summaryrefslogtreecommitdiff
path: root/openbsd-compat
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-24 22:46:54 +0000
committerColin Watson <cjwatson@debian.org>2010-01-24 22:46:54 +0000
commit59247ecde39f2d826a94ab07f6095ca1f6644e88 (patch)
tree5910d4a840352aafbf67e8a39fa63936e5529b26 /openbsd-compat
parent07d905b406c4ab64ea2f10a22f4f8f0d595269f6 (diff)
parent964476f91b66c475d5b8fa1e8b28d39a97a1b56e (diff)
* New upstream release.
* Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
Diffstat (limited to 'openbsd-compat')
-rw-r--r--openbsd-compat/bsd-cygwin_util.c124
-rw-r--r--openbsd-compat/bsd-cygwin_util.h5
-rw-r--r--openbsd-compat/daemon.c10
-rw-r--r--openbsd-compat/getrrsetbyname.c2
-rw-r--r--openbsd-compat/openssl-compat.c11
-rw-r--r--openbsd-compat/openssl-compat.h6
-rw-r--r--openbsd-compat/port-aix.c19
-rw-r--r--openbsd-compat/port-aix.h9
8 files changed, 39 insertions, 147 deletions
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 38be7e350..e90c1597f 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -39,9 +39,6 @@
39#endif 39#endif
40 40
41#include <sys/types.h> 41#include <sys/types.h>
42#include <sys/stat.h>
43#include <sys/utsname.h>
44#include <sys/vfs.h>
45 42
46#include <fcntl.h> 43#include <fcntl.h>
47#include <stdlib.h> 44#include <stdlib.h>
@@ -49,11 +46,6 @@
49#include <windows.h> 46#include <windows.h>
50 47
51#include "xmalloc.h" 48#include "xmalloc.h"
52#define is_winnt (GetVersion() < 0x80000000)
53
54#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
55#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
56#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
57 49
58int 50int
59binary_open(const char *filename, int flags, ...) 51binary_open(const char *filename, int flags, ...)
@@ -79,128 +71,12 @@ binary_pipe(int fd[2])
79 return (ret); 71 return (ret);
80} 72}
81 73
82#define HAS_CREATE_TOKEN 1
83#define HAS_NTSEC_BY_DEFAULT 2
84#define HAS_CREATE_TOKEN_WO_NTSEC 3
85
86static int
87has_capability(int what)
88{
89 static int inited;
90 static int has_create_token;
91 static int has_ntsec_by_default;
92 static int has_create_token_wo_ntsec;
93
94 /*
95 * has_capability() basically calls uname() and checks if
96 * specific capabilities of Cygwin can be evaluated from that.
97 * This simplifies the calling functions which only have to ask
98 * for a capability using has_capability() instead of having
99 * to figure that out by themselves.
100 */
101 if (!inited) {
102 struct utsname uts;
103
104 if (!uname(&uts)) {
105 int major_high = 0, major_low = 0, minor = 0;
106 int api_major_version = 0, api_minor_version = 0;
107 char *c;
108
109 sscanf(uts.release, "%d.%d.%d", &major_high,
110 &major_low, &minor);
111 if ((c = strchr(uts.release, '(')) != NULL) {
112 sscanf(c + 1, "%d.%d", &api_major_version,
113 &api_minor_version);
114 }
115 if (major_high > 1 ||
116 (major_high == 1 && (major_low > 3 ||
117 (major_low == 3 && minor >= 2))))
118 has_create_token = 1;
119 if (api_major_version > 0 || api_minor_version >= 56)
120 has_ntsec_by_default = 1;
121 if (major_high > 1 ||
122 (major_high == 1 && major_low >= 5))
123 has_create_token_wo_ntsec = 1;
124 inited = 1;
125 }
126 }
127 switch (what) {
128 case HAS_CREATE_TOKEN:
129 return (has_create_token);
130 case HAS_NTSEC_BY_DEFAULT:
131 return (has_ntsec_by_default);
132 case HAS_CREATE_TOKEN_WO_NTSEC:
133 return (has_create_token_wo_ntsec);
134 }
135 return (0);
136}
137
138int
139check_nt_auth(int pwd_authenticated, struct passwd *pw)
140{
141 /*
142 * The only authentication which is able to change the user
143 * context on NT systems is the password authentication. So
144 * we deny all requsts for changing the user context if another
145 * authentication method is used.
