILE	SSHDIR "/ssh_host_ed25519_key"
 #define _PATH_HOST_XMSS_KEY_FILE	SSHDIR "/ssh_host_xmss_key"
 #define _PATH_HOST_RSA_KEY_FILE		SSHDIR "/ssh_host_rsa_key"
 #define _PATH_DH_MODULI			SSHDIR "/moduli"
+#define	_PATH_VENDOR_DH_MODULI		VENDORDIR "/moduli"
+
 
 #ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
Index: openssh-8.9p1/ssh.c
===================================================================
--- openssh-8.9p1.orig/ssh.c
+++ openssh-8.9p1/ssh.c
@@ -549,6 +549,7 @@ static void
 process_config_files(const char *host_name, struct passwd *pw, int final_pass,
     int *want_final_pass)
 {
+	struct stat st;
 	char buf[PATH_MAX];
 	int r;
 
@@ -567,10 +568,23 @@ process_config_files(const char *host_na
 			    &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF |
 			    (final_pass ? SSHCONF_FINAL : 0), want_final_pass);
 
-		/* Read systemwide configuration file after user config. */
-		(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
-		    host, host_name, &options,
-		    final_pass ? SSHCONF_FINAL : 0, want_final_pass);
+		/* If only the vendor configuration file exists, use that.
+		 * Else use the standard configuration file.
+		 */
+		if (stat(_PATH_HOST_VENDOR_CONFIG_FILE, &st) == 0 &&
+		    stat(_PATH_HOST_CONFIG_FILE, &st) == -1) {
+		        /* Read vendor distributed configuration file. */
+		        (void)read_config_file(_PATH_HOST_VENDOR_CONFIG_FILE,
+					       pw, host, host_name, &options,
+					       final_pass ? SSHCONF_FINAL : 0,
+					       want_final_pass);
+		} else {
+		        /* Read systemwide configuration file after user config. */
+		        (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
+					       host, host_name, &options,
+					       final_pass ? SSHCONF_FINAL : 0,
+					       want_final_pass);
+		}
 	}
 }
 
Index: openssh-8.9p1/ssh_config.5
===================================================================
--- openssh-8.9p1.orig/ssh_config.5
+++ openssh-8.9p1/ssh_config.5
@@ -54,6 +54,9 @@ user's configuration file
 .It
 system-wide configuration file
 .Pq Pa /etc/ssh/ssh_config
+.It
+vendor configuration file
+.Pq Pa /usr/etc/ssh/ssh_config
 .El
 .Pp
 Unless noted otherwise, for each parameter, the first obtained value
@@ -2220,6 +2223,11 @@ This file provides defaults for those
 values that are not specified in the user's configuration file, and
 for those users who do not have a configuration file.
 This file must be world-readable.
+.It Pa /usr/etc/ssh/ssh_config
+Vendor specific configuraiton file.
+This file provides the vendor defaults and is used as fallback if the
+.Ic /etc/ssh/ssh_config
+configuration file does not exist.
 .El
 .Sh SEE ALSO
 .Xr ssh 1
Index: openssh-8.9p1/sshd.c
===================================================================
--- openssh-8.9p1.orig/sshd.c
+++ openssh-8.9p1/sshd.c
@@ -1201,7 +1201,8 @@ prepare_proctitle(int ac, char **av)
 	extern char *optarg;
 	extern int optind;
 	int log_stderr = 0, inetd_flag = 0, test_flag = 0, no_daemon_flag = 0;
-	char *config_file_name = _PATH_SERVER_CONFIG_FILE;
+	char *config_file_name = NULL;
+	struct stat st;
 	int r, opt, do_dump_cfg = 0, keytype, already_daemon, have_agent = 0;
 	int sock_in = -1, sock_out = -1, newsock = -1, rexec_argc = 0;
 	int devnull, config_s[2] = { -1 , -1 }, have_connection_info = 0;
@@ -1806,7 +1807,21 @@ main(int ac, char **av)
 	/* Fetch our configuration */
 	if ((cfg = sshbuf_new()) == NULL)
 		fatal("sshbuf_new config failed");
+	if (config_file_name == NULL) {
+	        /* If only the vendor configuration file exists, use that.
+		 * Else use the standard configuration file.
+		 */
+		if (stat(_PATH_SERVER_VENDOR_CONFIG_FILE, &st) == 0 &&
+		    stat(_PATH_SERVER_CONFIG_FILE, &st) == -1) {
+		        /* fill with global distributor settings */
+                        config_file_name = _PATH_SERVER_VENDOR_CONFIG_FILE;
+		} else {
+		        /* load global admin settings */
+			config_file_name = _PATH_SERVER_CONFIG_FILE;
+		}
+		load_server_config(config_file_name, cfg);
-	if (strcasecmp(config_file_name, "none") != 0)
+ 	} else if (strcasecmp(config_file_name, "none") != 0)
+	        /* load config specified on commandline */
 		load_server_config(config_file_name, cfg);
 
 	parse_server_config(&options, config_file_name, cfg,
Index: openssh-8.9p1/sshd_config.5
===================================================================
--- openssh-8.9p1.orig/sshd_config.5
+++ openssh-8.9p1/sshd_config.5
@@ -44,7 +44,9 @@
 .Xr sshd 8
 reads configuration data from
 .Pa /etc/ssh/sshd_config
-(or the file specified with
+(
+.Pa /usr/etc/ssh/sshd_config
+if the file does not exist or the file specified with
 .Fl f
 on the command line).
 The file contains keyword-argument pairs, one per line.
Index: openssh-8.9p1/ssh-keysign.c
===================================================================
--- openssh-8.9p1.orig/ssh-keysign.c
+++ openssh-8.9p1/ssh-keysign.c
@@ -186,6 +186,7 @@ main(int argc, char **argv)
 	u_char *signature, *data, rver;
 	char *host, *fp, *pkalg;
 	size_t slen, dlen;
+	struct stat st;
 
 	if (pledge("stdio rpath getpw dns id", NULL) != 0)
 		fatal("%s: pledge: %s", __progname, strerror(errno));
@@ -219,8 +220,14 @@ main(int argc, char **argv)
 
 	/* verify that ssh-keysign is enabled by the admin */
 	initialize_options(&options);
-	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
-	    &options, 0, NULL);
+
+	if (stat(_PATH_HOST_CONFIG_FILE, &st) == 0)
+	        (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
+		    &options, 0, NULL);
+	else
+	        (void)read_config_file(_PATH_HOST_VENDOR_CONFIG_FILE, pw, "", "",
+		    &options, 0, NULL);
+
 	(void)fill_default_options(&options);
 	if (options.enable_ssh_keysign != 1)
 		fatal("ssh-keysign not enabled in %s",