diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-24 21:39:36 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-24 21:39:36 +0000 |
commit | 964476f91b66c475d5b8fa1e8b28d39a97a1b56e (patch) | |
tree | d12ff16d94cffc5d84dba0193eaaa616967c9c2c /openbsd-compat | |
parent | cadac134eda6ed97478afdc528a68dd33f31dbc5 (diff) | |
parent | 1e4cfeee6c17b02af09418c5afe4a4d71aaaf0c8 (diff) |
import openssh-5.3p1-gsskex-all-20100124.patch
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 124 | ||||
-rw-r--r-- | openbsd-compat/bsd-cygwin_util.h | 5 | ||||
-rw-r--r-- | openbsd-compat/daemon.c | 10 | ||||
-rw-r--r-- | openbsd-compat/getrrsetbyname.c | 2 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.c | 11 | ||||
-rw-r--r-- | openbsd-compat/openssl-compat.h | 6 | ||||
-rw-r--r-- | openbsd-compat/port-aix.c | 19 | ||||
-rw-r--r-- | openbsd-compat/port-aix.h | 9 |
8 files changed, 39 insertions, 147 deletions
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 38be7e350..e90c1597f 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -39,9 +39,6 @@ | |||
39 | #endif | 39 | #endif |
40 | 40 | ||
41 | #include <sys/types.h> | 41 | #include <sys/types.h> |
42 | #include <sys/stat.h> | ||
43 | #include <sys/utsname.h> | ||
44 | #include <sys/vfs.h> | ||
45 | 42 | ||
46 | #include <fcntl.h> | 43 | #include <fcntl.h> |
47 | #include <stdlib.h> | 44 | #include <stdlib.h> |
@@ -49,11 +46,6 @@ | |||
49 | #include <windows.h> | 46 | #include <windows.h> |
50 | 47 | ||
51 | #include "xmalloc.h" | 48 | #include "xmalloc.h" |
52 | #define is_winnt (GetVersion() < 0x80000000) | ||
53 | |||
54 | #define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) | ||
55 | #define ntsec_off(c) ((c) && strstr((c),"nontsec")) | ||
56 | #define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) | ||
57 | 49 | ||
58 | int | 50 | int |
59 | binary_open(const char *filename, int flags, ...) | 51 | binary_open(const char *filename, int flags, ...) |
@@ -79,128 +71,12 @@ binary_pipe(int fd[2]) | |||
79 | return (ret); | 71 | return (ret); |
80 | } | 72 | } |
81 | 73 | ||
82 | #define HAS_CREATE_TOKEN 1 | ||
83 | #define HAS_NTSEC_BY_DEFAULT 2 | ||
84 | #define HAS_CREATE_TOKEN_WO_NTSEC 3 | ||
85 | |||
86 | static int | ||
87 | has_capability(int what) | ||
88 | { | ||
89 | static int inited; | ||
90 | static int has_create_token; | ||
91 | static int has_ntsec_by_default; | ||
92 | static int has_create_token_wo_ntsec; | ||
93 | |||
94 | /* | ||
95 | * has_capability() basically calls uname() and checks if | ||
96 | * specific capabilities of Cygwin can be evaluated from that. | ||
97 | * This simplifies the calling functions which only have to ask | ||
98 | * for a capability using has_capability() instead of having | ||
99 | * to figure that out by themselves. | ||
100 | */ | ||
101 | if (!inited) { | ||
102 | struct utsname uts; | ||
103 | |||
104 | if (!uname(&uts)) { | ||
105 | int major_high = 0, major_low = 0, minor = 0; | ||
106 | int api_major_version = 0, api_minor_version = 0; | ||
107 | char *c; | ||
108 | |||
109 | sscanf(uts.release, "%d.%d.%d", &major_high, | ||
110 | &major_low, &minor); | ||
111 | if ((c = strchr(uts.release, '(')) != NULL) { | ||
112 | sscanf(c + 1, "%d.%d", &api_major_version, | ||
113 | &api_minor_version); | ||
114 | } | ||
115 | if (major_high > 1 || | ||
116 | (major_high == 1 && (major_low > 3 || | ||
117 | (major_low == 3 && minor >= 2)))) | ||
118 | has_create_token = 1; | ||
119 | if (api_major_version > 0 || api_minor_version >= 56) | ||
120 | has_ntsec_by_default = 1; | ||
121 | if (major_high > 1 || | ||
122 | (major_high == 1 && major_low >= 5)) | ||