146 *
147 * This doesn't apply to Cygwin versions >= 1.3.2 anymore which
148 * uses the undocumented NtCreateToken() call to create a user
149 * token if the process has the appropriate privileges and if
150 * CYGWIN ntsec setting is on.
151 */
152 static int has_create_token = -1;
153
154 if (pw == NULL)
155 return 0;
156 if (is_winnt) {
157 if (has_create_token < 0) {
158 char *cygwin = getenv("CYGWIN");
159
160 has_create_token = 0;
161 if (has_capability(HAS_CREATE_TOKEN) &&
162 (ntsec_on(cygwin) ||
163 (has_capability(HAS_NTSEC_BY_DEFAULT) &&
164 !ntsec_off(cygwin)) ||
165 has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
166 has_create_token = 1;
167 }
168 if (has_create_token < 1 &&
169 !pwd_authenticated && geteuid() != pw->pw_uid)
170 return (0);
171 }
172 return (1);
173}
174
175int 74int
176check_ntsec(const char *filename) 75check_ntsec(const char *filename)
177{ 76{
178 return (pathconf(filename, _PC_POSIX_PERMISSIONS)); 77 return (pathconf(filename, _PC_POSIX_PERMISSIONS));
179} 78}
180 79
181void
182register_9x_service(void)
183{
184 HINSTANCE kerneldll;
185 DWORD (*RegisterServiceProcess)(DWORD, DWORD);
186
187 /* The service register mechanism in 9x/Me is pretty different from
188 * NT/2K/XP. In NT/2K/XP we're using a special service starter
189 * application to register and control sshd as service. This method
190 * doesn't play nicely with 9x/Me. For that reason we register here
191 * as service when running under 9x/Me. This function is only called
192 * by the child sshd when it's going to daemonize.
193 */
194 if (is_winnt)
195 return;
196 if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
197 return;
198 if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
199 GetProcAddress(kerneldll, "RegisterServiceProcess")))
200 return;
201 RegisterServiceProcess(0, 1);
202}
203
204#define NL(x) x, (sizeof (x) - 1) 80#define NL(x) x, (sizeof (x) - 1)
205#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0])) 81#define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
206 82
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index 6719b8a49..39b8eb788 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -1,4 +1,4 @@
1/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */ 1/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com> 4 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
@@ -35,7 +35,6 @@
35#ifdef HAVE_CYGWIN 35#ifdef HAVE_CYGWIN
36 36
37#undef ERROR 37#undef ERROR
38#define is_winnt (GetVersion() < 0x80000000)
39 38
40#include <windows.h> 39#include <windows.h>
41#include <sys/cygwin.h> 40#include <sys/cygwin.h>
@@ -43,9 +42,7 @@
43 42
44int binary_open(const char *, int , ...); 43int binary_open(const char *, int , ...);
45int binary_pipe(int fd[2]); 44int binary_pipe(int fd[2]);
46int check_nt_auth(int, struct passwd *);
47int check_ntsec(const char *); 45int check_ntsec(const char *);
48void register_9x_service(void);
49char **fetch_windows_environment(void); 46char **fetch_windows_environment(void);
50void free_windows_environment(char **); 47void free_windows_environment(char **);
51 48
diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c
index e3a6886bd..3efe14c68 100644
--- a/openbsd-compat/daemon.c
+++ b/openbsd-compat/daemon.c
@@ -57,18 +57,8 @@ daemon(int nochdir, int noclose)
57 case -1: 57 case -1:
58 return (-1); 58 return (-1);
59 case 0: 59 case 0:
60#ifdef HAVE_CYGWIN
61 register_9x_service();
62#endif
63 break; 60 break;
64 default: 61 default:
65#ifdef HAVE_CYGWIN
66 /*
67 * This sleep avoids a race condition which kills the
68 * child process if parent is started by a NT/W2K service.
69 */
70 sleep(1);
71#endif
72 _exit(0); 62 _exit(0);
73 } 63 }
74 64
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 785b22569..98876673d 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -143,7 +143,7 @@ u_int32_t _getlong(register const u_char *);
143 143
144/* ************** */ 144/* ************** */
145 145
146#define ANSWER_BUFFER_SIZE 1024*64 146#define ANSWER_BUFFER_SIZE 0xffff
147 147
148struct dns_query { 148struct dns_query {
149 char *name; 149 char *name;
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 49238ba80..dd326c00f 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
1/* $Id: openssl-compat.c,v 1.6 2008/02/28 08:13:52 dtucker Exp $ */ 1/* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -49,6 +49,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
49} 49}
50#endif 50#endif
51 51
52#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
53int
54ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
55{
56 EVP_DigestUpdate(ctx, d, cnt);
57 return 1;
58}
59#endif
60
52#ifdef USE_OPENSSL_ENGINE 61#ifdef USE_OPENSSL_ENGINE
53void 62void
54ssh_SSLeay_add_all_algorithms(void) 63ssh_SSLeay_add_all_algorithms(void)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 6a1bed5b2..fcc762867 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openssl-compat.h,v 1.12 2008/02/28 08:22:04 dtucker Exp $ */ 1/* $Id: openssl-compat.h,v 1.14 2009/03/07 11:22:35 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -80,6 +80,10 @@ extern const EVP_CIPHER *evp_acss(void);
80# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) 80# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
81# endif /* SSH_OLD_EVP */ 81# endif /* SSH_OLD_EVP */
82 82
83# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
84# define EVP_DigestUpdate(a,b,c) ssh_EVP_DigestUpdate((a),(b),(c))
85# endif
86
83# ifdef USE_OPENSSL_ENGINE 87# ifdef USE_OPENSSL_ENGINE
84# ifdef SSLeay_add_all_algorithms 88# ifdef SSLeay_add_all_algorithms
85# undef SSLeay_add_all_algorithms 89# undef SSLeay_add_all_algorithms
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 5b1cb7387..d9c0876f3 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -57,6 +57,8 @@
57 57
58#include "port-aix.h" 58#include "port-aix.h"
59 59
60static char *lastlogin_msg = NULL;
61
60# ifdef HAVE_SETAUTHDB 62# ifdef HAVE_SETAUTHDB
61static char old_registry[REGISTRY_SIZE] = ""; 63static char old_registry[REGISTRY_SIZE] = "";
62# endif 64# endif
@@ -276,23 +278,30 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
276 Buffer *loginmsg) 278 Buffer *loginmsg)
277{ 279{
278 char *msg = NULL; 280 char *msg = NULL;
279 static int msg_done = 0;
280 int success = 0; 281 int success = 0;
281 282
282 aix_setauthdb(user); 283 aix_setauthdb(user);
283 if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { 284 if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
284 success = 1; 285 success = 1;
285 if (msg != NULL && loginmsg != NULL && !msg_done) { 286 if (msg != NULL) {
286 debug("AIX/loginsuccess: msg %s", msg); 287 debug("AIX/loginsuccess: msg %s", msg);
287 buffer_append(loginmsg, msg, strlen(msg)); 288 if (lastlogin_msg == NULL)
288 xfree(msg); 289 lastlogin_msg = msg;
289 msg_done = 1;
290 } 290 }
291 } 291 }
292 aix_restoreauthdb(); 292 aix_restoreauthdb();
293 return (success); 293 return (success);
294} 294}
295 295
296char *
297sys_auth_get_lastlogin_msg(const char *user, uid_t uid)
298{
299 char *msg = lastlogin_msg;
300
301 lastlogin_msg = NULL;
302 return msg;
303}
304
296# ifdef CUSTOM_FAILED_LOGIN 305# ifdef CUSTOM_FAILED_LOGIN
297/* 306/*
298 * record_failed_login: generic "login failed" interface function 307 * record_failed_login: generic "login failed" interface function
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index ecb9feae8..3ac76ae15 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
1/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */ 1/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */
2 2
3/* 3/*
4 * 4 *
@@ -71,6 +71,11 @@ int passwdexpired(char *, char **);
71# include <sys/timers.h> 71# include <sys/timers.h>
72#endif 72#endif
73 73
74/* for setpcred and friends */
75#ifdef HAVE_USERSEC_H
76# include <usersec.h>
77#endif
78
74/* 79/*
75 * According to the setauthdb man page, AIX password registries must be 15 80 * According to the setauthdb man page, AIX password registries must be 15
76 * chars or less plus terminating NUL. 81 * chars or less plus terminating NUL.
@@ -87,6 +92,8 @@ void aix_usrinfo(struct passwd *);
87int sys_auth_allowed_user(struct passwd *, Buffer *); 92int sys_auth_allowed_user(struct passwd *, Buffer *);
88# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 93# define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
89int sys_auth_record_login(const char *, const char *, const char *, Buffer *); 94int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
95# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
96char *sys_auth_get_lastlogin_msg(const char *, uid_t);
90# define CUSTOM_FAILED_LOGIN 1 97# define CUSTOM_FAILED_LOGIN 1
91#endif 98#endif
92 99