123 | has_create_token_wo_ntsec = 1; | ||
124 | inited = 1; | ||
125 | } | ||
126 | } | ||
127 | switch (what) { | ||
128 | case HAS_CREATE_TOKEN: | ||
129 | return (has_create_token); | ||
130 | case HAS_NTSEC_BY_DEFAULT: | ||
131 | return (has_ntsec_by_default); | ||
132 | case HAS_CREATE_TOKEN_WO_NTSEC: | ||
133 | return (has_create_token_wo_ntsec); | ||
134 | } | ||
135 | return (0); | ||
136 | } | ||
137 | |||
138 | int | ||
139 | check_nt_auth(int pwd_authenticated, struct passwd *pw) | ||
140 | { | ||
141 | /* | ||
142 | * The only authentication which is able to change the user | ||
143 | * context on NT systems is the password authentication. So | ||
144 | * we deny all requsts for changing the user context if another | ||
145 | * authentication method is used. | ||
146 | * | ||
147 | * This doesn't apply to Cygwin versions >= 1.3.2 anymore which | ||
148 | * uses the undocumented NtCreateToken() call to create a user | ||
149 | * token if the process has the appropriate privileges and if | ||
150 | * CYGWIN ntsec setting is on. | ||
151 | */ | ||
152 | static int has_create_token = -1; | ||
153 | |||
154 | if (pw == NULL) | ||
155 | return 0; | ||
156 | if (is_winnt) { | ||
157 | if (has_create_token < 0) { | ||
158 | char *cygwin = getenv("CYGWIN"); | ||
159 | |||
160 | has_create_token = 0; | ||
161 | if (has_capability(HAS_CREATE_TOKEN) && | ||
162 | (ntsec_on(cygwin) || | ||
163 | (has_capability(HAS_NTSEC_BY_DEFAULT) && | ||
164 | !ntsec_off(cygwin)) || | ||
165 | has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) | ||
166 | has_create_token = 1; | ||
167 | } | ||
168 | if (has_create_token < 1 && | ||
169 | !pwd_authenticated && geteuid() != pw->pw_uid) | ||
170 | return (0); | ||
171 | } | ||
172 | return (1); | ||
173 | } | ||
174 | |||
175 | int | 74 | int |
176 | check_ntsec(const char *filename) | 75 | check_ntsec(const char *filename) |
177 | { | 76 | { |
178 | return (pathconf(filename, _PC_POSIX_PERMISSIONS)); | 77 | return (pathconf(filename, _PC_POSIX_PERMISSIONS)); |
179 | } | 78 | } |
180 | 79 | ||
181 | void | ||
182 | register_9x_service(void) | ||
183 | { | ||
184 | HINSTANCE kerneldll; | ||
185 | DWORD (*RegisterServiceProcess)(DWORD, DWORD); | ||
186 | |||
187 | /* The service register mechanism in 9x/Me is pretty different from | ||
188 | * NT/2K/XP. In NT/2K/XP we're using a special service starter | ||
189 | * application to register and control sshd as service. This method | ||
190 | * doesn't play nicely with 9x/Me. For that reason we register here | ||
191 | * as service when running under 9x/Me. This function is only called | ||
192 | * by the child sshd when it's going to daemonize. | ||
193 | */ | ||
194 | if (is_winnt) | ||
195 | return; | ||
196 | if (!(kerneldll = LoadLibrary("KERNEL32.DLL"))) | ||
197 | return; | ||
198 | if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD)) | ||
199 | GetProcAddress(kerneldll, "RegisterServiceProcess"))) | ||
200 | return; | ||
201 | RegisterServiceProcess(0, 1); | ||
202 | } | ||
203 | |||
204 | #define NL(x) x, (sizeof (x) - 1) | 80 | #define NL(x) x, (sizeof (x) - 1) |
205 | #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) | 81 | #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) |
206 | 82 | ||
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 6719b8a49..39b8eb788 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */ | 1 | /* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> | 4 | * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> |
@@ -35,7 +35,6 @@ | |||
35 | #ifdef HAVE_CYGWIN | 35 | #ifdef HAVE_CYGWIN |
36 | 36 | ||
37 | #undef ERROR | 37 | #undef ERROR |
38 | #define is_winnt (GetVersion() < 0x80000000) | ||
39 | 38 | ||
40 | #include <windows.h> | 39 | #include <windows.h> |
41 | #include <sys/cygwin.h> | 40 | #include <sys/cygwin.h> |
@@ -43,9 +42,7 @@ | |||
43 | 42 | ||
44 | int binary_open(const char *, int , ...); | 43 | int binary_open(const char *, int , ...); |
45 | int binary_pipe(int fd[2]); | 44 | int binary_pipe(int fd[2]); |
46 | int check_nt_auth(int, struct passwd *); | ||
47 | int check_ntsec(const char *); | 45 | int check_ntsec(const char *); |
48 | void register_9x_service(void); | ||
49 | char **fetch_windows_environment(void); | 46 | char **fetch_windows_environment(void); |
50 | void free_windows_environment(char **); | 47 | void free_windows_environment(char **); |
51 | 48 | ||
diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c index e3a6886bd..3efe14c68 100644 --- a/openbsd-compat/daemon.c +++ b/openbsd-compat/daemon.c | |||
@@ -57,18 +57,8 @@ daemon(int nochdir, int noclose) | |||
57 | case -1: | 57 | case -1: |
58 | return (-1); | 58 | return (-1); |
59 | case 0: | 59 | case 0: |
60 | #ifdef HAVE_CYGWIN | ||
61 | register_9x_service(); | ||
62 | #endif | ||
63 | break; | 60 | break; |
64 | default: | 61 | default: |
65 | #ifdef HAVE_CYGWIN | ||
66 | /* | ||
67 | * This sleep avoids a race condition which kills the | ||
68 | * child process if parent is started by a NT/W2K service. | ||
69 | */ | ||
70 | sleep(1); | ||
71 | #endif | ||
72 | _exit(0); | 62 | _exit(0); |
73 | } | 63 | } |
74 | 64 | ||
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 785b22569..98876673d 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c | |||
@@ -143,7 +143,7 @@ u_int32_t _getlong(register const u_char *); | |||
143 | 143 | ||
144 | /* ************** */ | 144 | /* ************** */ |
145 | 145 | ||
146 | #define ANSWER_BUFFER_SIZE 1024*64 | 146 | #define ANSWER_BUFFER_SIZE 0xffff |
147 | 147 | ||
148 | struct dns_query { | 148 | struct dns_query { |
149 | char *name; | 149 | char *name; |
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 49238ba80..dd326c00f 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.c,v 1.6 2008/02/28 08:13:52 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -49,6 +49,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) | |||
49 | } | 49 | } |
50 | #endif | 50 | #endif |
51 | 51 | ||
52 | #ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
53 | int | ||
54 | ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) | ||
55 | { | ||
56 | EVP_DigestUpdate(ctx, d, cnt); | ||
57 | return 1; | ||
58 | } | ||
59 | #endif | ||
60 | |||
52 | #ifdef USE_OPENSSL_ENGINE | 61 | #ifdef USE_OPENSSL_ENGINE |
53 | void | 62 | void |
54 | ssh_SSLeay_add_all_algorithms(void) | 63 | ssh_SSLeay_add_all_algorithms(void) |
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 6a1bed5b2..fcc762867 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.h,v 1.12 2008/02/28 08:22:04 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.h,v 1.14 2009/03/07 11:22:35 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -80,6 +80,10 @@ extern const EVP_CIPHER *evp_acss(void); | |||
80 | # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) | 80 | # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) |
81 | # endif /* SSH_OLD_EVP */ | 81 | # endif /* SSH_OLD_EVP */ |
82 | 82 | ||
83 | # ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
84 | # define EVP_DigestUpdate(a,b,c) ssh_EVP_DigestUpdate((a),(b),(c)) | ||
85 | # endif | ||
86 | |||
83 | # ifdef USE_OPENSSL_ENGINE | 87 | # ifdef USE_OPENSSL_ENGINE |
84 | # ifdef SSLeay_add_all_algorithms | 88 | # ifdef SSLeay_add_all_algorithms |
85 | # undef SSLeay_add_all_algorithms | 89 | # undef SSLeay_add_all_algorithms |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 5b1cb7387..d9c0876f3 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -57,6 +57,8 @@ | |||
57 | 57 | ||
58 | #include "port-aix.h" | 58 | #include "port-aix.h" |
59 | 59 | ||
60 | static char *lastlogin_msg = NULL; | ||
61 | |||
60 | # ifdef HAVE_SETAUTHDB | 62 | # ifdef HAVE_SETAUTHDB |
61 | static char old_registry[REGISTRY_SIZE] = ""; | 63 | static char old_registry[REGISTRY_SIZE] = ""; |
62 | # endif | 64 | # endif |
@@ -276,23 +278,30 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm, | |||
276 | Buffer *loginmsg) | 278 | Buffer *loginmsg) |
277 | { | 279 | { |
278 | char *msg = NULL; | 280 | char *msg = NULL; |
279 | static int msg_done = 0; | ||
280 | int success = 0; | 281 | int success = 0; |
281 | 282 | ||
282 | aix_setauthdb(user); | 283 | aix_setauthdb(user); |
283 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { | 284 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { |
284 | success = 1; | 285 | success = 1; |
285 | if (msg != NULL && loginmsg != NULL && !msg_done) { | 286 | if (msg != NULL) { |
286 | debug("AIX/loginsuccess: msg %s", msg); | 287 | debug("AIX/loginsuccess: msg %s", msg); |
287 | buffer_append(loginmsg, msg, strlen(msg)); | 288 | if (lastlogin_msg == NULL) |
288 | xfree(msg); | 289 | lastlogin_msg = msg; |
289 | msg_done = 1; | ||
290 | } | 290 | } |
291 | } | 291 | } |
292 | aix_restoreauthdb(); | 292 | aix_restoreauthdb(); |
293 | return (success); | 293 | return (success); |
294 | } | 294 | } |
295 | 295 | ||
296 | char * | ||
297 | sys_auth_get_lastlogin_msg(const char *user, uid_t uid) | ||
298 | { | ||
299 | char *msg = lastlogin_msg; | ||
300 | |||
301 | lastlogin_msg = NULL; | ||
302 | return msg; | ||
303 | } | ||
304 | |||
296 | # ifdef CUSTOM_FAILED_LOGIN | 305 | # ifdef CUSTOM_FAILED_LOGIN |
297 | /* | 306 | /* |
298 | * record_failed_login: generic "login failed" interface function | 307 | * record_failed_login: generic "login failed" interface function |
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index ecb9feae8..3ac76ae15 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */ | 1 | /* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * | 4 | * |
@@ -71,6 +71,11 @@ int passwdexpired(char *, char **); | |||
71 | # include <sys/timers.h> | 71 | # include <sys/timers.h> |
72 | #endif | 72 | #endif |
73 | 73 | ||
74 | /* for setpcred and friends */ | ||
75 | #ifdef HAVE_USERSEC_H | ||
76 | # include <usersec.h> | ||
77 | #endif | ||
78 | |||
74 | /* | 79 | /* |
75 | * According to the setauthdb man page, AIX password registries must be 15 | 80 | * According to the setauthdb man page, AIX password registries must be 15 |
76 | * chars or less plus terminating NUL. | 81 | * chars or less plus terminating NUL. |
@@ -87,6 +92,8 @@ void aix_usrinfo(struct passwd *); | |||
87 | int sys_auth_allowed_user(struct passwd *, Buffer *); | 92 | int sys_auth_allowed_user(struct passwd *, Buffer *); |
88 | # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 | 93 | # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 |
89 | int sys_auth_record_login(const char *, const char *, const char *, Buffer *); | 94 | int sys_auth_record_login(const char *, const char *, const char *, Buffer *); |
95 | # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG | ||
96 | char *sys_auth_get_lastlogin_msg(const char *, uid_t); | ||
90 | # define CUSTOM_FAILED_LOGIN 1 | 97 | # define CUSTOM_FAILED_LOGIN 1 |
91 | #endif | 98 | #endif |
92 | 99 | ||